Kqueen service support for Drivetrain
initial commit
-glusterfs volumes
-docker stack
-haproxy
related-us: https://mirantis.jira.com/browse/PROD-18445
Change-Id: Icf9838c1d451cf281251434bbc63e60aa7b206cb
diff --git a/docker/swarm/network/kqueen_backend.yml b/docker/swarm/network/kqueen_backend.yml
new file mode 100644
index 0000000..b246f86
--- /dev/null
+++ b/docker/swarm/network/kqueen_backend.yml
@@ -0,0 +1,10 @@
+parameters:
+ _param:
+ docker_kqueen_network_subnet: 10.60.0.0/24
+ docker:
+ client:
+ network:
+ kqueen_backend:
+ subnet: ${_param:docker_kqueen_network_subnet}
+ driver: overlay
+ attachable: true
diff --git a/docker/swarm/stack/kqueen.yml b/docker/swarm/stack/kqueen.yml
new file mode 100644
index 0000000..4708725
--- /dev/null
+++ b/docker/swarm/stack/kqueen.yml
@@ -0,0 +1,92 @@
+parameters:
+ _param:
+ docker_kqueen_api_replicas: 1
+ docker_image_kqueen_api: kqueen/api:v0.18
+ docker_image_kqueen_ui: kqueen/ui:v0.8
+ kqueen_api_bind_host: kqueen-api
+ kqueen_api_bind_port: ${_param:haproxy_kqueen_api_bind_port}
+ kqueen_api_db_host: etcd
+ kqueen_api_debug: True
+ kqueen_api_prometheus_whitelist: '172.16.10.0/24' ##REcheck with network
+ docker_kqueen_ui_replicas: 1
+ kqueen_ui_bind_port: ${_param:haproxy_kqueen_ui_bind_port}
+ kqueen_ui_bind_host: kqueen-ui
+ kqueen_ui_mail_host: mail
+ kqueen_ui_mail_port: 10025
+ kqueen_ui_debug: True
+ kqueen_ui_enable_public_registration: False
+ kqueen_credentials:
+ kqueen_api_secret_key: 'pasteyoursecret'
+ kqueen_ui_secret_key: 'pasteyoursecret'
+ kqueen_api_bootstrap_admin: True
+ kqueen_api_admin_username: admin
+ kqueen_api_admin_password: default
+ kqueen_api_admin_organization: MirantisCloudPlatform
+ kqueen_api_admin_namespace: mcp
+ docker:
+ client:
+ stack:
+ kqueen:
+ service:
+ kqueen-api:
+ image: ${_param:docker_image_kqueen_api}
+ environment:
+ KQUEEN_DEBUG: ${_param:kqueen_api_debug}
+ KQUEEN_CONFIG_FILE: config/prod.py
+ KQUEEN_ETCD_HOST: ${_param:kqueen_api_db_host}
+ KQUEEN_PROMETHEUS_WHITELIST: ${_param:kqueen_api_prometheus_whitelist}
+ KQUEEN_SECRET_KEY: ${_param:kqueen_credentials:kqueen_api_secret_key}
+ BOOTSTRAP_ADMIN: ${_param:kqueen_credentials:kqueen_api_bootstrap_admin}
+ BOOTSTRAP_ADMIN_USERNAME: ${_param:kqueen_credentials:kqueen_api_admin_username}
+ BOOTSTRAP_ADMIN_PASSWORD: ${_param:kqueen_credentials:kqueen_api_admin_password}
+ BOOTSTRAP_ADMIN_ORGANIZATION: ${_param:kqueen_credentials:kqueen_api_admin_organization}
+ BOOTSTRAP_ADMIN_NAMESPACE: ${_param:kqueen_credentials:kqueen_api_admin_namespace}
+ deploy:
+ replicas: ${_param:docker_kqueen_api_replicas}
+ restart_policy:
+ condition: any
+ ports:
+ - ${_param:haproxy_kqueen_api_exposed_port}:${_param:haproxy_kqueen_api_bind_port}
+ volumes:
+ - /srv/volumes/kqueen/logs/:/var/log/kqueen-api
+ kqueen-ui:
+ image: ${_param:docker_image_kqueen_ui}
+ environment:
+ KQUEENUI_PREFERRED_URL_SCHEME: https
