WIP - Bootstrapping playbook
Change-Id: Ic9abda6619d10bb5c2b1ac2cf77f962a793714d9
This commit is contained in:
parent
48f644a643
commit
30eaed3121
7
mcapi_vexxhost/playbooks/bootstrap.yml
Normal file
7
mcapi_vexxhost/playbooks/bootstrap.yml
Normal file
@ -0,0 +1,7 @@
|
||||
- hosts: localhost
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Copy configuration files into place
|
||||
ansible.builtin.copy:
|
||||
src: '.'
|
||||
dest: '/etc/'
|
@ -0,0 +1,3 @@
|
||||
cluster-api_hosts:
|
||||
aio1:
|
||||
ip: 172.29.236.100
|
@ -0,0 +1,20 @@
|
||||
---
|
||||
component_skel:
|
||||
k8s_capi:
|
||||
belongs_to:
|
||||
- k8s_all
|
||||
|
||||
container_skel:
|
||||
k8s_container:
|
||||
belongs_to:
|
||||
- cluster-api_containers
|
||||
contains:
|
||||
- k8s_capi
|
||||
|
||||
physical_skel:
|
||||
cluster-api_containers:
|
||||
belongs_to:
|
||||
- all_containers
|
||||
cluster-api_hosts:
|
||||
belongs_to:
|
||||
- hosts
|
@ -0,0 +1,43 @@
|
||||
---
|
||||
# Copyright 2023, BBC R&D
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
haproxy_k8s_service:
|
||||
haproxy_service_name: k8s
|
||||
haproxy_backend_nodes: "{{ groups['k8s_all'] | default([]) }}"
|
||||
haproxy_ssl: false
|
||||
haproxy_ssl_all_vips: false
|
||||
haproxy_port: 6443
|
||||
haproxy_balance_type: tcp
|
||||
haproxy_balance_alg: leastconn
|
||||
haproxy_interval: '15000'
|
||||
haproxy_backend_port: 6443
|
||||
haproxy_backend_rise: 2
|
||||
haproxy_backend_fall: 2
|
||||
haproxy_timeout_server: '15m'
|
||||
haproxy_timeout_client: '5m'
|
||||
haproxy_backend_options:
|
||||
- tcplog
|
||||
- ssl-hello-chk
|
||||
- log-health-checks
|
||||
- httpchk GET /healthz
|
||||
haproxy_backend_httpcheck_options:
|
||||
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthz'
|
||||
haproxy_backend_server_options:
|
||||
- check-ssl
|
||||
- verify none
|
||||
haproxy_service_enabled: "{{ groups['k8s_all'] is defined and groups['k8s_all'] | length > 0 }}"
|
||||
|
||||
k8s_haproxy_services:
|
||||
- "{{ haproxy_k8s_service | combine(haproxy_k8s_service_overrides | default({})) }}"
|
@ -0,0 +1,6 @@
|
||||
lxc_container_config_list:
|
||||
- "lxc.apparmor.profile=unconfined"
|
||||
|
||||
lxc_container_mount_auto:
|
||||
- "proc:rw"
|
||||
- "sys:rw"
|
@ -0,0 +1,2 @@
|
||||
docker-image-py
|
||||
kubernetes
|
@ -0,0 +1,9 @@
|
||||
collections:
|
||||
- name: vexxhost.kubernetes
|
||||
source: https://github.com/jrosser/ansible-collection-kubernetes
|
||||
type: git
|
||||
version: synchronize
|
||||
- name: osa_ops.mcapi_vexxhost
|
||||
type: git
|
||||
version: master
|
||||
source: https://opendev.org/openstack/openstack-ansible-ops#/mcapi_vexxhost
|
@ -0,0 +1,16 @@
|
||||
# wire OSA group, host and network addresses into k8s deployment
|
||||
kubernetes_control_plane_group: k8s_container
|
||||
kubelet_hostname: "{{ ansible_facts['hostname'] }}"
|
||||
kubelet_node_ip: "{{ management_address }}"
|
||||
kubernetes_hostname: "{{ internal_lb_vip_address }}"
|
||||
