airship
/
treasuremap
Code Issues Proposed changes

Update vino 

Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
Change-Id: I907c2b86fea75446e3e4cb7af45404a7ce2d4881
This commit is contained in:
Andrii Ostapenko 2021-06-12 20:25:55 -05:00
parent c9847c4aaa
commit 68e0c7d8fc
No known key found for this signature in database
GPG Key ID: F3E83668DBB223B3
27 changed files with 618 additions and 473 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
manifests/function/treasuremap-base-catalogues/versions-treasuremap.yaml
View File

@ -110,9 +110,9 @@ spec:
sushy-tools: sushy-tools:
image: quay.io/metal3-io/sushy-tools:latest image: quay.io/metal3-io/sushy-tools:latest
manager: manager:
image: quay.io/airshipit/vino:6480ddc3ba98fba21fd692b8489adb0177abb8b5 image: quay.io/airshipit/vino:0e709c0d27b2052a5198f8d27d39bd25ed122dae
vino-builder: vino-builder:
image: quay.io/airshipit/vino-builder:6480ddc3ba98fba21fd692b8489adb0177abb8b5 image: quay.io/airshipit/vino-builder:0e709c0d27b2052a5198f8d27d39bd25ed122dae
nodelabeler: nodelabeler:
image: quay.io/airshipit/nodelabeler:latest image: quay.io/airshipit/nodelabeler:latest
synclabeller: synclabeller:

8
manifests/function/vino/Kptfile
View File

@ -5,19 +5,19 @@ dependencies:
git: git:
repo: "https://opendev.org/airship/vino" repo: "https://opendev.org/airship/vino"
directory: "config/crd" directory: "config/crd"
ref: "6ad6bb6d8c9b162540b689c9e8b9385e847c922a" ref: "0e709c0d27b2052a5198f8d27d39bd25ed122dae"
- name: upstream/default - name: upstream/default
git: git:
repo: "https://opendev.org/airship/vino" repo: "https://opendev.org/airship/vino"
directory: "config/default" directory: "config/default"
ref: "6ad6bb6d8c9b162540b689c9e8b9385e847c922a" ref: "0e709c0d27b2052a5198f8d27d39bd25ed122dae"
- name: upstream/manager - name: upstream/manager
git: git:
repo: "https://opendev.org/airship/vino" repo: "https://opendev.org/airship/vino"
directory: "config/manager" directory: "config/manager"
ref: "6ad6bb6d8c9b162540b689c9e8b9385e847c922a" ref: "0e709c0d27b2052a5198f8d27d39bd25ed122dae"
- name: upstream/rbac - name: upstream/rbac
git: git:
repo: "https://opendev.org/airship/vino" repo: "https://opendev.org/airship/vino"
directory: "config/rbac" directory: "config/rbac"
ref: "6ad6bb6d8c9b162540b689c9e8b9385e847c922a" ref: "0e709c0d27b2052a5198f8d27d39bd25ed122dae"

11
manifests/function/vino/upstream/crd/Kptfile
View File

@ -5,14 +5,7 @@ metadata:
upstream: upstream:
type: git type: git
git: git:
commit: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a commit: 0e709c0d27b2052a5198f8d27d39bd25ed122dae
repo: https://opendev.org/airship/vino repo: https://opendev.org/airship/vino
directory: config/crd directory: config/crd
ref: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a ref: 0e709c0d27b2052a5198f8d27d39bd25ed122dae
openAPI:
definitions:
io.k8s.cli.setters.replicas:
x-k8s-cli:
setter:
name: replicas
value: "3"

2
manifests/function/vino/upstream/crd/bases/airship.airshipit.org_ippools.yaml
View File

@ -1,3 +1,5 @@
---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:

33
manifests/function/vino/upstream/crd/bases/airship.airshipit.org_vinoes.yaml
View File

