From c88eb575b814f0fa41faf0e40b9e13b83757eddd Mon Sep 17 00:00:00 2001 From: Evgeny L Date: Thu, 2 May 2019 23:13:20 +0000 Subject: [PATCH] Add Airship-in-a-Bottle site manifests and scripts Note: all scripts in tools/deployment/aiab directory have been moved into this repository as is (except a few changes to make them work), they require a heavy refactoring that will be done in separate patch-sets. * Add a virtual single node manifests that are based on a sloop type. * Use NFS provisioner instead of Ceph. * Update tools/openstack to be non-seaworthy specific, use a default region name and auth url. * Make type/sloop/config/common-software-config.yaml to be site specific, to allow to configure custom region_name. * Remove max-pods-per-cpu parameter for kubelet, treasuremap needs to support a diverse set of environments, without constraints on the number of available cores. Max pods configuration parameter is still present and helps to mitigate problems when kubernetes unexpectedly starts a large number of pods. Change-Id: I379a50d810b91b989f039dbb7c691f5ceec0cc67 --- global/software/config/Kubelet.yaml | 1 - .../deployment/deployment-configuration.yaml | 41 ++ site/aiab/deployment/dev-configurables.yaml | 24 + site/aiab/manifests/bootstrap.yaml | 35 ++ site/aiab/networks/common-addresses.yaml | 127 +++++ site/aiab/pki/pki-catalog.yaml | 183 +++++++ site/aiab/profiles/genesis.yaml | 43 ++ site/aiab/secrets/passphrases/ceph_fsid.yaml | 12 + .../ceph_swift_keystone_password.yaml | 11 + .../passphrases/ipmi_admin_password.yaml | 13 + .../secrets/passphrases/maas-region-key.yaml | 12 + .../osh_barbican_oslo_db_password.yaml | 11 + ...arbican_oslo_messaging_admin_password.yaml | 11 + .../osh_barbican_oslo_messaging_password.yaml | 11 + .../passphrases/osh_barbican_password.yaml | 11 + .../osh_barbican_rabbitmq_erlang_cookie.yaml | 11 + .../osh_cinder_oslo_db_password.yaml | 11 + ..._cinder_oslo_messaging_admin_password.yaml | 11 + .../osh_cinder_oslo_messaging_password.yaml | 11 + .../passphrases/osh_cinder_password.yaml | 11 + .../osh_cinder_rabbitmq_erlang_cookie.yaml | 11 + .../osh_glance_oslo_db_password.yaml | 11 + ..._glance_oslo_messaging_admin_password.yaml | 11 + .../osh_glance_oslo_messaging_password.yaml | 11 + .../passphrases/osh_glance_password.yaml | 11 + .../osh_glance_rabbitmq_erlang_cookie.yaml | 11 + .../osh_heat_oslo_db_password.yaml | 11 + ...sh_heat_oslo_messaging_admin_password.yaml | 11 + .../osh_heat_oslo_messaging_password.yaml | 11 + .../passphrases/osh_heat_password.yaml | 11 + .../osh_heat_rabbitmq_erlang_cookie.yaml | 11 + .../osh_heat_stack_user_password.yaml | 11 + .../osh_heat_trustee_password.yaml | 11 + .../osh_horizon_oslo_db_password.yaml | 11 + ...sh_infra_elasticsearch_admin_password.yaml | 11 + .../osh_infra_grafana_admin_password.yaml | 11 + .../osh_infra_grafana_oslo_db_password.yaml | 11 + ...nfra_grafana_oslo_db_session_password.yaml | 11 + .../osh_infra_nagios_admin_password.yaml | 11 + ...osh_infra_openstack_exporter_password.yaml | 11 + .../osh_infra_oslo_db_admin_password.yaml | 11 + .../osh_infra_oslo_db_exporter_password.yaml | 11 + .../osh_infra_prometheus_admin_password.yaml | 11 + .../osh_infra_rgw_s3_admin_access_key.yaml | 11 + .../osh_infra_rgw_s3_admin_secret_key.yaml | 11 + ...infra_rgw_s3_elasticsearch_access_key.yaml | 11 + ...infra_rgw_s3_elasticsearch_secret_key.yaml | 11 + .../osh_keystone_admin_password.yaml | 11 + .../osh_keystone_ldap_password.yaml | 11 + .../osh_keystone_oslo_db_password.yaml | 11 + ...eystone_oslo_messaging_admin_password.yaml | 11 + .../osh_keystone_oslo_messaging_password.yaml | 11 + .../osh_keystone_rabbitmq_erlang_cookie.yaml | 11 + .../osh_neutron_oslo_db_password.yaml | 11 + ...neutron_oslo_messaging_admin_password.yaml | 11 + .../osh_neutron_oslo_messaging_password.yaml | 11 + .../passphrases/osh_neutron_password.yaml | 11 + .../osh_neutron_rabbitmq_erlang_cookie.yaml | 11 + ...osh_nova_metadata_proxy_shared_secret.yaml | 11 + .../osh_nova_oslo_db_password.yaml | 11 + ...sh_nova_oslo_messaging_admin_password.yaml | 11 + .../osh_nova_oslo_messaging_password.yaml | 11 + .../passphrases/osh_nova_password.yaml | 11 + .../osh_nova_rabbitmq_erlang_cookie.yaml | 11 + .../osh_oslo_cache_secret_key.yaml | 11 + .../osh_oslo_db_admin_password.yaml | 11 + .../osh_oslo_db_exporter_password.yaml | 11 + .../passphrases/osh_placement_password.yaml | 11 + .../passphrases/osh_tempest_password.yaml | 11 + .../secrets/passphrases/tenant_ceph_fsid.yaml | 12 + .../ucp_airflow_oslo_messaging_password.yaml | 11 + .../ucp_airflow_postgres_password.yaml | 11 + .../ucp_armada_keystone_password.yaml | 11 + .../ucp_barbican_keystone_password.yaml | 11 + .../ucp_barbican_oslo_db_password.yaml | 11 + .../ucp_deckhand_keystone_password.yaml | 11 + .../ucp_deckhand_postgres_password.yaml | 11 + .../ucp_drydock_keystone_password.yaml | 11 + .../ucp_drydock_postgres_password.yaml | 11 + .../ucp_keystone_admin_password.yaml | 11 + .../ucp_keystone_oslo_db_password.yaml | 11 + .../passphrases/ucp_maas_admin_password.yaml | 11 + .../ucp_maas_postgres_password.yaml | 11 + ..._openstack_exporter_keystone_password.yaml | 11 + .../ucp_oslo_db_admin_password.yaml | 11 + .../ucp_oslo_messaging_password.yaml | 11 + .../ucp_postgres_admin_password.yaml | 11 + .../ucp_promenade_keystone_password.yaml | 11 + .../ucp_rabbitmq_erlang_cookie.yaml | 11 + .../ucp_shipyard_keystone_password.yaml | 11 + .../ucp_shipyard_postgres_password.yaml | 11 + site/aiab/site-definition.yaml | 15 + .../kubernetes/container-networking/etcd.yaml | 50 ++ .../software/charts/kubernetes/etcd/etcd.yaml | 50 ++ .../osh/openstack-compute-kit/libvirt.yaml | 24 + .../osh/openstack-compute-kit/neutron.yaml | 40 ++ .../osh/openstack-compute-kit/nova.yaml | 27 + .../charts/osh/openstack-glance/glance.yaml | 24 + .../charts/osh/openstack-heat/heat.yaml | 21 + site/aiab/software/charts/ucp/divingbell.yaml | 29 ++ .../config/common-software-config.yaml | 13 + site/aiab/software/full-site.yaml | 43 ++ .../config/common-software-config.yaml | 4 +- tools/deployment/aiab/common/creds.sh | 56 ++ .../deployment/aiab/common/deploy-airship.sh | 488 ++++++++++++++++++ .../aiab/dev_single_node/README.txt | 31 ++ .../dev_single_node/airship-in-a-bottle.sh | 163 ++++++ .../dev_single_node/test_create_heat_stack.sh | 92 ++++ tools/openstack | 6 +- 109 files changed, 2552 insertions(+), 7 deletions(-) create mode 100644 site/aiab/deployment/deployment-configuration.yaml create mode 100644 site/aiab/deployment/dev-configurables.yaml create mode 100644 site/aiab/manifests/bootstrap.yaml create mode 100644 site/aiab/networks/common-addresses.yaml create mode 100644 site/aiab/pki/pki-catalog.yaml create mode 100644 site/aiab/profiles/genesis.yaml create mode 100644 site/aiab/secrets/passphrases/ceph_fsid.yaml create mode 100644 site/aiab/secrets/passphrases/ceph_swift_keystone_password.yaml create mode 100644 site/aiab/secrets/passphrases/ipmi_admin_password.yaml create mode 100644 site/aiab/secrets/passphrases/maas-region-key.yaml create mode 100644 site/aiab/secrets/passphrases/osh_barbican_oslo_db_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_barbican_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml create mode 100644 site/aiab/secrets/passphrases/osh_cinder_oslo_db_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_cinder_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml create mode 100644 site/aiab/secrets/passphrases/osh_glance_oslo_db_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_glance_oslo_messaging_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_glance_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml create mode 100644 site/aiab/secrets/passphrases/osh_heat_oslo_db_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_heat_oslo_messaging_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_heat_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml create mode 100644 site/aiab/secrets/passphrases/osh_heat_stack_user_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_heat_trustee_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_horizon_oslo_db_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_infra_grafana_admin_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_infra_nagios_admin_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_infra_openstack_exporter_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_infra_prometheus_admin_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml create mode 100644 site/aiab/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml create mode 100644 site/aiab/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml create mode 100644 site/aiab/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml create mode 100644 site/aiab/secrets/passphrases/osh_keystone_admin_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_keystone_ldap_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_keystone_oslo_db_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml create mode 100644 site/aiab/secrets/passphrases/osh_neutron_oslo_db_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_neutron_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml create mode 100644 site/aiab/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml create mode 100644 site/aiab/secrets/passphrases/osh_nova_oslo_db_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_nova_oslo_messaging_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_nova_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml create mode 100644 site/aiab/secrets/passphrases/osh_oslo_cache_secret_key.yaml create mode 100644 site/aiab/secrets/passphrases/osh_oslo_db_admin_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_oslo_db_exporter_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_placement_password.yaml create mode 100644 site/aiab/secrets/passphrases/osh_tempest_password.yaml create mode 100644 site/aiab/secrets/passphrases/tenant_ceph_fsid.yaml create mode 100644 site/aiab/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml create mode 100644 site/aiab/secrets/passphrases/ucp_airflow_postgres_password.yaml create mode 100644 site/aiab/secrets/passphrases/ucp_armada_keystone_password.yaml create mode 100644 site/aiab/secrets/passphrases/ucp_barbican_keystone_password.yaml create mode 100644 site/aiab/secrets/passphrases/ucp_barbican_oslo_db_password.yaml create mode 100644 site/aiab/secrets/passphrases/ucp_deckhand_keystone_password.yaml create mode 100644 site/aiab/secrets/passphrases/ucp_deckhand_postgres_password.yaml create mode 100644 site/aiab/secrets/passphrases/ucp_drydock_keystone_password.yaml create mode 100644 site/aiab/secrets/passphrases/ucp_drydock_postgres_password.yaml create mode 100644 site/aiab/secrets/passphrases/ucp_keystone_admin_password.yaml create mode 100644 site/aiab/secrets/passphrases/ucp_keystone_oslo_db_password.yaml create mode 100644 site/aiab/secrets/passphrases/ucp_maas_admin_password.yaml