Sloop type and Airsloop site
Sloop type/site is a minimalistic approach to Airship with reduced requirements towards hardware and external dependencies while keeping all the functional features. Major differences compared to reference site airship-seaworthy - Two bare-metal server setup with 1 control, and 1 compute. Most components are scaled to a single replica and doesn't carry any HA as there is only a single control plane host. - No requirements for DNS/certificates. HTTP and internal cluster DNS is used. - Ceph set to use the single (root) disk. This generally provides minimalistic no-touch ceph deployment. No replication of ceph data (single copy). - Simplified networking (no bonding). Two network interfaces are used by default (flat PXE, and DATA network with VLANs for OAM, Calico, Storage, and OpenStack Overlay) - Generic hostnames used (airsloop-control-1, airsloop-compute-1) that simplifies generation of k8s certificates - Usage of standard Ubuntu 16.04 GA kernel (as oppose to HWE) Change-Id: I4944fcae7d29ed8799d810c93efb0120b6b3a105
This commit is contained in:
parent
f28a3a7849
commit
06ffeec6b1
@ -6,6 +6,8 @@ metadata:
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: global
|
||||
labels:
|
||||
name: grafana-global
|
||||
storagePolicy: cleartext
|
||||
substitutions:
|
||||
# Chart source
|
||||
|
@ -3,6 +3,8 @@ schema: armada/Chart/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh-infra-ingress-controller
|
||||
labels:
|
||||
name: osh-infra-ingress-controller-global
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: global
|
||||
|
@ -3,6 +3,8 @@ schema: armada/Chart/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh-infra-mariadb
|
||||
labels:
|
||||
name: osh-infra-mariadb-global
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: global
|
||||
|
@ -3,6 +3,8 @@ schema: armada/Chart/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: prometheus
|
||||
labels:
|
||||
name: prometheus-global
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: global
|
||||
|
@ -3,6 +3,8 @@ schema: armada/Chart/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: tenant-ceph-ingress
|
||||
labels:
|
||||
name: tenant-ceph-ingress-global
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: global
|
||||
|
@ -6,6 +6,8 @@ metadata:
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: global
|
||||
labels:
|
||||
name: ucp-ceph-ingress-global
|
||||
storagePolicy: cleartext
|
||||
substitutions:
|
||||
# Chart source
|
||||
|
@ -6,6 +6,8 @@ metadata:
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: global
|
||||
labels:
|
||||
name: cluster-bootstrap-global
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
release_prefix: airship
|
||||
@ -28,3 +30,4 @@ data:
|
||||
- ucp-drydock
|
||||
- ucp-promenade
|
||||
- ucp-shipyard
|
||||
...
|
||||
|
32
site/airsloop/baremetal/bootactions/promjoin.yaml
Normal file
32
site/airsloop/baremetal/bootactions/promjoin.yaml
Normal file
@ -0,0 +1,32 @@
|
||||
---
|
||||
# This file defines a boot action which is responsible for fetching the node's
|
||||
# promjoin script from the promenade API. This is the script responsible for
|
||||
# installing kubernetes on the node and joining the kubernetes cluster.
|
||||
# #GLOBAL-CANDIDATE#
|
||||
schema: 'drydock/BootAction/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
name: promjoin
|
||||
storagePolicy: 'cleartext'
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
labels:
|
||||
application: 'drydock'
|
||||
data:
|
||||
signaling: false
|
||||
# TODO(alanmeadows) move what is global about this document
|
||||
assets:
|
||||
- path: /opt/promjoin.sh
|
||||
type: file
|
||||
permissions: '555'
|
||||
# The ip= parameter must match the MaaS network name of the network used
|
||||
# to contact kubernetes. With a standard, reference Airship deployment where
|
||||
# L2 networks are shared between all racks, the network name (i.e. calico)
|
||||
# should be correct.
|
||||
location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}&ip={{ node.network.calico.ip }}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %}
|
||||
location_pipeline:
|
||||
- template
|
||||
data_pipeline:
|
||||
- utf8_decode
|
||||
...
|
65
site/airsloop/baremetal/nodes.yaml
Normal file
65
site/airsloop/baremetal/nodes.yaml
Normal file
@ -0,0 +1,65 @@
|
||||
---
|
||||
# Drydock BaremetalNode resources for a specific rack are stored in this file.
|
||||
#
|
||||
# NOTE: For new sites, you should complete the networks/physical/networks.yaml
|
||||
# file before working on this file.
|
||||
#
|
||||
# In this file, you should make the number of `drydock/BaremetalNode/v1`
|
||||
# resources equal the number of bare metal nodes you have, either by deleting
|
||||
# excess BaremetalNode definitions (if there are too many), or by copying and
|
||||
# pasting the last BaremetalNode in the file until you have the correct number
|
||||
# of baremetal nodes (if there are too few).
|
||||
#
|
||||
# Then in each file, address all additional NEWSITE-CHANGEME markers to update
|
||||
# the data in these files with the right values for your new site.
|
||||
#
|
||||
# *NOTE: The Genesis node is counted as one of the control plane nodes. Note
|
||||
# that the Genesis node does not appear on this bare metal list, because the
|
||||
# procedure to reprovision the Genesis host with MaaS has not yet been
|
||||
# implemented. Therefore there will be only three bare metal nodes in this file
|
||||
# with the 'masters' tag, as the genesis roles are assigned in a difference
|
||||
# place (profiles/genesis.yaml).
|
||||
# NOTE: The host profiles for the control plane are further divided into two
|
||||
# variants: primary and secondary. The only significance this has is that the
|
||||
# "primary" nodes are active Ceph nodes, whereas the "secondary" nodes are Ceph
|
||||
# standby nodes. For Ceph quorum, this means that the control plane split will
|
||||
# be 3 primary + 1 standby host profile, and the Genesis node counts toward one
|
||||
# of the 3 primary profiles. Other control plane services are not affected by
|
||||
# primary vs secondary designation.
|
||||
#
|
||||
# TODO: Include the hostname naming convention
|
||||
#
|
||||
schema: 'drydock/BaremetalNode/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
# NEWSITE-CHANGEME: The next node's hostname
|
||||
name: airsloop-compute-1
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
# NEWSITE-CHANGEME: The next node's IPv4 addressing
|
||||
addressing:
|
||||
- network: oob
|
||||
address: 10.22.104.22
|
||||
- network: pxe
|
||||
address: 10.22.70.22
|
||||
- network: oam
|
||||
address: 10.22.71.22
|
||||
- network: calico
|
||||
address: 10.22.72.22
|
||||
- network: storage
|
||||
address: 10.22.73.22
|
||||
- network: overlay
|
||||
address: 10.22.74.22
|
||||
# NEWSITE-CHANGEME: The next node's host profile
|
||||
# This is the third "primary" control plane profile after genesis
|
||||
host_profile: compute_r720xd
|
||||
metadata:
|
||||
# NEWSITE-CHANGEME: The next node's rack designation
|
||||
rack: cab22
|
||||
# NEWSITE-CHANGEME: The next node's role desigatnion
|
||||
tags:
|
||||
- 'workers'
|
||||
...
