Browse Source

Merge "Add new seaworthy-virt site"

changes/27/674427/1
Zuul 2 years ago
committed by Gerrit Code Review
parent
commit
10f2f3e9bd
  1. 21
      .zuul.yaml
  2. 1
      global/baremetal/bootactions/promjoin.yaml
  3. 49
      site/seaworthy-virt/baremetal/bootactions/promjoin.yaml
  4. 58
      site/seaworthy-virt/baremetal/nodes.yaml
  5. 41
      site/seaworthy-virt/deployment/deployment-configuration.yaml
  6. 12
      site/seaworthy-virt/deployment/dev-configurables.yaml
  7. 132
      site/seaworthy-virt/networks/common-addresses.yaml
  8. 44
      site/seaworthy-virt/networks/physical/networks.yaml
  9. 72
      site/seaworthy-virt/networks/physical/unused_networks.yaml
  10. 279
      site/seaworthy-virt/pki/pki-catalog.yaml
  11. 50
      site/seaworthy-virt/profiles/genesis.yaml
  12. 23
      site/seaworthy-virt/profiles/hardware/generic_vm.yaml
  13. 173
      site/seaworthy-virt/profiles/host/gate-vm-cp.yaml
  14. 58
      site/seaworthy-virt/profiles/host/gate-vm-dp.yaml
  15. 37
      site/seaworthy-virt/profiles/region.yaml
  16. 2784
      site/seaworthy-virt/secrets/certificates/certificates.yaml
  17. 38
      site/seaworthy-virt/secrets/passphrases/airship_drydock_kvm_ssh_key.yaml
  18. 11
      site/seaworthy-virt/secrets/passphrases/airship_ubuntu_ssh_public_key.yaml
  19. 12
      site/seaworthy-virt/secrets/passphrases/apiserver-encryption-key-key1.yaml
  20. 12
      site/seaworthy-virt/secrets/passphrases/ceph_fsid.yaml
  21. 11
      site/seaworthy-virt/secrets/passphrases/ceph_swift_keystone_password.yaml
  22. 13
      site/seaworthy-virt/secrets/passphrases/ipmi_admin_password.yaml
  23. 12
      site/seaworthy-virt/secrets/passphrases/maas-region-key.yaml
  24. 11
      site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_db_password.yaml
  25. 11
      site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
  26. 11
      site/seaworthy-virt/secrets/passphrases/osh_barbican_password.yaml
  27. 11
      site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_db_password.yaml
  28. 11
      site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
  29. 11
      site/seaworthy-virt/secrets/passphrases/osh_cinder_password.yaml
  30. 11
      site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_db_password.yaml
  31. 11
      site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
  32. 11
      site/seaworthy-virt/secrets/passphrases/osh_glance_password.yaml
  33. 11
      site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_db_password.yaml
  34. 11
      site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
  35. 11
      site/seaworthy-virt/secrets/passphrases/osh_heat_password.yaml
  36. 11
      site/seaworthy-virt/secrets/passphrases/osh_heat_stack_user_password.yaml
  37. 11
      site/seaworthy-virt/secrets/passphrases/osh_heat_trustee_password.yaml
  38. 11
      site/seaworthy-virt/secrets/passphrases/osh_horizon_oslo_db_password.yaml
  39. 11
      site/seaworthy-virt/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
  40. 11
      site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_admin_password.yaml
  41. 11
      site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
  42. 11
      site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
  43. 11
      site/seaworthy-virt/secrets/passphrases/osh_infra_nagios_admin_password.yaml
  44. 11
      site/seaworthy-virt/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
  45. 11
      site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
  46. 11
      site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
  47. 11
      site/seaworthy-virt/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
  48. 11
      site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
  49. 11
      site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
  50. 11
      site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
  51. 11
      site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
  52. 11
      site/seaworthy-virt/secrets/passphrases/osh_keystone_admin_password.yaml
  53. 11
      site/seaworthy-virt/secrets/passphrases/osh_keystone_ldap_password.yaml
  54. 11
      site/seaworthy-virt/secrets/passphrases/osh_keystone_oslo_db_password.yaml
  55. 11
      site/seaworthy-virt/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
  56. 11
      site/seaworthy-virt/secrets/passphrases/osh_neutron_oslo_db_password.yaml
  57. 11
      site/seaworthy-virt/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
  58. 11
      site/seaworthy-virt/secrets/passphrases/osh_neutron_password.yaml
  59. 11
      site/seaworthy-virt/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
  60. 11
      site/seaworthy-virt/secrets/passphrases/osh_nova_oslo_db_password.yaml
  61. 11
      site/seaworthy-virt/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
  62. 11
      site/seaworthy-virt/secrets/passphrases/osh_nova_password.yaml
  63. 11
      site/seaworthy-virt/secrets/passphrases/osh_oslo_cache_secret_key.yaml
  64. 11
      site/seaworthy-virt/secrets/passphrases/osh_oslo_db_admin_password.yaml
  65. 11
      site/seaworthy-virt/secrets/passphrases/osh_oslo_db_exporter_password.yaml
  66. 11
      site/seaworthy-virt/secrets/passphrases/osh_oslo_messaging_admin_password.yaml
  67. 11
      site/seaworthy-virt/secrets/passphrases/osh_placement_password.yaml
  68. 11
      site/seaworthy-virt/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
  69. 11
      site/seaworthy-virt/secrets/passphrases/osh_tempest_password.yaml
  70. 12
      site/seaworthy-virt/secrets/passphrases/tenant_ceph_fsid.yaml
  71. 12
      site/seaworthy-virt/secrets/passphrases/ubuntu_crypt_password.yaml
  72. 11
      site/seaworthy-virt/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
  73. 11
      site/seaworthy-virt/secrets/passphrases/ucp_airflow_postgres_password.yaml
  74. 11
      site/seaworthy-virt/secrets/passphrases/ucp_armada_keystone_password.yaml
  75. 11
      site/seaworthy-virt/secrets/passphrases/ucp_barbican_keystone_password.yaml
  76. 11
      site/seaworthy-virt/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
  77. 11
      site/seaworthy-virt/secrets/passphrases/ucp_deckhand_keystone_password.yaml
  78. 11
      site/seaworthy-virt/secrets/passphrases/ucp_deckhand_postgres_password.yaml
  79. 11
      site/seaworthy-virt/secrets/passphrases/ucp_drydock_keystone_password.yaml
  80. 11
      site/seaworthy-virt/secrets/passphrases/ucp_drydock_postgres_password.yaml
  81. 11
      site/seaworthy-virt/secrets/passphrases/ucp_keystone_admin_password.yaml
  82. 11
      site/seaworthy-virt/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
  83. 11
      site/seaworthy-virt/secrets/passphrases/ucp_maas_admin_password.yaml
  84. 11
      site/seaworthy-virt/secrets/passphrases/ucp_maas_postgres_password.yaml
  85. 11
      site/seaworthy-virt/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
  86. 11
      site/seaworthy-virt/secrets/passphrases/ucp_oslo_db_admin_password.yaml
  87. 11
      site/seaworthy-virt/secrets/passphrases/ucp_oslo_messaging_password.yaml
  88. 11
      site/seaworthy-virt/secrets/passphrases/ucp_postgres_admin_password.yaml
  89. 11
      site/seaworthy-virt/secrets/passphrases/ucp_postgres_exporter_password.yaml
  90. 11
      site/seaworthy-virt/secrets/passphrases/ucp_postgres_replication_password.yaml
  91. 11
      site/seaworthy-virt/secrets/passphrases/ucp_promenade_keystone_password.yaml
  92. 11
      site/seaworthy-virt/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
  93. 11
      site/seaworthy-virt/secrets/passphrases/ucp_shipyard_keystone_password.yaml
  94. 11
      site/seaworthy-virt/secrets/passphrases/ucp_shipyard_postgres_password.yaml
  95. 12
      site/seaworthy-virt/site-definition.yaml
  96. 160
      site/seaworthy-virt/software/charts/kubernetes/container-networking/calico.yaml
  97. 153
      site/seaworthy-virt/software/charts/kubernetes/container-networking/etcd.yaml
  98. 163
      site/seaworthy-virt/software/charts/kubernetes/etcd/etcd.yaml
  99. 31
      site/seaworthy-virt/software/charts/kubernetes/ingress/ingress.yaml
  100. 18
      site/seaworthy-virt/software/charts/ucp/ceph/ceph-client-update.yaml