create mode 100644 site/aiab/secrets/passphrases/ucp_maas_postgres_password.yaml create mode 100644 site/aiab/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml create mode 100644 site/aiab/secrets/passphrases/ucp_oslo_db_admin_password.yaml create mode 100644 site/aiab/secrets/passphrases/ucp_oslo_messaging_password.yaml create mode 100644 site/aiab/secrets/passphrases/ucp_postgres_admin_password.yaml create mode 100644 site/aiab/secrets/passphrases/ucp_promenade_keystone_password.yaml create mode 100644 site/aiab/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml create mode 100644 site/aiab/secrets/passphrases/ucp_shipyard_keystone_password.yaml create mode 100644 site/aiab/secrets/passphrases/ucp_shipyard_postgres_password.yaml create mode 100644 site/aiab/site-definition.yaml create mode 100644 site/aiab/software/charts/kubernetes/container-networking/etcd.yaml create mode 100644 site/aiab/software/charts/kubernetes/etcd/etcd.yaml create mode 100644 site/aiab/software/charts/osh/openstack-compute-kit/libvirt.yaml create mode 100644 site/aiab/software/charts/osh/openstack-compute-kit/neutron.yaml create mode 100644 site/aiab/software/charts/osh/openstack-compute-kit/nova.yaml create mode 100644 site/aiab/software/charts/osh/openstack-glance/glance.yaml create mode 100644 site/aiab/software/charts/osh/openstack-heat/heat.yaml create mode 100644 site/aiab/software/charts/ucp/divingbell.yaml create mode 100644 site/aiab/software/config/common-software-config.yaml create mode 100644 site/aiab/software/full-site.yaml rename {type/sloop => site/airsloop/software}/config/common-software-config.yaml (85%) create mode 100644 tools/deployment/aiab/common/creds.sh create mode 100755 tools/deployment/aiab/common/deploy-airship.sh create mode 100644 tools/deployment/aiab/dev_single_node/README.txt create mode 100755 tools/deployment/aiab/dev_single_node/airship-in-a-bottle.sh create mode 100755 tools/deployment/aiab/dev_single_node/test_create_heat_stack.sh diff --git a/global/software/config/Kubelet.yaml b/global/software/config/Kubelet.yaml index 48e1494b8..3dd35b6f7 100644 --- a/global/software/config/Kubelet.yaml +++ b/global/software/config/Kubelet.yaml @@ -29,7 +29,6 @@ data: - --network-plugin=cni - --node-status-update-frequency=5s - --max-pods=200 - - --pods-per-core=10 - --kube-api-burst=40 - --kube-api-qps=20 - --seccomp-profile-root=SECCOMP_PROFILE_ROOT diff --git a/site/aiab/deployment/deployment-configuration.yaml b/site/aiab/deployment/deployment-configuration.yaml new file mode 100644 index 000000000..d58494512 --- /dev/null +++ b/site/aiab/deployment/deployment-configuration.yaml @@ -0,0 +1,41 @@ +--- +# The purpose of this file is to provide shipyard related deployment config +# parameters. This should not require modification for a new site. However, +# shipyard deployment strategies can be very useful in getting around certain +# failures, like misbehaving nodes that hold up the deployment. See more at +# https://opendev.org/airship/shipyard/src/branch/master/doc/source/site-definition-documents.rst#using-a-deployment-strategy +schema: shipyard/DeploymentConfiguration/v1 +metadata: + schema: metadata/Document/v1 + name: deployment-configuration + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + physical_provisioner: + deployment_strategy: deployment-strategy + deploy_interval: 30 + deploy_timeout: 3600 + destroy_interval: 30 + destroy_timeout: 900 + join_wait: 0 + prepare_node_interval: 30 + prepare_node_timeout: 1800 + prepare_site_interval: 10 + prepare_site_timeout: 300 + verify_interval: 10 + verify_timeout: 60 + kubernetes_provisioner: + drain_timeout: 3600 + drain_grace_period: 1800 + clear_labels_timeout: 1800 + remove_etcd_timeout: 1800 + etcd_ready_timeout: 600 + armada: + get_releases_timeout: 300 + get_status_timeout: 300 + manifest: 'full-site-aiab' + post_apply_timeout: 7200 + validate_design_timeout: 600 +... diff --git a/site/aiab/deployment/dev-configurables.yaml b/site/aiab/deployment/dev-configurables.yaml new file mode 100644 index 000000000..91ecc8c22 --- /dev/null +++ b/site/aiab/deployment/dev-configurables.yaml @@ -0,0 +1,24 @@ +--- +# These parameters are environment specific, they are +# overridden with scripts during the installation. +schema: dev/Configurables/v1 +metadata: + schema: metadata/Document/v1 + name: dev-configurables + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + +# This is just an example of configuration parameters. +data: + # Hostname of the node. + hostname: aiab + # IP address for external network. + hostip: 10.0.2.14 + # IP address range for external neetwork. + hostcidr: 10.0.2.0/24 + # Name of interface. + interface: ens3 + # IP address for MaaS VIP address. + maas-ingress: '192.169.1.5/32' diff --git a/site/aiab/manifests/bootstrap.yaml b/site/aiab/manifests/bootstrap.yaml new file mode 100644 index 000000000..2f9a8f825 --- /dev/null +++ b/site/aiab/manifests/bootstrap.yaml @@ -0,0 +1,35 @@ +--- +schema: armada/Manifest/v1 +metadata: + schema: metadata/Document/v1 + name: cluster-bootstrap-aiab + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: cluster-bootstrap-global + actions: + - method: replace + path: .chart_groups + storagePolicy: cleartext +data: + release_prefix: airship + chart_groups: + - podsecuritypolicy + - kubernetes-proxy + - kubernetes-container-networking + - kubernetes-dns + - kubernetes-etcd + - kubernetes-haproxy + - kubernetes-core + - ingress-kube-system + - osh-infra-nfs-provisioner + - ucp-core + - ucp-keystone + - ucp-divingbell + - ucp-armada + - ucp-deckhand + - ucp-drydock + - ucp-promenade + - ucp-shipyard +... diff --git a/site/aiab/networks/common-addresses.yaml b/site/aiab/networks/common-addresses.yaml new file mode 100644 index 000000000..405614338 --- /dev/null +++ b/site/aiab/networks/common-addresses.yaml @@ -0,0 +1,127 @@ +--- +# The purpose of this file is to define network related paramters that are +# referenced elsewhere in the manifests for this site. +schema: pegleg/CommonAddresses/v1 +metadata: + schema: metadata/Document/v1 + name: common-addresses + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .interface + dest: + path: .calico.ip_autodetection_method + pattern: REPLACEME + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostname + dest: + path: .genesis.hostname + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostip + dest: + path: .genesis.ip + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostip + dest: + path: .bootstrap.ip + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostcidr + dest: + path: .storage.ceph.public_cidr + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostcidr + dest: + path: .storage.ceph.cluster_cidr + +data: + calico: + ip_autodetection_method: 'interface=REPLACEME' + etcd: + service_ip: 10.96.232.136 + + dns: + cluster_domain: cluster.local + service_ip: 10.96.0.10 + upstream_servers: + - 8.8.8.8 + - 8.8.4.4 + - 208.67.222.222 + upstream_servers_joined: 8.8.8.8,8.8.4.4,208.67.222.222 + + genesis: + hostname: REPLACEME + ip: REPLACEME + + bootstrap: + ip: REPLACEME + + kubernetes: + # K8s API service IP + api_service_ip: 10.96.0.1 + # etcd service IP + etcd_service_ip: 10.96.0.2 + # k8s pod CIDR (network which pod traffic will traverse) + pod_cidr: 10.97.0.0/16 + # k8s service CIDR (network which k8s API traffic will traverse) + service_cidr: 10.96.0.0/16 + # misc k8s port settings + apiserver_port: 6443 + haproxy_port: 6553 + service_node_port_range: 30000-32767 + + # etcd port settings + etcd: + container_port: 2379 + haproxy_port: 2378 + + proxy: + http: "" + https: "" + no_proxy: [] + + node_ports: + drydock_api: 30000 + maas_api: 30001 + maas_proxy: 31800 # hardcoded in MAAS + + ntp: + servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org' + + # NOTE(eli): this is not needed for Airship in a bottle, this is here + # only to satisfy substitutions in globals. + storage: + ceph: + public_cidr: REPLACEME + cluster_cidr: REPLACEME + + # NOTE: This is not used and is needed only to satisfy global substitutions. + ldap: + base_url: 'ldap.example.com' + url: 'ldap://ldap.example.com' + auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com + common_name: test + subdomain: test + domain: example + + neutron: + tunnel_device: docker0 + external_iface: docker0 + + openvswitch: + external_iface: docker0 +... diff --git a/site/aiab/pki/pki-catalog.yaml b/site/aiab/pki/pki-catalog.yaml new file mode 100644 index 000000000..053799d78 --- /dev/null +++ b/site/aiab/pki/pki-catalog.yaml @@ -0,0 +1,183 @@ +--- +# The purpose of this file is to define the PKI certificates for the environment +# +# NOTE: When deploying a new site, this file should not be configured until +# baremetal/nodes.yaml is complete. +# +schema: promenade/PKICatalog/v1 +metadata: + schema: metadata/Document/v1 + name: cluster-certificates + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostname + dest: + path: .certificate_authorities.kubernetes.certificates[1].hosts[0] + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostip + dest: + path: .certificate_authorities.kubernetes.certificates[1].hosts[1] + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostname + dest: + path: .certificate_authorities.kubernetes.certificates[1].common_name + pattern: HOSTNAME + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostname + dest: + path: .certificate_authorities.kubernetes-etcd.certificates[2].hosts[0] + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostip + dest: + path: .certificate_authorities.kubernetes-etcd.certificates[2].hosts[1] + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostname + dest: + path: .certificate_authorities.kubernetes-etcd-peer.certificates[0].hosts[0] + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostip + dest: + path: .certificate_authorities.kubernetes-etcd-peer.certificates[0].hosts[1] + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostname + dest: + path: .certificate_authorities.calico-etcd.certificates[1].hosts[0] + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostip + dest: + path: .certificate_authorities.calico-etcd.certificates[1].hosts[1] + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostname + dest: + path: .certificate_authorities.calico-etcd-peer.certificates[0].hosts[0] + - src: + schema: dev/Configurables/v1 + name: dev-configurables + path: .hostip + dest: + path: .certificate_authorities.calico-etcd-peer.certificates[0].hosts[1] + +data: + certificate_authorities: + kubernetes: + description: CA for Kubernetes components + certificates: + - document_name: apiserver + description: Service certificate for Kubernetes apiserver + common_name: apiserver + hosts: + - localhost + - 127.0.0.1 + - 10.96.0.1 + kubernetes_service_names: + - kubernetes.default.svc.cluster.local + - document_name: kubelet-genesis + common_name: system:node:HOSTNAME + hosts: + - REPLACEME_HOST_NAME + - REPLACEME_HOST_IP + groups: + - system:nodes + - document_name: scheduler + description: Service certificate for Kubernetes scheduler + common_name: system:kube-scheduler + - document_name: controller-manager + description: certificate for controller-manager + common_name: system:kube-controller-manager + - document_name: admin + common_name: admin + groups: + - system:masters + - document_name: armada + common_name: armada + groups: + - system:masters + kubernetes-etcd: + description: Certificates for Kubernetes's etcd servers + certificates: + - document_name: apiserver-etcd + description: etcd client certificate for use by Kubernetes apiserver + common_name: apiserver + - document_name: kubernetes-etcd-anchor + description: anchor + common_name: anchor + - document_name: kubernetes-etcd-genesis + common_name: kubernetes-etcd-genesis + hosts: + - REPLACEME_HOST_NAME + - REPLACEME_HOST_IP + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + kubernetes-etcd-peer: + certificates: + - document_name: kubernetes-etcd-genesis-peer + common_name: kubernetes-etcd-genesis-peer + hosts: + - REPLACEME_HOST_NAME + - REPLACEME_HOST_IP + - 127.0.0.1 + - localhost + - kubernetes-etcd.kube-system.svc.cluster.local + - 10.96.0.2 + calico-etcd: + description: Certificates for Calico etcd client traffic + certificates: + - document_name: calico-etcd-anchor + description: anchor + common_name: anchor + - document_name: calico-etcd + common_name: calico-etcd + hosts: + - REPLACEME_HOST_NAME + - REPLACEME_HOST_IP + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-node + common_name: calcico-node + # End node list + calico-etcd-peer: + description: Certificates for Calico etcd clients + certificates: + # NEWSITE-CHANGEME: This list should be identical to the previous list, + # except that `-peer` has been appended to the document/common names. + - document_name: calico-etcd-peer + common_name: calico-etcd-peer + hosts: + - REPLACEME_HOST_NAME + - REPLACEME_HOST_IP + - 127.0.0.1 + - localhost + - 10.96.232.136 + - document_name: calico-node-peer + common_name: calcico-node-peer + keypairs: + - name: service-account + description: Service account signing key for use by Kubernetes controller-manager. +... diff --git a/site/aiab/profiles/genesis.yaml b/site/aiab/profiles/genesis.yaml new file mode 100644 index 000000000..253b48602 --- /dev/null +++ b/site/aiab/profiles/genesis.yaml @@ -0,0 +1,43 @@ +--- +# The purpose of this file is to apply proper labels to Genesis node so the +# proper services are installed and proper configuration applied. This should +# not need to be changed for a new site. +schema: promenade/Genesis/v1 +metadata: + schema: metadata/Document/v1 + name: genesis-site + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: genesis-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + armada: + target_manifest: cluster-bootstrap-aiab + labels: + dynamic: + - beta.kubernetes.io/fluentd-ds-ready=true + - calico-etcd=enabled + - kube-dns=enabled + - kube-ingress=enabled + - kubernetes-apiserver=enabled + - kubernetes-controller-manager=enabled + - kubernetes-etcd=enabled + - kubernetes-scheduler=enabled + - promenade-genesis=enabled + - ucp-control-plane=enabled + - maas-rack=enabled + - maas-region=enabled + - openstack-control-plane=enabled + - openvswitch=enabled + - openstack-l3-agent=enabled + - node-exporter=enabled + - fluentd=enabled + - openstack-control-plane=enabled + - openstack-nova-compute=enabled + - openstack-libvirt=kernel +... diff --git a/site/aiab/secrets/passphrases/ceph_fsid.yaml b/site/aiab/secrets/passphrases/ceph_fsid.yaml new file mode 100644 index 000000000..d3722c607 --- /dev/null +++ b/site/aiab/secrets/passphrases/ceph_fsid.yaml @@ -0,0 +1,12 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ceph_fsid + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +# uuidgen +data: d52a9d00-64b9-45f0-b564-08dffe95f847 +... diff --git a/site/aiab/secrets/passphrases/ceph_swift_keystone_password.yaml b/site/aiab/secrets/passphrases/ceph_swift_keystone_password.yaml new file mode 100644 index 000000000..9a9af1f2c --- /dev/null +++ b/site/aiab/secrets/passphrases/ceph_swift_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ceph_swift_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/ipmi_admin_password.yaml b/site/aiab/secrets/passphrases/ipmi_admin_password.yaml new file mode 100644 index 000000000..6ab430ed8 --- /dev/null +++ b/site/aiab/secrets/passphrases/ipmi_admin_password.yaml @@ -0,0 +1,13 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ipmi_admin_password + layeringDefinition: + abstract: false + layer: site + labels: + name: ipmi-admin-password-site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/maas-region-key.yaml b/site/aiab/secrets/passphrases/maas-region-key.yaml new file mode 100644 index 000000000..b60aba3c9 --- /dev/null +++ b/site/aiab/secrets/passphrases/maas-region-key.yaml @@ -0,0 +1,12 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: maas-region-key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +# openssl rand -hex 10 +data: e12330cfe038735aee32 +... diff --git a/site/aiab/secrets/passphrases/osh_barbican_oslo_db_password.yaml b/site/aiab/secrets/passphrases/osh_barbican_oslo_db_password.yaml new file mode 100644 index 000000000..c5f866c85 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_barbican_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_barbican_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml b/site/aiab/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml new file mode 100644 index 000000000..bb19957a1 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_barbican_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml b/site/aiab/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml new file mode 100644 index 000000000..9bf0217bf --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_barbican_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_barbican_password.yaml b/site/aiab/secrets/passphrases/osh_barbican_password.yaml new file mode 100644 index 000000000..51221924c --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_barbican_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_barbican_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml b/site/aiab/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml new file mode 100644 index 000000000..32f8dae0f --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_barbican_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_cinder_oslo_db_password.yaml b/site/aiab/secrets/passphrases/osh_cinder_oslo_db_password.yaml new file mode 100644 index 000000000..b22f898b6 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_cinder_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_cinder_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml b/site/aiab/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml new file mode 100644 index 000000000..040e65769 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_cinder_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml b/site/aiab/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml new file mode 100644 index 000000000..5d76ba793 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_cinder_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_cinder_password.yaml b/site/aiab/secrets/passphrases/osh_cinder_password.yaml new file mode 100644 index 000000000..26565dbe3 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_cinder_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_cinder_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml b/site/aiab/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml new file mode 100644 index 000000000..b1ac8ffdc --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_cinder_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_glance_oslo_db_password.yaml b/site/aiab/secrets/passphrases/osh_glance_oslo_db_password.yaml new file mode 100644 index 000000000..073906900 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_glance_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_glance_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml b/site/aiab/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml new file mode 100644 index 000000000..57db7521f --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_glance_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_glance_oslo_messaging_password.yaml b/site/aiab/secrets/passphrases/osh_glance_oslo_messaging_password.yaml new file mode 100644 index 000000000..d103c2780 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_glance_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_glance_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_glance_password.yaml b/site/aiab/secrets/passphrases/osh_glance_password.yaml new file mode 100644 index 000000000..93ae0f24b --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_glance_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_glance_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml b/site/aiab/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml new file mode 100644 index 000000000..496fae3f6 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_glance_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_heat_oslo_db_password.yaml b/site/aiab/secrets/passphrases/osh_heat_oslo_db_password.yaml new file mode 100644 index 000000000..3352d4ce9 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_heat_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml b/site/aiab/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml new file mode 100644 index 000000000..074e688f5 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_heat_oslo_messaging_password.yaml b/site/aiab/secrets/passphrases/osh_heat_oslo_messaging_password.yaml new file mode 100644 index 000000000..39f132713 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_heat_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_heat_password.yaml b/site/aiab/secrets/passphrases/osh_heat_password.yaml new file mode 100644 index 000000000..5777ebbf8 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_heat_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml b/site/aiab/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml new file mode 100644 index 000000000..74e2a9906 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_heat_stack_user_password.yaml b/site/aiab/secrets/passphrases/osh_heat_stack_user_password.yaml new file mode 100644 index 000000000..36db28bc2 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_heat_stack_user_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_stack_user_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_heat_trustee_password.yaml b/site/aiab/secrets/passphrases/osh_heat_trustee_password.yaml new file mode 100644 index 000000000..58129ef5d --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_heat_trustee_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_heat_trustee_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_horizon_oslo_db_password.yaml