Browse Source

Add new seaworthy-virt site

This site is created in order to utilize the multinode development
environment alongside the global and type manifests in Treasure map.

To accomplish this, the new seaworthy-virt site is a copy of the
airship-seaworthy site but with as many overrides and removed
pieces as necessary.

Change-Id: I6d19e1cf019c5d03f42343ab3c72971172879e4d
tags/v1.4
Michael Beaver 7 months ago
parent
commit
22408cbeb5
100 changed files with 5245 additions and 0 deletions
  1. +21
    -0
      .zuul.yaml
  2. +1
    -0
      global/baremetal/bootactions/promjoin.yaml
  3. +49
    -0
      site/seaworthy-virt/baremetal/bootactions/promjoin.yaml
  4. +58
    -0
      site/seaworthy-virt/baremetal/nodes.yaml
  5. +41
    -0
      site/seaworthy-virt/deployment/deployment-configuration.yaml
  6. +12
    -0
      site/seaworthy-virt/deployment/dev-configurables.yaml
  7. +132
    -0
      site/seaworthy-virt/networks/common-addresses.yaml
  8. +44
    -0
      site/seaworthy-virt/networks/physical/networks.yaml
  9. +72
    -0
      site/seaworthy-virt/networks/physical/unused_networks.yaml
  10. +279
    -0
      site/seaworthy-virt/pki/pki-catalog.yaml
  11. +50
    -0
      site/seaworthy-virt/profiles/genesis.yaml
  12. +23
    -0
      site/seaworthy-virt/profiles/hardware/generic_vm.yaml
  13. +173
    -0
      site/seaworthy-virt/profiles/host/gate-vm-cp.yaml
  14. +58
    -0
      site/seaworthy-virt/profiles/host/gate-vm-dp.yaml
  15. +37
    -0
      site/seaworthy-virt/profiles/region.yaml
  16. +2784
    -0
      site/seaworthy-virt/secrets/certificates/certificates.yaml
  17. +38
    -0
      site/seaworthy-virt/secrets/passphrases/airship_drydock_kvm_ssh_key.yaml
  18. +11
    -0
      site/seaworthy-virt/secrets/passphrases/airship_ubuntu_ssh_public_key.yaml
  19. +12
    -0
      site/seaworthy-virt/secrets/passphrases/apiserver-encryption-key-key1.yaml
  20. +12
    -0
      site/seaworthy-virt/secrets/passphrases/ceph_fsid.yaml
  21. +11
    -0
      site/seaworthy-virt/secrets/passphrases/ceph_swift_keystone_password.yaml
  22. +13
    -0
      site/seaworthy-virt/secrets/passphrases/ipmi_admin_password.yaml
  23. +12
    -0
      site/seaworthy-virt/secrets/passphrases/maas-region-key.yaml
  24. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_db_password.yaml
  25. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
  26. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_barbican_password.yaml
  27. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_db_password.yaml
  28. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
  29. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_cinder_password.yaml
  30. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_db_password.yaml
  31. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
  32. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_glance_password.yaml
  33. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_db_password.yaml
  34. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
  35. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_heat_password.yaml
  36. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_heat_stack_user_password.yaml
  37. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_heat_trustee_password.yaml
  38. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_horizon_oslo_db_password.yaml
  39. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
  40. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_admin_password.yaml
  41. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
  42. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
  43. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_infra_nagios_admin_password.yaml
  44. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
  45. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
  46. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
  47. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
  48. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
  49. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
  50. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
  51. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
  52. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_keystone_admin_password.yaml
  53. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_keystone_ldap_password.yaml
  54. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_keystone_oslo_db_password.yaml
  55. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
  56. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_neutron_oslo_db_password.yaml
  57. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
  58. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_neutron_password.yaml
  59. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
  60. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_nova_oslo_db_password.yaml
  61. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
  62. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_nova_password.yaml
  63. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_oslo_cache_secret_key.yaml
  64. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_oslo_db_admin_password.yaml
  65. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_oslo_db_exporter_password.yaml
  66. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_oslo_messaging_admin_password.yaml
  67. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_placement_password.yaml
  68. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml
  69. +11
    -0
      site/seaworthy-virt/secrets/passphrases/osh_tempest_password.yaml
  70. +12
    -0
      site/seaworthy-virt/secrets/passphrases/tenant_ceph_fsid.yaml
  71. +12
    -0
      site/seaworthy-virt/secrets/passphrases/ubuntu_crypt_password.yaml
  72. +11
    -0
      site/seaworthy-virt/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
  73. +11
    -0
      site/seaworthy-virt/secrets/passphrases/ucp_airflow_postgres_password.yaml
  74. +11
    -0
      site/seaworthy-virt/secrets/passphrases/ucp_armada_keystone_password.yaml
  75. +11
    -0
      site/seaworthy-virt/secrets/passphrases/ucp_barbican_keystone_password.yaml
  76. +11
    -0
      site/seaworthy-virt/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
  77. +11
    -0
      site/seaworthy-virt/secrets/passphrases/ucp_deckhand_keystone_password.yaml
  78. +11
    -0
      site/seaworthy-virt/secrets/passphrases/ucp_deckhand_postgres_password.yaml
  79. +11
    -0
      site/seaworthy-virt/secrets/passphrases/ucp_drydock_keystone_password.yaml
  80. +11
    -0
      site/seaworthy-virt/secrets/passphrases/ucp_drydock_postgres_password.yaml
  81. +11
    -0
      site/seaworthy-virt/secrets/passphrases/ucp_keystone_admin_password.yaml
  82. +11
    -0
      site/seaworthy-virt/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
  83. +11
    -0
      site/seaworthy-virt/secrets/passphrases/ucp_maas_admin_password.yaml
  84. +11
    -0
      site/seaworthy-virt/secrets/passphrases/ucp_maas_postgres_password.yaml
  85. +11
    -0
      site/seaworthy-virt/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
  86. +11
    -0
      site/seaworthy-virt/secrets/passphrases/ucp_oslo_db_admin_password.yaml
  87. +11
    -0
      site/seaworthy-virt/secrets/passphrases/ucp_oslo_messaging_password.yaml
  88. +11
    -0
      site/seaworthy-virt/secrets/passphrases/ucp_postgres_admin_password.yaml
  89. +11
    -0
      site/seaworthy-virt/secrets/passphrases/ucp_postgres_exporter_password.yaml
  90. +11
    -0
      site/seaworthy-virt/secrets/passphrases/ucp_postgres_replication_password.yaml
  91. +11
    -0
      site/seaworthy-virt/secrets/passphrases/ucp_promenade_keystone_password.yaml
  92. +11
    -0
      site/seaworthy-virt/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
  93. +11
    -0
      site/seaworthy-virt/secrets/passphrases/ucp_shipyard_keystone_password.yaml
  94. +11
    -0
      site/seaworthy-virt/secrets/passphrases/ucp_shipyard_postgres_password.yaml
  95. +12
    -0
      site/seaworthy-virt/site-definition.yaml
  96. +160
    -0
      site/seaworthy-virt/software/charts/kubernetes/container-networking/calico.yaml
  97. +153
    -0
      site/seaworthy-virt/software/charts/kubernetes/container-networking/etcd.yaml
  98. +163
    -0
      site/seaworthy-virt/software/charts/kubernetes/etcd/etcd.yaml
  99. +31
    -0
      site/seaworthy-virt/software/charts/kubernetes/ingress/ingress.yaml
  100. +0
    -0
      site/seaworthy-virt/software/charts/ucp/ceph/ceph-client-update.yaml

