Browse Source

Add Airship-in-a-Bottle site manifests and scripts

Note: all scripts in tools/deployment/aiab directory have been
moved into this repository as is (except a few changes to make
them work), they require a heavy refactoring that will be done
in separate patch-sets.

* Add a virtual single node manifests that are based on a sloop type.
* Use NFS provisioner instead of Ceph.
* Update tools/openstack to be non-seaworthy specific, use a default
  region name and auth url.
* Make type/sloop/config/common-software-config.yaml to be site specific,
  to allow to configure custom region_name.
* Remove max-pods-per-cpu parameter for kubelet, treasuremap needs
  to support a diverse set of environments, without constraints
  on the number of available cores. Max pods configuration parameter
  is still present and helps to mitigate problems when kubernetes
  unexpectedly starts a large number of pods.

Change-Id: I379a50d810b91b989f039dbb7c691f5ceec0cc67
tags/v1.1
Evgeny L Evgeniy L 10 months ago
parent
commit
c88eb575b8
100 changed files with 1662 additions and 1 deletions
  1. +0
    -1
      global/software/config/Kubelet.yaml
  2. +41
    -0
      site/aiab/deployment/deployment-configuration.yaml
  3. +24
    -0
      site/aiab/deployment/dev-configurables.yaml
  4. +35
    -0
      site/aiab/manifests/bootstrap.yaml
  5. +127
    -0
      site/aiab/networks/common-addresses.yaml
  6. +183
    -0
      site/aiab/pki/pki-catalog.yaml
  7. +43
    -0
      site/aiab/profiles/genesis.yaml
  8. +12
    -0
      site/aiab/secrets/passphrases/ceph_fsid.yaml
  9. +11
    -0
      site/aiab/secrets/passphrases/ceph_swift_keystone_password.yaml
  10. +13
    -0
      site/aiab/secrets/passphrases/ipmi_admin_password.yaml
  11. +12
    -0
      site/aiab/secrets/passphrases/maas-region-key.yaml
  12. +11
    -0
      site/aiab/secrets/passphrases/osh_barbican_oslo_db_password.yaml
  13. +11
    -0
      site/aiab/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml
  14. +11
    -0
      site/aiab/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
  15. +11
    -0
      site/aiab/secrets/passphrases/osh_barbican_password.yaml
  16. +11
    -0
      site/aiab/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml
  17. +11
    -0
      site/aiab/secrets/passphrases/osh_cinder_oslo_db_password.yaml
  18. +11
    -0
      site/aiab/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml
  19. +11
    -0
      site/aiab/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
  20. +11
    -0
      site/aiab/secrets/passphrases/osh_cinder_password.yaml
  21. +11
    -0
      site/aiab/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml
  22. +11
    -0
      site/aiab/secrets/passphrases/osh_glance_oslo_db_password.yaml
  23. +11
    -0
      site/aiab/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml
  24. +11
    -0
      site/aiab/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
  25. +11
    -0
      site/aiab/secrets/passphrases/osh_glance_password.yaml
  26. +11
    -0
      site/aiab/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml
  27. +11
    -0
      site/aiab/secrets/passphrases/osh_heat_oslo_db_password.yaml
  28. +11
    -0
      site/aiab/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml
  29. +11
    -0
      site/aiab/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
  30. +11
    -0
      site/aiab/secrets/passphrases/osh_heat_password.yaml
  31. +11
    -0
      site/aiab/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml
  32. +11
    -0
      site/aiab/secrets/passphrases/osh_heat_stack_user_password.yaml
  33. +11
    -0
      site/aiab/secrets/passphrases/osh_heat_trustee_password.yaml
  34. +11
    -0
      site/aiab/secrets/passphrases/osh_horizon_oslo_db_password.yaml
  35. +11
    -0
      site/aiab/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
  36. +11
    -0
      site/aiab/secrets/passphrases/osh_infra_grafana_admin_password.yaml
  37. +11
    -0
      site/aiab/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
  38. +11
    -0
      site/aiab/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
  39. +11
    -0
      site/aiab/secrets/passphrases/osh_infra_nagios_admin_password.yaml
  40. +11
    -0
      site/aiab/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
  41. +11
    -0
      site/aiab/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
  42. +11
    -0
      site/aiab/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml
  43. +11
    -0
      site/aiab/secrets/passphrases/osh_infra_prometheus_admin_password.yaml
  44. +11
    -0
      site/aiab/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml
  45. +11
    -0
