Update vino

Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
Change-Id: I907c2b86fea75446e3e4cb7af45404a7ce2d4881
This commit is contained in:
Andrii Ostapenko 2021-06-12 20:25:55 -05:00
parent c9847c4aaa
commit 68e0c7d8fc
No known key found for this signature in database
GPG Key ID: F3E83668DBB223B3
27 changed files with 618 additions and 473 deletions

View File

@ -110,9 +110,9 @@ spec:
sushy-tools:
image: quay.io/metal3-io/sushy-tools:latest
manager:
image: quay.io/airshipit/vino:6480ddc3ba98fba21fd692b8489adb0177abb8b5
image: quay.io/airshipit/vino:0e709c0d27b2052a5198f8d27d39bd25ed122dae
vino-builder:
image: quay.io/airshipit/vino-builder:6480ddc3ba98fba21fd692b8489adb0177abb8b5
image: quay.io/airshipit/vino-builder:0e709c0d27b2052a5198f8d27d39bd25ed122dae
nodelabeler:
image: quay.io/airshipit/nodelabeler:latest
synclabeller:

View File

@ -5,19 +5,19 @@ dependencies:
git:
repo: "https://opendev.org/airship/vino"
directory: "config/crd"
ref: "6ad6bb6d8c9b162540b689c9e8b9385e847c922a"
ref: "0e709c0d27b2052a5198f8d27d39bd25ed122dae"
- name: upstream/default
git:
repo: "https://opendev.org/airship/vino"
directory: "config/default"
ref: "6ad6bb6d8c9b162540b689c9e8b9385e847c922a"
ref: "0e709c0d27b2052a5198f8d27d39bd25ed122dae"
- name: upstream/manager
git:
repo: "https://opendev.org/airship/vino"
directory: "config/manager"
ref: "6ad6bb6d8c9b162540b689c9e8b9385e847c922a"
ref: "0e709c0d27b2052a5198f8d27d39bd25ed122dae"
- name: upstream/rbac
git:
repo: "https://opendev.org/airship/vino"
directory: "config/rbac"
ref: "6ad6bb6d8c9b162540b689c9e8b9385e847c922a"
ref: "0e709c0d27b2052a5198f8d27d39bd25ed122dae"

View File

@ -5,14 +5,7 @@ metadata:
upstream:
type: git
git:
commit: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
commit: 0e709c0d27b2052a5198f8d27d39bd25ed122dae
repo: https://opendev.org/airship/vino
directory: config/crd
ref: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
openAPI:
definitions:
io.k8s.cli.setters.replicas:
x-k8s-cli:
setter:
name: replicas
value: "3"
ref: 0e709c0d27b2052a5198f8d27d39bd25ed122dae

View File

@ -1,3 +1,5 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

View File

@ -1,3 +1,5 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -88,6 +90,12 @@ spec:
items:
type: string
type: array
instanceSubnet:
type: string
libvirtTemplate:
description: LibvirtTemplate identifies which libvirt template
to be used to create a network
type: string
macPrefix:
description: MACPrefix defines the zero-padded MAC prefix to
use for VM mac addresses, and is the first address that will
@ -98,6 +106,10 @@ spec:
name:
description: Network Parameter defined
type: string
physicalInterface:
description: PhysicalInterface identifies interface into which
to plug in libvirt network
type: string
routes:
items:
description: VMRoutes defined
@ -146,9 +158,8 @@ spec:
k8s node, that are specified in vino.NodeLabelKeysToCopy
type: object
bootInterfaceName:
description: BootInterfaceName references the interface name
in the list of NetworkInterfaces Vino will take this interface
find its mac address and use it as bootMACAddress for BMH
description: BootInterfaceName interface name to use to boot
virtual machines
type: string
count:
type: integer
@ -172,6 +183,10 @@ spec:
type: string
type: object
type: array
enableVNC:
description: EnableVNC create VNC for graphical interaction
with the VM that will be created.
type: boolean
libvirtTemplate:
description: NamespacedName to be used to spawn VMs
properties:
@ -210,8 +225,20 @@ spec:
type: string
type: object
type: array
rootDeviceName:
description: RootDeviceName is the root device for underlying
VM, /dev/vda for example default is /dev/vda
type: string
type: object
type: array
pxeBootImageHost:
description: PXEBootImageHost will be used to download the PXE boot
image
type: string
pxeBootImageHostPort:
description: PXEBootImageHostPort will be used to download the PXE
boot image
type: integer
vmBridge:
description: VMBridge defines the single interface name to be used
as a bridge for VMs