@ -1,3 +1,5 @@
---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
@ -88,6 +90,12 @@ spec:
items: items:
type: string type: string
type: array type: array
instanceSubnet:
type: string
libvirtTemplate:
description: LibvirtTemplate identifies which libvirt template
to be used to create a network
type: string
macPrefix: macPrefix:
description: MACPrefix defines the zero-padded MAC prefix to description: MACPrefix defines the zero-padded MAC prefix to
use for VM mac addresses, and is the first address that will use for VM mac addresses, and is the first address that will
@ -98,6 +106,10 @@ spec:
name: name:
description: Network Parameter defined description: Network Parameter defined
type: string type: string
physicalInterface:
description: PhysicalInterface identifies interface into which
to plug in libvirt network
type: string
routes: routes:
items: items:
description: VMRoutes defined description: VMRoutes defined
@ -146,9 +158,8 @@ spec:
k8s node, that are specified in vino.NodeLabelKeysToCopy k8s node, that are specified in vino.NodeLabelKeysToCopy
type: object type: object
bootInterfaceName: bootInterfaceName:
description: BootInterfaceName references the interface name description: BootInterfaceName interface name to use to boot
in the list of NetworkInterfaces Vino will take this interface virtual machines
find its mac address and use it as bootMACAddress for BMH
type: string type: string
count: count:
type: integer type: integer
@ -172,6 +183,10 @@ spec:
type: string type: string
type: object type: object
type: array type: array
enableVNC:
description: EnableVNC create VNC for graphical interaction
with the VM that will be created.
type: boolean
libvirtTemplate: libvirtTemplate:
description: NamespacedName to be used to spawn VMs description: NamespacedName to be used to spawn VMs
properties: properties:
@ -210,8 +225,20 @@ spec:
type: string type: string
type: object type: object
type: array type: array
rootDeviceName:
description: RootDeviceName is the root device for underlying
VM, /dev/vda for example default is /dev/vda
type: string
type: object type: object
type: array type: array
pxeBootImageHost:
description: PXEBootImageHost will be used to download the PXE boot
image
type: string
pxeBootImageHostPort:
description: PXEBootImageHostPort will be used to download the PXE
boot image
type: integer
vmBridge: vmBridge:
description: VMBridge defines the single interface name to be used description: VMBridge defines the single interface name to be used
as a bridge for VMs as a bridge for VMs

7
manifests/function/vino/upstream/crd/kustomization.yaml
View File

@ -7,6 +7,13 @@ resources:
- bases/bmh.yaml - bases/bmh.yaml
# +kubebuilder:scaffold:crdkustomizeresource # +kubebuilder:scaffold:crdkustomizeresource
patchesStrategicMerge:
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
# patches here are for enabling the conversion webhook for each CRD
#- patches/webhook_in_vinoes.yaml
#- patches/webhook_in_ippools.yaml
# +kubebuilder:scaffold:crdkustomizewebhookpatch
# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
# patches here are for enabling the CA injection for each CRD # patches here are for enabling the CA injection for each CRD
#- patches/cainjection_in_vinoes.yaml #- patches/cainjection_in_vinoes.yaml

2
manifests/function/vino/upstream/crd/kustomizeconfig.yaml
View File

@ -6,10 +6,12 @@ nameReference:
- kind: CustomResourceDefinition - kind: CustomResourceDefinition
group: apiextensions.k8s.io group: apiextensions.k8s.io
path: spec/conversion/webhookClientConfig/service/name path: spec/conversion/webhookClientConfig/service/name
namespace: namespace:
- kind: CustomResourceDefinition - kind: CustomResourceDefinition
group: apiextensions.k8s.io group: apiextensions.k8s.io
path: spec/conversion/webhookClientConfig/service/namespace path: spec/conversion/webhookClientConfig/service/namespace
create: false create: false
varReference: varReference:
- path: metadata/annotations - path: metadata/annotations

4
manifests/function/vino/upstream/default/Kptfile
View File

@ -5,7 +5,7 @@ metadata:
upstream: upstream:
type: git type: git
git: git:
commit: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a commit: 0e709c0d27b2052a5198f8d27d39bd25ed122dae
repo: https://opendev.org/airship/vino repo: https://opendev.org/airship/vino
directory: config/default directory: config/default
ref: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a ref: 0e709c0d27b2052a5198f8d27d39bd25ed122dae

48
manifests/function/vino/upstream/default/kustomization.yaml
View File

@ -1,14 +1,17 @@
# Adds namespace to all resources. # Adds namespace to all resources.
namespace: vino-system namespace: vino-system
# Value of this field is prepended to the # Value of this field is prepended to the
# names of all resources, e.g. a deployment named # names of all resources, e.g. a deployment named
# "wordpress" becomes "alices-wordpress". # "wordpress" becomes "alices-wordpress".
# Note that it should also match with the prefix (text before '-') of the namespace # Note that it should also match with the prefix (text before '-') of the namespace
# field above. # field above.
namePrefix: vino- namePrefix: vino-
# Labels to add to all resources and selectors. # Labels to add to all resources and selectors.
#commonLabels: #commonLabels:
# someName: someValue # someName: someValue
bases: bases:
- ../crd - ../crd
- ../rbac - ../rbac
@ -22,7 +25,46 @@ bases:
#- ../prometheus #- ../prometheus
patchesStrategicMerge: patchesStrategicMerge:
# Protect the /metrics endpoint by putting it behind auth. # Protect the /metrics endpoint by putting it behind auth.
# If you want your controller-manager to expose the /metrics # If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, please comment the following line. # endpoint w/o any authn/z, please comment the following line.
- manager_auth_proxy_patch.yaml - manager_auth_proxy_patch.yaml
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
# crd/kustomization.yaml
#- manager_webhook_patch.yaml
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
# 'CERTMANAGER' needs to be enabled to use ca injection
#- webhookcainjection_patch.yaml
# the following config is for teaching kustomize how to do var substitution
vars:
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
# objref:
# kind: Certificate
# group: cert-manager.io
# version: v1alpha2
# name: serving-cert # this name should match the one in certificate.yaml
# fieldref:
# fieldpath: metadata.namespace
#- name: CERTIFICATE_NAME
# objref:
# kind: Certificate
# group: cert-manager.io
# version: v1alpha2
# name: serving-cert # this name should match the one in certificate.yaml
#- name: SERVICE_NAMESPACE # namespace of the service
# objref:
# kind: Service
# version: v1
# name: webhook-service
# fieldref:
# fieldpath: metadata.namespace
#- name: SERVICE_NAME
# objref:
# kind: Service
# version: v1
# name: webhook-service

