Make the gate more configurable

Updates to make the gate more configurable

Change-Id: I9080267a869cae757b67a9603f99fbdacc78b9e3

deployment_files/global/v1.0demo/software/charts/ucp/drydock/drydock.yaml

@@ -47,37 +47,12 @@ metadata:
         path: .ucp.physicalprovisioner
       dest:
         path: .values.endpoints.physicalprovisioner
-
-    # Drydock IPs
     - src:
-        schema: pegleg/CommonAddresses/v1
+        schema: pegleg/EndpointCatalogue/v1
-        name: common-addresses
+        name: ucp_endpoints
-        path: .node_ports.drydock_api
+        path: .ucp.maas_region
       dest:
-        path: .values.network.drydock.node_port.port
+        path: .values.endpoints.maas_region
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .node_ports.drydock_api
-      dest:
-        path: .values.endpoints.physicalprovisioner.port.api.nodeport
-
-    # MaaS IPs
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        # TODO(mb874d): Can change once we have an accessible VIP from fresh nodes.
-        path: .genesis.ip
-      dest:
-        path: .values.conf.drydock.maasdriver.maas_api_url
-        pattern: 'MAAS_IP'
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .node_ports.maas_api
-      dest:
-        path: .values.conf.drydock.maasdriver.maas_api_url
-        pattern: 'MAAS_PORT'
 
     # Credentials
 
@@ -172,8 +147,6 @@ data:
           enabled: true
     conf:
       drydock:
-        maasdriver:
-          maas_api_url: http://MAAS_IP:MAAS_PORT/MAAS/api/2.0/
         plugins:
           ingester: drydock_provisioner.ingester.plugins.deckhand.DeckhandIngester
           oob_driver:

deployment_files/global/v1.0demo/software/charts/ucp/drydock/maas.yaml

@@ -43,34 +43,6 @@ metadata:
         path: .values.conf.drydock.bootaction_url
         pattern: '(DRYDOCK_PORT)'
 
-    # MaaS IPs
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        # TODO(mb874d): Can change once we have an accessible VIP from fresh nodes.
-        path: .bootstrap.ip
-      dest:
-        path: .values.conf.maas.url.maas_url
-        pattern: '(MAAS_IP)'
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .node_ports.maas_api
-      dest:
-        path: .values.conf.maas.url.maas_url
-        pattern: '(MAAS_PORT)'
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .node_ports.maas_api
-      dest:
-        path: .values.network.gui.node_port.port
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .node_ports.maas_proxy
-      dest:
-        path: .values.network.proxy.node_port.port
 
     # MaaS Config
     - src:
@@ -111,6 +83,12 @@ metadata:
         path: .ucp.physicalprovisioner
       dest:
         path: .values.endpoints.physicalprovisioner
+    - src:
+        schema: pegleg/EndpointCatalogue/v1
+        name: ucp_endpoints
+        path: .ucp.maas_ingress
+      dest:
+        path: .values.endpoints.maas_ingress
 
     # Account and credential substitutions
     - src:
@@ -180,6 +158,10 @@ data:
           labels:
             release_group: airship-maas
   values:
+    pod:
+      replicas:
+        rack: 1
+        region: 1
     labels:
       rack:
         node_selector_key: ucp-control-plane

deployment_files/global/v1.0demo/software/config/endpoints.yaml

@@ -128,12 +128,10 @@ data:
         default: http
       host_fqdn_override:
         default: null
-        public: drydock.gate.local
     maas_region:
       name: maas-region
       hosts:
         default: maas-region
-        public: maas
       scheme:
         default: "http"
       port:
@@ -142,6 +140,24 @@ data:
           public: 80
       host_fqdn_override:
         default: null
+    maas_ingress:
+      hosts:
+        default: maas-ingress
+        error_pages: maas-ingress-error
+      host_fqdn_override:
+        public: null
+      port:
+        http:
+          default: 80
+        https:
+          default: 443
+        error_pages:
+          default: 8080
+          podport: 8080
+        healthz:
+          podport: 10259
+        status:
+          podport: 18089
     kubernetesprovisioner:
       name: promenade
       hosts:

deployment_files/global/v1.0demo/software/config/versions.yaml

@@ -177,12 +177,12 @@ data:
         type: git
       drydock:
         location: https://git.openstack.org/openstack/airship-drydock
-        reference: 3470f89519d018c572905566891bafc8a3c51c3b
+        reference: 485f919822c7e425741a19ab507f83ea075529c5
         subpath: charts/drydock
         type: git
       drydock-htk:
         location: https://git.openstack.org/openstack/openstack-helm-infra
-        reference: 5d356f9265b337b75f605dee839faa8cd0ed3ab2
+        reference: 4ad893eb1a5ebd7c7660c70d44d1316862268cf1
         subpath: helm-toolkit
         type: git
       ingress:
@@ -207,12 +207,12 @@ data:
         type: git
       maas:
         location: https://git.openstack.org/openstack/airship-maas
-        reference: 2e003450cceb16b9bda71aa69a939a8466516582
+        reference: refs/changes/83/619283/11
         subpath: charts/maas
         type: git
       maas-htk:
         location: https://git.openstack.org/openstack/openstack-helm-infra
-        reference: 5d356f9265b337b75f605dee839faa8cd0ed3ab2
+        reference: 4ad893eb1a5ebd7c7660c70d44d1316862268cf1
         subpath: helm-toolkit
         type: git
       mariadb:
@@ -461,9 +461,9 @@ data:
         divingbell: docker.io/ubuntu:16.04
       drydock:
         dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
-        drydock: quay.io/airshipit/drydock:3470f89519d018c572905566891bafc8a3c51c3b
+        drydock: quay.io/airshipit/drydock:485f919822c7e425741a19ab507f83ea075529c5
         drydock_db_init: docker.io/postgres:9.5
-        drydock_db_sync: quay.io/airshipit/drydock:3470f89519d018c572905566891bafc8a3c51c3b
+        drydock_db_sync: quay.io/airshipit/drydock:485f919822c7e425741a19ab507f83ea075529c5
         ks_endpoints: docker.io/openstackhelm/heat:ocata
         ks_service: docker.io/openstackhelm/heat:ocata
         ks_user: docker.io/openstackhelm/heat:ocata
@@ -474,7 +474,7 @@ data:
         dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
         export_api_key: quay.io/airshipit/maas-region-controller:2e003450cceb16b9bda71aa69a939a8466516582
         maas_cache: quay.io/airshipit/sstream-cache:2e003450cceb16b9bda71aa69a939a8466516582
-        maas_rack: quay.io/airshipit/maas-rack-controller:2e003450cceb16b9bda71aa69a939a8466516582
+        maas_rack: docker.io/sthussey/maas-rack-controller:dev
         maas_region: quay.io/airshipit/maas-region-controller:2e003450cceb16b9bda71aa69a939a8466516582
       promenade:
         dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1

deployment_files/site/gate-multinode/software/charts/ucp/drydock/drydock.yaml

@@ -26,8 +26,6 @@ data:
       secret_ssh_key: true
     conf:
       drydock:
-        maasdriver:
-          maas_api_url: 'http://maas.gate.local:9085/MAAS/api/2.0/'
         plugins:
           oob_driver:
             - 'drydock_provisioner.drivers.oob.pyghmi_driver.driver.PyghmiDriver'

deployment_files/site/gate-multinode/software/charts/ucp/drydock/maas.yaml

@@ -32,29 +32,4 @@ data:
     network:
       maas_ingress:
         addr: '172.24.1.5/32'
-    endpoints:
-      maas_region:
-        host_fqdn_override:
-          public: maas.gate.local
-        port:
-          region_api:
-            public: 9085
-      maas_ingress:
-        hosts:
-          default: maas-ingress
-          error_pages: maas-ingress-error
-        host_fqdn_override:
-          public: null
-        port:
-          http:
-            default: 9080
-          https:
-            default: 9443
-          error_pages:
-            default: 8080
-            podport: 8080
-          healthz:
-            podport: 10259
-          status:
-            podport: 18089
 ...

deployment_files/site/gate-multinode/software/configs/endpoints.yaml

@@ -17,6 +17,12 @@ metadata:
 # dns server
 data:
   ucp:
+    physicalprovisioner:
+      host_fqdn_override:
+        public: drydock.gate.local
+    maas_region:
+      host_fqdn_override:
+        public: maas.gate.local
     identity:
       host_fqdn_override:
         public: keystone.gate.local

tools/multi_nodes_gate/airship_gate/bin/shipyard.sh

@@ -1,4 +1,3 @@
-
 #!/usr/bin/env bash
 # Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
 #
@@ -14,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-set -e
+set -x
 
 SCRIPT_DIR=$(realpath $(dirname $0))
 WORKSPACE=$(realpath ${SCRIPT_DIR}/../../..)