21
.zuul.yaml

@ -19,6 +19,7 @@
check:
jobs:
- treasuremap-seaworthy-site-lint
- treasuremap-seaworthy-virt-site-lint
- treasuremap-airskiff-site-lint
- treasuremap-airsloop-site-lint
- treasuremap-aiab-site-lint
@ -26,6 +27,7 @@
gate:
jobs:
- treasuremap-seaworthy-site-lint
- treasuremap-seaworthy-virt-site-lint
- treasuremap-airskiff-site-lint
- treasuremap-airsloop-site-lint
- treasuremap-aiab-site-lint
@ -67,6 +69,22 @@
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- ^site/seaworthy-virt/.*$
- ^site/airskiff/.*$
- ^site/airsloop/.*$
- ^site/aiab/.*$
- job:
name: treasuremap-seaworthy-virt-site-lint
description: |
Lint the seaworthy site using Pegleg.
parent: treasuremap-site-lint
vars:
site: seaworthy-virt
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- ^site/seaworthy/.*$
- ^site/airskiff/.*$
- ^site/airsloop/.*$
- ^site/aiab/.*$
@ -82,6 +100,7 @@
- ^.*\.rst$
- ^doc/.*$
- ^site/seaworthy/.*$
- ^site/seaworthy-virt/.*$
- ^site/airsloop/.*$
- ^site/aiab/.*$
@ -96,6 +115,7 @@
- ^.*\.rst$
- ^doc/.*$
- ^site/seaworthy/.*$
- ^site/seaworthy-virt/.*$
- ^site/airskiff/.*$
- ^site/aiab/.*$
@ -112,6 +132,7 @@
- ^.*\.rst$
- ^doc/.*$
- ^site/seaworthy/.*$
- ^site/seaworthy-virt/.*$
- ^site/airskiff/.*$
- ^site/airsloop/.*$

1
global/baremetal/bootactions/promjoin.yaml

@ -8,6 +8,7 @@ metadata:
abstract: false
layer: global
labels:
name: promjoin-systemd-unit
application: 'drydock'
data:
signaling: false