      site/aiab/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml
  46. +11
    -0
      site/aiab/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml
  47. +11
    -0
      site/aiab/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml
  48. +11
    -0
      site/aiab/secrets/passphrases/osh_keystone_admin_password.yaml
  49. +11
    -0
      site/aiab/secrets/passphrases/osh_keystone_ldap_password.yaml
  50. +11
    -0
      site/aiab/secrets/passphrases/osh_keystone_oslo_db_password.yaml
  51. +11
    -0
      site/aiab/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml
  52. +11
    -0
      site/aiab/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
  53. +11
    -0
      site/aiab/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml
  54. +11
    -0
      site/aiab/secrets/passphrases/osh_neutron_oslo_db_password.yaml
  55. +11
    -0
      site/aiab/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml
  56. +11
    -0
      site/aiab/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
  57. +11
    -0
      site/aiab/secrets/passphrases/osh_neutron_password.yaml
  58. +11
    -0
      site/aiab/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml
  59. +11
    -0
      site/aiab/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml
  60. +11
    -0
      site/aiab/secrets/passphrases/osh_nova_oslo_db_password.yaml
  61. +11
    -0
      site/aiab/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml
  62. +11
    -0
      site/aiab/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
  63. +11
    -0
      site/aiab/secrets/passphrases/osh_nova_password.yaml
  64. +11
    -0
      site/aiab/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml
  65. +11
    -0
      site/aiab/secrets/passphrases/osh_oslo_cache_secret_key.yaml
  66. +11
    -0
      site/aiab/secrets/passphrases/osh_oslo_db_admin_password.yaml
  67. +11
    -0
      site/aiab/secrets/passphrases/osh_oslo_db_exporter_password.yaml
  68. +11
    -0
      site/aiab/secrets/passphrases/osh_placement_password.yaml
  69. +11
    -0
      site/aiab/secrets/passphrases/osh_tempest_password.yaml
  70. +12
    -0
      site/aiab/secrets/passphrases/tenant_ceph_fsid.yaml
  71. +11
    -0
      site/aiab/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml
  72. +11
    -0
      site/aiab/secrets/passphrases/ucp_airflow_postgres_password.yaml
  73. +11
    -0
      site/aiab/secrets/passphrases/ucp_armada_keystone_password.yaml
  74. +11
    -0
      site/aiab/secrets/passphrases/ucp_barbican_keystone_password.yaml
  75. +11
    -0
      site/aiab/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
  76. +11
    -0
      site/aiab/secrets/passphrases/ucp_deckhand_keystone_password.yaml
  77. +11
    -0
      site/aiab/secrets/passphrases/ucp_deckhand_postgres_password.yaml
  78. +11
    -0
      site/aiab/secrets/passphrases/ucp_drydock_keystone_password.yaml
  79. +11
    -0
      site/aiab/secrets/passphrases/ucp_drydock_postgres_password.yaml
  80. +11
    -0
      site/aiab/secrets/passphrases/ucp_keystone_admin_password.yaml
  81. +11
    -0
      site/aiab/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
  82. +11
    -0
      site/aiab/secrets/passphrases/ucp_maas_admin_password.yaml
  83. +11
    -0
      site/aiab/secrets/passphrases/ucp_maas_postgres_password.yaml
  84. +11
    -0
      site/aiab/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml
  85. +11
    -0
      site/aiab/secrets/passphrases/ucp_oslo_db_admin_password.yaml
  86. +11
    -0
      site/aiab/secrets/passphrases/ucp_oslo_messaging_password.yaml
  87. +11
    -0
      site/aiab/secrets/passphrases/ucp_postgres_admin_password.yaml
  88. +11
    -0
      site/aiab/secrets/passphrases/ucp_promenade_keystone_password.yaml
  89. +11
    -0
      site/aiab/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
  90. +11
    -0
      site/aiab/secrets/passphrases/ucp_shipyard_keystone_password.yaml
  91. +11
    -0
      site/aiab/secrets/passphrases/ucp_shipyard_postgres_password.yaml
  92. +15
    -0
      site/aiab/site-definition.yaml
  93. +50
    -0
      site/aiab/software/charts/kubernetes/container-networking/etcd.yaml
  94. +50
    -0
      site/aiab/software/charts/kubernetes/etcd/etcd.yaml
  95. +24
    -0
      site/aiab/software/charts/osh/openstack-compute-kit/libvirt.yaml
  96. +40
    -0
      site/aiab/software/charts/osh/openstack-compute-kit/neutron.yaml
  97. +27
    -0
      site/aiab/software/charts/osh/openstack-compute-kit/nova.yaml
  98. +24
    -0
      site/aiab/software/charts/osh/openstack-glance/glance.yaml
  99. +21
    -0
      site/aiab/software/charts/osh/openstack-heat/heat.yaml
  100. +29
    -0
      site/aiab/software/charts/ucp/divingbell.yaml