12
manifests/function/vino/upstream/manager/Kptfile
View File

@ -5,15 +5,7 @@ metadata:
upstream: upstream:
type: git type: git
git: git:
commit: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a commit: 0e709c0d27b2052a5198f8d27d39bd25ed122dae
repo: https://opendev.org/airship/vino repo: https://opendev.org/airship/vino
directory: config/manager directory: config/manager
ref: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a ref: 0e709c0d27b2052a5198f8d27d39bd25ed122dae
openAPI:
definitions:
io.k8s.cli.setters.replicas:
x-k8s-cli:
setter:
isSet: true
name: replicas
value: "3"

70
manifests/function/vino/upstream/manager/create_tls_cert.sh Executable file
View File

@ -0,0 +1,70 @@
#!/bin/bash
set -xe
set -o pipefail
echo "Target directory location = $1"
# check if certificates are already present
# TBD should validity of existing certs be checked.
if [ -f $1/ca-cert.pem ] && [ -f $1/server-cert.pem ] && [ -f $1/server-key.pem ]
then
echo "ca-cert.pem, server-cert.pem and server-key.pem already present"
exit 0
else
# create a temp dir
TMP=$(mktemp -d)
cd ${TMP}
# create ca certificate
echo ' cn = airshipit.org
ca
cert_signing_key' > ca-template.info
(umask 277 && certtool --generate-privkey > ca-key.pem)
certtool --generate-self-signed \
--template ca-template.info \
--load-privkey ca-key.pem \
--outfile ca-cert.pem
rm ca-template.info
echo ' organization = airshipit.org
cn = server
tls_www_server
encryption_key
signing_key' > server-template.info
(umask 277 && certtool --generate-privkey > server-key.pem)
# create server certificate
certtool --generate-certificate \
--template server-template.info \
--load-privkey server-key.pem \
--load-ca-certificate ca-cert.pem \
--load-ca-privkey ca-key.pem \
--outfile server-cert.pem
rm server-template.info
# copy the required certs in the target location
echo "Copy the required certs to target location : $1"
cp *.pem $1
#echo ' country = Country
# state = State
# locality = City
# organization = Name of your organization
# cn = Client Host Name
# tls_www_client
# encryption_key
# signing_key' > client-template.info
#(umask 277 && certtool --generate-privkey > client-key.pem)
#certtool --generate-certificate
# --template client-template.info
# --load-privkey client-key.pem
# --load-ca-certificate ca-cert.pem
# --load-ca-privkey ca_key.pem
# --outfile client-cert.pem
fi
exit 0