View File

@ -6,42 +6,42 @@ metadata:
name: baremetalhosts.metal3.io
spec:
additionalPrinterColumns:
- JSONPath: .status.operationalStatus
description: Operational status
name: Status
type: string
- JSONPath: .status.provisioning.state
description: Provisioning status
name: Provisioning Status
type: string
- JSONPath: .spec.consumerRef.name
description: Consumer using this host
name: Consumer
type: string
- JSONPath: .spec.bmc.address
description: Address of management controller
name: BMC
type: string
- JSONPath: .status.hardwareProfile
description: The type of hardware detected
name: Hardware Profile
type: string
- JSONPath: .spec.online
description: Whether the host is online or not
name: Online
type: string
- JSONPath: .status.errorMessage
description: Most recent error
name: Error
type: string
- JSONPath: .status.operationalStatus
description: Operational status
name: Status
type: string
- JSONPath: .status.provisioning.state
description: Provisioning status
name: Provisioning Status
type: string
- JSONPath: .spec.consumerRef.name
description: Consumer using this host
name: Consumer
type: string
- JSONPath: .spec.bmc.address
description: Address of management controller
name: BMC
type: string
- JSONPath: .status.hardwareProfile
description: The type of hardware detected
name: Hardware Profile
type: string
- JSONPath: .spec.online
description: Whether the host is online or not
name: Online
type: string
- JSONPath: .status.errorMessage
description: Most recent error
name: Error
type: string
group: metal3.io
names:
kind: BareMetalHost
listKind: BareMetalHostList
plural: baremetalhosts
shortNames:
- bmh
- bmhost
- bmh
- bmhost
singular: baremetalhost
scope: Namespaced
subresources:
@ -84,8 +84,8 @@ spec:
the connection.
type: boolean
required:
- address
- credentialsName
- address
- credentialsName
type: object
bootMACAddress:
description: Which MAC address will PXE boot? This is optional for some
@ -95,8 +95,8 @@ spec:
bootMode:
description: Select the method of initializing the hardware during boot.
enum:
- UEFI
- legacy
- UEFI
- legacy
type: string
consumerRef:
description: ConsumerRef can be used to store information about something
@ -161,8 +161,8 @@ spec:
description: URL is a location of an image to deploy.
type: string
required:
- checksum
- url
- checksum
- url
type: object
networkData:
description: NetworkData holds the reference to the Secret containing
@ -206,8 +206,8 @@ spec:
key.
type: string
required:
- effect
- key
- effect
- key
type: object
type: array
userData:
@ -224,7 +224,7 @@ spec:
type: string
type: object
required:
- online
- online
type: object
status:
description: BareMetalHostStatus defines the observed state of BareMetalHost
@ -236,10 +236,10 @@ spec:
description: ErrorType indicates the type of failure encountered when
the OperationalStatus is OperationalStatusError
enum:
- registration error
- inspection error
- provisioning error
- power management error
- registration error
- inspection error
- provisioning error
- power management error
type: string
goodCredentials:
description: the last credentials we were able to validate as working
@ -279,11 +279,11 @@ spec:
model:
type: string
required:
- arch
- clockMegahertz
- count
- flags
- model
- arch
- clockMegahertz
- count
- flags
- model
type: object
firmware:
description: Firmware describes the firmware on the host.
@ -301,12 +301,12 @@ spec:
description: The version of the BIOS
type: string
required:
- date
- vendor
- version
- date
- vendor
- version
type: object
required:
- bios
- bios
type: object
hostname:
type: string
@ -349,17 +349,17 @@ spec:
name:
type: string
required:
- id
- id
type: object
type: array
required:
- ip
- mac
- model
- name
- pxe
- speedGbps
- vlanId
- ip
- mac
- model
- name
- pxe
- speedGbps
- vlanId
type: object
type: array
ramMebibytes:
@ -401,10 +401,10 @@ spec:
description: The WWN with the extension
type: string
required:
- name
- rotational
- serialNumber
- sizeBytes
- name
- rotational
- serialNumber
- sizeBytes
type: object
type: array
systemVendor:
@ -418,18 +418,18 @@ spec:
serialNumber:
type: string
required:
- manufacturer
- productName
- serialNumber
- manufacturer
- productName
- serialNumber
type: object
required:
- cpu
- firmware
- hostname
- nics
- ramMebibytes
- storage
- systemVendor
- cpu
- firmware
- hostname
- nics
- ramMebibytes
- storage
- systemVendor
type: object
hardwareProfile:
description: The name of the profile matching the hardware details.
@ -498,10 +498,10 @@ spec:
operationalStatus:
description: OperationalStatus holds the status of the host
enum:
- ""
- OK
- discovered
- error
- ""
- OK
- discovered
- error
type: string
poweredOn:
description: indicator for whether or not the host is powered on
@ -524,16 +524,16 @@ spec:
description: URL is a location of an image to deploy.
type: string
required:
- checksum
- url
- checksum
- url
type: object
state:
description: An indiciator for what the provisioner is doing with
the host.
type: string
required:
- ID
- state
- ID
- state
type: object
triedCredentials:
description: the last credentials we sent to the provisioning backend
@ -555,16 +555,16 @@ spec:
type: string
type: object
required:
- errorMessage
- hardwareProfile
- operationHistory
- operationalStatus
- poweredOn
- provisioning
- errorMessage
- hardwareProfile
- operationHistory
- operationalStatus
- poweredOn
- provisioning
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
- name: v1alpha1
served: true
storage: true

