Browse Source

Deprecate airship-in-a-bottle

Change-Id: Iabd48994f97a7c58fe902216f831f51cb72115f0
changes/55/720155/2
Roman Gorshunov 10 months ago
parent
commit
969b27c95a
276 changed files with 10 additions and 18634 deletions
  1. +0
    -9
      .github/SECURITY.md
  2. +0
    -10
      .gitignore
  3. +0
    -98
      .zuul.yaml
  4. +0
    -201
      LICENSE
  5. +0
    -25
      Makefile
  6. +10
    -53
      README.md
  7. +0
    -87
      Vagrantfile
  8. +0
    -10
      deployment_files/global/common/layering-policy.yaml
  9. +0
    -19
      deployment_files/global/common/schemas/pegleg/SiteDefinition/v1.yaml
  10. +0
    -31
      deployment_files/global/v1.0demo/baremetal/bootactions/seccomp-profiles.yaml
  11. +0
    -121
      deployment_files/global/v1.0demo/profiles/genesis.yaml
  12. +0
    -127
      deployment_files/global/v1.0demo/profiles/kubernetes-host.yaml
  13. +0
    -787
      deployment_files/global/v1.0demo/profiles/security/seccomp_default.yaml
  14. +0
    -12
      deployment_files/global/v1.0demo/schemas/armada/Chart/v1.yaml
  15. +0
    -12
      deployment_files/global/v1.0demo/schemas/armada/ChartGroup/v1.yaml
  16. +0
    -12
      deployment_files/global/v1.0demo/schemas/armada/Manifest/v1.yaml
  17. +0
    -164
      deployment_files/global/v1.0demo/schemas/drydock/BaremetalNode/v1.yaml
  18. +0
    -94
      deployment_files/global/v1.0demo/schemas/drydock/BootAction/v1.yaml
  19. +0
    -49
      deployment_files/global/v1.0demo/schemas/drydock/HardwareProfile/v1.yaml
  20. +0
    -155
      deployment_files/global/v1.0demo/schemas/drydock/HostProfile/v1.yaml
  21. +0
    -71
      deployment_files/global/v1.0demo/schemas/drydock/Network/v1.yaml
  22. +0
    -48
      deployment_files/global/v1.0demo/schemas/drydock/NetworkLink/v1.yaml
  23. +0
    -36
      deployment_files/global/v1.0demo/schemas/drydock/Rack/v1.yaml
  24. +0
    -31
      deployment_files/global/v1.0demo/schemas/drydock/Region/v1.yaml
  25. +0
    -645
      deployment_files/global/v1.0demo/schemas/pegleg/AccountCatalogue/v1.yaml
  26. +0
    -17
      deployment_files/global/v1.0demo/schemas/pegleg/AppArmorProfile/v1.yaml
  27. +0
    -116
      deployment_files/global/v1.0demo/schemas/pegleg/CommonAddresses/v1.yaml
  28. +0
    -15
      deployment_files/global/v1.0demo/schemas/pegleg/CommonSoftwareConfig/v1.yaml
  29. +0
    -143
      deployment_files/global/v1.0demo/schemas/pegleg/EndpointCatalogue/v1.yaml
  30. +0
    -19
      deployment_files/global/v1.0demo/schemas/pegleg/SeccompProfile/v1.yaml
  31. +0
    -1066
      deployment_files/global/v1.0demo/schemas/pegleg/SoftwareVersions/v1.yaml
  32. +0
    -16
      deployment_files/global/v1.0demo/schemas/promenade/Docker/v1.yaml
  33. +0
    -144
      deployment_files/global/v1.0demo/schemas/promenade/Genesis/v1.yaml
  34. +0
    -137
      deployment_files/global/v1.0demo/schemas/promenade/HostSystem/v1.yaml
  35. +0
    -31
      deployment_files/global/v1.0demo/schemas/promenade/Kubelet/v1.yaml
  36. +0
    -117
      deployment_files/global/v1.0demo/schemas/promenade/KubernetesNetwork/v1.yaml
  37. +0
    -47
      deployment_files/global/v1.0demo/schemas/promenade/KubernetesNode/v1.yaml
  38. +0
    -43
      deployment_files/global/v1.0demo/schemas/promenade/PKICatalog/PKICatalog.yaml
  39. +0
    -81
      deployment_files/global/v1.0demo/schemas/shipyard/DeploymentConfiguration/v1.yaml
  40. +0
    -74
      deployment_files/global/v1.0demo/schemas/shipyard/DeploymentStrategy/v1.yaml
  41. +0
    -170
      deployment_files/global/v1.0demo/software/charts/kubernetes/container-networking/calico.yaml
  42. +0
    -15
      deployment_files/global/v1.0demo/software/charts/kubernetes/container-networking/chart-group.yaml
  43. +0
    -142
      deployment_files/global/v1.0demo/software/charts/kubernetes/container-networking/etcd.yaml
  44. +0
    -169
      deployment_files/global/v1.0demo/software/charts/kubernetes/core/apiserver.yaml
  45. +0
    -15
      deployment_files/global/v1.0demo/software/charts/kubernetes/core/chart-group.yaml
  46. +0
    -119
      deployment_files/global/v1.0demo/software/charts/kubernetes/core/controller-manager.yaml
  47. +0
    -96
      deployment_files/global/v1.0demo/software/charts/kubernetes/core/scheduler.yaml
  48. +0
    -13
      deployment_files/global/v1.0demo/software/charts/kubernetes/dns/chart-group.yaml
  49. +0
    -120
      deployment_files/global/v1.0demo/software/charts/kubernetes/dns/coredns.yaml
  50. +0
    -13
      deployment_files/global/v1.0demo/software/charts/kubernetes/etcd/chart-group.yaml
  51. +0
    -136
      deployment_files/global/v1.0demo/software/charts/kubernetes/etcd/etcd.yaml
  52. +0
    -13
      deployment_files/global/v1.0demo/software/charts/kubernetes/haproxy/chart-group.yaml
  53. +0
    -101
      deployment_files/global/v1.0demo/software/charts/kubernetes/haproxy/haproxy.yaml
  54. +0
    -13
      deployment_files/global/v1.0demo/software/charts/kubernetes/ingress/chart-group.yaml
  55. +0
    -86
      deployment_files/global/v1.0demo/software/charts/kubernetes/ingress/ingress.yaml
  56. +0
    -14
      deployment_files/global/v1.0demo/software/charts/kubernetes/proxy/chart-group.yaml
  57. +0
    -68
      deployment_files/global/v1.0demo/software/charts/kubernetes/proxy/kubernetes-proxy.yaml
  58. +0
    -16
      deployment_files/global/v1.0demo/software/charts/osh/component-infrastructure/chart-group-infra.yaml
  59. +0
    -17
      deployment_files/global/v1.0demo/software/charts/osh/component-infrastructure/chart-group-shared.yaml
  60. +0
    -99
      deployment_files/global/v1.0demo/software/charts/osh/component-infrastructure/glance.yaml
  61. +0
    -108
      deployment_files/global/v1.0demo/software/charts/osh/component-infrastructure/heat.yaml
  62. +0
    -79
      deployment_files/global/v1.0demo/software/charts/osh/component-infrastructure/horizon.yaml
  63. +0
    -104
      deployment_files/global/v1.0demo/software/charts/osh/component-infrastructure/keystone.yaml
  64. +0
    -72
      deployment_files/global/v1.0demo/software/charts/osh/component-infrastructure/mariadb.yaml
  65. +0
    -67
      deployment_files/global/v1.0demo/software/charts/osh/component-infrastructure/memcached.yaml
  66. +0
    -69
      deployment_files/global/v1.0demo/software/charts/osh/component-infrastructure/rabbitmq.yaml
  67. +0
    -17
      deployment_files/global/v1.0demo/software/charts/osh/compute-kit/chart-group.yaml
  68. +0
    -66
      deployment_files/global/v1.0demo/software/charts/osh/compute-kit/libvirt.yaml
  69. +0
    -130
      deployment_files/global/v1.0demo/software/charts/osh/compute-kit/neutron.yaml
  70. +0
    -144
      deployment_files/global/v1.0demo/software/charts/osh/compute-kit/nova.yaml
  71. +0
    -67
      deployment_files/global/v1.0demo/software/charts/osh/compute-kit/openvswitch.yaml
  72. +0
    -14
      deployment_files/global/v1.0demo/software/charts/osh/ingress/chart-group.yaml
  73. +0
    -62
      deployment_files/global/v1.0demo/software/charts/osh/ingress/ingress.yaml
  74. +0
    -123
      deployment_files/global/v1.0demo/software/charts/ucp/armada/armada.yaml
  75. +0
    -15
      deployment_files/global/v1.0demo/software/charts/ucp/armada/chart-group.yaml
  76. +0
    -70
      deployment_files/global/v1.0demo/software/charts/ucp/armada/tiller.yaml
  77. +0
    -17
      deployment_files/global/v1.0demo/software/charts/ucp/core/chart-group.yaml
  78. +0
    -76
      deployment_files/global/v1.0demo/software/charts/ucp/core/ingress.yaml
  79. +0
    -109
      deployment_files/global/v1.0demo/software/charts/ucp/core/mariadb.yaml
  80. +0
    -101
      deployment_files/global/v1.0demo/software/charts/ucp/core/postgresql.yaml
  81. +0
    -114
      deployment_files/global/v1.0demo/software/charts/ucp/core/rabbitmq.yaml
  82. +0
    -188
      deployment_files/global/v1.0demo/software/charts/ucp/deckhand/barbican.yaml
  83. +0
    -16
      deployment_files/global/v1.0demo/software/charts/ucp/deckhand/chart-group.yaml
  84. +0
    -178
      deployment_files/global/v1.0demo/software/charts/ucp/deckhand/deckhand.yaml
  85. +0
    -13
      deployment_files/global/v1.0demo/software/charts/ucp/divingbell/chart-group.yaml
  86. +0
    -93
      deployment_files/global/v1.0demo/software/charts/ucp/divingbell/divingbell.yaml
  87. +0
    -14
      deployment_files/global/v1.0demo/software/charts/ucp/drydock/chart-group.yaml
  88. +0
    -180
      deployment_files/global/v1.0demo/software/charts/ucp/drydock/drydock.yaml
  89. +0
    -196
      deployment_files/global/v1.0demo/software/charts/ucp/drydock/maas.yaml
  90. +0
    -14
      deployment_files/global/v1.0demo/software/charts/ucp/keystone/chart-group.yaml
  91. +0
    -168
      deployment_files/global/v1.0demo/software/charts/ucp/keystone/keystone.yaml
  92. +0
    -80
      deployment_files/global/v1.0demo/software/charts/ucp/keystone/memcached.yaml
  93. +0
    -13
      deployment_files/global/v1.0demo/software/charts/ucp/promenade/chart-group.yaml
  94. +0
    -130
      deployment_files/global/v1.0demo/software/charts/ucp/promenade/promenade.yaml
  95. +0
    -21
      deployment_files/global/v1.0demo/software/charts/ucp/services-chart-group.yaml
  96. +0
    -13
      deployment_files/global/v1.0demo/software/charts/ucp/shipyard/chart-group.yaml
  97. +0
    -306
      deployment_files/global/v1.0demo/software/charts/ucp/shipyard/shipyard.yaml
  98. +0
    -18
      deployment_files/global/v1.0demo/software/charts/ucp/storage_provisioner/chart-group.yaml
  99. +0
    -85
      deployment_files/global/v1.0demo/software/charts/ucp/storage_provisioner/nfs-prov.yaml
  100. +0
    -16
      deployment_files/global/v1.0demo/software/config/Docker.yaml