189
manifests/function/vino/upstream/manager/daemonset-template.yaml
View File

@ -15,6 +15,18 @@ spec:
hostNetwork: true hostNetwork: true
hostPID: true hostPID: true
hostIPC: true hostIPC: true
initContainers:
- name: create-libvirt-vnc-certs
image: quay.io/airshipit/gnu-tls:latest-minideb
imagePullPolicy: IfNotPresent
command: ["/usr/local/bin/create_tls_cert.sh"]
args: [ "/etc/pki/libvirt-vnc"]
volumeMounts:
- name: etc-pki-libvirt-vnc
mountPath: "/etc/pki/libvirt-vnc"
- name: usr-local-bin
mountPath: "/usr/local/bin"
containers: containers:
- name: libvirt - name: libvirt
command: command:
@ -39,42 +51,46 @@ spec:
mountPath: /sys/fs/cgroup mountPath: /sys/fs/cgroup
- name: logs - name: logs
mountPath: /var/log/libvirt mountPath: /var/log/libvirt
- mountPath: /var/lib/libvirt/vino-pool - name: var-lib-vino-pool
name: var-lib-vino-pool mountPath: /var/lib/libvirt/vino-pool
- mountPath: /etc/libvirt/qemu - name: etc-qemu
name: etc-qemu mountPath: /etc/libvirt/qemu
- mountPath: /etc/libvirt/nwfilter - name: etc-nwfilter
name: etc-nwfilter mountPath: /etc/libvirt/nwfilter
- mountPath: /etc/libvirt/hooks - name: etc-hooks
name: etc-hooks mountPath: /etc/libvirt/hooks
- mountPath: /etc/libvirt/storage - name: etc-storage
name: etc-storage mountPath: /etc/libvirt/storage
- mountPath: /var/lib/vino - name: var-lib-vino
name: var-lib-vino mountPath: /var/lib/vino
- name: etc-libvirt
mountPath: /etc/libvirt
- name: etc-pki-libvirt-vnc
mountPath: /etc/pki/libvirt-vnc
- name: sushy - name: sushy
image: quay.io/metal3-io/sushy-tools image: quay.io/metal3-io/sushy-tools
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: ["/usr/local/bin/sushy-emulator", "-i", "::", "--debug", "--port", command: ["/usr/local/bin/sushy-emulator", "-i", "::", "--debug", "--port", "8000"]
"8000"]
volumeMounts: volumeMounts:
- name: var-run-libvirt - name: var-run-libvirt
mountPath: /var/run/libvirt mountPath: /var/run/libvirt
- mountPath: /var/lib/libvirt - name: var-lib-libvirt
name: var-lib-libvirt mountPath: /var/lib/libvirt
livenessProbe:
httpGet:
host: 127.0.0.1
path: /redfish/v1/Systems
port: 8000
initialDelaySeconds: 10
periodSeconds: 20
readinessProbe: readinessProbe:
httpGet: httpGet:
host: 127.0.0.1
path: /redfish/v1/Systems path: /redfish/v1/Systems
host: 127.0.0.1
port: 8000 port: 8000
initialDelaySeconds: 5 initialDelaySeconds: 5
periodSeconds: 10 periodSeconds: 10
livenessProbe:
httpGet:
path: /redfish/v1/Systems
host: 127.0.0.1
port: 8000
initialDelaySeconds: 10
periodSeconds: 20
# - name: vino-reverse-proxy # - name: vino-reverse-proxy
# image: quay.io/airshipit/vino-reverse-proxy # image: quay.io/airshipit/vino-reverse-proxy
# ports: # ports:
@ -100,51 +116,51 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: spec.nodeName fieldPath: spec.nodeName
- image: quay.io/airshipit/vino-builder - name: vino-builder
imagePullPolicy: IfNotPresent
name: vino-builder
ports:
- containerPort: 8001
hostPort: 8001
readinessProbe: readinessProbe:
initialDelaySeconds: 20
periodSeconds: 5
exec: exec:
command: command:
- cat - cat
- /tmp/healthy - /tmp/healthy
initialDelaySeconds: 20
periodSeconds: 5
securityContext: securityContext:
privileged: true privileged: true
readOnlyRootFilesystem: false
runAsUser: 0 runAsUser: 0
readOnlyRootFilesystem: false
ports:
- containerPort: 8001
hostPort: 8001
image: quay.io/airshipit/vino-builder
imagePullPolicy: IfNotPresent
volumeMounts: volumeMounts:
- mountPath: /var/lib/vino-builder/flavors - name: flavors
name: flavors mountPath: /var/lib/vino-builder/flavors
- mountPath: /var/lib/vino-builder/flavor-templates - name: flavor-templates
name: flavor-templates mountPath: /var/lib/vino-builder/flavor-templates
- mountPath: /var/lib/vino-builder/network-templates - name: network-templates
name: network-templates mountPath: /var/lib/vino-builder/network-templates
- mountPath: /var/lib/vino-builder/storage-templates - name: storage-templates
name: storage-templates mountPath: /var/lib/vino-builder/storage-templates
- mountPath: /tmp - name: pod-tmp
name: pod-tmp mountPath: /tmp
- mountPath: /lib/modules - mountPath: /lib/modules
name: libmodules name: libmodules
readOnly: true readOnly: true
- mountPath: /var/lib/libvirt - name: var-lib-libvirt
name: var-lib-libvirt mountPath: /var/lib/libvirt
- mountPath: /var/run/libvirt - name: var-run-libvirt
name: var-run-libvirt mountPath: /var/run/libvirt
- mountPath: /var/lib/libvirt/vino-pool - name: var-lib-vino-pool
name: var-lib-vino-pool mountPath: /var/lib/libvirt/vino-pool
- mountPath: /run - name: run
name: run mountPath: /run
- mountPath: /dev - name: dev
name: dev mountPath: /dev
- mountPath: /sys/fs/cgroup - name: cgroup
name: cgroup mountPath: /sys/fs/cgroup
- mountPath: /var/log/libvirt - name: logs
name: logs mountPath: /var/log/libvirt
volumes: volumes:
- name: libmodules - name: libmodules
hostPath: hostPath:
@ -152,8 +168,6 @@ spec:
- name: var-lib-libvirt - name: var-lib-libvirt
hostPath: hostPath:
path: /var/lib/libvirt path: /var/lib/libvirt
- hostPath: {}
name: var-lib-libvirt-images
- name: run - name: run
hostPath: hostPath:
path: /run path: /run
@ -169,45 +183,56 @@ spec:
- name: var-run-libvirt - name: var-run-libvirt
hostPath: hostPath:
path: /var/run/libvirt path: /var/run/libvirt
- configMap: - name: flavors
defaultMode: 0555 configMap:
name: vino-flavors name: vino-flavors
name: flavors
- configMap:
defaultMode: 0555 defaultMode: 0555
- name: flavor-templates
configMap:
name: vino-flavor-templates name: vino-flavor-templates
name: flavor-templates
- configMap:
defaultMode: 0555 defaultMode: 0555
- name: network-templates
configMap:
name: vino-network-templates name: vino-network-templates
name: network-templates
- configMap:
defaultMode: 0555 defaultMode: 0555
- name: storage-templates
configMap:
name: vino-storage-templates name: vino-storage-templates
name: storage-templates defaultMode: 0555
- emptyDir: {} - name: pod-tmp
name: pod-tmp emptyDir: {}
- hostPath: - name: var-lib-vino-pool
hostPath:
path: /var/lib/vino-pool path: /var/lib/vino-pool
type: DirectoryOrCreate type: DirectoryOrCreate
name: var-lib-vino-pool - name: etc-qemu
- hostPath: hostPath:
path: /etc/vino-qemu path: /etc/vino-qemu
type: DirectoryOrCreate type: DirectoryOrCreate
name: etc-qemu - name: etc-storage
- hostPath: hostPath:
path: /etc/vino-storage path: /etc/vino-storage
type: DirectoryOrCreate type: DirectoryOrCreate
name: etc-storage - name: etc-nwfilter
- hostPath: hostPath:
path: /etc/vino-nwfilter path: /etc/vino-nwfilter
type: DirectoryOrCreate type: DirectoryOrCreate
name: etc-nwfilter - name: etc-hooks
- hostPath: hostPath:
path: /etc/vino-hooks path: /etc/vino-hooks
type: DirectoryOrCreate type: DirectoryOrCreate
name: etc-hooks - name: var-lib-vino
- hostPath: hostPath:
path: /var/lib/vino path: /var/lib/vino
type: DirectoryOrCreate type: DirectoryOrCreate
name: var-lib-vino - name: etc-libvirt
configMap:
name: vino-libvirt-qemu-conf
defaultMode: 0555
- name: etc-pki-libvirt-vnc
hostPath:
path: /etc/pki/libvirt-vnc
- name: usr-local-bin
configMap:
name: vino-create-libvirt-vnc-cert
defaultMode: 0777

