With latest changes build images jobs uses zuul.change variable
which is not defined for merge event.
Also using build job as a parent for publish creates an unnessesarly
execution of make command which we repeat later under publish playbook.
That change removes that dependency.
Change-Id: I7e02c2f3ef2ccd8b9db9872b123222020f80664a
* airship-airshipctl-update-github-issues job adds comments
to related github issue on PS merge based on the tag(Realtes-To/Closes)
in commit message.
* airshipbot is already doing the job of adding comments to issues on new PSs
and updating the status (closed, reopen) as applicable.
* So the job airship-airshipctl-update-github-issues is redundant when airshipbot
is running.
Change-Id: I2c6fa748d3334384bf5b31c87d9501a006a153c1
Relates-To: #502
controlplane_target phase is needed for target cluster more than a
single node
Signed-off-by: James Gu <james.gu@att.com>
Change-Id: I6e77d4268cdee0ebcc65e1f9172ef645ced53337
Added 2 phases:
1. secret-reencrypt - This phase can be used to
reecnrypt the existing secrets with new key.
To do so SOPS_IMPORT_PGP must contain
old public key and new private key (but
may also include other data).
SOPS_PGP_FP must contain fingerprint of
new private key.
2. secret-show - This phase may be useful for some users
that need to see what generated by secret-generate phase.
Disabled SOPS debug by default.
To enable it back run commands with
env variable DEBUG_SOPS_GPG=true
Change-Id: Id7fe13d6943d386577df25dba4aaa83e62e58980
With this commit QCOW images are pulled as a docker image to new
qcow-bundle container within ironic pod and copy them to shared ironic
volume to be served to hosts.
Also squashed with [0], manifests are adjusted to consume new QCOWs and
old QCOW related funtionality is removed.
[0] https://review.opendev.org/c/airship/airshipctl/+/776270
Co-Authored-By: Alexey Odinokov <aodinokov@mirantis.com>
Co-Authored-By: Craig Anderson <craig.anderson@att.com>
Change-Id: I958184b34ae94206bc5e87993e9287587b6a11d9
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
This patchset introduces a generated with template [1] and encrypted
VariableCatalogue generated-secrets that contains steps to
generate: ephemeral and target CA+admin key/cert and passwords for
users in ephemeral bootstrap iso.
It also introduces the way how these secrets are used in manifests:
They're decrypted by kustomize and incorporated into the folders
`catalogues` in the site, so they can be used by replacement plugin.
This patchset contains modifications in replacement plugin
configurations to put the decrypted values from VariableCatalogue
in place.
Since k8s secrets were substituted with generated values
this patchset removes pre-generated k8s secrets.
[1]
manifests/type/gating/target/generator/secret-template.yaml
Change-Id: I0898c74012833f0e171d36bb8145acf358510b69
zuul takes playbooks from master
and if it's necessary to add one more step to
that playbooks, it's necessary to add that first
to playbook, merge and only after that merge the step
itself.
Change-Id: I9569e1e7e4b8be216563ee66b6e6adea170f5aa1
This job doesn't work properly since a lot of changes in the
airshipctl logic were applied. All the issues were addressed.
Change-Id: Iec6fa7e6a3aa1ab46d496a8fd63822df1f8124cc
Signed-off-by: Ruslan Aliev <raliev@mirantis.com>
Relates-To: #19
* Removed the duplicate script for CAPI ephemeral node deployment
* Updated the generic script to support all providers
Change-Id: Icc1bed5c1b62662109b43ec94ee2fdb5de6de09b
This commit fixes validate site by introducing the encryption mechanism
Signed-off-by: Sreejith Punnapuzha <Sreejith.Punnapuzha@outlook.com>
Change-Id: I01f6aa7ddfee16b06b40f6bfa06b2192a7931cd3
This phase builded on top of generic executor container.
It uses kustomize generator to generate secrets
and SOPS function to encrypt secrets.
Usage:
1. `curl -fsSL -o key.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc`
Copy existing key from sops project
2. `export SOPS_IMPORT_PGP="$(cat key.asc)" && export SOPS_PGP_FP="FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4"`
3. `airshipctl phase run secret-generate`
It will generate and encrypt secret in
manifests/site/test-site/target/generator/results/generated/
4. `KUSTOMIZE_PLUGIN_HOME=$(pwd)/manifests SOPS_IMPORT_PGP=$(cat key.asc) kustomize build --enable_alpha_plugins
manifests/site/test-site/target/catalogues/ > output.txt`
It will decrypt encrypted secret
Co-authored-by: Alexey Odinokov <aodinokov@mirantis.com>
Change-Id: I1682d71b7805eb36c407e712dcb747de799bc8bb
Relates-To: #379
This introduces airshipctl integration with image-builder [0], which
replaces the existing isogen tool for ephemeral ISO generation.
The airshipctl isogen executor has been updated for building ephemeral
ISOs using the image-builder container. The ability for user-declared
filenames for cloud-init user data and network data was removed, since
the user's only interest is in supplying the relevant overrides, not in
transparent naming coordination with the image-builder container. A new
object is added to the document package to identify the document kind,
label, and key to retrieve data from since this is pattern we will
reuse elsewhere.
Progress flag removed as requsted. Progress is reported directly by the
image-builder container.
Isogen debug flag removed in favor of using log.DebugEnabled()
[0] https://review.opendev.org/#/c/730777/
Depends-On: https://review.opendev.org/c/airship/images/+/730777/
Change-Id: I545004feaf2116f8ffb29faf6f7f7f5fcfe24fff
This PS updates ironic deployment with IPA init container
which contains python agent agent packages which are ubuntu based
packages. The docker image for this can found here [0]
[0]
https://opendev.org/airship/images/src/branch/master/ipa-downloader-image
Change-Id: Idaaafb2ddb562cf22a62df36100dd1e6c76211fc
* clusterctl commands are driven through phase run.
