Browse Source

Add new seaworthy-virt site

This site is created in order to utilize the multinode development
environment alongside the global and type manifests in Treasure map.

To accomplish this, the new seaworthy-virt site is a copy of the
airship-seaworthy site but with as many overrides and removed
pieces as necessary.

Change-Id: I6d19e1cf019c5d03f42343ab3c72971172879e4d
changes/15/656015/23
Michael Beaver 3 months ago
parent
commit
22408cbeb5
100 changed files with 5245 additions and 0 deletions
  1. 21
    0
      .zuul.yaml
  2. 1
    0
      global/baremetal/bootactions/promjoin.yaml
  3. 49
    0
      site/seaworthy-virt/baremetal/bootactions/promjoin.yaml
  4. 58
    0
      site/seaworthy-virt/baremetal/nodes.yaml
  5. 41
    0
      site/seaworthy-virt/deployment/deployment-configuration.yaml
  6. 12
    0
      site/seaworthy-virt/deployment/dev-configurables.yaml
  7. 132
    0
      site/seaworthy-virt/networks/common-addresses.yaml
  8. 44
    0
      site/seaworthy-virt/networks/physical/networks.yaml
  9. 72
    0
      site/seaworthy-virt/networks/physical/unused_networks.yaml
  10. 279
    0
      site/seaworthy-virt/pki/pki-catalog.yaml
  11. 50
    0
      site/seaworthy-virt/profiles/genesis.yaml
  12. 23
    0
      site/seaworthy-virt/profiles/hardware/generic_vm.yaml
  13. 173
    0
      site/seaworthy-virt/profiles/host/gate-vm-cp.yaml
  14. 58
    0
      site/seaworthy-virt/profiles/host/gate-vm-dp.yaml
  15. 37
    0
      site/seaworthy-virt/profiles/region.yaml
  16. 2784
    0
      site/seaworthy-virt/secrets/certificates/certificates.yaml
  17. 38
    0
      site/seaworthy-virt/secrets/passphrases/airship_drydock_kvm_ssh_key.yaml
  18. 11
    0
      site/seaworthy-virt/secrets/passphrases/airship_ubuntu_ssh_public_key.yaml
  19. 12
    0
      site/seaworthy-virt/secrets/passphrases/apiserver-encryption-key-key1.yaml
  20. 12
    0
      site/seaworthy-virt/secrets/passphrases/ceph_fsid.yaml
  21. 11
    0
      site/seaworthy-virt/secrets/passphrases/ceph_swift_keystone_password.yaml
  22. 13
    0
      site/seaworthy-virt/secrets/passphrases/ipmi_admin_password.yaml
  23. 12
    0
      site/seaworthy-virt/secrets/passphrases/maas-region-key.yaml
  24. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_db_password.yaml
  25. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
  26. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_barbican_password.yaml
  27. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_db_password.yaml
  28. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
  29. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_cinder_password.yaml
  30. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_db_password.yaml
  31. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
  32. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_glance_password.yaml
  33. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_db_password.yaml
  34. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
  35. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_heat_password.yaml
  36. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_heat_stack_user_password.yaml
  37. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_heat_trustee_password.yaml
  38. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_horizon_oslo_db_password.yaml
  39. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
  40. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_admin_password.yaml
  41. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
  42. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
  43. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_infra_nagios_admin_password.yaml
  44. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
  45. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
  46. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
  47. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
  48. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
  49. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
  50. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
  51. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
  52. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_keystone_admin_password.yaml
  53. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_keystone_ldap_password.yaml
  54. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_keystone_oslo_db_password.yaml
  55. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
  56. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_neutron_oslo_db_password.yaml
  57. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
  58. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_neutron_password.yaml
  59. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
  60. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_nova_oslo_db_password.yaml
  61. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
  62. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_nova_password.yaml
  63. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_oslo_cache_secret_key.yaml
  64. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_oslo_db_admin_password.yaml
  65. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_oslo_db_exporter_password.yaml
  66. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_oslo_messaging_admin_password.yaml
  67. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_placement_password.yaml
  68. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
  69. 11
    0
      site/seaworthy-virt/secrets/passphrases/osh_tempest_password.yaml
  70. 12
    0
      site/seaworthy-virt/secrets/passphrases/tenant_ceph_fsid.yaml
  71. 12
    0
      site/seaworthy-virt/secrets/passphrases/ubuntu_crypt_password.yaml
  72. 11
    0
      site/seaworthy-virt/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
  73. 11
    0
      site/seaworthy-virt/secrets/passphrases/ucp_airflow_postgres_password.yaml
  74. 11
    0
      site/seaworthy-virt/secrets/passphrases/ucp_armada_keystone_password.yaml
  75. 11
    0
      site/seaworthy-virt/secrets/passphrases/ucp_barbican_keystone_password.yaml
  76. 11
    0
      site/seaworthy-virt/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
  77. 11
    0
      site/seaworthy-virt/secrets/passphrases/ucp_deckhand_keystone_password.yaml
  78. 11
    0
      site/seaworthy-virt/secrets/passphrases/ucp_deckhand_postgres_password.yaml
  79. 11
    0
      site/seaworthy-virt/secrets/passphrases/ucp_drydock_keystone_password.yaml
  80. 11
    0
      site/seaworthy-virt/secrets/passphrases/ucp_drydock_postgres_password.yaml
  81. 11
    0
      site/seaworthy-virt/secrets/passphrases/ucp_keystone_admin_password.yaml
  82. 11
    0
      site/seaworthy-virt/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
  83. 11
    0
      site/seaworthy-virt/secrets/passphrases/ucp_maas_admin_password.yaml
  84. 11
    0
      site/seaworthy-virt/secrets/passphrases/ucp_maas_postgres_password.yaml
  85. 11
    0
      site/seaworthy-virt/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
  86. 11
    0
      site/seaworthy-virt/secrets/passphrases/ucp_oslo_db_admin_password.yaml
  87. 11
    0
      site/seaworthy-virt/secrets/passphrases/ucp_oslo_messaging_password.yaml
  88. 11
    0
      site/seaworthy-virt/secrets/passphrases/ucp_postgres_admin_password.yaml
  89. 11
    0
      site/seaworthy-virt/secrets/passphrases/ucp_postgres_exporter_password.yaml
  90. 11
    0
      site/seaworthy-virt/secrets/passphrases/ucp_postgres_replication_password.yaml
  91. 11
    0
      site/seaworthy-virt/secrets/passphrases/ucp_promenade_keystone_password.yaml
  92. 11
    0
      site/seaworthy-virt/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
  93. 11
    0
      site/seaworthy-virt/secrets/passphrases/ucp_shipyard_keystone_password.yaml
  94. 11
    0
      site/seaworthy-virt/secrets/passphrases/ucp_shipyard_postgres_password.yaml
  95. 12
    0
      site/seaworthy-virt/site-definition.yaml
  96. 160
    0
      site/seaworthy-virt/software/charts/kubernetes/container-networking/calico.yaml
  97. 153
    0
      site/seaworthy-virt/software/charts/kubernetes/container-networking/etcd.yaml
  98. 163
    0
      site/seaworthy-virt/software/charts/kubernetes/etcd/etcd.yaml
  99. 31
    0
      site/seaworthy-virt/software/charts/kubernetes/ingress/ingress.yaml
  100. 0
    0
      site/seaworthy-virt/software/charts/ucp/ceph/ceph-client-update.yaml

+ 21
- 0
.zuul.yaml View File

@@ -19,6 +19,7 @@
19 19
     check:
20 20
       jobs:
21 21
         - treasuremap-seaworthy-site-lint
22
+        - treasuremap-seaworthy-virt-site-lint
22 23
         - treasuremap-airskiff-site-lint
23 24
         - treasuremap-airsloop-site-lint
24 25
         - treasuremap-aiab-site-lint
@@ -26,6 +27,7 @@
26 27
     gate:
27 28
       jobs:
28 29
         - treasuremap-seaworthy-site-lint
30
+        - treasuremap-seaworthy-virt-site-lint
29 31
         - treasuremap-airskiff-site-lint
30 32
         - treasuremap-airsloop-site-lint
31 33
         - treasuremap-aiab-site-lint
@@ -67,6 +69,22 @@
67 69
     irrelevant-files:
68 70
       - ^.*\.rst$
69 71
       - ^doc/.*$
72
+      - ^site/seaworthy-virt/.*$
73
+      - ^site/airskiff/.*$
74
+      - ^site/airsloop/.*$
75
+      - ^site/aiab/.*$
76
+
77
+- job:
78
+    name: treasuremap-seaworthy-virt-site-lint
79
+    description: |
80
+      Lint the seaworthy site using Pegleg.
81
+    parent: treasuremap-site-lint
82
+    vars:
83
+      site: seaworthy-virt
84
+    irrelevant-files:
85
+      - ^.*\.rst$
86
+      - ^doc/.*$
87
+      - ^site/seaworthy/.*$
70 88
       - ^site/airskiff/.*$
71 89
       - ^site/airsloop/.*$
72 90
       - ^site/aiab/.*$
@@ -82,6 +100,7 @@
82 100
       - ^.*\.rst$
83 101
       - ^doc/.*$
84 102
       - ^site/seaworthy/.*$
103
+      - ^site/seaworthy-virt/.*$
85 104
       - ^site/airsloop/.*$
86 105
       - ^site/aiab/.*$
87 106
 