+ 0
- 9
.github/SECURITY.md View File

@ -1,9 +0,0 @@
# Security Policy
## Reporting a Vulnerability
The Airship community is committed to expediently confirming, resolving, and
disclosing all reported security vulnerabilities. To report a security
vulnerabillity, please refer to our [vulnerability management process][1].
[1]: https://airship-docs.readthedocs.io/en/latest/security/vulnerabilities.html

+ 0
- 10
.gitignore View File

@ -1,10 +0,0 @@
# Sphinx documentation
doc/_build/
doc/build/
.tox
# OSX folder settings files
.DS_Store
# Other
.vagrant/

+ 0
- 98
.zuul.yaml View File

@ -1,98 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- project:
templates:
- docs-on-readthedocs
vars:
rtd_webhook_id: '38573'
rtd_project_name: 'airshipit'
check:
jobs:
- airship-in-a-bottle-linter
gate:
jobs:
- airship-in-a-bottle-linter
post:
jobs:
- airship-in-a-bottle-upload-git-mirror
- nodeset:
name: airship-integration-single-node
nodes:
- name: primary
label: ubuntu-bionic
- job:
name: airship-in-a-bottle-linter
run: tools/gate/playbooks/zuul-linter.yaml
nodeset: airship-integration-single-node
- job:
name: airship-in-a-bottle-upload-git-mirror
parent: upload-git-mirror
description: Mirrors airship/in-a-bottle to airshipit/airship-in-a-bottle
vars:
git_mirror_repository: airshipit/airship-in-a-bottle
secrets:
- name: git_mirror_credentials
secret: airship-in-a-bottle-airshipit-github-secret
pass-to-parent: true
- secret:
name: airship-in-a-bottle-airshipit-github-secret
data:
user: git
host: github.com
host_key: github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
ssh_key: !encrypted/pkcs1-oaep
- G7vSue9nRd4lCtNCSmg4NR4ZG34tyvUeURQkk0JGa98zYC+RDFlrSewg+7paYyf/8b+Jb
P2BlnoyyHeJeQ1P+pf9ifElL3iKS7GBk6GALHuwMxZX5rAKVndLeGDn3+aGpLqPmv68uE
o1TPStHSGMZvypo0qbZJP5B9ao1t88K+DPp4q4ym4AkW7ErQ30YvZ+8rtPF7srN0hsGtZ
8HU3LZbGn9EjlF2HP2n2j9QL2yVOFG2m3U4fO8D76ek7Gk/fB6kPo4d1DTYLKmjfgd/3v
CHh7QiRINIcNu0EOD+i5ODdnyKNjbHQxhKJXd1xCLjNzwPDmeu1QkAZUgSQLD65AtrXa4
Gta0UW2Im7U1/F6Q/6j5EqakshV90F6EuenOGoIJ9ZjDGoNohaTeuY+ri+QwwMeTU/DCX
RYIIuHu3rI/QsQYF3o02uY0dwpGO3YtRPkXN5B74RTObfCNllTSs/N6m1RbQHB+hjoEVp
fN+qk+n1MQGfWJiE5dZFsBQYLiVJhlbC+M/5NjR8pUtcsNlcpqSjuQ+PVYazACYlyJJ4/
59qjXb1Qpk4KOronTQCoYnNU+pxKy8I4hzFWGYJKYS0l8BN39eco1Gqo1hXTl28nxQ+bJ
p5F/UOx3shizH95s+bPNbiBwRoo9sEkhFoSlA1UZxRALflnGgJgXJs2/GEPcPQ=
- izn/asLSpM5n+z1vzegsMpXJl9UY2LqNi5Pyu8nwez/uKG66Ew4eEZf40LyCxaSg+zg8v
kXd+sx9iV0JyGpWUmSZzFmqD6/GVp4/uXrDchb4L+PqX2I+3BCVpQ/EIXVmgFpj1D91oQ
/cccWsgYN/ryLMja4Jq1vVTgCNT9t7LyLXk21TgNfaQwv4Q8YMv6efLb+EHihN+k9UsO6
JkwrwigrL8C3jPuoBHPKxexdTMm40GGk/+DA+wSEtWXlMDea+dk9ZOILfWVaMuUGidOdC
HF9agZqb3rALTlUOVuGGTHYQXAtrgC0CL1AiRZh0upOmtBMIfT5cVCmJBkuNOKyJpQgjq
Ela7r1tiNJ/BS0FdLtG1v2jpHC1dxK7GkLoUsmMITxf8awW9018JcfAGfC7pIGyIokLvs
OWrCDWk5MWW1LkrwciV78TJqVT24uaYGGYePLJ8b17sw2Jm0C54pUJJpYOFHU8D2gg23+
tl5jskCBwU22rOkm7vCfRAg7gtowPqV3HQQDbfH0CXq5XeE8+i/NMa5NWguUWoX+KyCTO
GRx47DPg0HpwDs0yCSsQ60eWi01ozWGQycQTzXI0iCkaQUFsGNV0tqxQYXesVAdhtFcdV
ZL5cRE5vnIVXP7/UFBsYgVpVayr6GSMakJrBGG4QTz+FMuTQVYun/oSjq1NLSs=
- MK7umdAeVLj9FHLrF2NVxp5r1/m6f04c79K53g8ctCtniw9JugbCyL4GXz8N4/G9d624K
XFcL7YNyIAfFgfY5oPmAutw7ygdBFmjHd+h3cGrx5qQTpzqln7qJPi1No7OzSOey3P0Dj
ryLSFHSDBo1kjp8yOvhFDZROK0o3+QEdW0jlFnnnNt3+/Ki5UrRwHkD5r0ZBk1nRdLKKB
ieKNfzyGpgnT5EDaciSoex8UiQhU1mMX9QNpHBoFLKz4gwJE2tqYo/tiF+D92aYtgURN2
UznLWoq+SDzcsjEpRotMsVGI55EjKJ3wpRqJvK3S7RA0/BbIc9j7p8gyoDTdEZ2M5IxRZ
OA5NCV2jdbZVJ85ArUCCaSI+gFBP3cOzJooFnHxlGeKm91a8dEFDgOKVt4b36+hLQ1PUg
ZhIZuA8iLxb2PTV1BsB3f1G+NUFzS8obDF2e+OP1BSSpF/NdqVxN92rZmBt6Uatb68fLm
aEiZyid12k9QmktyaLabFXuABttvJ9xDmLxZlqkkHcFkC/avbRWFwnwqwlXmFU1jlAlgr
FMxbxU13PFw22wQlsex/OZb1TOKTwKKPzkYIChpYSo4UHo2Q3FuIzqc/BoeSwZL7riAp5
w/zeb1Vji9r+xWgxWe13tpFC/CtOtWxkH28COSpjPgdFOj6RU08ZTMyAkHtP8o=
- XmAtvtkHqu5qTwYGIN62GyyY5AqKg+dwD+iv29vCeOE4DE7o30v1fuPk0qBEfRtygohC0
dan+KeZMi+9SpohTK+EgEynb140jnW1WS635G+IrvU1XvKba+AyO6qebmoKvFaNLFJtw5
uNmnGAKQKlyG43UeVyPYyaVEpNhOvo+n1DxgdORTguCW64Fysq1SR4lswGBwpOdPRsq6c
qMY+7adnDEWwpR54BjevUGV45adLyRUIq563oc8vUXRy8JXbMiscFTgsEVf2C+GzYDhJU
06AV3ewAstKps2YHiePYocavLESL0+mLDNS90jIWYiRac0VRpUFuZ6v/RxlO+6zPNpRbm
lGlpG/MR823nmz0YnRw8Px/XflYF49+PDnRXrgRVD8CkM/pWmaFSHDClQElGVczsEJE8v
ieG0MPkCbp058WSQjBgSllLkiG7hvuOUu7PvgQDrC+VhEp54O7cjxQkTN5q+DXlkKZc16
WNWfC0qYhsIjKfYO6vCNzIbjPB0T84cDI1FYCVVVEzn+1YFiI2DyI4lTClt/QDLJGPFJT
xAz5fmUOOeR3bMPrsfCd1t3l6B5bDtPuLDoFIc7SeWB2uqo05FuKRNfgLb1oGC6JTouWW
uk5BHGqmM5TPdeXbLxF58fGDD61VWxzuFgL68CIZcFN9qk/VP1ab6ThSeNc6FM=