+ 0
- 1
global/software/config/Kubelet.yaml View File

@@ -29,7 +29,6 @@ data:
- --network-plugin=cni
- --node-status-update-frequency=5s
- --max-pods=200
- --pods-per-core=10
- --kube-api-burst=40
- --kube-api-qps=20
- --seccomp-profile-root=SECCOMP_PROFILE_ROOT


+ 41
- 0
site/aiab/deployment/deployment-configuration.yaml View File

@@ -0,0 +1,41 @@
---
# The purpose of this file is to provide shipyard related deployment config
# parameters. This should not require modification for a new site. However,
# shipyard deployment strategies can be very useful in getting around certain
# failures, like misbehaving nodes that hold up the deployment. See more at
# https://opendev.org/airship/shipyard/src/branch/master/doc/source/site-definition-documents.rst#using-a-deployment-strategy
schema: shipyard/DeploymentConfiguration/v1
metadata:
schema: metadata/Document/v1
name: deployment-configuration
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data:
physical_provisioner:
deployment_strategy: deployment-strategy
deploy_interval: 30
deploy_timeout: 3600
destroy_interval: 30
destroy_timeout: 900
join_wait: 0
prepare_node_interval: 30
prepare_node_timeout: 1800
prepare_site_interval: 10
prepare_site_timeout: 300
verify_interval: 10
verify_timeout: 60
kubernetes_provisioner:
drain_timeout: 3600
drain_grace_period: 1800
clear_labels_timeout: 1800
remove_etcd_timeout: 1800
etcd_ready_timeout: 600
armada:
get_releases_timeout: 300
get_status_timeout: 300
manifest: 'full-site-aiab'
post_apply_timeout: 7200
validate_design_timeout: 600
...

+ 24
- 0
site/aiab/deployment/dev-configurables.yaml View File

@@ -0,0 +1,24 @@
---
# These parameters are environment specific, they are
# overridden with scripts during the installation.
schema: dev/Configurables/v1
metadata:
schema: metadata/Document/v1
name: dev-configurables
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext

# This is just an example of configuration parameters.
data:
# Hostname of the node.
hostname: aiab
# IP address for external network.
hostip: 10.0.2.14
# IP address range for external neetwork.
hostcidr: 10.0.2.0/24
# Name of interface.
interface: ens3
# IP address for MaaS VIP address.
maas-ingress: '192.169.1.5/32'