49
site/seaworthy-virt/baremetal/bootactions/promjoin.yaml

@ -0,0 +1,49 @@
---
# This file defines a boot action which is responsible for fetching the node's
# promjoin script from the promenade API. This is the script responsible for
# installing kubernetes on the node and joining the kubernetes cluster.
# #GLOBAL-CANDIDATE#
schema: 'drydock/BootAction/v1'
metadata:
schema: 'metadata/Document/v1'
name: promjoin-systemd-unit
storagePolicy: 'cleartext'
replacement: true
layeringDefinition:
abstract: false
layer: site
parentSelector:
name: promjoin-systemd-unit
actions:
- method: replace
path: .assets
labels:
application: 'drydock'
data:
signaling: false
# TODO(alanmeadows) move what is global about this document
assets:
- path: /opt/promjoin.sh
type: file
permissions: '555'
# The ip= parameter must match the MaaS network name of the network used
# to contact kubernetes. With a standard, reference Airship deployment where
# L2 networks are shared between all racks, the network name (i.e. calico)
# should be correct.
location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}&ip={{ node.network.default.ip }}&domain={{ node.domain }}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %}
location_pipeline:
- template
data_pipeline:
- utf8_decode
- path: /lib/systemd/system/promjoin.service
type: unit
permissions: '600'
data: |-
W1VuaXRdCkRlc2NyaXB0aW9uPVByb21lbmFkZSBJbml0aWFsaXphdGlvbiBTZXJ2aWNlCkFmdGVy
PW5ldHdvcmstb25saW5lLnRhcmdldCBsb2NhbC1mcy50YXJnZXQKQ29uZGl0aW9uUGF0aEV4aXN0
cz0hL3Zhci9saWIvcHJvbS5kb25lCgpbU2VydmljZV0KVHlwZT1zaW1wbGUKRXhlY1N0YXJ0PS9v
cHQvcHJvbWpvaW4uc2gKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldAo=
data_pipeline:
- base64_decode
- utf8_decode
...

58
site/seaworthy-virt/baremetal/nodes.yaml

@ -0,0 +1,58 @@
---
schema: 'drydock/BaremetalNode/v1'
metadata:
schema: 'metadata/Document/v1'
name: n1
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
host_profile: cp-global
addressing:
- network: gp
address: 172.24.1.11
metadata:
boot_mac: '52:54:00:00:a3:31'
rack: rack1
tags:
- 'masters'
---
schema: 'drydock/BaremetalNode/v1'
metadata:
schema: 'metadata/Document/v1'
name: n2
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
host_profile: cp-global
addressing:
- network: gp
address: 172.24.1.12
metadata:
boot_mac: '52:54:00:1a:95:0d'
rack: rack1
tags:
- 'masters'
---
schema: 'drydock/BaremetalNode/v1'
metadata:
schema: 'metadata/Document/v1'
name: n3
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
host_profile: cp-secondary
addressing:
- network: gp
address: 172.24.1.13
metadata:
boot_mac: '52:54:00:31:c2:36'
rack: rack1
tags:
- 'masters'
...

41
site/seaworthy-virt/deployment/deployment-configuration.yaml

@ -0,0 +1,41 @@
---
# The purpose of this file is to provide shipyard related deployment config
# parameters. This should not require modification for a new site. However,
# shipyard deployment strategies can be very useful in getting around certain
# failures, like misbehaving nodes that hold up the deployment. See more at
# https://opendev.org/airship/shipyard/src/branch/master/doc/source/site-definition-documents.rst#using-a-deployment-strategy
schema: shipyard/DeploymentConfiguration/v1
metadata:
schema: metadata/Document/v1
name: deployment-configuration
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
physical_provisioner:
deployment_strategy: deployment-strategy
deploy_interval: 30
deploy_timeout: 3600
destroy_interval: 30
destroy_timeout: 900
join_wait: 0
prepare_node_interval: 30
prepare_node_timeout: 1800
prepare_site_interval: 10
prepare_site_timeout: 300
verify_interval: 10
verify_timeout: 60
kubernetes_provisioner:
drain_timeout: 3600
drain_grace_period: 1800
clear_labels_timeout: 1800
remove_etcd_timeout: 1800
etcd_ready_timeout: 600
armada:
get_releases_timeout: 300
get_status_timeout: 300
manifest: 'full-site'
post_apply_timeout: 7200
validate_design_timeout: 600
...

12
site/seaworthy-virt/deployment/dev-configurables.yaml

@ -0,0 +1,12 @@
---
schema: dev/Configurables/v1
metadata:
schema: metadata/Document/v1
name: dev-configurables
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
hostcidr: 172.24.1.0/24
...