View File

@ -7,6 +7,13 @@ resources:
- bases/bmh.yaml
# +kubebuilder:scaffold:crdkustomizeresource
patchesStrategicMerge:
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
# patches here are for enabling the conversion webhook for each CRD
#- patches/webhook_in_vinoes.yaml
#- patches/webhook_in_ippools.yaml
# +kubebuilder:scaffold:crdkustomizewebhookpatch
# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
# patches here are for enabling the CA injection for each CRD
#- patches/cainjection_in_vinoes.yaml

View File

@ -6,10 +6,12 @@ nameReference:
- kind: CustomResourceDefinition
group: apiextensions.k8s.io
path: spec/conversion/webhookClientConfig/service/name
namespace:
- kind: CustomResourceDefinition
group: apiextensions.k8s.io
path: spec/conversion/webhookClientConfig/service/namespace
create: false
varReference:
- path: metadata/annotations

View File

@ -5,7 +5,7 @@ metadata:
upstream:
type: git
git:
commit: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
commit: 0e709c0d27b2052a5198f8d27d39bd25ed122dae
repo: https://opendev.org/airship/vino
directory: config/default
ref: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
ref: 0e709c0d27b2052a5198f8d27d39bd25ed122dae

View File

@ -1,14 +1,17 @@
# Adds namespace to all resources.
namespace: vino-system
# Value of this field is prepended to the
# names of all resources, e.g. a deployment named
# "wordpress" becomes "alices-wordpress".
# Note that it should also match with the prefix (text before '-') of the namespace
# field above.
namePrefix: vino-
# Labels to add to all resources and selectors.
#commonLabels:
# someName: someValue
bases:
- ../crd
- ../rbac
@ -22,7 +25,46 @@ bases:
#- ../prometheus
patchesStrategicMerge:
# Protect the /metrics endpoint by putting it behind auth.
# If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, please comment the following line.
# Protect the /metrics endpoint by putting it behind auth.
# If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, please comment the following line.
- manager_auth_proxy_patch.yaml
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
# crd/kustomization.yaml
#- manager_webhook_patch.yaml
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
# 'CERTMANAGER' needs to be enabled to use ca injection
#- webhookcainjection_patch.yaml
# the following config is for teaching kustomize how to do var substitution
vars:
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
# objref:
# kind: Certificate
# group: cert-manager.io
# version: v1alpha2
# name: serving-cert # this name should match the one in certificate.yaml
# fieldref:
# fieldpath: metadata.namespace
#- name: CERTIFICATE_NAME
# objref:
# kind: Certificate
# group: cert-manager.io
# version: v1alpha2
# name: serving-cert # this name should match the one in certificate.yaml
#- name: SERVICE_NAMESPACE # namespace of the service
# objref:
# kind: Service
# version: v1
# name: webhook-service
# fieldref:
# fieldpath: metadata.namespace
#- name: SERVICE_NAME
# objref:
# kind: Service
# version: v1
# name: webhook-service

View File

@ -5,15 +5,7 @@ metadata:
upstream:
type: git
git:
commit: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
commit: 0e709c0d27b2052a5198f8d27d39bd25ed122dae
repo: https://opendev.org/airship/vino
directory: config/manager
ref: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
openAPI:
definitions:
io.k8s.cli.setters.replicas:
x-k8s-cli:
setter:
isSet: true
name: replicas
value: "3"
ref: 0e709c0d27b2052a5198f8d27d39bd25ed122dae

View File

@ -0,0 +1,70 @@
#!/bin/bash
set -xe
set -o pipefail
echo "Target directory location = $1"
# check if certificates are already present
# TBD should validity of existing certs be checked.
if [ -f $1/ca-cert.pem ] && [ -f $1/server-cert.pem ] && [ -f $1/server-key.pem ]
then
echo "ca-cert.pem, server-cert.pem and server-key.pem already present"
exit 0
else
# create a temp dir
TMP=$(mktemp -d)
cd ${TMP}
# create ca certificate
echo ' cn = airshipit.org
ca
cert_signing_key' > ca-template.info
(umask 277 && certtool --generate-privkey > ca-key.pem)
certtool --generate-self-signed \
--template ca-template.info \
--load-privkey ca-key.pem \
--outfile ca-cert.pem
rm ca-template.info
echo ' organization = airshipit.org
cn = server
tls_www_server
encryption_key
signing_key' > server-template.info
(umask 277 && certtool --generate-privkey > server-key.pem)
# create server certificate
certtool --generate-certificate \
--template server-template.info \
--load-privkey server-key.pem \
--load-ca-certificate ca-cert.pem \
--load-ca-privkey ca-key.pem \
--outfile server-cert.pem
rm server-template.info
# copy the required certs in the target location
echo "Copy the required certs to target location : $1"
cp *.pem $1
#echo ' country = Country
# state = State
# locality = City
# organization = Name of your organization
# cn = Client Host Name
# tls_www_client
# encryption_key
# signing_key' > client-template.info
#(umask 277 && certtool --generate-privkey > client-key.pem)
#certtool --generate-certificate
# --template client-template.info
# --load-privkey client-key.pem
# --load-ca-certificate ca-cert.pem
# --load-ca-privkey ca_key.pem
# --outfile client-cert.pem
fi
exit 0