@@ -96,6 +115,7 @@
96 115
       - ^.*\.rst$
97 116
       - ^doc/.*$
98 117
       - ^site/seaworthy/.*$
118
+      - ^site/seaworthy-virt/.*$
99 119
       - ^site/airskiff/.*$
100 120
       - ^site/aiab/.*$
101 121
 
@@ -112,6 +132,7 @@
112 132
       - ^.*\.rst$
113 133
       - ^doc/.*$
114 134
       - ^site/seaworthy/.*$
135
+      - ^site/seaworthy-virt/.*$
115 136
       - ^site/airskiff/.*$
116 137
       - ^site/airsloop/.*$
117 138
 

+ 1
- 0
global/baremetal/bootactions/promjoin.yaml View File

@@ -8,6 +8,7 @@ metadata:
8 8
     abstract: false
9 9
     layer: global
10 10
   labels:
11
+    name: promjoin-systemd-unit
11 12
     application: 'drydock'
12 13
 data:
13 14
   signaling: false

+ 49
- 0
site/seaworthy-virt/baremetal/bootactions/promjoin.yaml View File

@@ -0,0 +1,49 @@
1
+---
2
+# This file defines a boot action which is responsible for fetching the node's
3
+# promjoin script from the promenade API. This is the script responsible for
4
+# installing kubernetes on the node and joining the kubernetes cluster.
5
+# #GLOBAL-CANDIDATE#
6
+schema: 'drydock/BootAction/v1'
7
+metadata:
8
+  schema: 'metadata/Document/v1'
9
+  name: promjoin-systemd-unit
10
+  storagePolicy: 'cleartext'
11
+  replacement: true
12
+  layeringDefinition:
13
+    abstract: false
14
+    layer: site
15
+    parentSelector:
16
+      name: promjoin-systemd-unit
17
+    actions:
18
+      - method: replace
19
+        path: .assets
20
+  labels:
21
+    application: 'drydock'
22
+data:
23
+  signaling: false
24
+  # TODO(alanmeadows) move what is global about this document
25
+  assets:
26
+    - path: /opt/promjoin.sh
27
+      type: file
28
+      permissions: '555'
29
+      # The ip= parameter must match the MaaS network name of the network used
30
+      # to contact kubernetes. With a standard, reference Airship deployment where
31
+      # L2 networks are shared between all racks, the network name (i.e. calico)
32
+      # should be correct.
33
+      location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}&ip={{ node.network.default.ip }}&domain={{ node.domain }}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %}
34
+      location_pipeline:
35
+        - template
36
+      data_pipeline:
37
+        - utf8_decode
38
+    - path: /lib/systemd/system/promjoin.service
39
+      type: unit
40
+      permissions: '600'
41
+      data: |-
42
+        W1VuaXRdCkRlc2NyaXB0aW9uPVByb21lbmFkZSBJbml0aWFsaXphdGlvbiBTZXJ2aWNlCkFmdGVy
43
+        PW5ldHdvcmstb25saW5lLnRhcmdldCBsb2NhbC1mcy50YXJnZXQKQ29uZGl0aW9uUGF0aEV4aXN0
44
+        cz0hL3Zhci9saWIvcHJvbS5kb25lCgpbU2VydmljZV0KVHlwZT1zaW1wbGUKRXhlY1N0YXJ0PS9v
45
+        cHQvcHJvbWpvaW4uc2gKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldAo=
46
+      data_pipeline:
47
+        - base64_decode
48
+        - utf8_decode
49
+...

+ 58
- 0
site/seaworthy-virt/baremetal/nodes.yaml View File

@@ -0,0 +1,58 @@
1
+---
2
+schema: 'drydock/BaremetalNode/v1'
3
+metadata:
4
+  schema: 'metadata/Document/v1'
5
+  name: n1
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data:
11
+  host_profile: cp-global
12
+  addressing:
13
+    - network: gp
14
+      address: 172.24.1.11
15
+  metadata:
16
+    boot_mac: '52:54:00:00:a3:31'
17
+    rack: rack1
18
+    tags:
19
+      - 'masters'
20
+---
21
+schema: 'drydock/BaremetalNode/v1'
22
+metadata:
23
+  schema: 'metadata/Document/v1'
24
+  name: n2
25
+  layeringDefinition:
26
+    abstract: false
27
+    layer: site
28
+  storagePolicy: cleartext
29
+data:
30
+  host_profile: cp-global
31
+  addressing:
32
+    - network: gp
33
+      address: 172.24.1.12
34
+  metadata:
35
+    boot_mac: '52:54:00:1a:95:0d'
36
+    rack: rack1
37
+    tags:
38
+      - 'masters'
39
+---
40
+schema: 'drydock/BaremetalNode/v1'
41
+metadata:
42
+  schema: 'metadata/Document/v1'
43
+  name: n3
44
+  layeringDefinition:
45
+    abstract: false
46
+    layer: site
47
+  storagePolicy: cleartext
48
+data:
49
+  host_profile: cp-secondary
50
+  addressing:
51
+    - network: gp
52
+      address: 172.24.1.13
53
+  metadata:
54
+    boot_mac: '52:54:00:31:c2:36'
55
+    rack: rack1
56
+    tags:
57
+      - 'masters'
58
+...

+ 41
- 0
site/seaworthy-virt/deployment/deployment-configuration.yaml View File

@@ -0,0 +1,41 @@
1
+---
2
+# The purpose of this file is to provide shipyard related deployment config
3
+# parameters. This should not require modification for a new site. However,
4
+# shipyard deployment strategies can be very useful in getting around certain
5
+# failures, like misbehaving nodes that hold up the deployment. See more at
6
+# https://opendev.org/airship/shipyard/src/branch/master/doc/source/site-definition-documents.rst#using-a-deployment-strategy
7
+schema: shipyard/DeploymentConfiguration/v1
8
+metadata:
9
+  schema: metadata/Document/v1
10
+  name: deployment-configuration
11
+  layeringDefinition:
12
+    abstract: false
13
+    layer: site
14
+  storagePolicy: cleartext
15
+data:
16
+  physical_provisioner:
17
+    deployment_strategy: deployment-strategy
18
+    deploy_interval: 30
19
+    deploy_timeout: 3600
20
+    destroy_interval: 30
21
+    destroy_timeout: 900
22
+    join_wait: 0
23
+    prepare_node_interval: 30
24
+    prepare_node_timeout: 1800
25
+    prepare_site_interval: 10
26
+    prepare_site_timeout: 300
27
+    verify_interval: 10
28
+    verify_timeout: 60
29
+  kubernetes_provisioner:
30
+    drain_timeout: 3600
31
+    drain_grace_period: 1800
32
+    clear_labels_timeout: 1800
33
+    remove_etcd_timeout: 1800
34
+    etcd_ready_timeout: 600
35
+  armada:
36
+    get_releases_timeout: 300
37
+    get_status_timeout: 300
38
+    manifest: 'full-site'
39
+    post_apply_timeout: 7200
40
+    validate_design_timeout: 600
41
+...

+ 12
- 0
site/seaworthy-virt/deployment/dev-configurables.yaml View File

@@ -0,0 +1,12 @@
1
+---
2
+schema: dev/Configurables/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: dev-configurables
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data:
11
+  hostcidr: 172.24.1.0/24
12
+...