tools/multi_nodes_gate/airship_gate/lib/airship.sh

@@ -1,7 +1,31 @@
 #!/bin/bash
 
+install_ingress_ca() {
+  ingress_ca=$(config_ingress_ca)
+  if [[ -z "$ingress_ca" ]]
+  then
+    echo "Not installing ingress root CA."
+    return
+  fi
+  local_file="${TEMP_DIR}/ingress_ca.pem"
+  remote_file="${GENESIS_WORK_DIR}/ingress_ca.pem"
+  cat <<< "$ingress_ca" > "$local_file"
+  rsync_cmd "$local_file" "${GENESIS_NAME}":"$remote_file"
+}
+
 shipard_cmd_stdout() {
-  ssh_cmd "${GENESIS_NAME}" docker run -t --network host -v "${GENESIS_WORK_DIR}:/work" -e OS_AUTH_URL=http://keystone.ucp.svc.cluster.local:80/v3 -e OS_USERNAME=shipyard -e OS_USER_DOMAIN_NAME=default -e OS_PASSWORD="${SHIPYARD_PASSWORD}" -e OS_PROJECT_DOMAIN_NAME=default -e OS_PROJECT_NAME=service --entrypoint /usr/local/bin/shipyard "${IMAGE_SHIPYARD_CLI}" $* 2>&1
+  install_ingress_ca
+  ssh_cmd "${GENESIS_NAME}" \
+    docker run -t --network=host \
+    -v "${GENESIS_WORK_DIR}:/work" \
+    -e OS_AUTH_URL=http://keystone.ucp.svc.cluster.local:80/v3 \
+    -e OS_USERNAME=shipyard \
+    -e OS_USER_DOMAIN_NAME=default \
+    -e OS_PASSWORD="${SHIPYARD_PASSWORD}" \
+    -e OS_PROJECT_DOMAIN_NAME=default \
+    -e OS_PROJECT_NAME=service \
+    -e REQUESTS_CA_BUNDLE=/work/ingress_ca.pem \
+    --entrypoint /usr/local/bin/shipyard "${IMAGE_SHIPYARD_CLI}" $* 2>&1
 }
 
 shipyard_cmd() {
@@ -16,7 +40,19 @@ shipyard_cmd() {
 }
 
 drydock_cmd_stdout() {
-  ssh_cmd "${GENESIS_NAME}" docker run -t --network host -v "${GENESIS_WORK_DIR}:/work" -e DD_URL=http://drydock-api.ucp.svc.cluster.local:9000 -e OS_AUTH_URL=http://keystone.ucp.svc.cluster.local:80/v3 -e OS_USERNAME=shipyard -e OS_USER_DOMAIN_NAME=default -e OS_PASSWORD="${SHIPYARD_PASSWORD}" -e OS_PROJECT_DOMAIN_NAME=default -e OS_PROJECT_NAME=service --entrypoint /usr/local/bin/drydock "${IMAGE_DRYDOCK_CLI}" $* 2>&1
+  install_ingress_ca
+  ssh_cmd "${GENESIS_NAME}" \
+    docker run -t --network=host \
+    -v "${GENESIS_WORK_DIR}:/work" \
+    -e DD_URL=http://drydock-api.ucp.svc.cluster.local:9000 \
+    -e OS_AUTH_URL=http://keystone.ucp.svc.cluster.local:80/v3 \
+    -e OS_USERNAME=shipyard \
+    -e OS_USER_DOMAIN_NAME=default \
+    -e OS_PASSWORD="${SHIPYARD_PASSWORD}" \
+    -e OS_PROJECT_DOMAIN_NAME=default \
+    -e OS_PROJECT_NAME=service \
+    -e REQUESTS_CA_BUNDLE=/work/ingress_ca.pem \
+    --entrypoint /usr/local/bin/drydock "${IMAGE_DRYDOCK_CLI}" $* 2>&1
 }
 drydock_cmd() {
   if [[ ! -z "${LOG_FILE}" ]]

tools/multi_nodes_gate/airship_gate/lib/config.sh

@@ -16,6 +16,7 @@ export SHIPYARD_PASSWORD=${SHIPYARD_OS_PASSWORD:-password18}
 export REGISTRY_DATA_DIR=${REGISTRY_DATA_DIR:-/mnt/registry}
 export VIRSH_POOL=${VIRSH_POOL:-airship}
 export VIRSH_POOL_PATH=${VIRSH_POOL_PATH:-/var/lib/libvirt/airship}
+export VIRSH_CPU_OPTS=${VIRSH_CPU_OPTS:-host}
 export UPSTREAM_DNS=${UPSTREAM_DNS:-"8.8.8.8 208.67.220.220"}
 
 config_vm_memory() {
@@ -37,6 +38,16 @@ config_vm_mac() {
     jq -cr ".vm.${nodename}.mac" < "${GATE_MANIFEST}"
 }
 
+config_vm_io() {
+    nodename=${1}
+    io_profile=$(jq -cr ".vm.${nodename}.io_profile" < "${GATE_MANIFEST}")
+    if [[ -z "$io_profile" ]]
+    then
+      io_profile="fast"
+    fi
+    echo -n "$io_profile"
+}
+
 config_vm_vcpus() {
     nodename=${1}
     jq -cr ".vm.${nodename}.vcpus" < "${GATE_MANIFEST}"
@@ -62,12 +73,20 @@ config_vm_userdata() {
       echo "${val}"
     fi
 }
+
 config_ingress_domain() {
     jq -cr '.ingress.domain' < "${GATE_MANIFEST}"
 }
 