+ 35
- 0
site/aiab/manifests/bootstrap.yaml View File

@@ -0,0 +1,35 @@
---
schema: armada/Manifest/v1
metadata:
schema: metadata/Document/v1
name: cluster-bootstrap-aiab
layeringDefinition:
abstract: false
layer: site
parentSelector:
name: cluster-bootstrap-global
actions:
- method: replace
path: .chart_groups
storagePolicy: cleartext
data:
release_prefix: airship
chart_groups:
- podsecuritypolicy
- kubernetes-proxy
- kubernetes-container-networking
- kubernetes-dns
- kubernetes-etcd
- kubernetes-haproxy
- kubernetes-core
- ingress-kube-system
- osh-infra-nfs-provisioner
- ucp-core
- ucp-keystone
- ucp-divingbell
- ucp-armada
- ucp-deckhand
- ucp-drydock
- ucp-promenade
- ucp-shipyard
...

+ 127
- 0
site/aiab/networks/common-addresses.yaml View File

@@ -0,0 +1,127 @@
---
# The purpose of this file is to define network related paramters that are
# referenced elsewhere in the manifests for this site.
schema: pegleg/CommonAddresses/v1
metadata:
schema: metadata/Document/v1
name: common-addresses
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
substitutions:
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .interface
dest:
path: .calico.ip_autodetection_method
pattern: REPLACEME
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostname
dest:
path: .genesis.hostname
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostip
dest:
path: .genesis.ip
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostip
dest:
path: .bootstrap.ip
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostcidr
dest:
path: .storage.ceph.public_cidr
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostcidr
dest:
path: .storage.ceph.cluster_cidr

data:
calico:
ip_autodetection_method: 'interface=REPLACEME'
etcd:
service_ip: 10.96.232.136

dns:
cluster_domain: cluster.local
service_ip: 10.96.0.10
upstream_servers:
- 8.8.8.8
- 8.8.4.4
- 208.67.222.222
upstream_servers_joined: 8.8.8.8,8.8.4.4,208.67.222.222

genesis:
hostname: REPLACEME
ip: REPLACEME

bootstrap:
ip: REPLACEME

kubernetes:
# K8s API service IP
api_service_ip: 10.96.0.1
# etcd service IP
etcd_service_ip: 10.96.0.2
# k8s pod CIDR (network which pod traffic will traverse)
pod_cidr: 10.97.0.0/16
# k8s service CIDR (network which k8s API traffic will traverse)
service_cidr: 10.96.0.0/16
# misc k8s port settings
apiserver_port: 6443
haproxy_port: 6553
service_node_port_range: 30000-32767

# etcd port settings
etcd:
container_port: 2379
haproxy_port: 2378

proxy:
http: ""
https: ""
no_proxy: []

node_ports:
drydock_api: 30000
maas_api: 30001
maas_proxy: 31800 # hardcoded in MAAS

ntp:
servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org'

# NOTE(eli): this is not needed for Airship in a bottle, this is here
# only to satisfy substitutions in globals.
storage:
ceph:
public_cidr: REPLACEME
cluster_cidr: REPLACEME

# NOTE: This is not used and is needed only to satisfy global substitutions.
ldap:
base_url: 'ldap.example.com'
url: 'ldap://ldap.example.com'
auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
common_name: test
subdomain: test
domain: example

neutron:
tunnel_device: docker0
external_iface: docker0

openvswitch:
external_iface: docker0
...