+ KQUEENUI_DEBUG: ${_param:kqueen_ui_debug}
+ KQUEEN_UI_CONFIG_FILE: config/prod.py
+ KQUEENUI_SECRET_KEY: ${_param:kqueen_credentials:kqueen_ui_secret_key}
+ KQUEENUI_KQUEEN_API_URL: http://${_param:kqueen_api_bind_host}:${_param:kqueen_api_bind_port}/api/v1/
+ KQUEENUI_KQUEEN_AUTH_URL: http://${_param:kqueen_api_bind_host}:${_param:kqueen_api_bind_port}/api/v1/auth
+ KQUEENUI_KQUEEN_SERVICE_USER_USERNAME: ${_param:kqueen_credentials:kqueen_api_admin_username}
+ KQUEENUI_KQUEEN_SERVICE_USER_PASSWORD: ${_param:kqueen_credentials:kqueen_api_admin_password}
+ KQUEENUI_MAIL_SERVER: ${_param:kqueen_ui_mail_host}
+ KQUEENUI_MAIL_PORT: ${_param:kqueen_ui_mail_port}
+ KQUEENUI_ENABLE_PUBLIC_REGISTRATION: ${_param:kqueen_ui_enable_public_registration}
+ STATIC_DIR: /mnt/static/
+ deploy:
+ replicas: ${_param:docker_kqueen_ui_replicas}
+ restart_policy:
+ condition: any
+ ports:
+ - ${_param:haproxy_kqueen_ui_exposed_port}:${_param:haproxy_kqueen_ui_bind_port}
+ volumes:
+ - /srv/volumes/kqueen/logs/:/var/log/kqueen-ui
+ etcd:
+ image: quay.io/coreos/etcd:latest
+ environment:
+ ETCD_NAME: 0
+ ETCD_INITIAL_ADVERTISE_PEER_URLS: http://etcd:2380
+ ETCD_INITIAL_CLUSTER_STATE: new
+ ETCD_INITIAL_CLUSTER_TOKEN: etcd-cluster-1
+ ETCD_LISTEN_CLIENT_URLS: http://0.0.0.0:${_param:haproxy_etcd_bind_port}
+ ETCD_LISTEN_PEER_URLS: http://0.0.0.0:2380
+ ETCD_ADVERTISE_CLIENT_URLS: http://127.0.0.1:4001,http://etcd:${_param:haproxy_etcd_bind_port}
+ ports:
+ - ${_param:haproxy_etcd_exposed_port}:${_param:haproxy_etcd_bind_port}
+ volumes:
+ - /srv/volumes/etcd:/0.etcd/
+ network:
+ default:
+ external:
+ name: kqueen_backend
diff --git a/docker/swarm/stack/kqueen_mail.yml b/docker/swarm/stack/kqueen_mail.yml
new file mode 100644
index 0000000..dd03688
--- /dev/null
+++ b/docker/swarm/stack/kqueen_mail.yml
@@ -0,0 +1,16 @@
+parameters:
+ _param:
+ mail_server_hostname: mail
+ docker:
+ client:
+ stack:
+ kqueen:
+ service:
+ mail:
+ image: modularitycontainers/postfix
+ environment:
+ MYHOSTNAME: ${_param:mail_server_hostname}
+ network:
+ default:
+ external:
+ name: kqueen_backend
diff --git a/glusterfs/client/volume/etcd.yml b/glusterfs/client/volume/etcd.yml
new file mode 100644
index 0000000..49a173f
--- /dev/null
+++ b/glusterfs/client/volume/etcd.yml
@@ -0,0 +1,15 @@
+parameters:
+ _param:
+ etcd_glusterfs_service_host: ${_param:glusterfs_service_host}
+ glusterfs_node01_address: ${_param:cluster_node01_address}
+ glusterfs_node02_address: ${_param:cluster_node02_address}
+ glusterfs_node03_address: ${_param:cluster_node03_address}
+ glusterfs:
+ client:
+ volumes:
+ etcd:
+ path: /srv/volumes/etcd
+ server: ${_param:etcd_glusterfs_service_host}
+ opts: "defaults,backup-volfile-servers=${_param:glusterfs_node01_address}:${_param:glusterfs_node02_address}:${_param:glusterfs_node03_address}"
+ user: 1000
+ group: 1000