+ 21
- 0
.zuul.yaml View File

@@ -19,6 +19,7 @@
check:
jobs:
- treasuremap-seaworthy-site-lint
- treasuremap-seaworthy-virt-site-lint
- treasuremap-airskiff-site-lint
- treasuremap-airsloop-site-lint
- treasuremap-aiab-site-lint
@@ -26,6 +27,7 @@
gate:
jobs:
- treasuremap-seaworthy-site-lint
- treasuremap-seaworthy-virt-site-lint
- treasuremap-airskiff-site-lint
- treasuremap-airsloop-site-lint
- treasuremap-aiab-site-lint
@@ -67,6 +69,22 @@
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- ^site/seaworthy-virt/.*$
- ^site/airskiff/.*$
- ^site/airsloop/.*$
- ^site/aiab/.*$

- job:
name: treasuremap-seaworthy-virt-site-lint
description: |
Lint the seaworthy site using Pegleg.
parent: treasuremap-site-lint
vars:
site: seaworthy-virt
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- ^site/seaworthy/.*$
- ^site/airskiff/.*$
- ^site/airsloop/.*$
- ^site/aiab/.*$
@@ -82,6 +100,7 @@
- ^.*\.rst$
- ^doc/.*$
- ^site/seaworthy/.*$
- ^site/seaworthy-virt/.*$
- ^site/airsloop/.*$
- ^site/aiab/.*$

@@ -96,6 +115,7 @@
- ^.*\.rst$
- ^doc/.*$
- ^site/seaworthy/.*$
- ^site/seaworthy-virt/.*$
- ^site/airskiff/.*$
- ^site/aiab/.*$

@@ -112,6 +132,7 @@
- ^.*\.rst$
- ^doc/.*$
- ^site/seaworthy/.*$
- ^site/seaworthy-virt/.*$
- ^site/airskiff/.*$
- ^site/airsloop/.*$


+ 1
- 0
global/baremetal/bootactions/promjoin.yaml View File

@@ -8,6 +8,7 @@ metadata:
abstract: false
layer: global
labels:
name: promjoin-systemd-unit
application: 'drydock'
data:
signaling: false

+ 49
- 0
site/seaworthy-virt/baremetal/bootactions/promjoin.yaml View File

@@ -0,0 +1,49 @@
---
# This file defines a boot action which is responsible for fetching the node's
# promjoin script from the promenade API. This is the script responsible for
# installing kubernetes on the node and joining the kubernetes cluster.
# #GLOBAL-CANDIDATE#
schema: 'drydock/BootAction/v1'
metadata:
schema: 'metadata/Document/v1'
name: promjoin-systemd-unit
storagePolicy: 'cleartext'
replacement: true
layeringDefinition:
abstract: false
layer: site
parentSelector:
name: promjoin-systemd-unit
actions:
- method: replace
path: .assets
labels:
application: 'drydock'
data:
signaling: false
# TODO(alanmeadows) move what is global about this document
assets:
- path: /opt/promjoin.sh
type: file
permissions: '555'
# The ip= parameter must match the MaaS network name of the network used
# to contact kubernetes. With a standard, reference Airship deployment where
# L2 networks are shared between all racks, the network name (i.e. calico)
# should be correct.
location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}&ip={{ node.network.default.ip }}&domain={{ node.domain }}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %}
location_pipeline:
- template
data_pipeline:
- utf8_decode
- path: /lib/systemd/system/promjoin.service
type: unit
permissions: '600'
data: |-
W1VuaXRdCkRlc2NyaXB0aW9uPVByb21lbmFkZSBJbml0aWFsaXphdGlvbiBTZXJ2aWNlCkFmdGVy
PW5ldHdvcmstb25saW5lLnRhcmdldCBsb2NhbC1mcy50YXJnZXQKQ29uZGl0aW9uUGF0aEV4aXN0
cz0hL3Zhci9saWIvcHJvbS5kb25lCgpbU2VydmljZV0KVHlwZT1zaW1wbGUKRXhlY1N0YXJ0PS9v
cHQvcHJvbWpvaW4uc2gKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldAo=
data_pipeline:
- base64_decode
- utf8_decode
...

