Zuul: Initial Airship-Drydock checks
This PS adds the skeleton for a set of zuul checks and gates for Airship, using the framework from OpenStack-Helm. [Fix] Zuul lint fix - Fix whitespace linting errors - Update docuemtation errors - Remove dead tests Change-Id: Id1ed3aa2321d518ed15fcbb3b698b49709bed287 Signed-off-by: Pete Birley <pete@port.direct>
This commit is contained in:
parent
ae6a990940
commit
cd9770a979
58
.zuul.yaml
Normal file
58
.zuul.yaml
Normal file
@ -0,0 +1,58 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- project:
|
||||
check:
|
||||
jobs:
|
||||
- airship-drydock-linter
|
||||
- airship-drydock-ubuntu:
|
||||
voting: false
|
||||
irrelevant-files:
|
||||
- ^.*\.rst$
|
||||
- ^doc/.*$
|
||||
- ^releasenotes/.*$
|
||||
gate:
|
||||
jobs:
|
||||
- airship-drydock-linter
|
||||
# NOTE(portdirect): enable when voting enabled.
|
||||
# - airship-drydock-ubuntu:
|
||||
# irrelevant-files:
|
||||
# - ^.*\.rst$
|
||||
# - ^doc/.*$
|
||||
# - ^releasenotes/.*$
|
||||
|
||||
- job:
|
||||
name: airship-drydock-linter
|
||||
run: tools/gate/playbooks/zuul-linter.yaml
|
||||
nodeset: openstack-helm-single-node
|
||||
|
||||
- job:
|
||||
name: airship-drydock
|
||||
roles:
|
||||
- zuul: openstack/openstack-helm-infra
|
||||
vars:
|
||||
zuul_osh_infra_relative_path: ../openstack-helm-infra/
|
||||
timeout: 7200
|
||||
pre-run:
|
||||
- tools/gate/playbooks/osh-infra-upgrade-host.yaml
|
||||
- tools/gate/playbooks/osh-infra-deploy-docker.yaml
|
||||
- tools/gate/playbooks/osh-infra-build.yaml
|
||||
- tools/gate/playbooks/osh-infra-deploy-k8s.yaml
|
||||
run: tools/gate/playbooks/airship-drydock-check.yaml
|
||||
post-run: tools/gate/playbooks/osh-infra-collect-logs.yaml
|
||||
required-projects:
|
||||
- openstack/openstack-helm-infra
|
||||
|
||||
- job:
|
||||
name: airship-drydock-ubuntu
|
||||
parent: airship-drydock
|
||||
nodeset: openstack-helm-single-node
|
@ -3,14 +3,14 @@
|
||||
A python REST orchestrator to translate a YAML host topology to a provisioned
|
||||
set of hosts and provide a set of post-provisioning instructions.
|
||||
|
||||
See full documentation in [docs/source/index.rst](docs/source/index.rst).
|
||||
See full documentation at [http://att-comdev-drydock.readthedocs.io/](http://att-comdev-drydock.readthedocs.io/).
|
||||
|
||||
## Required
|
||||
|
||||
* Python 3.5+
|
||||
* A running instance of Postgres v9.5+
|
||||
* A running instance of Openstack Keystone w/ the v3 API enabled
|
||||
* A running instance of Canonical MaaS v2.2+
|
||||
* A running instance of Canonical MaaS v2.3+
|
||||
|
||||
## Recommended
|
||||
|
||||
@ -47,7 +47,7 @@ to deploy Drydock into a Kubernetes cluster. Additionally use of
|
||||
the rest of the UCP services provides additional functionality
|
||||
for deploying (Armada) and using (Promenade, Deckhand) Drydock.
|
||||
|
||||
You can see an example of a full UCP deployment in the [UCP Integration](https://github.comatt-comdev/ucp-integration) repository.
|
||||
You can see an example of a full UCP deployment in the [UCP Integration](https://github.com/att-comdev/ucp-integration) repository.
|
||||
|
||||
### Stand up Kubernetes
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
"""create base database tables
|
||||
|
||||
Revision ID: 9593a123e7c5
|
||||
Revises:
|
||||
Revises:
|
||||
Create Date: 2017-09-21 14:56:13.866443
|
||||
|
||||
"""
|
||||
|
@ -20,7 +20,7 @@ Will provide attributes for configuring Node/Machine interfaces
|
||||
MaaS will be configured with a single 'space'. Each Network in Drydock
|
||||
will translate to a unique MaaS fabric+vlan+subnet. Any network with
|
||||
an address range of type 'dhcp' will cause DHCP to be enabled in MaaS
|
||||
for that network.
|
||||
for that network.
|
||||
|
||||
### Hardware Profile ###
|
||||
|
||||
@ -43,4 +43,4 @@ addressing
|
||||
MaaS
|
||||
* base_os - Select which stream a node will be deployed with
|
||||
* kernel and kernel params - Allow for custom kernel selection and parameter
|
||||
definition
|
||||
definition
|
||||
|
@ -9,7 +9,7 @@ so that various downstream automation can be used. A driver must implement all a
|
||||
The oob drivers will interface with physical servers' out-of-band
|
||||
management system (e.g. Dell iDRAC, HP iLO, etc...). OOB management
|
||||
will be used for setting a system to use PXE boot and power cycling
|
||||
servers.
|
||||
servers.
|
||||
|
||||
### Actions ###
|
||||
|
||||
@ -32,7 +32,7 @@ and storage.
|
||||
* CreateStorageTemplate - Configure site-wide storage information in bootstrapper
|
||||
* CreateBootMedia - Ensure all needed boot media is available to the bootstrapper including external repositories
|
||||
* PrepareHardwareConfig - Prepare the bootstrapper to handle all hardware configuration actions (firmware updates, RAID configuration, driver installation)
|
||||
* IdentifyNode - Correlate a node definition in the Drydock internal model with a node detected by the downstream node bootstrapper.
|
||||
* IdentifyNode - Correlate a node definition in the Drydock internal model with a node detected by the downstream node bootstrapper.
|
||||
* ConfigureHardware - Update and validate all hardware configurations on a node prior to deploying the OS on it
|
||||
* InterrogateNode - Interrogate the bootstrapper about node information. Depending on the current state of the node, this interrogation will produce different information.
|
||||
* ApplyNodeNetworking - Configure networking for a node
|
||||
@ -53,4 +53,4 @@ are required.
|
||||
|
||||
* InterrogatePort - Request information about the current configuration of a network port
|
||||
* ConfigurePortProvisioning - Configure a network port in provisioning (PXE) mode
|
||||
* ConfigurePortProduction - Configure a network port in production (configuration post-deployment) mode
|
||||
* ConfigurePortProduction - Configure a network port in production (configuration post-deployment) mode
|
||||
|
@ -1,349 +0,0 @@
|
||||
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
---
|
||||
# Site/Region wide definitions. Each design part will be a constituent
|
||||
# of the design for exactly one Region
|
||||
apiVersion: 'v1.0'
|
||||
kind: Region
|
||||
metadata:
|
||||
name: sitename
|
||||
date: 17-FEB-2017
|
||||
description: Sample site design
|
||||
author: sh8121@att.com
|
||||
spec:
|
||||
# List of query-based definitions for applying tags to deployed nodes
|
||||
tag_definitions:
|
||||
- tag: 'high_memory'
|
||||
# Tag to apply to nodes that qualify for the query
|
||||
definition_type: 'lshw_xpath'
|
||||
# Only support on type for now - 'lshw_xpath' used by MaaS
|
||||
definition: //node[@id="memory"]/'size units="bytes"' > 137438953472
|
||||
# an xpath query that is run against the output of 'lshw -xml' from the node
|
||||
# Image and package repositories needed by Drydock drivers. Needs to be defined
|
||||
repositories:
|
||||
- name: 'ubuntu-main'
|
||||
authorized_keys:
|
||||
- |
|
||||
valid ssh key string
|
||||
- |
|
||||
valid ssh key string
|
||||
---
|
||||
apiVersion: 'v1.0'
|
||||
kind: NetworkLink
|
||||
metadata:
|
||||
name: oob
|
||||
region: sitename
|
||||
date: 17-FEB-2017
|
||||
author: sh8121@att.com
|
||||
description: Describe layer 1 attributes. Primary key is 'name'. These settings will generally be things the switch and server have to agree on
|
||||
spec:
|
||||
bonding:
|
||||
# Mode can be 'disabled', '802.3ad', 'balanced-rr', 'active-backup'. Defaults to disabled
|
||||
mode: '802.3ad'
|
||||
# The below apply to 802.3ad (LACP
|
||||
# Link selection hash. Supports 'layer3+4', 'layer2', 'layer2+3'. Defaults to 'layer3+4'
|
||||
hash: 'layer3+4'
|
||||
# LACP peering rate. Supports 'slow', 'fast'. Defaults to 'fast'
|
||||
peer_rate: 'fast'
|
||||
# LACP link monitor rate in milliseconds. Defaults to 100ms
|
||||
mon_rate: 100
|
||||
# LACP delay for marking link up in milliseconds. Must be greater than mon_rate. Defaults to 200ms
|
||||
up_delay: 200
|
||||
# LACP dleay for marking link down in milliseconds. Must be greater than mon_rate. Defaults to 200ms
|
||||
down_delay: 200
|
||||
# Physical link default MTU size. No default
|
||||
mtu: 1500
|
||||
# Physical link speed. Supports 'auto', '100full'. Gigabit+ speeds require auto. No default
|
||||
linkspeed: 'auto'
|
||||
# Settings for using a link for multiple L2 networks
|
||||
trunking:
|
||||
# Trunking mode. Supports 'disabled', '802.1q'. Defaults to disabled
|
||||
mode: disabled
|
||||
# If disabled, what network is this port on. If '802.1q' what is the default network for the port. No default.
|
||||
default_network: oob
|
||||
# List of Network names that are supported on this link. A Network can be listed on only one NetworkLink
|
||||
allowed_networks:
|
||||
- 'oob'
|
||||
---
|
||||
apiVersion: 'v1.0'
|
||||
kind: Network
|
||||
metadata:
|
||||
name: oob
|
||||
region: sitename
|
||||
date: 17-FEB-2017
|
||||
author: sh8121@att.com
|
||||
description: Describe layer 2 and 3 attributes. Primary key is 'name'.
