Add Airship-in-a-Bottle site manifests and scripts
Note: all scripts in tools/deployment/aiab directory have been moved into this repository as is (except a few changes to make them work), they require a heavy refactoring that will be done in separate patch-sets. * Add a virtual single node manifests that are based on a sloop type. * Use NFS provisioner instead of Ceph. * Update tools/openstack to be non-seaworthy specific, use a default region name and auth url. * Make type/sloop/config/common-software-config.yaml to be site specific, to allow to configure custom region_name. * Remove max-pods-per-cpu parameter for kubelet, treasuremap needs to support a diverse set of environments, without constraints on the number of available cores. Max pods configuration parameter is still present and helps to mitigate problems when kubernetes unexpectedly starts a large number of pods. Change-Id: I379a50d810b91b989f039dbb7c691f5ceec0cc67
This commit is contained in:
parent
e04390f042
commit
c88eb575b8
@ -29,7 +29,6 @@ data:
|
||||
- --network-plugin=cni
|
||||
- --node-status-update-frequency=5s
|
||||
- --max-pods=200
|
||||
- --pods-per-core=10
|
||||
- --kube-api-burst=40
|
||||
- --kube-api-qps=20
|
||||
- --seccomp-profile-root=SECCOMP_PROFILE_ROOT
|
||||
|
41
site/aiab/deployment/deployment-configuration.yaml
Normal file
41
site/aiab/deployment/deployment-configuration.yaml
Normal file
@ -0,0 +1,41 @@
|
||||
---
|
||||
# The purpose of this file is to provide shipyard related deployment config
|
||||
# parameters. This should not require modification for a new site. However,
|
||||
# shipyard deployment strategies can be very useful in getting around certain
|
||||
# failures, like misbehaving nodes that hold up the deployment. See more at
|
||||
# https://opendev.org/airship/shipyard/src/branch/master/doc/source/site-definition-documents.rst#using-a-deployment-strategy
|
||||
schema: shipyard/DeploymentConfiguration/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: deployment-configuration
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
physical_provisioner:
|
||||
deployment_strategy: deployment-strategy
|
||||
deploy_interval: 30
|
||||
deploy_timeout: 3600
|
||||
destroy_interval: 30
|
||||
destroy_timeout: 900
|
||||
join_wait: 0
|
||||
prepare_node_interval: 30
|
||||
prepare_node_timeout: 1800
|
||||
prepare_site_interval: 10
|
||||
prepare_site_timeout: 300
|
||||
verify_interval: 10
|
||||
verify_timeout: 60
|
||||
kubernetes_provisioner:
|
||||
drain_timeout: 3600
|
||||
drain_grace_period: 1800
|
||||
clear_labels_timeout: 1800
|
||||
remove_etcd_timeout: 1800
|
||||
etcd_ready_timeout: 600
|
||||
armada:
|
||||
get_releases_timeout: 300
|
||||
get_status_timeout: 300
|
||||
manifest: 'full-site-aiab'
|
||||
post_apply_timeout: 7200
|
||||
validate_design_timeout: 600
|
||||
...
|
24
site/aiab/deployment/dev-configurables.yaml
Normal file
24
site/aiab/deployment/dev-configurables.yaml
Normal file
@ -0,0 +1,24 @@
|
||||
---
|
||||
# These parameters are environment specific, they are
|
||||
# overridden with scripts during the installation.
|
||||
schema: dev/Configurables/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: dev-configurables
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
|
||||
# This is just an example of configuration parameters.
|
||||
data:
|
||||
# Hostname of the node.
|
||||
hostname: aiab
|
||||
# IP address for external network.
|
||||
hostip: 10.0.2.14
|
||||
# IP address range for external neetwork.
|
||||
hostcidr: 10.0.2.0/24
|
||||
# Name of interface.
|
||||
interface: ens3
|
||||
# IP address for MaaS VIP address.
|
||||
maas-ingress: '192.169.1.5/32'
|
35
site/aiab/manifests/bootstrap.yaml
Normal file
35
site/aiab/manifests/bootstrap.yaml
Normal file
@ -0,0 +1,35 @@
|
||||
---
|
||||
schema: armada/Manifest/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: cluster-bootstrap-aiab
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
parentSelector:
|
||||
name: cluster-bootstrap-global
|
||||
actions:
|
||||
- method: replace
|
||||
path: .chart_groups
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
release_prefix: airship
|
||||
chart_groups:
|
||||
- podsecuritypolicy
|
||||
- kubernetes-proxy
|
||||
- kubernetes-container-networking
|
||||
- kubernetes-dns
|
||||
- kubernetes-etcd
|
||||
- kubernetes-haproxy
|
||||
- kubernetes-core
|
||||
- ingress-kube-system
|
||||
- osh-infra-nfs-provisioner
|
||||
- ucp-core
|
||||
- ucp-keystone
|
||||
- ucp-divingbell
|
||||
- ucp-armada
|
||||
- ucp-deckhand
|
||||
- ucp-drydock
|
||||
- ucp-promenade
|
||||
- ucp-shipyard
|
||||
...