132
site/seaworthy-virt/networks/common-addresses.yaml

@ -0,0 +1,132 @@
---
# The purpose of this file is to define network related paramters that are
# referenced elsewhere in the manifests for this site.
#
# TODO: Include bare metal host FQDN naming standards
# TODO: Include ingress FQDN naming standards
schema: pegleg/CommonAddresses/v1
metadata:
schema: metadata/Document/v1
name: common-addresses
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
calico:
ip_autodetection_method: 'interface=ens3'
bgp:
ipv4:
ingress_vip: '172.24.1.6/32'
maas_vip: '172.24.1.5/32'
public_service_cidr: 'Nonsense'
peers:
- 'Nonsense'
- 'Nonsense'
ip_rule:
gateway: 'Nonsense'
etcd:
# etcd service IP address
service_ip: 10.96.232.136
dns:
# Kubernetes cluster domain. Do not change. This is internal to the cluster.
cluster_domain: cluster.local
# DNS service ip
service_ip: 10.96.0.10
# List of upstream DNS forwards. Verify you can reach them from your
# environment. If so, you should not need to change them.
upstream_servers:
- 172.24.1.9
- 172.24.1.9
- 172.24.1.9
# Repeat the same values as above, but formatted as a common separated
# string
upstream_servers_joined: 172.24.1.9
ingress_domain: gate.local
node_domain: gate.local
genesis:
hostname: n0
ip: 172.24.1.10
proxy:
http: ""
https: ""
no_proxy: []
bootstrap:
ip: 172.24.1.10
kubernetes:
# K8s API service IP
api_service_ip: 10.96.0.1
# etcd service IP
etcd_service_ip: 10.96.0.2
# k8s pod CIDR (network which pod traffic will traverse)
pod_cidr: 10.97.0.0/16
# k8s service CIDR (network which k8s API traffic will traverse)
service_cidr: 10.96.0.0/16
# misc k8s port settings
apiserver_port: 6443
haproxy_port: 6553
service_node_port_range: 30000-32767
# etcd port settings
etcd:
container_port: 2379
haproxy_port: 2378
masters:
- hostname: n1
- hostname: n2
- hostname: n3
node_ports:
drydock_api: 30000
maas_api: 30001
maas_proxy: 31800 # hardcoded in MAAS
vip:
ingress_vip: '172.24.1.6/32'
maas_vip: '172.24.1.5/32'
ntp:
# comma separated NTP server list. Verify that these upstream NTP servers are
# reachable in your environment; otherwise update them with the correct
# values for your environment.
servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org'
# NOTE: This will be updated soon
ldap:
base_url: 'ldap.example.com'
url: 'ldap://ldap.example.com'
auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
# NEWSITE-CHANGEME: Update to the correct AD group that contains the users
# relevant for this deployment (test users vs prod users/values, etc)
common_name: test
# NEWSITE-CHANGEME: Update to the correct subdomain for your type of
# deployment (test vs prod values, etc)
subdomain: test
# NEWSITE-CHANGEME: Update to the correct domain for your type of
# deployment (test vs prod values, etc)
domain: example
storage:
ceph:
public_cidr: 172.24.1.0/24
cluster_cidr: 172.24.1.0/24
neutron:
tunnel_device: 'ens3'
# bond which the overlay is a member of. Ensure the bond name is consistent
# with the bond assigned to the overlay network in
# networks/physical/networks.yaml
external_iface: 'ens3'
openvswitch:
# bond which the overlay is a member of. Ensure the bond name is consistent
# with the bond assigned to the overlay network in
# networks/physical/networks.yaml
external_iface: 'ens3'
...

44
site/seaworthy-virt/networks/physical/networks.yaml

@ -0,0 +1,44 @@
---
schema: 'drydock/NetworkLink/v1'
metadata:
schema: 'metadata/Document/v1'
name: gp
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
bonding:
mode: disabled
mtu: 1500
linkspeed: auto
trunking:
mode: disabled
default_network: gp
allowed_networks:
- gp
...
---
schema: 'drydock/Network/v1'
metadata:
schema: 'metadata/Document/v1'
name: gp
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
mtu: 1500
cidr: 172.24.1.0/24
ranges:
- type: dhcp
start: 172.24.1.100
end: 172.24.1.200
routes:
- subnet: 0.0.0.0/0
gateway: 172.24.1.1
metric: 10
dns:
domain: gate.local
servers: '172.24.1.9'
...

72
site/seaworthy-virt/networks/physical/unused_networks.yaml

@ -0,0 +1,72 @@
---
schema: 'drydock/Network/v1'
metadata:
schema: 'metadata/Document/v1'
name: oob
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
cidr: 192.168.1.0/24
...
---
schema: 'drydock/Network/v1'
metadata:
schema: 'metadata/Document/v1'
name: pxe
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
cidr: 192.168.2.0/24
...
---
schema: 'drydock/Network/v1'
metadata:
schema: 'metadata/Document/v1'
name: oam
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
cidr: 192.168.3.0/24
...
---
schema: 'drydock/Network/v1'
metadata:
schema: 'metadata/Document/v1'
name: storage
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
cidr: 192.168.4.0/24
...
---
schema: 'drydock/Network/v1'
metadata:
schema: 'metadata/Document/v1'
name: calico
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
cidr: 192.168.5.0/24
...
---
schema: 'drydock/Network/v1'
metadata:
schema: 'metadata/Document/v1'
name: overlay
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
cidr: 192.168.6.0/24
...

