From ff0199a2303f4b32e393981794401fcf79e9cada Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Wed, 7 Sep 2022 17:17:07 -0400 Subject: [PATCH] Retire repository Change-Id: I8dce2ae248323fc13707bcf94ccdff957d6e5f69 --- .ansible-lint | 6 - .gitignore | 13 - README.md | 5 + doc/requirements.txt | 6 - doc/source/_static/.gitkeep | 0 .../_templates/yaml4rst/defaults_header.j2 | 11 - doc/source/conf.py | 110 --- doc/source/index.rst | 23 - doc/source/releasenotes.rst | 4 - .../build_openstack_requirements/index.rst | 10 - doc/source/roles/ceph_csi_rbd/index.rst | 10 - doc/source/roles/ceph_mon/index.rst | 10 - doc/source/roles/ceph_osd/index.rst | 10 - doc/source/roles/ceph_repository/index.rst | 10 - doc/source/roles/cert_manager/index.rst | 10 - doc/source/roles/containerd/index.rst | 10 - doc/source/roles/csi/index.rst | 10 - doc/source/roles/helm/index.rst | 10 - doc/source/roles/index.rst | 11 - doc/source/roles/ipmi_exporter/index.rst | 10 - doc/source/roles/keepalived/index.rst | 10 - .../roles/kube_prometheus_stack/index.rst | 10 - doc/source/roles/kubernetes/index.rst | 10 - doc/source/roles/openstack_cli/index.rst | 10 - doc/source/roles/openstack_exporter/index.rst | 10 - .../roles/openstack_helm_barbican/index.rst | 10 - .../roles/openstack_helm_cinder/index.rst | 10 - .../roles/openstack_helm_endpoints/index.rst | 10 - .../roles/openstack_helm_glance/index.rst | 10 - .../roles/openstack_helm_heat/index.rst | 10 - .../roles/openstack_helm_horizon/index.rst | 10 - .../index.rst | 10 - .../openstack_helm_infra_libvirt/index.rst | 10 - .../openstack_helm_infra_memcached/index.rst | 10 - .../index.rst | 10 - .../roles/openstack_helm_ingress/index.rst | 10 - .../roles/openstack_helm_keystone/index.rst | 10 - .../roles/openstack_helm_neutron/index.rst | 10 - .../roles/openstack_helm_nova/index.rst | 10 - .../roles/openstack_helm_placement/index.rst | 10 - .../roles/openstack_helm_senlin/index.rst | 10 - .../roles/openstack_helm_tempest/index.rst | 10 - doc/source/user/index.rst | 7 - doc/source/user/quickstart.rst | 99 -- docs/certificates.md | 60 -- docs/storage.md | 113 --- images/master.yml | 28 - molecule/default/converge.yml | 15 - molecule/default/create.yml | 110 --- molecule/default/destroy.yml | 47 - molecule/default/group_vars/.gitkeep | 0 molecule/default/group_vars/all/molecule.yml | 12 - molecule/default/heat/server.yaml | 168 ---- molecule/default/heat/stack.yaml | 183 ---- molecule/default/heat/volume.yaml | 34 - molecule/default/host_vars/.gitkeep | 0 molecule/default/molecule.yml | 51 - molecule/default/prepare.yml | 21 - molecule/default/requirements.txt | 3 - molecule/default/verify.yml | 15 - playbooks/ceph.yml | 36 - playbooks/cleanup.yml | 35 - playbooks/generate_workspace.yml | 431 --------- playbooks/kubernetes.yml | 24 - playbooks/openstack.yml | 149 --- playbooks/site.yml | 18 - playbooks/tempest.yml | 21 - plugins/module_utils/ca_common.py | 114 --- plugins/modules/ceph_config.py | 43 - plugins/modules/ceph_key.py | 692 -------------- plugins/modules/ceph_pool.py | 684 -------------- ...tmanager-persistence-0eaf7914c262bdf6.yaml | 5 - .../add-ansible-lint-c1e961c2fb88dbc7.yaml | 3 - ...dd-az-filter-to-nova-3ceb80120a642480.yaml | 3 - .../notes/add-barbican-d55f181d9f51462a.yaml | 3 - ...d-ceph-config-module-2390d050b6b0d976.yaml | 3 - ...dd-commit-msg-checks-6e4a5a0444fb8496.yaml | 4 - ...dd-coredns-forwarder-14bb2a1830cc57e6.yaml | 5 - .../add-coredns-metrics-6154d542fdb5118f.yaml | 6 - .../add-dns01-docs-f4849506aa12c25c.yaml | 3 - .../add-github-mirrors-af12ad15964628c1.yaml | 3 - .../add-ipmi-exporter-37a8c16fe24597dc.yaml | 3 - .../add-master-wheels-3f8e8de9d4988472.yaml | 3 - .../add-migrate-ip-23a68423484249b0.yaml | 3 - ...lecule-customization-9feb3a6a6e6d85f2.yaml | 5 - ...ive_migration_events-28f3dbae2939d20d.yaml | 6 - ...orter-ignored-device-a7d528f7583156f1.yaml | 4 - ...nstack-exporter-role-f87a6a6f90a0f236.yaml | 3 - ...ube-prometheus-stack-7b50790cfbfb2fa2.yaml | 3 - ...werstore-csi-support-64e89219c5c7b566.yaml | 3 - .../add-promote-job-079c3c57f1b5e272.yaml | 4 - ...vides-to-wheels-jobs-80dbd81930b548f4.yaml | 4 - ...dd-secret-generation-3653426d798abfc4.yaml | 9 - .../notes/add-ssh-keys-d3e86fce24365343.yaml | 4 - .../add-tempest-images-07a34f3e521ffee5.yaml | 3 - .../add-uc-to-whels-2f692964ae6d684c.yaml | 3 - .../add-wheel-builds-e731c5a64f98964b.yaml | 3 - ...workspace-generation-8ff28781216beccd.yaml | 4 - .../add-zuul-artifacts-fc8ce46d3a43414e.yaml | 3 - ...tl_bash_autocomplete-7b02df64b69198c8.yaml | 4 - .../added-role-docs-e7203e2b3db04f9f.yaml | 3 - ...w-disable-keepalived-8a0f9f4d7eba0bd1.yaml | 3 - .../allow-external-ceph-9fa982e6734902e9.yaml | 3 - .../allow-no-keepalived-32ac8b6630df1448.yaml | 4 - ...low-older-joinconfig-323cf204110f5c6d.yaml | 3 - ...low_boot_from_volume-d85a6fef6ec2eced.yaml | 8 - .../barbican-add-role-8c70f47a587d871a.yaml | 3 - .../notes/bump-horizon-27deafc5a24c6770.yaml | 3 - ...p-nova-chart-version-1c96e579431abc0e.yaml | 4 - ...-signed-cert-on-host-7f01a00243b8c94e.yaml | 3 - ...add-self-signed-cert-0d38d09e25c68546.yaml | 3 - ...nup-ceph-prom-alerts-3c020e3021d4fcea.yaml | 4 - ...leanup-keystone-role-ea04dd3c915f3bf7.yaml | 3 - .../cleanup-pre-run-cbd272c8b7852365.yaml | 4 - ...ce_disable_threshold-ba461187507bdb43.yaml | 8 - ...correct_nova_timeout-111d1967cacf02dc.yaml | 3 - ...eate-cloud-resources-dd6b1441b047fe98.yaml | 3 - .../custom-node-labels-6a86575cf6a68ad3.yaml | 4 - .../disable-ironic-62c49aa8af6d5441.yaml | 4 - ...saging-notifications-ca59b77095f59873.yaml | 6 - ...p-horizon-mariadb-pw-69cf67dab929a12a.yaml | 5 - ...tron-service-plugins-0edf4084235138e7.yaml | 3 - .../extend_waiting_time-aea8f4934df21b2b.yaml | 4 - .../fix-ceph-csi-monmap-89505192fb838958.yaml | 9 - ...ix-commit-check-vars-77fd8469bb568a48.yaml | 4 - .../fix-etcd-alerts-45526da283b2a024.yaml | 3 - .../fix-gcthres-values-2281f5ceba6d15bb.yaml | 3 - .../fix-git-mirrors-af8cec9540a12842.yaml | 3 - .../fix-ipmi-exporter-3099bb1397c884d4.yaml | 6 - .../fix-ipmi-exporter-4069d8b2e742a07a.yaml | 3 - ...ystone-domain-manage-dcaed4bd497836fa.yaml | 3 - ...rometheus-stack-wait-14e605452424cefc.yaml | 5 - .../fix-node-selectors-0ae3a7ae609b4227.yaml | 3 - .../fix-rabbitmq-alerts-74368ac400758ea7.yaml | 4 - .../fix-role-promotion-8c41b8dfd8b1c74e.yaml | 3 - .../notes/fix-semver-0aa05baa8ecdb2b0.yaml | 4 - .../fix-senlin-username-a8a238893e806d8d.yaml | 5 - .../fix-socat-percona-891da2e4726505a4.yaml | 4 - .../fix_osd_mon_hosts-aa7bd5fa08241131.yaml | 6 - ...e-secrets-with-vault-f7f4e0c94a5608d5.yaml | 4 - ...ter_internal_running-30f18e425871c369.yaml | 5 - ...glance-create-images-6943e75e25560954.yaml | 3 - ...able-openrc-download-9a77f00006a8e129.yaml | 7 - ...na-path-from-ingress-267b837d9d5f93bc.yaml | 3 - .../ignore-gre-sys-321562e531879727.yaml | 3 - ...tils-ping-in-tempest-6ceacd39657fb3d3.yaml | 3 - ...increase-ci-timeouts-e189f2327c7f40b6.yaml | 3 - ...able-for-annotations-b824db994ead135b.yaml | 16 - ...nable-defaultBackend-87a0a88a36710b38.yaml | 3 - ...exclude-more-sensors-ac10186184d368c6.yaml | 4 - .../keepalived-add-role-1b2ad22c86e253ba.yaml | 3 - ...tl-gc_thresh-tunning-438099ff8b0d9ff2.yaml | 3 - ...s-containter-runtime-eef9ac26d7a2d165.yaml | 3 - ...up-ceph-public-iface-e9147f1615e8371b.yaml | 6 - ...to-rabbitmq-operator-908ead4f29c82230.yaml | 7 - ...te-as-ext_dns_driver-36a95992b267e2f1.yaml | 3 - ..._resize_to_same_host-291e10c353bc1173.yaml | 3 - ...penstacksdk-add-role-352fd57b4abec9d2.yaml | 5 - .../pin-openstacksdk-c4c3c9758689f429.yaml | 4 - ...abbitmq-improvements-875277bea9dfc9bb.yaml | 7 - ...esource-requirements-b769c8975ba9723d.yaml | 3 - ...-molecule-workaround-6908afb41ef8c738.yaml | 4 - ...-inventory-structure-07ac1eea6b173eee.yaml | 4 - .../support-debian-c2c011eb48dfd442.yaml | 4 - .../switch-to-fluxcd-10de5b94a893b285.yaml | 4 - .../switch-to-geneve-96bf7ef7c53988f8.yaml | 3 - .../tempest-add-role-efd573d775e96638.yaml | 3 - ...t-tempest-log-always-5dd1b59b52038de2.yaml | 3 - ...ansible-lint-version-619c2a48e6f0c5d6.yaml | 3 - ...or-missing-variables-e76187195d20350d.yaml | 4 - ...ube-prometheus-stack-b5eac8346cc693b6.yaml | 3 - ...lic-link-for-adm-cfg-94f57076773d7864.yaml | 7 - ...ge-manifest-creation-d27b972f00fba609.yaml | 3 - .../defaults/main.yml | 40 - .../tasks/main.yml | 105 --- roles/ceph_csi_rbd/defaults/main.yml | 43 - roles/ceph_csi_rbd/meta/main.yml | 23 - roles/ceph_csi_rbd/tasks/main.yml | 105 --- roles/ceph_mgr/tasks/main.yml | 50 - roles/ceph_mon/defaults/main.yml | 25 - roles/ceph_mon/tasks/bootstrap-ceph.yml | 109 --- roles/ceph_mon/tasks/main.yml | 92 -- roles/ceph_mon/tasks/start-monitor.yml | 46 - roles/ceph_osd/defaults/main.yml | 19 - roles/ceph_osd/tasks/main.yml | 104 --- roles/ceph_repository/defaults/main.yml | 31 - roles/ceph_repository/tasks/main.yml | 34 - .../templates/apt-preferences.j2 | 11 - roles/cert_manager/defaults/main.yml | 35 - roles/cert_manager/meta/main.yml | 23 - roles/cert_manager/tasks/main.yml | 154 ---- roles/cilium/meta/main.yml | 23 - roles/cilium/tasks/main.yml | 31 - roles/containerd/defaults/main.yml | 19 - roles/containerd/handlers/main.yml | 18 - roles/containerd/tasks/main.yml | 54 -- roles/containerd/templates/config.toml.j2 | 5 - roles/coredns/tasks/main.yml | 119 --- roles/csi/defaults/main.yml | 2 - roles/csi/meta/main.yml | 29 - roles/flux/tasks/main.yml | 10 - roles/helm/defaults/main.yml | 31 - roles/helm/tasks/debian.yml | 40 - roles/helm/tasks/main.yml | 26 - roles/helm/tasks/redhat.yml | 24 - roles/helm/templates/apt-preferences.j2 | 3 - roles/helm_diff/tasks/main.yml | 27 - roles/ingress_nginx/meta/main.yml | 23 - roles/ingress_nginx/tasks/main.yml | 61 -- roles/ipmi_exporter/defaults/main.yml | 50 - roles/ipmi_exporter/meta/main.yml | 23 - roles/ipmi_exporter/tasks/main.yml | 173 ---- roles/keepalived/defaults/main.yml | 56 -- roles/keepalived/meta/main.yml | 23 - roles/keepalived/tasks/main.yml | 181 ---- roles/kube_prometheus_stack/defaults/main.yml | 19 - .../files/prometheus_alerts.yml | 870 ------------------ roles/kube_prometheus_stack/meta/main.yml | 23 - roles/kube_prometheus_stack/tasks/main.yml | 103 --- roles/kube_prometheus_stack/vars/main.yml | 292 ------ roles/kubernetes/defaults/main.yml | 84 -- roles/kubernetes/files/apt-key.gpg | Bin 2537 -> 0 bytes roles/kubernetes/files/haproxy.yaml | 27 - roles/kubernetes/files/keepalived.yaml | 32 - roles/kubernetes/meta/main.yml | 26 - roles/kubernetes/tasks/bootstrap-cluster.yml | 60 -- roles/kubernetes/tasks/control-plane.yml | 118 --- roles/kubernetes/tasks/join-cluster.yml | 65 -- roles/kubernetes/tasks/main.yml | 131 --- roles/kubernetes/tasks/nodes.yml | 22 - roles/kubernetes/templates/apt-preferences.j2 | 11 - .../templates/check_apiserver.sh.j2 | 11 - roles/kubernetes/templates/haproxy.cfg.j2 | 51 - roles/kubernetes/templates/keepalived.conf.j2 | 25 - roles/kubernetes/templates/kubeadm.yaml.j2 | 59 -- .../kubernetes/templates/modules-load.conf.j2 | 3 - roles/kubernetes/vars/main.yml | 15 - roles/node_feature_discovery/meta/main.yml | 23 - roles/node_feature_discovery/tasks/main.yml | 48 - roles/openstack_cli/defaults/main.yml | 20 - roles/openstack_cli/tasks/main.yml | 33 - roles/openstack_cli/templates/openrc.j2 | 12 - roles/openstack_exporter/defaults/main.yml | 24 - roles/openstack_exporter/meta/main.yml | 23 - roles/openstack_exporter/tasks/main.yml | 382 -------- .../openstack_helm_barbican/defaults/main.yml | 49 - roles/openstack_helm_barbican/meta/main.yml | 23 - roles/openstack_helm_barbican/tasks/main.yml | 85 -- roles/openstack_helm_barbican/vars/main.yml | 45 - roles/openstack_helm_cinder/defaults/main.yml | 43 - roles/openstack_helm_cinder/meta/main.yml | 23 - roles/openstack_helm_cinder/tasks/main.yml | 85 -- roles/openstack_helm_cinder/vars/main.yml | 67 -- .../defaults/main.yml | 445 --------- roles/openstack_helm_endpoints/tasks/main.yml | 50 - roles/openstack_helm_endpoints/vars/main.yml | 419 --------- roles/openstack_helm_glance/defaults/main.yml | 49 - roles/openstack_helm_glance/meta/main.yml | 26 - roles/openstack_helm_glance/tasks/main.yml | 124 --- roles/openstack_helm_glance/vars/main.yml | 57 -- roles/openstack_helm_heat/defaults/main.yml | 55 -- roles/openstack_helm_heat/meta/main.yml | 23 - roles/openstack_helm_heat/tasks/main.yml | 94 -- roles/openstack_helm_heat/vars/main.yml | 56 -- .../openstack_helm_horizon/defaults/main.yml | 43 - .../files/50-monasca-ui-settings.py | 56 -- roles/openstack_helm_horizon/meta/main.yml | 23 - roles/openstack_helm_horizon/tasks/main.yml | 86 -- roles/openstack_helm_horizon/vars/main.yml | 60 -- .../defaults/main.yml | 43 - .../meta/main.yml | 26 - .../tasks/main.yml | 146 --- .../vars/main.yml | 18 - .../defaults/main.yml | 31 - .../meta/main.yml | 23 - .../tasks/main.yml | 64 -- .../vars/main.yml | 26 - .../defaults/main.yml | 19 - .../meta/main.yml | 23 - .../tasks/main.yml | 133 --- .../vars/main.yml | 24 - .../defaults/main.yml | 31 - .../meta/main.yml | 23 - .../tasks/main.yml | 65 -- .../vars/main.yml | 21 - .../openstack_helm_ingress/defaults/main.yml | 25 - roles/openstack_helm_ingress/tasks/main.yml | 34 - roles/openstack_helm_ingress/vars/main.yml | 26 - .../openstack_helm_keystone/defaults/main.yml | 43 - roles/openstack_helm_keystone/meta/main.yml | 23 - roles/openstack_helm_keystone/tasks/main.yml | 85 -- roles/openstack_helm_keystone/vars/main.yml | 86 -- .../openstack_helm_neutron/defaults/main.yml | 49 - roles/openstack_helm_neutron/meta/main.yml | 26 - roles/openstack_helm_neutron/tasks/main.yml | 136 --- roles/openstack_helm_neutron/vars/main.yml | 87 -- roles/openstack_helm_nova/defaults/main.yml | 73 -- roles/openstack_helm_nova/meta/main.yml | 26 - roles/openstack_helm_nova/tasks/main.yml | 165 ---- roles/openstack_helm_nova/vars/main.yml | 138 --- .../defaults/main.yml | 43 - roles/openstack_helm_placement/meta/main.yml | 23 - roles/openstack_helm_placement/tasks/main.yml | 77 -- roles/openstack_helm_placement/vars/main.yml | 40 - roles/openstack_helm_senlin/defaults/main.yml | 55 -- roles/openstack_helm_senlin/meta/main.yml | 23 - roles/openstack_helm_senlin/tasks/main.yml | 85 -- roles/openstack_helm_senlin/vars/main.yml | 48 - .../openstack_helm_tempest/defaults/main.yml | 37 - roles/openstack_helm_tempest/meta/main.yml | 26 - roles/openstack_helm_tempest/tasks/main.yml | 122 --- roles/openstack_helm_tempest/vars/main.yml | 55 -- roles/openstack_namespace/tasks/main.yml | 22 - roles/openstacksdk/tasks/main.yml | 41 - roles/openstacksdk/templates/clouds.yaml.j2 | 10 - roles/percona_xtradb_cluster/meta/main.yml | 23 - roles/percona_xtradb_cluster/tasks/main.yml | 201 ---- roles/powerstore_csi/meta/main.yml | 23 - roles/powerstore_csi/tasks/main.yml | 52 -- roles/prometheus_pushgateway/meta/main.yml | 23 - roles/prometheus_pushgateway/tasks/main.yml | 54 -- roles/rabbitmq/meta/main.yml | 26 - roles/rabbitmq/tasks/main.yml | 55 -- roles/rabbitmq_operator/meta/main.yml | 23 - roles/rabbitmq_operator/tasks/main.yml | 190 ---- setup.cfg | 16 - setup.py | 17 - tools/generate-galaxy-yml.py | 28 - tox.ini | 56 -- zuul.d/github.yaml | 24 - zuul.d/images-master.yaml | 99 -- zuul.d/images.yaml | 60 -- zuul.d/jobs.yaml | 68 -- .../pre-run.yml | 18 - .../run.yml | 45 - .../pre-run.yml | 17 - .../run.yml | 163 ---- .../post-run.yml | 55 -- .../pre-run.yml | 17 - .../run.yml | 18 - .../run.yml | 55 -- .../post-run.yml | 45 - .../run.yml | 52 -- .../post-run.yml | 55 -- .../cleanup-run.yml | 20 - zuul.d/project.yaml | 36 - zuul.d/secrets.yaml | 89 -- zuul.d/wheels-master.yaml | 66 -- zuul.d/wheels-wallaby.yaml | 66 -- zuul.d/wheels.yaml | 42 - 350 files changed, 5 insertions(+), 15274 deletions(-) delete mode 100644 .ansible-lint delete mode 100644 .gitignore create mode 100644 README.md delete mode 100644 doc/requirements.txt delete mode 100644 doc/source/_static/.gitkeep delete mode 100644 doc/source/_templates/yaml4rst/defaults_header.j2 delete mode 100644 doc/source/conf.py delete mode 100644 doc/source/index.rst delete mode 100644 doc/source/releasenotes.rst delete mode 100644 doc/source/roles/build_openstack_requirements/index.rst delete mode 100644 doc/source/roles/ceph_csi_rbd/index.rst delete mode 100644 doc/source/roles/ceph_mon/index.rst delete mode 100644 doc/source/roles/ceph_osd/index.rst delete mode 100644 doc/source/roles/ceph_repository/index.rst delete mode 100644 doc/source/roles/cert_manager/index.rst delete mode 100644 doc/source/roles/containerd/index.rst delete mode 100644 doc/source/roles/csi/index.rst delete mode 100644 doc/source/roles/helm/index.rst delete mode 100644 doc/source/roles/index.rst delete mode 100644 doc/source/roles/ipmi_exporter/index.rst delete mode 100644 doc/source/roles/keepalived/index.rst delete mode 100644 doc/source/roles/kube_prometheus_stack/index.rst delete mode 100644 doc/source/roles/kubernetes/index.rst delete mode 100644 doc/source/roles/openstack_cli/index.rst delete mode 100644 doc/source/roles/openstack_exporter/index.rst delete mode 100644 doc/source/roles/openstack_helm_barbican/index.rst delete mode 100644 doc/source/roles/openstack_helm_cinder/index.rst delete mode 100644 doc/source/roles/openstack_helm_endpoints/index.rst delete mode 100644 doc/source/roles/openstack_helm_glance/index.rst delete mode 100644 doc/source/roles/openstack_helm_heat/index.rst delete mode 100644 doc/source/roles/openstack_helm_horizon/index.rst delete mode 100644 doc/source/roles/openstack_helm_infra_ceph_provisioners/index.rst delete mode 100644 doc/source/roles/openstack_helm_infra_libvirt/index.rst delete mode 100644 doc/source/roles/openstack_helm_infra_memcached/index.rst delete mode 100644 doc/source/roles/openstack_helm_infra_openvswitch/index.rst delete mode 100644 doc/source/roles/openstack_helm_ingress/index.rst delete mode 100644 doc/source/roles/openstack_helm_keystone/index.rst delete mode 100644 doc/source/roles/openstack_helm_neutron/index.rst delete mode 100644 doc/source/roles/openstack_helm_nova/index.rst delete mode 100644 doc/source/roles/openstack_helm_placement/index.rst delete mode 100644 doc/source/roles/openstack_helm_senlin/index.rst delete mode 100644 doc/source/roles/openstack_helm_tempest/index.rst delete mode 100644 doc/source/user/index.rst delete mode 100644 doc/source/user/quickstart.rst delete mode 100644 docs/certificates.md delete mode 100644 docs/storage.md delete mode 100644 images/master.yml delete mode 100644 molecule/default/converge.yml delete mode 100644 molecule/default/create.yml delete mode 100644 molecule/default/destroy.yml delete mode 100644 molecule/default/group_vars/.gitkeep delete mode 100644 molecule/default/group_vars/all/molecule.yml delete mode 100644 molecule/default/heat/server.yaml delete mode 100644 molecule/default/heat/stack.yaml delete mode 100644 molecule/default/heat/volume.yaml delete mode 100644 molecule/default/host_vars/.gitkeep delete mode 100644 molecule/default/molecule.yml delete mode 100644 molecule/default/prepare.yml delete mode 100644 molecule/default/requirements.txt delete mode 100644 molecule/default/verify.yml delete mode 100644 playbooks/ceph.yml delete mode 100644 playbooks/cleanup.yml delete mode 100644 playbooks/generate_workspace.yml delete mode 100644 playbooks/kubernetes.yml delete mode 100644 playbooks/openstack.yml delete mode 100644 playbooks/site.yml delete mode 100644 playbooks/tempest.yml delete mode 100644 plugins/module_utils/ca_common.py delete mode 100644 plugins/modules/ceph_config.py delete mode 100644 plugins/modules/ceph_key.py delete mode 100644 plugins/modules/ceph_pool.py delete mode 100644 releasenotes/notes/add-alertmanager-persistence-0eaf7914c262bdf6.yaml delete mode 100644 releasenotes/notes/add-ansible-lint-c1e961c2fb88dbc7.yaml delete mode 100644 releasenotes/notes/add-az-filter-to-nova-3ceb80120a642480.yaml delete mode 100644 releasenotes/notes/add-barbican-d55f181d9f51462a.yaml