+ 58
- 0
site/seaworthy-virt/baremetal/nodes.yaml View File

@@ -0,0 +1,58 @@
---
schema: 'drydock/BaremetalNode/v1'
metadata:
schema: 'metadata/Document/v1'
name: n1
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
host_profile: cp-global
addressing:
- network: gp
address: 172.24.1.11
metadata:
boot_mac: '52:54:00:00:a3:31'
rack: rack1
tags:
- 'masters'
---
schema: 'drydock/BaremetalNode/v1'
metadata:
schema: 'metadata/Document/v1'
name: n2
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
host_profile: cp-global
addressing:
- network: gp
address: 172.24.1.12
metadata:
boot_mac: '52:54:00:1a:95:0d'
rack: rack1
tags:
- 'masters'
---
schema: 'drydock/BaremetalNode/v1'
metadata:
schema: 'metadata/Document/v1'
name: n3
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
host_profile: cp-secondary
addressing:
- network: gp
address: 172.24.1.13
metadata:
boot_mac: '52:54:00:31:c2:36'
rack: rack1
tags:
- 'masters'
...

+ 41
- 0
site/seaworthy-virt/deployment/deployment-configuration.yaml View File

@@ -0,0 +1,41 @@
---
# The purpose of this file is to provide shipyard related deployment config
# parameters. This should not require modification for a new site. However,
# shipyard deployment strategies can be very useful in getting around certain
# failures, like misbehaving nodes that hold up the deployment. See more at
# https://opendev.org/airship/shipyard/src/branch/master/doc/source/site-definition-documents.rst#using-a-deployment-strategy
schema: shipyard/DeploymentConfiguration/v1
metadata:
schema: metadata/Document/v1
name: deployment-configuration
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
physical_provisioner:
deployment_strategy: deployment-strategy
deploy_interval: 30
deploy_timeout: 3600
destroy_interval: 30
destroy_timeout: 900
join_wait: 0
prepare_node_interval: 30
prepare_node_timeout: 1800
prepare_site_interval: 10
prepare_site_timeout: 300
verify_interval: 10
verify_timeout: 60
kubernetes_provisioner:
drain_timeout: 3600
drain_grace_period: 1800
clear_labels_timeout: 1800
remove_etcd_timeout: 1800
etcd_ready_timeout: 600
armada:
get_releases_timeout: 300
get_status_timeout: 300
manifest: 'full-site'
post_apply_timeout: 7200
validate_design_timeout: 600
...

+ 12
- 0
site/seaworthy-virt/deployment/dev-configurables.yaml View File

@@ -0,0 +1,12 @@
---
schema: dev/Configurables/v1
metadata:
schema: metadata/Document/v1
name: dev-configurables
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
hostcidr: 172.24.1.0/24
...

+ 132
- 0
site/seaworthy-virt/networks/common-addresses.yaml View File

@@ -0,0 +1,132 @@
---
# The purpose of this file is to define network related paramters that are
# referenced elsewhere in the manifests for this site.
#
# TODO: Include bare metal host FQDN naming standards
# TODO: Include ingress FQDN naming standards
schema: pegleg/CommonAddresses/v1
metadata:
schema: metadata/Document/v1
name: common-addresses
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
calico:
ip_autodetection_method: 'interface=ens3'
bgp:
ipv4:
ingress_vip: '172.24.1.6/32'
maas_vip: '172.24.1.5/32'
public_service_cidr: 'Nonsense'
peers:
- 'Nonsense'
- 'Nonsense'
ip_rule:
gateway: 'Nonsense'
etcd:
# etcd service IP address
service_ip: 10.96.232.136

dns:
# Kubernetes cluster domain. Do not change. This is internal to the cluster.
cluster_domain: cluster.local
# DNS service ip
service_ip: 10.96.0.10
# List of upstream DNS forwards. Verify you can reach them from your
# environment. If so, you should not need to change them.
upstream_servers:
- 172.24.1.9
- 172.24.1.9
- 172.24.1.9
# Repeat the same values as above, but formatted as a common separated
# string
upstream_servers_joined: 172.24.1.9
ingress_domain: gate.local
node_domain: gate.local

genesis:
hostname: n0
ip: 172.24.1.10

proxy:
http: ""
https: ""
no_proxy: []

bootstrap:
ip: 172.24.1.10

kubernetes:
# K8s API service IP
api_service_ip: 10.96.0.1
# etcd service IP
etcd_service_ip: 10.96.0.2
# k8s pod CIDR (network which pod traffic will traverse)
pod_cidr: 10.97.0.0/16
# k8s service CIDR (network which k8s API traffic will traverse)
service_cidr: 10.96.0.0/16
# misc k8s port settings
apiserver_port: 6443
haproxy_port: 6553
service_node_port_range: 30000-32767

# etcd port settings
etcd:
container_port: 2379
haproxy_port: 2378

masters:
- hostname: n1
- hostname: n2
- hostname: n3

node_ports:
drydock_api: 30000
maas_api: 30001
maas_proxy: 31800 # hardcoded in MAAS

vip:
ingress_vip: '172.24.1.6/32'
maas_vip: '172.24.1.5/32'

ntp:
# comma separated NTP server list. Verify that these upstream NTP servers are
# reachable in your environment; otherwise update them with the correct
# values for your environment.
servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org'

# NOTE: This will be updated soon
ldap:
base_url: 'ldap.example.com'
url: 'ldap://ldap.example.com'
auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
# NEWSITE-CHANGEME: Update to the correct AD group that contains the users
# relevant for this deployment (test users vs prod users/values, etc)
common_name: test
# NEWSITE-CHANGEME: Update to the correct subdomain for your type of
# deployment (test vs prod values, etc)
subdomain: test
# NEWSITE-CHANGEME: Update to the correct domain for your type of
# deployment (test vs prod values, etc)
domain: example

storage:
ceph:
public_cidr: 172.24.1.0/24
cluster_cidr: 172.24.1.0/24

neutron:
tunnel_device: 'ens3'
# bond which the overlay is a member of. Ensure the bond name is consistent
# with the bond assigned to the overlay network in
# networks/physical/networks.yaml
external_iface: 'ens3'

openvswitch:
# bond which the overlay is a member of. Ensure the bond name is consistent
# with the bond assigned to the overlay network in
# networks/physical/networks.yaml
external_iface: 'ens3'
...

+ 44
- 0
site/seaworthy-virt/networks/physical/networks.yaml View File

@@ -0,0 +1,44 @@
---
schema: 'drydock/NetworkLink/v1'
metadata:
schema: 'metadata/Document/v1'
name: gp
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
bonding:
mode: disabled
mtu: 1500
linkspeed: auto
trunking:
mode: disabled
default_network: gp
allowed_networks:
- gp
...
---
schema: 'drydock/Network/v1'
metadata:
schema: 'metadata/Document/v1'
name: gp
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
mtu: 1500
cidr: 172.24.1.0/24
ranges:
- type: dhcp
start: 172.24.1.100
end: 172.24.1.200
routes:
- subnet: 0.0.0.0/0
gateway: 172.24.1.1
metric: 10
dns:
domain: gate.local
servers: '172.24.1.9'
...

+ 72
- 0
site/seaworthy-virt/networks/physical/unused_networks.yaml View File

@@ -0,0 +1,72 @@
---
schema: 'drydock/Network/v1'
metadata:
schema: 'metadata/Document/v1'
name: oob
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
cidr: 192.168.1.0/24
...
---
schema: 'drydock/Network/v1'
metadata:
schema: 'metadata/Document/v1'
name: pxe
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
cidr: 192.168.2.0/24
...
---
schema: 'drydock/Network/v1'
metadata:
schema: 'metadata/Document/v1'
name: oam
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
cidr: 192.168.3.0/24
...
---
schema: 'drydock/Network/v1'
metadata:
schema: 'metadata/Document/v1'
name: storage
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
cidr: 192.168.4.0/24
...
---
schema: 'drydock/Network/v1'
metadata:
schema: 'metadata/Document/v1'
name: calico
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
cidr: 192.168.5.0/24
...
---
schema: 'drydock/Network/v1'
metadata:
schema: 'metadata/Document/v1'
name: overlay
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
cidr: 192.168.6.0/24
...

+ 279
- 0
site/seaworthy-virt/pki/pki-catalog.yaml View File

@@ -0,0 +1,279 @@
---
# The purpose of this file is to define the PKI certificates for the environment
#
# NOTE: When deploying a new site, this file should not be configured until
# baremetal/nodes.yaml is complete.
#
schema: promenade/PKICatalog/v1
metadata:
schema: metadata/Document/v1
name: cluster-certificates
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
certificate_authorities:
kubernetes:
description: CA for Kubernetes components
certificates:
- document_name: apiserver
description: Service certificate for Kubernetes apiserver
common_name: apiserver
hosts:
- localhost
- 127.0.0.1
- 10.96.0.1
kubernetes_service_names:
- kubernetes.default.svc.cluster.local
- document_name: kubelet-genesis
common_name: system:node:n0
hosts:
- n0
- 172.24.1.10
groups:
- system:nodes
- document_name: kubelet-n0
common_name: system:node:n0
hosts:
- n0
- 172.24.1.10
groups:
- system:nodes
- document_name: kubelet-n1
common_name: system:node:n1
hosts:
- n1
- 172.24.1.11
groups:
- system:nodes
- document_name: kubelet-n2
common_name: system:node:n2
hosts:
- n2
- 172.24.1.12
groups:
- system:nodes
- document_name: kubelet-n3
common_name: system:node:n3
hosts:
- n3
- 172.24.1.13
groups:
- system:nodes