+ 132
- 0
site/seaworthy-virt/networks/common-addresses.yaml View File

@@ -0,0 +1,132 @@
1
+---
2
+# The purpose of this file is to define network related paramters that are
3
+# referenced elsewhere in the manifests for this site.
4
+#
5
+# TODO: Include bare metal host FQDN naming standards
6
+# TODO: Include ingress FQDN naming standards
7
+schema: pegleg/CommonAddresses/v1
8
+metadata:
9
+  schema: metadata/Document/v1
10
+  name: common-addresses
11
+  layeringDefinition:
12
+    abstract: false
13
+    layer: site
14
+  storagePolicy: cleartext
15
+data:
16
+  calico:
17
+    ip_autodetection_method: 'interface=ens3'
18
+    bgp:
19
+      ipv4:
20
+        ingress_vip: '172.24.1.6/32'
21
+        maas_vip: '172.24.1.5/32'
22
+        public_service_cidr: 'Nonsense'
23
+        peers:
24
+          - 'Nonsense'
25
+          - 'Nonsense'
26
+    ip_rule:
27
+      gateway: 'Nonsense'
28
+    etcd:
29
+      # etcd service IP address
30
+      service_ip: 10.96.232.136
31
+
32
+  dns:
33
+    # Kubernetes cluster domain. Do not change. This is internal to the cluster.
34
+    cluster_domain: cluster.local
35
+    # DNS service ip
36
+    service_ip: 10.96.0.10
37
+    # List of upstream DNS forwards. Verify you can reach them from your
38
+    # environment. If so, you should not need to change them.
39
+    upstream_servers:
40
+      - 172.24.1.9
41
+      - 172.24.1.9
42
+      - 172.24.1.9
43
+    # Repeat the same values as above, but formatted as a common separated
44
+    # string
45
+    upstream_servers_joined: 172.24.1.9
46
+    ingress_domain: gate.local
47
+    node_domain: gate.local
48
+
49
+  genesis:
50
+    hostname: n0
51
+    ip: 172.24.1.10
52
+
53
+  proxy:
54
+    http: ""
55
+    https: ""
56
+    no_proxy: []
57
+
58
+  bootstrap:
59
+    ip: 172.24.1.10
60
+
61
+  kubernetes:
62
+    # K8s API service IP
63
+    api_service_ip: 10.96.0.1
64
+    # etcd service IP
65
+    etcd_service_ip: 10.96.0.2
66
+    # k8s pod CIDR (network which pod traffic will traverse)
67
+    pod_cidr: 10.97.0.0/16
68
+    # k8s service CIDR (network which k8s API traffic will traverse)
69
+    service_cidr: 10.96.0.0/16
70
+    # misc k8s port settings
71
+    apiserver_port: 6443
72
+    haproxy_port: 6553
73
+    service_node_port_range: 30000-32767
74
+
75
+  # etcd port settings
76
+  etcd:
77
+    container_port: 2379
78
+    haproxy_port: 2378
79
+
80
+  masters:
81
+    - hostname: n1
82
+    - hostname: n2
83
+    - hostname: n3
84
+
85
+  node_ports:
86
+    drydock_api: 30000
87
+    maas_api: 30001
88
+    maas_proxy: 31800  # hardcoded in MAAS
89
+
90
+  vip:
91
+    ingress_vip: '172.24.1.6/32'
92
+    maas_vip: '172.24.1.5/32'
93
+
94
+  ntp:
95
+    # comma separated NTP server list. Verify that these upstream NTP servers are
96
+    # reachable in your environment; otherwise update them with the correct
97
+    # values for your environment.
98
+    servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org'
99
+
100
+  # NOTE: This will be updated soon
101
+  ldap:
102
+    base_url: 'ldap.example.com'
103
+    url: 'ldap://ldap.example.com'
104
+    auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
105
+    # NEWSITE-CHANGEME: Update to the correct AD group that contains the users
106
+    # relevant for this deployment (test users vs prod users/values, etc)
107
+    common_name: test
108
+    # NEWSITE-CHANGEME: Update to the correct subdomain for your type of
109
+    # deployment (test vs prod values, etc)
110
+    subdomain: test
111
+    # NEWSITE-CHANGEME: Update to the correct domain for your type of
112
+    # deployment (test vs prod values, etc)
113
+    domain: example
114
+
115
+  storage:
116
+    ceph:
117
+      public_cidr: 172.24.1.0/24
118
+      cluster_cidr: 172.24.1.0/24
119
+
120
+  neutron:
121
+    tunnel_device: 'ens3'
122
+    # bond which the overlay is a member of. Ensure the bond name is consistent
123
+    # with the bond assigned to the overlay network in
124
+    # networks/physical/networks.yaml
125
+    external_iface: 'ens3'
126
+
127
+  openvswitch:
128
+    # bond which the overlay is a member of. Ensure the bond name is consistent
129
+    # with the bond assigned to the overlay network in
130
+    # networks/physical/networks.yaml
131
+    external_iface: 'ens3'
132
+...

+ 44
- 0
site/seaworthy-virt/networks/physical/networks.yaml View File

@@ -0,0 +1,44 @@
1
+---
2
+schema: 'drydock/NetworkLink/v1'
3
+metadata:
4
+  schema: 'metadata/Document/v1'
5
+  name: gp
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data:
11
+  bonding:
12
+    mode: disabled
13
+  mtu: 1500
14
+  linkspeed: auto
15
+  trunking:
16
+    mode: disabled
17
+    default_network: gp
18
+  allowed_networks:
19
+    - gp
20
+...
21
+---
22
+schema: 'drydock/Network/v1'
23
+metadata:
24
+  schema: 'metadata/Document/v1'
25
+  name: gp
26
+  layeringDefinition:
27
+    abstract: false
28
+    layer: site
29
+  storagePolicy: cleartext
30
+data:
31
+  mtu: 1500
32
+  cidr: 172.24.1.0/24
33
+  ranges:
34
+    - type: dhcp
35
+      start: 172.24.1.100
36
+      end: 172.24.1.200
37
+  routes:
38
+    - subnet: 0.0.0.0/0
39
+      gateway: 172.24.1.1
40
+      metric: 10
41
+  dns:
42
+    domain: gate.local
43
+    servers: '172.24.1.9'
44
+...

+ 72
- 0
site/seaworthy-virt/networks/physical/unused_networks.yaml View File

@@ -0,0 +1,72 @@
1
+---
2
+schema: 'drydock/Network/v1'
3
+metadata:
4
+  schema: 'metadata/Document/v1'
5
+  name: oob
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data:
11
+  cidr: 192.168.1.0/24
12
+...
13
+---
14
+schema: 'drydock/Network/v1'
15
+metadata:
16
+  schema: 'metadata/Document/v1'
17
+  name: pxe
18
+  layeringDefinition:
19
+    abstract: false
20
+    layer: site
21
+  storagePolicy: cleartext
22
+data:
23
+  cidr: 192.168.2.0/24
24
+...
25
+---
26
+schema: 'drydock/Network/v1'
27
+metadata:
28
+  schema: 'metadata/Document/v1'
29
+  name: oam
30
+  layeringDefinition:
31
+    abstract: false
32
+    layer: site
33
+  storagePolicy: cleartext
34
+data:
35
+  cidr: 192.168.3.0/24
36
+...
37
+---
38
+schema: 'drydock/Network/v1'
39
+metadata:
40
+  schema: 'metadata/Document/v1'
41
+  name: storage
42
+  layeringDefinition:
43
+    abstract: false
44
+    layer: site
45
+  storagePolicy: cleartext
46
+data:
47
+  cidr: 192.168.4.0/24
48
+...
49
+---
50
+schema: 'drydock/Network/v1'
51
+metadata:
52
+  schema: 'metadata/Document/v1'
53
+  name: calico
54
+  layeringDefinition:
55
+    abstract: false
56
+    layer: site
57
+  storagePolicy: cleartext
58
+data:
59
+  cidr: 192.168.5.0/24
60
+...
61
+---
62
+schema: 'drydock/Network/v1'
63
+metadata:
64
+  schema: 'metadata/Document/v1'
65
+  name: overlay
66
+  layeringDefinition:
67
+    abstract: false
68
+    layer: site
69
+  storagePolicy: cleartext
70
+data:
71
+  cidr: 192.168.6.0/24
72
+...