+ 0
- 201
LICENSE View File

@ -1,201 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

+ 0
- 25
Makefile View File

@ -1,25 +0,0 @@
# Copyright 2018 AT&T Intellectual Property. All other rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
SHELL = /bin/bash
.PHONY: clean
clean:
rm -rf doc/build
.PHONY: docs
docs: clean build_docs
.PHONY: build_docs
build_docs:
tox -e docs

+ 10
- 53
README.md View File

@ -1,56 +1,13 @@
# Airship in a Bottle
This project is no longer maintained.
Airship is a broad integration of several components
enabling an automated, resilient Kubernetes-based infrastructure for hosting
Helm-deployed containerized workloads.
The contents of this repository are still available in the Git source
code management system. To see the contents of this repository before
it reached its end of life, please check out the previous commit with
"git checkout HEAD^1".
Airship is the name for the project formerly known as UCP or the Undercloud
Platform.
For replacement code, please, refer to https://docs.airshipit.org
(Airship Treasuremap), specifically to one of the sites: Airskiff,
Airsloop, Seaworthy and others.
Find more documentation for Airship in a Bottle on
[Read the Docs](https://airshipit.readthedocs.io/).
To get started, run the following in a fresh Ubuntu 16.04 VM
(minimum 4vCPU/20GB RAM/32GB disk). This will deploy Airship and Openstack Helm
(OSH):
```
sudo -i
mkdir -p /root/deploy && cd "$_"
git clone https://opendev.org/airship/airship-in-a-bottle
cd /root/deploy/airship-in-a-bottle/manifests/dev_single_node
./airship-in-a-bottle.sh
```
Or, alternatively, if you have Vagrant installed, just run the following
(only libvirt/kvm hypervisor is tested, but vagrant box supports VMware
Desktop/Workstation/Fusion, Parallels, and Hyper-V):
```
curl -O https://opendev.org/airship/airship-in-a-bottle/raw/branch/master/Vagrantfile
vagrant up
```
## Components
### Shipyard
Platform orchestrator for initial deployment, platform updates, and server
redeployments
### Promenade
The bootstrapper for the Kubernetes control plane - both on an initial genesis node
to get a working Kubernetes cluster and for adding additional nodes to the existing
Kubernetes cluster.
### Armada
Provisioner for Helm charts. Provides the capability to override chart values.yaml
items.
### Drydock
The orchestrator for physical asset provisioning (e.g. server deployment).
### Deckhand
YAML design data manager.
For any further questions, please email
airship-discuss@lists.airshipit.org or join #airshipit on Freenode.

+ 0
- 87
Vagrantfile View File

@ -1,87 +0,0 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
# The most common configuration options are documented and commented below.
# For a complete reference, please see the online documentation at
# https://docs.vagrantup.com.
# Every Vagrant development environment requires a box. You can search for
# boxes at https://vagrantcloud.com/search.
config.vm.box = "generic/ubuntu1604"
# Disable automatic box update checking. If you disable this, then
# boxes will only be checked for updates when the user runs
# `vagrant box outdated`. This is not recommended.
# config.vm.box_check_update = false
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine. In the example below,
# accessing "localhost:8080" will access port 80 on the guest machine.
# NOTE: This will enable public access to the opened port
# config.vm.network "forwarded_port", guest: 80, host: 8080
# Create a forwarded port mapping which allows access to a specific port
# within the machine from a port on the host machine and only allow access
# via 127.0.0.1 to disable public access
# config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
# Create a private network, which allows host-only access to the machine
# using a specific IP.
# config.vm.network "private_network", ip: "192.168.33.10"
# Create a public network, which generally matched to bridged network.
# Bridged networks make the machine appear as another physical device on
# your network.
# config.vm.network "public_network"
# Share an additional folder to the guest VM. The first argument is
# the path on the host to the actual folder. The second argument is
# the path on the guest to mount the folder. And the optional third
# argument is a set of non-required options.
# config.vm.synced_folder "../data", "/vagrant_data"
# Provider-specific configuration so you can fine-tune various
# backing providers for Vagrant. These expose provider-specific options.
# Example for VirtualBox:
#config.vm.provider "virtualbox" do |vb|
# # Display the VirtualBox GUI when booting the machine
# # vb.gui = true
#end
[:virtualbox, :parallels, :libvirt, :hyperv].each do |provider|
config.vm.provider provider do |vplh, override|
vplh.cpus = 4
vplh.memory = 20480
end
end
[:vmware_fusion, :vmware_workstation, :vmware_desktop].each do |provider|
config.vm.provider provider do |vmw, override|
vmw.vmx["memsize"] = "20480"
vmw.vmx["numvcpus"] = "4"
end
end
#
# View the documentation for the provider you are using for more
# information on available options.
# Enable provisioning with a shell script. Additional provisioners such as
# Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
# documentation for more information about their specific syntax and use.
# config.vm.provision "shell", inline: <<-SHELL
# apt-get update
# apt-get install -y apache2
# SHELL
config.vm.define "n0" do |node|
node.vm.hostname = "n0"
node.vm.provision :shell, inline: <<-SHELL
mkdir /root/deploy
git clone https://opendev.org/airship/airship-in-a-bottle /root/deploy/airship-in-a-bottle
cd /root/deploy/airship-in-a-bottle/manifests/dev_single_node
./airship-in-a-bottle.sh -y
SHELL
end
end

