chore: bump charts
diff --git a/charts/senlin/Chart.yaml b/charts/senlin/Chart.yaml
index e1614ff..2331440 100644
--- a/charts/senlin/Chart.yaml
+++ b/charts/senlin/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/senlin
- https://opendev.org/openstack/openstack-helm
-version: 0.2.6
+version: 0.2.8
diff --git a/charts/senlin/charts/helm-toolkit/Chart.yaml b/charts/senlin/charts/helm-toolkit/Chart.yaml
index d90280e..12e2dd2 100644
--- a/charts/senlin/charts/helm-toolkit/Chart.yaml
+++ b/charts/senlin/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.44
+version: 0.2.50
diff --git a/charts/senlin/charts/helm-toolkit/templates/manifests/_ingress.tpl b/charts/senlin/charts/helm-toolkit/templates/manifests/_ingress.tpl
index 7846895..4c476b2 100644
--- a/charts/senlin/charts/helm-toolkit/templates/manifests/_ingress.tpl
+++ b/charts/senlin/charts/helm-toolkit/templates/manifests/_ingress.tpl
@@ -685,7 +685,7 @@
{{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }}
{{- end }}
{{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }}
-{{- $ingressConf := $envAll.Values.network.server.ingress -}}
+{{- $ingressConf := $envAll.Values.network -}}
{{- $ingressClasses := ternary (tuple "namespace") (tuple "namespace" "cluster") (and (hasKey $ingressConf "use_external_ingress_controller") $ingressConf.use_external_ingress_controller) }}
{{- range $key2, $ingressController := $ingressClasses }}
{{- $vHosts := list $hostNameFull }}
@@ -706,7 +706,6 @@
{{- range $v := without (index $endpointHost.tls "dnsNames" | default list) $hostNameFull }}
{{- $vHosts = append $vHosts $v }}
{{- end }}
-{{- if and ( not ( empty $endpointHost.tls.key ) ) ( not ( empty $endpointHost.tls.crt ) ) }}
{{- $secretName := index $envAll.Values.secrets "tls" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }}
{{- $_ := required "You need to specify a secret in your values for the endpoint" $secretName }}
tls:
@@ -718,7 +717,6 @@
{{- end }}
{{- end }}
{{- end }}
-{{- end }}
rules:
{{- range $vHost := $vHosts }}
{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }}
diff --git a/charts/senlin/charts/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl b/charts/senlin/charts/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl
index 87872d6..3739f95 100644
--- a/charts/senlin/charts/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl
+++ b/charts/senlin/charts/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl
@@ -77,6 +77,11 @@
password="${RABBITMQ_PASSWORD}" \
tags="user"
+echo "Deleting Guest User"
+rabbitmqadmin_cli \
+ delete user \
+ name="guest" || true
+
if [ "${RABBITMQ_VHOST}" != "/" ]
then
echo "Managing: vHost: ${RABBITMQ_VHOST}"
diff --git a/charts/senlin/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/senlin/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 516d79e..687851e 100644
--- a/charts/senlin/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/senlin/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -66,6 +66,14 @@
# framework will automatically tar/zip the files in that directory and
# name the tarball appropriately according to the proper conventions.
#
+# verify_databases_backup_archives [scope]
+# returns: 0 if no errors; 1 if any errors occurred
+#
+# This function is expected to verify the database backup archives. If this function
+# completes successfully (returns 0), the
+# framework will automatically starts remote backup upload.
+#
+#
# The functions in this file will take care of:
# 1) Calling "dump_databases_to_directory" and then compressing the files,
# naming the tarball properly, and then storing it locally at the specified
@@ -90,6 +98,16 @@
exit $ERRCODE
}
+log_verify_backup_exit() {
+ MSG=$1
+ ERRCODE=${2:-0}
+ log ERROR "${DB_NAME}_verify_backup" "${DB_NAMESPACE} namespace: ${MSG}"
+ rm -f $ERR_LOG_FILE
+ # rm -rf $TMP_DIR
+ exit $ERRCODE
+}
+
+
log() {
#Log message to a file or stdout
#TODO: This can be convert into mail alert of alert send to a monitoring system
@@ -201,12 +219,36 @@
log WARN "${DB_NAME}_backup" "Cannot create container object ${FILE}!"
return 2
fi
+
openstack object show $CONTAINER_NAME $FILE
if [[ $? -ne 0 ]]; then
log WARN "${DB_NAME}_backup" "Unable to retrieve container object $FILE after creation."
return 2
fi
+ # Calculation remote file SHA256 hash
+ REMOTE_FILE=$(mktemp -p /tmp)
+ openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
+ if [[ $? -ne 0 ]]; then
+ log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
+ rm -rf ${REMOTE_FILE}
+ return 1
+ fi
+
+ # Remote backup verification
+ SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
+ SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
+ log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
+ log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
+ log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
+ if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
+ log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+ else
+ log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
+ return 1
+ fi
+ rm -rf ${REMOTE_FILE}
+
log INFO "${DB_NAME}_backup" "Created file $FILE in container $CONTAINER_NAME successfully."
return 0
}
@@ -382,8 +424,8 @@
# Cleanup now that we're done.
for fd in ${BACKUP_FILES} ${DB_BACKUP_FILES}; do
- if [[ -f fd ]]; then
- rm -f fd
+ if [[ -f ${fd} ]]; then
+ rm -f ${fd}
else
log WARN "${DB_NAME}_backup" "Can not delete a temporary file ${fd}"
fi
@@ -444,10 +486,6 @@
cd $ARCHIVE_DIR
- # Remove the temporary directory and files as they are no longer needed.
