126 Commits

Author SHA1 Message Date
Zuul
ee9403fb1c Merge "Changes in dex function to work for both target cluster as well as sub-clusters along with few enhancements" 2021-05-22 14:15:35 +00:00
Zuul
6026c86e4d Merge "Updates vm-infra-bridge iptables vlan" 2021-05-21 18:11:06 +00:00
Zuul
21a00b96e6 Merge "Fix incorrect reference-airship-core type refs" 2021-05-21 14:20:33 +00:00
Egler, Jess (je808k)
6f6a7d46dc Updates vm-infra-bridge iptables vlan
This change corrects the vm-infra-bridge creation script to set
the iptable rule for masquerade to use the host oam vlan and
updates the vlans to match the multi-tenant site configuration.

Change-Id: If288ed63628658f4e461f512f853b384f0eaeba4
2021-05-20 21:08:29 +00:00
Frank Ritchie
e7130f4301 Updates for Rook 1.6.2 and Ceph 15.2.11
This PS is to update the Rook yaml files for version v1.6.2. Additionally, the version of Ceph is upgraded to v15.2.11 and Ceph-CSI is upgraded to v3.3.1.

v1.6 provides a few features the storage team wants:

* The operator supports upgrading multiple OSDs in parallel
* LVM no longer used to provision OSDs by default
* Monitor failover can be disabled if needed
* Operator support for Ceph Pacific (v16)
* Ceph 15.2.11 by default
* CephClient CRD standardized to controller-runtime library (kubebuilder)

https://github.com/kubernetes-sigs/controller-runtime

* Pod Disruption Budgets enabled by default.

https://github.com/rook/rook/blob/master/design/ceph/ceph-managed-disruptionbudgets.md

More notes:

* There are many indentation changes in common.yaml
* There is now a variable in operator.yaml for enabling host networking for the CSI pods. Default is to use host network.

* CSI image updates:

ROOK_CSI_CEPH_IMAGE: "quay.io/cephcsi/cephcsi:v3.3.1"
ROOK_CSI_SNAPSHOTTER_IMAGE: "k8s.gcr.io/sig-storage/csi-snapshotter:v4.0.0"

* There is a very large update to crds.yaml largely due to the controller-runtime being employed.

* Ceph 15.2.11 needed for CVE-2021-20288

Change-Id: I5cf0cf63bfcf4b0ea1d242d6eae2f53adda7be5e
2021-05-20 17:58:01 +00:00
sa069q
f0aa07c82f Changes in dex function to work for both target cluster as well as sub-clusters along with few enhancements
Depends-On: https://review.opendev.org/c/airship/airshipctl/+/792316

Change-Id: I13f97faec5523b6ae86cd0a578d4b76c8c1344a2
2021-05-20 22:38:15 +05:30
Alexey Odinokov
2946a13806 Adding a place for external secrets to be stored on site level
1. Reflecting changes done in [1] to treasuremap.
2. Changing airshipctl ref to [1]
3. Making static validation work, since it was merged before [1]
4. Adding dex.ldap.bind_password to imported secrets
5. Adding dex.oidc.clientSecret to generated secrets
6. Due to the added new site - increasing the validation timeout
7. Adding replacement for [2]

[1]
https://review.opendev.org/c/airship/airshipctl/+/786286

[2]
https://review.opendev.org/c/airship/treasuremap/+/788991

Relates-To: #128
Change-Id: I473ace3d7aae85ebe76b73253108c6f1b6ca6e95
2021-05-20 05:34:19 +00:00
Drew Walters
a84f980a21 Fix incorrect reference-airship-core type refs
Some phase entrypoints were missing in the multi-tenant type when the
baremetal reference-multi-tenant-site was created. When the multi-tenant
type was disassociated from the airship-core type [0], those entrypoints
were created and added to all virtual sites; however, the reference
multi-tenant site was not updated. This change fixes those references in
the reference-multi-tenant site.

[0] https://review.opendev.org/c/airship/treasuremap/+/786888

Signed-off-by: Drew Walters <andrew.walters@att.com>
Change-Id: Icc346615a1a6de9cfd4a93e9b8a89a4cd0a640e0
2021-05-20 05:28:11 +00:00
Drew Walters
1534abf6ad Remove multi-tenant type inheritance
This commit removes the relationship between the multi-tenant and
airship-core types. Since the airship-core type deploys LMA, adding an
LMA sub-cluster to the multi-tenant type would result in deployment of
the LMA stack twice if the inheritance is not removed.