+ 279
- 0
site/seaworthy-virt/pki/pki-catalog.yaml View File

@@ -0,0 +1,279 @@
1
+---
2
+# The purpose of this file is to define the PKI certificates for the environment
3
+#
4
+# NOTE: When deploying a new site, this file should not be configured until
5
+# baremetal/nodes.yaml is complete.
6
+#
7
+schema: promenade/PKICatalog/v1
8
+metadata:
9
+  schema: metadata/Document/v1
10
+  name: cluster-certificates
11
+  layeringDefinition:
12
+    abstract: false
13
+    layer: site
14
+  storagePolicy: cleartext
15
+data:
16
+  certificate_authorities:
17
+    kubernetes:
18
+      description: CA for Kubernetes components
19
+      certificates:
20
+        - document_name: apiserver
21
+          description: Service certificate for Kubernetes apiserver
22
+          common_name: apiserver
23
+          hosts:
24
+            - localhost
25
+            - 127.0.0.1
26
+            - 10.96.0.1
27
+          kubernetes_service_names:
28
+            - kubernetes.default.svc.cluster.local
29
+        - document_name: kubelet-genesis
30
+          common_name: system:node:n0
31
+          hosts:
32
+            - n0
33
+            - 172.24.1.10
34
+          groups:
35
+            - system:nodes
36
+        - document_name: kubelet-n0
37
+          common_name: system:node:n0
38
+          hosts:
39
+            - n0
40
+            - 172.24.1.10
41
+          groups:
42
+            - system:nodes
43
+        - document_name: kubelet-n1
44
+          common_name: system:node:n1
45
+          hosts:
46
+            - n1
47
+            - 172.24.1.11
48
+          groups:
49
+            - system:nodes
50
+        - document_name: kubelet-n2
51
+          common_name: system:node:n2
52
+          hosts:
53
+            - n2
54
+            - 172.24.1.12
55
+          groups:
56
+            - system:nodes
57
+        - document_name: kubelet-n3
58
+          common_name: system:node:n3
59
+          hosts:
60
+            - n3
61
+            - 172.24.1.13
62
+          groups:
63
+            - system:nodes
64
+
65
+        # End node list
66
+        - document_name: scheduler
67
+          description: Service certificate for Kubernetes scheduler
68
+          common_name: system:kube-scheduler
69
+        - document_name: controller-manager
70
+          description: certificate for controller-manager
71
+          common_name: system:kube-controller-manager
72
+        - document_name: admin
73
+          common_name: admin
74
+          groups:
75
+            - system:masters
76
+        - document_name: armada
77
+          common_name: armada
78
+          groups:
79
+            - system:masters
80
+    kubernetes-etcd:
81
+      description: Certificates for Kubernetes's etcd servers
82
+      certificates:
83
+        - document_name: apiserver-etcd
84
+          description: etcd client certificate for use by Kubernetes apiserver
85
+          common_name: apiserver
86
+        # NOTE(mark-burnett): hosts not required for client certificates
87
+        - document_name: kubernetes-etcd-anchor
88
+          description: anchor
89
+          common_name: anchor
90
+        - document_name: kubernetes-etcd-genesis
91
+          common_name: kubernetes-etcd-genesis
92
+          hosts:
93
+            - n0
94
+            - 172.24.1.10
95
+            - 127.0.0.1
96
+            - localhost
97
+            - kubernetes-etcd.kube-system.svc.cluster.local
98
+            - 10.96.0.2
99
+        - document_name: kubernetes-etcd-n0
100
+          common_name: kubernetes-etcd-n0
101
+          hosts:
102
+            - n0
103
+            - 172.24.1.10
104
+            - 127.0.0.1
105
+            - localhost
106
+            - kubernetes-etcd.kube-system.svc.cluster.local
107
+            - 10.96.0.2
108
+        - document_name: kubernetes-etcd-n1
109
+          common_name: kubernetes-etcd-n1
110
+          hosts:
111
+            - n1
112
+            - 172.24.1.11
113
+            - 127.0.0.1
114
+            - localhost
115
+            - kubernetes-etcd.kube-system.svc.cluster.local
116
+            - 10.96.0.2
117
+        - document_name: kubernetes-etcd-n2
118
+          common_name: kubernetes-etcd-n2
119
+          hosts:
120
+            - n2
121
+            - 172.24.1.12
122
+            - 127.0.0.1
123
+            - localhost
124
+            - kubernetes-etcd.kube-system.svc.cluster.local
125
+            - 10.96.0.2
126
+        - document_name: kubernetes-etcd-n3
127
+          common_name: kubernetes-etcd-n3
128
+          hosts:
129
+            - n3
130
+            - 172.24.1.13
131
+            - 127.0.0.1
132
+            - localhost
133
+            - kubernetes-etcd.kube-system.svc.cluster.local
134
+            - 10.96.0.2
135
+
136
+    kubernetes-etcd-peer:
137
+      certificates:
138
+        - document_name: kubernetes-etcd-genesis-peer
139
+          common_name: kubernetes-etcd-genesis-peer
140
+          hosts:
141
+            - n0
142
+            - 172.24.1.10
143
+            - 127.0.0.1
144
+            - localhost
145
+            - kubernetes-etcd.kube-system.svc.cluster.local
146
+            - 10.96.0.2
147
+        - document_name: kubernetes-etcd-n0-peer
148
+          common_name: kubernetes-etcd-n0-peer
149
+          hosts:
150
+            - n0
151
+            - 172.24.1.10
152
+            - 127.0.0.1
153
+            - localhost
154
+            - kubernetes-etcd.kube-system.svc.cluster.local
155
+            - 10.96.0.2
156
+        - document_name: kubernetes-etcd-n1-peer
157
+          common_name: kubernetes-etcd-n1-peer
158
+          hosts:
159
+            - n1
160
+            - 172.24.1.11
161
+            - 127.0.0.1
162
+            - localhost
163
+            - kubernetes-etcd.kube-system.svc.cluster.local
164
+            - 10.96.0.2
165
+        - document_name: kubernetes-etcd-n2-peer
166
+          common_name: kubernetes-etcd-n2-peer
167
+          hosts:
168
+            - n2
169
+            - 172.24.1.12
170
+            - 127.0.0.1
171
+            - localhost
172
+            - kubernetes-etcd.kube-system.svc.cluster.local
173
+            - 10.96.0.2
174
+        - document_name: kubernetes-etcd-n3-peer
175
+          common_name: kubernetes-etcd-n3-peer
176
+          hosts:
177
+            - n3
178
+            - 172.24.1.13
179
+            - 127.0.0.1
180
+            - localhost
181
+            - kubernetes-etcd.kube-system.svc.cluster.local
182
+            - 10.96.0.2
183
+    calico-etcd:
184
+      description: Certificates for Calico etcd client traffic
185
+      certificates:
186
+        - document_name: calico-etcd-anchor
187
+          description: anchor
188
+          common_name: anchor
189
+        - document_name: calico-etcd-genesis
190
+          common_name: calico-etcd-genesis
191
+          hosts:
192
+            - n0
193
+            - 172.24.1.10
194
+            - 127.0.0.1
195
+            - localhost
196
+            - 10.96.232.136
197
+        - document_name: calico-etcd-n0
198
+          common_name: calico-etcd-n0
199
+          hosts:
200
+            - n0
201
+            - 172.24.1.10
202
+            - 127.0.0.1
203
+            - localhost
204
+            - 10.96.232.136
205
+        - document_name: calico-etcd-n1
206
+          common_name: calico-etcd-n1
207
+          hosts:
208
+            - n1
209
+            - 172.24.1.11
210
+            - 127.0.0.1
211
+            - localhost
212
+            - 10.96.232.136
213
+        - document_name: calico-etcd-n2
214
+          common_name: calico-etcd-n2
215
+          hosts:
216
+            - n2
217
+            - 172.24.1.12
218
+            - 127.0.0.1
219
+            - localhost
220
+            - 10.96.232.136
221
+        - document_name: calico-etcd-n3
222
+          common_name: calico-etcd-n3
223
+          hosts:
224
+            - n3
225
+            - 172.24.1.13
226
+            - 127.0.0.1
227
+            - localhost
228
+            - 10.96.232.136
229
+        - document_name: calico-node
230
+          common_name: calcico-node
231
+    calico-etcd-peer:
232
+      description: Certificates for Calico etcd clients
233
+      certificates:
234
+        - document_name: calico-etcd-genesis-peer
235
+          common_name: calico-etcd-genesis-peer
236
+          hosts:
237
+            - n0
238
+            - 172.24.1.10
239
+            - 127.0.0.1
240
+            - localhost
241
+            - 10.96.232.136
242
+        - document_name: calico-etcd-n0-peer
243
+          common_name: calico-etcd-n0-peer
244
+          hosts:
245
+            - n0
246
+            - 172.24.1.10
247
+            - 127.0.0.1
248
+            - localhost
249
+            - 10.96.232.136
250
+        - document_name: calico-etcd-n1-peer
251
+          common_name: calico-etcd-n1-peer
252
+          hosts:
253
+            - n1
254
+            - 172.24.1.11
255
+            - 127.0.0.1
256
+            - localhost
257
+            - 10.96.232.136
258
+        - document_name: calico-etcd-n2-peer
259
+          common_name: calico-etcd-n2-peer
260
+          hosts:
261
+            - n2
262
+            - 172.24.1.12
263
+            - 127.0.0.1
264
+            - localhost
265
+            - 10.96.232.136
266
+        - document_name: calico-etcd-n3-peer
267
+          common_name: calico-etcd-n3-peer
268
+          hosts:
269
+            - n3
270
+            - 172.24.1.13
271
+            - 127.0.0.1
272
+            - localhost
273
+            - 10.96.232.136
274
+        - document_name: calico-node-peer
275
+          common_name: calcico-node-peer
276
+  keypairs:
277
+    - name: service-account
278
+      description: Service account signing key for use by Kubernetes controller-manager.
279
+...

+ 50
- 0
site/seaworthy-virt/profiles/genesis.yaml View File

@@ -0,0 +1,50 @@
1
+---
2
+# The purpose of this file is to apply proper labels to Genesis node so the
3
+# proper services are installed and proper configuration applied. This should
4
+# not need to be changed for a new site.
5
+# #GLOBAL-CANDIDATE#
6
+schema: promenade/Genesis/v1
7
+metadata:
8
+  schema: metadata/Document/v1
9
+  name: genesis-site
10
+  layeringDefinition:
11
+    abstract: false
12
+    layer: site
13
+    parentSelector:
14
+      name: genesis-global
15
+    actions:
16
+      - method: merge
17
+        path: .
18
+  storagePolicy: cleartext
19
+data:
20
+  labels:
21
+    dynamic:
22
+      - beta.kubernetes.io/fluentd-ds-ready=true
23
+      - calico-etcd=enabled
24
+      - ceph-mds=enabled
25
+      - ceph-mon=enabled
26
+      - ceph-osd=enabled
27
+      - ceph-rgw=enabled
28
+      - ceph-mgr=enabled
29
+      - ceph-bootstrap=enabled
30
+      - tenant-ceph-control-plane=enabled
31
+      - tenant-ceph-mon=enabled
32
+      - tenant-ceph-rgw=enabled
33
+      - tenant-ceph-mgr=enabled
34
+      - kube-dns=enabled
35
+      - kube-ingress=enabled
36
+      - kubernetes-apiserver=enabled
37
+      - kubernetes-controller-manager=enabled
38
+      - kubernetes-etcd=enabled
39
+      - kubernetes-scheduler=enabled
40
+      - promenade-genesis=enabled
41
+      - ucp-control-plane=enabled
42
+      - maas-rack=enabled
43
+      - maas-region=enabled
44
+      - ceph-osd-bootstrap=enabled
45
+      - openstack-control-plane=enabled
46
+      - openvswitch=enabled
47
+      - openstack-l3-agent=enabled
48
+      - node-exporter=enabled
49
+      - fluentd=enabled
50
+...

+ 23
- 0
site/seaworthy-virt/profiles/hardware/generic_vm.yaml View File

@@ -0,0 +1,23 @@
1
+---
2
+schema: 'drydock/HardwareProfile/v1'
3
+metadata:
4
+  schema: 'metadata/Document/v1'
5
+  name: GenericVM
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data:
11
+  vendor: 'Dell'
12
+  generation: '1'
13
+  hw_version: '2'
14
+  bios_version: '2.2.3'
15
+  boot_mode: 'bios'
16
+  bootstrap_protocol: 'pxe'
17
+  pxe_interface: 0
18
+  device_aliases:
19
+    pnic01:
20
+      bus_type: 'pci'
21
+      dev_type: 'Intel 10Gbps NIC'
22
+      address: '0000:00:03.0'
23
+...

+ 173
- 0
site/seaworthy-virt/profiles/host/gate-vm-cp.yaml View File

@@ -0,0 +1,173 @@
1
+---
2
+schema: drydock/HostProfile/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: cp-global
6
+  replacement: true
7
+  layeringDefinition:
8
+    abstract: false
9
+    layer: site
10
+    parentSelector:
11
+      hosttype: cp-global
12
+    actions:
13
+      - method: replace
14
+        path: .storage
15
+      - method: replace
16
+        path: .interfaces
17
+      - method: replace
18
+        path: .platform.kernel_params
19
+      - method: merge
20
+        path: .
21
+  storagePolicy: cleartext
22
+data:
23
+  hardware_profile: 'GenericVM'
24
+  primary_network: 'gp'
25
+  oob:
26
+    type: 'libvirt'
27
+    libvirt_uri: 'qemu+ssh://virtmgr@172.24.1.1/system'
28
+  storage:
29
+    physical_devices:
30
+      vda:
31
+        labels:
32
+          bootdrive: 'true'
33
+        partitions:
34
+          - name: 'root'
35
+            size: '20g'
36
+            bootable: true
37
+            filesystem:
38
+              mountpoint: '/'
39
+              fstype: 'ext4'
40
+              mount_options: 'defaults'
41
+          - name: 'boot'
42
+            size: '1g'
43
+            filesystem:
44
+              mountpoint: '/boot'
45
+              fstype: 'ext4'
46
+              mount_options: 'defaults'
47
+  interfaces:
48
+    ens3:
49
+      device_link: 'gp'
50
+      slaves:
51
+        - 'ens3'
52
+      networks:
53
+        - 'gp'
54
+  platform:
55
+    kernel_params:
56
+      kernel_package: 'linux-image-4.15.0-34-generic'
57
+...
58
+---
59
+schema: drydock/HostProfile/v1
60
+metadata:
61
+  schema: metadata/Document/v1
62
+  name: cp-secondary
63
+  layeringDefinition:
64
+    abstract: false
65
+    layer: site
66
+    parentSelector:
67
+      hosttype: cp-global
68
+    actions:
69
+      - method: replace
70
+        path: .storage
71
+      - method: replace
72
+        path: .interfaces
73
+      - method: replace
74
+        path: .platform.kernel_params
75
+      - method: merge
76
+        path: .
77
+  storagePolicy: cleartext
78
+data:
79
+  hardware_profile: 'GenericVM'
80
+  primary_network: 'gp'
81
+  oob:
82
+    type: 'libvirt'
83
+    libvirt_uri: 'qemu+ssh://virtmgr@172.24.1.1/system'
84
+  storage:
85
+    physical_devices:
86
+      vda:
87
+        labels:
88
+          bootdrive: 'true'
89
+        partitions:
90
+          - name: 'root'
91
+            size: '20g'
92
+            bootable: true
93
+            filesystem:
94
+              mountpoint: '/'
95
+              fstype: 'ext4'
96
+              mount_options: 'defaults'
97
+          - name: 'boot'
98
+            size: '1g'
99
+            filesystem:
100
+              mountpoint: '/boot'
101
+              fstype: 'ext4'
102
+              mount_options: 'defaults'
103
+  interfaces:
104
+    ens3:
105
+      device_link: 'gp'
106
+      slaves:
107
+        - 'ens3'
108
+      networks:
109
+        - 'gp'
110
+  platform:
111
+    kernel_params:
112
+      kernel_package: 'linux-image-4.15.0-34-generic'
113
+
114
+  metadata:
115
+    owner_data:
116
+      control-plane: enabled
117
+      ucp-control-plane: enabled
118
+      openstack-control-plane: enabled
119
+      openstack-heat: enabled
120
+      openstack-keystone: enabled
121
+      openstack-rabbitmq: enabled
122
+      openstack-dns-helper: enabled
123
+      openstack-mariadb: enabled
124
+      openstack-nova-control: enabled
125
+      # openstack-etcd: enabled
126
+      openstack-mistral: enabled
127
+      openstack-memcached: enabled
128
+      openstack-glance: enabled
129
+      openstack-horizon: enabled
130
+      openstack-cinder-control: enabled
131
+      openstack-cinder-volume: control
132
+      openstack-neutron: enabled
133
+      openvswitch: enabled
134
+      ucp-barbican: enabled
135
+      # ceph-mon: enabled
136
+      ceph-mgr: enabled
137
+      ceph-osd: enabled
138
+      ceph-mds: enabled
139
+      ceph-rgw: enabled
140
+      ucp-maas: enabled
141
+      kube-dns: enabled
142
+      tenant-ceph-control-plane: enabled
143
+      # tenant-ceph-mon: enabled
144
+      tenant-ceph-rgw: enabled
145
+      tenant-ceph-mgr: enabled
146
+      kubernetes-apiserver: enabled
147
+      kubernetes-controller-manager: enabled
148
+      # kubernetes-etcd: enabled
149
+      kubernetes-scheduler: enabled
150
+      tiller-helm: enabled
151
+      # kube-etcd: enabled
152
+      calico-policy: enabled
153
+      calico-node: enabled
154
+      # calico-etcd: enabled
155
+      ucp-armada: enabled
156
+      ucp-drydock: enabled
157
+      ucp-deckhand: enabled
158
+      ucp-shipyard: enabled
159
+      IAM: enabled
160
+      ucp-promenade: enabled
161
+      prometheus-server: enabled
162
+      prometheus-client: enabled
163
+      fluentd: enabled
164
+      influxdb: enabled
165
+      kibana: enabled
166
+      elasticsearch-client: enabled
167
+      elasticsearch-master: enabled
168
+      elasticsearch-data: enabled
169
+      postgresql: enabled
170
+      kube-ingress: enabled
171
+      beta.kubernetes.io/fluentd-ds-ready: 'true'
172
+      node-exporter: enabled
173
+...