|
127
site/aiab/networks/common-addresses.yaml
Normal file
127
site/aiab/networks/common-addresses.yaml
Normal file
@ -0,0 +1,127 @@
|
||||
---
|
||||
# The purpose of this file is to define network related paramters that are
|
||||
# referenced elsewhere in the manifests for this site.
|
||||
schema: pegleg/CommonAddresses/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: common-addresses
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
substitutions:
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .interface
|
||||
dest:
|
||||
path: .calico.ip_autodetection_method
|
||||
pattern: REPLACEME
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostname
|
||||
dest:
|
||||
path: .genesis.hostname
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostip
|
||||
dest:
|
||||
path: .genesis.ip
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostip
|
||||
dest:
|
||||
path: .bootstrap.ip
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostcidr
|
||||
dest:
|
||||
path: .storage.ceph.public_cidr
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostcidr
|
||||
dest:
|
||||
path: .storage.ceph.cluster_cidr
|
||||
|
||||
data:
|
||||
calico:
|
||||
ip_autodetection_method: 'interface=REPLACEME'
|
||||
etcd:
|
||||
service_ip: 10.96.232.136
|
||||
|
||||
dns:
|
||||
cluster_domain: cluster.local
|
||||
service_ip: 10.96.0.10
|
||||
upstream_servers:
|
||||
- 8.8.8.8
|
||||
- 8.8.4.4
|
||||
- 208.67.222.222
|
||||
upstream_servers_joined: 8.8.8.8,8.8.4.4,208.67.222.222
|
||||
|
||||
genesis:
|
||||
hostname: REPLACEME
|
||||
ip: REPLACEME
|
||||
|
||||
bootstrap:
|
||||
ip: REPLACEME
|
||||
|
||||
kubernetes:
|
||||
# K8s API service IP
|
||||
api_service_ip: 10.96.0.1
|
||||
# etcd service IP
|
||||
etcd_service_ip: 10.96.0.2
|
||||
# k8s pod CIDR (network which pod traffic will traverse)
|
||||
pod_cidr: 10.97.0.0/16
|
||||
# k8s service CIDR (network which k8s API traffic will traverse)
|
||||
service_cidr: 10.96.0.0/16
|
||||
# misc k8s port settings
|
||||
apiserver_port: 6443
|
||||
haproxy_port: 6553
|
||||
service_node_port_range: 30000-32767
|
||||
|
||||
# etcd port settings
|
||||
etcd:
|
||||
container_port: 2379
|
||||
haproxy_port: 2378
|
||||
|
||||
proxy:
|
||||
http: ""
|
||||
https: ""
|
||||
no_proxy: []
|
||||
|
||||
node_ports:
|
||||
drydock_api: 30000
|
||||
maas_api: 30001
|
||||
maas_proxy: 31800 # hardcoded in MAAS
|
||||
|
||||
ntp:
|
||||
servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org'
|
||||
|
||||
# NOTE(eli): this is not needed for Airship in a bottle, this is here
|
||||
# only to satisfy substitutions in globals.
|
||||
storage:
|
||||
ceph:
|
||||
public_cidr: REPLACEME
|
||||
cluster_cidr: REPLACEME
|
||||
|
||||
# NOTE: This is not used and is needed only to satisfy global substitutions.
|
||||
ldap:
|
||||
base_url: 'ldap.example.com'
|
||||
url: 'ldap://ldap.example.com'
|
||||
auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
|
||||
common_name: test
|
||||
subdomain: test
|
||||
domain: example
|
||||
|
||||
neutron:
|
||||
tunnel_device: docker0
|
||||
external_iface: docker0
|
||||
|
||||
openvswitch:
|
||||
external_iface: docker0
|
||||
...