# End node list
- document_name: scheduler
description: Service certificate for Kubernetes scheduler
common_name: system:kube-scheduler
- document_name: controller-manager
description: certificate for controller-manager
common_name: system:kube-controller-manager
- document_name: admin
common_name: admin
groups:
- system:masters
- document_name: armada
common_name: armada
groups:
- system:masters
kubernetes-etcd:
description: Certificates for Kubernetes's etcd servers
certificates:
- document_name: apiserver-etcd
description: etcd client certificate for use by Kubernetes apiserver
common_name: apiserver
# NOTE(mark-burnett): hosts not required for client certificates
- document_name: kubernetes-etcd-anchor
description: anchor
common_name: anchor
- document_name: kubernetes-etcd-genesis
common_name: kubernetes-etcd-genesis
hosts:
- n0
- 172.24.1.10
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- 10.96.0.2
- document_name: kubernetes-etcd-n0
common_name: kubernetes-etcd-n0
hosts:
- n0
- 172.24.1.10
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- 10.96.0.2
- document_name: kubernetes-etcd-n1
common_name: kubernetes-etcd-n1
hosts:
- n1
- 172.24.1.11
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- 10.96.0.2
- document_name: kubernetes-etcd-n2
common_name: kubernetes-etcd-n2
hosts:
- n2
- 172.24.1.12
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- 10.96.0.2
- document_name: kubernetes-etcd-n3
common_name: kubernetes-etcd-n3
hosts:
- n3
- 172.24.1.13
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- 10.96.0.2

kubernetes-etcd-peer:
certificates:
- document_name: kubernetes-etcd-genesis-peer
common_name: kubernetes-etcd-genesis-peer
hosts:
- n0
- 172.24.1.10
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- 10.96.0.2
- document_name: kubernetes-etcd-n0-peer
common_name: kubernetes-etcd-n0-peer
hosts:
- n0
- 172.24.1.10
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- 10.96.0.2
- document_name: kubernetes-etcd-n1-peer
common_name: kubernetes-etcd-n1-peer
hosts:
- n1
- 172.24.1.11
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- 10.96.0.2
- document_name: kubernetes-etcd-n2-peer
common_name: kubernetes-etcd-n2-peer
hosts:
- n2
- 172.24.1.12
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- 10.96.0.2
- document_name: kubernetes-etcd-n3-peer
common_name: kubernetes-etcd-n3-peer
hosts:
- n3
- 172.24.1.13
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- 10.96.0.2
calico-etcd:
description: Certificates for Calico etcd client traffic
certificates:
- document_name: calico-etcd-anchor
description: anchor
common_name: anchor
- document_name: calico-etcd-genesis
common_name: calico-etcd-genesis
hosts:
- n0
- 172.24.1.10
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-etcd-n0
common_name: calico-etcd-n0
hosts:
- n0
- 172.24.1.10
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-etcd-n1
common_name: calico-etcd-n1
hosts:
- n1
- 172.24.1.11
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-etcd-n2
common_name: calico-etcd-n2
hosts:
- n2
- 172.24.1.12
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-etcd-n3
common_name: calico-etcd-n3
hosts:
- n3
- 172.24.1.13
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-node
common_name: calcico-node
calico-etcd-peer:
description: Certificates for Calico etcd clients
certificates:
- document_name: calico-etcd-genesis-peer
common_name: calico-etcd-genesis-peer
hosts:
- n0
- 172.24.1.10
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-etcd-n0-peer
common_name: calico-etcd-n0-peer
hosts:
- n0
- 172.24.1.10
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-etcd-n1-peer
common_name: calico-etcd-n1-peer
hosts:
- n1
- 172.24.1.11
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-etcd-n2-peer
common_name: calico-etcd-n2-peer
hosts:
- n2
- 172.24.1.12
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-etcd-n3-peer
common_name: calico-etcd-n3-peer
hosts:
- n3
- 172.24.1.13
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-node-peer
common_name: calcico-node-peer
keypairs:
- name: service-account
description: Service account signing key for use by Kubernetes controller-manager.
...

+ 50
- 0
site/seaworthy-virt/profiles/genesis.yaml View File

@@ -0,0 +1,50 @@
---
# The purpose of this file is to apply proper labels to Genesis node so the
# proper services are installed and proper configuration applied. This should
# not need to be changed for a new site.
# #GLOBAL-CANDIDATE#
schema: promenade/Genesis/v1
metadata:
schema: metadata/Document/v1
name: genesis-site
layeringDefinition:
abstract: false
layer: site
parentSelector:
name: genesis-global
actions:
- method: merge
path: .
storagePolicy: cleartext
data:
labels:
dynamic:
- beta.kubernetes.io/fluentd-ds-ready=true
- calico-etcd=enabled
- ceph-mds=enabled
- ceph-mon=enabled
- ceph-osd=enabled
- ceph-rgw=enabled
- ceph-mgr=enabled
- ceph-bootstrap=enabled
- tenant-ceph-control-plane=enabled
- tenant-ceph-mon=enabled
- tenant-ceph-rgw=enabled
- tenant-ceph-mgr=enabled
- kube-dns=enabled
- kube-ingress=enabled
- kubernetes-apiserver=enabled
- kubernetes-controller-manager=enabled
- kubernetes-etcd=enabled
- kubernetes-scheduler=enabled
- promenade-genesis=enabled
- ucp-control-plane=enabled
- maas-rack=enabled
- maas-region=enabled
- ceph-osd-bootstrap=enabled
- openstack-control-plane=enabled
- openvswitch=enabled
- openstack-l3-agent=enabled
- node-exporter=enabled
- fluentd=enabled
...

+ 23
- 0
site/seaworthy-virt/profiles/hardware/generic_vm.yaml View File

@@ -0,0 +1,23 @@
---
schema: 'drydock/HardwareProfile/v1'
metadata:
schema: 'metadata/Document/v1'
name: GenericVM
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
vendor: 'Dell'
generation: '1'
hw_version: '2'
bios_version: '2.2.3'
boot_mode: 'bios'
bootstrap_protocol: 'pxe'
pxe_interface: 0
device_aliases:
pnic01:
bus_type: 'pci'
dev_type: 'Intel 10Gbps NIC'
address: '0000:00:03.0'
...

+ 173
- 0
site/seaworthy-virt/profiles/host/gate-vm-cp.yaml View File

@@ -0,0 +1,173 @@
---
schema: drydock/HostProfile/v1
metadata:
schema: metadata/Document/v1
name: cp-global
replacement: true
layeringDefinition:
abstract: false
layer: site
parentSelector:
hosttype: cp-global
actions:
- method: replace
path: .storage
- method: replace
path: .interfaces
- method: replace
path: .platform.kernel_params
- method: merge
path: .
storagePolicy: cleartext
data:
hardware_profile: 'GenericVM'
primary_network: 'gp'
oob:
type: 'libvirt'
libvirt_uri: 'qemu+ssh://virtmgr@172.24.1.1/system'
storage:
physical_devices:
vda:
labels:
bootdrive: 'true'
partitions:
- name: 'root'
size: '20g'
bootable: true
filesystem:
mountpoint: '/'
fstype: 'ext4'
mount_options: 'defaults'
- name: 'boot'
size: '1g'
filesystem:
mountpoint: '/boot'
fstype: 'ext4'
mount_options: 'defaults'
interfaces:
ens3:
device_link: 'gp'
slaves:
- 'ens3'
networks:
- 'gp'
platform:
kernel_params:
kernel_package: 'linux-image-4.15.0-34-generic'
...
---
schema: drydock/HostProfile/v1
metadata:
schema: metadata/Document/v1
name: cp-secondary
layeringDefinition:
abstract: false
layer: site
parentSelector:
hosttype: cp-global
actions:
- method: replace
path: .storage
- method: replace
path: .interfaces
- method: replace
path: .platform.kernel_params
- method: merge
path: .
storagePolicy: cleartext
data:
hardware_profile: 'GenericVM'
primary_network: 'gp'
oob:
type: 'libvirt'
libvirt_uri: 'qemu+ssh://virtmgr@172.24.1.1/system'
storage:
physical_devices:
vda:
labels:
bootdrive: 'true'
partitions:
- name: 'root'
size: '20g'
bootable: true
filesystem:
mountpoint: '/'
fstype: 'ext4'
mount_options: 'defaults'
- name: 'boot'
size: '1g'
filesystem:
mountpoint: '/boot'
fstype: 'ext4'
mount_options: 'defaults'
interfaces:
ens3:
device_link: 'gp'
slaves:
- 'ens3'
networks:
- 'gp'
platform:
kernel_params:
kernel_package: 'linux-image-4.15.0-34-generic'

metadata:
owner_data:
control-plane: enabled
ucp-control-plane: enabled
openstack-control-plane: enabled
openstack-heat: enabled
openstack-keystone: enabled
openstack-rabbitmq: enabled
openstack-dns-helper: enabled
openstack-mariadb: enabled
openstack-nova-control: enabled
# openstack-etcd: enabled
openstack-mistral: enabled
openstack-memcached: enabled
openstack-glance: enabled
openstack-horizon: enabled
openstack-cinder-control: enabled
openstack-cinder-volume: control
openstack-neutron: enabled
openvswitch: enabled
ucp-barbican: enabled
# ceph-mon: enabled
ceph-mgr: enabled
ceph-osd: enabled
ceph-mds: enabled
ceph-rgw: enabled
ucp-maas: enabled
kube-dns: enabled
tenant-ceph-control-plane: enabled
# tenant-ceph-mon: enabled
tenant-ceph-rgw: enabled
tenant-ceph-mgr: enabled
kubernetes-apiserver: enabled
kubernetes-controller-manager: enabled
# kubernetes-etcd: enabled
kubernetes-scheduler: enabled
tiller-helm: enabled
# kube-etcd: enabled
calico-policy: enabled
calico-node: enabled
# calico-etcd: enabled
ucp-armada: enabled
ucp-drydock: enabled
ucp-deckhand: enabled
ucp-shipyard: enabled
IAM: enabled
ucp-promenade: enabled
prometheus-server: enabled
prometheus-client: enabled
fluentd: enabled
influxdb: enabled
kibana: enabled
elasticsearch-client: enabled
elasticsearch-master: enabled
elasticsearch-data: enabled
postgresql: enabled
kube-ingress: enabled
beta.kubernetes.io/fluentd-ds-ready: 'true'
node-exporter: enabled
...

+ 58
- 0
site/seaworthy-virt/profiles/host/gate-vm-dp.yaml View File

@@ -0,0 +1,58 @@
---
schema: 'drydock/HostProfile/v1'
metadata:
name: gate-vm-dp
schema: 'metadata/Document/v1'
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
hardware_profile: 'GenericVM'
primary_network: 'gp'
oob:
type: 'libvirt'
libvirt_uri: 'qemu+ssh://virtmgr@172.24.1.1/system'
storage:
physical_devices:
vda:
labels:
bootdrive: 'true'
partitions:
- name: 'root'
size: '20g'
bootable: true
filesystem:
mountpoint: '/'
fstype: 'ext4'
mount_options: 'defaults'
- name: 'boot'
size: '1g'
filesystem:
mountpoint: '/boot'
fstype: 'ext4'
mount_options: 'defaults'
interfaces:
ens3:
device_link: 'gp'
slaves:
- 'ens3'
networks:
- 'gp'
platform:
image: 'xenial'
kernel: 'hwe-16.04'
metadata:
tags:
- 'foo'
owner_data:
openstack-nova-compute: enabled
openvswitch: enabled
# sriov: enabled
contrail-vrouter: kernel
openstack-libvirt: kernel
beta.kubernetes.io/fluentd-ds-ready: 'true'
node-exporter: enabled
fluentbit: enabled
tenant-ceph-osd: enabled
...

+ 37
- 0
site/seaworthy-virt/profiles/region.yaml View File

@@ -0,0 +1,37 @@
---
# The purpose of this file is to define the drydock Region, which in turn drives
# the MaaS region.
schema: 'drydock/Region/v1'
metadata:
schema: 'metadata/Document/v1'
name: seaworthy-virt
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
substitutions:
- dest:
# Add/replace the first item in the list
path: .authorized_keys[0]
src:
schema: deckhand/PublicKey/v1
# This should match the "name" metadata of the SSH key which will be
# substituted, located in site/airship-seaworthy/secrets folder.
name: airship_ubuntu_ssh_public_key
path: .
- dest:
path: .repositories.main_archive
src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .packages.repositories.main_archive
data:
tag_definitions: []
# This is the list of SSH keys which MaaS will register for the built-in
# "ubuntu" account during the PXE process. This list is populated by
# substitution, so the same SSH keys do not need to be repeated in multiple
# manifests.
authorized_keys: []
repositories:
remove_unlisted: true
...

+ 2784
- 0
site/seaworthy-virt/secrets/certificates/certificates.yaml
File diff suppressed because it is too large
View File


+ 38
- 0
site/seaworthy-virt/secrets/passphrases/airship_drydock_kvm_ssh_key.yaml View File

@@ -0,0 +1,38 @@
---
schema: deckhand/CertificateKey/v1
metadata:
schema: metadata/Document/v1
name: airship_drydock_kvm_ssh_key
layeringDefinition:
layer: site
abstract: false
storagePolicy: cleartext
data: |-
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA6gVNOBV7zP2yeZF4P+pcei6VrRW5Qy0pzFNl4Xx6JGyM8LUP
yH11pPTokQ7G4JRowzn9tsq21b10gStFLyysOogXJlKCHeR0Bu1MfQYzxshyRgCM
dTc9H+4hhLnbPfazV+wUqgV02smsIy0x28DCiHUGXnledAsRPXFcT2d+ujPYoE7u
M6WDrRhGwMBM9s6iZ2aYcwDjN8SgliaeLEd6xrk/AHjsvEHQKVCqe24PxiwXbu9q
8PMbUOHfd/OrK+ir+uzh06ZVywifPB6btP3BxBRNLVcSwGgUnPQWg/+q+vi6urlp
b66lxQ658gzltzFWHyOl/rQSMP1/rH3M1NhibwIDAQABAoIBAA1VW/70Cme1lLOk
fCt4GOjFOrXv5OxU6GrB3a4pP3RP0v/r8QhFTaymX5HUO7SUABwPc8s0ZZJsBvVN
F9YGP5HeKyN90/gMCihS4ObGsbCDvy8J3PbYvNzS3ooHZNx07+b0hoDharUEhJBE
hPC2XN8Ve9VqKN2Hu+W6Tb4gcXH+YlHEeULaeerZRmAflKxnspvYIkVzP5vV540h
qiP5LH5dTuHaJBiQcrCP9dbFzjPCqueFohHKOQI6wSbI9QbcuQvD7pxHoxPaf8B/
V68fYaZoTGuVzhUuRsKTmseaFac4/bgmCQI8j2fDnWWA7EUANhH2ldIwEwBoPiF+
nldqQbECgYEA/mcP2XQ98KIOLRRyWYMxPW/MjKRe1aefcll1Iitilt67mBwPUSvN
KB/JTLoN838Vdv/oPQiZrtTYiEsbcj3YHa+kjI62veSFXTeghMKgn4HqQ1FdHOIW
Ku+lXj6hSVUdyqC1r8vDDvoludFep+s+M0w/7tcSjlqlZHkpFgEL0uMCgYEA6316
G8luptWeYOD2AOPjqqecXoSfPO6EG8rNO3IQUyQP8LgwtQUbK1PNZ/0u9IsKGnTA
CvtjhAmyLPlq87KSjOOw7br6VSih/9uxfx/zf+y+NOwkFBqgn2/9lwFvkoJvPELk
hRr39Ej9NuX42W5m7XkINCddJgPrVaGF0FQ87AUCgYEAuM03Fzi4se+Wqqqasml5
wG5RQa05cqzUR6WyUAMCGCRuU322prlRy57jhMf20HX1qr8U/hkcQoM9VCxzIJbK
Qi5QMwaMuv6g3mlFQot7UMN34DTfldaqUcBJ+V83nGSnQoVh1fUHmf6enw/3WbWq
NmtiWeaEBULVuFnHPcO+yg8CgYEAqYha+VgpxgfyDlLGJ9voUjp6k30s2oPoLc3x
tIMoh4Jly2n+/sMfTTD2po+aV0kly+gTPZS/jxYf5MrnGWyMnsto260JfXdUMUur
XBbXiVgZkyYRzztgOYg5a5YICdTHWf3aYI0Kxx4o1XX4kiguB3Zj1pAkOjMGIE65
dELA3TUCgYAoRt2+LINxTn2dqU9sHv+oAqN9WY3AGLc8MgAG2sEyD6u6a4ji6LJA
5W48boUeUAieiyHdLqpnxZbgsndFXGoOGy3w7k511mGVT8R37uzqoW8en+l/B3aC
m6GnweW01V+kv0FiSLsMfNZmYQeCQRNYn/LdSBAjsrmg8c88z0Af6g==
-----END RSA PRIVATE KEY-----
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/airship_ubuntu_ssh_public_key.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/PublicKey/v1
metadata:
schema: metadata/Document/v1
name: airship_ubuntu_ssh_public_key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqBU04FXvM/bJ5kXg/6lx6LpWtFblDLSnMU2XhfHokbIzwtQ/IfXWk9OiRDsbglGjDOf22yrbVvXSBK0UvLKw6iBcmUoId5HQG7Ux9BjPGyHJGAIx1Nz0f7iGEuds99rNX7BSqBXTayawjLTHbwMKIdQZeeV50CxE9cVxPZ366M9igTu4zpYOtGEbAwEz2zqJnZphzAOM3xKCWJp4sR3rGuT8AeOy8QdApUKp7bg/GLBdu72rw8xtQ4d9386sr6Kv67OHTplXLCJ88Hpu0/cHEFE0tVxLAaBSc9BaD/6r6+Lq6uWlvrqXFDrnyDOW3MVYfI6X+tBIw/X+sfczU2GJv ubuntu@multinode
...