+ 58
- 0
site/seaworthy-virt/profiles/host/gate-vm-dp.yaml View File

@@ -0,0 +1,58 @@
1
+---
2
+schema: 'drydock/HostProfile/v1'
3
+metadata:
4
+  name: gate-vm-dp
5
+  schema: 'metadata/Document/v1'
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data:
11
+  hardware_profile: 'GenericVM'
12
+  primary_network: 'gp'
13
+  oob:
14
+    type: 'libvirt'
15
+    libvirt_uri: 'qemu+ssh://virtmgr@172.24.1.1/system'
16
+  storage:
17
+    physical_devices:
18
+      vda:
19
+        labels:
20
+          bootdrive: 'true'
21
+        partitions:
22
+          - name: 'root'
23
+            size: '20g'
24
+            bootable: true
25
+            filesystem:
26
+              mountpoint: '/'
27
+              fstype: 'ext4'
28
+              mount_options: 'defaults'
29
+          - name: 'boot'
30
+            size: '1g'
31
+            filesystem:
32
+              mountpoint: '/boot'
33
+              fstype: 'ext4'
34
+              mount_options: 'defaults'
35
+  interfaces:
36
+    ens3:
37
+      device_link: 'gp'
38
+      slaves:
39
+        - 'ens3'
40
+      networks:
41
+        - 'gp'
42
+  platform:
43
+    image: 'xenial'
44
+    kernel: 'hwe-16.04'
45
+  metadata:
46
+    tags:
47
+      - 'foo'
48
+    owner_data:
49
+      openstack-nova-compute: enabled
50
+      openvswitch: enabled
51
+      # sriov: enabled
52
+      contrail-vrouter: kernel
53
+      openstack-libvirt: kernel
54
+      beta.kubernetes.io/fluentd-ds-ready: 'true'
55
+      node-exporter: enabled
56
+      fluentbit: enabled
57
+      tenant-ceph-osd: enabled
58
+...

+ 37
- 0
site/seaworthy-virt/profiles/region.yaml View File

@@ -0,0 +1,37 @@
1
+---
2
+# The purpose of this file is to define the drydock Region, which in turn drives
3
+# the MaaS region.
4
+schema: 'drydock/Region/v1'
5
+metadata:
6
+  schema: 'metadata/Document/v1'
7
+  name: seaworthy-virt
8
+  layeringDefinition:
9
+    abstract: false
10
+    layer: site
11
+  storagePolicy: cleartext
12
+  substitutions:
13
+    - dest:
14
+        # Add/replace the first item in the list
15
+        path: .authorized_keys[0]
16
+      src:
17
+        schema: deckhand/PublicKey/v1
18
+        # This should match the "name" metadata of the SSH key which will be
19
+        # substituted, located in site/airship-seaworthy/secrets folder.
20
+        name: airship_ubuntu_ssh_public_key
21
+        path: .
22
+    - dest:
23
+        path: .repositories.main_archive
24
+      src:
25
+        schema: pegleg/SoftwareVersions/v1
26
+        name: software-versions
27
+        path: .packages.repositories.main_archive
28
+data:
29
+  tag_definitions: []
30
+  # This is the list of SSH keys which MaaS will register for the built-in
31
+  # "ubuntu" account during the PXE process. This list is populated by
32
+  # substitution, so the same SSH keys do not need to be repeated in multiple
33
+  # manifests.
34
+  authorized_keys: []
35
+  repositories:
36
+    remove_unlisted: true
37
+...

+ 2784
- 0
site/seaworthy-virt/secrets/certificates/certificates.yaml
File diff suppressed because it is too large
View File


+ 38
- 0
site/seaworthy-virt/secrets/passphrases/airship_drydock_kvm_ssh_key.yaml View File

@@ -0,0 +1,38 @@
1
+---
2
+schema: deckhand/CertificateKey/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: airship_drydock_kvm_ssh_key
6
+  layeringDefinition:
7
+    layer: site
8
+    abstract: false
9
+  storagePolicy: cleartext
10
+data: |-
11
+  -----BEGIN RSA PRIVATE KEY-----
12
+  MIIEpAIBAAKCAQEA6gVNOBV7zP2yeZF4P+pcei6VrRW5Qy0pzFNl4Xx6JGyM8LUP
13
+  yH11pPTokQ7G4JRowzn9tsq21b10gStFLyysOogXJlKCHeR0Bu1MfQYzxshyRgCM
14
+  dTc9H+4hhLnbPfazV+wUqgV02smsIy0x28DCiHUGXnledAsRPXFcT2d+ujPYoE7u
15
+  M6WDrRhGwMBM9s6iZ2aYcwDjN8SgliaeLEd6xrk/AHjsvEHQKVCqe24PxiwXbu9q
16
+  8PMbUOHfd/OrK+ir+uzh06ZVywifPB6btP3BxBRNLVcSwGgUnPQWg/+q+vi6urlp
17
+  b66lxQ658gzltzFWHyOl/rQSMP1/rH3M1NhibwIDAQABAoIBAA1VW/70Cme1lLOk
18
+  fCt4GOjFOrXv5OxU6GrB3a4pP3RP0v/r8QhFTaymX5HUO7SUABwPc8s0ZZJsBvVN
19
+  F9YGP5HeKyN90/gMCihS4ObGsbCDvy8J3PbYvNzS3ooHZNx07+b0hoDharUEhJBE
20
+  hPC2XN8Ve9VqKN2Hu+W6Tb4gcXH+YlHEeULaeerZRmAflKxnspvYIkVzP5vV540h
21
+  qiP5LH5dTuHaJBiQcrCP9dbFzjPCqueFohHKOQI6wSbI9QbcuQvD7pxHoxPaf8B/
22
+  V68fYaZoTGuVzhUuRsKTmseaFac4/bgmCQI8j2fDnWWA7EUANhH2ldIwEwBoPiF+
23
+  nldqQbECgYEA/mcP2XQ98KIOLRRyWYMxPW/MjKRe1aefcll1Iitilt67mBwPUSvN
24
+  KB/JTLoN838Vdv/oPQiZrtTYiEsbcj3YHa+kjI62veSFXTeghMKgn4HqQ1FdHOIW
25
+  Ku+lXj6hSVUdyqC1r8vDDvoludFep+s+M0w/7tcSjlqlZHkpFgEL0uMCgYEA6316
26
+  G8luptWeYOD2AOPjqqecXoSfPO6EG8rNO3IQUyQP8LgwtQUbK1PNZ/0u9IsKGnTA
27
+  CvtjhAmyLPlq87KSjOOw7br6VSih/9uxfx/zf+y+NOwkFBqgn2/9lwFvkoJvPELk
28
+  hRr39Ej9NuX42W5m7XkINCddJgPrVaGF0FQ87AUCgYEAuM03Fzi4se+Wqqqasml5
29
+  wG5RQa05cqzUR6WyUAMCGCRuU322prlRy57jhMf20HX1qr8U/hkcQoM9VCxzIJbK
30
+  Qi5QMwaMuv6g3mlFQot7UMN34DTfldaqUcBJ+V83nGSnQoVh1fUHmf6enw/3WbWq
31
+  NmtiWeaEBULVuFnHPcO+yg8CgYEAqYha+VgpxgfyDlLGJ9voUjp6k30s2oPoLc3x
32
+  tIMoh4Jly2n+/sMfTTD2po+aV0kly+gTPZS/jxYf5MrnGWyMnsto260JfXdUMUur
33
+  XBbXiVgZkyYRzztgOYg5a5YICdTHWf3aYI0Kxx4o1XX4kiguB3Zj1pAkOjMGIE65
34
+  dELA3TUCgYAoRt2+LINxTn2dqU9sHv+oAqN9WY3AGLc8MgAG2sEyD6u6a4ji6LJA
35
+  5W48boUeUAieiyHdLqpnxZbgsndFXGoOGy3w7k511mGVT8R37uzqoW8en+l/B3aC
36
+  m6GnweW01V+kv0FiSLsMfNZmYQeCQRNYn/LdSBAjsrmg8c88z0Af6g==
37
+  -----END RSA PRIVATE KEY-----
38
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/airship_ubuntu_ssh_public_key.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/PublicKey/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: airship_ubuntu_ssh_public_key
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqBU04FXvM/bJ5kXg/6lx6LpWtFblDLSnMU2XhfHokbIzwtQ/IfXWk9OiRDsbglGjDOf22yrbVvXSBK0UvLKw6iBcmUoId5HQG7Ux9BjPGyHJGAIx1Nz0f7iGEuds99rNX7BSqBXTayawjLTHbwMKIdQZeeV50CxE9cVxPZ366M9igTu4zpYOtGEbAwEz2zqJnZphzAOM3xKCWJp4sR3rGuT8AeOy8QdApUKp7bg/GLBdu72rw8xtQ4d9386sr6Kv67OHTplXLCJ88Hpu0/cHEFE0tVxLAaBSc9BaD/6r6+Lq6uWlvrqXFDrnyDOW3MVYfI6X+tBIw/X+sfczU2GJv ubuntu@multinode
11
+...