+ 0
- 10
deployment_files/global/common/layering-policy.yaml View File

@ -1,10 +0,0 @@
---
schema: deckhand/LayeringPolicy/v1
metadata:
schema: metadata/Control/v1
name: layering-policy
data:
layerOrder:
- global
- type
- site

+ 0
- 19
deployment_files/global/common/schemas/pegleg/SiteDefinition/v1.yaml View File

@ -1,19 +0,0 @@
---
schema: deckhand/DataSchema/v1
metadata:
schema: metadata/Control/v1
name: pegleg/SiteDefinition/v1
data:
$schema: http://json-schema.org/schema#
type: object
properties:
revision:
type: string
pattern: '^v.+$'
site_type:
type: string
required:
- revision
- site_type
additionalProperties: false

+ 0
- 31
deployment_files/global/v1.0demo/baremetal/bootactions/seccomp-profiles.yaml View File

@ -1,31 +0,0 @@
---
schema: 'drydock/BootAction/v1'
metadata:
schema: 'metadata/Document/v1'
name: seccomp-profiles
storagePolicy: 'cleartext'
layeringDefinition:
abstract: false
layer: global
substitutions:
- src:
schema: pegleg/SeccompProfile/v1
name: seccomp-default
path: .savePath
dest:
path: .assets[0].path
- src:
schema: pegleg/SeccompProfile/v1
name: seccomp-default
path: .content
dest:
path: .assets[0].data
data:
signaling: false
assets:
- type: file
permissions: '600'
data_pipeline:
- utf8_decode
...

+ 0
- 121
deployment_files/global/v1.0demo/profiles/genesis.yaml View File

@ -1,121 +0,0 @@
---
schema: promenade/Genesis/v1
metadata:
schema: metadata/Document/v1
name: genesis
labels:
genesis: enabled
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
# Software versions for bootstrapping phase
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.ucp.armada.api
dest:
path: .images.armada
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.ucp.armada.tiller
dest:
path: .images.helm.tiller
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.apiserver.apiserver
dest:
path: .images.kubernetes.apiserver
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.controller-manager.controller_manager
dest:
path: .images.kubernetes.controller-manager
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.etcd.etcd
dest:
path: .images.kubernetes.etcd
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.scheduler.scheduler
dest:
path: .images.kubernetes.scheduler
# Site-specific configuration
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .genesis.hostname
dest:
path: .hostname
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .genesis.ip
dest:
path: .ip
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .dns.node_domain
dest:
path: .domain
# Command prefix
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.service_cidr
dest:
path: .apiserver.command_prefix[1]
pattern: SERVICE_CIDR
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .kubernetes.service_node_port_range
dest:
path: .apiserver.command_prefix[2]
pattern: SERVICE_NODE_PORT_RANGE
data:
apiserver:
command_prefix:
- /apiserver
- --service-cluster-ip-range=SERVICE_CIDR
- --service-node-port-range=SERVICE_NODE_PORT_RANGE
- --authorization-mode=Node,RBAC
- --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds
- --endpoint-reconciler-type=lease
armada:
target_manifest: cluster-bootstrap
labels:
dynamic:
- calico-etcd=enabled
- coredns=enabled
- kube-ingress=enabled
- kubernetes-apiserver=enabled
- kubernetes-controller-manager=enabled
- kubernetes-etcd=enabled
- kubernetes-scheduler=enabled
- openstack-compute-node=enabled
- openstack-control-plane=enabled
- openvswitch=enabled
- promenade-genesis=enabled
- ucp-control-plane=enabled
- ceph-mon=enabled
- ceph-mds=enabled
- ceph-osd=enabled
- ceph-rgw=enabled
- ceph-mgr=enabled
files:
- path: /var/lib/anchor/calico-etcd-bootstrap
content: "# placeholder for triggering calico etcd bootstrapping\n# this file will be deleted"
mode: 0644
...

+ 0
- 127
deployment_files/global/v1.0demo/profiles/kubernetes-host.yaml View File