delete mode 100644 releasenotes/notes/add-ceph-config-module-2390d050b6b0d976.yaml delete mode 100644 releasenotes/notes/add-commit-msg-checks-6e4a5a0444fb8496.yaml delete mode 100644 releasenotes/notes/add-coredns-forwarder-14bb2a1830cc57e6.yaml delete mode 100644 releasenotes/notes/add-coredns-metrics-6154d542fdb5118f.yaml delete mode 100644 releasenotes/notes/add-dns01-docs-f4849506aa12c25c.yaml delete mode 100644 releasenotes/notes/add-github-mirrors-af12ad15964628c1.yaml delete mode 100644 releasenotes/notes/add-ipmi-exporter-37a8c16fe24597dc.yaml delete mode 100644 releasenotes/notes/add-master-wheels-3f8e8de9d4988472.yaml delete mode 100644 releasenotes/notes/add-migrate-ip-23a68423484249b0.yaml delete mode 100644 releasenotes/notes/add-molecule-customization-9feb3a6a6e6d85f2.yaml delete mode 100644 releasenotes/notes/add-neutron-live_migration_events-28f3dbae2939d20d.yaml delete mode 100644 releasenotes/notes/add-node-exporter-ignored-device-a7d528f7583156f1.yaml delete mode 100644 releasenotes/notes/add-openstack-exporter-role-f87a6a6f90a0f236.yaml delete mode 100644 releasenotes/notes/add-overrides-for-kube-prometheus-stack-7b50790cfbfb2fa2.yaml delete mode 100644 releasenotes/notes/add-powerstore-csi-support-64e89219c5c7b566.yaml delete mode 100644 releasenotes/notes/add-promote-job-079c3c57f1b5e272.yaml delete mode 100644 releasenotes/notes/add-provides-to-wheels-jobs-80dbd81930b548f4.yaml delete mode 100644 releasenotes/notes/add-secret-generation-3653426d798abfc4.yaml delete mode 100644 releasenotes/notes/add-ssh-keys-d3e86fce24365343.yaml delete mode 100644 releasenotes/notes/add-tempest-images-07a34f3e521ffee5.yaml delete mode 100644 releasenotes/notes/add-uc-to-whels-2f692964ae6d684c.yaml delete mode 100644 releasenotes/notes/add-wheel-builds-e731c5a64f98964b.yaml delete mode 100644 releasenotes/notes/add-workspace-generation-8ff28781216beccd.yaml delete mode 100644 releasenotes/notes/add-zuul-artifacts-fc8ce46d3a43414e.yaml delete mode 100644 releasenotes/notes/add_kubectl_bash_autocomplete-7b02df64b69198c8.yaml delete mode 100644 releasenotes/notes/added-role-docs-e7203e2b3db04f9f.yaml delete mode 100644 releasenotes/notes/allow-disable-keepalived-8a0f9f4d7eba0bd1.yaml delete mode 100644 releasenotes/notes/allow-external-ceph-9fa982e6734902e9.yaml delete mode 100644 releasenotes/notes/allow-no-keepalived-32ac8b6630df1448.yaml delete mode 100644 releasenotes/notes/allow-older-joinconfig-323cf204110f5c6d.yaml delete mode 100644 releasenotes/notes/allow_boot_from_volume-d85a6fef6ec2eced.yaml delete mode 100644 releasenotes/notes/barbican-add-role-8c70f47a587d871a.yaml delete mode 100644 releasenotes/notes/bump-horizon-27deafc5a24c6770.yaml delete mode 100644 releasenotes/notes/bump-nova-chart-version-1c96e579431abc0e.yaml delete mode 100644 releasenotes/notes/cert-manager-distribute-self-signed-cert-on-host-7f01a00243b8c94e.yaml delete mode 100644 releasenotes/notes/cert_manager-add-self-signed-cert-0d38d09e25c68546.yaml delete mode 100644 releasenotes/notes/cleanup-ceph-prom-alerts-3c020e3021d4fcea.yaml delete mode 100644 releasenotes/notes/cleanup-keystone-role-ea04dd3c915f3bf7.yaml delete mode 100644 releasenotes/notes/cleanup-pre-run-cbd272c8b7852365.yaml delete mode 100644 releasenotes/notes/consecutive_build_service_disable_threshold-ba461187507bdb43.yaml delete mode 100644 releasenotes/notes/correct_nova_timeout-111d1967cacf02dc.yaml delete mode 100644 releasenotes/notes/create-cloud-resources-dd6b1441b047fe98.yaml delete mode 100644 releasenotes/notes/custom-node-labels-6a86575cf6a68ad3.yaml delete mode 100644 releasenotes/notes/disable-ironic-62c49aa8af6d5441.yaml delete mode 100644 releasenotes/notes/disable-oslo-messaging-notifications-ca59b77095f59873.yaml delete mode 100644 releasenotes/notes/drop-horizon-mariadb-pw-69cf67dab929a12a.yaml delete mode 100644 releasenotes/notes/enable-neutron-service-plugins-0edf4084235138e7.yaml delete mode 100644 releasenotes/notes/extend_waiting_time-aea8f4934df21b2b.yaml delete mode 100644 releasenotes/notes/fix-ceph-csi-monmap-89505192fb838958.yaml delete mode 100644 releasenotes/notes/fix-commit-check-vars-77fd8469bb568a48.yaml delete mode 100644 releasenotes/notes/fix-etcd-alerts-45526da283b2a024.yaml delete mode 100644 releasenotes/notes/fix-gcthres-values-2281f5ceba6d15bb.yaml delete mode 100644 releasenotes/notes/fix-git-mirrors-af8cec9540a12842.yaml delete mode 100644 releasenotes/notes/fix-ipmi-exporter-3099bb1397c884d4.yaml delete mode 100644 releasenotes/notes/fix-ipmi-exporter-4069d8b2e742a07a.yaml delete mode 100644 releasenotes/notes/fix-keystone-domain-manage-dcaed4bd497836fa.yaml delete mode 100644 releasenotes/notes/fix-kube-prometheus-stack-wait-14e605452424cefc.yaml delete mode 100644 releasenotes/notes/fix-node-selectors-0ae3a7ae609b4227.yaml delete mode 100644 releasenotes/notes/fix-rabbitmq-alerts-74368ac400758ea7.yaml delete mode 100644 releasenotes/notes/fix-role-promotion-8c41b8dfd8b1c74e.yaml delete mode 100644 releasenotes/notes/fix-semver-0aa05baa8ecdb2b0.yaml delete mode 100644 releasenotes/notes/fix-senlin-username-a8a238893e806d8d.yaml delete mode 100644 releasenotes/notes/fix-socat-percona-891da2e4726505a4.yaml delete mode 100644 releasenotes/notes/fix_osd_mon_hosts-aa7bd5fa08241131.yaml delete mode 100644 releasenotes/notes/generate-secrets-with-vault-f7f4e0c94a5608d5.yaml delete mode 100644 releasenotes/notes/get_cluster_internal_running-30f18e425871c369.yaml delete mode 100644 releasenotes/notes/glance-create-images-6943e75e25560954.yaml delete mode 100644 releasenotes/notes/horizon-disable-openrc-download-9a77f00006a8e129.yaml delete mode 100644 releasenotes/notes/horizon-remove-monasca-grafana-path-from-ingress-267b837d9d5f93bc.yaml delete mode 100644 releasenotes/notes/ignore-gre-sys-321562e531879727.yaml delete mode 100644 releasenotes/notes/image-install-iputils-ping-in-tempest-6ceacd39657fb3d3.yaml delete mode 100644 releasenotes/notes/increase-ci-timeouts-e189f2327c7f40b6.yaml delete mode 100644 releasenotes/notes/ingress-add-variable-for-annotations-b824db994ead135b.yaml delete mode 100644 releasenotes/notes/ingress_nginx-enable-defaultBackend-87a0a88a36710b38.yaml delete mode 100644 releasenotes/notes/ipmi-exclude-more-sensors-ac10186184d368c6.yaml delete mode 100644 releasenotes/notes/keepalived-add-role-1b2ad22c86e253ba.yaml delete mode 100644 releasenotes/notes/kubernetes-add-sysctl-gc_thresh-tunning-438099ff8b0d9ff2.yaml delete mode 100644 releasenotes/notes/kubernetes-set-containerd-as-containter-runtime-eef9ac26d7a2d165.yaml delete mode 100644 releasenotes/notes/lookup-ceph-public-iface-e9147f1615e8371b.yaml delete mode 100644 releasenotes/notes/migrate-to-rabbitmq-operator-908ead4f29c82230.yaml delete mode 100644 releasenotes/notes/neutron-integrate-designate-as-ext_dns_driver-36a95992b267e2f1.yaml delete mode 100644 releasenotes/notes/nova_allow_resize_to_same_host-291e10c353bc1173.yaml delete mode 100644 releasenotes/notes/openstacksdk-add-role-352fd57b4abec9d2.yaml delete mode 100644 releasenotes/notes/pin-openstacksdk-c4c3c9758689f429.yaml delete mode 100644 releasenotes/notes/rabbitmq-improvements-875277bea9dfc9bb.yaml delete mode 100644 releasenotes/notes/rabbitmq-set-resource-requirements-b769c8975ba9723d.yaml delete mode 100644 releasenotes/notes/remove-molecule-workaround-6908afb41ef8c738.yaml delete mode 100644 releasenotes/notes/simplify-inventory-structure-07ac1eea6b173eee.yaml delete mode 100644 releasenotes/notes/support-debian-c2c011eb48dfd442.yaml delete mode 100644 releasenotes/notes/switch-to-fluxcd-10de5b94a893b285.yaml delete mode 100644 releasenotes/notes/switch-to-geneve-96bf7ef7c53988f8.yaml delete mode 100644 releasenotes/notes/tempest-add-role-efd573d775e96638.yaml delete mode 100644 releasenotes/notes/tempest-print-tempest-log-always-5dd1b59b52038de2.yaml delete mode 100644 releasenotes/notes/tox-lock-ansible-lint-version-619c2a48e6f0c5d6.yaml delete mode 100644 releasenotes/notes/update-regex-of-generating-secrets-for-missing-variables-e76187195d20350d.yaml delete mode 100644 releasenotes/notes/upgrade-kube-prometheus-stack-b5eac8346cc693b6.yaml delete mode 100644 releasenotes/notes/use-symbolic-link-for-adm-cfg-94f57076773d7864.yaml delete mode 100644 releasenotes/notes/zuul-fix-image-manifest-creation-d27b972f00fba609.yaml delete mode 100644 roles/build_openstack_requirements/defaults/main.yml delete mode 100644 roles/build_openstack_requirements/tasks/main.yml delete mode 100644 roles/ceph_csi_rbd/defaults/main.yml delete mode 100644 roles/ceph_csi_rbd/meta/main.yml delete mode 100644 roles/ceph_csi_rbd/tasks/main.yml delete mode 100644 roles/ceph_mgr/tasks/main.yml delete mode 100644 roles/ceph_mon/defaults/main.yml delete mode 100644 roles/ceph_mon/tasks/bootstrap-ceph.yml delete mode 100644 roles/ceph_mon/tasks/main.yml delete mode 100644 roles/ceph_mon/tasks/start-monitor.yml delete mode 100644 roles/ceph_osd/defaults/main.yml delete mode 100644 roles/ceph_osd/tasks/main.yml delete mode 100644 roles/ceph_repository/defaults/main.yml delete mode 100644 roles/ceph_repository/tasks/main.yml delete mode 100644 roles/ceph_repository/templates/apt-preferences.j2 delete mode 100644 roles/cert_manager/defaults/main.yml delete mode 100644 roles/cert_manager/meta/main.yml delete mode 100644 roles/cert_manager/tasks/main.yml delete mode 100644 roles/cilium/meta/main.yml delete mode 100644 roles/cilium/tasks/main.yml delete mode 100644 roles/containerd/defaults/main.yml delete mode 100644 roles/containerd/handlers/main.yml delete mode 100644 roles/containerd/tasks/main.yml delete mode 100644 roles/containerd/templates/config.toml.j2 delete mode 100644 roles/coredns/tasks/main.yml delete mode 100644 roles/csi/defaults/main.yml delete mode 100644 roles/csi/meta/main.yml delete mode 100644 roles/flux/tasks/main.yml delete mode 100644 roles/helm/defaults/main.yml delete mode 100644 roles/helm/tasks/debian.yml delete mode 100644 roles/helm/tasks/main.yml delete mode 100644 roles/helm/tasks/redhat.yml delete mode 100644 roles/helm/templates/apt-preferences.j2 delete mode 100644 roles/helm_diff/tasks/main.yml delete mode 100644 roles/ingress_nginx/meta/main.yml delete mode 100644 roles/ingress_nginx/tasks/main.yml delete mode 100644 roles/ipmi_exporter/defaults/main.yml delete mode 100644 roles/ipmi_exporter/meta/main.yml delete mode 100644 roles/ipmi_exporter/tasks/main.yml delete mode 100644 roles/keepalived/defaults/main.yml delete mode 100644 roles/keepalived/meta/main.yml delete mode 100644 roles/keepalived/tasks/main.yml delete mode 100644 roles/kube_prometheus_stack/defaults/main.yml delete mode 100644 roles/kube_prometheus_stack/files/prometheus_alerts.yml delete mode 100644 roles/kube_prometheus_stack/meta/main.yml delete mode 100644 roles/kube_prometheus_stack/tasks/main.yml delete mode 100644 roles/kube_prometheus_stack/vars/main.yml delete mode 100644 roles/kubernetes/defaults/main.yml delete mode 100644 roles/kubernetes/files/apt-key.gpg delete mode 100644 roles/kubernetes/files/haproxy.yaml delete mode 100644 roles/kubernetes/files/keepalived.yaml delete mode 100644 roles/kubernetes/meta/main.yml delete mode 100644 roles/kubernetes/tasks/bootstrap-cluster.yml delete mode 100644 roles/kubernetes/tasks/control-plane.yml delete mode 100644 roles/kubernetes/tasks/join-cluster.yml delete mode 100644 roles/kubernetes/tasks/main.yml delete mode 100644 roles/kubernetes/tasks/nodes.yml delete mode 100644 roles/kubernetes/templates/apt-preferences.j2 delete mode 100644 roles/kubernetes/templates/check_apiserver.sh.j2 delete mode 100644 roles/kubernetes/templates/haproxy.cfg.j2 delete mode 100644 roles/kubernetes/templates/keepalived.conf.j2 delete mode 100644 roles/kubernetes/templates/kubeadm.yaml.j2 delete mode 100644 roles/kubernetes/templates/modules-load.conf.j2 delete mode 100644 roles/kubernetes/vars/main.yml delete mode 100644 roles/node_feature_discovery/meta/main.yml delete mode 100644 roles/node_feature_discovery/tasks/main.yml delete mode 100644 roles/openstack_cli/defaults/main.yml delete mode 100644 roles/openstack_cli/tasks/main.yml delete mode 100644 roles/openstack_cli/templates/openrc.j2 delete mode 100644 roles/openstack_exporter/defaults/main.yml delete mode 100644 roles/openstack_exporter/meta/main.yml delete mode 100644 roles/openstack_exporter/tasks/main.yml delete mode 100644 roles/openstack_helm_barbican/defaults/main.yml delete mode 100644 roles/openstack_helm_barbican/meta/main.yml delete mode 100644 roles/openstack_helm_barbican/tasks/main.yml delete mode 100644 roles/openstack_helm_barbican/vars/main.yml delete mode 100644 roles/openstack_helm_cinder/defaults/main.yml delete mode 100644 roles/openstack_helm_cinder/meta/main.yml delete mode 100644 roles/openstack_helm_cinder/tasks/main.yml delete mode 100644 roles/openstack_helm_cinder/vars/main.yml delete mode 100644 roles/openstack_helm_endpoints/defaults/main.yml delete mode 100644 roles/openstack_helm_endpoints/tasks/main.yml delete mode 100644 roles/openstack_helm_endpoints/vars/main.yml delete mode 100644 roles/openstack_helm_glance/defaults/main.yml delete mode 100644 roles/openstack_helm_glance/meta/main.yml delete mode 100644 roles/openstack_helm_glance/tasks/main.yml delete mode 100644 roles/openstack_helm_glance/vars/main.yml delete mode 100644 roles/openstack_helm_heat/defaults/main.yml delete mode 100644 roles/openstack_helm_heat/meta/main.yml delete mode 100644 roles/openstack_helm_heat/tasks/main.yml delete mode 100644 roles/openstack_helm_heat/vars/main.yml delete mode 100644 roles/openstack_helm_horizon/defaults/main.yml delete mode 100644 roles/openstack_helm_horizon/files/50-monasca-ui-settings.py delete mode 100644 roles/openstack_helm_horizon/meta/main.yml delete mode 100644 roles/openstack_helm_horizon/tasks/main.yml delete mode 100644 roles/openstack_helm_horizon/vars/main.yml delete mode 100644 roles/openstack_helm_infra_ceph_provisioners/defaults/main.yml delete mode 100644 roles/openstack_helm_infra_ceph_provisioners/meta/main.yml delete mode 100644 roles/openstack_helm_infra_ceph_provisioners/tasks/main.yml delete mode 100644 roles/openstack_helm_infra_ceph_provisioners/vars/main.yml delete mode 100644 roles/openstack_helm_infra_libvirt/defaults/main.yml delete mode 100644 roles/openstack_helm_infra_libvirt/meta/main.yml delete mode 100644 roles/openstack_helm_infra_libvirt/tasks/main.yml delete mode 100644 roles/openstack_helm_infra_libvirt/vars/main.yml delete mode 100644 roles/openstack_helm_infra_memcached/defaults/main.yml delete mode 100644 roles/openstack_helm_infra_memcached/meta/main.yml delete mode 100644 roles/openstack_helm_infra_memcached/tasks/main.yml delete mode 100644 roles/openstack_helm_infra_memcached/vars/main.yml delete mode 100644 roles/openstack_helm_infra_openvswitch/defaults/main.yml delete mode 100644 roles/openstack_helm_infra_openvswitch/meta/main.yml delete mode 100644 roles/openstack_helm_infra_openvswitch/tasks/main.yml delete mode 100644 roles/openstack_helm_infra_openvswitch/vars/main.yml delete mode 100644 roles/openstack_helm_ingress/defaults/main.yml delete mode 100644 roles/openstack_helm_ingress/tasks/main.yml delete mode 100644 roles/openstack_helm_ingress/vars/main.yml delete mode 100644 roles/openstack_helm_keystone/defaults/main.yml delete mode 100644 roles/openstack_helm_keystone/meta/main.yml delete mode 100644 roles/openstack_helm_keystone/tasks/main.yml delete mode 100644 roles/openstack_helm_keystone/vars/main.yml delete mode 100644 roles/openstack_helm_neutron/defaults/main.yml delete mode 100644 roles/openstack_helm_neutron/meta/main.yml delete mode 100644 roles/openstack_helm_neutron/tasks/main.yml delete mode 100644 roles/openstack_helm_neutron/vars/main.yml delete mode 100644 roles/openstack_helm_nova/defaults/main.yml delete mode 100644 roles/openstack_helm_nova/meta/main.yml delete mode 100644 roles/openstack_helm_nova/tasks/main.yml delete mode 100644 roles/openstack_helm_nova/vars/main.yml delete mode 100644 roles/openstack_helm_placement/defaults/main.yml delete mode 100644 roles/openstack_helm_placement/meta/main.yml delete mode 100644 roles/openstack_helm_placement/tasks/main.yml delete mode 100644 roles/openstack_helm_placement/vars/main.yml delete mode 100644 roles/openstack_helm_senlin/defaults/main.yml delete mode 100644 roles/openstack_helm_senlin/meta/main.yml delete mode 100644 roles/openstack_helm_senlin/tasks/main.yml delete mode 100644 roles/openstack_helm_senlin/vars/main.yml delete mode 100644 roles/openstack_helm_tempest/defaults/main.yml delete mode 100644 roles/openstack_helm_tempest/meta/main.yml delete mode 100644 roles/openstack_helm_tempest/tasks/main.yml delete mode 100644 roles/openstack_helm_tempest/vars/main.yml delete mode 100644 roles/openstack_namespace/tasks/main.yml delete mode 100644 roles/openstacksdk/tasks/main.yml delete mode 100644 roles/openstacksdk/templates/clouds.yaml.j2 delete mode 100644 roles/percona_xtradb_cluster/meta/main.yml delete mode 100644 roles/percona_xtradb_cluster/tasks/main.yml delete mode 100644 roles/powerstore_csi/meta/main.yml delete mode 100644 roles/powerstore_csi/tasks/main.yml delete mode 100644 roles/prometheus_pushgateway/meta/main.yml delete mode 100644 roles/prometheus_pushgateway/tasks/main.yml delete mode 100644 roles/rabbitmq/meta/main.yml delete mode 100644 roles/rabbitmq/tasks/main.yml delete mode 100644 roles/rabbitmq_operator/meta/main.yml delete mode 100644 roles/rabbitmq_operator/tasks/main.yml delete mode 100644 setup.cfg delete mode 100644 setup.py delete mode 100644 tools/generate-galaxy-yml.py delete mode 100644 tox.ini delete mode 100644 zuul.d/github.yaml delete mode 100644 zuul.d/images-master.yaml delete mode 100644 zuul.d/images.yaml delete mode 100644 zuul.d/jobs.yaml delete mode 100644 zuul.d/playbooks/ansible-collection-atmosphere-build-images-manifest/pre-run.yml delete mode 100644 zuul.d/playbooks/ansible-collection-atmosphere-build-images-manifest/run.yml delete mode 100644 zuul.d/playbooks/ansible-collection-atmosphere-build-images/pre-run.yml delete mode 100644 zuul.d/playbooks/ansible-collection-atmosphere-build-images/run.yml delete mode 100644 zuul.d/playbooks/ansible-collection-atmosphere-build-wheels/post-run.yml delete mode 100644 zuul.d/playbooks/ansible-collection-atmosphere-build-wheels/pre-run.yml delete mode 100644 zuul.d/playbooks/ansible-collection-atmosphere-build-wheels/run.yml delete mode 100644 zuul.d/playbooks/ansible-collection-atmosphere-check-commit/run.yml delete mode 100644 zuul.d/playbooks/ansible-collection-atmosphere-merge-wheels/post-run.yml delete mode 100644 zuul.d/playbooks/ansible-collection-atmosphere-merge-wheels/run.yml delete mode 100644 zuul.d/playbooks/ansible-collection-atmosphere-tox-build/post-run.yml delete mode 100644 zuul.d/playbooks/ansible-collection-atmosphere-tox-molecule/cleanup-run.yml delete mode 100644 zuul.d/project.yaml delete mode 100644 zuul.d/secrets.yaml delete mode 100644 zuul.d/wheels-master.yaml delete mode 100644 zuul.d/wheels-wallaby.yaml delete mode 100644 zuul.d/wheels.yaml diff --git a/.ansible-lint b/.ansible-lint deleted file mode 100644 index 15fb549..0000000 --- a/.ansible-lint +++ /dev/null @@ -1,6 +0,0 @@ ---- -exclude_paths: - - roles/kube_prometheus_stack/files/ - -warn_list: - - yaml[line-length] diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 8d52391..0000000 --- a/.gitignore +++ /dev/null @@ -1,13 +0,0 @@ -.tox -.vscode -doc/build/* -doc/source/roles/*/defaults -molecule/default/group_vars/* -!molecule/default/group_vars/.gitkeep -!molecule/default/group_vars/all -molecule/default/group_vars/all/* -!molecule/default/group_vars/all/molecule.yml -molecule/default/host_vars/* -!molecule/default/host_vars/.gitkeep -galaxy.yml -*.tar.gz \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..0600d6a --- /dev/null +++ b/README.md @@ -0,0 +1,5 @@ +# Atmosphere + +This project is moved to [GitHub](https://github.com/vexxhost/atmosphere). + +For any further questions, please file an [issue on GitHub](https://github.com/vexxhost/atmosphere/issues). diff --git a/doc/requirements.txt b/doc/requirements.txt deleted file mode 100644 index e796768..0000000 --- a/doc/requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -ansible-core -sphinx -sphinx_rtd_theme -reno[sphinx] -https://github.com/ypid/yaml4rst/archive/master.tar.gz -https://github.com/debops/yaml2rst/archive/master.tar.gz \ No newline at end of file diff --git a/doc/source/_static/.gitkeep b/doc/source/_static/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/doc/source/_templates/yaml4rst/defaults_header.j2 b/doc/source/_templates/yaml4rst/defaults_header.j2 deleted file mode 100644 index b15a2e1..0000000 --- a/doc/source/_templates/yaml4rst/defaults_header.j2 +++ /dev/null @@ -1,11 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: \ No newline at end of file diff --git a/doc/source/conf.py b/doc/source/conf.py deleted file mode 100644 index ce1d48d..0000000 --- a/doc/source/conf.py +++ /dev/null @@ -1,110 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# -- Path setup -------------------------------------------------------------- - -# If extensions (or modules to document with autodoc) are in another directory, -# add these directories to sys.path here. If the directory is relative to the -# documentation root, use os.path.abspath to make it absolute, like shown here. -# -# import os -# import sys -# sys.path.insert(0, os.path.abspath('.')) - -# -- yaml2rst ---------------------------------------------------------------- -import os -import glob -import yaml2rst -from yaml4rst.reformatter import YamlRstReformatter -import pathlib - -for defaults_file in glob.glob("../../roles/*/defaults/main.yml"): - role_name = defaults_file.split("/")[-3] - - YamlRstReformatter._HEADER_END_LINES = { - 'yaml4rst': [ - '# Default variables', - '# :local:', - '# .. contents:: Sections', - '# .. include:: includes/all.rst', - '# .. include:: includes/role.rst', - '# .. include:: ../../../includes/global.rst', - '# -----------------', - ], - } - - reformatter = YamlRstReformatter( - preset='yaml4rst', - template_path=os.path.join( - os.path.abspath(os.path.dirname(__file__)), - '_templates', - ), - config={ - 'ansible_full_role_name': f"vexxhost.atmosphere.{role_name}", - 'ansible_role_name': role_name, - } - ) - reformatter.read_file(defaults_file) - reformatter.reformat() - reformatter.write_file( - output_file=defaults_file, - only_if_changed=True, - ) - - pathlib.Path(f"roles/{role_name}/defaults").mkdir(parents=True, exist_ok=True) - - rst_content = yaml2rst.convert_file( - defaults_file, - f"roles/{role_name}/defaults/main.rst", - strip_regex=r'\s*(:?\[{3}|\]{3})\d?$', - yaml_strip_regex=r'^\s{66,67}#\s\]{3}\d?$', - ) - - -# -- Project information ----------------------------------------------------- - -project = 'Atmosphere' -copyright = '2022, VEXXHOST, Inc.' -author = 'VEXXHOST, Inc.' - - -# -- General configuration --------------------------------------------------- - -# Add any Sphinx extension module names here, as strings. They can be -# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom -# ones. -extensions = [ - 'reno.sphinxext', -] - -# Add any paths that contain templates here, relative to this directory. -templates_path = ['_templates'] - -# List of patterns, relative to source directory, that match files and -# directories to ignore when looking for source files. -# This pattern also affects html_static_path and html_extra_path. -exclude_patterns = [] - - -# -- Options for HTML output ------------------------------------------------- - -# The theme to use for HTML and HTML Help pages. See the documentation for -# a list of builtin themes. -# -html_theme = 'sphinx_rtd_theme' - -# Add any paths that contain custom static files (such as style sheets) here, -# relative to this directory. They are copied after the builtin static files, -# so a file named "default.css" will overwrite the builtin "default.css". -html_static_path = ['_static'] diff --git a/doc/source/index.rst b/doc/source/index.rst deleted file mode 100644 index 2c4161f..0000000 --- a/doc/source/index.rst +++ /dev/null @@ -1,23 +0,0 @@ -.. Atmosphere documentation master file, created by - sphinx-quickstart on Sun Mar 13 17:40:34 2022. - You can adapt this file completely to your liking, but it should at least - contain the root `toctree` directive. - -Welcome to Atmosphere's documentation! -====================================== - -.. toctree:: - :maxdepth: 1 - :caption: Contents: - - user/index - roles/index - releasenotes - - -Indices and tables -================== - -* :ref:`genindex` -* :ref:`modindex` -* :ref:`search` diff --git a/doc/source/releasenotes.rst b/doc/source/releasenotes.rst deleted file mode 100644 index f182f00..0000000 --- a/doc/source/releasenotes.rst +++ /dev/null @@ -1,4 +0,0 @@ -Release Notes -============= - -.. release-notes:: \ No newline at end of file diff --git a/doc/source/roles/build_openstack_requirements/index.rst b/doc/source/roles/build_openstack_requirements/index.rst deleted file mode 100644 index bcdfa7e..0000000 --- a/doc/source/roles/build_openstack_requirements/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``build_openstack_requirements`` -================================ - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/ceph_csi_rbd/index.rst b/doc/source/roles/ceph_csi_rbd/index.rst deleted file mode 100644 index 4148d09..0000000 --- a/doc/source/roles/ceph_csi_rbd/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``csi`` -======= - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/ceph_mon/index.rst b/doc/source/roles/ceph_mon/index.rst deleted file mode 100644 index 3cdec24..0000000 --- a/doc/source/roles/ceph_mon/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``ceph_mon`` -============ - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/ceph_osd/index.rst b/doc/source/roles/ceph_osd/index.rst deleted file mode 100644 index 3591ee1..0000000 --- a/doc/source/roles/ceph_osd/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``ceph_osd`` -============ - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/ceph_repository/index.rst b/doc/source/roles/ceph_repository/index.rst deleted file mode 100644 index 090527f..0000000 --- a/doc/source/roles/ceph_repository/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``ceph_repository`` -=================== - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/cert_manager/index.rst b/doc/source/roles/cert_manager/index.rst deleted file mode 100644 index 81a18b8..0000000 --- a/doc/source/roles/cert_manager/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``cert_manager`` -================ - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/containerd/index.rst b/doc/source/roles/containerd/index.rst deleted file mode 100644 index 0ebf780..0000000 --- a/doc/source/roles/containerd/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``containerd`` -============== - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/csi/index.rst b/doc/source/roles/csi/index.rst deleted file mode 100644 index 3cf76af..0000000 --- a/doc/source/roles/csi/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``ceph_csi_rbd`` -================ - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/helm/index.rst b/doc/source/roles/helm/index.rst deleted file mode 100644 index 6c8de12..0000000 --- a/doc/source/roles/helm/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``helm`` -======== - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/index.rst b/doc/source/roles/index.rst deleted file mode 100644 index a55c879..0000000 --- a/doc/source/roles/index.rst +++ /dev/null @@ -1,11 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -Role reference -============== - -.. toctree:: - :maxdepth: 1 - :glob: - - */index diff --git a/doc/source/roles/ipmi_exporter/index.rst b/doc/source/roles/ipmi_exporter/index.rst deleted file mode 100644 index 28dbfba..0000000 --- a/doc/source/roles/ipmi_exporter/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``ipmi_exporter`` -================= - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/keepalived/index.rst b/doc/source/roles/keepalived/index.rst deleted file mode 100644 index de5844e..0000000 --- a/doc/source/roles/keepalived/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``keepalived`` -================ - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/kube_prometheus_stack/index.rst b/doc/source/roles/kube_prometheus_stack/index.rst deleted file mode 100644 index 3ed41da..0000000 --- a/doc/source/roles/kube_prometheus_stack/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``kube_prometheus_stack`` -========================= - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/kubernetes/index.rst b/doc/source/roles/kubernetes/index.rst deleted file mode 100644 index a8b9bcc..0000000 --- a/doc/source/roles/kubernetes/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``kubernetes`` -============== - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/openstack_cli/index.rst b/doc/source/roles/openstack_cli/index.rst deleted file mode 100644 index 246af3b..0000000 --- a/doc/source/roles/openstack_cli/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``openstack_cli`` -================= - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/openstack_exporter/index.rst b/doc/source/roles/openstack_exporter/index.rst deleted file mode 100644 index 9cedd84..0000000 --- a/doc/source/roles/openstack_exporter/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``openstack_exporter`` -====================== - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/openstack_helm_barbican/index.rst b/doc/source/roles/openstack_helm_barbican/index.rst deleted file mode 100644 index 7a449d8..0000000 --- a/doc/source/roles/openstack_helm_barbican/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``openstack_helm_barbican`` -=========================== - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/openstack_helm_cinder/index.rst b/doc/source/roles/openstack_helm_cinder/index.rst deleted file mode 100644 index f9fb91c..0000000 --- a/doc/source/roles/openstack_helm_cinder/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``openstack_helm_cinder`` -========================= - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/openstack_helm_endpoints/index.rst b/doc/source/roles/openstack_helm_endpoints/index.rst deleted file mode 100644 index aad51b7..0000000 --- a/doc/source/roles/openstack_helm_endpoints/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``openstack_helm_endpoints`` -============================ - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/openstack_helm_glance/index.rst b/doc/source/roles/openstack_helm_glance/index.rst deleted file mode 100644 index a9868c6..0000000 --- a/doc/source/roles/openstack_helm_glance/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``openstack_helm_glance`` -========================= - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/openstack_helm_heat/index.rst b/doc/source/roles/openstack_helm_heat/index.rst deleted file mode 100644 index c77c442..0000000 --- a/doc/source/roles/openstack_helm_heat/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``openstack_helm_heat`` -======================= - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/openstack_helm_horizon/index.rst b/doc/source/roles/openstack_helm_horizon/index.rst deleted file mode 100644 index c017ea4..0000000 --- a/doc/source/roles/openstack_helm_horizon/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``openstack_helm_horizon`` -========================== - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/openstack_helm_infra_ceph_provisioners/index.rst b/doc/source/roles/openstack_helm_infra_ceph_provisioners/index.rst deleted file mode 100644 index 83a0d64..0000000 --- a/doc/source/roles/openstack_helm_infra_ceph_provisioners/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``openstack_helm_infra_ceph_provisioners`` -========================================== - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/openstack_helm_infra_libvirt/index.rst b/doc/source/roles/openstack_helm_infra_libvirt/index.rst deleted file mode 100644 index 355ff12..0000000 --- a/doc/source/roles/openstack_helm_infra_libvirt/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``openstack_helm_infra_libvirt`` -================================ - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/openstack_helm_infra_memcached/index.rst b/doc/source/roles/openstack_helm_infra_memcached/index.rst deleted file mode 100644 index 8e39b8e..0000000 --- a/doc/source/roles/openstack_helm_infra_memcached/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``openstack_helm_infra_memcached`` -================================== - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/openstack_helm_infra_openvswitch/index.rst b/doc/source/roles/openstack_helm_infra_openvswitch/index.rst deleted file mode 100644 index 6f7e857..0000000 --- a/doc/source/roles/openstack_helm_infra_openvswitch/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``openstack_helm_infra_openvswitch`` -==================================== - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/openstack_helm_ingress/index.rst b/doc/source/roles/openstack_helm_ingress/index.rst deleted file mode 100644 index b068625..0000000 --- a/doc/source/roles/openstack_helm_ingress/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``openstack_helm_ingress`` -========================== - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/openstack_helm_keystone/index.rst b/doc/source/roles/openstack_helm_keystone/index.rst deleted file mode 100644 index bb37000..0000000 --- a/doc/source/roles/openstack_helm_keystone/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``openstack_helm_keystone`` -=========================== - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/openstack_helm_neutron/index.rst b/doc/source/roles/openstack_helm_neutron/index.rst deleted file mode 100644 index a84eff8..0000000 --- a/doc/source/roles/openstack_helm_neutron/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``openstack_helm_neutron`` -========================== - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/openstack_helm_nova/index.rst b/doc/source/roles/openstack_helm_nova/index.rst deleted file mode 100644 index 5fbfafb..0000000 --- a/doc/source/roles/openstack_helm_nova/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``openstack_helm_nova`` -======================= - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/openstack_helm_placement/index.rst b/doc/source/roles/openstack_helm_placement/index.rst deleted file mode 100644 index f5f67e3..0000000 --- a/doc/source/roles/openstack_helm_placement/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``openstack_helm_placement`` -============================ - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/openstack_helm_senlin/index.rst b/doc/source/roles/openstack_helm_senlin/index.rst deleted file mode 100644 index 982967e..0000000 --- a/doc/source/roles/openstack_helm_senlin/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``openstack_helm_senlin`` -========================= - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/roles/openstack_helm_tempest/index.rst b/doc/source/roles/openstack_helm_tempest/index.rst deleted file mode 100644 index 5a084e5..0000000 --- a/doc/source/roles/openstack_helm_tempest/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. Copyright (C) 2022 VEXXHOST, Inc. -.. SPDX-License-Identifier: Apache-2.0 - -``openstack_helm_tempest`` -============================ - -.. toctree:: - :maxdepth: 2 - - defaults/main \ No newline at end of file diff --git a/doc/source/user/index.rst b/doc/source/user/index.rst deleted file mode 100644 index de66057..0000000 --- a/doc/source/user/index.rst +++ /dev/null @@ -1,7 +0,0 @@ -User Guide -========== - -.. toctree:: - :maxdepth: 1 - - quickstart \ No newline at end of file diff --git a/doc/source/user/quickstart.rst b/doc/source/user/quickstart.rst deleted file mode 100644 index 01f0a15..0000000 --- a/doc/source/user/quickstart.rst +++ /dev/null @@ -1,99 +0,0 @@ -Quickstart -========== - -The quick start intends to provide the most near-production experience possible, -as it is architected purely towards production-only environments. In order to -get a quick production-ready experience of Atmosphere, you will need access to -an OpenStack cloud. - -The quick start is powered by Molecule and it is used in continuous integration -running against the VEXXHOST public cloud so that would be an easy target to -use to try it out. - -You will need the following quotas set up in your cloud account: - - * 8 instances - * 32 cores - * 128GB RAM - * 360GB storage - -These resources will be used to create a total of 8 instances broken up as -follows: - - * 3 Controller nodes - * 3 Ceph OSD nodes - * 2 Compute nodes - -First of all, you'll have to make sure you clone the repository locally to your -system with ``git`` by running the following command:: - - $ git clone https://opendev.org/vexxhost/ansible-collection-atmosphere - -You will need ``tox`` installed on your operating system. You will need to make -sure that you have the appropriate OpenStack environment variables set (such -as ``OS_CLOUD`` or ``OS_AUTH_URL``, etc.). You can also use the following -environment variables to tweak the behaviour of the Heat stack that is created: - -``ATMOSPHERE_STACK_NAME`` - The name of the Heat stack to be created (defaults to ``atmosphere``). - -``ATMOSPHERE_PUBLIC_NETWORK`` - The name of the public network to attach floating IPs from (defaults to - ``public``). - -``ATMOSPHERE_IMAGE`` - The name or UUID of the image to be used for deploying the instances ( - defaults to ``Ubuntu 20.04.3 LTS (x86_64) [2021-10-04]``). - -``ATMOSPHERE_INSTANCE_TYPE`` - The instance type used to deploy all of the different instances (defaults - to ``v3-standard-4``). - -``ATMOSPHERE_NAMESERVERS`` - A comma-separated list of nameservers to be used for the instances (defaults - to `1.1.1.1`). - -``ATMOSPHERE_USERNAME`` - The username what is used to login into the instances (defaults to ``ubuntu``). - -``ATMOSPHERE_DNS_SUFFIX_NAME`` - The DNS domainname that is used for the API and Horizon. (defaults - to ``nip.io``). - -``ATMOSPHERE_ACME_SERVER`` - The ACME server, currenly this is from Letsencrypt, with - StepCA from smallstep it is possible to run a internal ACME server. - The CA of that ACME server should be present in the instance image. - -Once you're ready to get started, you can run the following command to build -the Heat stack and :: - - $ tox -e molecule -- converge - -This will create a Heat stack with the name ``atmosphere`` and start deploying -the cloud. Once it's complete, you can login to any of the systems by using -the ``login`` sub-command. For exampel, to login to the first controller node, -you can run the following:: - - $ tox -e molecule -- login -h ctl1 - -In all the controllers, you will find an ``openrc`` file location inside the -``root`` account home directory, as well as the OpenStack client installed there -as well. You can use it by running the following after logging in:: - - $ source /root/openrc - $ openstack server list - -The Kubernetes administrator configuration will also be available on all of the -control plane nodes, you can simply use it by running ``kubectl`` commands on -any of the controllers as ``root``:: - - $ kubectl get nodes -owide - -Once you're done with your environment and you need to tear it down, you can -use the ``destroy`` sub-command:: - - $ tox -e molecule -- destroy - -For more information about the different commands used by Molecule, you can -refer to the Molecule documentation. diff --git a/docs/certificates.md b/docs/certificates.md deleted file mode 100644 index 7772774..0000000 --- a/docs/certificates.md +++ /dev/null @@ -1,60 +0,0 @@ -# Certificates - -## Using LetsEncrypt DNS challenges - -### RFC2136 - -If you have DNS server that supports RFC2136, you can use it to solve the DNS -challenges, you'll need to have the following information: - -- Email address -- Nameserver IP address -- TSIG Algorithm -- TSIG Key Name -- TSIG Key Secret - -You'll need to update your Ansible inventory to be the following: - -```yaml -cert_manager_issuer: - acme: - email: - privateKeySecretRef: - name: letsencrypt-prod - server: https://acme-v02.api.letsencrypt.org/directory - solvers: - - dns01: - rfc2136: - nameserver: : - tsigAlgorithm: - tsigKeyName: - tsigSecretSecretRef: - key: tsig-secret-key - name: tsig-secret -``` - -After you're done, you'll need to add a new secret to the Kubernetes cluster, -you will need to do it by using the following YAML file: - -```yaml -apiVersion: v1 -kind: Secret -metadata: - name: tsig-secret - namespace: openstack -type: Opaque -stringData: - tsig-secret-key: -``` - -## Using self-signed certificates - -If you are in an environment which does not have a trusted certificate authority -and it does not have access to the internet to be able to use LetsEncrypt, you -can use self-signed certificates by adding the following to your inventory: - -```yaml -cert_manager_issuer: - ca: - secretName: root-secret -``` diff --git a/docs/storage.md b/docs/storage.md deleted file mode 100644 index ece7a6a..0000000 --- a/docs/storage.md +++ /dev/null @@ -1,113 +0,0 @@ -# Storage - -## External storage - -When using an external storage platform, it's important to create to disable Ceph -globally by adding the following to your Ansible inventory: - -```yaml -atmosphere_ceph_enabled: false -``` - -### Dell PowerStore - -In order to be able to use Dell PowerStore, you'll need to make sure that you -setup the hosts inside of your storage array. You'll also need to make sure -that they are not inside a host group or otherwise individual attachments will -not work. - - - -### CSI - -You'll need to enable the Kubernetes cluster to use the PowerStore driver by -using adding the following YAML to your Ansible inventory: - -```yaml -csi_driver: powerstore -powerstore_csi_config: - arrays: - - endpoint: https:///api/rest - globalID: - username: - password: - skipCertificateValidation: true - isDefault: true - blockProtocol: # FC or iSCSI -``` - -### Glance - -Since Glance does not have a native PowerStore driver, you'll need to enable -the use of the Cinder driver by adding the following to your Ansible inventory: - -```yaml -openstack_helm_glance_values: - storage: cinder - conf: - glance: - glance_store: - stores: cinder - default_store: cinder -``` - -Please note that Glance images will not function until the Cinder service is -deployed. - -### Cinder - -You can enable the native PowerStore driver for Cinder with the following -configuration inside your Ansible inventory: - -```yaml -openstack_helm_cinder_values: - storage: powerstore - dependencies: - static: - api: - jobs: - - cinder-db-sync - - cinder-ks-user - - cinder-ks-endpoints - - cinder-rabbit-init - scheduler: - jobs: - - cinder-db-sync - - cinder-ks-user - - cinder-ks-endpoints - - cinder-rabbit-init - volume: - jobs: - - cinder-db-sync - - cinder-ks-user - - cinder-ks-endpoints - - cinder-rabbit-init - volume_usage_audit: - jobs: - - cinder-db-sync - - cinder-ks-user - - cinder-ks-endpoints - - cinder-rabbit-init - conf: - cinder: - DEFAULT: - enabled_backends: powerstore - default_volume_type: powerstore - backends: - rbd1: null - powerstore: - volume_backend_name: powerstore - volume_driver: cinder.volume.drivers.dell_emc.powerstore.driver.PowerStoreDriver - san_ip: - san_login: - san_password: - storage_protocol: # FC or iSCSI - manifests: - deployment_backup: true - job_backup_storage_init: true - job_storage_init: false -``` - -It's important to note that the configuration above will disable the Cinder -backup service. In the future, we'll update this sample configuration to use -the Cinder backup service. diff --git a/images/master.yml b/images/master.yml deleted file mode 100644 index 80357aa..0000000 --- a/images/master.yml +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -registry: us-docker.pkg.dev/vexxhost-infra/openstack - -projects: - tempest: - branch: master - revision: 44dac69eb77d78a0de8e68e63617099249345578 - tag: 30.1.0-5 - dist_packages: - - iputils-ping - pip_packages: - - keystone-tempest-plugin - - cinder-tempest-plugin - - neutron-tempest-plugin - - heat-tempest-plugin \ No newline at end of file diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml deleted file mode 100644 index 24b07ff..0000000 --- a/molecule/default/converge.yml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- import_playbook: vexxhost.atmosphere.site diff --git a/molecule/default/create.yml b/molecule/default/create.yml deleted file mode 100644 index ef20bdf..0000000 --- a/molecule/default/create.yml +++ /dev/null @@ -1,110 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- import_playbook: vexxhost.atmosphere.generate_workspace - vars: - workspace_path: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}" - domain_name: "{{ '{{' }} hostvars['ctl1']['ansible_host'].replace('.', '-') {{ '}}' }}.{{ lookup('env', 'ATMOSPHERE_DNS_SUFFIX_NAME') | default('nip.io', True) }}" - -- hosts: localhost - connection: local - gather_facts: false - no_log: "{{ molecule_no_log }}" - vars: - ssh_port: 22 - identity_file: "{{ lookup('env', 'MOLECULE_EPHEMERAL_DIRECTORY') }}/id_rsa" - - stack_name: "{{ lookup('env', 'ATMOSPHERE_STACK_NAME') | default('atmosphere', True) }}" - public_network: "{{ lookup('env', 'ATMOSPHERE_PUBLIC_NETWORK') | default('public', True) }}" - image: "{{ lookup('env', 'ATMOSPHERE_IMAGE') | default('Ubuntu 20.04.3 LTS (x86_64) [2021-10-04]', True) }}" - instance_type: "{{ lookup('env', 'ATMOSPHERE_INSTANCE_TYPE') | default('v3-standard-4', True) }}" - nameservers: "{{ lookup('env', 'ATMOSPHERE_NAMESERVERS') | default('1.1.1.1', True) }}" - boot_from_volume: "{{ lookup('env', 'ATMOSPHERE_BOOT_FROM_VOLUME') | bool }}" - tasks: - - name: create stack - openstack.cloud.stack: - name: "{{ stack_name }}" - template: heat/stack.yaml - parameters: - public_network: "{{ public_network }}" - image: "{{ image }}" - instance_type: "{{ instance_type }}" - nameservers: "{{ nameservers }}" - boot_from_volume: "{{ boot_from_volume }}" - register: _os_stack - - debug: - msg: "{{ _os_stack.stack }}" - - - name: grab list of all ip addresses - ansible.builtin.set_fact: - key_pair: "{{ _os_stack.stack.outputs | json_query(key_query) | first }}" - controller_ips: "{{ _os_stack.stack.outputs | community.general.json_query(controller_query) | first }}" - storage_ips: "{{ _os_stack.stack.outputs | community.general.json_query(storage_query) | first }}" - compute_ips: "{{ _os_stack.stack.outputs | community.general.json_query(compute_query) | first }}" - vars: - key_query: "[?output_key=='key_pair'].output_value" - controller_query: "[?output_key=='controller_floating_ip_addresses'].output_value" - storage_query: "[?output_key=='storage_floating_ip_addresses'].output_value" - compute_query: "[?output_key=='compute_floating_ip_addresses'].output_value" - - - name: wait for systems to go up - ansible.builtin.wait_for: - port: "22" - host: "{{ item }}" - search_regex: SSH - timeout: 600 - retries: 15 - delay: 10 - loop: "{{ controller_ips + storage_ips + compute_ips }}" - - - name: generate private key file - ansible.builtin.copy: - dest: "{{ identity_file }}" - content: "{{ key_pair }}" - mode: 0600 - - - name: generate instance config file - copy: - content: "{{ instance_config | to_yaml }}" - dest: "{{ molecule_instance_config }}" - vars: - base_instance_config: &instance_config - user: "{{ lookup('env', 'ATMOSPHERE_USERNAME') | default('ubuntu', True) }}" - port: "{{ ssh_port }}" - identity_file: "{{ identity_file }}" - instance_config: - - <<: *instance_config - instance: "ctl1" - address: "{{ controller_ips[0] }}" - - <<: *instance_config - instance: "ctl2" - address: "{{ controller_ips[1] }}" - - <<: *instance_config - instance: "ctl3" - address: "{{ controller_ips[2] }}" - - <<: *instance_config - instance: "nvme1" - address: "{{ storage_ips[0] }}" - - <<: *instance_config - instance: "nvme2" - address: "{{ storage_ips[1] }}" - - <<: *instance_config - instance: "nvme3" - address: "{{ storage_ips[2] }}" - - <<: *instance_config - instance: "kvm1" - address: "{{ compute_ips[0] }}" - - <<: *instance_config - instance: "kvm2" - address: "{{ compute_ips[1] }}" diff --git a/molecule/default/destroy.yml b/molecule/default/destroy.yml deleted file mode 100644 index 45b3601..0000000 --- a/molecule/default/destroy.yml +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- hosts: localhost - connection: local - gather_facts: false - no_log: "{{ molecule_no_log }}" - vars: - workspace_path: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}" - - stack_name: "{{ lookup('env', 'ATMOSPHERE_STACK_NAME') | default('atmosphere', True) }}" - tasks: - - os_stack: - name: "{{ stack_name }}" - state: absent - - - file: - path: "{{ molecule_instance_config }}" - state: absent - - - name: Capture var files to delete - find: - paths: - - "{{ workspace_path }}/group_vars" - - "{{ workspace_path }}/host_vars" - file_type: file - recurse: true - excludes: - - "molecule.yml" - register: _var_files - - - name: Delete var files - file: - path: "{{ item.path }}" - state: absent - with_items: "{{ _var_files['files'] }}" diff --git a/molecule/default/group_vars/.gitkeep b/molecule/default/group_vars/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/molecule/default/group_vars/all/molecule.yml b/molecule/default/group_vars/all/molecule.yml deleted file mode 100644 index 476079d..0000000 --- a/molecule/default/group_vars/all/molecule.yml +++ /dev/null @@ -1,12 +0,0 @@ -cert_manager_issuer: - ca: - secretName: root-secret - -openstack_helm_glance_images: - - name: cirros - source_url: http://download.cirros-cloud.net/0.5.1/ - image_file: cirros-0.5.1-x86_64-disk.img - min_disk: 1 - disk_format: qcow2 - container_format: bare - is_public: true diff --git a/molecule/default/heat/server.yaml b/molecule/default/heat/server.yaml deleted file mode 100644 index 7701528..0000000 --- a/molecule/default/heat/server.yaml +++ /dev/null @@ -1,168 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -heat_template_version: 2016-10-14 - -parameters: - name: - type: string - - index: - type: number - - image: - type: string - default: Ubuntu 20.04.3 LTS (x86_64) [2021-10-04] - constraints: - - custom_constraint: glance.image - - instance_type: - type: string - default: v3-standard-4 - constraints: - - custom_constraint: nova.flavor - - internal_network: - type: string - constraints: - - custom_constraint: neutron.network - - key_name: - type: string - constraints: - - custom_constraint: nova.keypair - - public_network: - type: string - default: public - constraints: - - custom_constraint: neutron.network - - external_network: - type: string - constraints: - - custom_constraint: neutron.network - - extra_volumes_count: - type: number - default: 0 - - extra_volumes_size: - type: number - default: 0 - - boot_volumes_size: - type: number - default: 40 - - boot_from_volume: - type: boolean - default: false - -conditions: - has_extra_volumes: - not: - equals: - - get_param: extra_volumes_count - - 0 - - is_boot_from_image: - equals: - - get_param: boot_from_volume - - false - - is_boot_from_volume: - equals: - - get_param: boot_from_volume - - true - -resources: - internal_port: - type: OS::Neutron::Port - properties: - network: { get_param: internal_network } - port_security_enabled: false - - floating_ip: - type: OS::Neutron::FloatingIP - properties: - floating_network: { get_param: public_network } - port_id: { get_resource: internal_port } - - external_port: - type: OS::Neutron::Port - properties: - network: { get_param: external_network } - port_security_enabled: false - - server_boot_from_image: - type: OS::Nova::Server - condition: is_boot_from_image - properties: - name: - yaql: - expression: concat($.data.name, str($.data.index + 1)) - data: - name: { get_param: name } - index: { get_param: index } - image: { get_param: image } - flavor: { get_param: instance_type } - key_name: { get_param: key_name } - config_drive: true - networks: - - port: { get_resource: internal_port } - - port: { get_resource: external_port } - - server_boot_from_volume: - type: OS::Nova::Server - condition: is_boot_from_volume - properties: - name: - yaql: - expression: concat($.data.name, str($.data.index + 1)) - data: - name: { get_param: name } - index: { get_param: index } - flavor: { get_param: instance_type } - key_name: { get_param: key_name } - config_drive: true - networks: - - port: { get_resource: internal_port } - - port: { get_resource: external_port } - block_device_mapping_v2: - - boot_index: 0 - volume_id: {get_resource: volume} - delete_on_termination: true - - volume: - type: OS::Cinder::Volume - condition: is_boot_from_volume - properties: - size: { get_param: boot_volumes_size } - image: { get_param: image } - - volumes: - type: OS::Heat::ResourceGroup - condition: has_extra_volumes - properties: - count: { get_param: extra_volumes_count } - resource_def: - type: volume.yaml - properties: - instance_uuid: {if: ["is_boot_from_volume", { get_resource: server_boot_from_volume }, { get_resource: server_boot_from_image } ]} - volume_size: { get_param: extra_volumes_size } - -outputs: - floating_ip_address: - value: { get_attr: [floating_ip, floating_ip_address] } diff --git a/molecule/default/heat/stack.yaml b/molecule/default/heat/stack.yaml deleted file mode 100644 index 7232cc0..0000000 --- a/molecule/default/heat/stack.yaml +++ /dev/null @@ -1,183 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -heat_template_version: 2016-10-14 - -parameters: - internal_cidr: - type: string - default: 10.96.240.0/24 - constraints: - - custom_constraint: net_cidr - - nameservers: - type: comma_delimited_list - - external_cidr: - type: string - default: 10.96.250.0/24 - constraints: - - custom_constraint: net_cidr - - public_network: - type: string - constraints: - - custom_constraint: neutron.network - - image: - type: string - constraints: - - custom_constraint: glance.image - - boot_from_volume: - type: boolean - default: false - - instance_type: - type: string - constraints: - - custom_constraint: nova.flavor - -resources: - router: - type: OS::Neutron::Router - properties: - external_gateway_info: - network: { get_param: public_network } - - internal_network: - type: OS::Neutron::Net - - internal_subnet: - type: OS::Neutron::Subnet - properties: - network: { get_resource: internal_network } - cidr: { get_param: internal_cidr } - dns_nameservers: { get_param: nameservers } - - internal_network_router_interface: - type: OS::Neutron::RouterInterface - properties: - router: { get_resource: router } - subnet: { get_resource: internal_subnet } - - internal_network_vip: - type: OS::Neutron::Port - properties: - network: { get_resource: internal_network } - - internal_network_vip_floating_ip: - type: OS::Neutron::FloatingIP - depends_on: - - internal_network_router_interface - properties: - floating_network: { get_param: public_network } - port_id: { get_resource: internal_network_vip } - - external_network: - type: OS::Neutron::Net - - external_subnet: - type: OS::Neutron::Subnet - properties: - network: { get_resource: external_network } - cidr: { get_param: external_cidr } - dns_nameservers: { get_param: nameservers } - gateway_ip: null - allocation_pools: - - start: 10.96.250.100 - end: 10.96.250.150 - - external_network_vip: - type: OS::Neutron::Port - properties: - network: { get_resource: external_network } - - key_pair: - type: OS::Nova::KeyPair - properties: - name: { get_param: OS::stack_id } - save_private_key: true - - controller: - type: OS::Heat::ResourceGroup - depends_on: - - internal_network_router_interface - properties: - count: 3 - resource_def: - type: server.yaml - properties: - name: ctl - index: "%index%" - image: { get_param: image } - instance_type: { get_param: instance_type } - key_name: { get_resource: key_pair } - internal_network: { get_resource: internal_network } - public_network: { get_param: public_network } - external_network: { get_resource: external_network } - boot_volumes_size: 40 - boot_from_volume: { get_param: boot_from_volume } - - storage: - type: OS::Heat::ResourceGroup - depends_on: - - internal_network_router_interface - properties: - count: 3 - resource_def: - type: server.yaml - properties: - name: nvme - index: "%index%" - image: { get_param: image } - instance_type: { get_param: instance_type } - key_name: { get_resource: key_pair } - internal_network: { get_resource: internal_network } - public_network: { get_param: public_network } - external_network: { get_resource: external_network } - extra_volumes_count: 3 - extra_volumes_size: 40 - boot_volumes_size: 40 - boot_from_volume: { get_param: boot_from_volume } - - compute: - type: OS::Heat::ResourceGroup - depends_on: - - internal_network_router_interface - properties: - count: 2 - resource_def: - type: server.yaml - properties: - name: kvm - index: "%index%" - image: { get_param: image } - instance_type: { get_param: instance_type } - key_name: { get_resource: key_pair } - internal_network: { get_resource: internal_network } - public_network: { get_param: public_network } - external_network: { get_resource: external_network } - boot_volumes_size: 40 - boot_from_volume: { get_param: boot_from_volume } - -outputs: - controller_floating_ip_addresses: - value: { get_attr: [controller, floating_ip_address] } - storage_floating_ip_addresses: - value: { get_attr: [storage, floating_ip_address] } - compute_floating_ip_addresses: - value: { get_attr: [compute, floating_ip_address] } - key_pair: - value: { get_attr: [key_pair, private_key] } diff --git a/molecule/default/heat/volume.yaml b/molecule/default/heat/volume.yaml deleted file mode 100644 index 75158f9..0000000 --- a/molecule/default/heat/volume.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -heat_template_version: 2016-10-14 - -parameters: - instance_uuid: - type: string - - volume_size: - type: number - -resources: - volume: - type: OS::Cinder::Volume - properties: - size: { get_param: volume_size } - - volume_attachment: - type: OS::Cinder::VolumeAttachment - properties: - instance_uuid: { get_param: instance_uuid } - volume_id: { get_resource: volume } diff --git a/molecule/default/host_vars/.gitkeep b/molecule/default/host_vars/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml deleted file mode 100644 index 78e4152..0000000 --- a/molecule/default/molecule.yml +++ /dev/null @@ -1,51 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -dependency: - name: galaxy -driver: - name: delegated -platforms: - - name: ctl1 - groups: &controller_groups - - controllers - - name: ctl2 - groups: *controller_groups - - name: ctl3 - groups: *controller_groups - - name: nvme1 - groups: &nvme_groups - - cephs - - name: nvme2 - groups: *nvme_groups - - name: nvme3 - groups: *nvme_groups - - name: kvm1 - groups: &kvm_groups - - computes - - name: kvm2 - groups: *kvm_groups -provisioner: - name: ansible - options: - inventory: "${MOLECULE_EPHEMERAL_DIRECTORY}/workspace" - config_options: - ssh_connection: - pipelining: true - inventory: - links: - host_vars: "${MOLECULE_SCENARIO_DIRECTORY}/host_vars" - group_vars: "${MOLECULE_SCENARIO_DIRECTORY}/group_vars" -verifier: - name: ansible diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml deleted file mode 100644 index 57f3b85..0000000 --- a/molecule/default/prepare.yml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- hosts: all - tasks: - # The apt module can not be used for this since it installs python-apt - # which can not work until this command fixes the cache. - - name: Update apt cache - become: yes - command: apt-get update diff --git a/molecule/default/requirements.txt b/molecule/default/requirements.txt deleted file mode 100644 index 1bcbc4b..0000000 --- a/molecule/default/requirements.txt +++ /dev/null @@ -1,3 +0,0 @@ -molecule==3.5.2 # https://github.com/ansible-community/molecule/issues/3435 -openstacksdk==0.61.0 -netaddr \ No newline at end of file diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml deleted file mode 100644 index 79bed89..0000000 --- a/molecule/default/verify.yml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- import_playbook: vexxhost.atmosphere.tempest diff --git a/playbooks/ceph.yml b/playbooks/ceph.yml deleted file mode 100644 index 6fb2c9c..0000000 --- a/playbooks/ceph.yml +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Setup Ceph repository - hosts: controllers:cephs - become: true - roles: - - role: ceph_repository - when: atmosphere_ceph_enabled | default(true) - -- name: Deploy Ceph monitors & managers - hosts: controllers - become: true - roles: - - role: ceph_mon - when: atmosphere_ceph_enabled | default(true) - - role: ceph_mgr - when: atmosphere_ceph_enabled | default(true) - -- name: Deploy Ceph OSDs - hosts: cephs - become: true - roles: - - role: ceph_osd - when: atmosphere_ceph_enabled | default(true) diff --git a/playbooks/cleanup.yml b/playbooks/cleanup.yml deleted file mode 100644 index 49031d4..0000000 --- a/playbooks/cleanup.yml +++ /dev/null @@ -1,35 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Clean-up legacy RabbitMQ cluster - hosts: controllers[0] - become: true - gather_facts: false - tasks: - - name: Delete the Helm release - kubernetes.core.helm: - name: rabbitmq - namespace: openstack - kubeconfig: /etc/kubernetes/admin.conf - state: absent - wait: true - - - name: Delete the PVCs - kubernetes.core.k8s: - state: absent - api_version: v1 - kind: PersistentVolumeClaim - namespace: openstack - name: "rabbitmq-data-rabbitmq-rabbitmq-{{ item }}" - loop: "{{ range(0, 3) | list }}" \ No newline at end of file diff --git a/playbooks/generate_workspace.yml b/playbooks/generate_workspace.yml deleted file mode 100644 index c072d94..0000000 --- a/playbooks/generate_workspace.yml +++ /dev/null @@ -1,431 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Generate workspace for Atmosphere - hosts: localhost - gather_facts: false - tasks: - - name: Create folders for workspace - ansible.builtin.file: - path: "{{ workspace_path }}/{{ item }}" - state: directory - loop: - - group_vars - - group_vars/all - - group_vars/controllers - - group_vars/cephs - - group_vars/computes - - host_vars - -- name: Generate Ceph control plane configuration for workspace - hosts: localhost - gather_facts: false - vars: - _ceph_path: "{{ workspace_path }}/group_vars/all/ceph.yml" - # Input variables - ceph_fsid: "{{ lookup('password', '/dev/null chars=ascii_letters,digits') | to_uuid }}" - ceph_public_network: 10.96.240.0/24 - tasks: - - name: Ensure the Ceph control plane configuration file exists - ansible.builtin.file: - path: "{{ _ceph_path }}" - state: touch - - - name: Load the current Ceph control plane configuration into a variable - ansible.builtin.include_vars: - file: "{{ _ceph_path }}" - name: ceph - - - name: Generate Ceph control plane values for missing variables - ansible.builtin.set_fact: - ceph: "{{ ceph | default({}) | combine({item.key: item.value}) }}" - # NOTE(mnaser): We don't want to override existing Ceph configurations, - # so we generate a stub one if and only if it doesn't exist - when: item.key not in ceph - # NOTE(mnaser): This is absolutely hideous but there's no clean way of - # doing this using `with_fileglob` or `with_filetree` - with_dict: - ceph_mon_fsid: "{{ ceph_fsid }}" - ceph_mon_public_network: "{{ ceph_public_network }}" - - - name: Write new Ceph control plane configuration file to disk - ansible.builtin.copy: - content: "{{ ceph | to_nice_yaml(indent=2, width=180) }}" - dest: "{{ _ceph_path }}" - -- name: Generate Ceph OSD configuration for workspace - hosts: localhost - gather_facts: false - vars: - _ceph_osd_path: "{{ workspace_path }}/group_vars/cephs/osds.yml" - tasks: - - name: Ensure the Ceph OSDs configuration file exists - ansible.builtin.file: - path: "{{ _ceph_osd_path }}" - state: touch - - - name: Load the current Ceph OSDs configuration into a variable - ansible.builtin.include_vars: - file: "{{ _ceph_osd_path }}" - name: ceph_osd - - - name: Generate Ceph OSDs values for missing variables - ansible.builtin.set_fact: - ceph_osd: "{{ ceph_osd | default({}) | combine({item.key: item.value}) }}" - # NOTE(mnaser): We don't want to override existing Ceph configurations, - # so we generate a stub one if and only if it doesn't exist - when: item.key not in ceph_osd - # NOTE(mnaser): This is absolutely hideous but there's no clean way of - # doing this using `with_fileglob` or `with_filetree` - with_dict: - ceph_osd_devices: - - /dev/vdb - - /dev/vdc - - /dev/vdd - - - name: Write new Ceph OSDs configuration file to disk - ansible.builtin.copy: - content: "{{ ceph_osd | to_nice_yaml(indent=2, width=180) }}" - dest: "{{ _ceph_osd_path }}" - -- name: Generate Kubernetes configuration for workspace - hosts: localhost - gather_facts: false - vars: - _kubernetes_path: "{{ workspace_path }}/group_vars/all/kubernetes.yml" - tasks: - - name: Ensure the Kubernetes configuration file exists - ansible.builtin.file: - path: "{{ _kubernetes_path }}" - state: touch - - - name: Load the current Kubernetes configuration into a variable - ansible.builtin.include_vars: - file: "{{ _kubernetes_path }}" - name: kubernetes - - - name: Generate Kubernetes values for missing variables - ansible.builtin.set_fact: - kubernetes: "{{ kubernetes | default({}) | combine({item.key: item.value}) }}" - # NOTE(mnaser): We don't want to override existing Ceph configurations, - # so we generate a stub one if and only if it doesn't exist - when: item.key not in kubernetes - # NOTE(mnaser): This is absolutely hideous but there's no clean way of - # doing this using `with_fileglob` or `with_filetree` - with_dict: - kubernetes_hostname: 10.96.240.10 - kubernetes_keepalived_vrid: 42 - kubernetes_keepalived_interface: ens3 - kubernetes_keepalived_vip: 10.96.240.10 - - - name: Write new Kubernetes configuration file to disk - ansible.builtin.copy: - content: "{{ kubernetes | to_nice_yaml(indent=2, width=180) }}" - dest: "{{ _kubernetes_path }}" - -- name: Generate Keepalived configuration for workspace - hosts: localhost - gather_facts: false - vars: - _keepalived_path: "{{ workspace_path }}/group_vars/all/keepalived.yml" - tasks: - - name: Ensure the Keeaplived configuration file exists - ansible.builtin.file: - path: "{{ _keepalived_path }}" - state: touch - - - name: Load the current Keepalived configuration into a variable - ansible.builtin.include_vars: - file: "{{ _keepalived_path }}" - name: keepalived - - - name: Generate Keepalived values for missing variables - ansible.builtin.set_fact: - keepalived: "{{ keepalived | default({}) | combine({item.key: item.value}) }}" - # NOTE(mnaser): We don't want to override existing Keepalived configurations, - # so we generate a stub one if and only if it doesn't exist - when: item.key not in keepalived - # NOTE(mnaser): This is absolutely hideous but there's no clean way of - # doing this using `with_fileglob` or `with_filetree` - with_dict: - keepalived_interface: br-ex - keepalived_vip: 10.96.250.10 - - - name: Write new Keepalived configuration file to disk - ansible.builtin.copy: - content: "{{ keepalived | to_nice_yaml(indent=2, width=180) }}" - dest: "{{ _keepalived_path }}" - -- name: Generate endpoints for workspace - hosts: localhost - gather_facts: false - vars: - _endpoints_path: "{{ workspace_path }}/group_vars/all/endpoints.yml" - # Input variables - region_name: RegionOne - domain_name: vexxhost.cloud - tasks: - - name: Ensure the endpoints file exists - ansible.builtin.file: - path: "{{ _endpoints_path }}" - state: touch - - - name: Load the current endpoints into a variable - ansible.builtin.include_vars: - file: "{{ _endpoints_path }}" - name: endpoints - - - name: Generate endpoint skeleton for missing variables - ansible.builtin.set_fact: - endpoints: | - {{ - endpoints | - default({}) | - combine({item: default_map[item]}) - }} - # NOTE(mnaser): We don't want to override existing endpoints, so we generate - # a stub one if and only if it doesn't exist - when: item not in endpoints - # NOTE(mnaser): This is absolutely hideous but there's no clean way of - # doing this using `with_fileglob` or `with_filetree` - with_lines: > - ls {{ playbook_dir }}/../roles/*/defaults/main.yml | - xargs grep undef | - egrep '(_host|region_name)' | - cut -d':' -f2 - # NOTE(mnaser): We use these variables to generate map of service name to - # service type in order to generate the URLs - vars: - default_map: - openstack_helm_endpoints_region_name: "{{ region_name }}" - openstack_helm_endpoints_barbican_api_host: "key-manager.{{ domain_name }}" - openstack_helm_endpoints_cinder_api_host: "volume.{{ domain_name }}" - openstack_helm_endpoints_designate_api_host: "dns.{{ domain_name }}" - openstack_helm_endpoints_glance_api_host: "image.{{ domain_name }}" - openstack_helm_endpoints_heat_api_host: "orchestration.{{ domain_name }}" - openstack_helm_endpoints_heat_cfn_api_host: "cloudformation.{{ domain_name }}" - openstack_helm_endpoints_horizon_api_host: "dashboard.{{ domain_name }}" - openstack_helm_endpoints_ironic_api_host: "baremetal.{{ domain_name }}" - openstack_helm_endpoints_keystone_api_host: "identity.{{ domain_name }}" - openstack_helm_endpoints_neutron_api_host: "network.{{ domain_name }}" - openstack_helm_endpoints_nova_api_host: "compute.{{ domain_name }}" - openstack_helm_endpoints_nova_novnc_host: "vnc.{{ domain_name }}" - openstack_helm_endpoints_octavia_api_host: "load-balancer.{{ domain_name }}" - openstack_helm_endpoints_placement_api_host: "placement.{{ domain_name }}" - openstack_helm_endpoints_senlin_api_host: "clustering.{{ domain_name }}" - - - name: Write new endpoints file to disk - ansible.builtin.copy: - content: "{{ endpoints | to_nice_yaml(indent=2, width=180) }}" - dest: "{{ _endpoints_path }}" - - - name: Ensure the endpoints file exists - ansible.builtin.file: - path: "{{ _endpoints_path }}" - state: touch - -- name: Generate Neutron configuration for workspace - hosts: localhost - gather_facts: false - vars: - _neutron_path: "{{ workspace_path }}/group_vars/all/neutron.yml" - # Input variables - tasks: - - name: Ensure the Neutron configuration file exists - ansible.builtin.file: - path: "{{ _neutron_path }}" - state: touch - - - name: Load the current Neutron configuration into a variable - ansible.builtin.include_vars: - file: "{{ _neutron_path }}" - name: neutron - - - name: Generate Neutron values for missing variables - ansible.builtin.set_fact: - neutron: "{{ neutron | default({}) | combine({item.key: item.value}) }}" - # NOTE(mnaser): We don't want to override existing Ceph configurations, - # so we generate a stub one if and only if it doesn't exist - when: item.key not in neutron - with_dict: - openstack_helm_neutron_values: - conf: - auto_bridge_add: - br-ex: ens4 - openstack_helm_neutron_networks: - - name: public - external: true - shared: true - mtu_size: 1500 - port_security_enabled: true - provider_network_type: flat - provider_physical_network: external - subnets: - - name: public-subnet - cidr: 10.96.250.0/24 - gateway_ip: 10.96.250.10 - allocation_pool_start: 10.96.250.200 - allocation_pool_end: 10.96.250.220 - enable_dhcp: true - - - name: Write new Neutron configuration file to disk - ansible.builtin.copy: - content: "{{ neutron | to_nice_yaml(indent=2, width=180) }}" - dest: "{{ _neutron_path }}" - -- name: Generate Nova configuration for workspace - hosts: localhost - gather_facts: false - vars: - _nova_path: "{{ workspace_path }}/group_vars/all/nova.yml" - # Input variables - tasks: - - name: Ensure the Nova configuration file exists - ansible.builtin.file: - path: "{{ _nova_path }}" - state: touch - - - name: Load the current Nova configuration into a variable - ansible.builtin.include_vars: - file: "{{ _nova_path }}" - name: nova - - - name: Generate Nova values for missing variables - ansible.builtin.set_fact: - nova: "{{ nova | default({}) | combine({item.key: item.value}) }}" - # NOTE(mnaser): We don't want to override existing Nova configurations, - # so we generate a stub one if and only if it doesn't exist - when: item.key not in nova - with_dict: - openstack_helm_nova_flavors: - - name: m1.tiny - ram: 512 - disk: 1 - vcpus: 1 - - name: m1.small - ram: 2048 - disk: 20 - vcpus: 1 - - name: "m1.medium" - ram: 4096 - disk: 40 - vcpus: 2 - - name: "m1.large" - ram: 8192 - disk: 80 - vcpus: 4 - - name: "m1.xlarge" - ram: 16384 - disk: 160 - vcpus: 8 - - - name: Write new Nova configuration file to disk - ansible.builtin.copy: - content: "{{ nova | to_nice_yaml(indent=2, width=180) }}" - dest: "{{ _nova_path }}" - -- name: Generate secrets for workspace - hosts: localhost - gather_facts: false - vars: - secrets_path: "{{ workspace_path }}/group_vars/all/secrets.yml" - tasks: - - name: Ensure the secrets file exists - ansible.builtin.file: - path: "{{ secrets_path }}" - state: touch - - - name: Load the current secrets into a variable - ansible.builtin.include_vars: - file: "{{ secrets_path }}" - name: secrets - - - name: Generate secrets for missing variables - ansible.builtin.set_fact: - secrets: "{{ secrets | default({}) | combine({item: lookup('password', '/dev/null chars=ascii_lowercase,ascii_uppercase,digits length=32')}) }}" - # NOTE(mnaser): We don't want to override existing secrets, so we generate - # a new one if and only if it doesn't exist - when: item not in secrets - # NOTE(mnaser): This is absolutely hideous but there's no clean way of - # doing this using `with_fileglob` or `with_filetree` - with_lines: > - ls {{ playbook_dir }}/../roles/*/defaults/main.yml | - xargs grep undef | - egrep -v '(_host|region_name|_ssh_key|_vip|_interface|_kek)' | - cut -d':' -f2 - - - name: Generate base64 encoded secrets - ansible.builtin.set_fact: - secrets: "{{ secrets | default({}) | combine({item: lookup('password', '/dev/null chars=ascii_lowercase,ascii_uppercase,digits length=32') | b64encode}) }}" - # NOTE(mnaser): We don't want to override existing secrets, so we generate - # a new one if and only if it doesn't exist - when: item not in secrets - # NOTE(mnaser): This is absolutely hideous but there's no clean way of - # doing this using `with_fileglob` or `with_filetree` - with_lines: > - ls {{ playbook_dir }}/../roles/*/defaults/main.yml | - xargs grep undef | - egrep '(_kek)' | - cut -d':' -f2 - - - name: Generate temporary files for generating keys for missing variables - ansible.builtin.tempfile: - state: file - prefix: "{{ item }}" - register: _ssh_key_file - # NOTE(mnaser): We don't want to override existing secrets, so we generate - # a new one if and only if it doesn't exist - when: item not in secrets - # NOTE(mnaser): This is absolutely hideous but there's no clean way of - # doing this using `with_fileglob` or `with_filetree` - with_lines: > - ls {{ playbook_dir }}/../roles/*/defaults/main.yml | - xargs grep undef | - egrep '(_ssh_key)' | - cut -d':' -f2 - - - name: Generate SSH keys for missing variables - community.crypto.openssh_keypair: - path: "{{ item.path }}" - regenerate: full_idempotence - register: _openssh_keypair - loop: "{{ _ssh_key_file.results }}" - loop_control: - label: "{{ item.item }}" - - - name: Set values for SSH keys - ansible.builtin.set_fact: - secrets: "{{ secrets | default({}) | combine({item.item: lookup('file', item.path)}) }}" - loop: "{{ _ssh_key_file.results }}" - loop_control: - label: "{{ item.item }}" - - - name: Delete the temporary files generated for SSH keys - ansible.builtin.file: - path: "{{ item.path }}" - state: absent - loop: "{{ _ssh_key_file.results }}" - loop_control: - label: "{{ item.item }}" - - - name: Write new secrets file to disk - ansible.builtin.copy: - content: "{{ secrets | to_nice_yaml }}" - dest: "{{ secrets_path }}" - - - name: Encrypt secrets file with Vault password - ansible.builtin.shell: - ansible-vault encrypt --vault-password-file {{ secrets_vault_password_file }} {{ secrets_path }} - when: - - secrets_vault_password_file is defined diff --git a/playbooks/kubernetes.yml b/playbooks/kubernetes.yml deleted file mode 100644 index dbad10f..0000000 --- a/playbooks/kubernetes.yml +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- hosts: all - become: true - roles: - - role: containerd - - role: kubernetes - -- hosts: controllers - become: true - roles: - - helm diff --git a/playbooks/openstack.yml b/playbooks/openstack.yml deleted file mode 100644 index 29b21c6..0000000 --- a/playbooks/openstack.yml +++ /dev/null @@ -1,149 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- hosts: controllers[0] - gather_facts: false - become: true - roles: - - role: cilium - tags: - - cilium - -- hosts: controllers - gather_facts: false - become: true - roles: - - role: flux - tags: - - flux - -- hosts: controllers[0] - gather_facts: false - become: true - roles: - - role: csi - tags: - - csi - - - role: kube_prometheus_stack - tags: - - kube-prometheus-stack - - - role: node_feature_discovery - tags: - - node-feature-discovery - - - role: ipmi_exporter - tags: - - ipmi-exporter - - - role: prometheus_pushgateway - tags: - - prometheus-pushgateway - - - role: openstack_namespace - tags: - - openstack-namespace - - - role: ingress_nginx - tags: - - ingress-nginx - - - role: cert_manager - tags: - - cert-manager - - - role: keepalived - tags: - - keepalived - - - role: percona_xtradb_cluster - tags: - - percona-xtradb-cluster - - - role: openstack_helm_infra_memcached - tags: - - openstack-helm-infra-memcached - - - role: rabbitmq_operator - tags: - - rabbitmq-operator - - - role: openstack_helm_keystone - tags: - - openstack-helm-keystone - - - role: openstack_helm_barbican - tags: - - openstack-helm-barbican - - - role: openstack_helm_infra_ceph_provisioners - when: atmosphere_ceph_enabled | default(true) - tags: - - openstack-helm-infra-ceph-provisioners - - - role: openstack_helm_glance - tags: - - openstack-helm-glance - - - role: openstack_helm_cinder - tags: - - openstack-helm-cinder - - - role: openstack_helm_placement - tags: - - openstack-helm-placement - - - role: openstack_helm_infra_openvswitch - tags: - - openstack-helm-infra-openvswitch - - - role: openstack_helm_infra_libvirt - tags: - - openstack-helm-infra-libvirt - - - role: coredns - tags: - - coredns - - - role: openstack_helm_neutron - tags: - - openstack-helm-neutron - - - role: openstack_helm_nova - tags: - - openstack-helm-nova - - - role: openstack_helm_senlin - tags: - - openstack-helm-senlin - - - role: openstack_helm_heat - tags: - - openstack-helm-heat - - - role: openstack_helm_horizon - tags: - - openstack-helm-horizon - - - role: openstack_exporter - tags: - - openstack-exporter - -- hosts: controllers - gather_facts: false - roles: - - role: openstack_cli - tags: - - openstack-cli diff --git a/playbooks/site.yml b/playbooks/site.yml deleted file mode 100644 index f1eaefb..0000000 --- a/playbooks/site.yml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- import_playbook: vexxhost.atmosphere.ceph -- import_playbook: vexxhost.atmosphere.kubernetes -- import_playbook: vexxhost.atmosphere.openstack -- import_playbook: vexxhost.atmosphere.cleanup \ No newline at end of file diff --git a/playbooks/tempest.yml b/playbooks/tempest.yml deleted file mode 100644 index c633817..0000000 --- a/playbooks/tempest.yml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- hosts: controllers[0] - gather_facts: false - become: true - roles: - - role: openstack_helm_tempest - tags: - - openstack-helm-tempest diff --git a/plugins/module_utils/ca_common.py b/plugins/module_utils/ca_common.py deleted file mode 100644 index 380463b..0000000 --- a/plugins/module_utils/ca_common.py +++ /dev/null @@ -1,114 +0,0 @@ -import os -import datetime - - -def generate_ceph_cmd(sub_cmd, args, user_key=None, cluster='ceph', user='client.admin', container_image=None, interactive=False): - ''' - Generate 'ceph' command line to execute - ''' - - if not user_key: - user_key = '/etc/ceph/{}.{}.keyring'.format(cluster, user) - - cmd = pre_generate_ceph_cmd( - container_image=container_image, interactive=interactive) - - base_cmd = [ - '-n', - user, - '-k', - user_key, - '--cluster', - cluster - ] - base_cmd.extend(sub_cmd) - cmd.extend(base_cmd + args) - - return cmd - - -def container_exec(binary, container_image, interactive=False): - ''' - Build the docker CLI to run a command inside a container - ''' - - container_binary = os.getenv('CEPH_CONTAINER_BINARY') - command_exec = [container_binary, 'run'] - - if interactive: - command_exec.extend(['--interactive']) - - command_exec.extend(['--rm', - '--net=host', - '-v', '/etc/ceph:/etc/ceph:z', - '-v', '/var/lib/ceph/:/var/lib/ceph/:z', - '-v', '/var/log/ceph/:/var/log/ceph/:z', - '--entrypoint=' + binary, container_image]) - return command_exec - - -def is_containerized(): - ''' - Check if we are running on a containerized cluster - ''' - - if 'CEPH_CONTAINER_IMAGE' in os.environ: - container_image = os.getenv('CEPH_CONTAINER_IMAGE') - else: - container_image = None - - return container_image - - -def pre_generate_ceph_cmd(container_image=None, interactive=False): - ''' - Generate ceph prefix comaand - ''' - if container_image: - cmd = container_exec('ceph', container_image, interactive=interactive) - else: - cmd = ['ceph'] - - return cmd - - -def exec_command(module, cmd, stdin=None): - ''' - Execute command(s) - ''' - - binary_data = False - if stdin: - binary_data = True - rc, out, err = module.run_command(cmd, data=stdin, binary_data=binary_data) - - return rc, cmd, out, err - - -def exit_module(module, out, rc, cmd, err, startd, changed=False, diff=dict(before="", after="")): - endd = datetime.datetime.now() - delta = endd - startd - - result = dict( - cmd=cmd, - start=str(startd), - end=str(endd), - delta=str(delta), - rc=rc, - stdout=out.rstrip("\r\n"), - stderr=err.rstrip("\r\n"), - changed=changed, - diff=diff - ) - module.exit_json(**result) - - -def fatal(message, module): - ''' - Report a fatal error and exit - ''' - - if module: - module.fail_json(msg=message, rc=1) - else: - raise(Exception(message)) diff --git a/plugins/modules/ceph_config.py b/plugins/modules/ceph_config.py deleted file mode 100644 index 0c7a183..0000000 --- a/plugins/modules/ceph_config.py +++ /dev/null @@ -1,43 +0,0 @@ -#!/usr/bin/python3 - -from ansible.module_utils.basic import AnsibleModule - -def run_module(): - module_args = dict( - who=dict(type='str', required=True), - name=dict(type='str', required=True), - value=dict(type='str', required=True), - ) - - module = AnsibleModule( - argument_spec=module_args, - supports_check_mode=True - ) - - who = module.params['who'] - name = module.params['name'] - value = module.params['value'] - - changed = False - - _, out, _ = module.run_command( - ['ceph', 'config', 'get', who, name], check_rc=True - ) - - if out.strip() != value: - changed = True - - if not module.check_mode: - _, _, _ = module.run_command( - ['ceph', 'config', 'set', who, name, value], check_rc=True - ) - - module.exit_json(changed=changed) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() \ No newline at end of file diff --git a/plugins/modules/ceph_key.py b/plugins/modules/ceph_key.py deleted file mode 100644 index 437a0d3..0000000 --- a/plugins/modules/ceph_key.py +++ /dev/null @@ -1,692 +0,0 @@ -#!/usr/bin/python3 - -# Copyright 2018, Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -from __future__ import absolute_import, division, print_function -__metaclass__ = type - -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.vexxhost.atmosphere.plugins.module_utils.ca_common import generate_ceph_cmd, \ - is_containerized, \ - container_exec, \ - fatal - -import datetime -import json -import os -import struct -import time -import base64 -import socket - - -ANSIBLE_METADATA = { - 'metadata_version': '1.1', - 'status': ['preview'], - 'supported_by': 'community' -} - -DOCUMENTATION = ''' ---- -module: ceph_key - -author: Sebastien Han - -short_description: Manage Cephx key(s) - -version_added: "2.6" - -description: - - Manage CephX creation, deletion and updates. - It can also list and get information about keyring(s). -options: - cluster: - description: - - The ceph cluster name. - required: false - default: ceph - name: - description: - - name of the CephX key - required: true - user: - description: - - entity used to perform operation. - It corresponds to the -n option (--name) - required: false - user_key: - description: - - the path to the keyring corresponding to the - user being used. - It corresponds to the -k option (--keyring) - state: - description: - - If 'present' is used, the module creates a keyring - with the associated capabilities. - If 'present' is used and a secret is provided the module - will always add the key. Which means it will update - the keyring if the secret changes, the same goes for - the capabilities. - If 'absent' is used, the module will simply delete the keyring. - If 'list' is used, the module will list all the keys and will - return a json output. - If 'info' is used, the module will return in a json format the - description of a given keyring. - If 'generate_secret' is used, the module will simply output a cephx keyring. - required: false - choices: ['present', 'update', 'absent', 'list', 'info', 'fetch_initial_keys', 'generate_secret'] - default: present - caps: - description: - - CephX key capabilities - default: None - required: false - secret: - description: - - keyring's secret value - required: false - default: None - import_key: - description: - - Wether or not to import the created keyring into Ceph. - This can be useful for someone that only wants to generate keyrings - but not add them into Ceph. - required: false - default: True - dest: - description: - - Destination to write the keyring, can a file or a directory - required: false - default: /etc/ceph/ - fetch_initial_keys: - description: - - Fetch client.admin and bootstrap key. - This is only needed for Nautilus and above. - Writes down to the filesystem the initial keys generated by the monitor. # noqa: E501 - This command can ONLY run from a monitor node. - required: false - default: false - output_format: - description: - - The key output format when retrieving the information of an - entity. - required: false - default: json -''' - -EXAMPLES = ''' - -keys_to_create: - - { name: client.key, key: "AQAin8tUUK84ExAA/QgBtI7gEMWdmnvKBzlXdQ==", caps: { mon: "allow rwx", mds: "allow *" } , mode: "0600" } # noqa: E501 - - { name: client.cle, caps: { mon: "allow r", osd: "allow *" } , mode: "0600" } # noqa: E501 - -caps: - mon: "allow rwx" - mds: "allow *" - -- name: create ceph admin key - ceph_key: - name: client.admin - state: present - secret: AQAin8tU2DsKFBAAFIAzVTzkL3+gtAjjpQiomw== - caps: - mon: allow * - osd: allow * - mgr: allow * - mds: allow - mode: 0400 - import_key: False - -- name: create monitor initial keyring - ceph_key: - name: mon. - state: present - secret: AQAin8tUMICVFBAALRHNrV0Z4MXupRw4v9JQ6Q== - caps: - mon: allow * - dest: "/var/lib/ceph/tmp/" - import_key: False - -- name: create cephx key - ceph_key: - name: "{{ keys_to_create }}" - user: client.bootstrap-rgw - user_key: /var/lib/ceph/bootstrap-rgw/ceph.keyring - state: present - caps: "{{ caps }}" - -- name: create cephx key but don't import it in Ceph - ceph_key: - name: "{{ keys_to_create }}" - state: present - caps: "{{ caps }}" - import_key: False - -- name: delete cephx key - ceph_key: - name: "my_key" - state: absent - -- name: info cephx key - ceph_key: - name: "my_key"" - state: info - -- name: info cephx admin key (plain) - ceph_key: - name: client.admin - output_format: plain - state: info - register: client_admin_key - -- name: list cephx keys - ceph_key: - state: list - -- name: fetch cephx keys - ceph_key: - state: fetch_initial_keys -''' - -RETURN = '''# ''' - - -CEPH_INITIAL_KEYS = ['client.admin', 'client.bootstrap-mds', 'client.bootstrap-mgr', # noqa: E501 - 'client.bootstrap-osd', 'client.bootstrap-rbd', 'client.bootstrap-rbd-mirror', 'client.bootstrap-rgw'] # noqa: E501 - - -def str_to_bool(val): - try: - val = val.lower() - except AttributeError: - val = str(val).lower() - if val == 'true': - return True - elif val == 'false': - return False - else: - raise ValueError("Invalid input value: %s" % val) - - -def generate_secret(): - ''' - Generate a CephX secret - ''' - - key = os.urandom(16) - header = struct.pack(' - -short_description: Manage Ceph Pools - -version_added: "2.8" - -description: - - Manage Ceph pool(s) creation, deletion and updates. -options: - cluster: - description: - - The ceph cluster name. - required: false - default: ceph - name: - description: - - name of the Ceph pool - required: true - state: - description: - If 'present' is used, the module creates a pool if it doesn't exist - or update it if it already exists. - If 'absent' is used, the module will simply delete the pool. - If 'list' is used, the module will return all details about the - existing pools. (json formatted). - required: false - choices: ['present', 'absent', 'list'] - default: present - size: - description: - - set the replica size of the pool. - required: false - default: 3 - min_size: - description: - - set the min_size parameter of the pool. - required: false - default: default to `osd_pool_default_min_size` (ceph) - pg_num: - description: - - set the pg_num of the pool. - required: false - default: default to `osd_pool_default_pg_num` (ceph) - pgp_num: - description: - - set the pgp_num of the pool. - required: false - default: default to `osd_pool_default_pgp_num` (ceph) - pg_autoscale_mode: - description: - - set the pg autoscaler on the pool. - required: false - default: 'on' - target_size_ratio: - description: - - set the target_size_ratio on the pool - required: false - default: None - pool_type: - description: - - set the pool type, either 'replicated' or 'erasure' - required: false - default: 'replicated' - erasure_profile: - description: - - When pool_type = 'erasure', set the erasure profile of the pool - required: false - default: 'default' - rule_name: - description: - - Set the crush rule name assigned to the pool - required: false - default: 'replicated_rule' when pool_type is 'erasure' else None - expected_num_objects: - description: - - Set the expected_num_objects parameter of the pool. - required: false - default: '0' - application: - description: - - Set the pool application on the pool. - required: false - default: None -''' - -EXAMPLES = ''' - -pools: - - { name: foo, size: 3, application: rbd, pool_type: 'replicated', - pg_autoscale_mode: 'on' } - -- hosts: all - become: true - tasks: - - name: create a pool - ceph_pool: - name: "{{ item.name }}" - state: present - size: "{{ item.size }}" - application: "{{ item.application }}" - pool_type: "{{ item.pool_type }}" - pg_autoscale_mode: "{{ item.pg_autoscale_mode }}" - with_items: "{{ pools }}" -''' - -RETURN = '''# ''' - - -def check_pool_exist(cluster, - name, - user, - user_key, - output_format='json', - container_image=None): - ''' - Check if a given pool exists - ''' - - args = ['stats', name, '-f', output_format] - - cmd = generate_ceph_cmd(sub_cmd=['osd', 'pool'], - args=args, - cluster=cluster, - user=user, - user_key=user_key, - container_image=container_image) - - return cmd - - -def generate_get_config_cmd(param, - cluster, - user, - user_key, - container_image=None): - _cmd = pre_generate_ceph_cmd(container_image=container_image) - args = [ - '-n', - user, - '-k', - user_key, - '--cluster', - cluster, - 'config', - 'get', - 'mon.*', - param - ] - cmd = _cmd + args - return cmd - - -def get_application_pool(cluster, - name, - user, - user_key, - output_format='json', - container_image=None): - ''' - Get application type enabled on a given pool - ''' - - args = ['application', 'get', name, '-f', output_format] - - cmd = generate_ceph_cmd(sub_cmd=['osd', 'pool'], - args=args, - cluster=cluster, - user=user, - user_key=user_key, - container_image=container_image) - - return cmd - - -def enable_application_pool(cluster, - name, - application, - user, - user_key, - container_image=None): - ''' - Enable application on a given pool - ''' - - args = ['application', 'enable', name, application] - - cmd = generate_ceph_cmd(sub_cmd=['osd', 'pool'], - args=args, - cluster=cluster, - user=user, - user_key=user_key, - container_image=container_image) - - return cmd - - -def disable_application_pool(cluster, - name, - application, - user, - user_key, - container_image=None): - ''' - Disable application on a given pool - ''' - - args = ['application', 'disable', name, - application, '--yes-i-really-mean-it'] - - cmd = generate_ceph_cmd(sub_cmd=['osd', 'pool'], - args=args, - cluster=cluster, - user=user, - user_key=user_key, - container_image=container_image) - - return cmd - - -def get_pool_details(module, - cluster, - name, - user, - user_key, - output_format='json', - container_image=None): - ''' - Get details about a given pool - ''' - - args = ['ls', 'detail', '-f', output_format] - - cmd = generate_ceph_cmd(sub_cmd=['osd', 'pool'], - args=args, - cluster=cluster, - user=user, - user_key=user_key, - container_image=container_image) - - rc, cmd, out, err = exec_command(module, cmd) - - if rc == 0: - out = [p for p in json.loads(out.strip()) if p['pool_name'] == name][0] - - _rc, _cmd, application_pool, _err = exec_command(module, - get_application_pool(cluster, # noqa: E501 - name, # noqa: E501 - user, # noqa: E501 - user_key, # noqa: E501 - container_image=container_image)) # noqa: E501 - - # This is a trick because "target_size_ratio" isn't present at the same - # level in the dict - # ie: - # { - # 'pg_num': 8, - # 'pgp_num': 8, - # 'pg_autoscale_mode': 'on', - # 'options': { - # 'target_size_ratio': 0.1 - # } - # } - # If 'target_size_ratio' is present in 'options', we set it, this way we - # end up with a dict containing all needed keys at the same level. - if 'target_size_ratio' in out['options'].keys(): - out['target_size_ratio'] = out['options']['target_size_ratio'] - else: - out['target_size_ratio'] = None - - application = list(json.loads(application_pool.strip()).keys()) - - if len(application) == 0: - out['application'] = '' - else: - out['application'] = application[0] - - return rc, cmd, out, err - - -def compare_pool_config(user_pool_config, running_pool_details): - ''' - Compare user input config pool details with current running pool details - ''' - - delta = {} - filter_keys = ['pg_num', 'pg_placement_num', 'size', - 'pg_autoscale_mode', 'target_size_ratio'] - for key in filter_keys: - if (str(running_pool_details[key]) != user_pool_config[key]['value'] and # noqa: E501 - user_pool_config[key]['value']): - delta[key] = user_pool_config[key] - - if (running_pool_details['application'] != - user_pool_config['application']['value'] and - user_pool_config['application']['value']): - delta['application'] = {} - delta['application']['new_application'] = user_pool_config['application']['value'] # noqa: E501 - # to be improved (for update_pools()...) - delta['application']['value'] = delta['application']['new_application'] - delta['application']['old_application'] = running_pool_details['application'] # noqa: E501 - - return delta - - -def list_pools(cluster, - user, - user_key, - details, - output_format='json', - container_image=None): - ''' - List existing pools - ''' - - args = ['ls'] - - if details: - args.append('detail') - - args.extend(['-f', output_format]) - - cmd = generate_ceph_cmd(sub_cmd=['osd', 'pool'], - args=args, - cluster=cluster, - user=user, - user_key=user_key, - container_image=container_image) - - return cmd - - -def create_pool(cluster, - name, - user, - user_key, - user_pool_config, - container_image=None): - ''' - Create a new pool - ''' - - args = ['create', user_pool_config['pool_name']['value'], - user_pool_config['type']['value']] - - if user_pool_config['pg_autoscale_mode']['value'] != 'on': - args.extend(['--pg_num', - user_pool_config['pg_num']['value'], - '--pgp_num', - user_pool_config['pgp_num']['value'] or - user_pool_config['pg_num']['value']]) - elif user_pool_config['target_size_ratio']['value']: - args.extend(['--target_size_ratio', - user_pool_config['target_size_ratio']['value']]) - - if user_pool_config['type']['value'] == 'replicated': - args.extend([user_pool_config['crush_rule']['value'], - '--expected_num_objects', - user_pool_config['expected_num_objects']['value'], - '--autoscale-mode', - user_pool_config['pg_autoscale_mode']['value']]) - - if (user_pool_config['size']['value'] and - user_pool_config['type']['value'] == "replicated"): - args.extend(['--size', user_pool_config['size']['value']]) - - elif user_pool_config['type']['value'] == 'erasure': - args.extend([user_pool_config['erasure_profile']['value']]) - - if user_pool_config['crush_rule']['value']: - args.extend([user_pool_config['crush_rule']['value']]) - - args.extend(['--expected_num_objects', - user_pool_config['expected_num_objects']['value'], - '--autoscale-mode', - user_pool_config['pg_autoscale_mode']['value']]) - - cmd = generate_ceph_cmd(sub_cmd=['osd', 'pool'], - args=args, - cluster=cluster, - user=user, - user_key=user_key, - container_image=container_image) - - return cmd - - -def remove_pool(cluster, name, user, user_key, container_image=None): - ''' - Remove a pool - ''' - - args = ['rm', name, name, '--yes-i-really-really-mean-it'] - - cmd = generate_ceph_cmd(sub_cmd=['osd', 'pool'], - args=args, - cluster=cluster, - user=user, - user_key=user_key, - container_image=container_image) - - return cmd - - -def update_pool(module, cluster, name, - user, user_key, delta, container_image=None): - ''' - Update an existing pool - ''' - - report = "" - - for key in delta.keys(): - if key != 'application': - args = ['set', - name, - delta[key]['cli_set_opt'], - delta[key]['value']] - - cmd = generate_ceph_cmd(sub_cmd=['osd', 'pool'], - args=args, - cluster=cluster, - user=user, - user_key=user_key, - container_image=container_image) - - rc, cmd, out, err = exec_command(module, cmd) - if rc != 0: - return rc, cmd, out, err - - else: - rc, cmd, out, err = exec_command(module, disable_application_pool(cluster, name, delta['application']['old_application'], user, user_key, container_image=container_image)) # noqa: E501 - if rc != 0: - return rc, cmd, out, err - - rc, cmd, out, err = exec_command(module, enable_application_pool(cluster, name, delta['application']['new_application'], user, user_key, container_image=container_image)) # noqa: E501 - if rc != 0: - return rc, cmd, out, err - - report = report + "\n" + "{} has been updated: {} is now {}".format(name, key, delta[key]['value']) # noqa: E501 - - out = report - return rc, cmd, out, err - - -def run_module(): - module_args = dict( - cluster=dict(type='str', required=False, default='ceph'), - name=dict(type='str', required=True), - state=dict(type='str', required=False, default='present', - choices=['present', 'absent', 'list']), - details=dict(type='bool', required=False, default=False), - size=dict(type='str', required=False), - min_size=dict(type='str', required=False), - pg_num=dict(type='str', required=False), - pgp_num=dict(type='str', required=False), - pg_autoscale_mode=dict(type='str', required=False, default='on'), - target_size_ratio=dict(type='str', required=False, default=None), - pool_type=dict(type='str', required=False, default='replicated', - choices=['replicated', 'erasure', '1', '3']), - erasure_profile=dict(type='str', required=False, default='default'), - rule_name=dict(type='str', required=False, default=None), - expected_num_objects=dict(type='str', required=False, default="0"), - application=dict(type='str', required=False, default=None), - ) - - module = AnsibleModule( - argument_spec=module_args, - supports_check_mode=True - ) - - # Gather module parameters in variables - cluster = module.params.get('cluster') - name = module.params.get('name') - state = module.params.get('state') - details = module.params.get('details') - size = module.params.get('size') - min_size = module.params.get('min_size') - pg_num = module.params.get('pg_num') - pgp_num = module.params.get('pgp_num') - pg_autoscale_mode = module.params.get('pg_autoscale_mode') - target_size_ratio = module.params.get('target_size_ratio') - application = module.params.get('application') - - if (module.params.get('pg_autoscale_mode').lower() in - ['true', 'on', 'yes']): - pg_autoscale_mode = 'on' - elif (module.params.get('pg_autoscale_mode').lower() in - ['false', 'off', 'no']): - pg_autoscale_mode = 'off' - else: - pg_autoscale_mode = 'warn' - - if module.params.get('pool_type') == '1': - pool_type = 'replicated' - elif module.params.get('pool_type') == '3': - pool_type = 'erasure' - else: - pool_type = module.params.get('pool_type') - - if not module.params.get('rule_name'): - rule_name = 'replicated_rule' if pool_type == 'replicated' else None - else: - rule_name = module.params.get('rule_name') - - erasure_profile = module.params.get('erasure_profile') - expected_num_objects = module.params.get('expected_num_objects') - user_pool_config = { - 'pool_name': {'value': name}, - 'pg_num': {'value': pg_num, 'cli_set_opt': 'pg_num'}, - 'pgp_num': {'value': pgp_num, 'cli_set_opt': 'pgp_num'}, - 'pg_autoscale_mode': {'value': pg_autoscale_mode, - 'cli_set_opt': 'pg_autoscale_mode'}, - 'target_size_ratio': {'value': target_size_ratio, - 'cli_set_opt': 'target_size_ratio'}, - 'application': {'value': application}, - 'type': {'value': pool_type}, - 'erasure_profile': {'value': erasure_profile}, - 'crush_rule': {'value': rule_name, 'cli_set_opt': 'crush_rule'}, - 'expected_num_objects': {'value': expected_num_objects}, - 'size': {'value': size, 'cli_set_opt': 'size'}, - 'min_size': {'value': min_size} - } - - if module.check_mode: - module.exit_json( - changed=False, - stdout='', - stderr='', - rc=0, - start='', - end='', - delta='', - ) - - startd = datetime.datetime.now() - changed = False - - # will return either the image name or None - container_image = is_containerized() - - user = "client.admin" - keyring_filename = cluster + '.' + user + '.keyring' - user_key = os.path.join("/etc/ceph/", keyring_filename) - - if state == "present": - rc, cmd, out, err = exec_command(module, - check_pool_exist(cluster, - name, - user, - user_key, - container_image=container_image)) # noqa: E501 - if rc == 0: - running_pool_details = get_pool_details(module, - cluster, - name, - user, - user_key, - container_image=container_image) # noqa: E501 - user_pool_config['pg_placement_num'] = {'value': str(running_pool_details[2]['pg_placement_num']), 'cli_set_opt': 'pgp_num'} # noqa: E501 - delta = compare_pool_config(user_pool_config, - running_pool_details[2]) - if len(delta) > 0: - keys = list(delta.keys()) - details = running_pool_details[2] - if details['erasure_code_profile'] and 'size' in keys: - del delta['size'] - if details['pg_autoscale_mode'] == 'on': - delta.pop('pg_num', None) - delta.pop('pgp_num', None) - - if len(delta) == 0: - out = "Skipping pool {}.\nUpdating either 'size' on an erasure-coded pool or 'pg_num'/'pgp_num' on a pg autoscaled pool is incompatible".format(name) # noqa: E501 - else: - rc, cmd, out, err = update_pool(module, - cluster, - name, - user, - user_key, - delta, - container_image=container_image) # noqa: E501 - if rc == 0: - changed = True - else: - out = "Pool {} already exists and there is nothing to update.".format(name) # noqa: E501 - else: - rc, cmd, out, err = exec_command(module, - create_pool(cluster, - name, - user, - user_key, - user_pool_config=user_pool_config, # noqa: E501 - container_image=container_image)) # noqa: E501 - if user_pool_config['application']['value']: - rc, _, _, _ = exec_command(module, - enable_application_pool(cluster, - name, - user_pool_config['application']['value'], # noqa: E501 - user, - user_key, - container_image=container_image)) # noqa: E501 - if user_pool_config['min_size']['value']: - # not implemented yet - pass - changed = True - - elif state == "list": - rc, cmd, out, err = exec_command(module, - list_pools(cluster, - name, user, - user_key, - details, - container_image=container_image)) # noqa: E501 - if rc != 0: - out = "Couldn't list pool(s) present on the cluster" - - elif state == "absent": - rc, cmd, out, err = exec_command(module, - check_pool_exist(cluster, - name, user, - user_key, - container_image=container_image)) # noqa: E501 - if rc == 0: - rc, cmd, out, err = exec_command(module, - remove_pool(cluster, - name, - user, - user_key, - container_image=container_image)) # noqa: E501 - changed = True - else: - rc = 0 - out = "Skipped, since pool {} doesn't exist".format(name) - - exit_module(module=module, out=out, rc=rc, cmd=cmd, err=err, startd=startd, - changed=changed) - - -def main(): - run_module() - - -if __name__ == '__main__': - main() diff --git a/releasenotes/notes/add-alertmanager-persistence-0eaf7914c262bdf6.yaml b/releasenotes/notes/add-alertmanager-persistence-0eaf7914c262bdf6.yaml deleted file mode 100644 index f587c2c..0000000 --- a/releasenotes/notes/add-alertmanager-persistence-0eaf7914c262bdf6.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -fixes: - - AlertManager did not have any persistence which meant that any silences - would not last through a restart of the pod. This patch adds persistence - so that silences would last survive a restart of the pod. diff --git a/releasenotes/notes/add-ansible-lint-c1e961c2fb88dbc7.yaml b/releasenotes/notes/add-ansible-lint-c1e961c2fb88dbc7.yaml deleted file mode 100644 index f5de6cc..0000000 --- a/releasenotes/notes/add-ansible-lint-c1e961c2fb88dbc7.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Added ``ansible-lint`` to all of the playbooks and roles. \ No newline at end of file diff --git a/releasenotes/notes/add-az-filter-to-nova-3ceb80120a642480.yaml b/releasenotes/notes/add-az-filter-to-nova-3ceb80120a642480.yaml deleted file mode 100644 index 026672d..0000000 --- a/releasenotes/notes/add-az-filter-to-nova-3ceb80120a642480.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Added ``AvailabilityZoneFilter`` for the OpenStack Nova service. diff --git a/releasenotes/notes/add-barbican-d55f181d9f51462a.yaml b/releasenotes/notes/add-barbican-d55f181d9f51462a.yaml deleted file mode 100644 index 10785de..0000000 --- a/releasenotes/notes/add-barbican-d55f181d9f51462a.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -fixes: - - add barbican role to deployment diff --git a/releasenotes/notes/add-ceph-config-module-2390d050b6b0d976.yaml b/releasenotes/notes/add-ceph-config-module-2390d050b6b0d976.yaml deleted file mode 100644 index 49bcaaa..0000000 --- a/releasenotes/notes/add-ceph-config-module-2390d050b6b0d976.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Added ``ceph_config`` module to allow tweaking Ceph configuration via IaC. diff --git a/releasenotes/notes/add-commit-msg-checks-6e4a5a0444fb8496.yaml b/releasenotes/notes/add-commit-msg-checks-6e4a5a0444fb8496.yaml deleted file mode 100644 index 4b90452..0000000 --- a/releasenotes/notes/add-commit-msg-checks-6e4a5a0444fb8496.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - Added commit message checks. Starting now, commits must include ``Sem-Ver`` - tags in the commit message as well as a release note in the ``releasenotes`` diff --git a/releasenotes/notes/add-coredns-forwarder-14bb2a1830cc57e6.yaml b/releasenotes/notes/add-coredns-forwarder-14bb2a1830cc57e6.yaml deleted file mode 100644 index 2ba9d10..0000000 --- a/releasenotes/notes/add-coredns-forwarder-14bb2a1830cc57e6.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - Added native deployment of CoreDNS dedicated for forwarding and caching DNS - requests for the cloud. By default, it's enabled to use DNS over TLS using - both CloudFlare and Google DNS. diff --git a/releasenotes/notes/add-coredns-metrics-6154d542fdb5118f.yaml b/releasenotes/notes/add-coredns-metrics-6154d542fdb5118f.yaml deleted file mode 100644 index 5f2c4fc..0000000 --- a/releasenotes/notes/add-coredns-metrics-6154d542fdb5118f.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - Added CoreDNS metrics for the Neutron service. -fixes: - - Fix issues around upgrading existing releases around waiting for deploys - for larger environments. diff --git a/releasenotes/notes/add-dns01-docs-f4849506aa12c25c.yaml b/releasenotes/notes/add-dns01-docs-f4849506aa12c25c.yaml deleted file mode 100644 index 75d8d54..0000000 --- a/releasenotes/notes/add-dns01-docs-f4849506aa12c25c.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Added documentation to using DNS01 challenges for certificates. diff --git a/releasenotes/notes/add-github-mirrors-af12ad15964628c1.yaml b/releasenotes/notes/add-github-mirrors-af12ad15964628c1.yaml deleted file mode 100644 index 8e77441..0000000 --- a/releasenotes/notes/add-github-mirrors-af12ad15964628c1.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Added mirroring for GitHub diff --git a/releasenotes/notes/add-ipmi-exporter-37a8c16fe24597dc.yaml b/releasenotes/notes/add-ipmi-exporter-37a8c16fe24597dc.yaml deleted file mode 100644 index c12ee7e..0000000 --- a/releasenotes/notes/add-ipmi-exporter-37a8c16fe24597dc.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Added ``ipmi-exporter`` with alertings. diff --git a/releasenotes/notes/add-master-wheels-3f8e8de9d4988472.yaml b/releasenotes/notes/add-master-wheels-3f8e8de9d4988472.yaml deleted file mode 100644 index a4b5576..0000000 --- a/releasenotes/notes/add-master-wheels-3f8e8de9d4988472.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -fixes: - - Added wheels for master branches to allow for building Tempest images. diff --git a/releasenotes/notes/add-migrate-ip-23a68423484249b0.yaml b/releasenotes/notes/add-migrate-ip-23a68423484249b0.yaml deleted file mode 100644 index 9869d6f..0000000 --- a/releasenotes/notes/add-migrate-ip-23a68423484249b0.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Added support to migrating IP from interface when adding to bridge diff --git a/releasenotes/notes/add-molecule-customization-9feb3a6a6e6d85f2.yaml b/releasenotes/notes/add-molecule-customization-9feb3a6a6e6d85f2.yaml deleted file mode 100644 index 3f4d7af..0000000 --- a/releasenotes/notes/add-molecule-customization-9feb3a6a6e6d85f2.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - Added the ability to customize the Heat stack properties -fixes: - - Added notes on working around Molecule bug. \ No newline at end of file diff --git a/releasenotes/notes/add-neutron-live_migration_events-28f3dbae2939d20d.yaml b/releasenotes/notes/add-neutron-live_migration_events-28f3dbae2939d20d.yaml deleted file mode 100644 index 7b84a33..0000000 --- a/releasenotes/notes/add-neutron-live_migration_events-28f3dbae2939d20d.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -fixes: - - Live migrations will take longer than expected because the default value of - the option ``live_migration_events`` regressed to ``false`` since the - addition of this value was forgotten. They should now complete on time with - no network outages. diff --git a/releasenotes/notes/add-node-exporter-ignored-device-a7d528f7583156f1.yaml b/releasenotes/notes/add-node-exporter-ignored-device-a7d528f7583156f1.yaml deleted file mode 100644 index 8b4ff99..0000000 --- a/releasenotes/notes/add-node-exporter-ignored-device-a7d528f7583156f1.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -fixes: - - Start ignoring ``tbr`` interfaces inside ``node-exporter`` which are used by - trunk interfaces with Neutron. diff --git a/releasenotes/notes/add-openstack-exporter-role-f87a6a6f90a0f236.yaml b/releasenotes/notes/add-openstack-exporter-role-f87a6a6f90a0f236.yaml deleted file mode 100644 index 78c5ee9..0000000 --- a/releasenotes/notes/add-openstack-exporter-role-f87a6a6f90a0f236.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Added ``openstack-exporter`` with alertings. \ No newline at end of file diff --git a/releasenotes/notes/add-overrides-for-kube-prometheus-stack-7b50790cfbfb2fa2.yaml b/releasenotes/notes/add-overrides-for-kube-prometheus-stack-7b50790cfbfb2fa2.yaml deleted file mode 100644 index 80fc216..0000000 --- a/releasenotes/notes/add-overrides-for-kube-prometheus-stack-7b50790cfbfb2fa2.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Added ability to create overrides for Prometheus monitoring. diff --git a/releasenotes/notes/add-powerstore-csi-support-64e89219c5c7b566.yaml b/releasenotes/notes/add-powerstore-csi-support-64e89219c5c7b566.yaml deleted file mode 100644 index 51049aa..0000000 --- a/releasenotes/notes/add-powerstore-csi-support-64e89219c5c7b566.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Add support for multiple CSIs including PowerStore diff --git a/releasenotes/notes/add-promote-job-079c3c57f1b5e272.yaml b/releasenotes/notes/add-promote-job-079c3c57f1b5e272.yaml deleted file mode 100644 index 626a321..0000000 --- a/releasenotes/notes/add-promote-job-079c3c57f1b5e272.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - Add jobs to promote the generated artifact to the tarballs server in order - to make it easy to pull in latest version. \ No newline at end of file diff --git a/releasenotes/notes/add-provides-to-wheels-jobs-80dbd81930b548f4.yaml b/releasenotes/notes/add-provides-to-wheels-jobs-80dbd81930b548f4.yaml deleted file mode 100644 index e03fb60..0000000 --- a/releasenotes/notes/add-provides-to-wheels-jobs-80dbd81930b548f4.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -fixes: - - Added "provides" to wheels jobs in order to allow passing the artifact to - image build jobs. diff --git a/releasenotes/notes/add-secret-generation-3653426d798abfc4.yaml b/releasenotes/notes/add-secret-generation-3653426d798abfc4.yaml deleted file mode 100644 index f0e2aec..0000000 --- a/releasenotes/notes/add-secret-generation-3653426d798abfc4.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -features: - - Added a playbook to automatically generate all secrets for all roles for - those which are not already defined. -upgrade: - - When upgrading to this version, you'll need to make sure that you destroy - your existing Molecule testing environment before convering again since - it is now using automatically generated secrets instead of hard-coded - secrets. The secrets are stored inside the ``MOLECULE_EPHEMERAL_DIRECTORY``. diff --git a/releasenotes/notes/add-ssh-keys-d3e86fce24365343.yaml b/releasenotes/notes/add-ssh-keys-d3e86fce24365343.yaml deleted file mode 100644 index e71e1f7..0000000 --- a/releasenotes/notes/add-ssh-keys-d3e86fce24365343.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - Added automatic SSH key generation for workspace, as well as cold & live - migration support by enabling SSH keys. diff --git a/releasenotes/notes/add-tempest-images-07a34f3e521ffee5.yaml b/releasenotes/notes/add-tempest-images-07a34f3e521ffee5.yaml deleted file mode 100644 index 7cd427e..0000000 --- a/releasenotes/notes/add-tempest-images-07a34f3e521ffee5.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Added tempest images built from the master branch. diff --git a/releasenotes/notes/add-uc-to-whels-2f692964ae6d684c.yaml b/releasenotes/notes/add-uc-to-whels-2f692964ae6d684c.yaml deleted file mode 100644 index 0865169..0000000 --- a/releasenotes/notes/add-uc-to-whels-2f692964ae6d684c.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -fixes: - - Added "upper-constraints.txt" to wheels archive. diff --git a/releasenotes/notes/add-wheel-builds-e731c5a64f98964b.yaml b/releasenotes/notes/add-wheel-builds-e731c5a64f98964b.yaml deleted file mode 100644 index 5d11c4f..0000000 --- a/releasenotes/notes/add-wheel-builds-e731c5a64f98964b.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Added Zuul jobs for building wheels and publishing them \ No newline at end of file diff --git a/releasenotes/notes/add-workspace-generation-8ff28781216beccd.yaml b/releasenotes/notes/add-workspace-generation-8ff28781216beccd.yaml deleted file mode 100644 index a4780e5..0000000 --- a/releasenotes/notes/add-workspace-generation-8ff28781216beccd.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - Added playbook to allow for generating workspace for deployment and - integrate it into Molecule in order to make sure we always test it. \ No newline at end of file diff --git a/releasenotes/notes/add-zuul-artifacts-fc8ce46d3a43414e.yaml b/releasenotes/notes/add-zuul-artifacts-fc8ce46d3a43414e.yaml deleted file mode 100644 index cac50bb..0000000 --- a/releasenotes/notes/add-zuul-artifacts-fc8ce46d3a43414e.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Added Zuul artifacts with built collections for all commits. diff --git a/releasenotes/notes/add_kubectl_bash_autocomplete-7b02df64b69198c8.yaml b/releasenotes/notes/add_kubectl_bash_autocomplete-7b02df64b69198c8.yaml deleted file mode 100644 index 7ec7eca..0000000 --- a/releasenotes/notes/add_kubectl_bash_autocomplete-7b02df64b69198c8.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - | - Load the kubectl & helm auto complete in the .bashrc file diff --git a/releasenotes/notes/added-role-docs-e7203e2b3db04f9f.yaml b/releasenotes/notes/added-role-docs-e7203e2b3db04f9f.yaml deleted file mode 100644 index ecade5f..0000000 --- a/releasenotes/notes/added-role-docs-e7203e2b3db04f9f.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -other: - - Added basic documentation infrastructure. \ No newline at end of file diff --git a/releasenotes/notes/allow-disable-keepalived-8a0f9f4d7eba0bd1.yaml b/releasenotes/notes/allow-disable-keepalived-8a0f9f4d7eba0bd1.yaml deleted file mode 100644 index 40aafef..0000000 --- a/releasenotes/notes/allow-disable-keepalived-8a0f9f4d7eba0bd1.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Allow disabling of the keepalived service. diff --git a/releasenotes/notes/allow-external-ceph-9fa982e6734902e9.yaml b/releasenotes/notes/allow-external-ceph-9fa982e6734902e9.yaml deleted file mode 100644 index eaa9f75..0000000 --- a/releasenotes/notes/allow-external-ceph-9fa982e6734902e9.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Add ability to use an externally deployed Ceph cluster. diff --git a/releasenotes/notes/allow-no-keepalived-32ac8b6630df1448.yaml b/releasenotes/notes/allow-no-keepalived-32ac8b6630df1448.yaml deleted file mode 100644 index f255545..0000000 --- a/releasenotes/notes/allow-no-keepalived-32ac8b6630df1448.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - Add ability for a user to avoid using Keepalived for Kubernetes in cases - where the API is behind an external load balancer. diff --git a/releasenotes/notes/allow-older-joinconfig-323cf204110f5c6d.yaml b/releasenotes/notes/allow-older-joinconfig-323cf204110f5c6d.yaml deleted file mode 100644 index 9337728..0000000 --- a/releasenotes/notes/allow-older-joinconfig-323cf204110f5c6d.