+ 12
- 0
site/seaworthy-virt/secrets/passphrases/apiserver-encryption-key-key1.yaml View File

@@ -0,0 +1,12 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: apiserver-encryption-key-key1
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+# head -c 32 /dev/urandom | base64
11
+data: ShMq3FztlkBMTDMKmKBv9Nq0Rk6h5hGWwZTyUnYjxlM=
12
+...

+ 12
- 0
site/seaworthy-virt/secrets/passphrases/ceph_fsid.yaml View File

@@ -0,0 +1,12 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ceph_fsid
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+# uuidgen
11
+data: 7b7576f4-3358-4668-9112-100440079807
12
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ceph_swift_keystone_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ceph_swift_keystone_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 13
- 0
site/seaworthy-virt/secrets/passphrases/ipmi_admin_password.yaml View File

@@ -0,0 +1,13 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ipmi_admin_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  labels:
10
+    name: ipmi-admin-password-site
11
+  storagePolicy: cleartext
12
+data: password123
13
+...

+ 12
- 0
site/seaworthy-virt/secrets/passphrases/maas-region-key.yaml View File

@@ -0,0 +1,12 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: maas-region-key
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+# openssl rand -hex 10
11
+data: 9026f6048d6a017dc913
12
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_barbican_oslo_db_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_barbican_oslo_messaging_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_barbican_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_barbican_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_cinder_oslo_db_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_cinder_oslo_messaging_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_cinder_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_cinder_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_glance_oslo_db_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_glance_oslo_messaging_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_glance_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_glance_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_heat_oslo_db_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_heat_oslo_messaging_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_heat_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_heat_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_heat_stack_user_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_heat_stack_user_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_heat_trustee_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_heat_trustee_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_horizon_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_horizon_oslo_db_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_infra_elasticsearch_admin_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_admin_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_infra_grafana_admin_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_infra_grafana_oslo_db_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_infra_grafana_oslo_db_session_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_nagios_admin_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_infra_nagios_admin_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_openstack_exporter_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_infra_openstack_exporter_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_infra_oslo_db_admin_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_infra_oslo_db_exporter_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_prometheus_admin_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_infra_prometheus_admin_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_infra_rgw_s3_admin_access_key
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: admin_access_key
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_infra_rgw_s3_admin_secret_key
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: admin_secret_key
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_infra_rgw_s3_elasticsearch_access_key
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: elastic_access_key
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_infra_rgw_s3_elasticsearch_secret_key
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: elastic_secret_key
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_keystone_admin_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_keystone_admin_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_keystone_ldap_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_keystone_ldap_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_keystone_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_keystone_oslo_db_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_keystone_oslo_messaging_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_neutron_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_neutron_oslo_db_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_neutron_oslo_messaging_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_neutron_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_neutron_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_nova_metadata_proxy_shared_secret
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_nova_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_nova_oslo_db_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_nova_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_nova_oslo_messaging_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_nova_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_nova_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_oslo_cache_secret_key.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_oslo_cache_secret_key
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_oslo_db_admin_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_oslo_db_admin_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_oslo_db_exporter_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_oslo_db_exporter_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_oslo_messaging_admin_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_oslo_messaging_admin_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_placement_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_placement_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_rabbitmq_erlang_cookie
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_tempest_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: osh_tempest_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 12
- 0
site/seaworthy-virt/secrets/passphrases/tenant_ceph_fsid.yaml View File

@@ -0,0 +1,12 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: tenant_ceph_fsid
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+# uuidgen
11
+data: 29d8953d-0bb6-4ba1-a48a-f9be1c0937a9
12
+...

+ 12
- 0
site/seaworthy-virt/secrets/passphrases/ubuntu_crypt_password.yaml View File

@@ -0,0 +1,12 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ubuntu_crypt_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+# Pass: password123
11
+data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1
12
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ucp_airflow_oslo_messaging_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_airflow_postgres_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ucp_airflow_postgres_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_armada_keystone_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ucp_armada_keystone_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_barbican_keystone_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ucp_barbican_keystone_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_barbican_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ucp_barbican_oslo_db_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_deckhand_keystone_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ucp_deckhand_keystone_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_deckhand_postgres_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ucp_deckhand_postgres_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_drydock_keystone_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ucp_drydock_keystone_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_drydock_postgres_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ucp_drydock_postgres_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_keystone_admin_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ucp_keystone_admin_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_keystone_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ucp_keystone_oslo_db_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_maas_admin_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ucp_maas_admin_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_maas_postgres_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ucp_maas_postgres_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ucp_openstack_exporter_keystone_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_oslo_db_admin_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ucp_oslo_db_admin_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ucp_oslo_messaging_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_postgres_admin_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ucp_postgres_admin_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_postgres_exporter_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ucp_postgres_exporter_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_postgres_replication_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ucp_postgres_replication_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_promenade_keystone_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ucp_promenade_keystone_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ucp_rabbitmq_erlang_cookie
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_shipyard_keystone_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ucp_shipyard_keystone_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_shipyard_postgres_password.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+schema: deckhand/Passphrase/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  name: ucp_shipyard_postgres_password
6
+  layeringDefinition:
7
+    abstract: false
8
+    layer: site
9
+  storagePolicy: cleartext
10
+data: password123
11
+...

+ 12
- 0
site/seaworthy-virt/site-definition.yaml View File

@@ -0,0 +1,12 @@
1
+---
2
+schema: pegleg/SiteDefinition/v1
3
+metadata:
4
+  schema: metadata/Document/v1
5
+  layeringDefinition:
6
+    abstract: false
7
+    layer: site
8
+  name: seaworthy-virt
9
+  storagePolicy: cleartext
10
+data:
11
+  site_type: foundry
12
+...