@ -1,127 +0,0 @@
---
schema: promenade/HostSystem/v1
metadata:
schema: metadata/Document/v1
name: host-system
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .files.kubelet
dest:
path: .files[0].tar_url
# Initial CoreDNS image (used during node Genesis and node join)
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.coredns.coredns
dest:
path: .images.coredns
# Initial CoreDNS image (used during node Genesis and node join)
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.haproxy.haproxy
dest:
path: .images.haproxy
# Operational tools
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.ucp.armada.helm
dest:
path: .images.helm.helm
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.kubectl
dest:
path: .images.kubernetes.kubectl
# System packages
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .packages.named.docker
dest:
path: .packages.required.docker
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .packages.named.socat
dest:
path: .packages.required.socat
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .packages.unnamed
dest:
path: .packages.additional
data:
files:
- path: /opt/kubernetes/bin/kubelet
tar_path: kubernetes/node/bin/kubelet
mode: 0555
- path: /etc/logrotate.d/json-logrotate
mode: 0444
content: |-
/var/lib/docker/containers/*/*-json.log
{
compress
copytruncate
create 0644 root root
daily
dateext
dateformat -%Y%m%d-%s
maxsize 10M
missingok
notifempty
su root root
rotate 1
}
packages:
# NOTE(mb874d): This method for specified repositories and keys will be
# change to align with Drydock's approach. Until then, we will specify
# it here.
repositories:
- deb http://apt.dockerproject.org/repo ubuntu-xenial main
keys:
- |-
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFWln24BEADrBl5p99uKh8+rpvqJ48u4eTtjeXAWbslJotmC/CakbNSqOb9o
ddfzRvGVeJVERt/Q/mlvEqgnyTQy+e6oEYN2Y2kqXceUhXagThnqCoxcEJ3+KM4R
mYdoe/BJ/J/6rHOjq7Omk24z2qB3RU1uAv57iY5VGw5p45uZB4C4pNNsBJXoCvPn
TGAs/7IrekFZDDgVraPx/hdiwopQ8NltSfZCyu/jPpWFK28TR8yfVlzYFwibj5WK
dHM7ZTqlA1tHIG+agyPf3Rae0jPMsHR6q+arXVwMccyOi+ULU0z8mHUJ3iEMIrpT
X+80KaN/ZjibfsBOCjcfiJSB/acn4nxQQgNZigna32velafhQivsNREFeJpzENiG
HOoyC6qVeOgKrRiKxzymj0FIMLru/iFF5pSWcBQB7PYlt8J0G80lAcPr6VCiN+4c
NKv03SdvA69dCOj79PuO9IIvQsJXsSq96HB+TeEmmL+xSdpGtGdCJHHM1fDeCqkZ
hT+RtBGQL2SEdWjxbF43oQopocT8cHvyX6Zaltn0svoGs+wX3Z/H6/8P5anog43U
65c0A+64Jj00rNDr8j31izhtQMRo892kGeQAaaxg4Pz6HnS7hRC+cOMHUU4HA7iM
zHrouAdYeTZeZEQOA7SxtCME9ZnGwe2grxPXh/U/80WJGkzLFNcTKdv+rwARAQAB
tDdEb2NrZXIgUmVsZWFzZSBUb29sIChyZWxlYXNlZG9ja2VyKSA8ZG9ja2VyQGRv
Y2tlci5jb20+iQI4BBMBAgAiBQJVpZ9uAhsvBgsJCAcDAgYVCAIJCgsEFgIDAQIe
AQIXgAAKCRD3YiFXLFJgnbRfEAC9Uai7Rv20QIDlDogRzd+Vebg4ahyoUdj0CH+n
Ak40RIoq6G26u1e+sdgjpCa8jF6vrx+smpgd1HeJdmpahUX0XN3X9f9qU9oj9A4I
1WDalRWJh+tP5WNv2ySy6AwcP9QnjuBMRTnTK27pk1sEMg9oJHK5p+ts8hlSC4Sl
uyMKH5NMVy9c+A9yqq9NF6M6d6/ehKfBFFLG9BX+XLBATvf1ZemGVHQusCQebTGv
0C0V9yqtdPdRWVIEhHxyNHATaVYOafTj/EF0lDxLl6zDT6trRV5n9F1VCEh4Aal8
L5MxVPcIZVO7NHT2EkQgn8CvWjV3oKl2GopZF8V4XdJRl90U/WDv/6cmfI08GkzD
YBHhS8ULWRFwGKobsSTyIvnbk4NtKdnTGyTJCQ8+6i52s+C54PiNgfj2ieNn6oOR
7d+bNCcG1CdOYY+ZXVOcsjl73UYvtJrO0Rl/NpYERkZ5d/tzw4jZ6FCXgggA/Zxc
jk6Y1ZvIm8Mt8wLRFH9Nww+FVsCtaCXJLP8DlJLASMD9rl5QS9Ku3u7ZNrr5HWXP
HXITX660jglyshch6CWeiUATqjIAzkEQom/kEnOrvJAtkypRJ59vYQOedZ1sFVEL
MXg2UCkD/FwojfnVtjzYaTCeGwFQeqzHmM241iuOmBYPeyTY5veF49aBJA1gEJOQ
TvBR8Q==
=Fm3p
-----END PGP PUBLIC KEY BLOCK-----

+ 0
- 787
deployment_files/global/v1.0demo/profiles/security/seccomp_default.yaml View File