|
||||
spec:
|
||||
# CIDR representation of network number and netmask
|
||||
cidr: '172.16.1.0/24'
|
||||
# How addresses are allocated on the network. Supports 'static', 'dhcp'. Defaults to 'static'
|
||||
allocation: 'static'
|
||||
# VLAN of this network. Defaults to None
|
||||
vlan: 100
|
||||
# MTU of this network. Defaults to the MTU specified for the NetworkLink used for this network
|
||||
dns:
|
||||
# Domain name used to register addresses assigned from this network. Defaults to 'local'
|
||||
domain: 'aic.att.com'
|
||||
# Comma-separated list of DNS server IP addresses. These will be configured on the node if
|
||||
# this network is identified as the node's primary network
|
||||
servers: '8.8.8.8, 4.4.4.4'
|
||||
# Defined IP address ranges. All node IP address assignments must fall into a defined range
|
||||
# of the correct type
|
||||
ranges:
|
||||
# Type of range. Supports 'reserved', 'static' or 'dhcp'. No default
|
||||
- type: 'dhcp'
|
||||
# Start of the address range, inclusive. No default
|
||||
start: '172.16.1.100'
|
||||
# End of the address range, inclusive. No default
|
||||
end: '172.16.1.254'
|
||||
# Routes defined for this network, including the default route (i.e. default gateway)
|
||||
routes:
|
||||
# The network being routed to in CIDR notation. Default gateway is 0.0.0.0/0.
|
||||
- subnet: '0.0.0.0/0'
|
||||
# Next hop for traffic using this route
|
||||
gateway: '172.16.1.3'
|
||||
# Selection metric for the host selecting this route. No default
|
||||
metric: 10
|
||||
---
|
||||
apiVersion: 'v1.0'
|
||||
kind: HardwareProfile
|
||||
metadata:
|
||||
name: DellR720v2
|
||||
region: sitename
|
||||
date: 17-FEB-2017
|
||||
author: sh8121@att.com
|
||||
description: Describe server hardware attributes. Not a specific server, but profile adopted by a server defintion.
|
||||
spec:
|
||||
# Chassis vendor
|
||||
vendor: 'Dell'
|
||||
# Chassis model generation
|
||||
generation: '1'
|
||||
# Chassis model version
|
||||
hw_version: '2'
|
||||
# Certified BIOS version for this chassis
|
||||
bios_version: '2.2.3'
|
||||
# Boot mode. Supports 'bios' or 'uefi'
|
||||
boot_mode: 'bios'
|
||||
# How the node should be initially bootstrapped. Supports 'pxe'
|
||||
bootstrap_protocol: 'pxe'
|
||||
# What network interface to use for PXE booting
|
||||
# for chassis that support selection
|
||||
pxe_interface: '0'
|
||||
# Mapping of hardware alias/role to physical address
|
||||
device_aliases:
|
||||
# the device alias that will be referenced in HostProfile or BaremetalNode design parts
|
||||
- alias: 'pnic01'
|
||||
# The hardware bus the device resides on. Supports 'pci' and 'scsi'. No default
|
||||
bus_type: 'pci'
|
||||
# The type of device as reported by lshw. Can be used to validate hardware manifest. No default
|
||||
dev_type: 'Intel 10Gbps NIC'
|
||||
# Physical address on the bus
|
||||
address: '0000:00:03.0'
|
||||
---
|
||||
apiVersion: 'v1.0'
|
||||
kind: HostProfile
|
||||
metadata:
|
||||
name: lcp_node
|
||||
region: sitename
|
||||
date: 17-FEB-2017
|
||||
author: sh8121@att.com
|
||||
description: Describe server configuration attributes. Not a specific server, but profile adopted by a server definition
|
||||
spec:
|
||||
# The HostProfile this profile adopts initial state from. No default.
|
||||
# See drydock_provisioner/objects/readme.md for information on how HostProfile and BaremetalNode inheritance works
|
||||
host_profile: 'defaults'
|
||||
# The HardwareProfile describing the node hardware. No default.
|
||||
hardware_profile: 'DellR720v1'
|
||||
# OOB access to node
|
||||
oob:
|
||||
# Type of OOB access. Supports 'ipmi'
|
||||
type: 'ipmi'
|
||||
# Which network - as defined in a Network design part - to access the OOB interface on
|
||||
network: 'oob'
|
||||
# Account name for authenticating on the OOB interface
|
||||
account: 'admin'
|
||||
# Credential for authentication on the OOB interface. The OOB driver will interpret this.
|
||||
credential: 'admin'
|
||||
# How local node storage is configured
|
||||
storage:
|
||||
# How storage is laid out. Supports 'lvm' and 'flat'. Defaults to 'lvm'
|
||||
layout: 'lvm'
|
||||
# Configuration for the boot disk
|
||||
bootdisk:
|
||||
# Hardware disk (or hardware RAID device) used for booting. Can refer to a
|
||||
# HardwareProfile device alias or a explicit device name
|
||||
device: 'bootdisk'
|
||||
# Size of the root volume. Can be specified by percentage or explicit size in
|
||||
# megabytes or gigabytes. Defaults to 100% of boot device.
|
||||
root_size: '100g'
|
||||
# If a separate boot volume is needed, specify size. Defaults to 0 where /boot goes on root.
|
||||
boot_size: '0'
|
||||
# Non-boot volumes that should be carved out of local storage
|
||||
partitions:
|
||||
# Name of the volume. Doesn't translate to any operating system config
|
||||
name: 'logs'
|
||||
# Hardware device the volume should go on
|
||||
device: 'bootdisk'
|
||||
# Partition UUID. Defaults to None. A value of 'generate' means Drydock will generate a UUID
|
||||
part_uuid:
|
||||
# Size of the volume in megabytes or gigabytes
|
||||
size: '10g'
|
||||
# Filesystem mountpoint if volume should be a filesystem
|
||||
mountpoint: '/var/logs'
|
||||
# The below are ignored if mountpoint is None
|
||||
# Format of filesystem. Defaults to ext4
|
||||
fstype: 'ext4'
|
||||
# Mount options of the file system as used in /etc/fstab. Defaults to 'defaults'
|
||||
mount_options: 'defaults'
|
||||
# Filesystem UUID. Defaults to None. A value of 'generate' means Drydock will generate a UUID
|
||||
fs_uuid:
|
||||
# A filesystem label. Defaults to None
|
||||
fs_label:
|
||||
# Network name of the primary network (default gateway, DNS, etc...)
|
||||
primary_network: 'mgmt'
|
||||
# Physical and logical network interfaces
|
||||
interfaces:
|
||||
# What the interface should be named in the operating system. May not match a hardware device name
|
||||
device_name: bond0
|
||||
# The NetworkLink connected to this interface. Must be the name of a NetworkLink design part
|
||||
device_link: 'gp'
|
||||
# Hardware devices that support this interface. For configurating a physical device, this would be a list of one
|
||||
# For bonds, this would be a list of all the physical devices in the bond. These can refer to HardwareProfile device aliases
|
||||
# or explicit device names
|
||||
slaves:
|
||||
- 'pnic01'
|
||||
- 'pnic02'
|
||||
# Network that will be accessed on this interface. These should each be to the name of a Network design part
|
||||
# Multiple networks listed here assume that this interface is attached to a NetworkLink supporting trunking
|
||||
networks:
|
||||
- 'mgmt'
|
||||
- 'admin'
|
||||
# Settings for the platform (operating system)
|
||||
platform:
|
||||
# Which image to deploy on the node, must be available in the provisioner. Defaults to 'ubuntu/xenial'
|
||||
image:
|
||||
# Which kernel to enable. Defaults to generic, can also be hwe (hardware enablement)
|
||||
kernel: generic
|
||||
# K/V list of kernel parameters to configure on boot. No default. Use value of true for params that are just flags
|
||||
kernel_params:
|
||||
console: tty1
|
||||
quiet: true
|
||||
# Metadata about the node
|
||||
metadata:
|
||||
# Explicit tags to propagate to Kubernetes. Simple strings of any value
|
||||
tags:
|
||||
- 'lcp_node'
|
||||
# Key/value mapping that will propagate to the node for next-step bootstrapping
|
||||
owner_data:
|
||||
nic_access: 'sriov'
|
||||
# The rack a node sits in. Simple string
|
||||
rack: r1
|
||||
---
|
||||
apiVersion: 'v1.0'
|
||||
kind: BaremetalNode
|
||||
metadata:
|
||||
name: lcp_controller01
|
||||
region: sitename
|
||||
date: 17-FEB-2017
|
||||
author: sh8121@att.com
|
||||
description: Specify a physical server.
|
||||
spec:
|
||||
# The HostProfile this server adopts initial state from. No default.
|
||||
# See drydock_provisioner/objects/readme.md for information on how HostProfile and BaremetalNode inheritance works
|
||||
host_profile: 'defaults'
|
||||
# The HardwareProfile describing the node hardware. No default.
|
||||
hardware_profile: 'DellR720v1'
|
||||
# OOB access to node
|
||||
oob:
|
||||
# Type of OOB access. Supports 'ipmi'
|
||||
type: 'ipmi'
|
||||
# Which network - as defined in a Network design part - to access the OOB interface on
|
||||
network: 'oob'
|
||||
# Account name for authenticating on the OOB interface
|
||||
account: 'admin'
|
||||
# Credential for authentication on the OOB interface. The OOB driver will interpret this.
|
||||
credential: 'admin'
|
||||
# How local node storage is configured
|
||||
storage:
|
||||
# How storage is laid out. Supports 'lvm' and 'flat'. Defaults to 'lvm'
|
||||
layout: 'lvm'
|
||||
# Configuration for the boot disk
|
||||
bootdisk:
|
||||
# Hardware disk (or hardware RAID device) used for booting. Can refer to a
|
||||
# HardwareProfile device alias or a explicit device name
|
||||
device: 'bootdisk'
|
||||
# Size of the root volume. Can be specified by percentage or explicit size in
|
||||
# megabytes or gigabytes. Defaults to 100% of boot device.
|
||||
root_size: '100g'
|
||||
# If a separate boot volume is needed, specify size. Defaults to 0 where /boot goes on root.
|
||||
boot_size: '0'
|
||||
# Non-boot volumes that should be carved out of local storage
|
||||
partitions:
|
||||
# Name of the volume. Doesn't translate to any operating system config
|
||||
name: 'logs'
|
||||
# Hardware device the volume should go on
|
||||
device: 'bootdisk'
|
||||
# Partition UUID. Defaults to None. A value of 'generate' means Drydock will generate a UUID
|
||||
part_uuid:
|
||||
# Size of the volume in megabytes or gigabytes
|
||||
size: '10g'
|
||||
# Filesystem mountpoint if volume should be a filesystem
|
||||
mountpoint: '/var/logs'
|
||||
# The below are ignored if mountpoint is None
|
||||
# Format of filesystem. Defaults to ext4
|
||||
fstype: 'ext4'
|
||||
# Mount options of the file system as used in /etc/fstab. Defaults to 'defaults'
|
||||
mount_options: 'defaults'
|
||||
# Filesystem UUID. Defaults to None. A value of 'generate' means Drydock will generate a UUID
|
||||
fs_uuid:
|
||||
# A filesystem label. Defaults to None
|
||||
fs_label:
|
||||
# Physical and logical network interfaces
|
||||
interfaces:
|
||||
# What the interface should be named in the operating system. May not match a hardware device name
|
||||
- device_name: bond0
|
||||
# The NetworkLink connected to this interface. Must be the name of a NetworkLink design part
|
||||
device_link: 'gp'
|
||||
# Whether this interface is considered the primary interface on the server. Supports true and false. Defaults to false
|
||||
primary: true
|
||||
# Hardware devices that support this interface. For configurating a physical device, this would be a list of one
|
||||
# For bonds, this would be a list of all the physical devices in the bond. These can refer to HardwareProfile device aliases
|
||||
# or explicit device names
|
||||
slaves:
|
||||
- 'pnic01'
|
||||
- 'pnic02'
|
||||
# Network that will be accessed on this interface. These should each be to the name of a Network design part
|
||||
# Multiple networks listed here assume that this interface is attached to a NetworkLink supporting trunking
|
||||
networks:
|
||||
- 'mgmt'
|
||||
- 'admin'
|
||||
# Metadata about the node
|
||||
metadata:
|
||||
# Explicit tags to propagate to Kubernetes. Simple strings of any value
|
||||
tags:
|
||||
- 'lcp_node'
|
||||
# Key/value mapping that will propagate to the node for next-step bootstrapping
|
||||
owner_data:
|
||||
nic_access: 'sriov'
|
||||
# The rack a node sits in. Simple string
|
||||
rack: r1
|
||||
# How each attached network is accessed by this node
|
||||
addressing:
|
||||
# The name of a defined Network design part also listed in the 'networks' section of a interface definition
|
||||
- network: 'pxe'
|
||||
# Address should be an explicit IP address assignment or 'dhcp'
|
||||
address: 'dhcp'
|
||||
- network: 'mgmt'
|
||||
address: '172.16.1.83'
|
||||
...
|
@ -1,347 +0,0 @@
|
||||
[DEFAULT]
|
||||
|
||||
#
|
||||
# From drydock_provisioner
|
||||
#
|
||||
|
||||
# Polling interval in seconds for checking subtask or downstream status (integer
|
||||
# value)
|
||||
#poll_interval = 10
|
||||
|
||||
|
||||
[authentication]
|
||||
|
||||
#
|
||||
# From drydock_provisioner
|
||||
#
|
||||
|
||||
# Client request authentication strategy (string value)
|
||||
#auth_strategy = keystone
|
||||
|
||||
# X-Auth-Token value to bypass backend authentication (string value)
|
||||
#admin_token = bigboss
|
||||
|
||||
# Can backend authentication be bypassed? (boolean value)
|
||||
#bypass_enabled = false
|
||||
|
||||
|
||||
[bootdata]
|
||||
|
||||
#
|
||||
# From drydock_provisioner
|
||||
#
|
||||
|
||||
# Path to file to distribute for prom_init.sh (string value)
|
||||
#prom_init = /etc/drydock/bootdata/join.sh
|
||||
|
||||
|
||||
[keystone_authtoken]
|
||||
|
||||
#
|
||||
# From keystonemiddleware.auth_token
|
||||
#
|
||||
|
||||
# Complete "public" Identity API endpoint. This endpoint should not be an
|
||||
# "admin" endpoint, as it should be accessible by all end users. Unauthenticated
|
||||
# clients are redirected to this endpoint to authenticate. Although this
|
||||
# endpoint should ideally be unversioned, client support in the wild varies.
|
||||
# If you're using a versioned v2 endpoint here, then this should *not* be the
|
||||
# same endpoint the service user utilizes for validating tokens, because normal
|
||||
# end users may not be able to reach that endpoint. (string value)
|
||||
auth_uri = http://172.20.0.3:5000/v3
|
||||
|
||||
# API version of the admin Identity API endpoint. (string value)
|
||||
auth_version = 3
|
||||
|
||||
# Do not handle authorization requests within the middleware, but delegate the
|
||||
# authorization decision to downstream WSGI components. (boolean value)
|
||||
delay_auth_decision = true
|
||||
|
||||
# Request timeout value for communicating with Identity API server. (integer
|
||||
# value)
|
||||
#http_connect_timeout = <None>
|
||||
|
||||
# How many times are we trying to reconnect when communicating with Identity API
|
||||
# Server. (integer value)
|
||||
#http_request_max_retries = 3
|
||||
|
||||
# Request environment key where the Swift cache object is stored. When
|
||||
# auth_token middleware is deployed with a Swift cache, use this option to have
|
||||
# the middleware share a caching backend with swift. Otherwise, use the
|
||||
# ``memcached_servers`` option instead. (string value)
|
||||
#cache = <None>
|
||||
|
||||
# Required if identity server requires client certificate (string value)
|
||||
#certfile = <None>
|
||||
|
||||
# Required if identity server requires client certificate (string value)
|
||||
#keyfile = <None>
|
||||
|
||||
# A PEM encoded Certificate Authority to use when verifying HTTPs connections.
|
||||
# Defaults to system CAs. (string value)
|
||||
#cafile = <None>
|
||||
|
||||
# Verify HTTPS connections. (boolean value)
|
||||
#insecure = false
|
||||
|
||||
# The region in which the identity server can be found. (string value)
|
||||
#region_name = <None>
|
||||
|
||||
# Directory used to cache files related to PKI tokens. (string value)
|
||||
#signing_dir = <None>
|
||||
|
||||
# Optionally specify a list of memcached server(s) to use for caching. If left
|
||||
# undefined, tokens will instead be cached in-process. (list value)
|
||||
# Deprecated group/name - [keystone_authtoken]/memcache_servers
|
||||
#memcached_servers = <None>
|
||||
|
||||
# In order to prevent excessive effort spent validating tokens, the middleware
|
||||
# caches previously-seen tokens for a configurable duration (in seconds). Set to
|
||||
# -1 to disable caching completely. (integer value)
|
||||
#token_cache_time = 300
|
||||
|
||||
# Determines the frequency at which the list of revoked tokens is retrieved from
|
||||
# the Identity service (in seconds). A high number of revocation events combined
|
||||
# with a low cache duration may significantly reduce performance. Only valid for
|
||||
# PKI tokens. (integer value)
|
||||
#revocation_cache_time = 10
|
||||
|
||||
# (Optional) If defined, indicate whether token data should be authenticated or
|
||||
# authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
|
||||
# in the cache. If ENCRYPT, token data is encrypted and authenticated in the
|
||||
# cache. If the value is not one of these options or empty, auth_token will
|
||||
# raise an exception on initialization. (string value)
|
||||
# Allowed values: None, MAC, ENCRYPT
|
||||
#memcache_security_strategy = None
|
||||
|
||||
# (Optional, mandatory if memcache_security_strategy is defined) This string is
|
||||
# used for key derivation. (string value)
|
||||
#memcache_secret_key = <None>
|
||||
|
||||
# (Optional) Number of seconds memcached server is considered dead before it is
|
||||
# tried again. (integer value)
|
||||
#memcache_pool_dead_retry = 300
|
||||
|
||||
# (Optional) Maximum total number of open connections to every memcached server.
|
||||
# (integer value)
|
||||
#memcache_pool_maxsize = 10
|
||||
|
||||
# (Optional) Socket timeout in seconds for communicating with a memcached
|
||||
# server. (integer value)
|
||||
#memcache_pool_socket_timeout = 3
|
||||
|
||||
# (Optional) Number of seconds a connection to memcached is held unused in the
|
||||
# pool before it is closed. (integer value)
|
||||
#memcache_pool_unused_timeout = 60
|
||||
|
||||
# (Optional) Number of seconds that an operation will wait to get a memcached
|
||||
# client connection from the pool. (integer value)
|
||||
#memcache_pool_conn_get_timeout = 10
|
||||
|
||||
# (Optional) Use the advanced (eventlet safe) memcached client pool. The
|
||||
# advanced pool will only work under python 2.x. (boolean value)
|
||||
#memcache_use_advanced_pool = false
|
||||
|
||||
# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
|
||||
# middleware will not ask for service catalog on token validation and will not
|
||||
# set the X-Service-Catalog header. (boolean value)
|
||||
#include_service_catalog = true
|
||||
|
||||
# Used to control the use and type of token binding. Can be set to: "disabled"
|
||||
# to not check token binding. "permissive" (default) to validate binding
|
||||
# information if the bind type is of a form known to the server and ignore it if
|
||||
# not. "strict" like "permissive" but if the bind type is unknown the token will
|
||||
# be rejected. "required" any form of token binding is needed to be allowed.
|
||||
# Finally the name of a binding method that must be present in tokens. (string
|
||||
# value)
|
||||
#enforce_token_bind = permissive
|
||||
|
||||
# If true, the revocation list will be checked for cached tokens. This requires
|
||||
# that PKI tokens are configured on the identity server. (boolean value)
|
||||
#check_revocations_for_cached = false
|
||||
|
||||
# Hash algorithms to use for hashing PKI tokens. This may be a single algorithm
|
||||
# or multiple. The algorithms are those supported by Python standard
|
||||
# hashlib.new(). The hashes will be tried in the order given, so put the
|
||||
# preferred one first for performance. The result of the first hash will be
|
||||
# stored in the cache. This will typically be set to multiple values only while
|
||||
# migrating from a less secure algorithm to a more secure one. Once all the old
|
||||
# tokens are expired this option should be set to a single value for better
|
||||
# performance. (list value)
|
||||
#hash_algorithms = md5
|
||||
|
||||
# Authentication type to load (string value)
|
||||
# Deprecated group/name - [keystone_authtoken]/auth_plugin
|
||||
auth_type = password
|
||||
|
||||
# Config Section from which to load plugin specific options (string value)
|
||||
auth_section = keystone_authtoken_password
|
||||
|
||||
|
||||
[keystone_authtoken_password]