+ 160
- 0
site/seaworthy-virt/software/charts/kubernetes/container-networking/calico.yaml View File

@@ -0,0 +1,160 @@
1
+---
2
+# This is a copy-n-paste
3
+# from globals as this document must layer from type
4
+# so it can replace type, but really wants the content
5
+# from global. Refactor after the gate emulates fabric
6
+# BGP peering
7
+schema: armada/Chart/v1
8
+metadata:
9
+  schema: metadata/Document/v1
10
+  name: kubernetes-calico
11
+  replacement: true
12
+  layeringDefinition:
13
+    abstract: false
14
+    layer: site
15
+    parentSelector:
16
+      name: kubernetes-calico-global
17
+    actions:
18
+      - method: replace
19
+        path: .
20
+  storagePolicy: cleartext
21
+  substitutions:
22
+    # Chart source
23
+    - src:
24
+        schema: pegleg/SoftwareVersions/v1
25
+        name: software-versions
26
+        path: .charts.kubernetes.calico.calico
27
+      dest:
28
+        path: .source
29
+    # Image versions
30
+    - src:
31
+        schema: pegleg/SoftwareVersions/v1
32
+        name: software-versions
33
+        path: .images.calico.calico
34
+      dest:
35
+        path: .values.images.tags
36
+    # IP addresses
37
+    - src:
38
+        schema: pegleg/CommonAddresses/v1
39
+        name: common-addresses
40
+        path: .calico.etcd.service_ip
41
+      dest:
42
+        path: .values.endpoints.etcd.host_fqdn_override.default
43
+    - src:
44
+        schema: pegleg/CommonAddresses/v1
45
+        name: common-addresses
46
+        path: .kubernetes.pod_cidr
47
+      dest:
48
+        path: .values.networking.podSubnet
49
+    - src:
50
+        schema: pegleg/CommonAddresses/v1
51
+        name: common-addresses
52
+        path: .kubernetes.api_service_ip
53
+      dest:
54
+        path: .values.conf.controllers.K8S_API
55
+        pattern: SUB_KUBERNETES_IP
56
+
57
+    # Other site-specific configuration
58
+    - src:
59
+        schema: pegleg/CommonAddresses/v1
60
+        name: common-addresses
61
+        path: .calico.ip_autodetection_method
62
+      dest:
63
+        path: .values.conf.node.IP_AUTODETECTION_METHOD
64
+
65
+    # Certificates
66
+    - src:
67
+        schema: deckhand/CertificateAuthority/v1
68
+        name: calico-etcd
69
+        path: .
70
+      dest:
71
+        path: .values.endpoints.etcd.auth.client.tls.ca
72
+    - src:
73
+        schema: deckhand/Certificate/v1
74
+        name: calico-node
75
+        path: .
76
+      dest:
77
+        path: .values.endpoints.etcd.auth.client.tls.crt
78
+    - src:
79
+        schema: deckhand/CertificateKey/v1
80
+        name: calico-node
81
+        path: .
82
+      dest:
83
+        path: .values.endpoints.etcd.auth.client.tls.key
84
+data:
85
+  chart_name: calico
86
+  release: kubernetes-calico
87
+  namespace: kube-system
88
+  protected:
89
+    continue_processing: true
90
+  wait:
91
+    timeout: 1800
92
+    labels:
93
+      release_group: airship-kubernetes-calico
94
+  upgrade:
95
+    no_hooks: false
96
+    pre:
97
+      delete:
98
+        - type: job
99
+          labels:
100
+            release_group: airship-kubernetes-calico
101
+  values:
102
+    conf:
103
+      cni_network_config:
104
+        name: k8s-pod-network
105
+        cniVersion: 0.3.0
106
+        plugins:
107
+          - type: calico
108
+            etcd_endpoints: __ETCD_ENDPOINTS__
109
+            etcd_ca_cert_file: /etc/calico/pki/ca
110
+            etcd_cert_file: /etc/calico/pki/crt
111
+            etcd_key_file: /etc/calico/pki/key
112
+            log_level: info
113
+            mtu: 1500
114
+            ipam:
115
+              type: calico-ipam
116
+            policy:
117
+              type: k8s
118
+            kubernetes:
119
+              kubeconfig: __KUBECONFIG_FILEPATH__
120
+          - type: portmap
121
+            snat: true
122
+            capabilities:
123
+              portMappings: true
124
+
125
+      controllers:
126
+        K8S_API: "https://SUB_KUBERNETES_IP:443"
127
+
128
+      node:
129
+        CALICO_STARTUP_LOGLEVEL: INFO
130
+        CLUSTER_TYPE: "k8s,bgp"
131
+        ETCD_CA_CERT_FILE: /etc/calico/pki/ca
132
+        ETCD_CERT_FILE: /etc/calico/pki/crt
133
+        ETCD_KEY_FILE: /etc/calico/pki/key
134
+        WAIT_FOR_STORAGE: "true"
135
+
136
+    endpoints:
137
+      etcd:
138
+        hosts:
139
+          default: calico-etcd
140
+        scheme:
141
+          default: https
142
+
143
+    networking:
144
+      settings:
145
+        mesh: "on"
146
+        ippool:
147
+          ipip:
148
+            enabled: "true"
149
+            mode: "Always"
150
+          nat_outgoing: "true"
151
+          disabled: "false"
152
+
153
+    manifests:
154
+      daemonset_calico_etcd: false
155
+      job_image_repo_sync: false
156
+      pod_calicoctl: false
157
+      service_calico_etcd: false
158
+  dependencies:
159
+    - calico-htk
160
+...

+ 153
- 0
site/seaworthy-virt/software/charts/kubernetes/container-networking/etcd.yaml View File

@@ -0,0 +1,153 @@
1
+---
2
+# The purpose of this file is to build the list of calico etcd nodes and the
3
+# calico etcd certs for those nodes in the environment.
4
+schema: armada/Chart/v1
5
+metadata:
6
+  schema: metadata/Document/v1
7
+  name: kubernetes-calico-etcd
8
+  layeringDefinition:
9
+    abstract: false
10
+    layer: site
11
+    parentSelector:
12
+      name: kubernetes-calico-etcd-global
13
+    actions:
14
+      - method: merge
15
+        path: .
16
+  storagePolicy: cleartext
17
+  substitutions:
18
+    # Generate a list of control plane nodes (i.e. genesis node + master node
19
+    # list) on which calico etcd will run and will need certs. It is assumed
20
+    # that Airship sites will have 4 control plane nodes, so this should not need to
21
+    # change for a new site.
22
+    - src:
23
+        schema: pegleg/CommonAddresses/v1
24
+        name: common-addresses
25
+        path: .genesis.hostname
26
+      dest:
27
+        path: .values.nodes[0].name
28
+    - src:
29
+        schema: pegleg/CommonAddresses/v1
30
+        name: common-addresses
31
+        path: .masters[0].hostname
32
+      dest:
33
+        path: .values.nodes[1].name
34
+    - src:
35
+        schema: pegleg/CommonAddresses/v1
36
+        name: common-addresses
37
+        path: .masters[1].hostname
38
+      dest:
39
+        path: .values.nodes[2].name
40
+    - src:
41
+        schema: pegleg/CommonAddresses/v1
42
+        name: common-addresses
43
+        path: .masters[2].hostname
44
+      dest:
45
+        path: .values.nodes[3].name
46
+
47
+    # Certificate substitutions for the node names assembled on the above list.
48
+    # Genesis hostname - n0
49
+    - src:
50
+        schema: deckhand/Certificate/v1
51
+        name: calico-etcd-n0
52
+        path: .
53
+      dest:
54
+        path: .values.nodes[0].tls.client.cert
55
+    - src:
56
+        schema: deckhand/CertificateKey/v1
57
+        name: calico-etcd-n0
58
+        path: .
59
+      dest:
60
+        path: .values.nodes[0].tls.client.key
61
+    - src:
62
+        schema: deckhand/Certificate/v1
63
+        name: calico-etcd-n0-peer
64
+        path: .
65
+      dest:
66
+        path: .values.nodes[0].tls.peer.cert
67
+    - src:
68
+        schema: deckhand/CertificateKey/v1
69
+        name: calico-etcd-n0-peer
70
+        path: .
71
+      dest:
72
+        path: .values.nodes[0].tls.peer.key
73
+
74
+    # master node 1 hostname - n1
75
+    - src:
76
+        schema: deckhand/Certificate/v1
77
+        name: calico-etcd-n1
78
+        path: .
79
+      dest:
80
+        path: .values.nodes[1].tls.client.cert
81
+    - src:
82
+        schema: deckhand/CertificateKey/v1
83
+        name: calico-etcd-n1
84
+        path: .
85
+      dest:
86
+        path: .values.nodes[1].tls.client.key
87
+    - src:
88
+        schema: deckhand/Certificate/v1
89
+        name: calico-etcd-n1-peer
90
+        path: .
91
+      dest:
92
+        path: .values.nodes[1].tls.peer.cert
93
+    - src:
94
+        schema: deckhand/CertificateKey/v1
95
+        name: calico-etcd-n1-peer
96
+        path: .
97
+      dest:
98
+        path: .values.nodes[1].tls.peer.key
99
+