@ -1,787 +0,0 @@
---
# The data content of this file is referred from the Moby project as
# mentioned in the link below:
# https://github.com/moby/moby/blob/master/profiles/seccomp/default.json
schema: 'pegleg/SeccompProfile/v1'
metadata:
schema: 'metadata/Document/v1'
name: seccomp-default
storagePolicy: 'cleartext'
layeringDefinition:
abstract: false
layer: global
data:
# Path for seccomp profile root directory.
seccompDirPath: /var/lib/kubelet/seccomp
# Path to save seccomp profile as file.
# This should be same as seccompDirPath with file name.
savePath: /var/lib/kubelet/seccomp/seccomp_default
# Content of default seccomp profile file.
content: |
{
"defaultAction": "SCMP_ACT_ERRNO",
"archMap": [
{
"architecture": "SCMP_ARCH_X86_64",
"subArchitectures": [
"SCMP_ARCH_X86",
"SCMP_ARCH_X32"
]
},
{
"architecture": "SCMP_ARCH_AARCH64",
"subArchitectures": [
"SCMP_ARCH_ARM"
]
},
{
"architecture": "SCMP_ARCH_MIPS64",
"subArchitectures": [
"SCMP_ARCH_MIPS",
"SCMP_ARCH_MIPS64N32"
]
},
{
"architecture": "SCMP_ARCH_MIPS64N32",
"subArchitectures": [
"SCMP_ARCH_MIPS",
"SCMP_ARCH_MIPS64"
]
},
{
"architecture": "SCMP_ARCH_MIPSEL64",
"subArchitectures": [
"SCMP_ARCH_MIPSEL",
"SCMP_ARCH_MIPSEL64N32"
]
},
{
"architecture": "SCMP_ARCH_MIPSEL64N32",
"subArchitectures": [
"SCMP_ARCH_MIPSEL",
"SCMP_ARCH_MIPSEL64"
]
},
{
"architecture": "SCMP_ARCH_S390X",
"subArchitectures": [
"SCMP_ARCH_S390"
]
}
],
"syscalls": [
{
"names": [
"accept",
"accept4",
"access",
"adjtimex",
"alarm",
"bind",
"brk",
"capget",
"capset",
"chdir",
"chmod",
"chown",
"chown32",
"clock_getres",
"clock_gettime",
"clock_nanosleep",
"close",
"connect",
"copy_file_range",
"creat",
"dup",
"dup2",
"dup3",
"epoll_create",
"epoll_create1",
"epoll_ctl",
"epoll_ctl_old",
"epoll_pwait",
"epoll_wait",
"epoll_wait_old",
"eventfd",
"eventfd2",
"execve",
"execveat",
"exit",
"exit_group",
"faccessat",
"fadvise64",
"fadvise64_64",
"fallocate",
"fanotify_mark",
"fchdir",
"fchmod",
"fchmodat",
"fchown",
"fchown32",
"fchownat",
"fcntl",
"fcntl64",
"fdatasync",
"fgetxattr",
"flistxattr",
"flock",
"fork",
"fremovexattr",
"fsetxattr",
"fstat",
"fstat64",
"fstatat64",
"fstatfs",
"fstatfs64",
"fsync",
"ftruncate",
"ftruncate64",
"futex",
"futimesat",
"getcpu",
"getcwd",
"getdents",
"getdents64",
"getegid",
"getegid32",
"geteuid",
"geteuid32",
"getgid",
"getgid32",
"getgroups",
"getgroups32",
"getitimer",
"getpeername",
"getpgid",
"getpgrp",
"getpid",
"getppid",
"getpriority",
"getrandom",
"getresgid",
"getresgid32",
"getresuid",
"getresuid32",
"getrlimit",
"get_robust_list",
"getrusage",
"getsid",
"getsockname",
"getsockopt",
"get_thread_area",
"gettid",
"gettimeofday",
"getuid",
"getuid32",
"getxattr",
"inotify_add_watch",
"inotify_init",
"inotify_init1",
"inotify_rm_watch",
"io_cancel",
"ioctl",
"io_destroy",
"io_getevents",
"ioprio_get",
"ioprio_set",
"io_setup",
"io_submit",
"ipc",
"kill",
"lchown",
"lchown32",
"lgetxattr",
"link",
"linkat",
"listen",
"listxattr",
"llistxattr",
"_llseek",
"lremovexattr",
"lseek",
"lsetxattr",
"lstat",
"lstat64",
"madvise",
"memfd_create",
"mincore",
"mkdir",
"mkdirat",
"mknod",
"mknodat",
"mlock",
"mlock2",
"mlockall",
"mmap",
"mmap2",
"mprotect",
"mq_getsetattr",
"mq_notify",
"mq_open",
"mq_timedreceive",
"mq_timedsend",
"mq_unlink",
"mremap",
"msgctl",
"msgget",
"msgrcv",
"msgsnd",
"msync",
"munlock",
"munlockall",
"munmap",
"nanosleep",
"newfstatat",
"_newselect",
"open",
"openat",
"pause",
"pipe",
"pipe2",
"poll",
"ppoll",
"prctl",
"pread64",
"preadv",
"preadv2",
"prlimit64",
"pselect6",
"pwrite64",
"pwritev",
"pwritev2",
"read",
"readahead",
"readlink",
"readlinkat",
"readv",
"recv",
"recvfrom",
"recvmmsg",
"recvmsg",
"remap_file_pages",
"removexattr",
"rename",
"renameat",
"renameat2",
"restart_syscall",
"rmdir",
"rt_sigaction",
"rt_sigpending",
"rt_sigprocmask",
"rt_sigqueueinfo",
"rt_sigreturn",
"rt_sigsuspend",
"rt_sigtimedwait",
"rt_tgsigqueueinfo",
"sched_getaffinity",
"sched_getattr",
"sched_getparam",
"sched_get_priority_max",
"sched_get_priority_min",
"sched_getscheduler",
"sched_rr_get_interval",
"sched_setaffinity",
"sched_setattr",
"sched_setparam",
"sched_setscheduler",
"sched_yield",
"seccomp",
"select",
"semctl",
"semget",
"semop",
"semtimedop",
"send",
"sendfile",
"sendfile64",
"sendmmsg",
"sendmsg",
"sendto",
"setfsgid",
"setfsgid32",
"setfsuid",
"setfsuid32",
"setgid",
"setgid32",
"setgroups",
"setgroups32",
"setitimer",
"setpgid",
"setpriority",
"setregid",
"setregid32",
"setresgid",
"setresgid32",
"setresuid",
"setresuid32",
"setreuid",
"setreuid32",
"setrlimit",
"set_robust_list",
"setsid",
"setsockopt",
"set_thread_area",
"set_tid_address",
"setuid",
"setuid32",
"setxattr",
"shmat",
"shmctl",
"shmdt",
"shmget",
"shutdown",
"sigaltstack",
"signalfd",
"signalfd4",
"sigreturn",
"socket",
"socketcall",
"socketpair",
"splice",
"stat",
"stat64",
"statfs",
"statfs64",
"statx",
"symlink",
"symlinkat",
"sync",
"sync_file_range",
"syncfs",
"sysinfo",
"syslog",
"tee",
