Merge "Add new seaworthy-virt site"
This commit is contained in:
commit
10f2f3e9bd
21
.zuul.yaml
21
.zuul.yaml
@ -19,6 +19,7 @@
|
||||
check:
|
||||
jobs:
|
||||
- treasuremap-seaworthy-site-lint
|
||||
- treasuremap-seaworthy-virt-site-lint
|
||||
- treasuremap-airskiff-site-lint
|
||||
- treasuremap-airsloop-site-lint
|
||||
- treasuremap-aiab-site-lint
|
||||
@ -26,6 +27,7 @@
|
||||
gate:
|
||||
jobs:
|
||||
- treasuremap-seaworthy-site-lint
|
||||
- treasuremap-seaworthy-virt-site-lint
|
||||
- treasuremap-airskiff-site-lint
|
||||
- treasuremap-airsloop-site-lint
|
||||
- treasuremap-aiab-site-lint
|
||||
@ -67,6 +69,22 @@
|
||||
irrelevant-files:
|
||||
- ^.*\.rst$
|
||||
- ^doc/.*$
|
||||
- ^site/seaworthy-virt/.*$
|
||||
- ^site/airskiff/.*$
|
||||
- ^site/airsloop/.*$
|
||||
- ^site/aiab/.*$
|
||||
|
||||
- job:
|
||||
name: treasuremap-seaworthy-virt-site-lint
|
||||
description: |
|
||||
Lint the seaworthy site using Pegleg.
|
||||
parent: treasuremap-site-lint
|
||||
vars:
|
||||
site: seaworthy-virt
|
||||
irrelevant-files:
|
||||
- ^.*\.rst$
|
||||
- ^doc/.*$
|
||||
- ^site/seaworthy/.*$
|
||||
- ^site/airskiff/.*$
|
||||
- ^site/airsloop/.*$
|
||||
- ^site/aiab/.*$
|
||||
@ -82,6 +100,7 @@
|
||||
- ^.*\.rst$
|
||||
- ^doc/.*$
|
||||
- ^site/seaworthy/.*$
|
||||
- ^site/seaworthy-virt/.*$
|
||||
- ^site/airsloop/.*$
|
||||
- ^site/aiab/.*$
|
||||
|
||||
@ -96,6 +115,7 @@
|
||||
- ^.*\.rst$
|
||||
- ^doc/.*$
|
||||
- ^site/seaworthy/.*$
|
||||
- ^site/seaworthy-virt/.*$
|
||||
- ^site/airskiff/.*$
|
||||
- ^site/aiab/.*$
|
||||
|
||||
@ -112,6 +132,7 @@
|
||||
- ^.*\.rst$
|
||||
- ^doc/.*$
|
||||
- ^site/seaworthy/.*$
|
||||
- ^site/seaworthy-virt/.*$
|
||||
- ^site/airskiff/.*$
|
||||
- ^site/airsloop/.*$
|
||||
|
||||
|
@ -8,6 +8,7 @@ metadata:
|
||||
abstract: false
|
||||
layer: global
|
||||
labels:
|
||||
name: promjoin-systemd-unit
|
||||
application: 'drydock'
|
||||
data:
|
||||
signaling: false
|
||||
|
49
site/seaworthy-virt/baremetal/bootactions/promjoin.yaml
Normal file
49
site/seaworthy-virt/baremetal/bootactions/promjoin.yaml
Normal file
@ -0,0 +1,49 @@
|
||||
---
|
||||
# This file defines a boot action which is responsible for fetching the node's
|
||||
# promjoin script from the promenade API. This is the script responsible for
|
||||
# installing kubernetes on the node and joining the kubernetes cluster.
|
||||
# #GLOBAL-CANDIDATE#
|
||||
schema: 'drydock/BootAction/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
name: promjoin-systemd-unit
|
||||
storagePolicy: 'cleartext'
|
||||
replacement: true
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
parentSelector:
|
||||
name: promjoin-systemd-unit
|
||||
actions:
|
||||
- method: replace
|
||||
path: .assets
|
||||
labels:
|
||||
application: 'drydock'
|
||||
data:
|
||||
signaling: false
|
||||
# TODO(alanmeadows) move what is global about this document
|
||||
assets:
|
||||
- path: /opt/promjoin.sh
|
||||
type: file
|
||||
permissions: '555'
|
||||
# The ip= parameter must match the MaaS network name of the network used
|
||||
# to contact kubernetes. With a standard, reference Airship deployment where
|
||||
# L2 networks are shared between all racks, the network name (i.e. calico)
|
||||
# should be correct.
|
||||
location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}&ip={{ node.network.default.ip }}&domain={{ node.domain }}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %}
|
||||
location_pipeline:
|
||||
- template
|
||||
data_pipeline:
|
||||
- utf8_decode
|
||||
- path: /lib/systemd/system/promjoin.service
|
||||
type: unit
|
||||
permissions: '600'
|
||||
data: |-
|
||||
W1VuaXRdCkRlc2NyaXB0aW9uPVByb21lbmFkZSBJbml0aWFsaXphdGlvbiBTZXJ2aWNlCkFmdGVy
|
||||
PW5ldHdvcmstb25saW5lLnRhcmdldCBsb2NhbC1mcy50YXJnZXQKQ29uZGl0aW9uUGF0aEV4aXN0
|
||||
cz0hL3Zhci9saWIvcHJvbS5kb25lCgpbU2VydmljZV0KVHlwZT1zaW1wbGUKRXhlY1N0YXJ0PS9v
|
||||
cHQvcHJvbWpvaW4uc2gKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldAo=
|
||||
data_pipeline:
|
||||
- base64_decode
|
||||
- utf8_decode
|
||||
...