b/site/aiab/secrets/passphrases/osh_horizon_oslo_db_password.yaml new file mode 100644 index 000000000..7c78d4572 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_horizon_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_horizon_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml b/site/aiab/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml new file mode 100644 index 000000000..78c265edc --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_elasticsearch_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_infra_grafana_admin_password.yaml b/site/aiab/secrets/passphrases/osh_infra_grafana_admin_password.yaml new file mode 100644 index 000000000..9232de761 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_infra_grafana_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_grafana_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml b/site/aiab/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml new file mode 100644 index 000000000..6d5f49e5b --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_grafana_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml b/site/aiab/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml new file mode 100644 index 000000000..bd4e57399 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_grafana_oslo_db_session_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_infra_nagios_admin_password.yaml b/site/aiab/secrets/passphrases/osh_infra_nagios_admin_password.yaml new file mode 100644 index 000000000..52dbe16a0 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_infra_nagios_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_nagios_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_infra_openstack_exporter_password.yaml b/site/aiab/secrets/passphrases/osh_infra_openstack_exporter_password.yaml new file mode 100644 index 000000000..64f78e1a4 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_infra_openstack_exporter_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_openstack_exporter_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml b/site/aiab/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml new file mode 100644 index 000000000..9c68e9d5c --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_oslo_db_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml b/site/aiab/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml new file mode 100644 index 000000000..f134f46a9 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_infra_oslo_db_exporter_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_oslo_db_exporter_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_infra_prometheus_admin_password.yaml b/site/aiab/secrets/passphrases/osh_infra_prometheus_admin_password.yaml new file mode 100644 index 000000000..b3df5f659 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_infra_prometheus_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_prometheus_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml b/site/aiab/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml new file mode 100644 index 000000000..9f64719a0 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_infra_rgw_s3_admin_access_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_rgw_s3_admin_access_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: admin_access_key +... diff --git a/site/aiab/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml b/site/aiab/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml new file mode 100644 index 000000000..3e06f913a --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_infra_rgw_s3_admin_secret_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_rgw_s3_admin_secret_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: admin_secret_key +... diff --git a/site/aiab/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml b/site/aiab/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml new file mode 100644 index 000000000..97c7d2312 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_access_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_rgw_s3_elasticsearch_access_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: elastic_access_key +... diff --git a/site/aiab/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml b/site/aiab/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml new file mode 100644 index 000000000..60f0134e0 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_infra_rgw_s3_elasticsearch_secret_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_rgw_s3_elasticsearch_secret_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: elastic_secret_key +... diff --git a/site/aiab/secrets/passphrases/osh_keystone_admin_password.yaml b/site/aiab/secrets/passphrases/osh_keystone_admin_password.yaml new file mode 100644 index 000000000..6c3f44695 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_keystone_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_keystone_ldap_password.yaml b/site/aiab/secrets/passphrases/osh_keystone_ldap_password.yaml new file mode 100644 index 000000000..2edf0f22c --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_keystone_ldap_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_ldap_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_keystone_oslo_db_password.yaml b/site/aiab/secrets/passphrases/osh_keystone_oslo_db_password.yaml new file mode 100644 index 000000000..07b2206ab --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_keystone_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml b/site/aiab/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml new file mode 100644 index 000000000..aec85c07c --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml b/site/aiab/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml new file mode 100644 index 000000000..be716f432 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml b/site/aiab/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml new file mode 100644 index 000000000..ee7e4bd25 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_keystone_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_neutron_oslo_db_password.yaml b/site/aiab/secrets/passphrases/osh_neutron_oslo_db_password.yaml new file mode 100644 index 000000000..4d0b15749 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_neutron_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_neutron_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml b/site/aiab/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml new file mode 100644 index 000000000..4ac42c9b0 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_neutron_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml b/site/aiab/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml new file mode 100644 index 000000000..6be02b9ce --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_neutron_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_neutron_password.yaml b/site/aiab/secrets/passphrases/osh_neutron_password.yaml new file mode 100644 index 000000000..dd0b2b68b --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_neutron_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_neutron_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml b/site/aiab/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml new file mode 100644 index 000000000..9e8ff8deb --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_neutron_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml b/site/aiab/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml new file mode 100644 index 000000000..37d5c627c --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_nova_metadata_proxy_shared_secret.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_metadata_proxy_shared_secret + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_nova_oslo_db_password.yaml b/site/aiab/secrets/passphrases/osh_nova_oslo_db_password.yaml new file mode 100644 index 000000000..2cd60f567 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_nova_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml b/site/aiab/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml new file mode 100644 index 000000000..487bcc57f --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_oslo_messaging_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_nova_oslo_messaging_password.yaml b/site/aiab/secrets/passphrases/osh_nova_oslo_messaging_password.yaml new file mode 100644 index 000000000..13569ba02 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_nova_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_nova_password.yaml b/site/aiab/secrets/passphrases/osh_nova_password.yaml new file mode 100644 index 000000000..4c2223d36 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_nova_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml b/site/aiab/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml new file mode 100644 index 000000000..7a885e683 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_nova_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_oslo_cache_secret_key.yaml b/site/aiab/secrets/passphrases/osh_oslo_cache_secret_key.yaml new file mode 100644 index 000000000..11747a726 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_oslo_cache_secret_key.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_oslo_cache_secret_key + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_oslo_db_admin_password.yaml b/site/aiab/secrets/passphrases/osh_oslo_db_admin_password.yaml new file mode 100644 index 000000000..48df9ee54 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_oslo_db_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_oslo_db_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_oslo_db_exporter_password.yaml b/site/aiab/secrets/passphrases/osh_oslo_db_exporter_password.yaml new file mode 100644 index 000000000..61b4144ad --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_oslo_db_exporter_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_oslo_db_exporter_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_placement_password.yaml b/site/aiab/secrets/passphrases/osh_placement_password.yaml new file mode 100644 index 000000000..c72b59ac0 --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_placement_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_placement_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/osh_tempest_password.yaml b/site/aiab/secrets/passphrases/osh_tempest_password.yaml new file mode 100644 index 000000000..af90ec05b --- /dev/null +++ b/site/aiab/secrets/passphrases/osh_tempest_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: osh_tempest_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/tenant_ceph_fsid.yaml b/site/aiab/secrets/passphrases/tenant_ceph_fsid.yaml new file mode 100644 index 000000000..138e2e7c5 --- /dev/null +++ b/site/aiab/secrets/passphrases/tenant_ceph_fsid.yaml @@ -0,0 +1,12 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: tenant_ceph_fsid + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +# uuidgen +data: 9e45aa5f-9d75-4fa7-bde5-c99e4a7db7a1 +... diff --git a/site/aiab/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml b/site/aiab/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml new file mode 100644 index 000000000..33c4125ef --- /dev/null +++ b/site/aiab/secrets/passphrases/ucp_airflow_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_airflow_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/ucp_airflow_postgres_password.yaml b/site/aiab/secrets/passphrases/ucp_airflow_postgres_password.yaml new file mode 100644 index 000000000..8a1d64884 --- /dev/null +++ b/site/aiab/secrets/passphrases/ucp_airflow_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_airflow_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/ucp_armada_keystone_password.yaml b/site/aiab/secrets/passphrases/ucp_armada_keystone_password.yaml new file mode 100644 index 000000000..866efcce2 --- /dev/null +++ b/site/aiab/secrets/passphrases/ucp_armada_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_armada_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/ucp_barbican_keystone_password.yaml b/site/aiab/secrets/passphrases/ucp_barbican_keystone_password.yaml new file mode 100644 index 000000000..cb2da2244 --- /dev/null +++ b/site/aiab/secrets/passphrases/ucp_barbican_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_barbican_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/ucp_barbican_oslo_db_password.yaml b/site/aiab/secrets/passphrases/ucp_barbican_oslo_db_password.yaml new file mode 100644 index 000000000..95a76ed17 --- /dev/null +++ b/site/aiab/secrets/passphrases/ucp_barbican_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_barbican_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/ucp_deckhand_keystone_password.yaml b/site/aiab/secrets/passphrases/ucp_deckhand_keystone_password.yaml new file mode 100644 index 000000000..5ee27f2a8 --- /dev/null +++ b/site/aiab/secrets/passphrases/ucp_deckhand_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_deckhand_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/ucp_deckhand_postgres_password.yaml b/site/aiab/secrets/passphrases/ucp_deckhand_postgres_password.yaml new file mode 100644 index 000000000..e63319b71 --- /dev/null +++ b/site/aiab/secrets/passphrases/ucp_deckhand_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_deckhand_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/ucp_drydock_keystone_password.yaml b/site/aiab/secrets/passphrases/ucp_drydock_keystone_password.yaml new file mode 100644 index 000000000..b8083b519 --- /dev/null +++ b/site/aiab/secrets/passphrases/ucp_drydock_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_drydock_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/ucp_drydock_postgres_password.yaml b/site/aiab/secrets/passphrases/ucp_drydock_postgres_password.yaml new file mode 100644 index 000000000..2eff5255c --- /dev/null +++ b/site/aiab/secrets/passphrases/ucp_drydock_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_drydock_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/ucp_keystone_admin_password.yaml b/site/aiab/secrets/passphrases/ucp_keystone_admin_password.yaml new file mode 100644 index 000000000..91f74fdc0 --- /dev/null +++ b/site/aiab/secrets/passphrases/ucp_keystone_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_keystone_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/ucp_keystone_oslo_db_password.yaml b/site/aiab/secrets/passphrases/ucp_keystone_oslo_db_password.yaml new file mode 100644 index 000000000..a9cb15317 --- /dev/null +++ b/site/aiab/secrets/passphrases/ucp_keystone_oslo_db_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_keystone_oslo_db_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/ucp_maas_admin_password.yaml b/site/aiab/secrets/passphrases/ucp_maas_admin_password.yaml new file mode 100644 index 000000000..402c1299b --- /dev/null +++ b/site/aiab/secrets/passphrases/ucp_maas_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_maas_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/ucp_maas_postgres_password.yaml b/site/aiab/secrets/passphrases/ucp_maas_postgres_password.yaml new file mode 100644 index 000000000..96ec5745c --- /dev/null +++ b/site/aiab/secrets/passphrases/ucp_maas_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_maas_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml b/site/aiab/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml new file mode 100644 index 000000000..b513af431 --- /dev/null +++ b/site/aiab/secrets/passphrases/ucp_openstack_exporter_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_openstack_exporter_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/ucp_oslo_db_admin_password.yaml b/site/aiab/secrets/passphrases/ucp_oslo_db_admin_password.yaml new file mode 100644 index 000000000..b3c132542 --- /dev/null +++ b/site/aiab/secrets/passphrases/ucp_oslo_db_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_oslo_db_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/ucp_oslo_messaging_password.yaml b/site/aiab/secrets/passphrases/ucp_oslo_messaging_password.yaml new file mode 100644 index 000000000..95d6c0e3c --- /dev/null +++ b/site/aiab/secrets/passphrases/ucp_oslo_messaging_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_oslo_messaging_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/ucp_postgres_admin_password.yaml b/site/aiab/secrets/passphrases/ucp_postgres_admin_password.yaml new file mode 100644 index 000000000..546de05ba --- /dev/null +++ b/site/aiab/secrets/passphrases/ucp_postgres_admin_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_postgres_admin_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/ucp_promenade_keystone_password.yaml b/site/aiab/secrets/passphrases/ucp_promenade_keystone_password.yaml new file mode 100644 index 000000000..ac40d1ec5 --- /dev/null +++ b/site/aiab/secrets/passphrases/ucp_promenade_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_promenade_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml b/site/aiab/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml new file mode 100644 index 000000000..6a2aef93e --- /dev/null +++ b/site/aiab/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_rabbitmq_erlang_cookie + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/ucp_shipyard_keystone_password.yaml b/site/aiab/secrets/passphrases/ucp_shipyard_keystone_password.yaml new file mode 100644 index 000000000..181a52a84 --- /dev/null +++ b/site/aiab/secrets/passphrases/ucp_shipyard_keystone_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_shipyard_keystone_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/secrets/passphrases/ucp_shipyard_postgres_password.yaml b/site/aiab/secrets/passphrases/ucp_shipyard_postgres_password.yaml new file mode 100644 index 000000000..de0eed714 --- /dev/null +++ b/site/aiab/secrets/passphrases/ucp_shipyard_postgres_password.yaml @@ -0,0 +1,11 @@ +--- +schema: deckhand/Passphrase/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_shipyard_postgres_password + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: password123 +... diff --git a/site/aiab/site-definition.yaml b/site/aiab/site-definition.yaml new file mode 100644 index 000000000..3e845e404 --- /dev/null +++ b/site/aiab/site-definition.yaml @@ -0,0 +1,15 @@ +--- +# High-level pegleg site definition file +schema: pegleg/SiteDefinition/v1 +metadata: + schema: metadata/Document/v1 + layeringDefinition: + abstract: false + layer: site + name: aiab + storagePolicy: cleartext +data: + # The type layer this site will delpoy with. Type layer is found in the + # type folder. + site_type: sloop +... diff --git a/site/aiab/software/charts/kubernetes/container-networking/etcd.yaml b/site/aiab/software/charts/kubernetes/container-networking/etcd.yaml new file mode 100644 index 000000000..3c2d6e435 --- /dev/null +++ b/site/aiab/software/charts/kubernetes/container-networking/etcd.yaml @@ -0,0 +1,50 @@ +--- +# The purpose of this file is to build the list of calico etcd nodes and the +# calico etcd certs for those nodes in the environment. +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-calico-etcd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: kubernetes-calico-etcd-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .genesis.hostname + dest: + path: .values.nodes[0].name + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd + path: . + dest: + path: .values.nodes[0].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd + path: . + dest: + path: .values.nodes[0].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: calico-etcd-peer + path: . + dest: + path: .values.nodes[0].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-peer + path: . + dest: + path: .values.nodes[0].tls.peer.key + +data: {} +... diff --git a/site/aiab/software/charts/kubernetes/etcd/etcd.yaml b/site/aiab/software/charts/kubernetes/etcd/etcd.yaml new file mode 100644 index 000000000..e7451bae6 --- /dev/null +++ b/site/aiab/software/charts/kubernetes/etcd/etcd.yaml @@ -0,0 +1,50 @@ +--- +# The purpose of this file is to build the list of k8s etcd nodes and the +# k8s etcd certs for those nodes in the environment. +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-etcd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: kubernetes-etcd-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .genesis.hostname + dest: + path: .values.nodes[0].name + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-genesis + path: . + dest: + path: .values.nodes[0].tls.client.