"tgkill",
"time",
"timer_create",
"timer_delete",
"timerfd_create",
"timerfd_gettime",
"timerfd_settime",
"timer_getoverrun",
"timer_gettime",
"timer_settime",
"times",
"tkill",
"truncate",
"truncate64",
"ugetrlimit",
"umask",
"uname",
"unlink",
"unlinkat",
"utime",
"utimensat",
"utimes",
"vfork",
"vmsplice",
"wait4",
"waitid",
"waitpid",
"write",
"writev"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
"comment": "",
"includes": {},
"excludes": {}
},
{
"names": [
"personality"
],
"action": "SCMP_ACT_ALLOW",
"args": [
{
"index": 0,
"value": 0,
"valueTwo": 0,
"op": "SCMP_CMP_EQ"
}
],
"comment": "",
"includes": {},
"excludes": {}
},
{
"names": [
"personality"
],
"action": "SCMP_ACT_ALLOW",
"args": [
{
"index": 0,
"value": 8,
"valueTwo": 0,
"op": "SCMP_CMP_EQ"
}
],
"comment": "",
"includes": {},
"excludes": {}
},
{
"names": [
"personality"
],
"action": "SCMP_ACT_ALLOW",
"args": [
{
"index": 0,
"value": 131072,
"valueTwo": 0,
"op": "SCMP_CMP_EQ"
}
],
"comment": "",
"includes": {},
"excludes": {}
},
{
"names": [
"personality"
],
"action": "SCMP_ACT_ALLOW",
"args": [
{
"index": 0,
"value": 131080,
"valueTwo": 0,
"op": "SCMP_CMP_EQ"
}
],
"comment": "",
"includes": {},
"excludes": {}
},
{
"names": [
"personality"
],
"action": "SCMP_ACT_ALLOW",
"args": [
{
"index": 0,
"value": 4294967295,
"valueTwo": 0,
"op": "SCMP_CMP_EQ"
}
],
"comment": "",
"includes": {},
"excludes": {}
},
{
"names": [
"sync_file_range2"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
"comment": "",
"includes": {
"arches": [
"ppc64le"
]
},
"excludes": {}
},
{
"names": [
"arm_fadvise64_64",
"arm_sync_file_range",
"sync_file_range2",
"breakpoint",
"cacheflush",
"set_tls"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
"comment": "",
"includes": {
"arches": [
"arm",
"arm64"
]
},
"excludes": {}
},
{
"names": [
"arch_prctl"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
"comment": "",
"includes": {
"arches": [
"amd64",
"x32"
]
},
"excludes": {}
},
{
"names": [
"modify_ldt"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
"comment": "",
"includes": {
"arches": [
"amd64",
"x32",
"x86"
]
},
"excludes": {}
},
{
"names": [
"s390_pci_mmio_read",
"s390_pci_mmio_write",
"s390_runtime_instr"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
"comment": "",
"includes": {
"arches": [
"s390",
"s390x"
]
},
"excludes": {}
},
{
"names": [
"open_by_handle_at"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
"comment": "",
"includes": {
"caps": [
"CAP_DAC_READ_SEARCH"
]
},
"excludes": {}
},
{
"names": [
"bpf",
"clone",
"fanotify_init",
"lookup_dcookie",
"mount",
"name_to_handle_at",
"perf_event_open",
"quotactl",
"setdomainname",
"sethostname",
"setns",
"umount",
"umount2",
"unshare"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
"comment": "",
"includes": {
"caps": [
"CAP_SYS_ADMIN"
]
},
"excludes": {}
},
{
"names": [
"clone"
],
"action": "SCMP_ACT_ALLOW",
"args": [
{
"index": 0,
"value": 2080505856,
"valueTwo": 0,
"op": "SCMP_CMP_MASKED_EQ"
}
],
"comment": "",
"includes": {},
"excludes": {
"caps": [
"CAP_SYS_ADMIN"
],
"arches": [
"s390",
"s390x"
]
}
},
{
"names": [
"clone"
],
"action": "SCMP_ACT_ALLOW",
"args": [
{
"index": 1,
"value": 2080505856,
"valueTwo": 0,
"op": "SCMP_CMP_MASKED_EQ"
}
],
"comment": "s390 parameter ordering for clone is different",
"includes": {
"arches": [
"s390",
"s390x"
]
},
"excludes": {
"caps": [
"CAP_SYS_ADMIN"
]
}
},
{
"names": [
"reboot"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
"comment": "",
"includes": {
"caps": [
"CAP_SYS_BOOT"
]
},
"excludes": {}
},
{
"names": [
"chroot"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
"comment": "",
"includes": {
"caps": [
"CAP_SYS_CHROOT"
]
},
"excludes": {}
},
{
"names": [
"delete_module",
"init_module",
"finit_module",
"query_module"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
"comment": "",
"includes": {
"caps": [
"CAP_SYS_MODULE"
]
},
"excludes": {}
},
{
"names": [
"acct"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
"comment": "",
"includes": {
"caps": [
"CAP_SYS_PACCT"
]
},
"excludes": {}
},
{
"names": [
"kcmp",
"process_vm_readv",
"process_vm_writev",
"ptrace"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
"comment": "",
"includes": {
"caps": [
"CAP_SYS_PTRACE"
]
},
"excludes": {}
},
{
"names": [
"iopl",
"ioperm"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
"comment": "",
"includes": {
"caps": [
"CAP_SYS_RAWIO"
]
},
"excludes": {}
},
{
"names": [
"settimeofday",
"stime",
"clock_settime"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
"comment": "",
"includes": {
"caps": [
"CAP_SYS_TIME"
]
},
"excludes": {}
},
{
"names": [
"vhangup"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
"comment": "",
"includes": {
"caps": [
"CAP_SYS_TTY_CONFIG"
]
},
"excludes": {}
},
{
"names": [
"get_mempolicy",
"mbind",
"set_mempolicy"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
"comment": "",
"includes": {
"caps": [
"CAP_SYS_NICE"
]
},
"excludes": {}
}
]
}