74
manifests/function/vino/upstream/manager/flavor-templates.yaml
View File

@ -1,18 +1,16 @@
flavorTemplates: flavorTemplates:
master: master:
domainTemplate: | domainTemplate: |
{% set nodename = 'master-' + item|string %} {% if domain is defined %}
{% if domains[nodename] is defined %}
{% set domain = domains[nodename] %}
<domain type="kvm"> <domain type="kvm">
<name>{{ nodename }}</name> <name>{{ domain.name }}</name>
<uuid>{{ nodename | hash('md5') }}</uuid> <uuid>{{ domain.name | hash('md5') }}</uuid>
<metadata> <metadata>
<vino:flavor>master</vino:flavor> <vino:flavor>master</vino:flavor>
<vino:creationTime>{{ ansible_date_time.date }}</vino:creationTime> <vino:creationTime>{{ ansible_date_time.date }}</vino:creationTime>
</metadata> </metadata>
<memory unit="GiB">{{ flavors.master.memory }}</memory> <memory unit="GiB">{{ flavors.master.memory }}</memory>
{% if flavors.worker.hugepages is defined and flavors.worker.hugepages == true %} {% if flavors.master.hugepages is defined and flavors.master.hugepages == true %}
<memoryBacking> <memoryBacking>
<hugepages> <hugepages>
<page size='1' unit='GiB' /> <page size='1' unit='GiB' />
@ -20,14 +18,14 @@ flavorTemplates:
</memoryBacking> </memoryBacking>
{% endif %} {% endif %}
<vcpu placement="static">{{ flavors.master.vcpus }}</vcpu> <vcpu placement="static">{{ flavors.master.vcpus }}</vcpu>
{% if node_core_map[nodename] is defined %} {% if domain.name in node_core_map %}
# function to produce list of cpus, in same numa (controled by bool), state will need to be tracked via file on hypervisor host. gotpl psudo: # function to produce list of cpus, in same numa (controled by bool), state will need to be tracked via file on hypervisor host. gotpl psudo:
<cputune> <cputune>
<shares>8192</shares> <shares>8192</shares>
{% for core in node_core_map[nodename] %} {% for core in node_core_map[domain.name] %}
<vcpupin vcpu="{{ loop.index0 }}" cpuset="{{ core }}"/> <vcpupin vcpu="{{ loop.index0 }}" cpuset="{{ core }}"/>
{% endfor %} {% endfor %}
<emulatorpin cpuset="{{ node_core_map[nodename]|join(',') }}"/> <emulatorpin cpuset="{{ node_core_map[domain.name]|join(',') }}"/>
</cputune> </cputune>
{% endif %} {% endif %}
<resource> <resource>
@ -56,7 +54,7 @@ flavorTemplates:
# for each disk requested # for each disk requested
<disk type='volume' device='disk'> <disk type='volume' device='disk'>
<driver name="qemu" type="qcow2" cache="none" discard="unmap"/> <driver name="qemu" type="qcow2" cache="none" discard="unmap"/>
<source pool='vino-default' volume='{{ nodename }}'/> <source pool='vino-default' volume='{{ domain.name }}'/>
<target dev='vde' bus='virtio'/> <target dev='vde' bus='virtio'/>
</disk> </disk>
@ -71,26 +69,26 @@ flavorTemplates:
</controller> </controller>
# for each interface defined in vino, e.g. # for each interface defined in vino, e.g.
{% for if_name, if_values in domain.interfaces.items() %} {% for interface in domain.interfaces %}
<interface type='bridge'> <interface type='{{ interface.type }}'>
<mac address='{{ if_values.macAddress }}'/> <mac address='{{ interface.macAddress }}'/>
<source bridge='{{ if_name }}'/> <source {{ interface.type }}='{{ interface.network }}'/>
<model type='virtio'/> <model type='virtio'/>
</interface> </interface>
{% endfor %} {% endfor %}
<serial type='file'> <serial type='file'>
<source path='/var/lib/libvirt/{{ nodename }}-console.log'/> <source path='/var/lib/libvirt/{{ domain.name }}-console.log'/>
</serial> </serial>
<serial type='pty'/> <serial type='pty'/>
<console type='file'> <console type='file'>
<source path='/var/lib/libvirt/{{ nodename }}-console.log'/> <source path='/var/lib/libvirt/{{ domain.name }}-console.log'/>
<target type='serial'/> <target type='serial'/>
</console> </console>
{% if domain.enable_vnc | default(false) %} {% if domain.enableVNC | default(false) %}
<graphics type='vnc' autoport='yes' listen='0.0.0.0'> <graphics type='vnc' autoport='yes' passwd='{{ domain.vncPassword }}' listen='0.0.0.0'>
<listen type='address' address='0.0.0.0'/> <listen type='address' address='0.0.0.0'/>
</graphics> </graphics>
{% endif %} {% endif %}
@ -107,9 +105,8 @@ flavorTemplates:
</domain> </domain>
{% endif %} {% endif %}
volumeTemplate: | volumeTemplate: |
{% set nodename = 'master-' + item|string %}
<volume> <volume>
<name>{{ nodename }}</name> <name>{{ domain.name }}</name>
<allocation>0</allocation> <allocation>0</allocation>
<capacity unit='G'>{{ flavors.master.rootSize }}</capacity> <capacity unit='G'>{{ flavors.master.rootSize }}</capacity>
<target> <target>
@ -118,12 +115,10 @@ flavorTemplates:
</volume> </volume>
worker: worker:
domainTemplate: | domainTemplate: |
{% set nodename = 'worker-' + item|string %} {% if domain is defined %}
{% if domains[nodename] is defined %}
{% set domain = domains[nodename] %}
<domain type="kvm"> <domain type="kvm">
<name>{{ nodename }}</name> <name>{{ domain.name }}</name>
<uuid>{{ nodename | hash('md5') }}</uuid> <uuid>{{ domain.name | hash('md5') }}</uuid>
<metadata> <metadata>
<vino:flavor>worker</vino:flavor> <vino:flavor>worker</vino:flavor>
<vino:creationTime>{{ ansible_date_time.date }}</vino:creationTime> <vino:creationTime>{{ ansible_date_time.date }}</vino:creationTime>
@ -137,14 +132,14 @@ flavorTemplates:
</memoryBacking> </memoryBacking>
{% endif %} {% endif %}
<vcpu placement="static">{{ flavors.worker.vcpus }}</vcpu> <vcpu placement="static">{{ flavors.worker.vcpus }}</vcpu>
{% if node_core_map[nodename] is defined %} {% if domain.name in node_core_map %}
# function to produce list of cpus, in same numa (controled by bool), state will need to be tracked via file on hypervisor host. gotpl psudo: # function to produce list of cpus, in same numa (controled by bool), state will need to be tracked via file on hypervisor host. gotpl psudo:
<cputune> <cputune>
<shares>8192</shares> <shares>8192</shares>
{% for core in node_core_map[nodename] %} {% for core in node_core_map[domain.name] %}
<vcpupin vcpu="{{ loop.index0 }}" cpuset="{{ core }}"/> <vcpupin vcpu="{{ loop.index0 }}" cpuset="{{ core }}"/>
{% endfor %} {% endfor %}
<emulatorpin cpuset="{{ node_core_map[nodename]|join(',') }}"/> <emulatorpin cpuset="{{ node_core_map[domain.name]|join(',') }}"/>
</cputune> </cputune>
{% endif %} {% endif %}
<resource> <resource>
@ -173,7 +168,7 @@ flavorTemplates:
# for each disk requested # for each disk requested
<disk type='volume' device='disk'> <disk type='volume' device='disk'>
<driver name="qemu" type="qcow2" cache="none" discard="unmap"/> <driver name="qemu" type="qcow2" cache="none" discard="unmap"/>
<source pool='vino-default' volume='{{ nodename }}'/> <source pool='vino-default' volume='{{ domain.name }}'/>
<target dev='vde' bus='virtio'/> <target dev='vde' bus='virtio'/>
</disk> </disk>
@ -187,25 +182,31 @@ flavorTemplates:
<alias name="ide"/> <alias name="ide"/>
</controller> </controller>
{% for if_name, if_values in domain.interfaces.items() %} <interface type='network'>
<source network='pxe'/>
<model type='virtio'/>
</interface>
# for each interface defined in vino, e.g.
{% for interface in domain.interfaces %}
<interface type='bridge'> <interface type='bridge'>
<mac address='{{ if_values.macAddress }}'/> <mac address='{{ interface.macAddress }}'/>
<source bridge='{{ if_name }}'/> <source bridge='{{ interface.network }}'/>
<model type='virtio'/> <model type='virtio'/>
</interface> </interface>
{% endfor %} {% endfor %}
<serial type='file'> <serial type='file'>
<source path='/var/lib/libvirt/{{ nodename }}-console.log'/> <source path='/var/lib/libvirt/{{ domain.name }}-console.log'/>
</serial> </serial>
<serial type='pty'/> <serial type='pty'/>
<console type='file'> <console type='file'>
<source path='/var/lib/libvirt/{{ nodename }}-console.log'/> <source path='/var/lib/libvirt/{{ domain.name }}-console.log'/>
<target type='serial'/> <target type='serial'/>
</console> </console>
{% if domain.enable_vnc | default(false) %} {% if domain.enableVNC | default(false) %}
<graphics type='vnc' autoport='yes' listen='0.0.0.0'> <graphics type='vnc' autoport='yes' listen='0.0.0.0'>
<listen type='address' address='0.0.0.0'/> <listen type='address' address='0.0.0.0'/>
</graphics> </graphics>
@ -223,9 +224,8 @@ flavorTemplates:
</domain> </domain>
{% endif %} {% endif %}
volumeTemplate: | volumeTemplate: |
{% set nodename = 'worker-' + item|string %}
<volume> <volume>
<name>{{ nodename }}</name> <name>{{ domain.name }}</name>
<allocation>0</allocation> <allocation>0</allocation>
<capacity unit='G'>{{ flavors.worker.rootSize }}</capacity> <capacity unit='G'>{{ flavors.worker.rootSize }}</capacity>
<target> <target>