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-genesis + path: . + dest: + path: .values.nodes[0].tls.client.key + - src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-genesis-peer + path: . + dest: + path: .values.nodes[0].tls.peer.cert + - src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-genesis-peer + path: . + dest: + path: .values.nodes[0].tls.peer.key + +data: {} +... diff --git a/site/aiab/software/charts/osh/openstack-compute-kit/libvirt.yaml b/site/aiab/software/charts/osh/openstack-compute-kit/libvirt.yaml new file mode 100644 index 000000000..bba3996c6 --- /dev/null +++ b/site/aiab/software/charts/osh/openstack-compute-kit/libvirt.yaml @@ -0,0 +1,24 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: libvirt + replacement: true + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: libvirt-global + component: libvirt + actions: + - method: merge + path: .values + - method: delete + path: .values.ceph_client + storagePolicy: cleartext +data: + values: + conf: + ceph: + enabled: false +... diff --git a/site/aiab/software/charts/osh/openstack-compute-kit/neutron.yaml b/site/aiab/software/charts/osh/openstack-compute-kit/neutron.yaml new file mode 100644 index 000000000..66f3c4063 --- /dev/null +++ b/site/aiab/software/charts/osh/openstack-compute-kit/neutron.yaml @@ -0,0 +1,40 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: neutron + replacement: true + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: neutron-global + actions: + - method: merge + path: . + storagePolicy: cleartext + +data: + test: + # Neutron test for virtual Airship in a bottle installation + # usually take much more time to finish than for baremetal one. + timeout: 2700 + + values: + conf: + neutron: + DEFAULT: + l3_ha: False + max_l3_agents_per_router: 1 + dhcp_agents_per_network: 1 + + plugins: + ml2_conf: + ml2_type_vlan: + network_vlan_ranges: null + openvswitch_agent: + ovs: + bridge_mappings: public:br-ex + linuxbridge_agent: + linux_bridge: + bridge_mappings: public:br-ex diff --git a/site/aiab/software/charts/osh/openstack-compute-kit/nova.yaml b/site/aiab/software/charts/osh/openstack-compute-kit/nova.yaml new file mode 100644 index 000000000..fa3cfe16e --- /dev/null +++ b/site/aiab/software/charts/osh/openstack-compute-kit/nova.yaml @@ -0,0 +1,27 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: nova + replacement: true + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: nova-type + actions: + - method: merge + path: .values.conf + - method: delete + path: .values.ceph_client + storagePolicy: cleartext +data: + values: + conf: + ceph: + enabled: false + nova: + libvirt: + virt_type: qemu + cpu_mode: host-model +... diff --git a/site/aiab/software/charts/osh/openstack-glance/glance.yaml b/site/aiab/software/charts/osh/openstack-glance/glance.yaml new file mode 100644 index 000000000..14073f112 --- /dev/null +++ b/site/aiab/software/charts/osh/openstack-glance/glance.yaml @@ -0,0 +1,24 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: glance + replacement: true + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: glance-global + actions: + - method: merge + path: . + storagePolicy: cleartext + +data: + values: + pod: + replicas: + api: 1 + registry: 1 + storage: pvc +... diff --git a/site/aiab/software/charts/osh/openstack-heat/heat.yaml b/site/aiab/software/charts/osh/openstack-heat/heat.yaml new file mode 100644 index 000000000..c614aa68a --- /dev/null +++ b/site/aiab/software/charts/osh/openstack-heat/heat.yaml @@ -0,0 +1,21 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: heat + replacement: true + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: heat-global + actions: + - method: merge + path: . + storagePolicy: cleartext + +data: + test: + # Heat test for virtual Airship in a bottle installation + # usually takes much more time to finish than for baremetal one. + timeout: 1200 diff --git a/site/aiab/software/charts/ucp/divingbell.yaml b/site/aiab/software/charts/ucp/divingbell.yaml new file mode 100644 index 000000000..bbf54d69b --- /dev/null +++ b/site/aiab/software/charts/ucp/divingbell.yaml @@ -0,0 +1,29 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-divingbell + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-divingbell-global + actions: + - method: merge + path: . + labels: + name: ucp-divingbell-site + storagePolicy: cleartext +data: + values: + manifests: + daemonset_ethtool: false + daemonset_mounts: false + daemonset_uamlite: false + daemonset_sysctl: false + daemonset_limits: false + daemonset_apt: true + daemonset_perm: false + daemonset_exec: true + daemonset_apparmor: false +... diff --git a/site/aiab/software/config/common-software-config.yaml b/site/aiab/software/config/common-software-config.yaml new file mode 100644 index 000000000..720424c1c --- /dev/null +++ b/site/aiab/software/config/common-software-config.yaml @@ -0,0 +1,13 @@ +--- +schema: pegleg/CommonSoftwareConfig/v1 +metadata: + schema: metadata/Document/v1 + name: common-software-config + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + osh: + region_name: RegionOne +... diff --git a/site/aiab/software/full-site.yaml b/site/aiab/software/full-site.yaml new file mode 100644 index 000000000..f6f0ade7f --- /dev/null +++ b/site/aiab/software/full-site.yaml @@ -0,0 +1,43 @@ +--- +schema: armada/Manifest/v1 +metadata: + schema: metadata/Document/v1 + name: full-site-aiab + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: full-site-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + release_prefix: airship + chart_groups: + - podsecuritypolicy + - kubernetes-proxy + - kubernetes-container-networking + - kubernetes-dns + - kubernetes-etcd + - kubernetes-haproxy + - kubernetes-core + - ingress-kube-system + - osh-infra-nfs-provisioner + - ucp-core + - ucp-keystone + - ucp-divingbell + - ucp-armada + - ucp-deckhand + - ucp-drydock + - ucp-promenade + - ucp-shipyard + - openstack-ingress-controller + - openstack-mariadb + - openstack-memcached + - openstack-keystone + - openstack-glance + - openstack-compute-kit + - openstack-heat + - openstack-horizon +... diff --git a/type/sloop/config/common-software-config.yaml b/site/airsloop/software/config/common-software-config.yaml similarity index 85% rename from type/sloop/config/common-software-config.yaml rename to site/airsloop/software/config/common-software-config.yaml index b0f559132..5a87b97f1 100644 --- a/type/sloop/config/common-software-config.yaml +++ b/site/airsloop/software/config/common-software-config.yaml @@ -5,11 +5,9 @@ schema: pegleg/CommonSoftwareConfig/v1 metadata: schema: metadata/Document/v1 name: common-software-config - labels: - name: common-software-config-type layeringDefinition: abstract: false - layer: type + layer: site storagePolicy: cleartext data: osh: diff --git a/tools/deployment/aiab/common/creds.sh b/tools/deployment/aiab/common/creds.sh new file mode 100644 index 000000000..dc8a4cf08 --- /dev/null +++ b/tools/deployment/aiab/common/creds.sh @@ -0,0 +1,56 @@ +#!/bin/bash +# +# Copyright 2018 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Credentials that can be exported to work with Shipyard. +# To set your environment variables to the values in this script, run using: +# source creds.sh +# + +SHIPYARD_KEYSTONE_PASSWORD=$(awk ' +## format we are looking for: +#schema: deckhand/Passphrase/v1 +#metadata: +# schema: metadata/Document/v1 +# name: ucp_shipyard_keystone_password +# layeringDefinition: +# abstract: false +# layer: site +# storagePolicy: cleartext +#data: password18 + /^schema: deckhand\/Passphrase\/v1/ { + getline + getline + getline + if ($2=="ucp_shipyard_keystone_password") { + getline + getline + getline + getline + getline + print $2 + exit + } + else { + getline + } +}' treasuremap.yaml) + +export OS_USER_DOMAIN_NAME=default +export OS_PROJECT_DOMAIN_NAME=default +export OS_PROJECT_NAME=service +export OS_USERNAME=shipyard +export OS_PASSWORD="${SHIPYARD_KEYSTONE_PASSWORD}" +export OS_AUTH_URL=http://keystone.ucp.svc.cluster.local:80/v3 diff --git a/tools/deployment/aiab/common/deploy-airship.sh b/tools/deployment/aiab/common/deploy-airship.sh new file mode 100755 index 000000000..c5b89b050 --- /dev/null +++ b/tools/deployment/aiab/common/deploy-airship.sh @@ -0,0 +1,488 @@ +#!/bin/bash +# +# Copyright 2018 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +############################################################################### +# # +# Set up and deploy an Airship environment for development/testing purposes. # +# Many of the defaults and sources used here are NOT production ready, and # +# this should not be used as a copy/paste source for any production use. # +# # +############################################################################### + +set -x + +# IMPORTANT: +# If the directory for airship-in-a-bottle is already cloned into $WORKSPACE, +# it will not be re-cloned. This can be used to set up different tests, like +# changing the versions and contents of the design before running this script + +# The last step to run through in this script. Valid Values are "collect", +# "genesis", "deploy", and "demo". By default this will run through to the end +# of the genesis steps +LAST_STEP_NAME=${1:-"genesis"} + +if [[ ${LAST_STEP_NAME} == "collect" ]]; then + STEP_BREAKPOINT=10 +elif [[ ${LAST_STEP_NAME} == "genesis" ]]; then + STEP_BREAKPOINT=20 +elif [[ ${LAST_STEP_NAME} == "deploy" ]]; then + STEP_BREAKPOINT=30 +elif [[ ${LAST_STEP_NAME} == "demo" ]]; then + STEP_BREAKPOINT=40 +else + STEP_BREAKPOINT=20 +fi + +# The directory that will contain the copies of designs and repos from this script +export WORKSPACE=${WORKSPACE:-"/root/deploy"} + +# The site to deploy +TARGET_SITE=${TARGET_SITE:-"aiab"} + +# Setup blank defaults for proxy variables +http_proxy=${http_proxy:-""} +https_proxy=${https_proxy:-""} +no_proxy=${no_proxy:-""} + +# The host name for the single-node deployment. e.g.: 'genesis' +SHORT_HOSTNAME=${SHORT_HOSTNAME:-""} +# The host ip for this single-node deployment. e.g.: '10.0.0.9' +HOSTIP=${HOSTIP:-""} +# The cidr for the network for the host. e.g.: '10.0.0.0/24' +HOSTCIDR=${HOSTCIDR:-""} +# The interface on the host/genesis node. e.g.: 'ens3' +NODE_NET_IFACE=${NODE_NET_IFACE:-""} +# Allowance for Genesis/Armada to settle in seconds: +POST_GENESIS_DELAY=${POST_GENESIS_DELAY:-60} + +# Repositories +AIRSHIP_IN_A_BOTTLE_REPO=${AIRSHIP_IN_A_BOTTLE_REPO:-"https://git.openstack.org/openstack/airship-treasuremap"} +AIRSHIP_IN_A_BOTTLE_REFSPEC=${AIRSHIP_IN_A_BOTTLE_REFSPEC:-""} +PEGLEG_REPO=${PEGLEG_REPO:-"https://git.openstack.org/openstack/airship-pegleg.git"} +PEGLEG_REFSPEC=${PEGLEG_REFSPEC:-""} +SHIPYARD_REPO=${SHIPYARD_REPO:-"https://git.openstack.org/openstack/airship-shipyard.git"} +SHIPYARD_REFSPEC=${SHIPYARD_REFSPEC:-"46875d8ac4c549c557d7c5a0300d2e726ddb4769"} + +# Images +PEGLEG_IMAGE=${PEGLEG_IMAGE:-"quay.io/airshipit/pegleg:cecd24ed38b19f6c05a8d606d045b09639cc6989"} +PROMENADE_IMAGE=${PROMENADE_IMAGE:-"quay.io/airshipit/promenade:9b62a49eae5b29088c1f7899949df38ae91494e2"} + +# Command shortcuts +PEGLEG=${WORKSPACE}/airship-pegleg/tools/pegleg.sh + +function check_preconditions() { + set +x + fail=false + if ! [ $(id -u) = 0 ] ; then + echo "Please execute this script as root!" + fail=true + fi + if [ -z ${HOSTIP} ] ; then + echo "The HOSTIP variable must be set. E.g. 10.0.0.9" + fail=true + fi + if [ -z ${SHORT_HOSTNAME} ] ; then + echo "The SHORT_HOSTNAME variable must be set. E.g. testvm1" + fail=true + fi + if [ -z ${HOSTCIDR} ] ; then + echo "The HOSTCIDR variable must be set. E.g. 10.0.0.0/24" + fail=true + fi + if [ -z ${NODE_NET_IFACE} ] ; then + echo "The NODE_NET_IFACE variable must be set. E.g. ens3" + fail=true + fi + if [[ -z $(grep $SHORT_HOSTNAME /etc/hosts | grep $HOSTIP) ]] + then + echo "No /etc/hosts entry found for $SHORT_HOSTNAME. Please add one." + fail=true + fi + if [ $fail = true ] ; then + echo "Preconditions failed" + exit 1 + fi + set -x +} + +function setup_workspace() { + # Setup workspace directories + mkdir -p ${WORKSPACE}/collected + mkdir -p ${WORKSPACE}/genesis + # Open permissions for output from Promenade + chmod -R 777 ${WORKSPACE}/genesis +} + +function configure_docker() { + if [[ ! -z "${https_proxy}" ]] || [[ ! -z "${http_proxy}" ]] + then + echo "Configuring Docker to use a proxy..." + mkdir -p /etc/systemd/system/docker.service.d/ + cat << EOF > /etc/systemd/system/docker.service.d/http-proxy.conf +[Service] +Environment="HTTP_PROXY=${http_proxy}" +Environment="HTTPS_PROXY=${https_proxy}" +Environment="NO_PROXY=${no_proxy}" +EOF + systemctl daemon-reload + systemctl restart docker + fi +} + +function configure_apt() { + if [[ ! -z "${https_proxy}" ]] || [[ ! -z "${http_proxy}" ]] + then + echo "Configuring apt to use a proxy..." + mkdir -p /etc/apt/ + cat << EOF > /etc/apt/apt.conf +Acquire::http::proxy "${http_proxy}"; +Acquire::https::proxy "${https_proxy}"; +EOF + fi +} + +function get_repo() { + # Setup a repository in the workspace + # + # $1 = name of directory the repo will clone to + # $2 = repository url + # $3 = refspec of repo pull + cd ${WORKSPACE} + if [ ! -d "$1" ] ; then + git clone $2 + if [ -n "$3" ] ; then + cd $1 + git pull $2 $3 + cd .. + fi + fi +} + +function setup_repos() { + # Clone and pull the various git repos + # Get pegleg for the script only. Image is separately referenced. + get_repo airship-pegleg ${PEGLEG_REPO} ${PEGLEG_REFSPEC} + # Get airship-in-a-bottle for the design + get_repo airship-in-a-bottle ${AIRSHIP_IN_A_BOTTLE_REPO} ${AIRSHIP_IN_A_BOTTLE_REFSPEC} + # Get Shipyard for use after genesis + get_repo airship-shipyard ${SHIPYARD_REPO} ${SHIPYARD_REFSPEC} +} + +function configure_dev_configurables() { + cat << EOF >> ${WORKSPACE}/treasuremap/site/${TARGET_SITE}/deployment/dev-configurables.yaml +data: + hostname: ${SHORT_HOSTNAME} + hostip: ${HOSTIP} + hostcidr: ${HOSTCIDR} + interface: ${NODE_NET_IFACE} + maas-ingress: '192.169.1.5/32' +EOF +} + +function install_dependencies() { + apt -qq update + # Install docker + apt -y install --no-install-recommends docker.io jq nmap nfs-common +} + +function run_pegleg_collect() { + # Runs pegleg collect to get the documents combined + IMAGE=${PEGLEG_IMAGE} TERM_OPTS="-i" ${PEGLEG} site -r /workspace/treasuremap collect ${TARGET_SITE} -s /workspace/collected +} + +function generate_certs() { + # Runs the generation of certs by Promenade and builds bootstrap scripts + # Note: In the really real world, CAs and certs would be provided as part of + # the supplied design. In this dev/test environment, self signed is fine. + # Moves the generated certificates from /genesis to the design, so that a + # Lint can be run + set +x + echo "=== Generating updated certificates ===" + set -x + # Copy the collected yamls into the target for the certs + cp "${WORKSPACE}/collected"/*.yaml ${WORKSPACE}/genesis + + docker run --rm -t \ + -e http_proxy=$http_proxy \ + -e https_proxy=$https_proxy \ + -e no_proxy=$no_proxy \ + -w /target \ + -e PROMENADE_DEBUG=false \ + -v ${WORKSPACE}/genesis:/target \ + ${PROMENADE_IMAGE} \ + promenade \ + generate-certs \ + -o /target \ + $(ls ${WORKSPACE}/genesis) + + # Copy the generated certs back into the deployment_files structure + cp ${WORKSPACE}/genesis/certificates.yaml ${WORKSPACE}/treasuremap/site/${TARGET_SITE}/secrets +} + +function lint_design() { + # After the certificates are in the deployment files run a pegleg lint + IMAGE=${PEGLEG_IMAGE} TERM_OPTS="-i" ${PEGLEG} site -r /workspace/treasuremap lint -x P001 ${TARGET_SITE} +} + +function generate_genesis() { + # Generate the genesis scripts + docker run --rm -t \ + -e http_proxy=$http_proxy \ + -e https_proxy=$https_proxy \ + -e no_proxy=$no_proxy \ + -w /target \ + -e PROMENADE_DEBUG=false \ + -v ${WORKSPACE}/genesis:/target \ + ${PROMENADE_IMAGE} \ + promenade \ + build-all \ + -o /target \ + --validators \ + $(ls ${WORKSPACE}/genesis) +} + +function run_genesis() { + # Runs the genesis script that was generated + ${WORKSPACE}/genesis/genesis.sh +} + +function validate_genesis() { + # Vaidates the genesis deployment + ${WORKSPACE}/genesis/validate-genesis.sh +} + +function genesis_complete() { + # Setup kubeconfig + if [ ! -d "$HOME/.kube" ] ; then + mkdir ~/.kube + fi + cp -r /etc/kubernetes/admin/pki ~/.kube/pki + cat /etc/kubernetes/admin/kubeconfig.yaml | sed -e 's/\/etc\/kubernetes\/admin/./' > ~/.kube/config + + set +x + echo "-----------" + echo "Waiting ${POST_GENESIS_DELAY} seconds for Genesis process to settle. This is a good time to grab one more coffee :)" + echo "-----------" + sleep ${POST_GENESIS_DELAY} + echo " " + echo "Genesis complete. " + print_shipyard_info1 + set -x +} + +function print_shipyard_info1() { + SHIPYARD_KEYSTONE_PASS=$(awk '/^data:/ {print $2}' ${WORKSPACE}/treasuremap/site/${TARGET_SITE}/secrets/passphrases/ucp_shipyard_keystone_password.yaml) + set +x + # signals that genesis completed + echo " " + echo "The .yaml files in ${WORKSPACE} contain the site design that may be suitable for use with Shipyard. " + echo "The Shipyard Keystone password ${SHIPYARD_KEYSTONE_PASS} may be found in ${WORKSPACE}/treasuremap/site/${TARGET_SITE}/secrets/passphrases/ucp_shipyard_keystone_password.yaml" + echo " " + set -x +} + +function setup_deploy_site() { + # creates a directory /${WORKSPACE}/site with all the things necessary to run + # deploy_site + mkdir -p ${WORKSPACE}/site + cp ${WORKSPACE}/treasuremap/tools/deployment/aiab/common/creds.sh ${WORKSPACE}/site + cp ${WORKSPACE}/genesis/*.yaml ${WORKSPACE}/site + cp ${WORKSPACE}/airship-shipyard/tools/run_shipyard.sh ${WORKSPACE}/site + cp ${WORKSPACE}/airship-shipyard/tools/shipyard_docker_base_command.sh ${WORKSPACE}/site + cp ${WORKSPACE}/airship-shipyard/tools/execute_shipyard_action.sh ${WORKSPACE}/site + print_shipyard_info2 +} +function print_shipyard_info2() { + set +x + echo " " + echo "${WORKSPACE}/site is set up with creds.sh which can be sourced to set up credentials for use in running Shipyard" + echo "${WORKSPACE}/site contains .yaml files that represent the single-node site deployment. (treasuremap.yaml, certificates.yaml)" + echo " " + echo "----------------------------------------------------------------------------------" + echo "The following commands will execute Shipyard to setup and run a deploy_site action" + echo "----------------------------------------------------------------------------------" + echo "cd ${WORKSPACE}/site" + echo "source creds.sh" + echo "./run_shipyard.sh create configdocs design --filename=/home/shipyard/host/treasuremap.yaml" + echo "./run_shipyard.sh create configdocs secrets --filename=/home/shipyard/host/certificates.yaml --append" + echo "./run_shipyard.sh commit configdocs" + echo "./run_shipyard.sh create action deploy_site" + echo " " + echo "-----------" + echo "Other Notes" + echo "-----------" + echo "If you need to run Armada directly to deploy charts (fix something broken?), the following may be of use:" + echo "export ARMADA_IMAGE=quay.io/airshipit/armada" + echo "docker run -t -v ~/.kube:/armada/.kube -v ${WORKSPACE}/site:/target --net=host \${ARMADA_IMAGE} apply /target/your-yaml.yaml" + echo " " + set -x +} + +function execute_deploy_site() { + set +x + echo " " + echo "This is an automated deployment using Shipyard, running commands noted previously" + echo "Please stand by while Shipyard deploys the site" + echo " " + set -x + #Automate the steps of deploying a site. + cd ${WORKSPACE}/site + source creds.sh + ./run_shipyard.sh create configdocs design --filename=/home/shipyard/host/treasuremap.yaml + ./run_shipyard.sh create configdocs secrets --filename=/home/shipyard/host/certificates.yaml --append + ./run_shipyard.sh commit configdocs + # set variables used in execute_shipyard_action.sh + export max_shipyard_count=${max_shipyard_count:-60} + export shipyard_query_time=${shipyard_query_time:-90} + # monitor the execution of deploy_site + bash execute_shipyard_action.sh 'deploy_site' +} + +function execute_create_heat_stack() { + # TODO: (bryan-strassner) prevent this running unless we're running from a + # compatible site defintion that includes OpenStack + set +x + echo " " + echo "Performing basic sanity checks by creating heat stacks" + echo " " + set -x + # Switch to directory where the script is located + cd ${WORKSPACE}/treasuremap/tools/deployment/aiab/dev_single_node/ + bash test_create_heat_stack.sh +} + +function publish_horizon_dashboard() { + kubectl -n openstack expose service/horizon-int --type=NodePort --name=horizon-dashboard +} + +function print_dashboards() { + AIRFLOW_PORT=$(kubectl -n ucp get service airflow-web-int -o jsonpath="{.spec.ports[0].nodePort}") + HORIZON_PORT=$(kubectl -n openstack get service horizon-dashboard -o jsonpath="{.spec.ports[0].nodePort}") + MAAS_PORT=$(kubectl -n ucp get service maas-region-ui -o jsonpath="{.spec.ports[0].nodePort}") + MASS_PASS=$(awk '/^data:/ {print $2}' ${WORKSPACE}/treasuremap/site/${TARGET_SITE}/secrets/passphrases/ucp_maas_admin_password.yaml) + set +x + echo " " + echo "OpenStack Horizon dashboard is available on this host at the following URL:" + echo " " + echo " http://${HOSTIP}:${HORIZON_PORT}" + echo " " + # TODO: (roman_g) can we source it from somewhere? + echo "Credentials:" + echo " Domain: default" + echo " Username: admin" + echo " Password: password" + echo " " + echo "OpenStack CLI commands could be launched via \`./run_openstack_cli.sh\` script, e.g.:" + echo " # cd ${WORKSPACE}/treasuremap/tools/deployment/aiab/dev_single_node" + echo " # ./run_openstack_cli.sh stack list" + echo " ..." + echo " " + echo "Other dashboards:" + echo " " + echo " MAAS: http://${HOSTIP}:${MAAS_PORT}/MAAS/ admin/${MASS_PASS}" + echo " Airship Shipyard Airflow DAG: http://${HOSTIP}:${AIRFLOW_PORT}/" + echo " " + echo "Airship itself does not have a dashboard." + echo " " + # TODO: (roman_g) endpoints.yaml path below does not seem to be a reliable location + echo "Other endpoints and credentials are listed in the following locations:" + echo " ${WORKSPACE}/type/sloop/config/endpoints.yaml" + echo " ${WORKSPACE}/treasuremap/site/${TARGET_SITE}/secrets/passphrases/" + echo "Exposed ports of services can be listed with the following command:" + echo " # kubectl get services --all-namespaces | grep -v ClusterIP" + echo " ..." + echo " " + set -x +} + +function your_next_steps() { + set +x + echo " " + echo "---------------------------------------------------------------" + echo " " + echo "Airship has completed deployment of OpenStack (OpenStack-Helm)." + echo " " + echo "Explore Airship Treasuremap repository and documentation" + echo "available at the following URLs:" + echo " " + echo " https://opendev.org/airship/treasuremap/" + echo " https://airship-treasuremap.readthedocs.io/" + echo " " + echo "---------------------------------------------------------------" + echo " " + set -x +} + +function clean() { + # Perform any cleanup of temporary or unused artifacts + set +x + echo "To remove files generated during this script's execution, delete ${WORKSPACE}." + echo "This VM is disposable. Re-deployment in this same VM will lead to unpredictable results." + set -x +} + +function error() { + # Processes errors + set +x + echo "Error when $1." + set -x + exit 1 +} + +trap clean EXIT + + +# Common steps for all breakpoints