|
41
site/airsloop/deployment/deployment-configuration.yaml
Normal file
41
site/airsloop/deployment/deployment-configuration.yaml
Normal file
@ -0,0 +1,41 @@
|
||||
---
|
||||
# The purpose of this file is to provide shipyard related deployment config
|
||||
# parameters. This should not require modification for a new site. However,
|
||||
# shipyard deployment strategies can be very useful in getting around certain
|
||||
# failures, like misbehaving nodes that hold up the deployment. See more at
|
||||
# https://github.com/openstack/airship-shipyard/blob/master/docs/source/site-definition-documents.rst#using-a-deployment-strategy
|
||||
schema: shipyard/DeploymentConfiguration/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: deployment-configuration
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
physical_provisioner:
|
||||
deployment_strategy: deployment-strategy
|
||||
deploy_interval: 30
|
||||
deploy_timeout: 3600
|
||||
destroy_interval: 30
|
||||
destroy_timeout: 900
|
||||
join_wait: 0
|
||||
prepare_node_interval: 30
|
||||
prepare_node_timeout: 1800
|
||||
prepare_site_interval: 10
|
||||
prepare_site_timeout: 300
|
||||
verify_interval: 10
|
||||
verify_timeout: 60
|
||||
kubernetes_provisioner:
|
||||
drain_timeout: 3600
|
||||
drain_grace_period: 1800
|
||||
clear_labels_timeout: 1800
|
||||
remove_etcd_timeout: 1800
|
||||
etcd_ready_timeout: 600
|
||||
armada:
|
||||
get_releases_timeout: 300
|
||||
get_status_timeout: 300
|
||||
manifest: 'full-site'
|
||||
post_apply_timeout: 7200
|
||||
validate_design_timeout: 600
|
||||
...
|
154
site/airsloop/networks/common-addresses.yaml
Normal file
154
site/airsloop/networks/common-addresses.yaml
Normal file
@ -0,0 +1,154 @@
|
||||
---
|
||||
# The purpose of this file is to define network related paramters that are
|
||||
# referenced elsewhere in the manifests for this site.
|
||||
#
|
||||
# TODO: Include bare metal host FQDN naming standards
|
||||
# TODO: Include ingress FQDN naming standards
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: common-addresses
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
calico:
|
||||
# NEWSITE-CHANGEME: The interface that calico will use. Update if your
|
||||
# logical bond interface name or calico VLAN have changed from the reference
|
||||
# site design.
|
||||
# This should be whichever
|
||||
# bond and VLAN number specified in networks/physical/networks.yaml for the Calico
|
||||
# network. E.g. VLAN 22 for the calico network as a member of bond0, you
|
||||
# would set "interface=bond0.22" as shown here.
|
||||
ip_autodetection_method: interface=enp67s0f0.72
|
||||
etcd:
|
||||
# etcd service IP address
|
||||
service_ip: 10.96.232.136
|
||||
|
||||
dns:
|
||||
# Kubernetes cluster domain. Do not change. This is internal to the cluster.
|
||||
cluster_domain: cluster.local
|
||||
# DNS service ip
|
||||
service_ip: 10.96.0.10
|
||||
# List of upstream DNS forwards. Verify you can reach them from your
|
||||
# environment. If so, you should not need to change them.
|
||||
upstream_servers:
|
||||
- 8.8.8.8
|
||||
- 8.8.4.4
|
||||
- 208.67.222.222
|
||||
# Repeat the same values as above, but formatted as a common separated
|
||||
# string
|
||||
upstream_servers_joined: 8.8.8.8,8.8.4.4,208.67.222.222
|
||||
# NEWSITE-CHANGEME: FQDN for ingress (i.e. "publicly facing" access point)
|
||||
# Choose FQDN according to the ingress/public FQDN naming conventions at
|
||||
# the top of this document.
|
||||
ingress_domain: atlantafoundry.com
|
||||
|
||||
genesis:
|
||||
# NEWSITE-CHANGEME: Update with the hostname for the node which will take on
|
||||
# the Genesis role. Refer to the hostname naming stardards in
|
||||
# networks/physical/networks.yaml
|
||||
# NOTE: Ensure that the genesis node is manually configured with this
|
||||
# hostname before running `genesis.sh` on the node.
|
||||
hostname: airsloop-control-1
|
||||
# NEWSITE-CHANGEME: Calico IP of the Genesis node. Use the "start" value for
|
||||
# the calico network defined in networks/physical/networks.yaml for this IP.
|
||||
ip: 10.22.72.21
|
||||
|
||||
bootstrap:
|
||||
# NEWSITE-CHANGEME: Update with the "start" value/IP of the static range
|
||||
# defined for the pxe network in networks/physical/networks.yaml
|
||||
ip: 10.22.70.21
|
||||
|
||||
kubernetes:
|
||||
# K8s API service IP
|
||||
api_service_ip: 10.96.0.1
|
||||
# etcd service IP
|
||||
etcd_service_ip: 10.96.0.2
|
||||
# k8s pod CIDR (network which pod traffic will traverse)
|
||||
pod_cidr: 10.97.0.0/16
|
||||
# k8s service CIDR (network which k8s API traffic will traverse)
|
||||
service_cidr: 10.96.0.0/16
|
||||
# misc k8s port settings
|
||||
apiserver_port: 6443
|
||||
haproxy_port: 6553
|
||||
service_node_port_range: 30000-32767
|
||||
|
||||
# etcd port settings
|
||||
etcd:
|
||||
container_port: 2379
|
||||
haproxy_port: 2378
|
||||
|
||||
# NEWSITE-CHANGEME: A list of nodes (apart from Genesis) which act as the
|
||||
# control plane servers. Ensure that this matches the nodes with the 'masters'
|
||||
# tags applied in baremetal/nodes.yaml
|
||||
masters:
|
||||
- hostname: airsloop-control-2
|
||||
- hostname: airsloop-control-3
|
||||
|
||||
# NEWSITE-CHANGEME: Environment proxy information.
|
||||
# NOTE: Reference Airship sites do not deploy behind a proxy, so this proxy section
|
||||
# should be commented out.
|
||||
# However if you are in a lab that requires proxy, ensure that these proxy
|
||||
# settings are correct and reachable in your environment; otherwise update
|
||||
# them with the correct values for your environment.
|
||||
proxy:
|
||||
http: ""
|
||||
https: ""
|
||||
no_proxy: []
|
||||
|
||||
node_ports:
|
||||
drydock_api: 30000
|
||||
maas_api: 30001
|
||||
maas_proxy: 31800 # hardcoded in MAAS
|
||||
|
||||
ntp:
|
||||
# comma separated NTP server list. Verify that these upstream NTP servers are
|
||||
# reachable in your environment; otherwise update them with the correct
|
||||
# values for your environment.
|
||||
servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org'
|
||||
|
||||
# NOTE: This will be updated soon
|
||||
ldap:
|
||||
# NEWSITE-CHANGEME: FQDN for LDAP. Update to the FQDN that is
|
||||
# relevant for your type of deployment (test vs prod values, etc).
|
||||
base_url: 'ldap.example.com'
|
||||
# NEWSITE-CHANGEME: As above, with the protocol included to create a full URI
|
||||
url: 'ldap://ldap.example.com'
|
||||
# NEWSITE-CHANGEME: Update to the correct expression relevant for this
|
||||
# deployment (test vs prod values, etc)
|
||||
auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
|
||||
# NEWSITE-CHANGEME: Update to the correct AD group that contains the users
|
||||
# relevant for this deployment (test users vs prod users/values, etc)
|
||||
common_name: test
|
||||
# NEWSITE-CHANGEME: Update to the correct subdomain for your type of
|
||||
# deployment (test vs prod values, etc)
|
||||
subdomain: test
|
||||
# NEWSITE-CHANGEME: Update to the correct domain for your type of
|
||||
# deployment (test vs prod values, etc)
|
||||
domain: example
|
||||
|
||||
storage:
|
||||
ceph:
|
||||
# NEWSITE-CHANGEME: CIDRs for Ceph. Update to match the network CIDR
|
||||
# used for the `storage` network in networks/physical/networks.yaml
|
||||
public_cidr: '10.22.73.0/24'
|
||||
cluster_cidr: '10.22.73.0/24'
|
||||
|
||||
neutron:
|
||||
# NEWSITE-CHANGEME: Overlay network for VM traffic. Ensure the bond name and
|
||||
# VLAN number are consistent with what's defined for the bond and the overlay
|
||||
# network in networks/physical/networks.yaml
|
||||
tunnel_device: 'enp67s0f0.74'
|
||||
# bond which the overlay is a member of. Ensure the bond name is consistent
|
||||
# with the bond assigned to the overlay network in
|
||||
# networks/physical/networks.yaml
|
||||
external_iface: 'enp67s0f0'
|
||||
|
||||
openvswitch:
|
||||
# bond which the overlay is a member of. Ensure the bond name is consistent
|
||||
# with the bond assigned to the overlay network in
|
||||
# networks/physical/networks.yaml
|
||||
external_iface: 'enp67s0f0'
|
||||
...
|
290
site/airsloop/networks/physical/networks.yaml
Normal file
290
site/airsloop/networks/physical/networks.yaml
Normal file
@ -0,0 +1,290 @@
|
||||
---
|
||||
# The purpose of this file is to define all of the NetworkLinks (i.e. layer 1
|
||||
# devices) and Networks (i.e. layer 3 configurations). The following is standard
|
||||
# for the logical networks in Airship:
|
||||
#
|
||||
# +----------+-----------------------------------+----------------+--------------+----------------------------------------------------+-----------------+
|
||||
# | Network | | Per-rack or | | | VLAN tagged |
|
||||
# | Name | Purpose | per-site CIDR? | Has gateway? | Bond | or untagged? |
|
||||
# +----------+-----------------------------------+----------------+--------------+----------------------------------------------------+-----------------+
|
||||
# | oob | Out of Band devices (iDrac/iLo) | per-site CIDR | Has gateway | No bond, N/A | Untagged/Native |
|
||||
# | pxe | PXE boot network | per-site CIDR | No gateway | No bond, no LACP fallback. Dedicated PXE interface | Untagged/Native |
|
||||
# | oam | management network | per-site CIDR | Has gateway | member of bond0 | tagged |
|
||||
# | storage | storage network | per-site CIDR | No gateway | member of bond0 | tagged |
|
||||
# | calico | underlay calico net; k8s traffic | per-site CIDR | No gateway | member of bond0 | tagged |
|
||||
# | overlay | overlay network for openstack SDN | per-site CIDR | No gateway | member of bond0 | tagged |
|
||||
# +----------+-----------------------------------+----------------+--------------+----------------------------------------------------+-----------------+
|
||||
#
|
||||
# For standard Airship deployments, you should not need to modify the number of
|
||||
# NetworkLinks and Networks in this file. Only the IP addresses and CIDRs should
|
||||
# need editing.
|
||||
#
|
||||
# TODO: Given that we expect all network broadcast domains to span all racks in
|
||||
# Airship, we should choose network names that do not include the rack number.
|
||||
#
|
||||
# TODO: FQDN naming standards for hosts
|
||||
#
|
||||
schema: 'drydock/NetworkLink/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
name: oob
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
# MaaS doesnt own this network like it does the others, so the noconfig label
|
||||
# is specified.
|
||||
labels:
|
||||
noconfig: enabled
|
||||
bonding:
|
||||
mode: disabled
|
||||
mtu: 1500
|
||||
linkspeed: auto
|
||||
trunking:
|
||||
mode: disabled
|
||||
default_network: oob
|
||||
allowed_networks:
|
||||
- oob
|
||||
...
|
||||
---
|
||||
schema: 'drydock/Network/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
name: oob
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
# NEWSITE-CHANGEME: Update with the site's out-of-band CIDR
|
||||
cidr: 10.22.104.0/24
|
||||
routes:
|
||||
# NEWSITE-CHANGEME: Update with the site's out-of-band gateway IP
|
||||
- subnet: '0.0.0.0/0'
|
||||
gateway: 10.22.104.1
|
||||
metric: 100
|
||||
# NEWSITE-CHANGEME: Update with the site's out-of-band IP allocation range
|
||||
# FIXME: Is this IP range actually used/allocated for anything? The HW already
|
||||
# has its OOB IPs assigned. None of the Ubuntu OS's should need IPs on OOB
|
||||
# network either, as they should be routable via the default gw on OAM network
|
||||
ranges:
|
||||
- type: static
|
||||
start: 10.22.104.21
|
||||
end: 10.22.104.22
|
||||
...
|
||||
---
|
||||
schema: 'drydock/NetworkLink/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
name: pxe
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
bonding:
|
||||
mode: disabled
|
||||
mtu: 1500
|
||||
linkspeed: auto
|
||||
trunking:
|
||||
mode: disabled
|
||||
default_network: pxe
|
||||
allowed_networks:
|
||||
- pxe
|
||||
...
|
||||
---
|
||||
schema: 'drydock/Network/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
name: pxe
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
# NEWSITE-CHANGEME: Update with the site's PXE network CIDR
|
||||
# NOTE: The CIDR minimum size = (number of nodes * 2) + 10
|
||||
cidr: 10.22.70.0/24
|
||||
routes:
|
||||
- subnet: 0.0.0.0/0
|
||||
# NEWSITE-CHANGEME: Set the OAM network gateway IP address
|
||||
gateway: 10.22.70.1
|
||||
metric: 100
|
||||
# NOTE: The first 10 IPs in the subnet are reserved for network infrastructure.
|
||||
# The remainder of the range is divided between two subnets of equal size:
|
||||
# one static, and one DHCP.
|
||||
# The DHCP addresses are used when nodes perform a PXE boot (DHCP address gets
|
||||
# assigned), and when a node is commissioning in MaaS (also uses DHCP to get
|
||||
# its IP address). However, when MaaS installs the operating system
|
||||
# ("Deploying/Deployed" states), it will write a static IP assignment to
|
||||
# /etc/network/interfaces[.d] with IPs from the "static" subnet defined here.
|
||||
ranges:
|
||||
# NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
|
||||
- type: reserved
|
||||
start: 10.22.70.1
|
||||
end: 10.22.70.10
|
||||
# NEWSITE-CHANGEME: Update to the first half of the remaining range after
|
||||
# excluding the 10 reserved IPs.
|
||||
- type: static
|
||||
start: 10.22.70.21
|
||||
end: 10.22.70.31
|
||||
# NEWSITE-CHANGEME: Update to the second half of the remaining range after
|
||||
# excluding the 10 reserved IPs.
|
||||
- type: dhcp
|
||||
start: 10.22.70.40
|
||||
end: 10.22.70.80
|
||||
dns:
|
||||
# NEWSITE-CHANGEME: FQDN for bare metal nodes.
|
||||
# Choose FQDN according to the node FQDN naming conventions at the top of
|
||||
# this document.
|
||||
domain: atlantafoundry.com
|
||||
# List of upstream DNS forwards. Verify you can reach them from your
|
||||
# environment. If so, you should not need to change them.
|
||||
# TODO: This should be populated via substitution from common-addresses
|
||||
servers: '8.8.8.8,8.8.4.4,208.67.222.222'
|
||||
...
|
||||
---
|
||||
schema: 'drydock/NetworkLink/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
name: data
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
bonding:
|
||||
mode: disabled
|
||||
mtu: 1500
|
||||
linkspeed: auto
|
||||
trunking:
|
||||
mode: 802.1q
|
||||
allowed_networks:
|
||||
- oam
|
||||
- storage
|
||||
- overlay
|
||||
- calico
|
||||
...
|
||||
---
|
||||
schema: 'drydock/Network/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
name: oam
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
# NEWSITE-CHANGEME: Set the VLAN ID which the OAM network is on
|
||||
vlan: '71'
|
||||
mtu: 1500
|
||||
# NEWSITE-CHANGEME: Set the CIDR for the OAM network
|
||||
# NOTE: The CIDR minimum size = number of nodes + 10
|
||||
cidr: 10.22.71.0/24
|
||||
routes:
|
||||
- subnet: 0.0.0.0/0
|
||||
# NEWSITE-CHANGEME: Set the OAM network gateway IP address
|
||||
gateway: 10.22.71.1
|
||||
metric: 100
|
||||
ranges:
|
||||
# NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
|
||||
- type: reserved
|
||||
start: 10.22.71.1
|
||||
end: 10.22.71.10
|
||||
# NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
|
||||
# 10 reserved IPs.
|
||||
- type: static
|
||||
start: 10.22.71.21
|
||||
end: 10.22.71.31
|
||||
dns:
|
||||
# NEWSITE-CHANGEME: FQDN for bare metal nodes.
|
||||
# Choose FQDN according to the node FQDN naming conventions at the top of
|
||||
# this document.
|
||||
domain: atlantafoundry.com
|
||||
# List of upstream DNS forwards. Verify you can reach them from your
|
||||
# environment. If so, you should not need to change them.
|
||||
# TODO: This should be populated via substitution from common-addresses
|
||||
servers: '8.8.8.8,8.8.4.4'
|
||||
...
|
||||
---
|
||||
schema: 'drydock/Network/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
name: calico
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
# NEWSITE-CHANGEME: Set the VLAN ID which the calico network is on
|
||||
vlan: '72'
|
||||
mtu: 1500
|
||||
# NEWSITE-CHANGEME: Set the CIDR for the calico network
|
||||
# NOTE: The CIDR minimum size = number of nodes + 10
|
||||
cidr: 10.22.72.0/24
|
||||
ranges:
|
||||
# NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
|
||||
- type: reserved
|
||||
start: 10.22.72.1
|
||||
end: 10.22.72.10
|
||||
# NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
|
||||
# 10 reserved IPs.
|
||||
- type: static
|
||||
start: 10.22.72.21
|
||||
end: 10.22.72.31
|
||||
...
|
||||
---
|
||||
schema: 'drydock/Network/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
name: storage
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
# NEWSITE-CHANGEME: Set the VLAN ID which the storage network is on
|
||||
vlan: '73'
|
||||
mtu: 1500
|
||||
# NEWSITE-CHANGEME: Set the CIDR for the storage network
|
||||
# NOTE: The CIDR minimum size = number of nodes + 10
|
||||
cidr: 10.22.73.0/24
|
||||
ranges:
|
||||
# NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
|
||||
- type: reserved
|
||||
start: 10.22.73.1
|
||||
end: 10.22.73.10
|
||||
# NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
|
||||
# 10 reserved IPs.
|
||||
- type: static
|
||||
start: 10.22.73.21
|
||||
end: 10.22.73.31
|
||||
...
|
||||
---
|
||||
schema: 'drydock/Network/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
name: overlay
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
# NEWSITE-CHANGEME: Set the VLAN ID which the overlay network is on
|
||||
vlan: '74'
|
||||
mtu: 1500
|
||||
# NEWSITE-CHANGEME: Set the CIDR for the overlay network
|
||||
# NOTE: The CIDR minimum size = number of nodes + 10
|
||||
cidr: 10.22.74.0/24
|
||||
ranges:
|
||||
# NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
|
||||
- type: reserved
|
||||
start: 10.22.74.1
|
||||
end: 10.22.74.10
|
||||
# NEWSITE-CHANGEME: Update to the remaining range after excluding the 10
|
||||
# 10 reserved IPs.
|
||||
- type: static
|
||||
start: 10.22.74.21
|
||||
end: 10.22.74.31
|
||||
...
|
285
site/airsloop/pki/pki-catalog.yaml
Normal file
285
site/airsloop/pki/pki-catalog.yaml
Normal file
@ -0,0 +1,285 @@
|
||||
---
|
||||
# The purpose of this file is to define the PKI certificates for the environment
|
||||
#
|
||||
# NOTE: When deploying a new site, this file should not be configured until
|
||||
# baremetal/nodes.yaml is complete.
|
||||
#
|
||||
schema: promenade/PKICatalog/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: cluster-certificates
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
certificate_authorities:
|
||||
kubernetes:
|
||||
description: CA for Kubernetes components
|
||||
certificates:
|
||||
- document_name: apiserver
|
||||
description: Service certificate for Kubernetes apiserver
|
||||
common_name: apiserver
|
||||
hosts:
|
||||
- localhost
|
||||
- 127.0.0.1
|
||||
# FIXME: Repetition of api_service_ip in common-addresses; use
|
||||
# substitution
|
||||
- 10.96.0.1
|
||||
kubernetes_service_names:
|
||||
- kubernetes.default.svc.cluster.local
|
||||
|
||||
# NEWSITE-CHANGEME: The following should be a list of all the nodes in
|
||||
# the environment (genesis, control plane, data plane, everything).
|
||||
# Add/delete from this list as necessary until all nodes are listed.
|
||||
# For each node, the `hosts` list should be comprised of:
|
||||
# 1. The node's hostname, as already defined in baremetal/nodes.yaml
|
||||
# 2. The node's oam IP address, as already defined in baremetal/nodes.yaml
|
||||
# 3. The node's Calico IP address, as already defined in baremetal/nodes.yaml
|
||||
# NOTE: This list also needs to include the Genesis node, which is not
|
||||
# listed in baremetal/nodes.yaml, but by convention should be allocated
|
||||
# the first non-reserved IP in each logical network allocation range
|
||||
# defined in networks/physical/networks.yaml
|
||||
# NOTE: The genesis node needs to be defined twice (the first two entries
|
||||
# on this list) with all of the same paramters except the document_name.
|
||||
# In the first case the document_name is `kubelet-genesis`, and in the
|
||||
# second case the document_name format is `kubelete-YOUR_GENESIS_HOSTNAME`.
|
||||
- document_name: kubelet-genesis
|
||||
common_name: system:node:airsloop-control-1
|
||||
hosts:
|
||||
- airsloop-control-1
|
||||
- 10.22.72.21
|
||||
groups:
|
||||
- system:nodes
|
||||
- document_name: kubelet-airsloop-control-1
|
||||
common_name: system:node:airsloop-control-1
|
||||
hosts:
|
||||
- airsloop-control-1
|
||||
- 10.22.72.21
|
||||
groups:
|
||||
- system:nodes
|
||||
- document_name: kubelet-airsloop-control-2
|
||||
common_name: system:node:airsloop-control-2
|
||||
hosts:
|
||||
- airsloop-control-2
|
||||
- 10.23.22.12
|
||||
groups:
|
||||
- system:nodes
|
||||
- document_name: kubelet-airsloop-control-3
|
||||
common_name: system:node:airsloop-control-3
|
||||
hosts:
|
||||
- airsloop-control-3
|
||||
- 10.23.22.13
|
||||
groups:
|
||||
- system:nodes
|
||||
- document_name: kubelet-airsloop-compute-1
|
||||
common_name: system:node:airsloop-compute-1
|
||||
hosts:
|
||||
- airsloop-compute-1
|
||||
- 10.23.22.14
|
||||
groups:
|
||||
- system:nodes
|
||||
# End node list
|
||||
- document_name: scheduler
|
||||
description: Service certificate for Kubernetes scheduler
|
||||
common_name: system:kube-scheduler
|
||||
- document_name: controller-manager
|
||||
description: certificate for controller-manager
|
||||
common_name: system:kube-controller-manager
|
||||
- document_name: admin
|
||||
common_name: admin
|
||||
groups:
|
||||
- system:masters
|
||||
- document_name: armada
|
||||
common_name: armada
|
||||
groups:
|
||||
- system:masters
|
||||
kubernetes-etcd:
|
||||
description: Certificates for Kubernetes's etcd servers
|
||||
certificates:
|
||||
- document_name: apiserver-etcd
|
||||
description: etcd client certificate for use by Kubernetes apiserver
|
||||
common_name: apiserver
|
||||
# NOTE(mark-burnett): hosts not required for client certificates
|
||||
- document_name: kubernetes-etcd-anchor
|
||||
description: anchor
|
||||
common_name: anchor
|
||||
# NEWSITE-CHANGEME: The following should be a list of the control plane
|
||||
# nodes in the environment, including genesis.
|
||||
# For each node, the `hosts` list should be comprised of:
|
||||
# 1. The node's hostname, as already defined in baremetal/nodes.yaml
|
||||
# 2. The node's oam IP address, as already defined in baremetal/nodes.yaml
|
||||
# 3. The node's Calico IP address, as already defined in baremetal/nodes.yaml
|
||||
# 4. 127.0.0.1
|
||||
# 5. localhost
|
||||
# 6. kubernetes-etcd.kube-system.svc.cluster.local
|
||||
# NOTE: This list also needs to include the Genesis node, which is not
|
||||
# listed in baremetal/nodes.yaml, but by convention should be allocated
|
||||
# the first non-reserved IP in each logical network allocation range
|
||||
# defined in networks/physical/networks.yaml, except for the kubernetes
|
||||
# service_cidr where it should start with the second IP in the range.
|
||||
# NOTE: The genesis node is defined twice with the same `hosts` data:
|
||||
# Once with its hostname in the common/document name, and once with
|
||||
# `genesis` defined instead of the host. For now, this duplicated
|
||||
# genesis definition is required. FIXME: Remove duplicate definition
|
||||
# after Promenade addresses this issue.
|
||||
- document_name: kubernetes-etcd-genesis
|
||||
common_name: kubernetes-etcd-genesis
|
||||
hosts:
|
||||
- airsloop-control-1
|
||||
- 10.22.72.21
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- kubernetes-etcd.kube-system.svc.cluster.local
|
||||
- 10.96.0.2
|
||||
- document_name: kubernetes-etcd-airsloop-control-1
|
||||
common_name: kubernetes-etcd-airsloop-control-1
|
||||
hosts:
|
||||
- airsloop-control-1
|
||||
- 10.22.72.21
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- kubernetes-etcd.kube-system.svc.cluster.local
|
||||
- 10.96.0.2
|
||||
- document_name: kubernetes-etcd-airsloop-control-2
|
||||
common_name: kubernetes-etcd-airsloop-control-2
|
||||
hosts:
|
||||
- airsloop-control-2
|
||||
- 10.23.22.12
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- kubernetes-etcd.kube-system.svc.cluster.local
|
||||
- 10.96.0.2
|
||||
- document_name: kubernetes-etcd-airsloop-control-3
|
||||
common_name: kubernetes-etcd-airsloop-control-3
|
||||
hosts:
|
||||
- airsloop-control-3
|
||||
- 10.23.22.13
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- kubernetes-etcd.kube-system.svc.cluster.local
|
||||
- 10.96.0.2
|
||||
# End node list
|
||||
kubernetes-etcd-peer:
|
||||
certificates:
|
||||
# NEWSITE-CHANGEME: This list should be identical to the previous list,
|
||||
# except that `-peer` has been appended to the document/common names.
|
||||
- document_name: kubernetes-etcd-genesis-peer
|
||||
common_name: kubernetes-etcd-genesis-peer
|
||||
hosts:
|
||||
- airsloop-control-1
|
||||
- 10.22.72.21
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- kubernetes-etcd.kube-system.svc.cluster.local
|
||||
- 10.96.0.2
|
||||
- document_name: kubernetes-etcd-airsloop-control-1-peer
|
||||
common_name: kubernetes-etcd-airsloop-control-1-peer
|
||||
hosts:
|
||||
- airsloop-control-1
|
||||
- 10.22.72.21
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- kubernetes-etcd.kube-system.svc.cluster.local
|
||||
- 10.96.0.2
|
||||
- document_name: kubernetes-etcd-airsloop-control-2-peer
|
||||
common_name: kubernetes-etcd-airsloop-control-2-peer
|
||||
hosts:
|
||||
- airsloop-control-2
|
||||
- 10.23.22.12
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- kubernetes-etcd.kube-system.svc.cluster.local
|
||||
- 10.96.0.2
|
||||
- document_name: kubernetes-etcd-airsloop-control-3-peer
|
||||
common_name: kubernetes-etcd-airsloop-control-3-peer
|
||||
hosts:
|
||||
- airsloop-control-3
|
||||
- 10.23.22.13
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- kubernetes-etcd.kube-system.svc.cluster.local
|
||||
- 10.96.0.2
|
||||
# End node list
|
||||
calico-etcd:
|
||||
description: Certificates for Calico etcd client traffic
|
||||
certificates:
|
||||
- document_name: calico-etcd-anchor
|
||||
description: anchor
|
||||
common_name: anchor
|
||||
# NEWSITE-CHANGEME: The following should be a list of the control plane
|
||||
# nodes in the environment, including genesis.
|
||||
# For each node, the `hosts` list should be comprised of:
|
||||
# 1. The node's hostname, as already defined in baremetal/nodes.yaml
|
||||
# 2. The node's oam IP address, as already defined in baremetal/nodes.yaml
|
||||
# 3. The node's Calico IP address, as already defined in baremetal/nodes.yaml
|
||||
# 4. 127.0.0.1
|
||||
# 5. localhost
|
||||
# 6. The calico/etcd/service_ip defined in networks/common-addresses.yaml
|
||||
# NOTE: This list also needs to include the Genesis node, which is not
|
||||
# listed in baremetal/nodes.yaml, but by convention should be allocated
|
||||
# the first non-reserved IP in each logical network allocation range
|
||||
# defined in networks/physical/networks.yaml
|
||||
- document_name: calico-etcd-airsloop-control-1
|
||||
common_name: calico-etcd-airsloop-control-1
|
||||
hosts:
|
||||
- airsloop-control-1
|
||||
- 10.22.72.21
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- 10.96.232.136
|
||||
- document_name: calico-etcd-airsloop-control-2
|
||||
common_name: calico-etcd-airsloop-control-2
|
||||
hosts:
|
||||
- airsloop-control-2
|
||||
- 10.23.22.12
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- 10.96.232.136
|
||||
- document_name: calico-etcd-airsloop-control-3
|
||||
common_name: calico-etcd-airsloop-control-3
|
||||
hosts:
|
||||
- airsloop-control-3
|
||||
- 10.23.22.13
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- 10.96.232.136
|
||||
- document_name: calico-node
|
||||
common_name: calcico-node
|
||||
# End node list
|
||||
calico-etcd-peer:
|
||||
description: Certificates for Calico etcd clients
|
||||
certificates:
|
||||
# NEWSITE-CHANGEME: This list should be identical to the previous list,
|
||||
# except that `-peer` has been appended to the document/common names.
|
||||
- document_name: calico-etcd-airsloop-control-1-peer
|
||||
common_name: calico-etcd-airsloop-control-1-peer
|
||||
hosts:
|
||||
- airsloop-control-1
|
||||
- 10.22.72.21
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- 10.96.232.136
|
||||
- document_name: calico-etcd-airsloop-control-2-peer
|
||||
common_name: calico-etcd-airsloop-control-2-peer
|
||||
hosts:
|
||||
- airsloop-control-2
|
||||
- 10.23.22.12
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- 10.96.232.136
|
||||
- document_name: calico-etcd-airsloop-control-3-peer
|
||||
common_name: calico-etcd-airsloop-control-3-peer
|
||||
hosts:
|
||||
- airsloop-control-3
|
||||
- 10.23.22.13
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- 10.96.232.136
|
||||
- document_name: calico-node-peer
|
||||
common_name: calcico-node-peer
|
||||
# End node list
|
||||
keypairs:
|
||||
- name: service-account
|
||||
description: Service account signing key for use by Kubernetes controller-manager.
|
||||
...
|
49
site/airsloop/profiles/genesis.yaml
Normal file
49
site/airsloop/profiles/genesis.yaml
Normal file
@ -0,0 +1,49 @@
|
||||
---
|
||||
# The purpose of this file is to apply proper labels to Genesis node so the
|
||||
# proper services are installed and proper configuration applied. This should
|
||||
# not need to be changed for a new site.
|
||||
# #GLOBAL-CANDIDATE#
|
||||
schema: promenade/Genesis/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: genesis-site
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
parentSelector:
|
||||
name: genesis-global
|
||||
actions:
|
||||
- method: merge
|
||||
path: .
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
labels:
|
||||
dynamic:
|
||||
- beta.kubernetes.io/fluentd-ds-ready=true
|
||||
- calico-etcd=enabled
|
||||
- ceph-mds=enabled
|
||||
- ceph-mon=enabled
|
||||
- ceph-osd=enabled
|
||||
- ceph-rgw=enabled
|
||||
- ceph-mgr=enabled
|
||||
- ceph-bootstrap=enabled
|
||||
- tenant-ceph-control-plane=enabled
|
||||
- tenant-ceph-mon=enabled
|
||||
- tenant-ceph-rgw=enabled
|
||||
- tenant-ceph-mgr=enabled
|
||||
- kube-dns=enabled
|
||||
- kube-ingress=enabled
|
||||
- kubernetes-apiserver=enabled
|
||||
- kubernetes-controller-manager=enabled
|
||||
- kubernetes-etcd=enabled
|
||||
- kubernetes-scheduler=enabled
|
||||
- promenade-genesis=enabled
|
||||
- ucp-control-plane=enabled
|
||||
- maas-control-plane=enabled
|
||||
- ceph-osd-bootstrap=enabled
|
||||
- openstack-control-plane=enabled
|
||||
- openvswitch=enabled
|
||||
- openstack-l3-agent=enabled
|
||||
- node-exporter=enabled
|
||||
- fluentd=enabled
|
||||
...
|
49
site/airsloop/profiles/hardware/dell_r720xd.yaml
Normal file
49
site/airsloop/profiles/hardware/dell_r720xd.yaml
Normal file
@ -0,0 +1,49 @@
|
||||
---
|
||||
schema: 'drydock/HardwareProfile/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
name: dell_r720xd
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
# Vendor of the server chassis
|
||||
vendor: DELL
|
||||
# Generation of the chassis model
|
||||
generation: '8'
|
||||
# Version of the chassis model within its generation - not version of the hardware definition
|
||||
hw_version: '3'
|
||||
# The certified version of the chassis BIOS
|
||||
bios_version: '2.2.3'
|
||||
# Mode of the default boot of hardware - bios, uefi
|
||||
boot_mode: bios
|
||||
# Protocol of boot of the hardware - pxe, usb, hdd
|
||||
bootstrap_protocol: pxe
|
||||
# Which interface to use for network booting within the OOB manager, not OS device
|
||||
pxe_interface: 0
|
||||
# Map hardware addresses to aliases/roles to allow a mix of hardware configs
|
||||
# in a site to result in a consistent configuration
|
||||
device_aliases:
|
||||
|
||||
## network
|
||||
# eno1
|
||||
pxe_nic01:
|
||||
address: '0000:01:00.0'
|
||||
# type could identify expected hardware - used for hardware manifest validation
|
||||
dev_type: 'I350 Gigabit Network Connection'
|
||||
bus_type: 'pci'
|
||||
# enp67s0f0
|
||||
data_nic01:
|
||||
address: '0000:43:00.0'
|
||||
dev_type: 'Ethernet 10G 2P X520 Adapter'
|
||||
bus_type: 'pci'
|
||||
# enp67s0f1
|
||||
|
||||
## storage
|
||||
# /dev/sda
|
||||
bootdisk:
|
||||
address: '0:2.0.0'
|
||||
dev_type: 'PERC H710P'
|
||||
bus_type: 'scsi'
|
||||
...
|
80
site/airsloop/profiles/host/compute.yaml
Normal file
80
site/airsloop/profiles/host/compute.yaml
Normal file
@ -0,0 +1,80 @@
|
||||
---
|
||||
# The data plane host profile for Airship for DELL R720s, and should
|
||||
# not need to be altered if you are using matching HW. The host profile is setup
|
||||
# for cpu isolation (for nova pinning), hugepages, and sr-iov.
|
||||
schema: drydock/HostProfile/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: compute_r720xd
|
||||
storagePolicy: cleartext
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
parentSelector:
|
||||
hosttype: dp-global
|
||||
actions:
|
||||
- method: replace
|
||||
path: .interfaces
|
||||
- method: replace
|
||||
path: .storage
|
||||
- method: merge
|
||||
path: .
|
||||
data:
|
||||
hardware_profile: dell_r720xd
|
||||
|
||||
primary_network: oam
|
||||
interfaces:
|
||||
pxe:
|
||||
device_link: pxe
|
||||
slaves:
|
||||
- pxe_nic01
|
||||
networks:
|
||||
- pxe
|
||||
data:
|
||||
device_link: data
|
||||
slaves:
|
||||
- data_nic01
|
||||
networks:
|
||||
- oam
|
||||
- storage
|
||||
- overlay
|
||||
- calico
|
||||
|
||||
storage:
|
||||
physical_devices:
|
||||
bootdisk:
|
||||
labels:
|
||||
bootdrive: 'true'
|
||||
partitions:
|
||||
- name: 'root'
|
||||
size: '30g'
|
||||
bootable: true
|
||||
filesystem:
|
||||
mountpoint: '/'
|
||||
fstype: 'ext4'
|
||||
mount_options: 'defaults'
|
||||
- name: 'boot'
|
||||
size: '1g'
|
||||
filesystem:
|
||||
mountpoint: '/boot'
|
||||
fstype: 'ext4'
|
||||
mount_options: 'defaults'
|
||||
- name: 'var_log'
|
||||
size: '100g'
|
||||
filesystem:
|
||||
mountpoint: '/var/log'
|
||||
fstype: 'ext4'
|
||||
mount_options: 'defaults'
|
||||
- name: 'var'
|
||||
size: '>100g'
|
||||
filesystem:
|
||||
mountpoint: '/var'
|
||||
fstype: 'ext4'
|
||||
mount_options: 'defaults'
|
||||
|
||||
platform:
|
||||
image: 'xenial'
|
||||
kernel: 'ga-16.04'
|
||||
kernel_params:
|
||||
kernel_package: 'linux-image-4.4.0-137-generic'
|
||||
...
|
53
site/airsloop/profiles/region.yaml
Normal file
53
site/airsloop/profiles/region.yaml
Normal file
@ -0,0 +1,53 @@
|
||||
---
|
||||
# The purpose of this file is to define the drydock Region, which in turn drives
|
||||
# the MaaS region.
|
||||
schema: 'drydock/Region/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
# NEWSITE-CHANGEME: Replace with the site name
|
||||
name: airsloop
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
substitutions:
|
||||
# NEWSITE-CHANGEME: Substitutions from deckhand SSH public keys into the
|
||||
# list of authorized keys which MaaS will register for the build-in "ubuntu"
|
||||
# account during the PXE process. Create a substitution rule for each SSH
|
||||
# key that should have access to the "ubuntu" account (useful for trouble-
|
||||
# shooting problems before UAM or UAM-lite is operational). SSH keys are
|
||||
# stored as secrets in site/airsloop/secrets.
|
||||
- dest:
|
||||
# Add/replace the first item in the list
|
||||
path: .authorized_keys[0]
|
||||
src:
|
||||
schema: deckhand/PublicKey/v1
|
||||
# This should match the "name" metadata of the SSH key which will be
|
||||
# substituted, located in site/airsloop/secrets folder.
|
||||
name: airsloop_ssh_public_key
|
||||
path: .
|
||||
- dest:
|
||||
path: .repositories.main_archive
|
||||
src:
|
||||
schema: pegleg/SoftwareVersions/v1
|
||||
name: software-versions
|
||||
path: .packages.repositories.main_archive
|
||||
# Second key example
|
||||
#- dest:
|
||||
# # Increment the list index
|
||||
# path: .authorized_keys[1]
|
||||
# src:
|
||||
# schema: deckhand/PublicKey/v1
|
||||
# # your ssh key
|
||||
# name: MY_USER_ssh_public_key
|
||||
# path: .
|
||||
data:
|
||||
tag_definitions: []
|
||||
# This is the list of SSH keys which MaaS will register for the built-in
|
||||
# "ubuntu" account during the PXE process. This list is populated by
|
||||
# substitution, so the same SSH keys do not need to be repeated in multiple
|
||||
# manifests.
|
||||
authorized_keys: []
|
||||
repositories:
|
||||
remove_unlisted: true
|
||||
...
|
2387
site/airsloop/secrets/certificates/certificates.yaml
Normal file
2387
site/airsloop/secrets/certificates/certificates.yaml
Normal file
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,12 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: airsloop_crypt_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
# Pass: airsloop123
|
||||
data: $6$AVL7yH1sLYlKqvcK$ngUiLKYZQhhj07Lb3ngWa4qVwDgUP9pCGfGFG7JIpF.6iStnfEMeySf8XusA0/3i9O5gMHE9hbg1/4GrFb5rR0
|
||||
...
|
12
site/airsloop/secrets/passphrases/ceph_fsid.yaml
Normal file
12
site/airsloop/secrets/passphrases/ceph_fsid.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ceph_fsid
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
# uuidgen
|
||||
data: d52a9d00-64b9-45f0-b564-08dffe95f847
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ceph_swift_keystone_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: airsloop123
|
||||
...
|
13
site/airsloop/secrets/passphrases/ipmi_admin_password.yaml
Normal file
13
site/airsloop/secrets/passphrases/ipmi_admin_password.yaml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ipmi_admin_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
labels:
|
||||
name: ipmi-admin-password-site
|
||||
storagePolicy: cleartext
|
||||
data: airsloop123
|
||||
...
|
12
site/airsloop/secrets/passphrases/maas-region-key.yaml
Normal file
12
site/airsloop/secrets/passphrases/maas-region-key.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: maas-region-key
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
# openssl rand -hex 10
|
||||
data: e12330cfe038735aee32
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_barbican_oslo_db_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: airsloop123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_barbican_oslo_messaging_admin_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: airsloop123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_barbican_oslo_messaging_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: airsloop123
|
||||
...
|
11
site/airsloop/secrets/passphrases/osh_barbican_password.yaml
Normal file
11
site/airsloop/secrets/passphrases/osh_barbican_password.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_barbican_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: airsloop123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_barbican_rabbitmq_erlang_cookie
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: airsloop123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_cinder_oslo_db_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: airsloop123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_cinder_oslo_messaging_admin_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: airsloop123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_cinder_oslo_messaging_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: airsloop123
|
||||
...
|
11
site/airsloop/secrets/passphrases/osh_cinder_password.yaml
Normal file
11
site/airsloop/secrets/passphrases/osh_cinder_password.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_cinder_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: airsloop123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_cinder_rabbitmq_erlang_cookie
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: airsloop123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_glance_oslo_db_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: airsloop123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_glance_oslo_messaging_admin_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: airsloop123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||