diff --git a/glusterfs/client/volume/kqueen.yml b/glusterfs/client/volume/kqueen.yml
new file mode 100644
index 0000000..4417e11
--- /dev/null
+++ b/glusterfs/client/volume/kqueen.yml
@@ -0,0 +1,15 @@
+parameters:
+ _param:
+ kqueen_glusterfs_service_host: ${_param:glusterfs_service_host}
+ glusterfs_node01_address: ${_param:cluster_node01_address}
+ glusterfs_node02_address: ${_param:cluster_node02_address}
+ glusterfs_node03_address: ${_param:cluster_node03_address}
+ glusterfs:
+ client:
+ volumes:
+ kqueen:
+ path: /srv/volumes/kqueen
+ server: ${_param:kqueen_glusterfs_service_host}
+ opts: "defaults,backup-volfile-servers=${_param:glusterfs_node01_address}:${_param:glusterfs_node02_address}:${_param:glusterfs_node03_address}"
+ user: 1000
+ group: 1000
diff --git a/glusterfs/server/volume/etcd.yml b/glusterfs/server/volume/etcd.yml
new file mode 100644
index 0000000..874119e
--- /dev/null
+++ b/glusterfs/server/volume/etcd.yml
@@ -0,0 +1,18 @@
+parameters:
+ glusterfs:
+ server:
+ volumes:
+ etcd:
+ storage: /srv/glusterfs/etcd
+ replica: 3
+ bricks:
+ - ${_param:cluster_node01_address}:/srv/glusterfs/etcd
+ - ${_param:cluster_node02_address}:/srv/glusterfs/etcd
+ - ${_param:cluster_node03_address}:/srv/glusterfs/etcd
+ options:
+ cluster.readdir-optimize: On
+ nfs.disable: On
+ network.remote-dio: On
+ diagnostics.client-log-level: WARNING
+ diagnostics.brick-log-level: WARNING
+ cluster.favorite-child-policy: mtime
diff --git a/glusterfs/server/volume/kqueen.yml b/glusterfs/server/volume/kqueen.yml
new file mode 100644
index 0000000..0d09c51
--- /dev/null
+++ b/glusterfs/server/volume/kqueen.yml
@@ -0,0 +1,18 @@
+parameters:
+ glusterfs:
+ server:
+ volumes:
+ kqueen:
+ storage: /srv/glusterfs/kqueen
+ replica: 3
+ bricks:
+ - ${_param:cluster_node01_address}:/srv/glusterfs/kqueen
+ - ${_param:cluster_node02_address}:/srv/glusterfs/kqueen
+ - ${_param:cluster_node03_address}:/srv/glusterfs/kqueen
+ options:
+ cluster.readdir-optimize: On
+ nfs.disable: On
+ network.remote-dio: On
+ diagnostics.client-log-level: WARNING
+ diagnostics.brick-log-level: WARNING
+ cluster.favorite-child-policy: mtime
diff --git a/haproxy/proxy/listen/cicd/etcd.yml b/haproxy/proxy/listen/cicd/etcd.yml
new file mode 100644
index 0000000..27d8540
--- /dev/null
+++ b/haproxy/proxy/listen/cicd/etcd.yml
@@ -0,0 +1,37 @@
+parameters:
+ _param:
+ haproxy_etcd_bind_host: ${_param:haproxy_bind_address}
+ haproxy_etcd_bind_port: 4001
+ haproxy_etcd_exposed_port: 14001
+ haproxy_etcd_ssl:
+ enabled: false
+ haproxy:
+ proxy:
+ timeout:
+ queue: '8h'
+ client: '8h'
+ server: '8h'
+ check: '10s'
+ listen:
+ etcd:
+ mode: http
+ balance: source
+ options:
+ - tcp-check
+ binds:
+ - address: ${_param:haproxy_etcd_bind_host}
+ port: ${_param:haproxy_etcd_bind_port}
+ ssl: ${_param:haproxy_etcd_ssl}
+ servers:
+ - name: ${_param:cluster_node01_name}
+ host: ${_param:cluster_node01_address}