kubernetes_non_init_namespace: true
|
||||
|
||||
# Pick a range of addresses for cilium that do not collide with anything else
|
||||
cilium_ipv4_cidr: 172.29.200.0/22
|
||||
|
||||
# Set this manually, or kube-proxy will try to do this - not possible
|
||||
# in a non-init namespace and will fail in LXC
|
||||
openstack_host_nf_conntrack_max: 1572864
|
||||
|
||||
# OSA containers dont run ssh by default so cannot use synchronize
|
||||
upload_helm_chart_method: copy
|
@ -0,0 +1 @@
|
||||
tempest_install_method: "none"
|
@ -0,0 +1,69 @@
|
||||
---
|
||||
# Copyright 2020, VEXXHOST, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# install the vexxhost magnum-cluster-api plugin into the magnum venv
|
||||
# TODO - this is tip of the branch with CA fixes
|
||||
# WARNING - this always installs the most recent release rather than the tip of main
|
||||
magnum_user_pip_packages:
|
||||
- git+https://github.com/vexxhost/magnum-cluster-api@main#egg=magnum-cluster-api
|
||||
- kubernetes
|
||||
|
||||
# ensure that the internal VIP CA is trusted by the CAPI driver
|
||||
# TODO - this is too hardwired somehow
|
||||
magnum_config_overrides:
|
||||
drivers:
|
||||
openstack_ca_file: '/usr/local/share/ca-certificates/ExampleCorpRoot.crt'
|
||||
capi_client:
|
||||
ca_file: '/usr/local/share/ca-certificates/ExampleCorpRoot.crt'
|
||||
endpoint: 'internalURL'
|
||||
cluster_template:
|
||||
kubernetes_allowed_network_drivers: 'calico'
|
||||
kubernetes_default_network_driver: 'calico'
|
||||
certificates:
|
||||
cert_manager_type: x509keypair
|
||||
|
||||
magnum_glance_images:
|
||||
- disk_format: qcow2
|
||||
distro: ubuntu
|
||||
file: https://object-storage.public.mtl1.vexxhost.net/swift/v1/a91f106f55e64246babde7402c21b87a/magnum-capi/ubuntu-2204-kube-v1.23.17.qcow2
|
||||
image_format: bare
|
||||
name: ubuntu-2204-kube-v1.23.17
|
||||
public: true
|
||||
|
||||
# NOTE(jrosser) the cluster template cannot be created until the k8s credentials are dropped
|
||||
# in the magnum container, so we must leave this till later
|
||||
magnum_cluster_templates: []
|
||||
|
||||
magnum_flavors:
|
||||
- cloud: default
|
||||
disk: 40
|
||||
name: m1.medium
|
||||
ram: 4096
|
||||
vcpus: 2
|
||||
|
||||
tempest_test_includelist:
|
||||
- magnum_tempest_plugin.tests
|
||||
|
||||
|
||||
# NOTE(noonedeadpunk): We comment these tests out because of weird magnum things happening like
|
||||
# http://paste.openstack.org/show/790131/
|
||||
# But when "b''" around auth toke is dropped, everything is fine.
|
||||
tempest_test_excludelist:
|
||||
- magnum_tempest_plugin.tests.api.v1.test_cluster.ClusterTest.test_create_list_sign_delete_clusters
|
||||
- magnum_tempest_plugin.tests.api.v1.test_cluster.ClusterTest.test_create_cluster_with_nonexisting_flavor
|
||||
- magnum_tempest_plugin.tests.api.v1.test_cluster.ClusterTest.test_create_cluster_with_zero_nodes
|
||||
|
||||
tempest_tempest_conf_overrides_magnum:
|
||||
magnum:
|
Loading…
Reference in New Issue
Block a user