+config_ingress_ca() {
+    if [[ ! -z "$GATE_MANIFEST" ]]
+    then
+      jq -cr '.ingress.ca' < "${GATE_MANIFEST}"
+    fi
+}
+
 config_ingress_ips() {
-    jq -cr '.ingress | keys | map(select(. != "domain")) | join(" ")' < "${GATE_MANIFEST}"
+    jq -cr '.ingress | keys | map(select(test("([0-9]{1,3}.?){4}"))) | join(" ")' < "${GATE_MANIFEST}"
 }
 
 config_ingress_entries() {
@@ -86,3 +105,9 @@ config_pegleg_sitename() {
 config_pegleg_aux_repos() {
     jq -cr '.configuration.aux_repos | join(" ")' < "${GATE_MANIFEST}"
 }
+
+join_array() {
+  local IFS=$1
+  shift
+  echo "$*"
+}

tools/multi_nodes_gate/airship_gate/lib/ingress.sh

@@ -17,7 +17,7 @@ ingress_dns_config() {
     done
   done
 
-  DNS_DOMAIN=${ingress_domain} ZONE_FILE=$(basename $DNS_ZONE_FILE) envsubst < "${TEMPLATE_DIR}/ingress_corefile.sub" > "${COREFILE}"
+  DNS_DOMAIN=${ingress_domain} ZONE_FILE=$(basename $DNS_ZONE_FILE) DNS_SERVERS="$UPSTREAM_DNS" envsubst < "${TEMPLATE_DIR}/ingress_corefile.sub" > "${COREFILE}"
 }
 
 ingress_dns_start() {

tools/multi_nodes_gate/airship_gate/lib/virsh.sh

@@ -51,6 +51,8 @@ iso_gen() {
     fi
 
     envsubst < "${TEMPLATE_DIR}/meta-data.sub" > meta-data
+
+    export DNS_SERVERS=$(join_array ',' $UPSTREAM_DNS)
     envsubst < "${TEMPLATE_DIR}/network-config.sub" > network-config
 
     {
@@ -129,7 +131,16 @@ vm_clean_all() {
 vm_create() {
     NAME=${1}
     MAC_ADDRESS=$(config_vm_mac "${NAME}")
-    DISK_OPTS="bus=virtio,cache=directsync,discard=unmap,format=qcow2"
+    IO_PROF=$(config_vm_io "${NAME}")
+    if [[ "$IO_PROF" == "fast" ]]
+    then
+      DISK_OPTS="bus=virtio,cache=none,format=qcow2,io=native"
+    elif [[ "$IO_PROF" == "safe" ]]
+    then
+      DISK_OPTS="bus=virtio,cache=directsync,discard=unmap,format=qcow2,io=native"
+    else
+      DISK_OPTS="bus=virtio,format=qcow2"
+    fi
     vol_create_root "${NAME}"
     wait
 
@@ -141,7 +152,7 @@ vm_create() {
         virt-install \
             --name "${NAME}" \
             --virt-type kvm \
-            --cpu host \
+            --cpu ${VIRSH_CPU_OPTS} \
             --graphics vnc,listen=0.0.0.0 \
             --noautoconsole \
             --network "network=airship_gate,model=virtio" \
@@ -161,7 +172,7 @@ vm_create() {
         virt-install \
             --name "${NAME}" \
             --virt-type kvm \
-            --cpu host \
+            --cpu ${VIRSH_CPU_OPTS} \
             --graphics vnc,listen=0.0.0.0 \
             --noautoconsole \
             --network "network=airship_gate,model=virtio" \