+ port: ${_param:haproxy_etcd_exposed_port}
+ params: check port ${_param:haproxy_etcd_exposed_port}
+ - name: ${_param:cluster_node02_name}
+ host: ${_param:cluster_node02_address}
+ port: ${_param:haproxy_etcd_exposed_port}
+ params: backup check port ${_param:haproxy_etcd_exposed_port}
+ - name: ${_param:cluster_node03_name}
+ host: ${_param:cluster_node03_address}
+ port: ${_param:haproxy_etcd_exposed_port}
+ params: backup check port ${_param:haproxy_etcd_exposed_port}
diff --git a/haproxy/proxy/listen/cicd/kqueen.yml b/haproxy/proxy/listen/cicd/kqueen.yml
new file mode 100644
index 0000000..52b02d0
--- /dev/null
+++ b/haproxy/proxy/listen/cicd/kqueen.yml
@@ -0,0 +1,76 @@
+parameters:
+ _param:
+ haproxy_kqueen_api_bind_host: ${_param:haproxy_bind_address}
+ haproxy_kqueen_api_bind_port: 5000
+ haproxy_kqueen_api_exposed_port: 15000
+ haproxy_kqueen_ui_bind_host: ${_param:haproxy_bind_address}
+ haproxy_kqueen_ui_bind_port: 5080
+ haproxy_kqueen_ui_exposed_port: 15080
+ haproxy_kqueen_api_ssl:
+ enabled: false
+ haproxy_kqueen_ui_ssl:
+ enabled: false
+ haproxy:
+ proxy:
+ listen:
+ kqueen_api:
+ mode: http
+ options:
+ - forwardfor
+ - httpchk GET /api/v1/health
+ - httpclose
+ - httplog
+ balance: source
+ http_request:
+ - action: "add-header X-Forwarded-Proto https"
+ condition: "if { ssl_fc }"
+ sticks:
+ - http-check expect string 'Gutten tag!'
+ binds:
+ - address: ${_param:haproxy_kqueen_api_bind_host}
+ port: ${_param:haproxy_kqueen_api_bind_port}
+ ssl: ${_param:haproxy_kqueen_api_ssl}
+ servers:
+ - name: ${_param:cluster_node01_name}
+ host: ${_param:cluster_node01_address}
+ port: ${_param:haproxy_kqueen_api_exposed_port}
+ params: check
+ - name: ${_param:cluster_node02_name}
+ host: ${_param:cluster_node02_address}
+ port: ${_param:haproxy_kqueen_api_exposed_port}
+ params: backup check
+ - name: ${_param:cluster_node03_name}
+ host: ${_param:cluster_node03_address}
+ port: ${_param:haproxy_kqueen_api_exposed_port}
+ params: backup check
+ kqueen_ui:
+ mode: http
+ balance: source
+ options:
+ - forwardfor
+ - httpchk GET /ui/login
+ - httpclose
+ - httplog
+ balance: source
+ http_request:
+ - action: "add-header X-Forwarded-Proto https"
+ condition: "if { ssl_fc }"
+ sticks:
+ - http-check expect string 'KQueen'
+ binds:
+ - address: ${_param:haproxy_kqueen_ui_bind_host}
+ port: ${_param:haproxy_kqueen_ui_bind_port}
+ ssl: ${_param:haproxy_kqueen_ui_ssl}
+ servers:
+ - name: ${_param:cluster_node01_name}
+ host: ${_param:cluster_node01_address}
+ port: ${_param:haproxy_kqueen_ui_exposed_port}
+ params: check
+ - name: ${_param:cluster_node02_name}
+ host: ${_param:cluster_node02_address}
+ port: ${_param:haproxy_kqueen_ui_exposed_port}
+ params: backup check
+ - name: ${_param:cluster_node03_name}
+ host: ${_param:cluster_node03_address}
+ port: ${_param:haproxy_kqueen_ui_exposed_port}
+ params: backup check