279
site/seaworthy-virt/pki/pki-catalog.yaml

@ -0,0 +1,279 @@
---
# The purpose of this file is to define the PKI certificates for the environment
#
# NOTE: When deploying a new site, this file should not be configured until
# baremetal/nodes.yaml is complete.
#
schema: promenade/PKICatalog/v1
metadata:
schema: metadata/Document/v1
name: cluster-certificates
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
certificate_authorities:
kubernetes:
description: CA for Kubernetes components
certificates:
- document_name: apiserver
description: Service certificate for Kubernetes apiserver
common_name: apiserver
hosts:
- localhost
- 127.0.0.1
- 10.96.0.1
kubernetes_service_names:
- kubernetes.default.svc.cluster.local
- document_name: kubelet-genesis
common_name: system:node:n0
hosts:
- n0
- 172.24.1.10
groups:
- system:nodes
- document_name: kubelet-n0
common_name: system:node:n0
hosts:
- n0
- 172.24.1.10
groups:
- system:nodes
- document_name: kubelet-n1
common_name: system:node:n1
hosts:
- n1
- 172.24.1.11
groups:
- system:nodes
- document_name: kubelet-n2
common_name: system:node:n2
hosts:
- n2
- 172.24.1.12
groups:
- system:nodes
- document_name: kubelet-n3
common_name: system:node:n3
hosts:
- n3
- 172.24.1.13
groups:
- system:nodes
# End node list
- document_name: scheduler
description: Service certificate for Kubernetes scheduler
common_name: system:kube-scheduler
- document_name: controller-manager
description: certificate for controller-manager
common_name: system:kube-controller-manager
- document_name: admin
common_name: admin
groups:
- system:masters
- document_name: armada
common_name: armada
groups:
- system:masters
kubernetes-etcd:
description: Certificates for Kubernetes's etcd servers
certificates:
- document_name: apiserver-etcd
description: etcd client certificate for use by Kubernetes apiserver
common_name: apiserver
# NOTE(mark-burnett): hosts not required for client certificates
- document_name: kubernetes-etcd-anchor
description: anchor
common_name: anchor
- document_name: kubernetes-etcd-genesis
common_name: kubernetes-etcd-genesis
hosts:
- n0
- 172.24.1.10
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- 10.96.0.2
- document_name: kubernetes-etcd-n0
common_name: kubernetes-etcd-n0
hosts:
- n0
- 172.24.1.10
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- 10.96.0.2
- document_name: kubernetes-etcd-n1
common_name: kubernetes-etcd-n1
hosts:
- n1
- 172.24.1.11
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- 10.96.0.2
- document_name: kubernetes-etcd-n2
common_name: kubernetes-etcd-n2
hosts:
- n2
- 172.24.1.12
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- 10.96.0.2
- document_name: kubernetes-etcd-n3
common_name: kubernetes-etcd-n3
hosts:
- n3
- 172.24.1.13
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- 10.96.0.2
kubernetes-etcd-peer:
certificates:
- document_name: kubernetes-etcd-genesis-peer
common_name: kubernetes-etcd-genesis-peer
hosts:
- n0
- 172.24.1.10
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- 10.96.0.2
- document_name: kubernetes-etcd-n0-peer
common_name: kubernetes-etcd-n0-peer
hosts:
- n0
- 172.24.1.10
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- 10.96.0.2
- document_name: kubernetes-etcd-n1-peer
common_name: kubernetes-etcd-n1-peer
hosts:
- n1
- 172.24.1.11
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- 10.96.0.2
- document_name: kubernetes-etcd-n2-peer
common_name: kubernetes-etcd-n2-peer
hosts:
- n2
- 172.24.1.12
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- 10.96.0.2
- document_name: kubernetes-etcd-n3-peer
common_name: kubernetes-etcd-n3-peer
hosts:
- n3
- 172.24.1.13
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- 10.96.0.2
calico-etcd:
description: Certificates for Calico etcd client traffic
certificates:
- document_name: calico-etcd-anchor
description: anchor
common_name: anchor
- document_name: calico-etcd-genesis
common_name: calico-etcd-genesis
hosts:
- n0
- 172.24.1.10
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-etcd-n0
common_name: calico-etcd-n0
hosts:
- n0
- 172.24.1.10
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-etcd-n1
common_name: calico-etcd-n1
hosts:
- n1
- 172.24.1.11
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-etcd-n2
common_name: calico-etcd-n2
hosts:
- n2
- 172.24.1.12
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-etcd-n3
common_name: calico-etcd-n3
hosts:
- n3
- 172.24.1.13
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-node
common_name: calcico-node
calico-etcd-peer:
description: Certificates for Calico etcd clients
certificates:
- document_name: calico-etcd-genesis-peer
common_name: calico-etcd-genesis-peer
hosts:
- n0
- 172.24.1.10
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-etcd-n0-peer
common_name: calico-etcd-n0-peer
hosts:
- n0
- 172.24.1.10
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-etcd-n1-peer
common_name: calico-etcd-n1-peer
hosts:
- n1
- 172.24.1.11
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-etcd-n2-peer
common_name: calico-etcd-n2-peer
hosts:
- n2
- 172.24.1.12
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-etcd-n3-peer
common_name: calico-etcd-n3-peer
hosts:
- n3
- 172.24.1.13
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-node-peer
common_name: calcico-node-peer
keypairs:
- name: service-account
description: Service account signing key for use by Kubernetes controller-manager.
...

50
site/seaworthy-virt/profiles/genesis.yaml

@ -0,0 +1,50 @@
---
# The purpose of this file is to apply proper labels to Genesis node so the
# proper services are installed and proper configuration applied. This should
# not need to be changed for a new site.
# #GLOBAL-CANDIDATE#
schema: promenade/Genesis/v1
metadata:
schema: metadata/Document/v1
name: genesis-site
layeringDefinition:
abstract: false
layer: site
parentSelector:
name: genesis-global
actions:
- method: merge
path: .
storagePolicy: cleartext
data:
labels:
dynamic:
- beta.kubernetes.io/fluentd-ds-ready=true
- calico-etcd=enabled
- ceph-mds=enabled
- ceph-mon=enabled
- ceph-osd=enabled
- ceph-rgw=enabled
- ceph-mgr=enabled
- ceph-bootstrap=enabled
- tenant-ceph-control-plane=enabled
- tenant-ceph-mon=enabled
- tenant-ceph-rgw=enabled
- tenant-ceph-mgr=enabled
- kube-dns=enabled
- kube-ingress=enabled
- kubernetes-apiserver=enabled
- kubernetes-controller-manager=enabled
- kubernetes-etcd=enabled
- kubernetes-scheduler=enabled
- promenade-genesis=enabled
- ucp-control-plane=enabled
- maas-rack=enabled
- maas-region=enabled
- ceph-osd-bootstrap=enabled
- openstack-control-plane=enabled
- openvswitch=enabled
- openstack-l3-agent=enabled
- node-exporter=enabled
- fluentd=enabled
...