tools/multi_nodes_gate/airship_gate/manifests/deploy_site.json

@@ -0,0 +1,61 @@
+{
+  "configuration": {
+    "site": "gate-multinode",
+    "primary_repo": "deployment_files",
+    "aux_repos": []
+  },
+  "ingress": {
+    "domain": "gate.local",
+    "ca": "-----BEGIN CERTIFICATE-----\nMIIFJzCCAw+gAwIBAgIJAJrXqOA54qn/MA0GCSqGSIb3DQEBCwUAMB8xCzAJBgNV\nBAYTAlVTMRAwDgYDVQQDDAdyb290LWNhMB4XDTE4MTEwMjE1MTgyNVoXDTM4MTAy\nODE1MTgyNVowHzELMAkGA1UEBhMCVVMxEDAOBgNVBAMMB3Jvb3QtY2EwggIiMA0G\nCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDVJt2qJILBhd5i0NOCfENWD07r3wlb\nI1MSy2pgt2qNzSpn3+gLfnQSMEDtdPFzNcU9FceE8It/W9QYeOx1V2bRX9Jjld2R\n8MFkoHlO+WHd55tblz2Jel5QYlFbjRUscfH7OG65cxa2vao26vyskYLmeNrdY0bi\n03w480ph/152qoFGlKVL3Ozlm6pcrKEwfCzZx/wO1hqAqOxd3fTRbgo3MKKzP1Ov\nsurgxwdSTzO5xL7JPfK3h94G9BeIdfcjIqosg393jTDhFwJ6TxuJUG3jg08mscHb\n/89ZPg5PLF8mLlCKc7WZDbxuo/8Oy7Krlv48LV6hWDelAynMH3X1m7QP2l7gMK+u\nxWFIWcHZ+fncdH9aicszS99e8jiIuCVpnKE/1qoo/Jhi4uR7l5uedxnXM2EqTSA/\nd9b849oTwm22Ykzu1EFCdkYtAU326yAoNEsgaBm8SHVGQ6O1W3iVFYpsTIZ65toB\n6uRv7YK7gIkeJFUCxn1aYXjuXF4hNQrQ4o76iMBOS00WG6qRIoesdj5lD0gGuDmv\nEvEjzkwRTMoUaWMS3BpVg9SRzGRNaWkErP0vbiZcp24ij+JvbPPogxve0MXU6YGt\n/xpYb8XmyR87G1D5tC1GoU5A0iS3Vbwu6r6jBp0+f50HtFlXuU0801ivjK7+LqXi\nKUK6ltnbVXp+iQIDAQABo2YwZDAdBgNVHQ4EFgQU0k/clYYxjK2RjVzNCAvY9FMz\nHv8wHwYDVR0jBBgwFoAU0k/clYYxjK2RjVzNCAvY9FMzHv8wEgYDVR0TAQH/BAgw\nBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBACw8btBg\nyJkQnU1fLrKIFQkxRra5LRtEgnZbqpDt+G9G/c4aauJmLV1txcJFa6qiyWFeaDem\nNnNY9Ft+LL5fZ2SwRI+KA4DvRiFMMbZoJDu5q/LlxCJi32qDlSRpmZfaXymadO/T\nIokryRzBscPFznXTqia/cv6JeSapg3zzRA9r7hB3osJLVQQ5S6HzcYxAmyi7OFYv\n0ZBaEem9KYo5MtKNfF21XpoK0T6/z1Jryjz5uNfvLXGHrMW0/rfrRiTa60JiH5r9\nIwyboh/CVrPnU7jC4GtkkE9pCMvaJhrlquf3pCkPIwkIHI0rK2cr1VYi2EFcEGsm\niwqZcA+PX7NWVhJAcUiBRUYqXPltC2EKogX6GMnos7Gczr4f0AqXap3VG9oMRZu8\nDWBxwnfRQrnyAx1G+ZgpOVpbjbb/kpxKCurPEb7xyew9NAOipaKrXWioUiTu54Gn\nTeZXU3tW6nSgq/OV3xWN1hzFQJ0JG45APEjv1UCphvU1DVHOvpiFZXZGUAObDIvv\nZUO/ngtoFv5RRyHJ5EkSIO0jDKRU5dQ+J7LEXsH1aK/ErPX4n52oyD/xX9h6MF0m\nzaItjJ6r6d8+c4xCgsIjDbylU71IvmzUYneGN5cVsavEI93KDJLz0brouK12+UB2\nz4S968kA+qCbBOYTkiGJWyjuJq3o/QJjQivF\n-----END CERTIFICATE-----",
+    "172.24.1.5": ["maas-nc"],
+    "172.24.1.6": ["drydock-nc","shipyard-nc","keystone-nc"]
+  },
+  "stages": [
+    {
+      "name": "Load Site Design",
+      "script": "shipyard-load-design.sh"
+    },
+    {
+      "name": "Deploy Site",
+      "script": "shipyard-deploy-site.sh"
+    }
+  ],
+  "vm": {
+    "build": {
+      "memory": 3072,
+      "vcpus": 2,
+      "mac": "52:54:00:00:be:31",
+      "ip": "172.24.1.9",
+      "bootstrap": true,
+      "userdata": "packages: [docker.io]"
+    },
+    "n0" : {
+      "memory": 32768,
+      "vcpus": 8,
+      "mac": "52:54:00:00:a4:31",
+      "ip": "172.24.1.10",
+      "bootstrap": true
+    },
+    "n1" : {
+      "memory": 3072,
+      "vcpus": 2,
+      "mac": "52:54:00:00:a3:31",
+      "ip": "172.24.1.11",
+      "bootstrap": false
+    },
+    "n2" : {
+      "memory": 3072,
+      "vcpus": 2,
+      "mac": "52:54:00:1a:95:0d",
+      "ip": "172.24.1.12",
+      "bootstrap": false
+    },
+    "n3" : {
+      "memory": 3072,
+      "vcpus": 2,
+      "mac": "52:54:00:31:c2:36",
+      "ip": "172.24.1.13",
+      "bootstrap": false
+    }
+  }
+}