+ 12
- 0
site/seaworthy-virt/secrets/passphrases/apiserver-encryption-key-key1.yaml View File

@@ -0,0 +1,12 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: apiserver-encryption-key-key1
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
# head -c 32 /dev/urandom | base64
data: ShMq3FztlkBMTDMKmKBv9Nq0Rk6h5hGWwZTyUnYjxlM=
...

+ 12
- 0
site/seaworthy-virt/secrets/passphrases/ceph_fsid.yaml View File

@@ -0,0 +1,12 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ceph_fsid
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
# uuidgen
data: 7b7576f4-3358-4668-9112-100440079807
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ceph_swift_keystone_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ceph_swift_keystone_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 13
- 0
site/seaworthy-virt/secrets/passphrases/ipmi_admin_password.yaml View File

@@ -0,0 +1,13 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ipmi_admin_password
layeringDefinition:
abstract: false
layer: site
labels:
name: ipmi-admin-password-site
storagePolicy: cleartext
data: password123
...

+ 12
- 0
site/seaworthy-virt/secrets/passphrases/maas-region-key.yaml View File

@@ -0,0 +1,12 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: maas-region-key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
# openssl rand -hex 10
data: 9026f6048d6a017dc913
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_barbican_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_barbican_oslo_messaging_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_barbican_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_barbican_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_cinder_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_cinder_oslo_messaging_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_cinder_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_cinder_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_glance_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_glance_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_glance_oslo_messaging_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_glance_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_glance_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_heat_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_heat_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_heat_oslo_messaging_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_heat_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_heat_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_heat_stack_user_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_heat_stack_user_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_heat_trustee_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_heat_trustee_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_horizon_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_horizon_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_elasticsearch_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_grafana_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_grafana_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_grafana_oslo_db_session_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_nagios_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_nagios_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_openstack_exporter_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_openstack_exporter_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_oslo_db_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_oslo_db_exporter_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_prometheus_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_prometheus_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_rgw_s3_admin_access_key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: admin_access_key
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_rgw_s3_admin_secret_key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: admin_secret_key
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_rgw_s3_elasticsearch_access_key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: elastic_access_key
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_rgw_s3_elasticsearch_secret_key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: elastic_secret_key
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_keystone_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_keystone_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_keystone_ldap_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_keystone_ldap_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_keystone_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_keystone_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_keystone_oslo_messaging_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_neutron_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_neutron_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_neutron_oslo_messaging_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_neutron_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_neutron_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_nova_metadata_proxy_shared_secret
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_nova_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_nova_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_nova_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_nova_oslo_messaging_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_nova_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_nova_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_oslo_cache_secret_key.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_oslo_cache_secret_key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_oslo_db_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_oslo_db_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_oslo_db_exporter_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_oslo_db_exporter_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_oslo_messaging_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_oslo_messaging_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_placement_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_placement_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_rabbitmq_erlang_cookie.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_rabbitmq_erlang_cookie
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/osh_tempest_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_tempest_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 12
- 0
site/seaworthy-virt/secrets/passphrases/tenant_ceph_fsid.yaml View File

@@ -0,0 +1,12 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: tenant_ceph_fsid
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
# uuidgen
data: 29d8953d-0bb6-4ba1-a48a-f9be1c0937a9
...

+ 12
- 0
site/seaworthy-virt/secrets/passphrases/ubuntu_crypt_password.yaml View File

@@ -0,0 +1,12 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ubuntu_crypt_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
# Pass: password123
data: $6$qgvZ3LC9.t59Akqy$HAJfJpdrN8Ld9ssGyjFPzyJ3WUGN.ucqhSyA25LFjBrSYboVFgX8wLomRwlf5YIn1siaXHSh4JaPJED3BO36J1
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_airflow_oslo_messaging_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_airflow_postgres_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_airflow_postgres_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_armada_keystone_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_armada_keystone_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_barbican_keystone_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_barbican_keystone_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_barbican_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_barbican_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_deckhand_keystone_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_deckhand_keystone_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_deckhand_postgres_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_deckhand_postgres_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_drydock_keystone_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_drydock_keystone_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_drydock_postgres_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_drydock_postgres_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_keystone_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_keystone_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_keystone_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_keystone_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/seaworthy-virt/secrets/passphrases/ucp_maas_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_maas_admin_password
layeringDefinition:
<