23
site/seaworthy-virt/profiles/hardware/generic_vm.yaml

@ -0,0 +1,23 @@
---
schema: 'drydock/HardwareProfile/v1'
metadata:
schema: 'metadata/Document/v1'
name: GenericVM
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
vendor: 'Dell'
generation: '1'
hw_version: '2'
bios_version: '2.2.3'
boot_mode: 'bios'
bootstrap_protocol: 'pxe'
pxe_interface: 0
device_aliases:
pnic01:
bus_type: 'pci'
dev_type: 'Intel 10Gbps NIC'
address: '0000:00:03.0'
...

173
site/seaworthy-virt/profiles/host/gate-vm-cp.yaml

@ -0,0 +1,173 @@
---
schema: drydock/HostProfile/v1
metadata:
schema: metadata/Document/v1
name: cp-global
replacement: true
layeringDefinition:
abstract: false
layer: site
parentSelector:
hosttype: cp-global
actions:
- method: replace
path: .storage
- method: replace
path: .interfaces
- method: replace
path: .platform.kernel_params
- method: merge
path: .
storagePolicy: cleartext
data:
hardware_profile: 'GenericVM'
primary_network: 'gp'
oob:
type: 'libvirt'
libvirt_uri: 'qemu+ssh://virtmgr@172.24.1.1/system'
storage:
physical_devices:
vda:
labels:
bootdrive: 'true'
partitions:
- name: 'root'
size: '20g'
bootable: true
filesystem:
mountpoint: '/'
fstype: 'ext4'
mount_options: 'defaults'
- name: 'boot'
size: '1g'
filesystem:
mountpoint: '/boot'
fstype: 'ext4'
mount_options: 'defaults'
interfaces:
ens3:
device_link: 'gp'
slaves:
- 'ens3'
networks:
- 'gp'
platform:
kernel_params:
kernel_package: 'linux-image-4.15.0-34-generic'
...
---
schema: drydock/HostProfile/v1
metadata:
schema: metadata/Document/v1
name: cp-secondary
layeringDefinition:
abstract: false
layer: site
parentSelector:
hosttype: cp-global
actions:
- method: replace
path: .storage
- method: replace
path: .interfaces
- method: replace
path: .platform.kernel_params
- method: merge
path: .
storagePolicy: cleartext
data:
hardware_profile: 'GenericVM'
primary_network: 'gp'
oob:
type: 'libvirt'
libvirt_uri: 'qemu+ssh://virtmgr@172.24.1.1/system'
storage:
physical_devices:
vda:
labels:
bootdrive: 'true'
partitions:
- name: 'root'
size: '20g'
bootable: true
filesystem:
mountpoint: '/'
fstype: 'ext4'
mount_options: 'defaults'
- name: 'boot'
size: '1g'
filesystem:
mountpoint: '/boot'
fstype: 'ext4'
mount_options: 'defaults'
interfaces:
ens3:
device_link: 'gp'
slaves:
- 'ens3'
networks:
- 'gp'
platform:
kernel_params:
kernel_package: 'linux-image-4.15.0-34-generic'
metadata:
owner_data:
control-plane: enabled
ucp-control-plane: enabled
openstack-control-plane: enabled
openstack-heat: enabled
openstack-keystone: enabled
openstack-rabbitmq: enabled
openstack-dns-helper: enabled
openstack-mariadb: enabled
openstack-nova-control: enabled
# openstack-etcd: enabled
openstack-mistral: enabled
openstack-memcached: enabled
openstack-glance: enabled
openstack-horizon: enabled
openstack-cinder-control: enabled
openstack-cinder-volume: control
openstack-neutron: enabled
openvswitch: enabled
ucp-barbican: enabled
# ceph-mon: enabled
ceph-mgr: enabled
ceph-osd: enabled
ceph-mds: enabled
ceph-rgw: enabled
ucp-maas: enabled
kube-dns: enabled
tenant-ceph-control-plane: enabled
# tenant-ceph-mon: enabled
tenant-ceph-rgw: enabled
tenant-ceph-mgr: enabled
kubernetes-apiserver: enabled
kubernetes-controller-manager: enabled
# kubernetes-etcd: enabled
kubernetes-scheduler: enabled
tiller-helm: enabled
# kube-etcd: enabled
calico-policy: enabled
calico-node: enabled
# calico-etcd: enabled
ucp-armada: enabled
ucp-drydock: enabled
ucp-deckhand: enabled
ucp-shipyard: enabled
IAM: enabled
ucp-promenade: enabled
prometheus-server: enabled
prometheus-client: enabled
fluentd: enabled
influxdb: enabled
kibana: enabled
elasticsearch-client: enabled
elasticsearch-master: enabled
elasticsearch-data: enabled
postgresql: enabled
kube-ingress: enabled
beta.kubernetes.io/fluentd-ds-ready: 'true'
node-exporter: enabled
...