34
manifests/function/vino/upstream/manager/inventory-template.yaml
View File

@ -1,34 +0,0 @@
# NOTE: auto-generated. Some fields should NOT be modified.
# Date: 2021-03-16 10:05:35 UTC
#
# Contains the "inventory object" template ConfigMap.
# When this object is applied, it is handled specially,
# storing the metadata of all the other objects applied.
# This object and its stored inventory is subsequently
# used to calculate the set of objects to automatically
# delete (prune), when an object is omitted from further
# applies. When applied, this "inventory object" is also
# used to identify the entire set of objects to delete.
#
# NOTE: The name of this inventory template file
# does NOT have any impact on group-related functionality
# such as deletion or pruning.
#
apiVersion: v1
kind: ConfigMap
metadata:
# DANGER: Do not change the inventory object namespace.
# Changing the namespace will cause a loss of continuity
# with previously applied grouped objects. Set deletion
# and pruning functionality will be impaired.
namespace: default
# NOTE: The name of the inventory object does NOT have
# any impact on group-related functionality such as
# deletion or pruning.
name: inventory-15862452
labels:
# DANGER: Do not change the value of this label.
# Changing this value will cause a loss of continuity
# with previously applied grouped objects. Set deletion
# and pruning functionality will be impaired.
cli-utils.sigs.k8s.io/inventory-id: 6e088520-63c2-4b5d-82ea-4f2cb089920f

11
manifests/function/vino/upstream/manager/kustomization.yaml
View File

@ -1,5 +1,6 @@
resources: resources:
- manager.yaml - manager.yaml
configMapGenerator: configMapGenerator:
- name: daemonset-template - name: daemonset-template
options: options:
@ -26,3 +27,13 @@ configMapGenerator:
disableNameSuffixHash: true disableNameSuffixHash: true
files: files:
- storage-templates.yaml - storage-templates.yaml
- name: libvirt-qemu-conf
options:
disableNameSuffixHash: true
files:
- qemu.conf
- name: create-libvirt-vnc-cert
options:
disableNameSuffixHash: true
files:
- create_tls_cert.sh

14
manifests/function/vino/upstream/manager/network-templates.yaml
View File

@ -1,17 +1,15 @@
libvirtNetworks: libvirtNetworks:
- name: management management:
libvirtTemplate: | libvirtTemplate: |
<network> <network>
<name>management</name> <name>{{ network.name }}</name>
<forward mode='route'/> <forward mode='route'/>
<bridge name='management' stp='off' delay='0'/> <bridge name='vm-infra-bridge' stp='off' delay='0' {% if network.physicalInterface is defined %} dev='{{ network.physicalInterface }}' {% endif %}/>
<ip address='{{ networks[0].routes[0].gateway }}' netmask='255.255.240.0'> <ip address='{{ ipam.bridge_ip | default(omit) }}' netmask='{{ ipam.bridge_subnet_netmask }}'>
<!-- <tftp root='/srv/tftp'/> --> <!-- <tftp root='/srv/tftp'/> -->
<dhcp> <dhcp>
<range start='{{ networks[0].allocationStart }}' end='{{ networks[0].allocationStop }}'/> <range start='{{ ipam.instance_ips[0] }}' end='{{ ipam.instance_ips[-1] }}'/>
<bootp file=''/> <bootp file='http://{{ pxeBootImageHost | default(ansible_default_ipv4.address) }}:{{ pxeBootImageHostPort | default(80) }}/dualboot.ipxe'/>
</dhcp> </dhcp>
</ip> </ip>
</network> </network>
# - name: mobility-gn
# libvirtTemplate:

6
manifests/function/vino/upstream/manager/qemu.conf Normal file
View File

@ -0,0 +1,6 @@
stdio_handler = "file"
user = "root"
group = "root"
security_driver = "none"
vnc_tls = 1
#vnc_tls_x509_verify = 1

4
manifests/function/vino/upstream/manager/storage-templates.yaml
View File

@ -1,6 +1,6 @@
libvirtStorage: libvirtStorage:
- name: vino-default - name: vino-default
libvirtTemplate: |- libvirtTemplate: |
<pool type='dir'> <pool type='dir'>
<name>vino-default</name> <name>vino-default</name>
<target> <target>

4
manifests/function/vino/upstream/rbac/Kptfile
View File

@ -5,7 +5,7 @@ metadata:
upstream: upstream:
type: git type: git
git: git:
commit: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a commit: 0e709c0d27b2052a5198f8d27d39bd25ed122dae
repo: https://opendev.org/airship/vino repo: https://opendev.org/airship/vino
directory: config/rbac directory: config/rbac
ref: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a ref: 0e709c0d27b2052a5198f8d27d39bd25ed122dae

3
manifests/function/vino/upstream/rbac/role.yaml
View File

@ -1,6 +1,9 @@
---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
creationTimestamp: null
name: manager-role name: manager-role
rules: rules:
- apiGroups: - apiGroups:

9
manifests/function/vino/upstream/rbac/vino_manager_role.yaml
View File

@ -1,9 +1,10 @@
---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: cluster-manager-role name: cluster-manager-role
rules: rules:
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- secrets - secrets
@ -14,7 +15,7 @@ rules:
- list - list
- delete - delete
- update - update
- apiGroups: - apiGroups:
- airship.airshipit.org - airship.airshipit.org
resources: resources:
- vinoes - vinoes
@ -26,7 +27,7 @@ rules:
- patch - patch
- update - update
- watch - watch
- apiGroups: - apiGroups:
- airship.airshipit.org - airship.airshipit.org
resources: resources:
- vinoes/status - vinoes/status
@ -34,7 +35,7 @@ rules:
- get - get
- patch - patch
- update - update
- apiGroups: - apiGroups:
- metal3.io - metal3.io
resources: resources:
- baremetalhosts - baremetalhosts