View File

@ -15,199 +15,224 @@ spec:
hostNetwork: true
hostPID: true
hostIPC: true
initContainers:
- name: create-libvirt-vnc-certs
image: quay.io/airshipit/gnu-tls:latest-minideb
imagePullPolicy: IfNotPresent
command: ["/usr/local/bin/create_tls_cert.sh"]
args: [ "/etc/pki/libvirt-vnc"]
volumeMounts:
- name: etc-pki-libvirt-vnc
mountPath: "/etc/pki/libvirt-vnc"
- name: usr-local-bin
mountPath: "/usr/local/bin"
containers:
- name: libvirt
command:
- /tmp/libvirt.sh
image: quay.io/airshipit/libvirt:latest-ubuntu_bionic
securityContext:
privileged: true
runAsUser: 0
readOnlyRootFilesystem: false
volumeMounts:
- mountPath: /lib/modules
name: libmodules
readOnly: true
- name: var-lib-libvirt
mountPath: /var/lib/libvirt
mountPropagation: Bidirectional
- name: run
mountPath: /run
- name: dev
mountPath: /dev
- name: cgroup
mountPath: /sys/fs/cgroup
- name: logs
mountPath: /var/log/libvirt
- mountPath: /var/lib/libvirt/vino-pool
name: var-lib-vino-pool
- mountPath: /etc/libvirt/qemu
name: etc-qemu
- mountPath: /etc/libvirt/nwfilter
name: etc-nwfilter
- mountPath: /etc/libvirt/hooks
name: etc-hooks
- mountPath: /etc/libvirt/storage
name: etc-storage
- mountPath: /var/lib/vino
name: var-lib-vino
- name: sushy
image: quay.io/metal3-io/sushy-tools
imagePullPolicy: IfNotPresent
command: ["/usr/local/bin/sushy-emulator", "-i", "::", "--debug", "--port",
"8000"]
volumeMounts:
- name: var-run-libvirt
mountPath: /var/run/libvirt
- mountPath: /var/lib/libvirt
name: var-lib-libvirt
livenessProbe:
httpGet:
host: 127.0.0.1
path: /redfish/v1/Systems
port: 8000
initialDelaySeconds: 10
periodSeconds: 20
readinessProbe:
httpGet:
host: 127.0.0.1
path: /redfish/v1/Systems
port: 8000
initialDelaySeconds: 5
periodSeconds: 10
# - name: vino-reverse-proxy
# image: quay.io/airshipit/vino-reverse-proxy
# ports:
# - containerPort: 8000
# hostPort: 8000
# readinessProbe:
# tcpSocket:
# port: 8000
# host: 127.0.0.1
# initialDelaySeconds: 10
# periodSeconds: 5
# livenessProbe:
# tcpSocket:
# port: 8000
# host: 127.0.0.1
# initialDelaySeconds: 30
# periodSeconds: 30
- name: labeler
image: quay.io/airshipit/nodelabeler
imagePullPolicy: IfNotPresent
env:
- name: NODE
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- image: quay.io/airshipit/vino-builder
imagePullPolicy: IfNotPresent
name: vino-builder
ports:
- containerPort: 8001
hostPort: 8001
readinessProbe:
exec:
command:
- cat
- /tmp/healthy
initialDelaySeconds: 20
periodSeconds: 5
securityContext:
privileged: true
readOnlyRootFilesystem: false
runAsUser: 0
volumeMounts:
- mountPath: /var/lib/vino-builder/flavors
name: flavors
- mountPath: /var/lib/vino-builder/flavor-templates
name: flavor-templates
- mountPath: /var/lib/vino-builder/network-templates
name: network-templates
- mountPath: /var/lib/vino-builder/storage-templates
name: storage-templates
- mountPath: /tmp
name: pod-tmp
- mountPath: /lib/modules
name: libmodules
readOnly: true
- mountPath: /var/lib/libvirt
name: var-lib-libvirt
- mountPath: /var/run/libvirt
name: var-run-libvirt
- mountPath: /var/lib/libvirt/vino-pool
name: var-lib-vino-pool
- mountPath: /run
name: run
- mountPath: /dev
name: dev
- mountPath: /sys/fs/cgroup
name: cgroup
- mountPath: /var/log/libvirt
name: logs
- name: libvirt
command:
- /tmp/libvirt.sh
image: quay.io/airshipit/libvirt:latest-ubuntu_bionic
securityContext:
privileged: true
runAsUser: 0
readOnlyRootFilesystem: false
volumeMounts:
- mountPath: /lib/modules
name: libmodules
readOnly: true
- name: var-lib-libvirt
mountPath: /var/lib/libvirt
mountPropagation: Bidirectional
- name: run
mountPath: /run
- name: dev
mountPath: /dev
- name: cgroup
mountPath: /sys/fs/cgroup
- name: logs
mountPath: /var/log/libvirt
- name: var-lib-vino-pool
mountPath: /var/lib/libvirt/vino-pool
- name: etc-qemu
mountPath: /etc/libvirt/qemu
- name: etc-nwfilter
mountPath: /etc/libvirt/nwfilter
- name: etc-hooks
mountPath: /etc/libvirt/hooks
- name: etc-storage
mountPath: /etc/libvirt/storage
- name: var-lib-vino
mountPath: /var/lib/vino
- name: etc-libvirt
mountPath: /etc/libvirt
- name: etc-pki-libvirt-vnc
mountPath: /etc/pki/libvirt-vnc
- name: sushy
image: quay.io/metal3-io/sushy-tools
imagePullPolicy: IfNotPresent
command: ["/usr/local/bin/sushy-emulator", "-i", "::", "--debug", "--port", "8000"]
volumeMounts:
- name: var-run-libvirt
mountPath: /var/run/libvirt