|
||||
|
||||
#
|
||||
# From drydock_provisioner
|
||||
#
|
||||
|
||||
# Authentication URL (string value)
|
||||
auth_url = http://172.20.0.3:5000/
|
||||
|
||||
# Domain ID to scope to (string value)
|
||||
#domain_id = <None>
|
||||
|
||||
# Domain name to scope to (string value)
|
||||
domain_name = ucp
|
||||
|
||||
# Project ID to scope to (string value)
|
||||
# Deprecated group/name - [keystone_authtoken_password]/tenant_id
|
||||
#project_id = <None>
|
||||
|
||||
# Project name to scope to (string value)
|
||||
# Deprecated group/name - [keystone_authtoken_password]/tenant_name
|
||||
project_name = service
|
||||
|
||||
# Domain ID containing project (string value)
|
||||
#project_domain_id = <None>
|
||||
|
||||
# Domain name containing project (string value)
|
||||
project_domain_name = ucp
|
||||
|
||||
# Trust ID (string value)
|
||||
#trust_id = <None>
|
||||
|
||||
# Optional domain ID to use with v3 and v2 parameters. It will be used for both
|
||||
# the user and project domain in v3 and ignored in v2 authentication. (string
|
||||
# value)
|
||||
#default_domain_id = <None>
|
||||
|
||||
# Optional domain name to use with v3 API and v2 parameters. It will be used for
|
||||
# both the user and project domain in v3 and ignored in v2 authentication.
|
||||
# (string value)
|
||||
default_domain_name = ucp
|
||||
|
||||
# User id (string value)
|
||||
#user_id = <None>
|
||||
|
||||
# Username (string value)
|
||||
# Deprecated group/name - [keystone_authtoken_password]/user_name
|
||||
#username = <None>
|
||||
user_name = drydock
|
||||
|
||||
# User's domain id (string value)
|
||||
#user_domain_id = <None>
|
||||
|
||||
# User's domain name (string value)
|
||||
user_domain_name = ucp
|
||||
|
||||
# User's password (string value)
|
||||
password = drydock
|
||||
|
||||
|
||||
[logging]
|
||||
|
||||
#
|
||||
# From drydock_provisioner
|
||||
#
|
||||
|
||||
# Global log level for Drydock (string value)
|
||||
#log_level = INFO
|
||||
|
||||
# Logger name for the top-level logger (string value)
|
||||
#global_logger_name = drydock
|
||||
|
||||
# Logger name for OOB driver logging (string value)
|
||||
#oobdriver_logger_name = ${global_logger_name}.oobdriver
|
||||
|
||||
# Logger name for Node driver logging (string value)
|
||||
#nodedriver_logger_name = ${global_logger_name}.nodedriver
|
||||
|
||||
# Logger name for API server logging (string value)
|
||||
#control_logger_name = ${global_logger_name}.control
|
||||
|
||||
|
||||
[maasdriver]
|
||||
|
||||
#
|
||||
# From drydock_provisioner
|
||||
#
|
||||
|
||||
# The API key for accessing MaaS (string value)
|
||||
#maas_api_key = <None>
|
||||
|
||||
# The URL for accessing MaaS API (string value)
|
||||
#maas_api_url = <None>
|
||||
|
||||
# Polling interval for querying MaaS status in seconds (integer value)
|
||||
#poll_interval = 10
|
||||
|
||||
|
||||
[oslo_policy]
|
||||
|
||||
#
|
||||
# From oslo.policy
|
||||
#
|
||||
|
||||
# The file that defines policies. (string value)
|
||||
#policy_file = policy.json
|
||||
|
||||
# Default rule. Enforced when a requested rule is not found. (string value)
|
||||
#policy_default_rule = default
|
||||
|
||||
# Directories where policy configuration files are stored. They can be relative
|
||||
# to any directory in the search path defined by the config_dir option, or
|
||||
# absolute paths. The file defined by policy_file must exist for these
|
||||
# directories to be searched. Missing or empty directories are ignored. (multi
|
||||
# valued)
|
||||
#policy_dirs = policy.d
|
||||
|
||||
|
||||
[plugins]
|
||||
|
||||
#
|
||||
# From drydock_provisioner
|
||||
#
|
||||
|
||||
# Module path string of a input ingester to enable (multi valued)
|
||||
#ingester = drydock_provisioner.ingester.plugins.yaml.YamlIngester
|
||||
|
||||
# Module path string of a OOB driver to enable (multi valued)
|
||||
#oob_driver = drydock_provisioner.drivers.oob.pyghmi_driver.PyghmiDriver
|
||||
|
||||
# Module path string of the Node driver to enable (string value)
|
||||
#node_driver = drydock_provisioner.drivers.node.maasdriver.driver.MaasNodeDriver
|
||||
|
||||
# Module path string of the Network driver enable (string value)
|
||||
#network_driver = <None>
|
||||
|
||||
|
||||
[timeouts]
|
||||
|
||||
#
|
||||
# From drydock_provisioner
|
||||
#
|
||||
|
||||
# Fallback timeout when a specific one is not configured (integer value)
|
||||
#drydock_timeout = 5
|
||||
|
||||
# Timeout in minutes for creating site network templates (integer value)
|
||||
#create_network_template = 2
|
||||
|
||||
# Timeout in minutes for creating user credentials (integer value)
|
||||
#configure_user_credentials = 2
|
||||
|
||||
# Timeout in minutes for initial node identification (integer value)
|
||||
#identify_node = 10
|
||||
|
||||
# Timeout in minutes for node commissioning and hardware configuration (integer
|
||||
# value)
|
||||
#configure_hardware = 30
|
||||
|
||||
# Timeout in minutes for configuring node networking (integer value)
|
||||
#apply_node_networking = 5
|
||||
|
||||
# Timeout in minutes for configuring node platform (integer value)
|
||||
#apply_node_platform = 5
|
||||
|
||||
# Timeout in minutes for deploying a node (integer value)
|
||||
#deploy_node = 45
|
@ -1,7 +0,0 @@
|
||||
# File Definition Examples
|
||||
|
||||
## designparts_v1.0.yaml
|
||||
|
||||
This is a reference file for the YAML schema supported by the Drydock YAML
|
||||
ingester. Each design part currently supported is listed with all supported
|
||||
attributes and comments on attribute use and restrictions.
|
@ -1,354 +0,0 @@
|
||||
---
|
||||
schema: armada/Chart/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: helm-toolkit
|
||||
data:
|
||||
chart_name: helm-toolkit
|
||||
release: helm-toolkit
|
||||
namespace: helm-toolkit
|
||||
timeout: 100
|
||||
values: {}
|
||||
source:
|
||||
type: git
|
||||
location: https://git.openstack.org/openstack/openstack-helm
|
||||
subpath: helm-toolkit
|
||||
reference: master
|
||||
dependencies: []
|
||||
---
|
||||
schema: armada/Chart/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ceph
|
||||
data:
|
||||
chart_name: ceph
|
||||
release: ceph
|
||||
namespace: ceph
|
||||
timeout: 3600
|
||||
install:
|
||||
no_hooks: false
|
||||
upgrade:
|
||||
no_hooks: false
|
||||
values:
|
||||
manifests_enabled:
|
||||
client_secrets: false
|
||||
bootstrap:
|
||||
enabled: true
|
||||
network:
|
||||
public: ${CEPH_PUBLIC_NET}
|
||||
cluster: ${CEPH_CLUSTER_NET}
|
||||
endpoints:
|
||||
fqdn: ceph.svc.cluster.local
|
||||
conf:
|
||||
ceph:
|
||||
config:
|
||||
global:
|
||||
mon_host: ceph-mon.ceph.svc.cluster.local
|
||||
source:
|
||||
type: git
|
||||
location: ${CEPH_CHART_REPO}
|
||||
subpath: ceph
|
||||
reference: ${CEPH_CHART_BRANCH}
|
||||
dependencies:
|
||||
- helm-toolkit
|
||||
---
|
||||
schema: armada/Chart/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp-ceph-config
|
||||
data:
|
||||
chart_name: ucp-ceph-config
|
||||
release: ucp-ceph-config
|
||||
namespace: ucp
|
||||
timeout: 3600
|
||||
install:
|
||||
no_hooks: false
|
||||
upgrade:
|
||||
no_hooks: false
|
||||
values:
|
||||
ceph:
|
||||
namespace: ceph
|
||||
manifests_enabled:
|
||||
deployment: False
|
||||
storage_secrets: False
|
||||
rbd_provisioner: False
|
||||
network:
|
||||
public: ${CEPH_PUBLIC_NET}
|
||||
cluster: ${CEPH_CLUSTER_NET}
|
||||
endpoints:
|
||||
fqdn: ceph.svc.cluster.local
|
||||
conf:
|
||||
ceph:
|
||||
config:
|
||||
global:
|
||||
mon_host: ceph-mon.ceph.svc.cluster.local
|
||||
source:
|
||||
type: git
|
||||
location: ${CEPH_CHART_REPO}
|
||||
subpath: ceph
|
||||
reference: ${CEPH_CHART_BRANCH}
|
||||
dependencies:
|
||||
- helm-toolkit
|
||||
---
|
||||
schema: armada/Chart/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp-mariadb
|
||||
data:
|
||||
chart_name: ucp-mariadb
|
||||
release: ucp-mariadb
|
||||
namespace: ucp
|
||||
install:
|
||||
no_hooks: false
|
||||
upgrade:
|
||||
no_hooks: false
|
||||
values:
|
||||
labels:
|
||||
node_selector_key: ucp-control-plane
|
||||
node_selector_value: enabled
|
||||
source:
|
||||
type: git
|
||||
location: https://git.openstack.org/openstack/openstack-helm
|
||||
subpath: mariadb
|
||||
dependencies:
|
||||
- helm-toolkit
|
||||
---
|
||||
schema: armada/Chart/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp-memcached
|
||||
data:
|
||||
chart_name: ucp-memcached
|
||||
release: ucp-memcached
|
||||
namespace: ucp
|
||||
install:
|
||||
no_hooks: false
|
||||
upgrade:
|
||||
no_hooks: false
|
||||
values:
|
||||
labels:
|
||||
node_selector_key: ucp-control-plane
|
||||
node_selector_value: enabled
|
||||
source:
|
||||
type: git
|
||||
location: https://git.openstack.org/openstack/openstack-helm
|
||||
subpath: memcached
|
||||
dependencies:
|
||||
- helm-toolkit
|
||||
---
|
||||
schema: armada/Chart/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp-keystone
|
||||
data:
|
||||
chart_name: ucp-keystone
|
||||
release: keystone
|
||||
namespace: ucp
|
||||
install:
|
||||
no_hooks: false
|
||||
upgrade:
|
||||
no_hooks: false
|
||||
pre:
|
||||
delete:
|
||||
- name: keystone-db-sync
|
||||
type: job
|
||||
labels:
|
||||
- job-name: keystone-db-sync
|
||||
- name: keystone-db-init
|
||||
type: job
|
||||
labels:
|
||||
- job-name: keystone-db-init
|
||||
post:
|
||||
delete: []
|
||||
create: []
|
||||
values:
|
||||
conf:
|
||||
keystone:
|
||||
override:
|
||||
paste:
|
||||
override:
|
||||
replicas: 2
|
||||
labels:
|
||||
node_selector_key: ucp-control-plane
|
||||
node_selector_value: enabled
|
||||
source:
|
||||
type: git
|
||||
location: https://git.openstack.org/openstack/openstack-helm
|
||||
subpath: keystone
|
||||
dependencies:
|
||||
- helm-toolkit
|
||||
---
|
||||
schema: armada/Chart/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: maas-postgresql
|
||||
data:
|
||||
chart_name: maas-postgresql
|
||||
release: maas-postgresql
|
||||
namespace: ucp
|
||||
install:
|
||||
no_hooks: false
|
||||
upgrade:
|
||||
no_hooks: false
|
||||
pre:
|
||||
delete: []
|
||||
create: []
|
||||
post:
|
||||
delete: []
|
||||
create: []
|
||||
values:
|
||||
development:
|
||||
enabled: false
|
||||
labels:
|
||||
node_selector_key: ucp-control-plane
|
||||
node_selector_value: enabled
|
||||
source:
|
||||
type: git
|
||||
location: https://git.openstack.org/openstack/openstack-helm-addons
|
||||
subpath: postgresql
|
||||
reference: master
|
||||
dependencies: []
|
||||
---
|
||||
schema: armada/Chart/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: maas
|
||||
data:
|
||||
chart_name: maas
|
||||
release: maas
|
||||
namespace: ucp
|
||||
install:
|
||||
no_hooks: false
|
||||
upgrade:
|
||||
no_hooks: false
|
||||
values:
|
||||
bootdata_url: http://${DRYDOCK_NODE_IP}:${DRYDOCK_NODE_PORT}/api/v1.0/bootdata/
|
||||
labels:
|
||||
rack:
|
||||
node_selector_key: ucp-control-plane
|
||||
node_selector_value: enabled
|
||||
region:
|
||||
node_selector_key: ucp-control-plane
|
||||
node_selector_value: enabled
|
||||
network:
|
||||
proxy:
|
||||
node_port:
|
||||
enabled: true
|
||||
port: 31800
|
||||
gui:
|
||||
node_port:
|
||||
enabled: true
|
||||
port: 31900
|
||||
conf:
|
||||
maas:
|
||||
credentials:
|
||||
secret:
|
||||
namespace: ucp
|
||||
url:
|
||||
maas_url: http://${MAAS_NODE_IP}:${MAAS_NODE_PORT}/MAAS
|
||||
proxy:
|
||||
enabled: '${PROXY_ENABLED}'
|
||||
server: ${PROXY_ADDRESS}
|
||||
ntp:
|
||||
servers: ntp.ubuntu.com
|
||||
dns:
|
||||
upstream_servers: 8.8.8.8
|
||||
secrets:
|
||||
maas_region:
|
||||
value: 3858a12230ac3c915f300c664f12063f
|
||||
source:
|
||||
type: git
|
||||
location: ${MAAS_CHART_REPO}
|
||||
subpath: maas
|
||||
reference: ${MAAS_CHART_BRANCH}
|
||||
dependencies:
|
||||
- helm-toolkit
|
||||
---
|
||||
schema: armada/Chart/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: drydock
|
||||
data:
|
||||
chart_name: drydock
|
||||
release: drydock
|
||||
namespace: ucp
|
||||
install:
|
||||
no_hooks: false
|
||||
upgrade:
|
||||
no_hooks: false
|
||||
values:
|
||||
images:
|
||||
drydock: ${DRYDOCK_IMAGE}
|
||||
labels:
|
||||
node_selector_key: ucp-control-plane
|
||||
node_selector_value: enabled
|
||||
network:
|
||||
drydock:
|
||||
node_port:
|
||||
enabled: true
|
||||
port: ${DRYDOCK_NODE_PORT}
|
||||
conf:
|
||||
drydock:
|
||||
maasdriver:
|
||||
drydock_provisioner:
|
||||
maas_api_url: http://${MAAS_NODE_IP}:${MAAS_NODE_PORT}/MAAS/api/2.0/
|
||||
source:
|
||||
type: git
|
||||
location: ${DRYDOCK_CHART_REPO}
|
||||
subpath: drydock
|
||||
reference: ${DRYDOCK_CHART_BRANCH}
|
||||
dependencies:
|
||||
- helm-toolkit
|
||||
---
|
||||
schema: armada/Manifest/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp-basic
|
||||
data:
|
||||
release_prefix: armada-ucp
|
||||
chart_groups:
|
||||
- ceph
|
||||
- ceph-bootstrap
|
||||
- ucp-infra
|
||||
- ucp-services
|
||||
---
|
||||
schema: armada/ChartGroup/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ceph
|
||||
data:
|
||||
description: 'Storage Backend'
|
||||
chart_group:
|
||||
- ceph
|
||||
---
|
||||
schema: armada/ChartGroup/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ceph-bootstrap
|
||||
data:
|
||||
description: 'Storage Backend Config'
|
||||
chart_group:
|
||||
- ucp-ceph-config
|
||||
---
|
||||
schema: armada/ChartGroup/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp-infra
|
||||
data:
|
||||
description: 'UCP Infrastructure'
|
||||
chart_group:
|
||||
- ucp-mariadb
|
||||
- ucp-memcached
|
||||
- maas-postgresql
|
||||
---
|
||||
schema: armada/ChartGroup/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp-services
|
||||
data:
|
||||
description: 'UCP Services'
|
||||
chart_group:
|
||||
- maas
|
||||
- drydock
|
||||
- ucp-keystone
|
||||
...
|
@ -1,349 +0,0 @@
|
||||
#Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
---
|
||||
# Site/Region wide definitions. Each design part will be a constituent
|
||||
# of the design for exactly one Region
|
||||
apiVersion: 'drydock/v1'
|
||||
kind: Region
|
||||
metadata:
|
||||
name: atl_foundry
|
||||
date: 17-FEB-2017
|
||||
description: Sample site design
|
||||
author: sh8121@att.com
|
||||
spec:
|
||||
# List of query-based definitions for applying tags to deployed nodes
|
||||
tag_definitions:
|
||||
- tag: 'high_memory'
|
||||
# Tag to apply to nodes that qualify for the query
|
||||
definition_type: 'lshw_xpath'
|
||||
# Only support on type for now - 'lshw_xpath' used by MaaS
|
||||
definition: //node[@id="memory"]/'size units="bytes"' > 137438953472
|
||||
# an xpath query that is run against the output of 'lshw -xml' from the node
|
||||
# Image and package repositories needed by Drydock drivers. Needs to be defined
|
||||
repositories:
|
||||
- name: 'ubuntu-main'
|
||||
authorized_keys:
|
||||
- |
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAgqUTJwZEMjZCWOnXQw+FFdvnf/lYrGXm01
|
||||
rf/ZYUanoymkMWIK1/c8a3Ez9/HY3dyfWBcuzlIV4bNCvJcMg4UPuh6NQBJWAlfp7wfW9O
|
||||
8ZyDE3x1FYno5u3OB4rRDcvKe6J0ygPcu4Uec5ASsd58yGnE4zTl1D/J30rNa00si+s= r
|
||||
sa-key-20120124
|
||||
---
|
||||
apiVersion: 'drydock/v1'
|
||||
kind: NetworkLink
|
||||
metadata:
|
||||
name: oob
|
||||
region: atl_foundry
|
||||
date: 17-FEB-2017
|
||||
author: sh8121@att.com
|
||||
description: Describe layer 1 attributes. Primary key is 'name'. These settings will generally be things the switch and server have to agree on
|
||||
labels:
|
||||
- 'noconfig'
|
||||
spec:
|
||||
bonding:
|
||||
# Mode can be 'disabled', '802.3ad', 'balanced-rr', 'active-backup'. Defaults to disabled
|
||||
mode: 'disabled'
|
||||
# Physical link default MTU size. No default
|
||||
mtu: 1500
|
||||
# Physical link speed. Supports 'auto', '100full'. Gigabit+ speeds require auto. No default
|
||||
linkspeed: 'auto'
|
||||
# Settings for using a link for multiple L2 networks
|
||||
trunking:
|
||||
# Trunking mode. Supports 'disabled', '802.1q'. Defaults to disabled
|
||||
mode: disabled
|
||||
# If disabled, what network is this port on. If '802.1q' what is the default network for the port. No default.
|
||||
default_network: oob
|
||||
allowed_networks:
|
||||
- 'oob'
|
||||
---
|
||||
apiVersion: 'drydock/v1'
|
||||
kind: NetworkLink
|
||||
metadata:
|
||||
name: pxe
|
||||
region: atl_foundry
|
||||
date: 17-FEB-2017
|
||||
author: sh8121@att.com
|
||||
description: Describe layer 1 attributes. Primary key is 'name'. These settings will generally be things the switch and server have to agree on
|
||||
spec:
|
||||
bonding:
|
||||
# Mode can be 'disabled', '802.3ad', 'balanced-rr', 'active-backup'. Defaults to disabled
|
||||
mode: 'disabled'
|
||||
# Physical link default MTU size. No default
|
||||
mtu: 1500
|
||||
# Physical link speed. Supports 'auto', '100full'. Gigabit+ speeds require auto. No default
|
||||
linkspeed: 'auto'
|
||||
# Settings for using a link for multiple L2 networks
|
||||
trunking:
|
||||
# Trunking mode. Supports 'disabled', '802.1q'. Defaults to disabled
|
||||
mode: disabled
|
||||
# If disabled, what network is this port on. If '802.1q' what is the default network for the port. No default.
|
||||
default_network: pxe
|
||||
allowed_networks:
|
||||
- 'pxe'
|
||||
---
|
||||
apiVersion: 'drydock/v1'
|
||||
kind: Network
|
||||
metadata:
|
||||
name: oob
|
||||
region: atl_foundry
|
||||
date: 17-FEB-2017
|
||||
author: sh8121@att.com
|
||||
description: Describe layer 2 and 3 attributes. Primary key is 'name'.
|
||||
labels:
|
||||
- 'noconfig'
|
||||
spec:
|
||||
# CIDR representation of network number and netmask
|
||||
cidr: '172.24.10.0/24'
|
||||
# How addresses are allocated on the network. Supports 'static', 'dhcp'. Defaults to 'static'
|
||||
allocation: 'static'
|
||||
---
|
||||
apiVersion: 'drydock/v1'
|
||||
kind: Network
|
||||
metadata:
|
||||
name: pxe-rack1
|
||||
region: atl_foundry
|
||||
date: 17-FEB-2017
|
||||
author: sh8121@att.com
|
||||
description: Describe layer 2 and 3 attributes. Primary key is 'name'.
|
||||
spec:
|
||||
# CIDR representation of network number and netmask
|
||||
cidr: '172.24.1.0/24'
|
||||
# How addresses are allocated on the network. Supports 'static', 'dhcp'. Defaults to 'static'
|
||||
allocation: 'static'
|
||||
routes:
|
||||
# The network being routed to in CIDR notation. Default gateway is 0.0.0.0/0.
|
||||
- subnet: '0.0.0.0/0'
|
||||
# Next hop for traffic using this route
|
||||
gateway: '172.24.1.1'
|
||||
# Selection metric for the host selecting this route. No default
|
||||
metric: 100
|
||||
ranges:
|
||||
# Type of range. Supports 'reserved', 'static' or 'dhcp'. No default
|
||||
- type: 'reserved'
|
||||
# Start of the address range, inclusive. No default
|
||||
start: '172.24.1.1'
|
||||
# End of the address range, inclusive. No default
|
||||
end: '172.24.1.100'
|
||||
- type: 'dhcp'
|
||||
start: '172.24.1.200'
|
||||
end: '172.24.1.250'
|
||||
---
|
||||
apiVersion: 'drydock/v1'
|
||||
kind: Network
|
||||
metadata:
|
||||
name: pxe-rack2
|
||||
region: atl_foundry
|
||||
date: 17-FEB-2017
|
||||
author: sh8121@att.com
|
||||
description: Describe layer 2 and 3 attributes. Primary key is 'name'.
|
||||
spec:
|
||||
# CIDR representation of network number and netmask
|
||||
cidr: '172.24.2.0/24'
|
||||
# How addresses are allocated on the network. Supports 'static', 'dhcp'. Defaults to 'static'
|
||||
allocation: 'static'
|
||||
routes:
|
||||
# The network being routed to in CIDR notation. Default gateway is 0.0.0.0/0.
|
||||
- subnet: '0.0.0.0/0'
|
||||
# Next hop for traffic using this route
|
||||
gateway: '172.24.2.1'
|
||||
# Selection metric for the host selecting this route. No default
|
||||
metric: 100
|
||||
ranges:
|
||||
# Type of range. Supports 'reserved', 'static' or 'dhcp'. No default
|
||||
- type: 'reserved'
|
||||
# Start of the address range, inclusive. No default
|
||||
start: '172.24.2.1'
|
||||
# End of the address range, inclusive. No default
|
||||
end: '172.24.2.100'
|
||||
- type: 'dhcp'
|
||||
start: '172.24.2.200'
|
||||
end: '172.24.2.250'
|
||||
---
|
||||
apiVersion: 'drydock/v1'
|
||||
kind: HardwareProfile
|
||||
metadata:
|
||||
name: DellR820v1
|
||||
region: atl_foundry
|
||||
date: 17-FEB-2017
|
||||
author: sh8121@att.com
|
||||
description: Describe server hardware attributes. Not a specific server, but profile adopted by a server defintion.
|
||||
spec:
|
||||
# Chassis vendor
|
||||
vendor: 'Dell'
|
||||
# Chassis model generation
|
||||
generation: '1'
|
||||
# Chassis model version
|
||||
hw_version: '2'
|
||||
# Certified BIOS version for this chassis
|
||||
bios_version: '2.2.3'
|
||||
# Boot mode. Supports 'bios' or 'uefi'
|
||||
boot_mode: 'bios'
|
||||
# How the node should be initially bootstrapped. Supports 'pxe'
|
||||
bootstrap_protocol: 'pxe'
|
||||
# What network interface to use for PXE booting
|
||||
# for chassis that support selection
|
||||
pxe_interface: '0'
|
||||
# Mapping of hardware alias/role to physical address
|
||||
device_aliases:
|
||||
# the device alias that will be referenced in HostProfile or BaremetalNode design parts
|
||||
- alias: 'pnic01'
|
||||
# The hardware bus the device resides on. Supports 'pci' and 'scsi'. No default
|
||||
bus_type: 'pci'
|
||||
# The type of device as reported by lshw. Can be used to validate hardware manifest. No default
|
||||
dev_type: 'Intel 10Gbps NIC'
|
||||
# Physical address on the bus
|
||||
address: '0000:00:03.0'
|
||||
---
|
||||
apiVersion: 'drydock/v1'
|
||||
kind: HostProfile
|
||||
metadata:
|
||||
name: defaults
|
||||
region: atl_foundry
|
||||
date: 17-FEB-2017
|
||||
author: sh8121@att.com
|
||||
description: Specify a physical server.
|
||||
spec:
|
||||
# The HardwareProfile describing the node hardware. No default.
|
||||
hardware_profile: 'DellR820v1'
|
||||
primary_network: 'pxe'
|
||||
# OOB access to node
|
||||
oob:
|
||||
# Type of OOB access. Supports 'ipmi'
|
||||
type: 'ipmi'
|
||||
# Which network - as defined in a Network design part - to access the OOB interface on
|
||||
network: 'oob'
|
||||
# Account name for authenticating on the OOB interface
|
||||
account: 'root'
|
||||
# Credential for authentication on the OOB interface. The OOB driver will interpret this.
|
||||
credential: 'calvin'
|
||||
# How local node storage is configured
|
||||
storage:
|
||||
# How storage is laid out. Supports 'lvm' and 'flat'. Defaults to 'lvm'
|
||||
layout: 'lvm'
|
||||
# Configuration for the boot disk
|
||||
bootdisk:
|
||||
# Hardware disk (or hardware RAID device) used for booting. Can refer to a
|
||||
# HardwareProfile device alias or a explicit device name
|
||||
device: 'bootdisk'
|
||||
# Size of the root volume. Can be specified by percentage or explicit size in
|
||||
# megabytes or gigabytes. Defaults to 100% of boot device.
|
||||
root_size: '100g'
|
||||
# If a separate boot volume is needed, specify size. Defaults to 0 where /boot goes on root.
|
||||
boot_size: '0'
|
||||
# Non-boot volumes that should be carved out of local storage
|
||||
partitions:
|
||||
# Name of the volume. Doesn't translate to any operating system config
|
||||
- name: 'logs'
|
||||
# Hardware device the volume should go on
|
||||
device: 'bootdisk'
|
||||
# Partition UUID. Defaults to None. A value of 'generate' means Drydock will generate a UUID
|
||||
part_uuid:
|
||||
# Size of the volume in megabytes or gigabytes
|
||||
size: '10g'
|
||||
# Filesystem mountpoint if volume should be a filesystem
|
||||
mountpoint: '/var/logs'
|
||||
# The below are ignored if mountpoint is None
|
||||
# Format of filesystem. Defaults to ext4
|
||||
fstype: 'ext4'
|
||||
# Mount options of the file system as used in /etc/fstab. Defaults to 'defaults'
|
||||
mount_options: 'defaults'
|
||||
# Filesystem UUID. Defaults to None. A value of 'generate' means Drydock will generate a UUID
|
||||
fs_uuid:
|
||||
# A filesystem label. Defaults to None
|
||||
fs_label:
|
||||
# Physical and logical network interfaces
|
||||
interfaces:
|
||||
# What the interface should be named in the operating system. May not match a hardware device name
|
||||
- device_name: 'eno1'
|
||||
# The NetworkLink connected to this interface. Must be the name of a NetworkLink design part
|
||||
device_link: 'pxe'
|
||||
# Hardware devices that support this interface. For configurating a physical device, this would be a list of one
|
||||
# For bonds, this would be a list of all the physical devices in the bond. These can refer to HardwareProfile device aliases
|
||||
# or explicit device names
|
||||
slaves:
|
||||
- 'eno1'
|
||||
# Network that will be accessed on this interface. These should each be to the name of a Network design part
|
||||
# Multiple networks listed here assume that this interface is attached to a NetworkLink supporting trunking
|
||||
networks:
|
||||
- 'pxe'
|
||||
platform:
|
||||
# Which image to deploy on the node, must be available in the provisioner. Defaults to 'ubuntu/xenial'
|
||||
image: 'ubuntu/xenial'
|
||||
# Which kernel to enable. Defaults to generic, can also be hwe (hardware enablement)
|
||||
kernel: 'generic'
|
||||
# K/V list of kernel parameters to configure on boot. No default. Use value of true for params that are just flags
|
||||
metadata:
|
||||
# Explicit tags to propagate to Kubernetes. Simple strings of any value
|
||||
rack: cab23
|
||||
---
|
||||
apiVersion: 'drydock/v1'
|
||||
kind: BaremetalNode
|
||||
metadata:
|
||||
name: cab23-r720-16
|
||||
region: atl_foundry
|
||||
date: 17-FEB-2017
|
||||
author: sh8121@att.com
|
||||
description: Specify a physical server.
|
||||
spec:
|
||||
host_profile: defaults
|
||||
addressing:
|
||||
# The name of a defined Network design part also listed in the 'networks' section of a interface definition
|
||||
- network: 'pxe'
|
||||
# Address should be an explicit IP address assignment or 'dhcp'
|
||||
address: '10.23.19.116'
|
||||
- network: 'oob'
|
||||
address: '10.23.104.16'
|
||||
metadata:
|
||||
tags:
|
||||
- 'masters'
|
||||
---
|
||||
apiVersion: 'drydock/v1'
|
||||
kind: BaremetalNode
|
||||
metadata:
|
||||
name: cab23-r720-17
|
||||
region: atl_foundry
|
||||
date: 17-FEB-2017
|
||||
author: sh8121@att.com
|
||||
description: Specify a physical server.
|
||||
spec:
|
||||
host_profile: defaults
|
||||
addressing:
|
||||
# The name of a defined Network design part also listed in the 'networks' section of a interface definition
|
||||
- network: 'pxe'
|
||||
# Address should be an explicit IP address assignment or 'dhcp'
|
||||
address: '10.23.19.117'
|
||||
- network: 'oob'
|
||||
address: '10.23.104.17'
|
||||
metadata:
|
||||
tags:
|
||||
- 'masters'
|
||||
---
|
||||
apiVersion: 'drydock/v1'
|
||||
kind: BaremetalNode
|
||||
metadata:
|
||||
name: cab23-r720-19
|
||||
region: atl_foundry
|
||||
date: 17-FEB-2017
|
||||
author: sh8121@att.com
|
||||
description: Specify a physical server.
|
||||
spec:
|
||||
host_profile: defaults
|
||||
addressing:
|
||||
# The name of a defined Network design part also listed in the 'networks' section of a interface definition
|
||||
- network: 'pxe'
|
||||
# Address should be an explicit IP address assignment or 'dhcp'
|
||||
address: '10.23.19.119'
|
||||
- network: 'oob'
|
||||
address: '10.23.104.19'
|
||||
...
|
@ -1,62 +0,0 @@
|
||||
# Setup fake IPMI network
|
||||
ip link add oob-br type bridge
|
||||
ip link set dev oob-br up
|
||||
|
||||
# Setup rack 1 PXE network
|
||||
ip link add pxe1-br type bridge
|
||||
ip link set dev pxe1-br up
|
||||
|
||||
# Setup rack 2 PXE network
|
||||
ip link add pxe2-br type bridge
|
||||
ip link set dev pxe2-br up
|
||||
|
||||
# Setup interface to hold all IP addresses for vbmc instances
|
||||
ip link add dev oob-if type veth peer name oob-ifp
|
||||
ip link set dev oob-ifp up master oob-br
|
||||
ip link set dev oob-if up arp on
|
||||
|
||||
# Setup rack 1 PXE gateway
|
||||
ip link add dev pxe1-if type veth peer name pxe1-ifp
|
||||
ip link set dev pxe1-ifp up master pxe1-br
|
||||
ip link set dev pxe1-if up arp on
|
||||
ip addr add 172.24.1.1/24 dev pxe1-if
|
||||
|
||||
# Setup rack 2 PXE gateway
|
||||
ip link add dev pxe2-if type veth peer name pxe2-ifp
|
||||
ip link set dev pxe2-ifp up master pxe2-br
|
||||
ip link set dev pxe2-if up arp on
|
||||
ip addr add 172.24.2.1/24 dev pxe2-if
|
||||
|
||||
# Setup fake IPMI interfaces and vbmc instances
|
||||
ip addr add 172.24.10.101/24 dev oob-if
|
||||
vbmc add --address 172.24.10.101 node2
|
||||
ip addr add 172.24.10.102/24 dev oob-if
|
||||
vbmc add --address 172.24.10.102 node3
|
||||
|
||||
vbmc start
|
||||
|
||||
# Setup rules for IP forwarding on PXE networks
|
||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
|
||||
iptables -t nat -A POSTROUTING -o extbr -j MASQUERADE
|
||||
|
||||
iptables -A FORWARD -i extbr -o pxe1-if -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
iptables -A FORWARD -i pxe1-if -o extbr -j ACCEPT
|
||||
iptables -A FORWARD -i extbr -o pxe2-if -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
iptables -A FORWARD -i pxe2-if -o extbr -j ACCEPT
|
||||
|
||||
# Setup external ssh access to genesis VM
|
||||
iptables -t nat -A PREROUTING -p tcp -d 10.23.19.16 --dport 2222 -j DNAT --to-destination 172.24.1.100:22
|
||||
|
||||
# Node1 - Genesis
|
||||
# PXE1 - 172.24.1.100/24
|
||||
# OOB - 172.24.10.100/24
|
||||
|
||||
# Node2 - Master
|
||||
# PXE1 - 172.24.1.101/24
|
||||
# vbmc - 172.24.10.101/24
|
||||
|
||||
# Node3 - Master
|
||||
# PXE2 - 172.24.2.101/24
|
||||
# vbmc - 172.24.10.102/24
|
||||
|
@ -1,82 +0,0 @@
|
||||
---
|
||||
apiVersion: promenade/v1
|
||||
kind: Cluster
|
||||
metadata:
|
||||
name: example
|
||||
target: none
|
||||
spec:
|
||||
nodes:
|
||||
${GENESIS_NODE_NAME}:
|
||||
ip: ${GENESIS_NODE_IP}
|
||||
roles:
|
||||
- master
|
||||
- genesis
|
||||
additional_labels:
|
||||
- beta.kubernetes.io/arch=amd64
|
||||
- ucp-control-plane=enabled
|
||||
- ceph-mon=enabled
|
||||
- ceph-osd=enabled
|
||||
- ceph-mds=enabled
|
||||
${MASTER_NODE_NAME}:
|
||||
ip: ${MASTER_NODE_IP}
|
||||
roles:
|
||||
- master
|
||||
additional_labels:
|
||||
- beta.kubernetes.io/arch=amd64
|
||||
- ucp-control-plane=enabled
|
||||
- ceph-mon=enabled
|
||||
- ceph-osd=enabled
|
||||
- ceph-mds=enabled
|
||||
---
|
||||
apiVersion: promenade/v1
|
||||
kind: Network
|
||||
metadata:
|
||||
cluster: example
|
||||
name: example
|
||||
target: all
|
||||
spec:
|
||||
cluster_domain: cluster.local
|
||||
cluster_dns: 10.96.0.10
|
||||
kube_service_ip: 10.96.0.1
|
||||
pod_ip_cidr: 10.97.0.0/16
|
||||
service_ip_cidr: 10.96.0.0/16
|
||||
calico_etcd_service_ip: 10.96.232.136
|
||||
calico_interface: ${NODE_NET_IFACE}
|
||||
dns_servers:
|
||||
- 8.8.8.8
|
||||
- 8.8.4.4
|
||||
---
|
||||
apiVersion: promenade/v1
|
||||
kind: Versions
|
||||
metadata:
|
||||
cluster: example
|
||||
name: example
|
||||
target: all
|
||||
spec:
|
||||
images:
|
||||
armada: ${ARMADA_IMAGE}
|
||||
calico:
|
||||
cni: quay.io/calico/cni:v1.9.1
|
||||
etcd: quay.io/coreos/etcd:v3.2.1
|
||||
node: quay.io/calico/node:v1.3.0
|
||||
policy-controller: quay.io/calico/kube-policy-controller:v0.6.0
|
||||
kubernetes:
|
||||
apiserver: gcr.io/google_containers/hyperkube-amd64:v1.6.7
|
||||
controller-manager: quay.io/attcomdev/kube-controller-manager:v1.6.7
|
||||
dns:
|
||||
dnsmasq: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.2
|
||||
kubedns: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.2
|
||||
sidecar: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.2
|
||||
etcd: quay.io/coreos/etcd:v3.2.1
|
||||
kubectl: gcr.io/google_containers/hyperkube-amd64:v1.6.7
|
||||
proxy: gcr.io/google_containers/hyperkube-amd64:v1.6.7
|
||||
scheduler: gcr.io/google_containers/hyperkube-amd64:v1.6.7
|
||||
promenade: ${PROMENADE_IMAGE}
|
||||
tiller: gcr.io/kubernetes-helm/tiller:v2.5.0
|
||||
packages:
|
||||
docker: docker.io=1.12.6-0ubuntu1~16.04.1
|
||||
dnsmasq: dnsmasq=2.75-1ubuntu0.16.04.2
|
||||
socat: socat=1.7.3.1-1
|
||||
additional_packages:
|
||||
- ceph-common=10.2.7-0ubuntu0.16.04.1
|
||||
...
|
@ -1,16 +0,0 @@
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1alpha1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: generous-permissions
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
subjects:
|
||||
- kind: Group
|
||||
name: system:masters
|
||||
- kind: Group
|
||||
name: system:authenticated
|
||||
- kind: Group
|
||||
name: system:unauthenticated
|
@ -1,9 +0,0 @@
|
||||
export CEPH_CLUSTER_NET=172.24.1.0/24
|
||||
export CEPH_PUBLIC_NET=172.24.1.0/24
|
||||
export GENESIS_NODE_IP=172.24.1.100
|
||||
export MASTER_NODE_IP=172.24.1.101
|
||||
export NODE_NET_IFACE=ens3
|
||||
export CEPH_CHART_REPO=https://github.com/sh8121att/helm_charts
|
||||
export DRYDOCK_CHART_REPO=https://github.com/sh8121att/helm_charts
|
||||
export MAAS_CHART_REPO=https://github.com/sh8121att/helm_charts
|
||||
export DRYDOCK_IMAGE=docker.io/sthussey/drydock:latest
|
@ -1,128 +0,0 @@
|
||||
#/bin/bash
|
||||
|
||||
set -x
|
||||
|
||||
# Check that we are root
|
||||
if [[ $(whoami) != "root" ]]
|
||||
then
|
||||
echo "Must be root to run $0"
|
||||
exit -1
|
||||
fi
|
||||
|
||||
# Install docker
|
||||
apt -qq update
|
||||
apt -y install docker.io jq
|
||||
|
||||
# Setup environmental variables
|
||||
# with stable defaults
|
||||
|
||||
# Network
|
||||
export CEPH_CLUSTER_NET=${CEPH_CLUSTER_NET:-"NA"}
|
||||
export CEPH_PUBLIC_NET=${CEPH_PUBLIC_NET:-"NA"}
|
||||
export GENESIS_NODE_IP=${GENESIS_NODE_IP:-"NA"}
|
||||
export DRYDOCK_NODE_IP=${DRYDOCK_NODE_IP:-${GENESIS_NODE_IP}}
|
||||
export DRYDOCK_NODE_PORT=${DRYDOCK_NODE_PORT:-31000}
|
||||
export MAAS_NODE_IP=${MAAS_NODE_IP:-${GENESIS_NODE_IP}}
|
||||
export MAAS_NODE_PORT=${MAAS_NODE_PORT:-31900}
|
||||
export MASTER_NODE_IP=${MASTER_NODE_IP:-"NA"}
|
||||
export NODE_NET_IFACE=${NODE_NET_IFACE:-"eth0"}
|
||||
export PROXY_ADDRESS=${PROXY_ADDRESS:-"http://one.proxy.att.com:8080"}
|
||||
export PROXY_ENABLED=${PROXY_ENABLED:-"false"}
|
||||
|
||||
# Hostnames
|
||||
export GENESIS_NODE_NAME=${GENESIS_NODE_NAME:-"node1"}
|
||||
export MASTER_NODE_NAME=${MASTER_NODE_NAME:-"node2"}
|
||||
|
||||
# Charts
|
||||
export CEPH_CHART_REPO=${CEPH_CHART_REPO:-"https://github.com/openstack/openstack-helm"}
|
||||
export CEPH_CHART_BRANCH=${CEPH_CHART_BRANCH:-"master"}
|
||||
export DRYDOCK_CHART_REPO=${DRYDOCK_CHART_REPO:-"https://github.com/att-comdev/aic-helm"}
|
||||
export DRYDOCK_CHART_BRANCH=${DRYDOCK_CHART_BRANCH:-"master"}
|
||||
export MAAS_CHART_REPO=${MAAS_CHART_REPO:-"https://github.com/openstack/openstack-helm-addons"}
|
||||
export MAAS_CHART_BRANCH=${MAAS_CHART_BRANCH:-"master"}
|
||||
|
||||
# Images
|
||||
export DRYDOCK_IMAGE=${DRYDOCK_IMAGE:-"quay.io/attcomdev/drydock:0.2.0-a1"}
|
||||
export ARMADA_IMAGE=${ARMADA_IMAGE:-"quay.io/attcomdev/armada:v0.6.0"}
|
||||
export PROMENADE_IMAGE=${PROMENADE_IMAGE:-"quay.io/attcomdev/promenade:master"}
|
||||
|
||||
# Filenames
|
||||
export ARMADA_CONFIG=${ARMADA_CONFIG:-"armada.yaml"}
|
||||
export PROMENADE_CONFIG=${PROMENADE_CONFIG:-"promenade.yaml"}
|
||||
export UP_SCRIPT_FILE=${UP_SCRIPT_FILE:-"up.sh"}
|
||||
|
||||
# Validate environment
|
||||
if [[ $GENESIS_NODE_IP == "NA" || $MASTER_NODE_IP == "NA" ]]
|
||||
then
|
||||
echo "GENESIS_NODE_IP and MASTER_NODE_IP env vars must be set to correct IP addresses."
|
||||
exit -1
|
||||
fi
|
||||
|
||||
if [[ $CEPH_CLUSTER_NET == "NA" || $CEPH_PUBLIC_NET == "NA" ]]
|
||||
then
|
||||
echo "CEPH_CLUSTER_NET and CEPH_PUBLIC_NET en vars must be set to correct IP subnet CIDRs."
|
||||
exit -1
|
||||
fi
|
||||
|
||||
# Required inputs
|
||||
# Promenade input-config.yaml
|
||||
# Armada Manifest for integrated UCP services
|
||||
|
||||
cat promenade.yaml.sub | envsubst > ${PROMENADE_CONFIG}
|
||||
cat armada.yaml.sub | envsubst > ${ARMADA_CONFIG}
|
||||
rm -rf configs
|
||||
mkdir configs
|
||||
|
||||
# Generate Promenade configuration
|
||||
docker run -t -v $(pwd):/target ${PROMENADE_IMAGE} promenade generate -c /target/${PROMENADE_CONFIG} -o /target/configs
|
||||
|
||||
# Do Promenade genesis process
|
||||
cd configs
|
||||
sudo bash ${UP_SCRIPT_FILE} ./${GENESIS_NODE_NAME}.yaml
|
||||
cd ..
|
||||
|
||||
# Setup kubeconfig
|
||||
mkdir ~/.kube
|
||||
cp -r /etc/kubernetes/admin/pki ~/.kube/pki
|
||||
cat /etc/kubernetes/admin/kubeconfig.yaml | sed -e 's/\/etc\/kubernetes\/admin/./' > ~/.kube/config
|
||||
|
||||
# Polling to ensure genesis is complete
|
||||
while [[ -z $(kubectl get pods -n kube-system | grep 'kube-dns' | grep -e '3/3') ]]
|
||||
do
|
||||
sleep 5
|
||||
done
|
||||
|
||||
# Squash Kubernetes RBAC to be compatible w/ OSH
|
||||
kubectl update -f ./rbac-generous-permissions.yaml
|
||||
|
||||
# Do Armada deployment of UCP integrated services
|
||||
docker run -t -v ~/.kube:/root/.kube -v $(pwd):/target --net=host \
|
||||
${ARMADA_IMAGE} apply --debug-logging /target/${ARMADA_CONFIG} --tiller-host=${GENESIS_NODE_IP} --tiller-port=44134
|
||||
|
||||
# Polling for UCP service deployment
|
||||
|
||||
while [[ -z $(kubectl get pods -n ucp | grep drydock | grep Running) ]]
|
||||
do
|
||||
sleep 5
|
||||
done
|
||||
|
||||
# Run Gabbi tests
|
||||
TOKEN=$(docker run --rm --net=host -e 'OS_AUTH_URL=http://keystone-api.ucp.svc.cluster.local:80/v3' -e 'OS_PASSWORD=password' -e 'OS_PROJECT_DOMAIN_NAME=default' -e 'OS_PROJECT_NAME=service' -e 'OS_REGION_NAME=RegionOne' -e 'OS_USERNAME=drydock' -e 'OS_USER_DOMAIN_NAME=default' -e 'OS_IDENTITY_API_VERSION=3' kolla/ubuntu-source-keystone:3.0.3 openstack token issue -f shell | grep ^id | cut -d'=' -f2 | tr -d '"')
|
||||
|
||||
DESIGN_ID=$(docker run --rm --net=host -e "DD_TOKEN=$TOKEN" -e "DD_URL=http://drydock-api.ucp.svc.cluster.local:9000" -e "LC_ALL=C.UTF-8" -e "LANG=C.UTF-8" --entrypoint /usr/local/bin/drydock $DRYDOCK_IMAGE design create)
|
||||
|
||||
TASK_ID=$(docker run --rm --net=host -e "DD_TOKEN=$TOKEN" -e "DD_URL=http://drydock-api.ucp.svc.cluster.local:9000" -e "LC_ALL=C.UTF-8" -e "LANG=C.UTF-8" --entrypoint /usr/local/bin/drydock $DRYDOCK_IMAGE task create -d $DESIGN_ID -a verify_site)
|
||||
|
||||
sleep 15
|
||||
|
||||
TASK_STATUS=$(docker run --rm --net=host -e "DD_TOKEN=$TOKEN" -e "DD_URL=http://drydock-api.ucp.svc.cluster.local:9000" -e "LC_ALL=C.UTF-8" -e "LANG=C.UTF-8" --entrypoint /usr/local/bin/drydock $DRYDOCK_IMAGE task show -t $TASK_ID | tr "'" '"' | sed -e 's/None/null/g')
|
||||
|
||||
if [[ $(echo $TASK_STATUS | jq -r .result) == "success" ]]
|
||||
then
|
||||
echo "Action verify_site successful."
|
||||
exit 0
|
||||
else
|
||||
echo "Action verify_site failed."
|
||||
echo $TASK_STATUS
|
||||
exit -1
|
||||
fi
|
22
tools/gate/playbooks/airship-drydock-check.yaml
Normal file
22
tools/gate/playbooks/airship-drydock-check.yaml
Normal file
@ -0,0 +1,22 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- hosts: primary
|
||||
tasks:
|
||||
- name: Build Charts
|
||||
shell: |
|
||||
set -xe;
|
||||
./tools/gate/scripts/010-build-charts.sh
|
||||
args:
|
||||
chdir: "{{ zuul_osh_relative_path | default(zuul.project.src_dir) }}"
|
36
tools/gate/playbooks/osh-infra-build.yaml
Normal file
36
tools/gate/playbooks/osh-infra-build.yaml
Normal file
@ -0,0 +1,36 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- hosts: primary
|
||||
vars_files:
|
||||
- vars.yaml
|
||||
vars:
|
||||
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
|
||||
gather_facts: True
|
||||
roles:
|
||||
- build-helm-packages
|
||||
tags:
|
||||
- build-helm-packages
|
||||
|
||||
- hosts: all
|
||||
vars_files:
|
||||
- vars.yaml
|
||||
vars:
|
||||
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
|
||||
gather_facts: False
|
||||
become: yes
|
||||
roles:
|
||||
- build-images
|
||||
tags:
|
||||
- build-images
|
30
tools/gate/playbooks/osh-infra-collect-logs.yaml
Normal file
30
tools/gate/playbooks/osh-infra-collect-logs.yaml
Normal file
@ -0,0 +1,30 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- hosts: all
|
||||
vars:
|
||||
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
|
||||
logs_dir: "/tmp/logs"
|
||||
roles:
|
||||
- gather-host-logs
|
||||
- helm-release-status
|
||||
- describe-kubernetes-objects
|
||||
- gather-pod-logs
|
||||
- gather-prom-metrics
|
||||
tags:
|
||||
- gather-host-logs
|
||||
- helm-release-status
|
||||
- describe-kubernetes-objects
|
||||
- gather-pod-logs
|
||||
- gather-prom-metrics
|
43
tools/gate/playbooks/osh-infra-deploy-docker.yaml
Normal file
43
tools/gate/playbooks/osh-infra-deploy-docker.yaml
Normal file
@ -0,0 +1,43 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- hosts: all
|
||||
vars_files:
|
||||
- vars.yaml
|
||||
vars:
|
||||
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
|
||||
gather_facts: False
|
||||
become: yes
|
||||
roles:
|
||||
- deploy-python
|
||||
tags:
|
||||
- deploy-python
|
||||
|
||||
- hosts: all
|
||||
vars_files:
|
||||
- vars.yaml
|
||||
vars:
|
||||
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
|
||||
gather_facts: True
|
||||
become: yes
|
||||
roles:
|
||||
- setup-firewall
|
||||
- deploy-python-pip
|
||||
- deploy-docker
|
||||
- deploy-yq
|
||||
tags:
|
||||
- setup-firewall
|
||||
- deploy-python-pip
|
||||
- deploy-docker
|
||||
- deploy-yq
|
36
tools/gate/playbooks/osh-infra-deploy-k8s.yaml
Normal file
36
tools/gate/playbooks/osh-infra-deploy-k8s.yaml
Normal file
@ -0,0 +1,36 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- hosts: primary
|
||||
vars_files:
|
||||
- vars.yaml
|
||||
vars:
|
||||
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
|
||||
gather_facts: True
|
||||
roles:
|
||||
- build-helm-packages
|
||||
- deploy-kubeadm-aio-master
|
||||
tags:
|
||||
- build-helm-packages
|
||||
- deploy-kubeadm-aio-master
|
||||
|
||||
- hosts: nodes
|
||||
vars_files:
|
||||
- vars.yaml
|
||||
vars:
|
||||
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
|
||||
roles:
|
||||
- deploy-kubeadm-aio-node
|
||||
tags:
|
||||
- deploy-kubeadm-aio-node
|
41
tools/gate/playbooks/osh-infra-upgrade-host.yaml
Normal file
41
tools/gate/playbooks/osh-infra-upgrade-host.yaml
Normal file
@ -0,0 +1,41 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- hosts: all
|
||||
vars_files:
|
||||
- vars.yaml
|
||||
vars:
|
||||
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
|
||||
gather_facts: False
|
||||
become: yes
|
||||
roles:
|
||||
- deploy-python
|
||||
tags:
|
||||
- deploy-python
|
||||
|
||||
- hosts: all
|
||||
vars_files:
|
||||
- vars.yaml
|
||||
vars:
|
||||
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
|
||||
gather_facts: True
|
||||
become: yes
|
||||
roles:
|
||||
- upgrade-host
|
||||
- start-zuul-console
|
||||
- disable-local-nameserver
|
||||
tags:
|
||||
- upgrade-host
|
||||
- start-zuul-console
|
||||
- disable-local-nameserver
|
15
tools/gate/playbooks/vars.yaml
Normal file
15
tools/gate/playbooks/vars.yaml
Normal file
@ -0,0 +1,15 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
null: null
|
20
tools/gate/playbooks/zuul-linter.yaml
Normal file
20
tools/gate/playbooks/zuul-linter.yaml
Normal file
@ -0,0 +1,20 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- hosts: primary
|
||||
tasks:
|
||||
- name: Execute a Whitespace Linter check
|
||||
command: find . -not -path "*/\.*" -not -path "*/doc/build/*" -not -name "*.tgz" -type f -exec egrep -l " +$" {} \;
|
||||
register: result
|
||||
failed_when: result.stdout != ""
|
19
tools/gate/scripts/010-build-charts.sh
Executable file
19
tools/gate/scripts/010-build-charts.sh
Executable file
@ -0,0 +1,19 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
set -xe
|
||||
|
||||
make charts
|
Loading…
x
Reference in New Issue
Block a user