- rm -rf $TMP_DIR
- rm -f $ERR_LOG_FILE
-
#Only delete the old archive after a successful archive
export LOCAL_DAYS_TO_KEEP=$(echo $LOCAL_DAYS_TO_KEEP | sed 's/"//g')
if [[ "$LOCAL_DAYS_TO_KEEP" -gt 0 ]]; then
@@ -459,6 +497,25 @@
done
fi
+ # Local backup verification process
+
+ # It is expected that this function will verify the database backup files
+ if verify_databases_backup_archives ${SCOPE}; then
+ log INFO "${DB_NAME}_backup_verify" "Databases backup verified successfully. Uploading verified backups to remote location..."
+ else
+ # If successful, there should be at least one file in the TMP_DIR
+ if [[ $(ls $TMP_DIR | wc -w) -eq 0 ]]; then
+ cat $ERR_LOG_FILE
+ fi
+ log_verify_backup_exit "Verify of the ${DB_NAME} database backup failed and needs attention."
+ exit 1
+ fi
+
+ # Remove the temporary directory and files as they are no longer needed.
+ rm -rf $TMP_DIR
+ rm -f $ERR_LOG_FILE
+
+ # Remote backup
REMOTE_BACKUP=$(echo $REMOTE_BACKUP_ENABLED | sed 's/"//g')
if $REMOTE_BACKUP; then
# Remove Quotes from the constants which were added due to reading
@@ -490,7 +547,7 @@
get_backup_prefix $(cat $DB_BACKUP_FILES)
for ((i=0; i<${#PREFIXES[@]}; i++)); do
echo "Working with prefix: ${PREFIXES[i]}"
- create_hash_table $(cat $DB_BACKUP_FILES | grep ${PREFIXES[i]})
+ create_hash_table $(cat ${DB_BACKUP_FILES} | grep ${PREFIXES[i]})
remove_old_remote_archives
done
fi
@@ -511,4 +568,4 @@
echo "=================================================================="
fi
}
-{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/senlin/requirements.lock b/charts/senlin/requirements.lock
index 8fc523d..6af93d9 100644
--- a/charts/senlin/requirements.lock
+++ b/charts/senlin/requirements.lock
@@ -1,6 +1,6 @@
dependencies:
- name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit
- version: 0.2.44
-digest: sha256:d3a834e34152bf30319ac30e116adc128b474ca63bbbe0fb323a7a2365a56455
-generated: "2022-08-10T23:42:35.775397606Z"
+ version: 0.2.50
+digest: sha256:67fc0fd70898d60cddd5c634b632205a7716bfeb21e57adaeda464efbcfa2ce3
+generated: "2023-01-13T22:23:16.929483229Z"
diff --git a/charts/senlin/templates/secret-registry.yaml b/charts/senlin/templates/secret-registry.yaml
new file mode 100644
index 0000000..da979b3
--- /dev/null
+++ b/charts/senlin/templates/secret-registry.yaml
@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}
diff --git a/charts/senlin/values.yaml b/charts/senlin/values.yaml
index b245bd3..5bd7f45 100644
--- a/charts/senlin/values.yaml
+++ b/charts/senlin/values.yaml
@@ -123,53 +123,7 @@
senlin.filter_factory: senlin.api.middleware:webhook_filter
filter:authtoken:
paste.filter_factory: keystonemiddleware.auth_token:filter_factory
- policy:
- context_is_admin: role:admin
- deny_everybody: "!"
- build_info:build_info: ''
- profile_types:index: ''
- profile_types:get: ''
- policy_types:index: ''
- policy_types:get: ''
- clusters:index: ''
- clusters:create: ''
- clusters:delete: ''
- clusters:get: ''
- clusters:action: ''
- clusters:update: ''
- clusters:collect: ''
- profiles:index: ''
- profiles:create: ''
- profiles:get: ''
- profiles:delete: ''
- profiles:update: ''
- profiles:validate: ''
- nodes:index: ''
- nodes:create: ''
- nodes:get: ''
- nodes:action: ''
- nodes:update: ''
- nodes:delete: ''
- policies:index: ''
- policies:create: ''
- policies:get: ''
- policies:update: ''
- policies:delete: ''
- policies:validate: ''
- cluster_policies:index: ''
- cluster_policies:attach: ''
- cluster_policies:detach: ''
- cluster_policies:update: ''
- cluster_policies:get: ''
- receivers:index: ''
- receivers:create: ''
- receivers:get: ''
- receivers:delete: ''
- actions:index: ''
- actions:get: ''
- events:index: ''
- events:get: ''
- webhooks:trigger: ''
+ policy: {}
senlin:
DEFAULT:
log_config_append: /etc/senlin/logging.conf
@@ -389,6 +343,8 @@
oslo_messaging:
admin: senlin-rabbitmq-admin
senlin: senlin-rabbitmq-user
+ oci_image_registry:
+ senlin: senlin-oci-image-registry
# typically overridden by environmental
# values, but should include all endpoints
@@ -407,6 +363,21 @@
port:
registry:
node: 5000
+ oci_image_registry:
+ name: oci-image-registry
+ namespace: oci-image-registry
+ auth:
+ enabled: false
+ senlin:
+ username: senlin
+ password: password
+ hosts:
+ default: localhost
+ host_fqdn_override:
+ default: null
+ port:
+ registry:
+ default: null
identity:
name: keystone
auth:
@@ -744,6 +715,7 @@
secret_db: true
secret_keystone: true
secret_rabbitmq: true
+ secret_registry: true
service_ingress_api: true
service_api: true
...