- name: var-lib-libvirt
mountPath: /var/lib/libvirt
readinessProbe:
httpGet:
path: /redfish/v1/Systems
host: 127.0.0.1
port: 8000
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
httpGet:
path: /redfish/v1/Systems
host: 127.0.0.1
port: 8000
initialDelaySeconds: 10
periodSeconds: 20
# - name: vino-reverse-proxy
# image: quay.io/airshipit/vino-reverse-proxy
# ports:
# - containerPort: 8000
# hostPort: 8000
# readinessProbe:
# tcpSocket:
# port: 8000
# host: 127.0.0.1
# initialDelaySeconds: 10
# periodSeconds: 5
# livenessProbe:
# tcpSocket:
# port: 8000
# host: 127.0.0.1
# initialDelaySeconds: 30
# periodSeconds: 30
- name: labeler
image: quay.io/airshipit/nodelabeler
imagePullPolicy: IfNotPresent
env:
- name: NODE
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: vino-builder
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 5
exec:
command:
- cat
- /tmp/healthy
securityContext:
privileged: true
runAsUser: 0
readOnlyRootFilesystem: false
ports:
- containerPort: 8001
hostPort: 8001
image: quay.io/airshipit/vino-builder
imagePullPolicy: IfNotPresent
volumeMounts:
- name: flavors
mountPath: /var/lib/vino-builder/flavors
- name: flavor-templates
mountPath: /var/lib/vino-builder/flavor-templates
- name: network-templates
mountPath: /var/lib/vino-builder/network-templates
- name: storage-templates
mountPath: /var/lib/vino-builder/storage-templates
- name: pod-tmp
mountPath: /tmp
- mountPath: /lib/modules
name: libmodules
readOnly: true
- name: var-lib-libvirt
mountPath: /var/lib/libvirt
- name: var-run-libvirt
mountPath: /var/run/libvirt
- name: var-lib-vino-pool
mountPath: /var/lib/libvirt/vino-pool
- name: run
mountPath: /run
- name: dev
mountPath: /dev
- name: cgroup
mountPath: /sys/fs/cgroup
- name: logs
mountPath: /var/log/libvirt
volumes:
- name: libmodules
hostPath:
path: /lib/modules
- name: var-lib-libvirt
hostPath:
path: /var/lib/libvirt
- hostPath: {}
name: var-lib-libvirt-images
- name: run
hostPath:
path: /run
- name: dev
hostPath:
path: /dev
- name: logs
hostPath:
path: /var/log/libvirt
- name: cgroup
hostPath:
path: /sys/fs/cgroup
- name: var-run-libvirt
hostPath:
path: /var/run/libvirt
- configMap:
defaultMode: 0555
name: vino-flavors
name: flavors
- configMap:
defaultMode: 0555
name: vino-flavor-templates
name: flavor-templates
- configMap:
defaultMode: 0555
name: vino-network-templates
name: network-templates
- configMap:
defaultMode: 0555
name: vino-storage-templates
name: storage-templates
- emptyDir: {}
name: pod-tmp
- hostPath:
path: /var/lib/vino-pool
type: DirectoryOrCreate
name: var-lib-vino-pool
- hostPath:
path: /etc/vino-qemu
type: DirectoryOrCreate
name: etc-qemu
- hostPath:
path: /etc/vino-storage
type: DirectoryOrCreate
name: etc-storage
- hostPath:
path: /etc/vino-nwfilter
type: DirectoryOrCreate
name: etc-nwfilter
- hostPath:
path: /etc/vino-hooks
type: DirectoryOrCreate
name: etc-hooks
- hostPath:
path: /var/lib/vino
type: DirectoryOrCreate
name: var-lib-vino
- name: libmodules
hostPath:
path: /lib/modules
- name: var-lib-libvirt
hostPath:
path: /var/lib/libvirt
- name: run
hostPath:
path: /run
- name: dev
hostPath:
path: /dev
- name: logs
hostPath:
path: /var/log/libvirt
- name: cgroup
hostPath:
path: /sys/fs/cgroup
- name: var-run-libvirt
hostPath:
path: /var/run/libvirt
- name: flavors
configMap:
name: vino-flavors
defaultMode: 0555
- name: flavor-templates
configMap:
name: vino-flavor-templates
defaultMode: 0555
- name: network-templates
configMap:
name: vino-network-templates
defaultMode: 0555
- name: storage-templates
configMap:
name: vino-storage-templates
defaultMode: 0555
- name: pod-tmp
emptyDir: {}
- name: var-lib-vino-pool
hostPath:
path: /var/lib/vino-pool
type: DirectoryOrCreate
- name: etc-qemu
hostPath:
path: /etc/vino-qemu
type: DirectoryOrCreate
- name: etc-storage
hostPath:
path: /etc/vino-storage
type: DirectoryOrCreate
- name: etc-nwfilter
hostPath:
path: /etc/vino-nwfilter
type: DirectoryOrCreate
- name: etc-hooks
hostPath:
path: /etc/vino-hooks
type: DirectoryOrCreate
- name: var-lib-vino
hostPath:
path: /var/lib/vino
type: DirectoryOrCreate
- name: etc-libvirt
configMap:
name: vino-libvirt-qemu-conf
defaultMode: 0555
- name: etc-pki-libvirt-vnc
hostPath:
path: /etc/pki/libvirt-vnc
- name: usr-local-bin
configMap:
name: vino-create-libvirt-vnc-cert
defaultMode: 0777

View File

@ -1,18 +1,16 @@
flavorTemplates:
master:
domainTemplate: |
{% set nodename = 'master-' + item|string %}
{% if domains[nodename] is defined %}
{% set domain = domains[nodename] %}
{% if domain is defined %}
<domain type="kvm">
<name>{{ nodename }}</name>
<uuid>{{ nodename | hash('md5') }}</uuid>
<name>{{ domain.name }}</name>
<uuid>{{ domain.name | hash('md5') }}</uuid>
<metadata>
<vino:flavor>master</vino:flavor>
<vino:creationTime>{{ ansible_date_time.date }}</vino:creationTime>
</metadata>
<memory unit="GiB">{{ flavors.master.memory }}</memory>
{% if flavors.worker.hugepages is defined and flavors.worker.hugepages == true %}
{% if flavors.master.hugepages is defined and flavors.master.hugepages == true %}
<memoryBacking>
<hugepages>
<page size='1' unit='GiB' />
@ -20,14 +18,14 @@ flavorTemplates:
</memoryBacking>
{% endif %}
<vcpu placement="static">{{ flavors.master.vcpus }}</vcpu>
{% if node_core_map[nodename] is defined %}
{% if domain.name in node_core_map %}
# function to produce list of cpus, in same numa (controled by bool), state will need to be tracked via file on hypervisor host. gotpl psudo:
<cputune>
<shares>8192</shares>
{% for core in node_core_map[nodename] %}
{% for core in node_core_map[domain.name] %}
<vcpupin vcpu="{{ loop.index0 }}" cpuset="{{ core }}"/>
{% endfor %}
<emulatorpin cpuset="{{ node_core_map[nodename]|join(',') }}"/>
<emulatorpin cpuset="{{ node_core_map[domain.name]|join(',') }}"/>
</cputune>
{% endif %}
<resource>
@ -56,7 +54,7 @@ flavorTemplates:
# for each disk requested
<disk type='volume' device='disk'>
<driver name="qemu" type="qcow2" cache="none" discard="unmap"/>
<source pool='vino-default' volume='{{ nodename }}'/>
<source pool='vino-default' volume='{{ domain.name }}'/>
<target dev='vde' bus='virtio'/>
</disk>
@ -71,26 +69,26 @@ flavorTemplates:
</controller>
# for each interface defined in vino, e.g.
{% for if_name, if_values in domain.interfaces.items() %}
<interface type='bridge'>
<mac address='{{ if_values.macAddress }}'/>
<source bridge='{{ if_name }}'/>
{% for interface in domain.interfaces %}
<interface type='{{ interface.type }}'>
<mac address='{{ interface.macAddress }}'/>
<source {{ interface.type }}='{{ interface.network }}'/>
<model type='virtio'/>
</interface>
{% endfor %}
<serial type='file'>
<source path='/var/lib/libvirt/{{ nodename }}-console.log'/>
<source path='/var/lib/libvirt/{{ domain.name }}-console.log'/>
</serial>
<serial type='pty'/>
<console type='file'>
<source path='/var/lib/libvirt/{{ nodename }}-console.log'/>
<source path='/var/lib/libvirt/{{ domain.name }}-console.log'/>
<target type='serial'/>
</console>
{% if domain.enable_vnc | default(false) %}
<graphics type='vnc' autoport='yes' listen='0.0.0.0'>
{% if domain.enableVNC | default(false) %}
<graphics type='vnc' autoport='yes' passwd='{{ domain.vncPassword }}' listen='0.0.0.0'>
<listen type='address' address='0.0.0.0'/>
</graphics>
{% endif %}
@ -107,9 +105,8 @@ flavorTemplates:
</domain>
{% endif %}
volumeTemplate: |
{% set nodename = 'master-' + item|string %}
<volume>
<name>{{ nodename }}</name>
<name>{{ domain.name }}</name>
<allocation>0</allocation>
<capacity unit='G'>{{ flavors.master.rootSize }}</capacity>
<target>
@ -118,12 +115,10 @@ flavorTemplates:
</volume>
worker:
domainTemplate: |
{% set nodename = 'worker-' + item|string %}
{% if domains[nodename] is defined %}
{% set domain = domains[nodename] %}
{% if domain is defined %}
<domain type="kvm">
<name>{{ nodename }}</name>
<uuid>{{ nodename | hash('md5') }}</uuid>
<name>{{ domain.name }}</name>
<uuid>{{ domain.name | hash('md5') }}</uuid>
<metadata>
<vino:flavor>worker</vino:flavor>
<vino:creationTime>{{ ansible_date_time.date }}</vino:creationTime>
@ -137,14 +132,14 @@ flavorTemplates:
</memoryBacking>
{% endif %}
<vcpu placement="static">{{ flavors.worker.vcpus }}</vcpu>
{% if node_core_map[nodename] is defined %}
{% if domain.name in node_core_map %}
# function to produce list of cpus, in same numa (controled by bool), state will need to be tracked via file on hypervisor host. gotpl psudo:
<cputune>
<shares>8192</shares>
{% for core in node_core_map[nodename] %}
{% for core in node_core_map[domain.name] %}
<vcpupin vcpu="{{ loop.index0 }}" cpuset="{{ core }}"/>
{% endfor %}
<emulatorpin cpuset="{{ node_core_map[nodename]|join(',') }}"/>
<emulatorpin cpuset="{{ node_core_map[domain.name]|join(',') }}"/>
</cputune>
{% endif %}
<resource>
@ -173,7 +168,7 @@ flavorTemplates:
# for each disk requested
<disk type='volume' device='disk'>
<driver name="qemu" type="qcow2" cache="none" discard="unmap"/>
<source pool='vino-default' volume='{{ nodename }}'/>
<source pool='vino-default' volume='{{ domain.name }}'/>
<target dev='vde' bus='virtio'/>
</disk>
@ -187,25 +182,31 @@ flavorTemplates:
<alias name="ide"/>
</controller>
{% for if_name, if_values in domain.interfaces.items() %}
<interface type='network'>
<source network='pxe'/>
<model type='virtio'/>
</interface>
# for each interface defined in vino, e.g.
{% for interface in domain.interfaces %}
<interface type='bridge'>
<mac address='{{ if_values.macAddress }}'/>
<source bridge='{{ if_name }}'/>
<mac address='{{ interface.macAddress }}'/>
<source bridge='{{ interface.network }}'/>
<model type='virtio'/>
</interface>
{% endfor %}
<serial type='file'>
<source path='/var/lib/libvirt/{{ nodename }}-console.log'/>
<source path='/var/lib/libvirt/{{ domain.name }}-console.log'/>
</serial>
<serial type='pty'/>
<console type='file'>
<source path='/var/lib/libvirt/{{ nodename }}-console.log'/>
<source path='/var/lib/libvirt/{{ domain.name }}-console.log'/>
<target type='serial'/>
</console>
{% if domain.enable_vnc | default(false) %}
{% if domain.enableVNC | default(false) %}
<graphics type='vnc' autoport='yes' listen='0.0.0.0'>
<listen type='address' address='0.0.0.0'/>
</graphics>
@ -223,9 +224,8 @@ flavorTemplates:
</domain>
{% endif %}
volumeTemplate: |
{% set nodename = 'worker-' + item|string %}
<volume>
<name>{{ nodename }}</name>
<name>{{ domain.name }}</name>
<allocation>0</allocation>
<capacity unit='G'>{{ flavors.worker.rootSize }}</capacity>
<target>

View File

@ -1,34 +0,0 @@
# NOTE: auto-generated. Some fields should NOT be modified.
# Date: 2021-03-16 10:05:35 UTC
#
# Contains the "inventory object" template ConfigMap.
# When this object is applied, it is handled specially,
# storing the metadata of all the other objects applied.
# This object and its stored inventory is subsequently
# used to calculate the set of objects to automatically
# delete (prune), when an object is omitted from further
# applies. When applied, this "inventory object" is also
# used to identify the entire set of objects to delete.
#
# NOTE: The name of this inventory template file
# does NOT have any impact on group-related functionality
# such as deletion or pruning.
#
apiVersion: v1
kind: ConfigMap
metadata:
# DANGER: Do not change the inventory object namespace.
# Changing the namespace will cause a loss of continuity
# with previously applied grouped objects. Set deletion
# and pruning functionality will be impaired.
namespace: default
# NOTE: The name of the inventory object does NOT have
# any impact on group-related functionality such as
# deletion or pruning.
name: inventory-15862452
labels:
# DANGER: Do not change the value of this label.
# Changing this value will cause a loss of continuity
# with previously applied grouped objects. Set deletion
# and pruning functionality will be impaired.
cli-utils.sigs.k8s.io/inventory-id: 6e088520-63c2-4b5d-82ea-4f2cb089920f