+ 0
- 12
deployment_files/global/v1.0demo/schemas/armada/Chart/v1.yaml View File

@ -1,12 +0,0 @@
---
schema: 'deckhand/DataSchema/v1'
metadata:
schema: metadata/Control/v1
name: armada/Chart/v1
labels:
application: armada
data:
$schema: 'http://json-schema.org/schema#'
type: 'object'
additionalProperties: true
...

+ 0
- 12
deployment_files/global/v1.0demo/schemas/armada/ChartGroup/v1.yaml View File

@ -1,12 +0,0 @@
---
schema: 'deckhand/DataSchema/v1'
metadata:
schema: metadata/Control/v1
name: armada/ChartGroup/v1
labels:
application: armada
data:
$schema: 'http://json-schema.org/schema#'
type: 'object'
additionalProperties: true
...

+ 0
- 12
deployment_files/global/v1.0demo/schemas/armada/Manifest/v1.yaml View File

@ -1,12 +0,0 @@
---
schema: 'deckhand/DataSchema/v1'
metadata:
schema: metadata/Control/v1
name: armada/Manifest/v1
labels:
application: armada
data:
$schema: 'http://json-schema.org/schema#'
type: 'object'
additionalProperties: true
...

+ 0
- 164
deployment_files/global/v1.0demo/schemas/drydock/BaremetalNode/v1.yaml View File

@ -1,164 +0,0 @@
---
schema: 'deckhand/DataSchema/v1'
metadata:
schema: metadata/Control/v1
name: drydock/BaremetalNode/v1
labels:
application: drydock
data:
$schema: 'http://json-schema.org/schema#'
id: 'http://att.com/att-comdev/drydock/baremetalNode.yaml'
type: 'object'
properties:
addressing:
type: 'array'
items:
type: 'object'
properties:
address:
type: 'string'
network:
type: 'string'
oob:
type: 'object'
properties:
type:
type: 'string'
network:
type: 'string'
account:
type: 'string'
credetial:
type: 'string'
additionalProperties: true
storage:
type: 'object'
properties:
physical_devices:
type: 'object'
additionalProperties:
type: 'object'
properties:
labels:
type: 'object'
additionalProperties:
type: 'string'
volume_group:
type: 'string'
partitions:
type: 'array'
items:
type: 'object'
properties:
name:
type: 'string'
size:
type: 'string'
part_uuid:
type: 'string'
volume_group:
type: 'string'
labels:
type: 'object'
additionalProperties:
type: 'string'
bootable:
type: 'boolean'