Closes: #116

Signed-off-by: Drew Walters <andrew.walters@att.com>
Change-Id: Ie7dd236af3836d904e41df866e0c2351b7cb0558
2021-05-18 20:54:48 +00:00
Manoj Alva(ma257n)
64bc219f9a Support for vm-infra-bridge
- Added vm-infra-bridge/workers-capm3 function
  for supporting kubeadmConfigTemplate

- Added k8scontrol-vm-bridge   function dir
  to house vm-infra-bridge (controlplane)

- Added a new VariableCatalogue to support
  vm networking in multi-tenant/shared.

- Added a new systemd service vm-infra-bridge to
  handle persistence of bridge and NATing info.

Relates-To: #122
Closes: #122
Change-Id: I5585b05be9e68976e402d025ddc8578870c137f1
2021-05-18 09:07:09 +00:00
Zuul
2b498c5716 Merge "[ceph] Add support to create storageclasses" 2021-05-17 18:37:11 +00:00
Zuul
20a013f9df Merge "Treasuremap - Dex, API server & LDAP integration" 2021-05-17 16:45:05 +00:00
Chinasubbareddy Mallavarapu
862dfd6e74 [ceph] Add support to create storageclasses
This is to  add support for creating storageclasses for pv/pvc.
  - block-storage-sc
  - cephfs-storage-sc

Change-Id: I30471d8d6515a22bcf7c9628c804e6c72191be7a
2021-05-17 14:02:18 +00:00
siraj.yasin
2d035c8e3c Fix for Zuul gate with test-site deployment
* cephcluster fails to bring up 3 mons with 2 nodes
* reducing the mon count to 1 for test-site
Error: "start 3 mons on 2 node(s) when allowMultiplePerNode is false"

Change-Id: I140252692c10307eb40f68d5fd18cafeb696cfa2
2021-05-14 14:49:21 +00:00
Zuul
e0a44391f2 Merge "Add reference multi-tenant site" 2021-05-12 18:20:43 +00:00
Shiba, Sidney
aefb4cba22 Treasuremap - Dex, API server & LDAP integration
This patchset integrates the ControlPlane's API server, Dex and LDAP IdP.

The "oidc-apiserver-flags.json" JSON patch file is tailored to the
baremetal operator. It also uses a FQDN for "dex-aio" service that is
not resolvable by the DNS.

This patchset depends on https://review.opendev.org/c/airship/charts/+/785540
which is used to deploy Dex using the function dex-aio. See
treasuremap/manifest/function/dex-aio for implementation details.

Change-Id: I263a5370e6416a7ef7e2813ff362622f49ca4a3c
2021-05-12 14:48:48 +00:00
Drew Walters
39e624fdfb Add reference multi-tenant site
This change adds a reference site for the multi-tenant type, adapted
from the airship-core reference site.

Signed-off-by: Drew Walters <andrew.walters@att.com>
Change-Id: I7e1518f6fc960ba49d40af79e4bb052251ce749a
2021-05-11 20:46:59 +00:00
Arijit Bose
19d7fb11ef multi-tenant: update based on stl3 deployment
Change-Id: I1d0ca2d6613f5065187c8fcb387d23d75046e7b3
2021-05-11 11:43:19 -05:00
Zuul
39df8d69ff Merge "Add LMA sub-cluster" 2021-05-11 15:28:58 +00:00
Zuul
cd8ac4924f Merge "Add target infra phases to sub-cluster type" 2021-05-11 00:09:20 +00:00
Andrii Ostapenko
65900053f9 Switch to StorageCatalogue and delete deprecated cleanup patches
Change-Id: Icaa9bc2dfef2e52839421dbe2d9888d6ff779440
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
2021-05-07 17:19:28 +00:00
Drew Walters
74b505bcad Add LMA sub-cluster
Signed-off-by: Drew Walters <andrew.walters@att.com>
Change-Id: Iaab08092894c74447fc27a8cc29d81b94eccd89e
2021-05-06 19:44:03 +00:00
Drew Walters
35906afbc1 Add target infra phases to sub-cluster type
The current sub-cluster type implementation does not include any phases
to deliver the SIPCluster CR or the machine templates required for
provisioning a sub-cluster. This change adds the phases to the
sub-cluster type so they can be reused across sub-clusters.

Change-Id: I708cd087749474c2d73b8dca0318b09e86dca0c1
2021-05-06 19:43:25 +00:00
Drew Walters
a9ce7514b0 Add stl3 storage configuration
This change adds a basic storage configuration for the stl3 lab for
testing purposes.

Signed-off-by: Drew Walters <andrew.walters@att.com>
Change-Id: I8d16def2acb0df6aa0dc4302f22d99a7c7cbdbda
2021-05-06 18:15:28 +00:00
James Gu
4c96948815 Added missing NEWSITE_CHANGEME and instructions
Additionally edited a few instructions of some existing NEWSUTE tag

Signed-off-by: James Gu <james.gu@att.com>
Change-Id: I6776f5e36ec16f307256362f8aa3720b6399246f
2021-05-06 18:15:28 +00:00
Sreejith Punnapuzha
5d59540488 Remove hwcc from types
This commit removed hwcc from treasuremap v2.0 branch

Signed-off-by: Sreejith Punnapuzha <Sreejith.Punnapuzha@outlook.com>
Change-Id: I18373fd46ed55a090fc76c8f0625517a3e921ca1
2021-05-06 18:15:28 +00:00
Arijit Bose
eccd1aaa96 Sample airship-core type site manifests
Change-Id: Id4b54348082191baae97af63d0dca3c14d6f0a1a
2021-05-06 18:15:28 +00:00
Andrii Ostapenko
d485dcc9c8 Add CriticalAddonsOnly toleration for rook-ceph-operator
rook-ceph-operator is being deployed during initinfra-target and needs
to be scheduled on tainted node-role.kubernetes.io/master node.

Change-Id: I648a60f06cd615085ffd19bb6c1b5cebb974ef0f
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
2021-05-06 15:23:55 +00:00
Zuul
6dc74ed576 Merge "Add Phases for deploying network policy" 2021-05-05 16:34:27 +00:00
Andrii Ostapenko
9a797a0d70 Fix catalogue layout for rook-ceph-tools and ceph-versions replacement
Change-Id: Ie40ff1e5ab7c2436a4688a022a4769d69690080d
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
2021-05-03 19:58:10 +00:00
Ratnopam Chakrabarti
8a7f428c5b Add Phases for deploying network policy
This PatchSet adds phases and executor definitions for managing calico v3 network policies
using airshipctl phase run command.

Closes: #119
Change-Id: I7942548720c4b8037b7b0c2de348fe45df73b8f7
2021-04-30 18:25:12 +00:00
SIGUNOV, VLADIMIR (vs422h)
fd3f0d747a Rook-ceph cluster deployment
* Type catalog should contain only core services related to
  the deployment of the ceph cluster (monitors, osds, mgrs, etc)
* Manifests to create pools, dashboards, cephfs - are moved to
  the function catalog.
* Code related to the OpenStack deployment is removed
* Dashboard is disabled by default, ingress controller is removed
* Rook-operator version is upgraded to 1.5.9 to prevent incompatibility
  with pool quota settings
* Fixed a minor bug in the site-level catalogue storage definition
  and in the replacement function
* Added cleanup manifest for StorageCatalogue
* Added airshipctl phase to deploy rook-operator
* Implementation of the rook-ceph operator has been changed
* Added the configuration for the csi driver images
* Added overrides for ceph.conf
* Added configuration for rook-operator and ceph images

* Merge conflict resolution

* Code standartization

* Rename rook-ceph-crds -> rook-operator

Relates-to: [WIP] Expects to deliver Rook/Ceph via 2 phases
Relates-to: #30

Change-Id: I7ec7f756e742db1595143c2dfc6751b16fb25efb
2021-04-30 14:47:15 +00:00
Zuul
8df65e5109 Merge "Fix versions-treasuremap base catalogue" 2021-04-28 19:06:42 +00:00
Zuul
fddf27242e Merge "Add fieldrefs for ViNO image" 2021-04-27 19:17:21 +00:00
Matthew Fuller
2af3485655 Fix versions-treasuremap base catalogue
Converts the base versions-treasuremap catalogue back to a
VersionsCatalogue CR and ensures it conforms to the defined
CRD schema. Updates the airshipctl reference to pull in schema
changes made in the airshipctl repo[0].

Also adds replacements for the following functions:
- dex-aio
- rook-operator

[0] https://review.opendev.org/c/airship/airshipctl/+/784620

Closes: #112
Change-Id: Ia755f07f6dc8a9344f0ed640a0f758af9d5368e8
2021-04-27 00:26:02 +00:00
Zuul
80d0fdced7 Merge "Fix for VRRP preKubeadmcommand list concatenating to a single line" 2021-04-26 15:01:31 +00:00
Ian Howell
76cf9e1a83 Deliver ViNo CR in multi-tenant type Airship Phase
This adds a new target cluster workload phase for deploying a ViNo CR to
the multi-tenant site type delivery.

Closes: #106

Change-Id: I62ab83e7a027f1daba2948159b72a4b23e5f347c
2021-04-23 13:36:31 -05:00
Alexey Odinokov
e3caf14b0d Switching to the approach with cleanup by selector
Changes to reflect [1] in treasuremap
Fixed issue in /tools/deployment/35_deploy_worker_node.sh
Aligned the tag of replacement pluging everywhere

[1]
https://review.opendev.org/c/airship/airshipctl/+/779829

Relates-To: #125
Change-Id: I24e3228e73714a14d42f28743b20f89d860f950e
2021-04-21 16:38:23 +00:00
Manoj Alva(ma257n)
e9c0a672d0 Fix for VRRP preKubeadmcommand list concatenating to a single line
The following construct in #94 fix using patchesJsonMerge
- op: add
  path:  "/spec/kubeadmConfigSpec/preKubeadmCommands/-"
  value:
      apt-get update && apt-get install -y bridge-utils keepalived ipset ipvsadm
      systemctl enable --now keepalived

This leads to the prekubeadmcommand listed as a single line.

This PS fixes this issue. Also airshipctl #10 needs all system
updates/intall to be moved to Imagebuilder.

Closes: #212
Change-Id: I624de71d2009178670291dc82bd55824ce59e18d
2021-04-21 15:26:27 +00:00
Snehal
9369ac1fd0 Add fieldrefs for ViNO image
Closes: #123
Co-authored-by: digambarpatil15@yahoo.co.in
Change-Id: I99cbaa311e04b89f30e2efb27e1b0767dcb8c6e2
2021-04-21 14:47:58 +00:00
Ratnopam Chakrabarti
aedecd4495 Add Subcluster Networking Catalogue
This PS introduces a subcluster networking catalogue and combines all subcluster related networking
in one place so that it can be managed centrally.

A site level patch uses replacement rules defined at type/multi-tenant level to take data out of subcluster-networking catalogue
and inject into networking catalogue.

Relates-To: #103
Closes: #103

Change-Id: I732937a4b68ccb0d290356bed8dbbeae838bae79
2021-04-19 18:39:02 +00:00
Zuul
0f0c7cc4e6 Merge "Update replacements for hcc and airship-host-config" into v2 2021-04-16 16:48:37 +00:00
Battina, Sai (sb464f)
eb76ab4afc Update replacements for hcc and airship-host-config
Change-Id: I61b02f416b7300ed1afcb2e021bc45bd1398a2d4
2021-04-16 08:25:50 -05:00
Zuul
91c22ce9fd Merge "Update templater and replacement-transformer tags" into v2 2021-04-15 14:56:01 +00:00
Drew Walters
49d29207bd Update templater and replacement-transformer tags
This change updates the version of the replacement-transformer and
templater images to v2, the same version used in the airshipctl
repository. Breaking changes have been introduced to the latest versions
of the images, causing document rendering to fail.

Signed-off-by: Drew Walters <andrew.walters@att.com>
Change-Id: Id0411f6c221d9986a6dece4d5f9b91ac94430ecc
2021-04-14 16:28:24 +00:00
digambar
0e25e9bfb2 Add SyncLabelller functions to target/workload phase
Change-Id: I059c6262999df273cceb7c7652b74f3f524b60ba
2021-04-14 15:11:33 +00:00
Sreejith Punnapuzha
87a82989b6 Create secret with ssh-key for hostconfig-operator
This commit adds secret creation to hostconfig-operator.

Signed-off-by: Sreejith Punnapuzha <Sreejith.Punnapuzha@outlook.com>
Change-Id: I8a92a07e1aaf653708b6e4d9fa8e300ebb3a9468
2021-04-10 20:33:03 -05:00
Sreejith Punnapuzha
b97569e857 Enable SSH access on to target and worker nodes
Allow ssh access to target and worker nodes on test site in treasuremap.

Signed-off-by: Sreejith Punnapuzha <Sreejith.Punnapuzha@outlook.com>
Change-Id: Id5ee27ec59bbbee85c169449a546c49d56885886
2021-04-07 22:23:04 +00:00
digambar
46c1671f43 Add ViNO function to target/workload phase
Change-Id: I1751ad60c05489897aff8b4d578193282acfb9c7
2021-04-07 05:37:52 +00:00
Zuul
1014413a8e Merge "Add hwcc replacement to airship-core" into v2 2021-04-05 17:25:33 +00:00