View File

@ -1,5 +1,6 @@
resources:
- manager.yaml
configMapGenerator:
- name: daemonset-template
options:
@ -10,19 +11,29 @@ configMapGenerator:
options:
disableNameSuffixHash: true
files:
- flavors.yaml
- flavors.yaml
- name: flavor-templates
options:
disableNameSuffixHash: true
files:
- flavor-templates.yaml
- flavor-templates.yaml
- name: network-templates
options:
disableNameSuffixHash: true
files:
- network-templates.yaml
- network-templates.yaml
- name: storage-templates
options:
disableNameSuffixHash: true
files:
- storage-templates.yaml
- storage-templates.yaml
- name: libvirt-qemu-conf
options:
disableNameSuffixHash: true
files:
- qemu.conf
- name: create-libvirt-vnc-cert
options:
disableNameSuffixHash: true
files:
- create_tls_cert.sh

View File

@ -38,8 +38,8 @@ spec:
cpu: 100m
memory: 20Mi
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
terminationGracePeriodSeconds: 10

View File

@ -1,17 +1,15 @@
libvirtNetworks:
- name: management
libvirtTemplate: |
<network>
<name>management</name>
<forward mode='route'/>
<bridge name='management' stp='off' delay='0'/>
<ip address='{{ networks[0].routes[0].gateway }}' netmask='255.255.240.0'>
<!-- <tftp root='/srv/tftp'/> -->
<dhcp>
<range start='{{ networks[0].allocationStart }}' end='{{ networks[0].allocationStop }}'/>
<bootp file=''/>
</dhcp>
</ip>
</network>
# - name: mobility-gn
# libvirtTemplate:
management:
libvirtTemplate: |
<network>
<name>{{ network.name }}</name>
<forward mode='route'/>
<bridge name='vm-infra-bridge' stp='off' delay='0' {% if network.physicalInterface is defined %} dev='{{ network.physicalInterface }}' {% endif %}/>
<ip address='{{ ipam.bridge_ip | default(omit) }}' netmask='{{ ipam.bridge_subnet_netmask }}'>
<!-- <tftp root='/srv/tftp'/> -->
<dhcp>
<range start='{{ ipam.instance_ips[0] }}' end='{{ ipam.instance_ips[-1] }}'/>
<bootp file='http://{{ pxeBootImageHost | default(ansible_default_ipv4.address) }}:{{ pxeBootImageHostPort | default(80) }}/dualboot.ipxe'/>
</dhcp>
</ip>
</network>

View File

@ -0,0 +1,6 @@
stdio_handler = "file"
user = "root"
group = "root"
security_driver = "none"
vnc_tls = 1
#vnc_tls_x509_verify = 1

View File

@ -1,14 +1,14 @@
libvirtStorage:
- name: vino-default
libvirtTemplate: |-
<pool type='dir'>
<name>vino-default</name>
<target>
<path>/var/lib/libvirt/vino-pool</path>
<permissions>
<mode>0711</mode>
<owner>0</owner>
<group>0</group>
</permissions>
</target>
</pool>
- name: vino-default
libvirtTemplate: |
<pool type='dir'>
<name>vino-default</name>
<target>
<path>/var/lib/libvirt/vino-pool</path>
<permissions>
<mode>0711</mode>
<owner>0</owner>
<group>0</group>
</permissions>
</target>
</pool>

View File

@ -5,7 +5,7 @@ metadata:
upstream:
type: git
git:
commit: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
commit: 0e709c0d27b2052a5198f8d27d39bd25ed122dae
repo: https://opendev.org/airship/vino
directory: config/rbac
ref: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
ref: 0e709c0d27b2052a5198f8d27d39bd25ed122dae

View File

@ -13,4 +13,4 @@ resources:
- auth_proxy_role_binding.yaml
- auth_proxy_client_clusterrole.yaml
- vino_manager_role.yaml
- vino_manager_role_binding.yaml
- vino_manager_role_binding.yaml

View File

@ -41,4 +41,4 @@ rules:
- create
- update
- patch
- delete
- delete

View File

@ -1,6 +1,9 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: manager-role
rules:
- apiGroups:

View File

@ -9,4 +9,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: default
namespace: vino-system
namespace: vino-system

View File

@ -1,46 +1,47 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cluster-manager-role
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
- watch
- list
- delete
- update
- apiGroups:
- airship.airshipit.org
resources:
- vinoes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- airship.airshipit.org
resources:
- vinoes/status
verbs:
- get
- patch
- update
- apiGroups:
- metal3.io
resources:
- baremetalhosts
verbs:
- create
- get
- list
- patch
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
- watch
- list
- delete
- update
- apiGroups:
- airship.airshipit.org
resources:
- vinoes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- airship.airshipit.org
resources:
- vinoes/status
verbs:
- get
- patch
- update
- apiGroups:
- metal3.io
resources:
- baremetalhosts
verbs:
- create
- get
- list
- patch
- update

View File

@ -9,4 +9,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: default
namespace: vino-system
namespace: vino-system