So removing install clusterctl CLI utility from gate
script
Change-Id: I1c57aa07a9e19495c94c3080d0ce40dfc0e5dd47
This commit integrates the Azure provider to the Airship 2.0 project.
It adds the following folders:
- manifest/function/capz: This folder contains all manifests required
for the integration of Azure provider.
- manifest/function/k8scontrol-capz: This folder contains the base
manifest for the Azure Workload cluster.
- manifest/site/az-test-site: This folder contains the manifests used
for initializing the CAPI and CAPZ components on the management cluster
invoking "airshipctl cluster init" and manifests used for deploying a
Workload cluster on the Azure Cloud by invoking the command
"airshipctl phase apply azure".
- tools/deployment/azure: provides the script shell that are used in the
zuul gates and local test.
Updated files:
- zuul.d/project.yaml and zuul.d/jobs.yaml have been updated to include
gates for validating the Azure provider integration.
Change-Id: Icbdc7f6f42c159f48dd11e35626da3bc016f5487
This adds gating for helm release management by including a minimal
example workload phase which consists of a HelmRelease for the nginx
ingress controller and a corresponding deployment script including
supporting validation logic.
Change-Id: Ia21a799030289c7e40a0e61292578987ea0f6c63
Relates-To: #351
Since we have switched from debian to ubuntu based image and changed the
name (in https://review.opendev.org/733078) we need to align it with
airshipctl repository.
Renaming the following names:
1) debian-custom.iso -> ubuntu-focal.iso
2) quay.io/airshipit/isogen:latest-debian_stable -> quay.io/airshipit/isogen:latest-ubuntu_focal
Updating the following packages and resources:
1) k8s 1.17.3 -> 1.18.6
2) docker 19.03.9 -> 19.03.12
3) Calico 3.9 -> 3.15
Change-Id: I7eaf382acb79016a511db6e0955fa932c02963c4
We should use interface naming independent on OS, type, speed, slot etc.
This CR takes an approach that is already used for the target node.
To define VMs, their script uses MAC addresses from manifests.
Relates-To: #285
Change-Id: Iafffd23bc584d2daf3fed5ee301491f447498193
This PS has a function which constructs a collection of Metal3 BareMetalHost
resources, along with associated configuration Secrets.
It solves for a couple of things:
1. pulling the nitty gritty details for generating BMH into one reusable place,
2. allowing the site-specific details to be filled in via catalogues of values
This function leverages a couple of different plugins in sequence:
The airshipctl Replacement plugin, which pulls the site-specific data from
the catalogue documents into a Templater plugin configuration; and then
the airshipctl Templater plugin, which generates a variable number of
BMHs in a data-driven fashion.
More details can be found in the README.md in this patchset.
Closes: #245
Change-Id: I3ddbd36dc53ea6afbd633098c985f4b28bcbb793
Removed orphaned local scripts because some roles were removed.
Fixed env vars for proper configuration.
Updated documentation accordingly.
Change-Id: I37f0c8d038fb51ddaa57664a65d347056df6f007
CI jobs have been rewritten in Bash scripts and seem to be working fine for the
past few weeks. Removing now redundant Ansiblle-based CI jobs.
This would reduce workload we impose in CI infrastructure.
Change-Id: I690405f5401da0beeb4b176ab22cffdfda24a09f
apt/yum use is not convenient, package module automatically uses
the underlying OS package manager. Also, some ansible roles currently
use only apt module without yum, therefore patch fixes this bug too.
Change-Id: I5dd49d513d1a791ab51ca6ce6eb1c079542c5624
Signed-off-by: Ruslan Aliev <raliev@mirantis.com>
* This commit adds python3-setuptools to required packages, so that
the job airship-airshipctl-update-github-issues will not fail
Change-Id: I7b5a93e83175bb19dd6145f1af6bf7f6fd7a4d61
There is need to ensure that appropriate directory does not exist
before clonining source code into it, otherwise git throws an error.
The destination folder name for cloning was fixed. Variable name which
uses for task fail verification was corrected.
Relates-To: #271
Closes: #271
Change-Id: I9c2bd03f68e6c34fc28b900f11dbaadd190087e8
Signed-off-by: Ruslan Aliev <raliev@mirantis.com>
* when remote_work_dir is set, document pull happens from the
remote_work_dir (/tmp/airship) with a folder created within
remote_work_dir with repo name (/tmp/airship/airshipctl).
However the manifest yamls of kind "Clusterctl"
refers to a relative path from work_dir and it fails
finding expected objects.
example: manifests/function/capm3/v0.3.1
* So trying to avoid document pull, and use current dir for workspace.
similar to Zuul gate implementation
Change-Id: I63fd5476247f957745e15cbdfceb5fb483758e83
K8s control plane is deployed by KubeadmControlPlane controller. This
controller creates CAPI machines and infrastructure objects
(Metal3Machine). Metal3Machine objects are created based on a template
which contins host selector label. Control plane label is assigned to a
particular BareMetalHots object defined inside of the shared
kustomization.
Relates-To: #149
Closes: #221
Change-Id: I3be1750aacf9736ece2944045c036f405e404561
This adds a gate which loops over all phases in all sites,
and performs an airshipctl apply --dry-run on them to ensure YAML
validity and schema adherence. Aside from installation tasks,
the gate is run via a makefile entrypoint so that it can be
easily consumed by developers or by non-zuul CICD platforms.
Change-Id: Ie4ab246848a580ab20c3153af1e3749a27e3f770