specified +check_preconditions || error "checking for preconditions" +configure_apt || error "configuring apt behind proxy" +setup_workspace || error "setting up workspace directories" +setup_repos || error "setting up Git repos" +configure_dev_configurables || error "adding dev-configurables values" +install_dependencies || error "installing dependencies" +configure_docker || error "configuring docker behind proxy" + +# collect +if [[ ${STEP_BREAKPOINT} -ge 10 ]]; then + echo "This is a good time to grab a coffee :)" + run_pegleg_collect || error "running pegleg collect" +fi + +# genesis +if [[ ${STEP_BREAKPOINT} -ge 20 ]]; then + generate_certs || error "setting up certs with Promenade" + lint_design || error "linting the design" + generate_genesis || error "generating genesis" + run_genesis || error "running genesis" + validate_genesis || error "validating genesis" + genesis_complete || error "printing out some info about next steps" + setup_deploy_site || error "preparing the /site directory for deploy_site" +fi + +# deploy +if [[ ${STEP_BREAKPOINT} -ge 30 ]]; then + execute_deploy_site || error "executing deploy_site from the /site directory" +fi + +# demo +if [[ ${STEP_BREAKPOINT} -ge 40 ]]; then + execute_create_heat_stack || error "creating heat stack" + publish_horizon_dashboard || error "publishing Horizon dashboard" + print_shipyard_info1 + print_shipyard_info2 + print_dashboards || error "printing dashboards list" + ## Done + your_next_steps +fi diff --git a/tools/deployment/aiab/dev_single_node/README.txt b/tools/deployment/aiab/dev_single_node/README.txt new file mode 100644 index 000000000..32ad98e06 --- /dev/null +++ b/tools/deployment/aiab/dev_single_node/README.txt @@ -0,0 +1,31 @@ +# Copyright 2018 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dev_single_node, an Airship Demonstration +========================================= + +Use the airship-in-a-bottle.sh script to automatically deploy a demonstration +version of Airship. It will attempt to detect the required environment settings +and deploy an instance of Airship, including running a demo instance of +OpenStack (using OpenStack Helm), and creating a simple Virtual Machine. + +This demonstration uses the images pinned in the versions file: +./global/software/config/versions.yaml + +By default, files will be downloaded into and built in the /root/deploy +directory of the virtual machine being used to install this demo. + +Note that this process will result in the contents of the VM to be modified +outside of that directory, and the VM should be intended to be discarded after +demo use. diff --git a/tools/deployment/aiab/dev_single_node/airship-in-a-bottle.sh b/tools/deployment/aiab/dev_single_node/airship-in-a-bottle.sh new file mode 100755 index 000000000..9ae68b0cc --- /dev/null +++ b/tools/deployment/aiab/dev_single_node/airship-in-a-bottle.sh @@ -0,0 +1,163 @@ +#!/bin/bash +# +# Copyright 2018 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +############################################################################### +# # +# Set up and deploy an Airship environment for demonstration purposes. # +# Many of the defaults and sources used here are NOT production ready, and # +# this should not be used as a copy/paste source for any production use. # +# # +############################################################################### + +usage () +{ + echo "Usage: $(basename $0) {-y|-h}" 1>&2 + echo " -y don't ask questions, trust autodetection" 1>&2 + echo " -h this help" 1>&2 +} +# See how we were called. +case "$1" in + "" ) ;; + "-y" ) ASSUME_YES=1;; + "-h"|* ) usage; exit 1;; +esac + +echo "" +echo "Welcome to Airship in a Bottle" +echo "" +echo " /--------------------\\" +echo "| \\" +echo "| |---| \\----" +echo "| | x | \\" +echo "| |---| |" +echo "| | /" +echo "| \____|____/ /----" +echo "| /" +echo " \--------------------/" +echo "" +echo "" +echo "A prototype example of deploying the Airship suite on a single VM." +echo "" +sleep 1 +echo "" +echo "This example will run through:" +echo " - Setup" +echo " - Genesis of Airship (Kubernetes)" +echo " - Basic deployment of Openstack (including Nova, Neutron, and Horizon using Openstack Helm)" +echo " - VM creation automation using Heat" +echo "" +echo "The expected runtime of this script is greater than 1 hour" +echo "" +sleep 1 +echo "" +echo "The minimum recommended size of the Ubuntu 16.04 VM is 4 vCPUs, 20GB of RAM with 32GB disk space." +CPU_COUNT=$(grep -c processor /proc/cpuinfo) +RAM_TOTAL=$(awk '/MemTotal/ {print $2}' /proc/meminfo) +# Blindly assume that all storage on this VM is under root FS +DISK_SIZE=$(df --output=source,size / | awk '/dev/ {print $2}') +source /etc/os-release +if [[ $CPU_COUNT -lt 4 || $RAM_TOTAL -lt 20000000 || $DISK_SIZE -lt 30000000 || $NAME != "Ubuntu" || $VERSION_ID != "16.04" ]]; then + echo "Error: minimum VM recommendations are not met. Exiting." + exit 1 +fi +if [[ $(id -u) -ne 0 ]]; then + echo "Please execute this script as root!" + exit 1 +fi +sleep 1 +echo "Let's collect some information about your VM to get started." +sleep 1 + +# IP and Hostname setup +get_local_ip () +{ + ip addr | awk "/inet/ && /${HOST_IFACE}/{sub(/\/.*$/,\"\",\$2); print \$2}" +} +HOST_IFACE=$(ip route | grep "^default" | head -1 | awk '{ print $5 }') +LOCAL_IP=$(get_local_ip) + +if [[ $ASSUME_YES -ne 1 ]]; then + read -p "Is your HOST IFACE $HOST_IFACE? (Y/n) " YN_HI + if [[ ! "$YN_HI" =~ ^([yY]|"")$ ]]; then + read -p "What is your HOST IFACE? " HOST_IFACE + fi + LOCAL_IP=$(get_local_ip) + + read -p "Is your LOCAL IP $LOCAL_IP? (Y/n) " YN_IP + if [[ ! "$YN_IP" =~ ^([yY]|"")$ ]]; then + read -p "What is your LOCAL IP? " LOCAL_IP + fi +fi + +# Shells out to get the hostname for the single-node deployment to avoid some +# config conflicts +set -x +export SHORT_HOSTNAME=$(hostname -s) +set +x + +# Updates the /etc/hosts file +HOSTS="${LOCAL_IP} ${SHORT_HOSTNAME}" +HOSTS_REGEX="${LOCAL_IP}.*${SHORT_HOSTNAME}" +if grep -q "$HOSTS_REGEX" "/etc/hosts"; then + echo "Not updating /etc/hosts, entry ${HOSTS} already exists." +else + echo "Updating /etc/hosts with: ${HOSTS}" + cat << EOF | tee -a /etc/hosts +$HOSTS +EOF +fi + +# x/32 will work for CEPH in a single node deploy. +CIDR="$LOCAL_IP/32" + +# Variable setup +set -x +# The IP address of the genesis node +export HOSTIP=$LOCAL_IP +# The CIDR of the network for the genesis node +export HOSTCIDR=$CIDR +# The network interface on the genesis node +export NODE_NET_IFACE=$HOST_IFACE + +export TARGET_SITE="aiab" +set +x + +# Changes DNS servers in common-addresses.yaml to the system's DNS servers +get_dns_servers () +{ + if hash nmcli 2>/dev/null; then + nmcli dev show | awk '/IP4.DNS/ {print $2}' | xargs + else + cat /etc/resolv.conf | awk '/nameserver/ {print $2}' | xargs + fi +} + +if grep -q "10.96.0.10" "/etc/resolv.conf"; then + echo "Not changing DNS servers, /etc/resolv.conf already updated." +else + DNS_CONFIG_FILE="../../../site/${TARGET_SITE}/networks/common-addresses.yaml" + declare -a DNS_SERVERS=($(get_dns_servers)) + NS1=${DNS_SERVERS[0]:-8.8.8.8} + NS2=${DNS_SERVERS[1]:-$NS1} + echo "Using DNS servers $NS1 and $NS2." + sed -i "s/8.8.8.8/$NS1/" $DNS_CONFIG_FILE + sed -i "s/8.8.4.4/$NS2/" $DNS_CONFIG_FILE +fi + +echo "" +echo "Starting Airship deployment..." +sleep 1 +../common/deploy-airship.sh demo diff --git a/tools/deployment/aiab/dev_single_node/test_create_heat_stack.sh b/tools/deployment/aiab/dev_single_node/test_create_heat_stack.sh new file mode 100755 index 000000000..26512bb6c --- /dev/null +++ b/tools/deployment/aiab/dev_single_node/test_create_heat_stack.sh @@ -0,0 +1,92 @@ +#!/bin/bash +# Copyright 2018 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -e + +# External subnet is local to the environment and generally can be anything +# other then clash with default all-in-one OSH setup that uses 127.24.4.0/24 +export OSH_BR_EX_ADDR="172.24.8.1/24" +export OSH_EXT_SUBNET="172.24.8.0/24" + +# Install curl if it's not already installed +apt -y install --no-install-recommends curl + +cp /root/deploy/treasuremap/tools/openstack /root/deploy/treasuremap/tools/deployment/aiab/dev_single_node + +# Change to the dev_single_node directory +cd /root/deploy/treasuremap/tools/deployment/aiab/dev_single_node + +printf "\nCreating KeyPair\n" +./openstack keypair create heat-vm-key > id_rsa +chmod 600 id_rsa + +printf "Downloading heat-public-net-deployment.yaml\n" +curl -LO https://raw.githubusercontent.com/openstack/openstack-helm/master/tools/gate/files/heat-public-net-deployment.yaml + +printf "Creating public-net Heat Stack\n" +./openstack stack create --wait \ + --parameter subnet_cidr=${OSH_EXT_SUBNET} \ + --parameter subnet_gateway=${OSH_BR_EX_ADDR%/*} \ + -t /target/heat-public-net-deployment.yaml \ + public-net + +printf "Downloading heat-basic-vm-deployment.yaml\n" +curl -LO https://raw.githubusercontent.com/openstack/openstack-helm/master/tools/gate/files/heat-basic-vm-deployment.yaml + +printf "Creating test-stack-01\n" +./openstack stack create -t /target/heat-basic-vm-deployment.yaml test-stack-01 --wait + +printf "Heat Stack List\n" +./openstack stack list + +printf "Nova Server List\n" +./openstack server list + +FLOATING_IP=$(./openstack stack output show \ + test-stack-01 \ + floating_ip \ + -f value -c output_value) + +printf "Configuring required network settings\n" +sudo ip addr add ${OSH_BR_EX_ADDR} dev br-ex +sudo ip link set br-ex up +sudo iptables -P FORWARD ACCEPT +DEFAULT_ROUTE_DEV="$(sudo ip -4 route list 0/0 | awk '{ print $5; exit }')" +sudo iptables -t nat -A POSTROUTING -o ${DEFAULT_ROUTE_DEV} -s ${OSH_EXT_SUBNET} -j MASQUERADE + +function wait_for_ssh_port { + # Default wait timeout is 300 seconds + set +x + end=$(date +%s) + if ! [ -z $2 ]; then + end=$((end + $2)) + else + end=$((end + 300)) + fi + while true; do + # Use Nmap as its the same on Ubuntu and RHEL family distros + nmap -Pn -p22 $1 | awk '$1 ~ /22/ {print $2}' | grep -q 'open' && \ + break || true + sleep 1 + now=$(date +%s) + [ $now -gt $end ] && echo "Could not connect to $1 port 22 in time" && exit -1 + done + set -x +} +wait_for_ssh_port $FLOATING_IP + +install -m 0700 -d ~/.ssh +ssh-keyscan "${FLOATING_IP}" >> ~/.ssh/known_hosts +printf "The test VM is accessible via SSH: ssh -i id_rsa cirros@${FLOATING_IP}\n" diff --git a/tools/openstack b/tools/openstack index 52c9f2ecd..f88491e5f 100755 --- a/tools/openstack +++ b/tools/openstack @@ -11,13 +11,13 @@ OS_CLOUD_CFG=${HOME}/.openstack/clouds.yaml : ${TERM_OPTS:=-it} -: ${OSH_KEYSTONE_URL:='https://identity-sw.atlantafoundry.com/v3'} -: ${OSH_REGION_NAME:='airship-seaworthy'} +: ${OSH_KEYSTONE_URL:='http://keystone.openstack.svc.cluster.local:80/'} +: ${OSH_REGION_NAME:='RegionOne'} : ${OSH_ADMIN_PASSWD:='password123'} if [ ! -f $OS_CLOUD_CFG ]; then echo " => Creating OpenStack client config" - mkdir -p ~/.openstack + mkdir -p $(dirname $OS_CLOUD_CFG) tee $OS_CLOUD_CFG << EOF clouds: openstack_helm: