WIP - Bootstrapping playbook
Change-Id: Ic9abda6619d10bb5c2b1ac2cf77f962a793714d9
This commit is contained in:
parent
48f644a643
commit
30eaed3121
|
@ -0,0 +1,7 @@
|
||||||
|
- hosts: localhost
|
||||||
|
gather_facts: false
|
||||||
|
tasks:
|
||||||
|
- name: Copy configuration files into place
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: '.'
|
||||||
|
dest: '/etc/'
|
|
@ -0,0 +1,3 @@
|
||||||
|
cluster-api_hosts:
|
||||||
|
aio1:
|
||||||
|
ip: 172.29.236.100
|
|
@ -0,0 +1,20 @@
|
||||||
|
---
|
||||||
|
component_skel:
|
||||||
|
k8s_capi:
|
||||||
|
belongs_to:
|
||||||
|
- k8s_all
|
||||||
|
|
||||||
|
container_skel:
|
||||||
|
k8s_container:
|
||||||
|
belongs_to:
|
||||||
|
- cluster-api_containers
|
||||||
|
contains:
|
||||||
|
- k8s_capi
|
||||||
|
|
||||||
|
physical_skel:
|
||||||
|
cluster-api_containers:
|
||||||
|
belongs_to:
|
||||||
|
- all_containers
|
||||||
|
cluster-api_hosts:
|
||||||
|
belongs_to:
|
||||||
|
- hosts
|
|
@ -0,0 +1,43 @@
|
||||||
|
---
|
||||||
|
# Copyright 2023, BBC R&D
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
haproxy_k8s_service:
|
||||||
|
haproxy_service_name: k8s
|
||||||
|
haproxy_backend_nodes: "{{ groups['k8s_all'] | default([]) }}"
|
||||||
|
haproxy_ssl: false
|
||||||
|
haproxy_ssl_all_vips: false
|
||||||
|
haproxy_port: 6443
|
||||||
|
haproxy_balance_type: tcp
|
||||||
|
haproxy_balance_alg: leastconn
|
||||||
|
haproxy_interval: '15000'
|
||||||
|
haproxy_backend_port: 6443
|
||||||
|
haproxy_backend_rise: 2
|
||||||
|
haproxy_backend_fall: 2
|
||||||
|
haproxy_timeout_server: '15m'
|
||||||
|
haproxy_timeout_client: '5m'
|
||||||
|
haproxy_backend_options:
|
||||||
|
- tcplog
|
||||||
|
- ssl-hello-chk
|
||||||
|
- log-health-checks
|
||||||
|
- httpchk GET /healthz
|
||||||
|
haproxy_backend_httpcheck_options:
|
||||||
|
- 'send hdr User-Agent "osa-haproxy-healthcheck" meth GET uri /healthz'
|
||||||
|
haproxy_backend_server_options:
|
||||||
|
- check-ssl
|
||||||
|
- verify none
|
||||||
|
haproxy_service_enabled: "{{ groups['k8s_all'] is defined and groups['k8s_all'] | length > 0 }}"
|
||||||
|
|
||||||
|
k8s_haproxy_services:
|
||||||
|
- "{{ haproxy_k8s_service | combine(haproxy_k8s_service_overrides | default({})) }}"
|
|
@ -0,0 +1,6 @@
|
||||||
|
lxc_container_config_list:
|
||||||
|
- "lxc.apparmor.profile=unconfined"
|
||||||
|
|
||||||
|
lxc_container_mount_auto:
|
||||||
|
- "proc:rw"
|
||||||
|
- "sys:rw"
|
|
@ -0,0 +1,2 @@
|
||||||
|
docker-image-py
|
||||||
|
kubernetes
|
|
@ -0,0 +1,9 @@
|
||||||
|
collections:
|
||||||
|
- name: vexxhost.kubernetes
|
||||||
|
source: https://github.com/jrosser/ansible-collection-kubernetes
|
||||||
|
type: git
|
||||||
|
version: synchronize
|
||||||
|
- name: osa_ops.mcapi_vexxhost
|
||||||
|
type: git
|
||||||
|
version: master
|
||||||
|
source: https://opendev.org/openstack/openstack-ansible-ops#/mcapi_vexxhost
|
|
@ -0,0 +1,16 @@
|
||||||
|
# wire OSA group, host and network addresses into k8s deployment
|
||||||
|
kubernetes_control_plane_group: k8s_container
|
||||||
|
kubelet_hostname: "{{ ansible_facts['hostname'] }}"
|
||||||
|
kubelet_node_ip: "{{ management_address }}"
|
||||||
|
kubernetes_hostname: "{{ internal_lb_vip_address }}"
|
||||||
|
kubernetes_non_init_namespace: true
|
||||||
|
|
||||||
|
# Pick a range of addresses for cilium that do not collide with anything else
|
||||||
|
cilium_ipv4_cidr: 172.29.200.0/22
|
||||||
|
|
||||||
|
# Set this manually, or kube-proxy will try to do this - not possible
|
||||||
|
# in a non-init namespace and will fail in LXC
|
||||||
|
openstack_host_nf_conntrack_max: 1572864
|
||||||
|
|
||||||
|
# OSA containers dont run ssh by default so cannot use synchronize
|
||||||
|
upload_helm_chart_method: copy
|
|
@ -0,0 +1 @@
|
||||||
|
tempest_install_method: "none"
|
|
@ -0,0 +1,69 @@
|
||||||
|
---
|
||||||
|
# Copyright 2020, VEXXHOST, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
# install the vexxhost magnum-cluster-api plugin into the magnum venv
|
||||||
|
# TODO - this is tip of the branch with CA fixes
|
||||||
|
# WARNING - this always installs the most recent release rather than the tip of main
|
||||||
|
magnum_user_pip_packages:
|
||||||
|
- git+https://github.com/vexxhost/magnum-cluster-api@main#egg=magnum-cluster-api
|
||||||
|
- kubernetes
|
||||||
|
|
||||||
|
# ensure that the internal VIP CA is trusted by the CAPI driver
|
||||||
|
# TODO - this is too hardwired somehow
|
||||||
|
magnum_config_overrides:
|
||||||
|
drivers:
|
||||||
|
openstack_ca_file: '/usr/local/share/ca-certificates/ExampleCorpRoot.crt'
|
||||||
|
capi_client:
|
||||||
|
ca_file: '/usr/local/share/ca-certificates/ExampleCorpRoot.crt'
|
||||||
|
endpoint: 'internalURL'
|
||||||
|
cluster_template:
|
||||||
|
kubernetes_allowed_network_drivers: 'calico'
|
||||||
|
kubernetes_default_network_driver: 'calico'
|
||||||
|
certificates:
|
||||||
|
cert_manager_type: x509keypair
|
||||||
|
|
||||||
|
magnum_glance_images:
|
||||||
|
- disk_format: qcow2
|
||||||
|
distro: ubuntu
|
||||||
|
file: https://object-storage.public.mtl1.vexxhost.net/swift/v1/a91f106f55e64246babde7402c21b87a/magnum-capi/ubuntu-2204-kube-v1.23.17.qcow2
|
||||||
|
image_format: bare
|
||||||
|
name: ubuntu-2204-kube-v1.23.17
|
||||||
|
public: true
|
||||||
|
|
||||||
|
# NOTE(jrosser) the cluster template cannot be created until the k8s credentials are dropped
|
||||||
|
# in the magnum container, so we must leave this till later
|
||||||
|
magnum_cluster_templates: []
|
||||||
|
|
||||||
|
magnum_flavors:
|
||||||
|
- cloud: default
|
||||||
|
disk: 40
|
||||||
|
name: m1.medium
|
||||||
|
ram: 4096
|
||||||
|
vcpus: 2
|
||||||
|
|
||||||
|
tempest_test_includelist:
|
||||||
|
- magnum_tempest_plugin.tests
|
||||||
|
|
||||||
|
|
||||||
|
# NOTE(noonedeadpunk): We comment these tests out because of weird magnum things happening like
|
||||||
|
# http://paste.openstack.org/show/790131/
|
||||||
|
# But when "b''" around auth toke is dropped, everything is fine.
|
||||||
|
tempest_test_excludelist:
|
||||||
|
- magnum_tempest_plugin.tests.api.v1.test_cluster.ClusterTest.test_create_list_sign_delete_clusters
|
||||||
|
- magnum_tempest_plugin.tests.api.v1.test_cluster.ClusterTest.test_create_cluster_with_nonexisting_flavor
|
||||||
|
- magnum_tempest_plugin.tests.api.v1.test_cluster.ClusterTest.test_create_cluster_with_zero_nodes
|
||||||
|
|
||||||
|
tempest_tempest_conf_overrides_magnum:
|
||||||
|
magnum:
|
Loading…
Reference in New Issue