58
site/seaworthy-virt/profiles/host/gate-vm-dp.yaml

@ -0,0 +1,58 @@
---
schema: 'drydock/HostProfile/v1'
metadata:
name: gate-vm-dp
schema: 'metadata/Document/v1'
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
hardware_profile: 'GenericVM'
primary_network: 'gp'
oob:
type: 'libvirt'
libvirt_uri: 'qemu+ssh://virtmgr@172.24.1.1/system'
storage:
physical_devices:
vda:
labels:
bootdrive: 'true'
partitions:
- name: 'root'
size: '20g'
bootable: true
filesystem:
mountpoint: '/'
fstype: 'ext4'
mount_options: 'defaults'
- name: 'boot'
size: '1g'
filesystem:
mountpoint: '/boot'
fstype: 'ext4'
mount_options: 'defaults'
interfaces:
ens3:
device_link: 'gp'
slaves:
- 'ens3'
networks:
- 'gp'
platform:
image: 'xenial'
kernel: 'hwe-16.04'
metadata:
tags:
- 'foo'
owner_data:
openstack-nova-compute: enabled
openvswitch: enabled
# sriov: enabled
contrail-vrouter: kernel
openstack-libvirt: kernel
beta.kubernetes.io/fluentd-ds-ready: 'true'
node-exporter: enabled
fluentbit: enabled
tenant-ceph-osd: enabled
...

37
site/seaworthy-virt/profiles/region.yaml

@ -0,0 +1,37 @@
---
# The purpose of this file is to define the drydock Region, which in turn drives
# the MaaS region.
schema: 'drydock/Region/v1'
metadata:
schema: 'metadata/Document/v1'
name: seaworthy-virt
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
substitutions:
- dest:
# Add/replace the first item in the list
path: .authorized_keys[0]
src:
schema: deckhand/PublicKey/v1
# This should match the "name" metadata of the SSH key which will be
# substituted, located in site/airship-seaworthy/secrets folder.
name: airship_ubuntu_ssh_public_key
path: .
- dest:
path: .repositories.main_archive
src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .packages.repositories.main_archive
data:
tag_definitions: []
# This is the list of SSH keys which MaaS will register for the built-in
# "ubuntu" account during the PXE process. This list is populated by
# substitution, so the same SSH keys do not need to be repeated in multiple
# manifests.
authorized_keys: []
repositories:
remove_unlisted: true
...

2784
site/seaworthy-virt/secrets/certificates/certificates.yaml
File diff suppressed because it is too large
View File

38
site/seaworthy-virt/secrets/passphrases/airship_drydock_kvm_ssh_key.yaml

@ -0,0 +1,38 @@
---
schema: deckhand/CertificateKey/v1
metadata:
schema: metadata/Document/v1
name: airship_drydock_kvm_ssh_key
layeringDefinition:
layer: site
abstract: false
storagePolicy: cleartext
data: |-
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA6gVNOBV7zP2yeZF4P+pcei6VrRW5Qy0pzFNl4Xx6JGyM8LUP
yH11pPTokQ7G4JRowzn9tsq21b10gStFLyysOogXJlKCHeR0Bu1MfQYzxshyRgCM
dTc9H+4hhLnbPfazV+wUqgV02smsIy0x28DCiHUGXnledAsRPXFcT2d+ujPYoE7u
M6WDrRhGwMBM9s6iZ2aYcwDjN8SgliaeLEd6xrk/AHjsvEHQKVCqe24PxiwXbu9q
8PMbUOHfd/OrK+ir+uzh06ZVywifPB6btP3BxBRNLVcSwGgUnPQWg/+q+vi6urlp
b66lxQ658gzltzFWHyOl/rQSMP1/rH3M1NhibwIDAQABAoIBAA1VW/70Cme1lLOk
fCt4GOjFOrXv5OxU6GrB3a4pP3RP0v/r8QhFTaymX5HUO7SUABwPc8s0ZZJsBvVN
F9YGP5HeKyN90/gMCihS4ObGsbCDvy8J3PbYvNzS3ooHZNx07+b0hoDharUEhJBE
hPC2XN8Ve9VqKN2Hu+W6Tb4gcXH+YlHEeULaeerZRmAflKxnspvYIkVzP5vV540h
qiP5LH5dTuHaJBiQcrCP9dbFzjPCqueFohHKOQI6wSbI9QbcuQvD7pxHoxPaf8B/
V68fYaZoTGuVzhUuRsKTmseaFac4/bgmCQI8j2fDnWWA7EUANhH2ldIwEwBoPiF+
nldqQbECgYEA/mcP2XQ98KIOLRRyWYMxPW/MjKRe1aefcll1Iitilt67mBwPUSvN
KB/JTLoN838Vdv/oPQiZrtTYiEsbcj3YHa+kjI62veSFXTeghMKgn4HqQ1FdHOIW
Ku+lXj6hSVUdyqC1r8vDDvoludFep+s+M0w/7tcSjlqlZHkpFgEL0uMCgYEA6316
G8luptWeYOD2AOPjqqecXoSfPO6EG8rNO3IQUyQP8LgwtQUbK1PNZ/0u9IsKGnTA
CvtjhAmyLPlq87KSjOOw7br6VSih/9uxfx/zf+y+NOwkFBqgn2/9lwFvkoJvPELk
hRr39Ej9NuX42W5m7XkINCddJgPrVaGF0FQ87AUCgYEAuM03Fzi4se+Wqqqasml5
wG5RQa05cqzUR6WyUAMCGCRuU322prlRy57jhMf20HX1qr8U/hkcQoM9VCxzIJbK
Qi5QMwaMuv6g3mlFQot7UMN34DTfldaqUcBJ+V83nGSnQoVh1fUHmf6enw/3WbWq
NmtiWeaEBULVuFnHPcO+yg8CgYEAqYha+VgpxgfyDlLGJ9voUjp6k30s2oPoLc3x
tIMoh4Jly2n+/sMfTTD2po+aV0kly+gTPZS/jxYf5MrnGWyMnsto260JfXdUMUur
XBbXiVgZkyYRzztgOYg5a5YICdTHWf3aYI0Kxx4o1XX4kiguB3Zj1pAkOjMGIE65
dELA3TUCgYAoRt2+LINxTn2dqU9sHv+oAqN9WY3AGLc8MgAG2sEyD6u6a4ji6LJA
5W48boUeUAieiyHdLqpnxZbgsndFXGoOGy3w7k511mGVT8R37uzqoW8en+l/B3aC
m6GnweW01V+kv0FiSLsMfNZmYQeCQRNYn/LdSBAjsrmg8c88z0Af6g==
-----END RSA PRIVATE KEY-----
...