|
58
site/seaworthy-virt/baremetal/nodes.yaml
Normal file
58
site/seaworthy-virt/baremetal/nodes.yaml
Normal file
@ -0,0 +1,58 @@
|
||||
---
|
||||
schema: 'drydock/BaremetalNode/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
name: n1
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
host_profile: cp-global
|
||||
addressing:
|
||||
- network: gp
|
||||
address: 172.24.1.11
|
||||
metadata:
|
||||
boot_mac: '52:54:00:00:a3:31'
|
||||
rack: rack1
|
||||
tags:
|
||||
- 'masters'
|
||||
---
|
||||
schema: 'drydock/BaremetalNode/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
name: n2
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
host_profile: cp-global
|
||||
addressing:
|
||||
- network: gp
|
||||
address: 172.24.1.12
|
||||
metadata:
|
||||
boot_mac: '52:54:00:1a:95:0d'
|
||||
rack: rack1
|
||||
tags:
|
||||
- 'masters'
|
||||
---
|
||||
schema: 'drydock/BaremetalNode/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
name: n3
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
host_profile: cp-secondary
|
||||
addressing:
|
||||
- network: gp
|
||||
address: 172.24.1.13
|
||||
metadata:
|
||||
boot_mac: '52:54:00:31:c2:36'
|
||||
rack: rack1
|
||||
tags:
|
||||
- 'masters'
|
||||
...
|
41
site/seaworthy-virt/deployment/deployment-configuration.yaml
Normal file
41
site/seaworthy-virt/deployment/deployment-configuration.yaml
Normal file
@ -0,0 +1,41 @@
|
||||
---
|
||||
# The purpose of this file is to provide shipyard related deployment config
|
||||
# parameters. This should not require modification for a new site. However,
|
||||
# shipyard deployment strategies can be very useful in getting around certain
|
||||
# failures, like misbehaving nodes that hold up the deployment. See more at
|
||||
# https://opendev.org/airship/shipyard/src/branch/master/doc/source/site-definition-documents.rst#using-a-deployment-strategy
|
||||
schema: shipyard/DeploymentConfiguration/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: deployment-configuration
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
physical_provisioner:
|
||||
deployment_strategy: deployment-strategy
|
||||
deploy_interval: 30
|
||||
deploy_timeout: 3600
|
||||
destroy_interval: 30
|
||||
destroy_timeout: 900
|
||||
join_wait: 0
|
||||
prepare_node_interval: 30
|
||||
prepare_node_timeout: 1800
|
||||
prepare_site_interval: 10
|
||||
prepare_site_timeout: 300
|
||||
verify_interval: 10
|
||||
verify_timeout: 60
|
||||
kubernetes_provisioner:
|
||||
drain_timeout: 3600
|
||||
drain_grace_period: 1800
|
||||
clear_labels_timeout: 1800
|
||||
remove_etcd_timeout: 1800
|
||||
etcd_ready_timeout: 600
|
||||
armada:
|
||||
get_releases_timeout: 300
|
||||
get_status_timeout: 300
|
||||
manifest: 'full-site'
|
||||
post_apply_timeout: 7200
|
||||
validate_design_timeout: 600
|
||||
...
|
12
site/seaworthy-virt/deployment/dev-configurables.yaml
Normal file
12
site/seaworthy-virt/deployment/dev-configurables.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
schema: dev/Configurables/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: dev-configurables
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
hostcidr: 172.24.1.0/24
|
||||
...
|
132
site/seaworthy-virt/networks/common-addresses.yaml
Normal file
132
site/seaworthy-virt/networks/common-addresses.yaml
Normal file
@ -0,0 +1,132 @@
|
||||
---
|
||||
# The purpose of this file is to define network related paramters that are
|
||||
# referenced elsewhere in the manifests for this site.
|
||||
#
|
||||
# TODO: Include bare metal host FQDN naming standards
|
||||
# TODO: Include ingress FQDN naming standards
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: common-addresses
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
calico:
|
||||
ip_autodetection_method: 'interface=ens3'
|
||||
bgp:
|
||||
ipv4:
|
||||
ingress_vip: '172.24.1.6/32'
|
||||
maas_vip: '172.24.1.5/32'
|
||||
public_service_cidr: 'Nonsense'
|
||||
peers:
|
||||
- 'Nonsense'
|
||||
- 'Nonsense'
|
||||
ip_rule:
|
||||
gateway: 'Nonsense'
|
||||
etcd:
|
||||
# etcd service IP address
|
||||
service_ip: 10.96.232.136
|
||||
|
||||
dns:
|
||||
# Kubernetes cluster domain. Do not change. This is internal to the cluster.
|
||||
cluster_domain: cluster.local
|
||||
# DNS service ip
|
||||
service_ip: 10.96.0.10
|
||||
# List of upstream DNS forwards. Verify you can reach them from your
|
||||
# environment. If so, you should not need to change them.
|
||||
upstream_servers:
|
||||
- 172.24.1.9
|
||||
- 172.24.1.9
|
||||
- 172.24.1.9
|
||||
# Repeat the same values as above, but formatted as a common separated
|
||||
# string
|
||||
upstream_servers_joined: 172.24.1.9
|
||||
ingress_domain: gate.local
|
||||
node_domain: gate.local
|
||||
|
||||
genesis:
|
||||
hostname: n0
|
||||
ip: 172.24.1.10
|
||||
|
||||
proxy:
|
||||
http: ""
|
||||
https: ""
|
||||
no_proxy: []
|
||||
|
||||
bootstrap:
|
||||
ip: 172.24.1.10
|
||||
|
||||
kubernetes:
|
||||
# K8s API service IP
|
||||
api_service_ip: 10.96.0.1
|
||||
# etcd service IP
|
||||
etcd_service_ip: 10.96.0.2
|
||||
# k8s pod CIDR (network which pod traffic will traverse)
|
||||
pod_cidr: 10.97.0.0/16
|
||||
# k8s service CIDR (network which k8s API traffic will traverse)
|
||||
service_cidr: 10.96.0.0/16
|
||||
# misc k8s port settings
|
||||
apiserver_port: 6443
|
||||
haproxy_port: 6553
|
||||
service_node_port_range: 30000-32767
|
||||
|
||||
# etcd port settings
|
||||
etcd:
|
||||
container_port: 2379
|
||||
haproxy_port: 2378
|
||||
|
||||
masters:
|
||||
- hostname: n1
|
||||
- hostname: n2
|
||||
- hostname: n3
|
||||
|
||||
node_ports:
|
||||
drydock_api: 30000
|
||||
maas_api: 30001
|
||||
maas_proxy: 31800 # hardcoded in MAAS
|
||||
|
||||
vip:
|
||||
ingress_vip: '172.24.1.6/32'
|
||||
maas_vip: '172.24.1.5/32'
|
||||
|
||||
ntp:
|
||||
# comma separated NTP server list. Verify that these upstream NTP servers are
|
||||
# reachable in your environment; otherwise update them with the correct
|
||||
# values for your environment.
|
||||
servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org'
|
||||
|
||||
# NOTE: This will be updated soon
|
||||
ldap:
|
||||
base_url: 'ldap.example.com'
|
||||
url: 'ldap://ldap.example.com'
|
||||
auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
|
||||
# NEWSITE-CHANGEME: Update to the correct AD group that contains the users
|
||||
# relevant for this deployment (test users vs prod users/values, etc)
|
||||
common_name: test
|
||||
# NEWSITE-CHANGEME: Update to the correct subdomain for your type of
|
||||
# deployment (test vs prod values, etc)
|
||||
subdomain: test
|
||||
# NEWSITE-CHANGEME: Update to the correct domain for your type of
|
||||
# deployment (test vs prod values, etc)
|
||||
domain: example
|
||||
|
||||
storage:
|
||||
ceph:
|
||||
public_cidr: 172.24.1.0/24
|
||||
cluster_cidr: 172.24.1.0/24
|
||||
|
||||
neutron:
|
||||
tunnel_device: 'ens3'
|
||||
# bond which the overlay is a member of. Ensure the bond name is consistent
|
||||
# with the bond assigned to the overlay network in
|
||||
# networks/physical/networks.yaml
|
||||
external_iface: 'ens3'
|
||||
|
||||
openvswitch:
|
||||
# bond which the overlay is a member of. Ensure the bond name is consistent
|
||||
# with the bond assigned to the overlay network in
|
||||
# networks/physical/networks.yaml
|
||||
external_iface: 'ens3'
|
||||
...
|
44
site/seaworthy-virt/networks/physical/networks.yaml
Normal file
44
site/seaworthy-virt/networks/physical/networks.yaml
Normal file
@ -0,0 +1,44 @@
|
||||
---
|
||||
schema: 'drydock/NetworkLink/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
name: gp
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
bonding:
|
||||
mode: disabled
|
||||
mtu: 1500
|
||||
linkspeed: auto
|
||||
trunking:
|
||||
mode: disabled
|
||||
default_network: gp
|
||||
allowed_networks:
|
||||
- gp
|
||||
...
|
||||
---
|
||||
schema: 'drydock/Network/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
name: gp
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
mtu: 1500
|
||||
cidr: 172.24.1.0/24
|
||||
ranges:
|
||||
- type: dhcp
|
||||
start: 172.24.1.100
|
||||
end: 172.24.1.200
|
||||
routes:
|
||||
- subnet: 0.0.0.0/0
|
||||
gateway: 172.24.1.1
|
||||
metric: 10
|
||||
dns:
|
||||
domain: gate.local
|
||||
servers: '172.24.1.9'
|
||||
...
|
72
site/seaworthy-virt/networks/physical/unused_networks.yaml
Normal file
72
site/seaworthy-virt/networks/physical/unused_networks.yaml
Normal file
@ -0,0 +1,72 @@
|
||||
---
|
||||
schema: 'drydock/Network/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
name: oob
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
cidr: 192.168.1.0/24
|
||||
...
|
||||
---
|
||||
schema: 'drydock/Network/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
name: pxe
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
cidr: 192.168.2.0/24
|
||||
...
|
||||
---
|
||||
schema: 'drydock/Network/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
name: oam
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
cidr: 192.168.3.0/24
|
||||
...
|
||||
---
|
||||
schema: 'drydock/Network/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
name: storage
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
cidr: 192.168.4.0/24
|
||||
...
|
||||
---
|
||||
schema: 'drydock/Network/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
name: calico
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
cidr: 192.168.5.0/24
|
||||
...
|
||||
---
|
||||
schema: 'drydock/Network/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
name: overlay
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
cidr: 192.168.6.0/24
|
||||
...
|
279
site/seaworthy-virt/pki/pki-catalog.yaml
Normal file
279
site/seaworthy-virt/pki/pki-catalog.yaml
Normal file
@ -0,0 +1,279 @@
|
||||
---
|
||||
# The purpose of this file is to define the PKI certificates for the environment
|
||||
#
|
||||
# NOTE: When deploying a new site, this file should not be configured until
|
||||
# baremetal/nodes.yaml is complete.
|
||||
#
|
||||
schema: promenade/PKICatalog/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: cluster-certificates
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
certificate_authorities:
|
||||
kubernetes:
|
||||
description: CA for Kubernetes components
|
||||
certificates:
|
||||
- document_name: apiserver
|
||||
description: Service certificate for Kubernetes apiserver
|
||||
common_name: apiserver
|
||||
hosts:
|
||||
- localhost
|
||||
- 127.0.0.1
|
||||
- 10.96.0.1
|
||||
kubernetes_service_names:
|
||||
- kubernetes.default.svc.cluster.local
|
||||
- document_name: kubelet-genesis
|
||||
common_name: system:node:n0
|
||||
hosts:
|
||||
- n0
|
||||
- 172.24.1.10
|
||||
groups:
|
||||
- system:nodes
|
||||
- document_name: kubelet-n0
|
||||
common_name: system:node:n0
|
||||
hosts:
|
||||
- n0
|
||||
- 172.24.1.10
|
||||
groups:
|
||||
- system:nodes
|
||||
- document_name: kubelet-n1
|
||||
common_name: system:node:n1
|
||||
hosts:
|
||||
- n1
|
||||
- 172.24.1.11
|
||||
groups:
|
||||
- system:nodes
|
||||
- document_name: kubelet-n2
|
||||
common_name: system:node:n2
|
||||
hosts:
|
||||
- n2
|
||||
- 172.24.1.12
|
||||
groups:
|
||||
- system:nodes
|
||||
- document_name: kubelet-n3
|
||||
common_name: system:node:n3
|
||||
hosts:
|
||||
- n3
|
||||
- 172.24.1.13
|
||||
groups:
|
||||
- system:nodes
|
||||
|
||||
# End node list
|
||||
- document_name: scheduler
|
||||
description: Service certificate for Kubernetes scheduler
|
||||
common_name: system:kube-scheduler
|
||||
- document_name: controller-manager
|
||||
description: certificate for controller-manager
|
||||
common_name: system:kube-controller-manager
|
||||
- document_name: admin
|
||||
common_name: admin
|
||||
groups:
|
||||
- system:masters
|
||||
- document_name: armada
|
||||
common_name: armada
|
||||
groups:
|
||||
- system:masters
|
||||
kubernetes-etcd:
|
||||
description: Certificates for Kubernetes's etcd servers
|
||||
certificates:
|
||||
- document_name: apiserver-etcd
|
||||
description: etcd client certificate for use by Kubernetes apiserver
|
||||
common_name: apiserver
|
||||
# NOTE(mark-burnett): hosts not required for client certificates
|
||||
- document_name: kubernetes-etcd-anchor
|
||||
description: anchor
|
||||
common_name: anchor
|
||||
- document_name: kubernetes-etcd-genesis
|
||||
common_name: kubernetes-etcd-genesis
|
||||
hosts:
|
||||
- n0
|
||||
- 172.24.1.10
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- kubernetes-etcd.kube-system.svc.cluster.local
|
||||
- 10.96.0.2
|
||||
- document_name: kubernetes-etcd-n0
|
||||
common_name: kubernetes-etcd-n0
|
||||
hosts:
|
||||
- n0
|
||||
- 172.24.1.10
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- kubernetes-etcd.kube-system.svc.cluster.local
|
||||
- 10.96.0.2
|
||||
- document_name: kubernetes-etcd-n1
|
||||
common_name: kubernetes-etcd-n1
|
||||
hosts:
|
||||
- n1
|
||||
- 172.24.1.11
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- kubernetes-etcd.kube-system.svc.cluster.local
|
||||
- 10.96.0.2
|
||||
- document_name: kubernetes-etcd-n2
|
||||
common_name: kubernetes-etcd-n2
|
||||
hosts:
|
||||
- n2
|
||||
- 172.24.1.12
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- kubernetes-etcd.kube-system.svc.cluster.local
|
||||
- 10.96.0.2
|
||||
- document_name: kubernetes-etcd-n3
|
||||
common_name: kubernetes-etcd-n3
|
||||
hosts:
|
||||
- n3
|
||||
- 172.24.1.13
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- kubernetes-etcd.kube-system.svc.cluster.local
|
||||
- 10.96.0.2
|
||||
|
||||
kubernetes-etcd-peer:
|
||||
certificates:
|
||||
- document_name: kubernetes-etcd-genesis-peer
|
||||
common_name: kubernetes-etcd-genesis-peer
|
||||
hosts:
|
||||
- n0
|
||||
- 172.24.1.10
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- kubernetes-etcd.kube-system.svc.cluster.local
|
||||
- 10.96.0.2
|
||||
- document_name: kubernetes-etcd-n0-peer
|
||||
common_name: kubernetes-etcd-n0-peer
|
||||
hosts:
|
||||
- n0
|
||||
- 172.24.1.10
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- kubernetes-etcd.kube-system.svc.cluster.local
|
||||
- 10.96.0.2
|
||||
- document_name: kubernetes-etcd-n1-peer
|
||||
common_name: kubernetes-etcd-n1-peer
|
||||
hosts:
|
||||
- n1
|
||||
- 172.24.1.11
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- kubernetes-etcd.kube-system.svc.cluster.local
|
||||
- 10.96.0.2
|
||||
- document_name: kubernetes-etcd-n2-peer
|
||||
common_name: kubernetes-etcd-n2-peer
|
||||
hosts:
|
||||
- n2
|
||||
- 172.24.1.12
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- kubernetes-etcd.kube-system.svc.cluster.local
|
||||
- 10.96.0.2
|
||||
- document_name: kubernetes-etcd-n3-peer
|
||||
common_name: kubernetes-etcd-n3-peer
|
||||
hosts:
|
||||
- n3
|
||||
- 172.24.1.13
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- kubernetes-etcd.kube-system.svc.cluster.local
|
||||
- 10.96.0.2
|
||||
calico-etcd:
|
||||
description: Certificates for Calico etcd client traffic
|
||||
certificates:
|
||||
- document_name: calico-etcd-anchor
|
||||
description: anchor
|
||||
common_name: anchor
|
||||
- document_name: calico-etcd-genesis
|
||||
common_name: calico-etcd-genesis
|
||||
hosts:
|
||||
- n0
|
||||
- 172.24.1.10
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- 10.96.232.136
|
||||
- document_name: calico-etcd-n0
|
||||
common_name: calico-etcd-n0
|
||||
hosts:
|
||||
- n0
|
||||
- 172.24.1.10
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- 10.96.232.136
|
||||
- document_name: calico-etcd-n1
|
||||
common_name: calico-etcd-n1
|
||||
hosts:
|
||||
- n1
|
||||
- 172.24.1.11
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- 10.96.232.136
|
||||
- document_name: calico-etcd-n2
|
||||
common_name: calico-etcd-n2
|
||||
hosts:
|
||||
- n2
|
||||
- 172.24.1.12
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- 10.96.232.136
|
||||
- document_name: calico-etcd-n3
|
||||
common_name: calico-etcd-n3
|
||||
hosts:
|
||||
- n3
|
||||
- 172.24.1.13
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- 10.96.232.136
|
||||
- document_name: calico-node
|
||||
common_name: calcico-node
|
||||
calico-etcd-peer:
|
||||
description: Certificates for Calico etcd clients
|
||||
certificates:
|
||||
- document_name: calico-etcd-genesis-peer
|
||||
common_name: calico-etcd-genesis-peer
|
||||
hosts:
|
||||
- n0
|
||||
- 172.24.1.10
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- 10.96.232.136
|
||||
- document_name: calico-etcd-n0-peer
|
||||
common_name: calico-etcd-n0-peer
|
||||
hosts:
|
||||
- n0
|
||||
- 172.24.1.10
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- 10.96.232.136
|
||||
- document_name: calico-etcd-n1-peer
|
||||
common_name: calico-etcd-n1-peer
|
||||
hosts:
|
||||
- n1
|
||||
- 172.24.1.11
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- 10.96.232.136
|
||||
- document_name: calico-etcd-n2-peer
|
||||
common_name: calico-etcd-n2-peer
|
||||
hosts:
|
||||
- n2
|
||||
- 172.24.1.12
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- 10.96.232.136
|
||||
- document_name: calico-etcd-n3-peer
|
||||
common_name: calico-etcd-n3-peer
|
||||
hosts:
|
||||
- n3
|
||||
- 172.24.1.13
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- 10.96.232.136
|
||||
- document_name: calico-node-peer
|
||||
common_name: calcico-node-peer
|
||||
keypairs:
|
||||
- name: service-account
|
||||
description: Service account signing key for use by Kubernetes controller-manager.
|
||||
...
|
50
site/seaworthy-virt/profiles/genesis.yaml
Normal file
50
site/seaworthy-virt/profiles/genesis.yaml
Normal file
@ -0,0 +1,50 @@
|
||||
---
|
||||
# The purpose of this file is to apply proper labels to Genesis node so the
|
||||
# proper services are installed and proper configuration applied. This should
|
||||
# not need to be changed for a new site.
|
||||
# #GLOBAL-CANDIDATE#
|
||||
schema: promenade/Genesis/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: genesis-site
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
parentSelector:
|
||||
name: genesis-global
|
||||
actions:
|
||||
- method: merge
|
||||
path: .
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
labels:
|
||||
dynamic:
|
||||
- beta.kubernetes.io/fluentd-ds-ready=true
|
||||
- calico-etcd=enabled
|
||||
- ceph-mds=enabled
|
||||
- ceph-mon=enabled
|
||||
- ceph-osd=enabled
|
||||
- ceph-rgw=enabled
|
||||
- ceph-mgr=enabled
|
||||
- ceph-bootstrap=enabled
|
||||
- tenant-ceph-control-plane=enabled
|
||||
- tenant-ceph-mon=enabled
|
||||
- tenant-ceph-rgw=enabled
|
||||
- tenant-ceph-mgr=enabled
|
||||
- kube-dns=enabled
|
||||
- kube-ingress=enabled
|
||||
- kubernetes-apiserver=enabled
|
||||
- kubernetes-controller-manager=enabled
|
||||
- kubernetes-etcd=enabled
|
||||
- kubernetes-scheduler=enabled
|
||||
- promenade-genesis=enabled
|
||||
- ucp-control-plane=enabled
|
||||
- maas-rack=enabled
|
||||
- maas-region=enabled
|
||||
- ceph-osd-bootstrap=enabled
|
||||
- openstack-control-plane=enabled
|
||||
- openvswitch=enabled
|
||||
- openstack-l3-agent=enabled
|
||||
- node-exporter=enabled
|
||||
- fluentd=enabled
|
||||
...
|
23
site/seaworthy-virt/profiles/hardware/generic_vm.yaml
Normal file
23
site/seaworthy-virt/profiles/hardware/generic_vm.yaml
Normal file
@ -0,0 +1,23 @@
|
||||
---
|
||||
schema: 'drydock/HardwareProfile/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
name: GenericVM
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
vendor: 'Dell'
|
||||
generation: '1'
|
||||
hw_version: '2'
|
||||
bios_version: '2.2.3'
|
||||
boot_mode: 'bios'
|
||||
bootstrap_protocol: 'pxe'
|
||||
pxe_interface: 0
|
||||
device_aliases:
|
||||
pnic01:
|
||||
bus_type: 'pci'
|
||||
dev_type: 'Intel 10Gbps NIC'
|
||||
address: '0000:00:03.0'
|
||||
...
|
173
site/seaworthy-virt/profiles/host/gate-vm-cp.yaml
Normal file
173
site/seaworthy-virt/profiles/host/gate-vm-cp.yaml
Normal file
@ -0,0 +1,173 @@
|
||||
---
|
||||
schema: drydock/HostProfile/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: cp-global
|
||||
replacement: true
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
parentSelector:
|
||||
hosttype: cp-global
|
||||
actions:
|
||||
- method: replace
|
||||
path: .storage
|
||||
- method: replace
|
||||
path: .interfaces
|
||||
- method: replace
|
||||
path: .platform.kernel_params
|
||||
- method: merge
|
||||
path: .
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
hardware_profile: 'GenericVM'
|
||||
primary_network: 'gp'
|
||||
oob:
|
||||
type: 'libvirt'
|
||||
libvirt_uri: 'qemu+ssh://virtmgr@172.24.1.1/system'
|
||||
storage:
|
||||
physical_devices:
|
||||
vda:
|
||||
labels:
|
||||
bootdrive: 'true'
|
||||
partitions:
|
||||
- name: 'root'
|
||||
size: '20g'
|
||||
bootable: true
|
||||
filesystem:
|
||||
mountpoint: '/'
|
||||
fstype: 'ext4'
|
||||
mount_options: 'defaults'
|
||||
- name: 'boot'
|
||||
size: '1g'
|
||||
filesystem:
|
||||
mountpoint: '/boot'
|
||||
fstype: 'ext4'
|
||||
mount_options: 'defaults'
|
||||
interfaces:
|
||||
ens3:
|
||||
device_link: 'gp'
|
||||
slaves:
|
||||
- 'ens3'
|
||||
networks:
|
||||
- 'gp'
|
||||
platform:
|
||||
kernel_params:
|
||||
kernel_package: 'linux-image-4.15.0-34-generic'
|
||||
...
|
||||
---
|
||||
schema: drydock/HostProfile/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: cp-secondary
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
parentSelector:
|
||||
hosttype: cp-global
|
||||
actions:
|
||||
- method: replace
|
||||
path: .storage
|
||||
- method: replace
|
||||
path: .interfaces
|
||||
- method: replace
|
||||
path: .platform.kernel_params
|
||||
- method: merge
|
||||
path: .
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
hardware_profile: 'GenericVM'
|
||||
primary_network: 'gp'
|
||||
oob:
|
||||
type: 'libvirt'
|
||||
libvirt_uri: 'qemu+ssh://virtmgr@172.24.1.1/system'
|
||||
storage:
|
||||
physical_devices:
|
||||
vda:
|
||||
labels:
|
||||
bootdrive: 'true'
|
||||
partitions:
|
||||
- name: 'root'
|
||||
size: '20g'
|
||||
bootable: true
|
||||
filesystem:
|
||||
mountpoint: '/'
|
||||
fstype: 'ext4'
|
||||
mount_options: 'defaults'
|
||||
- name: 'boot'
|
||||
size: '1g'
|
||||
filesystem:
|
||||
mountpoint: '/boot'
|
||||
fstype: 'ext4'
|
||||
mount_options: 'defaults'
|
||||
interfaces:
|
||||
ens3:
|
||||
device_link: 'gp'
|
||||
slaves:
|
||||
- 'ens3'
|
||||
networks:
|
||||
- 'gp'
|
||||
platform:
|
||||
kernel_params:
|
||||
kernel_package: 'linux-image-4.15.0-34-generic'
|
||||
|
||||
metadata:
|
||||
owner_data:
|
||||
control-plane: enabled
|
||||
ucp-control-plane: enabled
|
||||
openstack-control-plane: enabled
|
||||
openstack-heat: enabled
|
||||
openstack-keystone: enabled
|
||||
openstack-rabbitmq: enabled
|
||||
openstack-dns-helper: enabled
|
||||
openstack-mariadb: enabled
|
||||
openstack-nova-control: enabled
|
||||
# openstack-etcd: enabled
|
||||
openstack-mistral: enabled
|
||||
openstack-memcached: enabled
|
||||
openstack-glance: enabled
|
||||
openstack-horizon: enabled
|
||||
openstack-cinder-control: enabled
|
||||
openstack-cinder-volume: control
|
||||
openstack-neutron: enabled
|
||||
openvswitch: enabled
|
||||
ucp-barbican: enabled
|
||||
# ceph-mon: enabled
|
||||
ceph-mgr: enabled
|
||||
ceph-osd: enabled
|
||||
ceph-mds: enabled
|
||||
ceph-rgw: enabled
|
||||
ucp-maas: enabled
|
||||
kube-dns: enabled
|
||||
tenant-ceph-control-plane: enabled
|
||||
# tenant-ceph-mon: enabled
|
||||
tenant-ceph-rgw: enabled
|
||||
tenant-ceph-mgr: enabled
|
||||
kubernetes-apiserver: enabled
|
||||
kubernetes-controller-manager: enabled
|
||||
# kubernetes-etcd: enabled
|
||||
kubernetes-scheduler: enabled
|
||||
tiller-helm: enabled
|
||||
# kube-etcd: enabled
|
||||
calico-policy: enabled
|
||||
calico-node: enabled
|
||||
# calico-etcd: enabled
|
||||
ucp-armada: enabled
|
||||
ucp-drydock: enabled
|
||||
ucp-deckhand: enabled
|
||||
ucp-shipyard: enabled
|
||||
IAM: enabled
|
||||
ucp-promenade: enabled
|
||||
prometheus-server: enabled
|
||||
prometheus-client: enabled
|
||||
fluentd: enabled
|
||||
influxdb: enabled
|
||||
kibana: enabled
|
||||
elasticsearch-client: enabled
|
||||
elasticsearch-master: enabled
|
||||
elasticsearch-data: enabled
|
||||
postgresql: enabled
|
||||
kube-ingress: enabled
|
||||
beta.kubernetes.io/fluentd-ds-ready: 'true'
|
||||
node-exporter: enabled
|
||||
...
|
58
site/seaworthy-virt/profiles/host/gate-vm-dp.yaml
Normal file
58
site/seaworthy-virt/profiles/host/gate-vm-dp.yaml
Normal file
@ -0,0 +1,58 @@
|
||||
---
|
||||
schema: 'drydock/HostProfile/v1'
|
||||
metadata:
|
||||
name: gate-vm-dp
|
||||
schema: 'metadata/Document/v1'
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
hardware_profile: 'GenericVM'
|
||||
primary_network: 'gp'
|
||||
oob:
|
||||
type: 'libvirt'
|
||||
libvirt_uri: 'qemu+ssh://virtmgr@172.24.1.1/system'
|
||||
storage:
|
||||
physical_devices:
|
||||
vda:
|
||||
labels:
|
||||
bootdrive: 'true'
|
||||
partitions:
|
||||
- name: 'root'
|
||||
size: '20g'
|
||||
bootable: true
|
||||
filesystem:
|
||||
mountpoint: '/'
|
||||
fstype: 'ext4'
|
||||
mount_options: 'defaults'
|
||||
- name: 'boot'
|
||||
size: '1g'
|
||||
filesystem:
|
||||
mountpoint: '/boot'
|
||||
fstype: 'ext4'
|
||||
mount_options: 'defaults'
|
||||
interfaces:
|
||||
ens3:
|
||||
device_link: 'gp'
|
||||
slaves:
|
||||
- 'ens3'
|
||||
networks:
|
||||
- 'gp'
|
||||
platform:
|
||||
image: 'xenial'
|
||||
kernel: 'hwe-16.04'
|
||||
metadata:
|
||||
tags:
|
||||
- 'foo'
|
||||
owner_data:
|
||||
openstack-nova-compute: enabled
|
||||
openvswitch: enabled
|
||||
# sriov: enabled
|
||||
contrail-vrouter: kernel
|
||||
openstack-libvirt: kernel
|
||||
beta.kubernetes.io/fluentd-ds-ready: 'true'
|
||||
node-exporter: enabled
|
||||
fluentbit: enabled
|
||||
tenant-ceph-osd: enabled
|
||||
...
|
37
site/seaworthy-virt/profiles/region.yaml
Normal file
37
site/seaworthy-virt/profiles/region.yaml
Normal file
@ -0,0 +1,37 @@
|
||||
---
|
||||
# The purpose of this file is to define the drydock Region, which in turn drives
|
||||
# the MaaS region.
|
||||
schema: 'drydock/Region/v1'
|
||||
metadata:
|
||||
schema: 'metadata/Document/v1'
|
||||
name: seaworthy-virt
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
substitutions:
|
||||
- dest:
|
||||
# Add/replace the first item in the list
|
||||
path: .authorized_keys[0]
|
||||
src:
|
||||
schema: deckhand/PublicKey/v1
|
||||
# This should match the "name" metadata of the SSH key which will be
|
||||
# substituted, located in site/airship-seaworthy/secrets folder.
|
||||
name: airship_ubuntu_ssh_public_key
|
||||
path: .
|
||||
- dest:
|
||||
path: .repositories.main_archive
|
||||
src:
|
||||
schema: pegleg/SoftwareVersions/v1
|
||||
name: software-versions
|
||||
path: .packages.repositories.main_archive
|
||||
data:
|
||||
tag_definitions: []
|
||||
# This is the list of SSH keys which MaaS will register for the built-in
|
||||
# "ubuntu" account during the PXE process. This list is populated by
|
||||
# substitution, so the same SSH keys do not need to be repeated in multiple
|
||||
# manifests.
|
||||
authorized_keys: []
|
||||
repositories:
|
||||
remove_unlisted: true
|
||||
...
|
2784
site/seaworthy-virt/secrets/certificates/certificates.yaml
Normal file
2784
site/seaworthy-virt/secrets/certificates/certificates.yaml
Normal file
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,38 @@
|
||||
---
|
||||
schema: deckhand/CertificateKey/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: airship_drydock_kvm_ssh_key
|
||||
layeringDefinition:
|
||||
layer: site
|
||||
abstract: false
|
||||
storagePolicy: cleartext
|
||||
data: |-
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEA6gVNOBV7zP2yeZF4P+pcei6VrRW5Qy0pzFNl4Xx6JGyM8LUP
|
||||
yH11pPTokQ7G4JRowzn9tsq21b10gStFLyysOogXJlKCHeR0Bu1MfQYzxshyRgCM
|
||||
dTc9H+4hhLnbPfazV+wUqgV02smsIy0x28DCiHUGXnledAsRPXFcT2d+ujPYoE7u
|
||||
M6WDrRhGwMBM9s6iZ2aYcwDjN8SgliaeLEd6xrk/AHjsvEHQKVCqe24PxiwXbu9q
|
||||
8PMbUOHfd/OrK+ir+uzh06ZVywifPB6btP3BxBRNLVcSwGgUnPQWg/+q+vi6urlp
|
||||
b66lxQ658gzltzFWHyOl/rQSMP1/rH3M1NhibwIDAQABAoIBAA1VW/70Cme1lLOk
|
||||
fCt4GOjFOrXv5OxU6GrB3a4pP3RP0v/r8QhFTaymX5HUO7SUABwPc8s0ZZJsBvVN
|
||||
F9YGP5HeKyN90/gMCihS4ObGsbCDvy8J3PbYvNzS3ooHZNx07+b0hoDharUEhJBE
|
||||
hPC2XN8Ve9VqKN2Hu+W6Tb4gcXH+YlHEeULaeerZRmAflKxnspvYIkVzP5vV540h
|
||||
qiP5LH5dTuHaJBiQcrCP9dbFzjPCqueFohHKOQI6wSbI9QbcuQvD7pxHoxPaf8B/
|
||||
V68fYaZoTGuVzhUuRsKTmseaFac4/bgmCQI8j2fDnWWA7EUANhH2ldIwEwBoPiF+
|
||||
nldqQbECgYEA/mcP2XQ98KIOLRRyWYMxPW/MjKRe1aefcll1Iitilt67mBwPUSvN
|
||||
KB/JTLoN838Vdv/oPQiZrtTYiEsbcj3YHa+kjI62veSFXTeghMKgn4HqQ1FdHOIW
|
||||
Ku+lXj6hSVUdyqC1r8vDDvoludFep+s+M0w/7tcSjlqlZHkpFgEL0uMCgYEA6316
|
||||
G8luptWeYOD2AOPjqqecXoSfPO6EG8rNO3IQUyQP8LgwtQUbK1PNZ/0u9IsKGnTA
|
||||
CvtjhAmyLPlq87KSjOOw7br6VSih/9uxfx/zf+y+NOwkFBqgn2/9lwFvkoJvPELk
|
||||
hRr39Ej9NuX42W5m7XkINCddJgPrVaGF0FQ87AUCgYEAuM03Fzi4se+Wqqqasml5
|
||||
wG5RQa05cqzUR6WyUAMCGCRuU322prlRy57jhMf20HX1qr8U/hkcQoM9VCxzIJbK
|
||||
Qi5QMwaMuv6g3mlFQot7UMN34DTfldaqUcBJ+V83nGSnQoVh1fUHmf6enw/3WbWq
|
||||
NmtiWeaEBULVuFnHPcO+yg8CgYEAqYha+VgpxgfyDlLGJ9voUjp6k30s2oPoLc3x
|
||||
tIMoh4Jly2n+/sMfTTD2po+aV0kly+gTPZS/jxYf5MrnGWyMnsto260JfXdUMUur
|
||||
XBbXiVgZkyYRzztgOYg5a5YICdTHWf3aYI0Kxx4o1XX4kiguB3Zj1pAkOjMGIE65
|
||||
dELA3TUCgYAoRt2+LINxTn2dqU9sHv+oAqN9WY3AGLc8MgAG2sEyD6u6a4ji6LJA
|
||||
5W48boUeUAieiyHdLqpnxZbgsndFXGoOGy3w7k511mGVT8R37uzqoW8en+l/B3aC
|
||||
m6GnweW01V+kv0FiSLsMfNZmYQeCQRNYn/LdSBAjsrmg8c88z0Af6g==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/PublicKey/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: airship_ubuntu_ssh_public_key
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqBU04FXvM/bJ5kXg/6lx6LpWtFblDLSnMU2XhfHokbIzwtQ/IfXWk9OiRDsbglGjDOf22yrbVvXSBK0UvLKw6iBcmUoId5HQG7Ux9BjPGyHJGAIx1Nz0f7iGEuds99rNX7BSqBXTayawjLTHbwMKIdQZeeV50CxE9cVxPZ366M9igTu4zpYOtGEbAwEz2zqJnZphzAOM3xKCWJp4sR3rGuT8AeOy8QdApUKp7bg/GLBdu72rw8xtQ4d9386sr6Kv67OHTplXLCJ88Hpu0/cHEFE0tVxLAaBSc9BaD/6r6+Lq6uWlvrqXFDrnyDOW3MVYfI6X+tBIw/X+sfczU2GJv ubuntu@multinode
|
||||
...
|
@ -0,0 +1,12 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: apiserver-encryption-key-key1
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
# head -c 32 /dev/urandom | base64
|
||||
data: ShMq3FztlkBMTDMKmKBv9Nq0Rk6h5hGWwZTyUnYjxlM=
|
||||
...
|
12
site/seaworthy-virt/secrets/passphrases/ceph_fsid.yaml
Normal file
12
site/seaworthy-virt/secrets/passphrases/ceph_fsid.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ceph_fsid
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
# uuidgen
|
||||
data: 7b7576f4-3358-4668-9112-100440079807
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ceph_swift_keystone_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,13 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ipmi_admin_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
labels:
|
||||
name: ipmi-admin-password-site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
12
site/seaworthy-virt/secrets/passphrases/maas-region-key.yaml
Normal file
12
site/seaworthy-virt/secrets/passphrases/maas-region-key.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: maas-region-key
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
# openssl rand -hex 10
|
||||
data: 9026f6048d6a017dc913
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_barbican_oslo_db_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_barbican_oslo_messaging_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_barbican_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_cinder_oslo_db_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_cinder_oslo_messaging_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_cinder_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_glance_oslo_db_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_glance_oslo_messaging_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_glance_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_heat_oslo_db_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_heat_oslo_messaging_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_heat_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_heat_stack_user_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_heat_trustee_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_horizon_oslo_db_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_infra_elasticsearch_admin_password
|
||||