|
183
site/aiab/pki/pki-catalog.yaml
Normal file
183
site/aiab/pki/pki-catalog.yaml
Normal file
@ -0,0 +1,183 @@
|
||||
---
|
||||
# The purpose of this file is to define the PKI certificates for the environment
|
||||
#
|
||||
# NOTE: When deploying a new site, this file should not be configured until
|
||||
# baremetal/nodes.yaml is complete.
|
||||
#
|
||||
schema: promenade/PKICatalog/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: cluster-certificates
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
substitutions:
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostname
|
||||
dest:
|
||||
path: .certificate_authorities.kubernetes.certificates[1].hosts[0]
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostip
|
||||
dest:
|
||||
path: .certificate_authorities.kubernetes.certificates[1].hosts[1]
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostname
|
||||
dest:
|
||||
path: .certificate_authorities.kubernetes.certificates[1].common_name
|
||||
pattern: HOSTNAME
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostname
|
||||
dest:
|
||||
path: .certificate_authorities.kubernetes-etcd.certificates[2].hosts[0]
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostip
|
||||
dest:
|
||||
path: .certificate_authorities.kubernetes-etcd.certificates[2].hosts[1]
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostname
|
||||
dest:
|
||||
path: .certificate_authorities.kubernetes-etcd-peer.certificates[0].hosts[0]
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostip
|
||||
dest:
|
||||
path: .certificate_authorities.kubernetes-etcd-peer.certificates[0].hosts[1]
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostname
|
||||
dest:
|
||||
path: .certificate_authorities.calico-etcd.certificates[1].hosts[0]
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostip
|
||||
dest:
|
||||
path: .certificate_authorities.calico-etcd.certificates[1].hosts[1]
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostname
|
||||
dest:
|
||||
path: .certificate_authorities.calico-etcd-peer.certificates[0].hosts[0]
|
||||
- src:
|
||||
schema: dev/Configurables/v1
|
||||
name: dev-configurables
|
||||
path: .hostip
|
||||
dest:
|
||||
path: .certificate_authorities.calico-etcd-peer.certificates[0].hosts[1]
|
||||
|
||||
data:
|
||||
certificate_authorities:
|
||||
kubernetes:
|
||||
description: CA for Kubernetes components
|
||||
certificates:
|
||||
- document_name: apiserver
|
||||
description: Service certificate for Kubernetes apiserver
|
||||
common_name: apiserver
|
||||
hosts:
|
||||
- localhost
|
||||
- 127.0.0.1
|
||||
- 10.96.0.1
|
||||
kubernetes_service_names:
|
||||
- kubernetes.default.svc.cluster.local
|
||||
- document_name: kubelet-genesis
|
||||
common_name: system:node:HOSTNAME
|
||||
hosts:
|
||||
- REPLACEME_HOST_NAME
|
||||
- REPLACEME_HOST_IP
|
||||
groups:
|
||||
- system:nodes
|
||||
- document_name: scheduler
|
||||
description: Service certificate for Kubernetes scheduler
|
||||
common_name: system:kube-scheduler
|
||||
- document_name: controller-manager
|
||||
description: certificate for controller-manager
|
||||
common_name: system:kube-controller-manager
|
||||
- document_name: admin
|
||||
common_name: admin
|
||||
groups:
|
||||
- system:masters
|
||||
- document_name: armada
|
||||
common_name: armada
|
||||
groups:
|
||||
- system:masters
|
||||
kubernetes-etcd:
|
||||
description: Certificates for Kubernetes's etcd servers
|
||||
certificates:
|
||||
- document_name: apiserver-etcd
|
||||
description: etcd client certificate for use by Kubernetes apiserver
|
||||
common_name: apiserver
|
||||
- document_name: kubernetes-etcd-anchor
|
||||
description: anchor
|
||||
common_name: anchor
|
||||
- document_name: kubernetes-etcd-genesis
|
||||
common_name: kubernetes-etcd-genesis
|
||||
hosts:
|
||||
- REPLACEME_HOST_NAME
|
||||
- REPLACEME_HOST_IP
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- kubernetes-etcd.kube-system.svc.cluster.local
|
||||
- 10.96.0.2
|
||||
kubernetes-etcd-peer:
|
||||
certificates:
|
||||
- document_name: kubernetes-etcd-genesis-peer
|
||||
common_name: kubernetes-etcd-genesis-peer
|
||||
hosts:
|
||||
- REPLACEME_HOST_NAME
|
||||
- REPLACEME_HOST_IP
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- kubernetes-etcd.kube-system.svc.cluster.local
|
||||
- 10.96.0.2
|
||||
calico-etcd:
|
||||
description: Certificates for Calico etcd client traffic
|
||||
certificates:
|
||||
- document_name: calico-etcd-anchor
|
||||
description: anchor
|
||||
common_name: anchor
|
||||
- document_name: calico-etcd
|
||||
common_name: calico-etcd
|
||||
hosts:
|
||||
- REPLACEME_HOST_NAME
|
||||
- REPLACEME_HOST_IP
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- 10.96.232.136
|
||||
- document_name: calico-node
|
||||
common_name: calcico-node
|
||||
# End node list
|
||||
calico-etcd-peer:
|
||||
description: Certificates for Calico etcd clients
|
||||
certificates:
|
||||
# NEWSITE-CHANGEME: This list should be identical to the previous list,
|
||||
# except that `-peer` has been appended to the document/common names.
|
||||
- document_name: calico-etcd-peer
|
||||
common_name: calico-etcd-peer
|
||||
hosts:
|
||||
- REPLACEME_HOST_NAME
|
||||
- REPLACEME_HOST_IP
|
||||
- 127.0.0.1
|
||||
- localhost
|
||||
- 10.96.232.136
|
||||
- document_name: calico-node-peer
|
||||
common_name: calcico-node-peer
|
||||
keypairs:
|
||||
- name: service-account
|
||||
description: Service account signing key for use by Kubernetes controller-manager.
|
||||
...
|
43
site/aiab/profiles/genesis.yaml
Normal file
43
site/aiab/profiles/genesis.yaml
Normal file
@ -0,0 +1,43 @@
|
||||
---
|
||||
# The purpose of this file is to apply proper labels to Genesis node so the
|
||||
# proper services are installed and proper configuration applied. This should
|
||||
# not need to be changed for a new site.
|
||||
schema: promenade/Genesis/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: genesis-site
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
parentSelector:
|
||||
name: genesis-global
|
||||
actions:
|
||||
- method: merge
|
||||
path: .
|
||||
storagePolicy: cleartext
|
||||
data:
|
||||
armada:
|
||||
target_manifest: cluster-bootstrap-aiab
|
||||
labels:
|
||||
dynamic:
|
||||
- beta.kubernetes.io/fluentd-ds-ready=true
|
||||
- calico-etcd=enabled
|
||||
- kube-dns=enabled
|
||||
- kube-ingress=enabled
|
||||
- kubernetes-apiserver=enabled
|
||||
- kubernetes-controller-manager=enabled
|
||||
- kubernetes-etcd=enabled
|
||||
- kubernetes-scheduler=enabled
|
||||
- promenade-genesis=enabled
|
||||
- ucp-control-plane=enabled
|
||||
- maas-rack=enabled
|
||||
- maas-region=enabled
|
||||
- openstack-control-plane=enabled
|
||||
- openvswitch=enabled
|
||||
- openstack-l3-agent=enabled
|
||||
- node-exporter=enabled
|
||||
- fluentd=enabled
|
||||
- openstack-control-plane=enabled
|
||||
- openstack-nova-compute=enabled
|
||||
- openstack-libvirt=kernel
|
||||
...