+ 183
- 0
site/aiab/pki/pki-catalog.yaml View File

@@ -0,0 +1,183 @@
---
# The purpose of this file is to define the PKI certificates for the environment
#
# NOTE: When deploying a new site, this file should not be configured until
# baremetal/nodes.yaml is complete.
#
schema: promenade/PKICatalog/v1
metadata:
schema: metadata/Document/v1
name: cluster-certificates
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
substitutions:
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostname
dest:
path: .certificate_authorities.kubernetes.certificates[1].hosts[0]
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostip
dest:
path: .certificate_authorities.kubernetes.certificates[1].hosts[1]
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostname
dest:
path: .certificate_authorities.kubernetes.certificates[1].common_name
pattern: HOSTNAME
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostname
dest:
path: .certificate_authorities.kubernetes-etcd.certificates[2].hosts[0]
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostip
dest:
path: .certificate_authorities.kubernetes-etcd.certificates[2].hosts[1]
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostname
dest:
path: .certificate_authorities.kubernetes-etcd-peer.certificates[0].hosts[0]
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostip
dest:
path: .certificate_authorities.kubernetes-etcd-peer.certificates[0].hosts[1]
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostname
dest:
path: .certificate_authorities.calico-etcd.certificates[1].hosts[0]
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostip
dest:
path: .certificate_authorities.calico-etcd.certificates[1].hosts[1]
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostname
dest:
path: .certificate_authorities.calico-etcd-peer.certificates[0].hosts[0]
- src:
schema: dev/Configurables/v1
name: dev-configurables
path: .hostip
dest:
path: .certificate_authorities.calico-etcd-peer.certificates[0].hosts[1]

data:
certificate_authorities:
kubernetes:
description: CA for Kubernetes components
certificates:
- document_name: apiserver
description: Service certificate for Kubernetes apiserver
common_name: apiserver
hosts:
- localhost
- 127.0.0.1
- 10.96.0.1
kubernetes_service_names:
- kubernetes.default.svc.cluster.local
- document_name: kubelet-genesis
common_name: system:node:HOSTNAME
hosts:
- REPLACEME_HOST_NAME
- REPLACEME_HOST_IP
groups:
- system:nodes
- document_name: scheduler
description: Service certificate for Kubernetes scheduler
common_name: system:kube-scheduler
- document_name: controller-manager
description: certificate for controller-manager
common_name: system:kube-controller-manager
- document_name: admin
common_name: admin
groups:
- system:masters
- document_name: armada
common_name: armada
groups:
- system:masters
kubernetes-etcd:
description: Certificates for Kubernetes's etcd servers
certificates:
- document_name: apiserver-etcd
description: etcd client certificate for use by Kubernetes apiserver
common_name: apiserver
- document_name: kubernetes-etcd-anchor
description: anchor
common_name: anchor
- document_name: kubernetes-etcd-genesis
common_name: kubernetes-etcd-genesis
hosts:
- REPLACEME_HOST_NAME
- REPLACEME_HOST_IP
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- 10.96.0.2
kubernetes-etcd-peer:
certificates:
- document_name: kubernetes-etcd-genesis-peer
common_name: kubernetes-etcd-genesis-peer
hosts:
- REPLACEME_HOST_NAME
- REPLACEME_HOST_IP
- 127.0.0.1
- localhost
- kubernetes-etcd.kube-system.svc.cluster.local
- 10.96.0.2
calico-etcd:
description: Certificates for Calico etcd client traffic
certificates:
- document_name: calico-etcd-anchor
description: anchor
common_name: anchor
- document_name: calico-etcd
common_name: calico-etcd
hosts:
- REPLACEME_HOST_NAME
- REPLACEME_HOST_IP
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-node
common_name: calcico-node
# End node list
calico-etcd-peer:
description: Certificates for Calico etcd clients
certificates:
# NEWSITE-CHANGEME: This list should be identical to the previous list,
# except that `-peer` has been appended to the document/common names.
- document_name: calico-etcd-peer
common_name: calico-etcd-peer
hosts:
- REPLACEME_HOST_NAME
- REPLACEME_HOST_IP
- 127.0.0.1
- localhost
- 10.96.232.136
- document_name: calico-node-peer
common_name: calcico-node-peer
keypairs:
- name: service-account
description: Service account signing key for use by Kubernetes controller-manager.
...

+ 43
- 0
site/aiab/profiles/genesis.yaml View File

@@ -0,0 +1,43 @@
---
# The purpose of this file is to apply proper labels to Genesis node so the
# proper services are installed and proper configuration applied. This should
# not need to be changed for a new site.
schema: promenade/Genesis/v1
metadata:
schema: metadata/Document/v1
name: genesis-site
layeringDefinition:
abstract: false
layer: site
parentSelector:
name: genesis-global
actions:
- method: merge
path: .
storagePolicy: cleartext
data:
armada:
target_manifest: cluster-bootstrap-aiab
labels:
dynamic:
- beta.kubernetes.io/fluentd-ds-ready=true
- calico-etcd=enabled
- kube-dns=enabled
- kube-ingress=enabled
- kubernetes-apiserver=enabled
- kubernetes-controller-manager=enabled
- kubernetes-etcd=enabled
- kubernetes-scheduler=enabled
- promenade-genesis=enabled
- ucp-control-plane=enabled
- maas-rack=enabled
- maas-region=enabled
- openstack-control-plane=enabled
- openvswitch=enabled
- openstack-l3-agent=enabled
- node-exporter=enabled
- fluentd=enabled
- openstack-control-plane=enabled
- openstack-nova-compute=enabled
- openstack-libvirt=kernel
...

+ 12
- 0
site/aiab/secrets/passphrases/ceph_fsid.yaml View File

@@ -0,0 +1,12 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ceph_fsid
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
# uuidgen
data: d52a9d00-64b9-45f0-b564-08dffe95f847
...

+ 11
- 0
site/aiab/secrets/passphrases/ceph_swift_keystone_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ceph_swift_keystone_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 13
- 0
site/aiab/secrets/passphrases/ipmi_admin_password.yaml View File

@@ -0,0 +1,13 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ipmi_admin_password
layeringDefinition:
abstract: false
layer: site
labels:
name: ipmi-admin-password-site
storagePolicy: cleartext
data: password123
...

+ 12
- 0
site/aiab/secrets/passphrases/maas-region-key.yaml View File

@@ -0,0 +1,12 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: maas-region-key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
# openssl rand -hex 10
data: e12330cfe038735aee32
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_barbican_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_barbican_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_barbican_oslo_messaging_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_barbican_oslo_messaging_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_barbican_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_barbican_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_barbican_rabbitmq_erlang_cookie
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_cinder_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_cinder_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_cinder_oslo_messaging_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_cinder_oslo_messaging_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_cinder_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_cinder_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_cinder_rabbitmq_erlang_cookie
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_glance_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_glance_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_glance_oslo_messaging_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_glance_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_glance_oslo_messaging_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_glance_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_glance_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_glance_rabbitmq_erlang_cookie
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_heat_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_heat_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_heat_oslo_messaging_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_heat_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_heat_oslo_messaging_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_heat_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_heat_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_heat_rabbitmq_erlang_cookie
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_heat_stack_user_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_heat_stack_user_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_heat_trustee_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_heat_trustee_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_horizon_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_horizon_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_elasticsearch_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_infra_grafana_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_grafana_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_grafana_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_grafana_oslo_db_session_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_infra_nagios_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_nagios_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_infra_openstack_exporter_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_openstack_exporter_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_oslo_db_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_oslo_db_exporter_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_infra_prometheus_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_prometheus_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_rgw_s3_admin_access_key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: admin_access_key
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_rgw_s3_admin_secret_key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: admin_secret_key
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_rgw_s3_elasticsearch_access_key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: elastic_access_key
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_infra_rgw_s3_elasticsearch_secret_key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: elastic_secret_key
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_keystone_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_keystone_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_keystone_ldap_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_keystone_ldap_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_keystone_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_keystone_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_keystone_oslo_messaging_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_keystone_oslo_messaging_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_keystone_rabbitmq_erlang_cookie
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_neutron_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_neutron_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_neutron_oslo_messaging_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_neutron_oslo_messaging_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_neutron_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_neutron_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_neutron_rabbitmq_erlang_cookie
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_nova_metadata_proxy_shared_secret
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_nova_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_nova_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_nova_oslo_messaging_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_nova_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_nova_oslo_messaging_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_nova_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_nova_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_nova_rabbitmq_erlang_cookie
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_oslo_cache_secret_key.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_oslo_cache_secret_key
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_oslo_db_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_oslo_db_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_oslo_db_exporter_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_oslo_db_exporter_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_placement_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_placement_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/osh_tempest_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: osh_tempest_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 12
- 0
site/aiab/secrets/passphrases/tenant_ceph_fsid.yaml View File

@@ -0,0 +1,12 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: tenant_ceph_fsid
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
# uuidgen
data: 9e45aa5f-9d75-4fa7-bde5-c99e4a7db7a1
...

+ 11
- 0
site/aiab/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_airflow_oslo_messaging_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/ucp_airflow_postgres_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_airflow_postgres_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/ucp_armada_keystone_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_armada_keystone_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/ucp_barbican_keystone_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_barbican_keystone_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/ucp_barbican_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_barbican_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/ucp_deckhand_keystone_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_deckhand_keystone_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/ucp_deckhand_postgres_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_deckhand_postgres_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/ucp_drydock_keystone_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_drydock_keystone_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/ucp_drydock_postgres_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_drydock_postgres_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/ucp_keystone_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_keystone_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/ucp_keystone_oslo_db_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_keystone_oslo_db_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/ucp_maas_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_maas_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/ucp_maas_postgres_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_maas_postgres_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_openstack_exporter_keystone_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/ucp_oslo_db_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_oslo_db_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/ucp_oslo_messaging_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_oslo_messaging_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/ucp_postgres_admin_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_postgres_admin_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/ucp_promenade_keystone_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_promenade_keystone_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_rabbitmq_erlang_cookie
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/ucp_shipyard_keystone_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_shipyard_keystone_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 11
- 0
site/aiab/secrets/passphrases/ucp_shipyard_postgres_password.yaml View File

@@ -0,0 +1,11 @@
---
schema: deckhand/Passphrase/v1
metadata:
schema: metadata/Document/v1
name: ucp_shipyard_postgres_password
layeringDefinition:
abstract: false
layer: site
storagePolicy: cleartext
data: password123
...

+ 15
- 0
site/aiab/site-definition.yaml View File

@@ -0,0 +1,15 @@
---
# High-level pegleg site definition file
schema: pegleg/SiteDefinition/v1
metadata:
schema: metadata/Document/v1
layeringDefinition:
abstract: false
layer: site
name: aiab
storagePolicy: cleartext
data:
# The type layer this site will delpoy with. Type layer is found in the
# type folder.
site_type: sloop
...

+ 50
- 0
site/aiab/software/charts/kubernetes/container-networking/etcd.yaml View File

@@ -0,0 +1,50 @@
---
# The purpose of this file is to build the list of calico etcd nodes and the
# calico etcd certs for those nodes in the environment.
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-calico-etcd
layeringDefinition:
abstract: false
layer: site
parentSelector:
name: kubernetes-calico-etcd-global
actions:
- method: merge
path: .
storagePolicy: cleartext
substitutions:
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .genesis.hostname
dest:
path: .values.nodes[0].name
- src:
schema: deckhand/Certificate/v1
name: calico-etcd
path: .
dest:
path: .values.nodes[0].tls.client.cert
- src:
schema: deckhand/CertificateKey/v1
name: calico-etcd
path: .
dest:
path: .values.nodes[0].tls.client.key
- src:
schema: deckhand/Certificate/v1
name: calico-etcd-peer
path: .
dest:
path: .values.nodes[0].tls.peer.cert
- src:
schema: deckhand/CertificateKey/v1
name: calico-etcd-peer
path: .
dest:
path: .values.nodes[0].tls.peer.key

data: {}
...

+ 50
- 0
site/aiab/software/charts/kubernetes/etcd/etcd.yaml View File

@@ -0,0 +1,50 @@
---
# The purpose of this file is to build the list of k8s etcd nodes and the
# k8s etcd certs for those nodes in the environment.
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: kubernetes-etcd
layeringDefinition:
abstract: false
layer: site
parentSelector:
name: kubernetes-etcd-global
actions:
- method: merge
path: .
storagePolicy: cleartext
substitutions:
- src:
schema: pegleg/CommonAddresses/v1
name: common-addresses
path: .genesis.hostname
dest:
path: .values.nodes[0].name
- src:
schema: deckhand/Certificate/v1
name: kubernetes-etcd-genesis
path: .
dest:
path: .values.nodes[0].tls.client.cert
- src:
schema: deckhand/CertificateKey/v1
name: kubernetes-etcd-genesis
path: .
dest:
path: .values.nodes[0].tls.client.key
- src:
schema: deckhand/Certificate/v1
name: kubernetes-etcd-genesis-peer
path: .
dest:
path: .values.nodes[0].tls.peer.cert
- src:
schema: deckhand/CertificateKey/v1
name: kubernetes-etcd-genesis-peer
path: .
dest:
path: .values.nodes[0].tls.peer.key

data: {}
...

+ 24
- 0
site/aiab/software/charts/osh/openstack-compute-kit/libvirt.yaml View File

@@ -0,0 +1,24 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: libvirt
replacement: true
layeringDefinition:
abstract: false
layer: site
parentSelector:
name: libvirt-global
component: libvirt
actions:
- method: merge
path: .values
- method: delete
path: .values.ceph_client
storagePolicy: cleartext
data:
values:
conf:
ceph:
enabled: false
...

+ 40
- 0
site/aiab/software/charts/osh/openstack-compute-kit/neutron.yaml View File

@@ -0,0 +1,40 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: neutron
replacement: true
layeringDefinition:
abstract: false
layer: site
parentSelector:
name: neutron-global
actions:
- method: merge
path: .
storagePolicy: cleartext

data:
test:
# Neutron test for virtual Airship in a bottle installation
# usually take much more time to finish than for baremetal one.
timeout: 2700

values:
conf:
neutron:
DEFAULT:
l3_ha: False
max_l3_agents_per_router: 1
dhcp_agents_per_network: 1

plugins:
ml2_conf:
ml2_type_vlan:
network_vlan_ranges: null
openvswitch_agent:
ovs:
bridge_mappings: public:br-ex
linuxbridge_agent:
linux_bridge:
bridge_mappings: public:br-ex

+ 27
- 0
site/aiab/software/charts/osh/openstack-compute-kit/nova.yaml View File

@@ -0,0 +1,27 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: nova
replacement: true
layeringDefinition:
abstract: false
layer: site
parentSelector:
name: nova-type
actions:
- method: merge
path: .values.conf
- method: delete
path: .values.ceph_client
storagePolicy: cleartext
data:
values:
conf:
ceph:
enabled: false
nova:
libvirt:
virt_type: qemu
cpu_mode: host-model
...

+ 24
- 0
site/aiab/software/charts/osh/openstack-glance/glance.yaml View File

@@ -0,0 +1,24 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: glance
replacement: true
layeringDefinition:
abstract: false
layer: site
parentSelector:
name: glance-global
actions:
- method: merge
path: .
storagePolicy: cleartext

data:
values:
pod:
replicas:
api: 1
registry: 1
storage: pvc
...

+ 21
- 0
site/aiab/software/charts/osh/openstack-heat/heat.yaml View File

@@ -0,0 +1,21 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: heat
replacement: true
layeringDefinition:
abstract: false
layer: site
parentSelector:
name: heat-global
actions:
- method: merge
path: .
storagePolicy: cleartext

data:
test:
# Heat test for virtual Airship in a bottle installation
# usually takes much more time to finish than for baremetal one.
timeout: 1200

+ 29
- 0
site/aiab/software/charts/ucp/divingbell.yaml View File

@@ -0,0 +1,29 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: ucp-divingbell
layeringDefinition:
abstract: false
layer: site
parentSelector:
name: ucp-divingbell-global
actions:
- method: merge
path: .
labels:
name: ucp-divingbell-site
storagePolicy: cleartext
data:
values:
manifests:
daemonset_ethtool: false
daemonset_mounts: false
daemonset_uamlite: false
daemonset_sysctl: false
daemonset_limits: false
daemonset_apt: true
daemonset_perm: false
daemonset_exec: true
daemonset_apparmor: false
...

Some files were not shown because too many files changed in this diff

Loading…
Cancel
Save