tools/multi_nodes_gate/airship_gate/manifests/multinode_deploy.json

@@ -6,6 +6,7 @@
   },
   "ingress": {
     "domain": "gate.local",
+    "ca": "-----BEGIN CERTIFICATE-----\nMIIFJzCCAw+gAwIBAgIJAJrXqOA54qn/MA0GCSqGSIb3DQEBCwUAMB8xCzAJBgNV\nBAYTAlVTMRAwDgYDVQQDDAdyb290LWNhMB4XDTE4MTEwMjE1MTgyNVoXDTM4MTAy\nODE1MTgyNVowHzELMAkGA1UEBhMCVVMxEDAOBgNVBAMMB3Jvb3QtY2EwggIiMA0G\nCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDVJt2qJILBhd5i0NOCfENWD07r3wlb\nI1MSy2pgt2qNzSpn3+gLfnQSMEDtdPFzNcU9FceE8It/W9QYeOx1V2bRX9Jjld2R\n8MFkoHlO+WHd55tblz2Jel5QYlFbjRUscfH7OG65cxa2vao26vyskYLmeNrdY0bi\n03w480ph/152qoFGlKVL3Ozlm6pcrKEwfCzZx/wO1hqAqOxd3fTRbgo3MKKzP1Ov\nsurgxwdSTzO5xL7JPfK3h94G9BeIdfcjIqosg393jTDhFwJ6TxuJUG3jg08mscHb\n/89ZPg5PLF8mLlCKc7WZDbxuo/8Oy7Krlv48LV6hWDelAynMH3X1m7QP2l7gMK+u\nxWFIWcHZ+fncdH9aicszS99e8jiIuCVpnKE/1qoo/Jhi4uR7l5uedxnXM2EqTSA/\nd9b849oTwm22Ykzu1EFCdkYtAU326yAoNEsgaBm8SHVGQ6O1W3iVFYpsTIZ65toB\n6uRv7YK7gIkeJFUCxn1aYXjuXF4hNQrQ4o76iMBOS00WG6qRIoesdj5lD0gGuDmv\nEvEjzkwRTMoUaWMS3BpVg9SRzGRNaWkErP0vbiZcp24ij+JvbPPogxve0MXU6YGt\n/xpYb8XmyR87G1D5tC1GoU5A0iS3Vbwu6r6jBp0+f50HtFlXuU0801ivjK7+LqXi\nKUK6ltnbVXp+iQIDAQABo2YwZDAdBgNVHQ4EFgQU0k/clYYxjK2RjVzNCAvY9FMz\nHv8wHwYDVR0jBBgwFoAU0k/clYYxjK2RjVzNCAvY9FMzHv8wEgYDVR0TAQH/BAgw\nBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBACw8btBg\nyJkQnU1fLrKIFQkxRra5LRtEgnZbqpDt+G9G/c4aauJmLV1txcJFa6qiyWFeaDem\nNnNY9Ft+LL5fZ2SwRI+KA4DvRiFMMbZoJDu5q/LlxCJi32qDlSRpmZfaXymadO/T\nIokryRzBscPFznXTqia/cv6JeSapg3zzRA9r7hB3osJLVQQ5S6HzcYxAmyi7OFYv\n0ZBaEem9KYo5MtKNfF21XpoK0T6/z1Jryjz5uNfvLXGHrMW0/rfrRiTa60JiH5r9\nIwyboh/CVrPnU7jC4GtkkE9pCMvaJhrlquf3pCkPIwkIHI0rK2cr1VYi2EFcEGsm\niwqZcA+PX7NWVhJAcUiBRUYqXPltC2EKogX6GMnos7Gczr4f0AqXap3VG9oMRZu8\nDWBxwnfRQrnyAx1G+ZgpOVpbjbb/kpxKCurPEb7xyew9NAOipaKrXWioUiTu54Gn\nTeZXU3tW6nSgq/OV3xWN1hzFQJ0JG45APEjv1UCphvU1DVHOvpiFZXZGUAObDIvv\nZUO/ngtoFv5RRyHJ5EkSIO0jDKRU5dQ+J7LEXsH1aK/ErPX4n52oyD/xX9h6MF0m\nzaItjJ6r6d8+c4xCgsIjDbylU71IvmzUYneGN5cVsavEI93KDJLz0brouK12+UB2\nz4S968kA+qCbBOYTkiGJWyjuJq3o/QJjQivF\n-----END CERTIFICATE-----",
     "172.24.1.5": ["maas"],
     "172.24.1.6": ["drydock","shipyard","keystone"]
   },
@@ -18,10 +19,6 @@
       "name": "Pegleg Collection",
       "script": "pegleg-collect.sh"
     },
-    {
-      "name": "Populate Image Cache",
-      "script": "registry-load.sh"
-    },
     {
       "name": "Generate Certificates",
       "script": "generate-certificates.sh"
@@ -44,6 +41,11 @@
       "script": "genesis.sh",
       "on_error": "collect_genesis_info.sh"
     },
+    {
+      "name": "Validate Genesis",
+      "script": "validate-genesis.sh",
+      "on_error": "collect_genesis_info.sh"
+    },
     {
       "name": "Load Site Design",
       "script": "shipyard-load-design.sh"
@@ -59,14 +61,16 @@
       "vcpus": 2,
       "mac": "52:54:00:00:be:31",
       "ip": "172.24.1.9",
+      "io_profile": "fast",
       "bootstrap": true,
       "userdata": "packages: [docker.io]"
     },
     "n0" : {
       "memory": 32768,
-      "vcpus": 8,
+      "vcpus": 12,
       "mac": "52:54:00:00:a4:31",
       "ip": "172.24.1.10",
+      "io_profile": "fast",
       "bootstrap": true
     },
     "n1" : {
@@ -74,6 +78,7 @@
       "vcpus": 2,
       "mac": "52:54:00:00:a3:31",
       "ip": "172.24.1.11",
+      "io_profile": "fast",
       "bootstrap": false
     },
     "n2" : {
@@ -81,6 +86,7 @@
       "vcpus": 2,
       "mac": "52:54:00:1a:95:0d",
       "ip": "172.24.1.12",
+      "io_profile": "fast",
       "bootstrap": false
     },
     "n3" : {
@@ -88,6 +94,7 @@
       "vcpus": 2,
       "mac": "52:54:00:31:c2:36",
       "ip": "172.24.1.13",
+      "io_profile": "fast",
       "bootstrap": false
     }
   }

tools/multi_nodes_gate/airship_gate/manifests/multinode_genesis.json

@@ -6,8 +6,9 @@
   },
   "ingress": {
     "domain": "gate.local",
-    "172.24.1.5": ["maas"],
+    "ca": "-----BEGIN CERTIFICATE-----\nMIIFJzCCAw+gAwIBAgIJAJrXqOA54qn/MA0GCSqGSIb3DQEBCwUAMB8xCzAJBgNV\nBAYTAlVTMRAwDgYDVQQDDAdyb290LWNhMB4XDTE4MTEwMjE1MTgyNVoXDTM4MTAy\nODE1MTgyNVowHzELMAkGA1UEBhMCVVMxEDAOBgNVBAMMB3Jvb3QtY2EwggIiMA0G\nCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDVJt2qJILBhd5i0NOCfENWD07r3wlb\nI1MSy2pgt2qNzSpn3+gLfnQSMEDtdPFzNcU9FceE8It/W9QYeOx1V2bRX9Jjld2R\n8MFkoHlO+WHd55tblz2Jel5QYlFbjRUscfH7OG65cxa2vao26vyskYLmeNrdY0bi\n03w480ph/152qoFGlKVL3Ozlm6pcrKEwfCzZx/wO1hqAqOxd3fTRbgo3MKKzP1Ov\nsurgxwdSTzO5xL7JPfK3h94G9BeIdfcjIqosg393jTDhFwJ6TxuJUG3jg08mscHb\n/89ZPg5PLF8mLlCKc7WZDbxuo/8Oy7Krlv48LV6hWDelAynMH3X1m7QP2l7gMK+u\nxWFIWcHZ+fncdH9aicszS99e8jiIuCVpnKE/1qoo/Jhi4uR7l5uedxnXM2EqTSA/\nd9b849oTwm22Ykzu1EFCdkYtAU326yAoNEsgaBm8SHVGQ6O1W3iVFYpsTIZ65toB\n6uRv7YK7gIkeJFUCxn1aYXjuXF4hNQrQ4o76iMBOS00WG6qRIoesdj5lD0gGuDmv\nEvEjzkwRTMoUaWMS3BpVg9SRzGRNaWkErP0vbiZcp24ij+JvbPPogxve0MXU6YGt\n/xpYb8XmyR87G1D5tC1GoU5A0iS3Vbwu6r6jBp0+f50HtFlXuU0801ivjK7+LqXi\nKUK6ltnbVXp+iQIDAQABo2YwZDAdBgNVHQ4EFgQU0k/clYYxjK2RjVzNCAvY9FMz\nHv8wHwYDVR0jBBgwFoAU0k/clYYxjK2RjVzNCAvY9FMzHv8wEgYDVR0TAQH/BAgw\nBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBACw8btBg\nyJkQnU1fLrKIFQkxRra5LRtEgnZbqpDt+G9G/c4aauJmLV1txcJFa6qiyWFeaDem\nNnNY9Ft+LL5fZ2SwRI+KA4DvRiFMMbZoJDu5q/LlxCJi32qDlSRpmZfaXymadO/T\nIokryRzBscPFznXTqia/cv6JeSapg3zzRA9r7hB3osJLVQQ5S6HzcYxAmyi7OFYv\n0ZBaEem9KYo5MtKNfF21XpoK0T6/z1Jryjz5uNfvLXGHrMW0/rfrRiTa60JiH5r9\nIwyboh/CVrPnU7jC4GtkkE9pCMvaJhrlquf3pCkPIwkIHI0rK2cr1VYi2EFcEGsm\niwqZcA+PX7NWVhJAcUiBRUYqXPltC2EKogX6GMnos7Gczr4f0AqXap3VG9oMRZu8\nDWBxwnfRQrnyAx1G+ZgpOVpbjbb/kpxKCurPEb7xyew9NAOipaKrXWioUiTu54Gn\nTeZXU3tW6nSgq/OV3xWN1hzFQJ0JG45APEjv1UCphvU1DVHOvpiFZXZGUAObDIvv\nZUO/ngtoFv5RRyHJ5EkSIO0jDKRU5dQ+J7LEXsH1aK/ErPX4n52oyD/xX9h6MF0m\nzaItjJ6r6d8+c4xCgsIjDbylU71IvmzUYneGN5cVsavEI93KDJLz0brouK12+UB2\nz4S968kA+qCbBOYTkiGJWyjuJq3o/QJjQivF\n-----END CERTIFICATE-----",
-    "172.24.1.6": ["drydock","shipyard","keystone"]
+    "172.24.1.5": ["maas-nc"],
+    "172.24.1.6": ["drydock-nc","shipyard-nc","iam-nc"]
   },
   "stages": [
     {
@@ -18,10 +19,6 @@
       "name": "Pegleg Collection",
       "script": "pegleg-collect.sh"
     },
-    {
-      "name": "Populate Image Cache",
-      "script": "registry-load.sh"
-    },
     {
       "name": "Generate Certificates",
       "script": "generate-certificates.sh"
@@ -43,6 +40,11 @@
       "name": "Genesis",
       "script": "genesis.sh",
       "on_error": "collect_genesis_info.sh"
+    },
+    {
+      "name": "Validate Genesis",
+      "script": "validate-genesis.sh",
+      "on_error": "collect_genesis_info.sh"
     }
   ],
   "vm": {
@@ -56,7 +58,7 @@
     },
     "n0" : {
       "memory": 16384,
-      "vcpus": 8,
+      "vcpus": 12,
       "mac": "52:54:00:00:a4:31",
       "ip": "172.24.1.10",
       "bootstrap": true

tools/multi_nodes_gate/airship_gate/stages/pegleg-collect.sh

@@ -39,7 +39,7 @@ render_pegleg_cli() {
     then
         for r in ${aux_repos[*]}
         do
-          cli_string="${cli_string} -a ${r}"
+          cli_string="${cli_string} -a /workspace/${r}"
         done
     fi
 

tools/multi_nodes_gate/airship_gate/stages/validate-genesis.sh

@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+# Copyright 2018 AT&T Intellectual Property.  All other rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -e
+
+source "${GATE_UTILS}"
+
+# Copies script and virtmgr private key to genesis VM
+rsync_cmd "${SCRIPT_DEPOT}/validate-genesis.sh" "${GENESIS_NAME}:/root/airship/"
+
+set -o pipefail
+ssh_cmd "${GENESIS_NAME}" /root/airship/validate-genesis.sh 2>&1 | tee -a "${LOG_FILE}"
+set +o pipefail
+
+if ! ssh_cmd n0 docker images | tail -n +2 | grep -v registry:5000 ; then
+    log_warn "Using some non-cached docker images.  This will slow testing."
+    ssh_cmd n0 docker images | tail -n +2 | grep -v registry:5000 | tee -a "${LOG_FILE}"
+fi

tools/multi_nodes_gate/airship_gate/templates/ingress_corefile.sub

@@ -4,6 +4,6 @@ ${DNS_DOMAIN} {
 }
 
 . {
-    forward . ${UPSTREAM_DNS}
+    forward . ${DNS_SERVERS}
     log
 }

tools/multi_nodes_gate/airship_gate/templates/network-config.sub

@@ -8,6 +8,4 @@ config:
         address: ${BR_IP_NODE}/24
         gateway: 172.24.1.1
   - type: nameserver
-    address:
+    address: [${DNS_SERVERS}]
-      - 8.8.8.8
-      - 8.8.4.4

tools/multi_nodes_gate/airship_gate/templates/user-data.sub

@@ -4,6 +4,8 @@ disable_root: false
 
 hostname: ${NAME}
 manage_etc_hosts: false
+package_update: true
+apt_preserve_sources_list: true
 
 ssh_authorized_keys:
   - ${SSH_PUBLIC_KEY}