|
12
site/aiab/secrets/passphrases/ceph_fsid.yaml
Normal file
12
site/aiab/secrets/passphrases/ceph_fsid.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ceph_fsid
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
# uuidgen
|
||||
data: d52a9d00-64b9-45f0-b564-08dffe95f847
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ceph_swift_keystone_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
13
site/aiab/secrets/passphrases/ipmi_admin_password.yaml
Normal file
13
site/aiab/secrets/passphrases/ipmi_admin_password.yaml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ipmi_admin_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
labels:
|
||||
name: ipmi-admin-password-site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
12
site/aiab/secrets/passphrases/maas-region-key.yaml
Normal file
12
site/aiab/secrets/passphrases/maas-region-key.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: maas-region-key
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
# openssl rand -hex 10
|
||||
data: e12330cfe038735aee32
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_barbican_oslo_db_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_barbican_oslo_messaging_admin_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_barbican_oslo_messaging_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
11
site/aiab/secrets/passphrases/osh_barbican_password.yaml
Normal file
11
site/aiab/secrets/passphrases/osh_barbican_password.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_barbican_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_barbican_rabbitmq_erlang_cookie
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_cinder_oslo_db_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_cinder_oslo_messaging_admin_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_cinder_oslo_messaging_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
11
site/aiab/secrets/passphrases/osh_cinder_password.yaml
Normal file
11
site/aiab/secrets/passphrases/osh_cinder_password.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_cinder_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_cinder_rabbitmq_erlang_cookie
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_glance_oslo_db_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_glance_oslo_messaging_admin_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_glance_oslo_messaging_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
11
site/aiab/secrets/passphrases/osh_glance_password.yaml
Normal file
11
site/aiab/secrets/passphrases/osh_glance_password.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_glance_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_glance_rabbitmq_erlang_cookie
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
11
site/aiab/secrets/passphrases/osh_heat_oslo_db_password.yaml
Normal file
11
site/aiab/secrets/passphrases/osh_heat_oslo_db_password.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_heat_oslo_db_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_heat_oslo_messaging_admin_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_heat_oslo_messaging_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
11
site/aiab/secrets/passphrases/osh_heat_password.yaml
Normal file
11
site/aiab/secrets/passphrases/osh_heat_password.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_heat_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_heat_rabbitmq_erlang_cookie
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_heat_stack_user_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
11
site/aiab/secrets/passphrases/osh_heat_trustee_password.yaml
Normal file
11
site/aiab/secrets/passphrases/osh_heat_trustee_password.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_heat_trustee_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_horizon_oslo_db_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_infra_elasticsearch_admin_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_infra_grafana_admin_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_infra_grafana_oslo_db_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_infra_grafana_oslo_db_session_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_infra_nagios_admin_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_infra_openstack_exporter_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_infra_oslo_db_admin_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_infra_oslo_db_exporter_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_infra_prometheus_admin_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_infra_rgw_s3_admin_access_key
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: admin_access_key
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_infra_rgw_s3_admin_secret_key
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: admin_secret_key
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_infra_rgw_s3_elasticsearch_access_key
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: elastic_access_key
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_infra_rgw_s3_elasticsearch_secret_key
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: elastic_secret_key
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_keystone_admin_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_keystone_ldap_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_keystone_oslo_db_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_keystone_oslo_messaging_admin_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_keystone_oslo_messaging_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_keystone_rabbitmq_erlang_cookie
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_neutron_oslo_db_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_neutron_oslo_messaging_admin_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_neutron_oslo_messaging_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
11
site/aiab/secrets/passphrases/osh_neutron_password.yaml
Normal file
11
site/aiab/secrets/passphrases/osh_neutron_password.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_neutron_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_neutron_rabbitmq_erlang_cookie
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_nova_metadata_proxy_shared_secret
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
11
site/aiab/secrets/passphrases/osh_nova_oslo_db_password.yaml
Normal file
11
site/aiab/secrets/passphrases/osh_nova_oslo_db_password.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_nova_oslo_db_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_nova_oslo_messaging_admin_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_nova_oslo_messaging_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
11
site/aiab/secrets/passphrases/osh_nova_password.yaml
Normal file
11
site/aiab/secrets/passphrases/osh_nova_password.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_nova_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_nova_rabbitmq_erlang_cookie
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
11
site/aiab/secrets/passphrases/osh_oslo_cache_secret_key.yaml
Normal file
11
site/aiab/secrets/passphrases/osh_oslo_cache_secret_key.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_oslo_cache_secret_key
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_oslo_db_admin_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_oslo_db_exporter_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
11
site/aiab/secrets/passphrases/osh_placement_password.yaml
Normal file
11
site/aiab/secrets/passphrases/osh_placement_password.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_placement_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
11
site/aiab/secrets/passphrases/osh_tempest_password.yaml
Normal file
11
site/aiab/secrets/passphrases/osh_tempest_password.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: osh_tempest_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
12
site/aiab/secrets/passphrases/tenant_ceph_fsid.yaml
Normal file
12
site/aiab/secrets/passphrases/tenant_ceph_fsid.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: tenant_ceph_fsid
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
# uuidgen
|
||||
data: 9e45aa5f-9d75-4fa7-bde5-c99e4a7db7a1
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp_airflow_oslo_messaging_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|
@ -0,0 +1,11 @@
|
||||
---
|
||||
schema: deckhand/Passphrase/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: ucp_airflow_postgres_password
|
||||
layeringDefinition:
|
||||
abstract: false
|
||||
layer: site
|
||||
storagePolicy: cleartext
|
||||
data: password123
|
||||
...
|