11
site/seaworthy-virt/secrets/passphrases/airship_ubuntu_ssh_public_key.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/PublicKey/v1
metadata:
schema: metadata/Document/v1
name: airship_ubuntu_ssh_public_key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqBU04FXvM/bJ5kXg/6lx6LpWtFblDLSnMU2XhfHokbIzwtQ/IfXWk9OiRDsbglGjDOf22yrbVvXSBK0UvLKw6iBcmUoId5HQG7Ux9BjPGyHJGAIx1Nz0f7iGEuds99rNX7BSqBXTayawjLTHbwMKIdQZeeV50CxE9cVxPZ366M9igTu4zpYOtGEbAwEz2zqJnZphzAOM3xKCWJp4sR3rGuT8AeOy8QdApUKp7bg/GLBdu72rw8xtQ4d9386sr6Kv67OHTplXLCJ88Hpu0/cHEFE0tVxLAaBSc9BaD/6r6+Lq6uWlvrqXFDrnyDOW3MVYfI6X+tBIw/X+sfczU2GJv ubuntu@multinode
...

12
site/seaworthy-virt/secrets/passphrases/apiserver-encryption-key-key1.yaml

@ -0,0 +1,12 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: apiserver-encryption-key-key1
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
# head -c 32 /dev/urandom | base64
data: ShMq3FztlkBMTDMKmKBv9Nq0Rk6h5hGWwZTyUnYjxlM=
...

12
site/seaworthy-virt/secrets/passphrases/ceph_fsid.yaml

@ -0,0 +1,12 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ceph_fsid
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
# uuidgen
data: 7b7576f4-3358-4668-9112-100440079807
...

11
site/seaworthy-virt/secrets/passphrases/ceph_swift_keystone_password.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ceph_swift_keystone_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

13
site/seaworthy-virt/secrets/passphrases/ipmi_admin_password.yaml

@ -0,0 +1,13 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ipmi_admin_password
layeringDefinition:
abstract: false
layer: site
labels:
name: ipmi-admin-password-site
storagePolicy: cleartext
data: password123
...

12
site/seaworthy-virt/secrets/passphrases/maas-region-key.yaml

@ -0,0 +1,12 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: maas-region-key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
# openssl rand -hex 10
data: 9026f6048d6a017dc913
...

11
site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_db_password.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_barbican_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_barbican_oslo_messaging_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/seaworthy-virt/secrets/passphrases/osh_barbican_password.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_barbican_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_db_password.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_cinder_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_cinder_oslo_messaging_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/seaworthy-virt/secrets/passphrases/osh_cinder_password.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_cinder_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_db_password.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_glance_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_messaging_password.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_glance_oslo_messaging_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/seaworthy-virt/secrets/passphrases/osh_glance_password.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_glance_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_db_password.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_heat_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_messaging_password.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_heat_oslo_messaging_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/seaworthy-virt/secrets/passphrases/osh_heat_password.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_heat_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/seaworthy-virt/secrets/passphrases/osh_heat_stack_user_password.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_heat_stack_user_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/seaworthy-virt/secrets/passphrases/osh_heat_trustee_password.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_heat_trustee_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/seaworthy-virt/secrets/passphrases/osh_horizon_oslo_db_password.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_horizon_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/seaworthy-virt/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_elasticsearch_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_admin_password.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_grafana_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_grafana_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_grafana_oslo_db_session_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/seaworthy-virt/secrets/passphrases/osh_infra_nagios_admin_password.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_nagios_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/seaworthy-virt/secrets/passphrases/osh_infra_openstack_exporter_password.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_openstack_exporter_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_oslo_db_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_oslo_db_exporter_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/seaworthy-virt/secrets/passphrases/osh_infra_prometheus_admin_password.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_prometheus_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

11
site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_rgw_s3_admin_access_key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: admin_access_key
...

11
site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml

@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_rgw_s3_admin_secret_key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: admin_secret_key
...