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -fixes: - - Allow using an older version of JoinConfiguration to support older clusters. diff --git a/releasenotes/notes/allow_boot_from_volume-d85a6fef6ec2eced.yaml b/releasenotes/notes/allow_boot_from_volume-d85a6fef6ec2eced.yaml deleted file mode 100644 index 2ca7211..0000000 --- a/releasenotes/notes/allow_boot_from_volume-d85a6fef6ec2eced.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -features: - - | - Support new environment variable ``ATMOSPHERE_BOOT_FROM_VOLUME``, - When this boolean variable is set (like ``true``, ``yes``, - or anytihng can be accpeted by Ansible ``bool`` filter), - you can change OpenStack instances to boot from volume, and allow image not - specify local disk. diff --git a/releasenotes/notes/barbican-add-role-8c70f47a587d871a.yaml b/releasenotes/notes/barbican-add-role-8c70f47a587d871a.yaml deleted file mode 100644 index e26dc8d..0000000 --- a/releasenotes/notes/barbican-add-role-8c70f47a587d871a.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Add barbican role diff --git a/releasenotes/notes/bump-horizon-27deafc5a24c6770.yaml b/releasenotes/notes/bump-horizon-27deafc5a24c6770.yaml deleted file mode 100644 index 6df4cf8..0000000 --- a/releasenotes/notes/bump-horizon-27deafc5a24c6770.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Bump Horizon chart to version 0.2.24 to include fixes for logo ConfigMap. diff --git a/releasenotes/notes/bump-nova-chart-version-1c96e579431abc0e.yaml b/releasenotes/notes/bump-nova-chart-version-1c96e579431abc0e.yaml deleted file mode 100644 index 1b7e486..0000000 --- a/releasenotes/notes/bump-nova-chart-version-1c96e579431abc0e.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - | - Bump Nova helm chart version to 0.2.32. To interdice fix for ironic. diff --git a/releasenotes/notes/cert-manager-distribute-self-signed-cert-on-host-7f01a00243b8c94e.yaml b/releasenotes/notes/cert-manager-distribute-self-signed-cert-on-host-7f01a00243b8c94e.yaml deleted file mode 100644 index c2d23e9..0000000 --- a/releasenotes/notes/cert-manager-distribute-self-signed-cert-on-host-7f01a00243b8c94e.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Distribute self-signed certificate on the controller node diff --git a/releasenotes/notes/cert_manager-add-self-signed-cert-0d38d09e25c68546.yaml b/releasenotes/notes/cert_manager-add-self-signed-cert-0d38d09e25c68546.yaml deleted file mode 100644 index 32066cf..0000000 --- a/releasenotes/notes/cert_manager-add-self-signed-cert-0d38d09e25c68546.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Add self-signed issuer and CA certificate diff --git a/releasenotes/notes/cleanup-ceph-prom-alerts-3c020e3021d4fcea.yaml b/releasenotes/notes/cleanup-ceph-prom-alerts-3c020e3021d4fcea.yaml deleted file mode 100644 index f6c76e9..0000000 --- a/releasenotes/notes/cleanup-ceph-prom-alerts-3c020e3021d4fcea.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -fixes: - - Drop ``CephNodeDiskspaceWarning`` alerts since they already have better - coverage through other alerts. diff --git a/releasenotes/notes/cleanup-keystone-role-ea04dd3c915f3bf7.yaml b/releasenotes/notes/cleanup-keystone-role-ea04dd3c915f3bf7.yaml deleted file mode 100644 index c2807df..0000000 --- a/releasenotes/notes/cleanup-keystone-role-ea04dd3c915f3bf7.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -fixes: - - Remove stale old Terraform content from the Keystone side of things. diff --git a/releasenotes/notes/cleanup-pre-run-cbd272c8b7852365.yaml b/releasenotes/notes/cleanup-pre-run-cbd272c8b7852365.yaml deleted file mode 100644 index 5f9bb5d..0000000 --- a/releasenotes/notes/cleanup-pre-run-cbd272c8b7852365.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -fixes: - - Drops symbolic link in pre-run and replaces it with an ``ansible-galaxy`` - installation of the collection. diff --git a/releasenotes/notes/consecutive_build_service_disable_threshold-ba461187507bdb43.yaml b/releasenotes/notes/consecutive_build_service_disable_threshold-ba461187507bdb43.yaml deleted file mode 100644 index 11952e9..0000000 --- a/releasenotes/notes/consecutive_build_service_disable_threshold-ba461187507bdb43.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- - -fixes: - - | - Set consecutive_build_service_disable_threshold to 0 - as it was observed that some nodes on a cluster were - disabled after a certain amount of build failures, overloading - the other healthy nodes in the cluster causing a bunch of issues. diff --git a/releasenotes/notes/correct_nova_timeout-111d1967cacf02dc.yaml b/releasenotes/notes/correct_nova_timeout-111d1967cacf02dc.yaml deleted file mode 100644 index 360426e..0000000 --- a/releasenotes/notes/correct_nova_timeout-111d1967cacf02dc.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -fixes: Correct the Nova timeout - diff --git a/releasenotes/notes/create-cloud-resources-dd6b1441b047fe98.yaml b/releasenotes/notes/create-cloud-resources-dd6b1441b047fe98.yaml deleted file mode 100644 index e0bc21f..0000000 --- a/releasenotes/notes/create-cloud-resources-dd6b1441b047fe98.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Create cloud resources such as networks and flavors \ No newline at end of file diff --git a/releasenotes/notes/custom-node-labels-6a86575cf6a68ad3.yaml b/releasenotes/notes/custom-node-labels-6a86575cf6a68ad3.yaml deleted file mode 100644 index 24942da..0000000 --- a/releasenotes/notes/custom-node-labels-6a86575cf6a68ad3.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - Add ability to include custom node labels for scenarios where you might want - to distribute workloads across different nodes. diff --git a/releasenotes/notes/disable-ironic-62c49aa8af6d5441.yaml b/releasenotes/notes/disable-ironic-62c49aa8af6d5441.yaml deleted file mode 100644 index ebc28f8..0000000 --- a/releasenotes/notes/disable-ironic-62c49aa8af6d5441.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -issues: - - The Ironic deployment is not functional at the moment, therefore, the - manifest has been disabled until the Ironic API endpoint is completed. diff --git a/releasenotes/notes/disable-oslo-messaging-notifications-ca59b77095f59873.yaml b/releasenotes/notes/disable-oslo-messaging-notifications-ca59b77095f59873.yaml deleted file mode 100644 index 86ad98c..0000000 --- a/releasenotes/notes/disable-oslo-messaging-notifications-ca59b77095f59873.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - Disable oslo_messaging_notifications by default. - From now, [oslo_messaging_notifications]/driver will be default to `noop`. - operators can enable them base on real needs. diff --git a/releasenotes/notes/drop-horizon-mariadb-pw-69cf67dab929a12a.yaml b/releasenotes/notes/drop-horizon-mariadb-pw-69cf67dab929a12a.yaml deleted file mode 100644 index 46c3479..0000000 --- a/releasenotes/notes/drop-horizon-mariadb-pw-69cf67dab929a12a.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -bugfix: - - | - Drop ``horizon_mariadb_password`` hard-coded password since it's - automatically generated. diff --git a/releasenotes/notes/enable-neutron-service-plugins-0edf4084235138e7.yaml b/releasenotes/notes/enable-neutron-service-plugins-0edf4084235138e7.yaml deleted file mode 100644 index bfb6c30..0000000 --- a/releasenotes/notes/enable-neutron-service-plugins-0edf4084235138e7.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Added support for additional Neutron service plugins. diff --git a/releasenotes/notes/extend_waiting_time-aea8f4934df21b2b.yaml b/releasenotes/notes/extend_waiting_time-aea8f4934df21b2b.yaml deleted file mode 100644 index 749ce7e..0000000 --- a/releasenotes/notes/extend_waiting_time-aea8f4934df21b2b.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -issues: - - | - Wait longer till instances are ready diff --git a/releasenotes/notes/fix-ceph-csi-monmap-89505192fb838958.yaml b/releasenotes/notes/fix-ceph-csi-monmap-89505192fb838958.yaml deleted file mode 100644 index e3f87ea..0000000 --- a/releasenotes/notes/fix-ceph-csi-monmap-89505192fb838958.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -feature: - - | - When we have ceph public network running on a - separate network, we should dump the correct - monitor ip addresses in order to ceph csi to be - able to talk to ceph cluster and provision pvcs. - - diff --git a/releasenotes/notes/fix-commit-check-vars-77fd8469bb568a48.yaml b/releasenotes/notes/fix-commit-check-vars-77fd8469bb568a48.yaml deleted file mode 100644 index 1dd860c..0000000 --- a/releasenotes/notes/fix-commit-check-vars-77fd8469bb568a48.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -fixes: - - The commit checks had hard-coded values for debugging that were accidentally - added into the code. diff --git a/releasenotes/notes/fix-etcd-alerts-45526da283b2a024.yaml b/releasenotes/notes/fix-etcd-alerts-45526da283b2a024.yaml deleted file mode 100644 index 929baf6..0000000 --- a/releasenotes/notes/fix-etcd-alerts-45526da283b2a024.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -fixes: - - Stop alerts from firing about ``etcd`` that are mostly invalid. diff --git a/releasenotes/notes/fix-gcthres-values-2281f5ceba6d15bb.yaml b/releasenotes/notes/fix-gcthres-values-2281f5ceba6d15bb.yaml deleted file mode 100644 index 8ad4391..0000000 --- a/releasenotes/notes/fix-gcthres-values-2281f5ceba6d15bb.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -fixes: - - Fix gc_thres tuning values for both IPv4 and IPv6. diff --git a/releasenotes/notes/fix-git-mirrors-af8cec9540a12842.yaml b/releasenotes/notes/fix-git-mirrors-af8cec9540a12842.yaml deleted file mode 100644 index 6955ba8..0000000 --- a/releasenotes/notes/fix-git-mirrors-af8cec9540a12842.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -fixes: - - The GitHub mirroring job was not included to run so this patch fixes that. \ No newline at end of file diff --git a/releasenotes/notes/fix-ipmi-exporter-3099bb1397c884d4.yaml b/releasenotes/notes/fix-ipmi-exporter-3099bb1397c884d4.yaml deleted file mode 100644 index b21a50f..0000000 --- a/releasenotes/notes/fix-ipmi-exporter-3099bb1397c884d4.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -fixes: - - The IPMI exporter depended on the `ipmi` module being loaded, however, it - is the case that the module could be loaded on a virtual machine. This - patch instead only runs it on systems that don't expose the ``HYPERVISOR`` - flag. \ No newline at end of file diff --git a/releasenotes/notes/fix-ipmi-exporter-4069d8b2e742a07a.yaml b/releasenotes/notes/fix-ipmi-exporter-4069d8b2e742a07a.yaml deleted file mode 100644 index 8f283d3..0000000 --- a/releasenotes/notes/fix-ipmi-exporter-4069d8b2e742a07a.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -fixes: - - Resolve issues with ``nodeSelector`` for IPMI exporter. diff --git a/releasenotes/notes/fix-keystone-domain-manage-dcaed4bd497836fa.yaml b/releasenotes/notes/fix-keystone-domain-manage-dcaed4bd497836fa.yaml deleted file mode 100644 index ac1830e..0000000 --- a/releasenotes/notes/fix-keystone-domain-manage-dcaed4bd497836fa.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -fixes: - - Fix the image used for the Keystone domain management diff --git a/releasenotes/notes/fix-kube-prometheus-stack-wait-14e605452424cefc.yaml b/releasenotes/notes/fix-kube-prometheus-stack-wait-14e605452424cefc.yaml deleted file mode 100644 index 6302b86..0000000 --- a/releasenotes/notes/fix-kube-prometheus-stack-wait-14e605452424cefc.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -fixes: - - Since we're not waiting for the monitoring to fully go up, we have issues - with later tasks that run way too fast and the operator is not ready, this - will make sure it's all good to go before moving forward. diff --git a/releasenotes/notes/fix-node-selectors-0ae3a7ae609b4227.yaml b/releasenotes/notes/fix-node-selectors-0ae3a7ae609b4227.yaml deleted file mode 100644 index 56ac9f3..0000000 --- a/releasenotes/notes/fix-node-selectors-0ae3a7ae609b4227.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -fixes: - - Fix services which are running on nodes other than the control plane. diff --git a/releasenotes/notes/fix-rabbitmq-alerts-74368ac400758ea7.yaml b/releasenotes/notes/fix-rabbitmq-alerts-74368ac400758ea7.yaml deleted file mode 100644 index 9595847..0000000 --- a/releasenotes/notes/fix-rabbitmq-alerts-74368ac400758ea7.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -fixes: - - Fixed RabbitMQ memory alerts using watermark instead of actual limit for - the container. diff --git a/releasenotes/notes/fix-role-promotion-8c41b8dfd8b1c74e.yaml b/releasenotes/notes/fix-role-promotion-8c41b8dfd8b1c74e.yaml deleted file mode 100644 index 836a074..0000000 --- a/releasenotes/notes/fix-role-promotion-8c41b8dfd8b1c74e.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -fixes: - - Add missing job for promotion of branch-tip tarballs. diff --git a/releasenotes/notes/fix-semver-0aa05baa8ecdb2b0.yaml b/releasenotes/notes/fix-semver-0aa05baa8ecdb2b0.yaml deleted file mode 100644 index 3414941..0000000 --- a/releasenotes/notes/fix-semver-0aa05baa8ecdb2b0.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -fixes: - - Fix ``pbr`` version os the ``.devN`` part to be ``-N`` instead to have - proper semantic versioning. \ No newline at end of file diff --git a/releasenotes/notes/fix-senlin-username-a8a238893e806d8d.yaml b/releasenotes/notes/fix-senlin-username-a8a238893e806d8d.yaml deleted file mode 100644 index 1c2b7a8..0000000 --- a/releasenotes/notes/fix-senlin-username-a8a238893e806d8d.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -fixes: - - | - Fixes senlin username which was wrongly pointing to cinder, causing - authentication issues to volume service. \ No newline at end of file diff --git a/releasenotes/notes/fix-socat-percona-891da2e4726505a4.yaml b/releasenotes/notes/fix-socat-percona-891da2e4726505a4.yaml deleted file mode 100644 index 3776df6..0000000 --- a/releasenotes/notes/fix-socat-percona-891da2e4726505a4.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -fixes: - - Percona XtraDB clusters would fail to bootstrap due to an upstream bug in - the images with a too old version of socat (https://jira.percona.com/browse/PXC-3914). diff --git a/releasenotes/notes/fix_osd_mon_hosts-aa7bd5fa08241131.yaml b/releasenotes/notes/fix_osd_mon_hosts-aa7bd5fa08241131.yaml deleted file mode 100644 index 5b718d6..0000000 --- a/releasenotes/notes/fix_osd_mon_hosts-aa7bd5fa08241131.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -fixes: - - | - Since we define the monmap based on the - ceph public network, we should build ceph.conf - for osd with the correct ip addresses. \ No newline at end of file diff --git a/releasenotes/notes/generate-secrets-with-vault-f7f4e0c94a5608d5.yaml b/releasenotes/notes/generate-secrets-with-vault-f7f4e0c94a5608d5.yaml deleted file mode 100644 index 446b3c4..0000000 --- a/releasenotes/notes/generate-secrets-with-vault-f7f4e0c94a5608d5.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - The ``generate_secrets`` playbook can now be used to generate secrets that - are encrypted using ``ansible-vault``. diff --git a/releasenotes/notes/get_cluster_internal_running-30f18e425871c369.yaml b/releasenotes/notes/get_cluster_internal_running-30f18e425871c369.yaml deleted file mode 100644 index 8227a88..0000000 --- a/releasenotes/notes/get_cluster_internal_running-30f18e425871c369.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Change the DNS suffix and ACME server. Both with the goal to get in this - ansible-collection-atmosphere running in internal environments. diff --git a/releasenotes/notes/glance-create-images-6943e75e25560954.yaml b/releasenotes/notes/glance-create-images-6943e75e25560954.yaml deleted file mode 100644 index dcc97f1..0000000 --- a/releasenotes/notes/glance-create-images-6943e75e25560954.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Provision images inside Openstack diff --git a/releasenotes/notes/horizon-disable-openrc-download-9a77f00006a8e129.yaml b/releasenotes/notes/horizon-disable-openrc-download-9a77f00006a8e129.yaml deleted file mode 100644 index d8e12d3..0000000 --- a/releasenotes/notes/horizon-disable-openrc-download-9a77f00006a8e129.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -features: - - Update horizon chart version from 0.2.16 to 0.2.20 - - 0.2.17 Add custom logo - - 0.2.18 Enable taint toleration for Openstack services - - 0.2.19 Remove unsupported value overrides - - 0.2.20 Add SHOW_OPENRC_FILE value diff --git a/releasenotes/notes/horizon-remove-monasca-grafana-path-from-ingress-267b837d9d5f93bc.yaml b/releasenotes/notes/horizon-remove-monasca-grafana-path-from-ingress-267b837d9d5f93bc.yaml deleted file mode 100644 index 2a743fd..0000000 --- a/releasenotes/notes/horizon-remove-monasca-grafana-path-from-ingress-267b837d9d5f93bc.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -fixes: - - Remove grafana path from horizon ingress till monasca realized diff --git a/releasenotes/notes/ignore-gre-sys-321562e531879727.yaml b/releasenotes/notes/ignore-gre-sys-321562e531879727.yaml deleted file mode 100644 index e96f127..0000000 --- a/releasenotes/notes/ignore-gre-sys-321562e531879727.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -fixes: - - gre_sys interfaces is now ignored inside node-exporter. diff --git a/releasenotes/notes/image-install-iputils-ping-in-tempest-6ceacd39657fb3d3.yaml b/releasenotes/notes/image-install-iputils-ping-in-tempest-6ceacd39657fb3d3.yaml deleted file mode 100644 index 8acf91a..0000000 --- a/releasenotes/notes/image-install-iputils-ping-in-tempest-6ceacd39657fb3d3.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -fixes: - - Install iputils-ping dist package in tempest image diff --git a/releasenotes/notes/increase-ci-timeouts-e189f2327c7f40b6.yaml b/releasenotes/notes/increase-ci-timeouts-e189f2327c7f40b6.yaml deleted file mode 100644 index 7938300..0000000 --- a/releasenotes/notes/increase-ci-timeouts-e189f2327c7f40b6.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -fixes: - - Bump CI timeout to 2 hours from 1 hour to prevent job timeouts. diff --git a/releasenotes/notes/ingress-add-variable-for-annotations-b824db994ead135b.yaml b/releasenotes/notes/ingress-add-variable-for-annotations-b824db994ead135b.yaml deleted file mode 100644 index 9277962..0000000 --- a/releasenotes/notes/ingress-add-variable-for-annotations-b824db994ead135b.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -features: - - | - Add ansible variables for ingress annotations for roles consuming - openstack_helm_ingress role - - - openstack_helm_barbican - - openstack_helm_cinder - - openstack_helm_glance - - openstack_helm_heat - - openstack_helm_horizon - - openstack_helm_keystone - - openstack_helm_neutron - - openstack_helm_nova - - openstack_helm_placement - - openstack_helm_senlin diff --git a/releasenotes/notes/ingress_nginx-enable-defaultBackend-87a0a88a36710b38.yaml b/releasenotes/notes/ingress_nginx-enable-defaultBackend-87a0a88a36710b38.yaml deleted file mode 100644 index 11b4e91..0000000 --- a/releasenotes/notes/ingress_nginx-enable-defaultBackend-87a0a88a36710b38.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -fixes: - - Add default backend in ingress nginx controller diff --git a/releasenotes/notes/ipmi-exclude-more-sensors-ac10186184d368c6.yaml b/releasenotes/notes/ipmi-exclude-more-sensors-ac10186184d368c6.yaml deleted file mode 100644 index 21cf17a..0000000 --- a/releasenotes/notes/ipmi-exclude-more-sensors-ac10186184d368c6.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -fixes: - - Include more IPMI sensors which are generally not reporting clean results - for Dell systems. diff --git a/releasenotes/notes/keepalived-add-role-1b2ad22c86e253ba.yaml b/releasenotes/notes/keepalived-add-role-1b2ad22c86e253ba.yaml deleted file mode 100644 index 9634c55..0000000 --- a/releasenotes/notes/keepalived-add-role-1b2ad22c86e253ba.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Add role for keepalived in openstack namespace diff --git a/releasenotes/notes/kubernetes-add-sysctl-gc_thresh-tunning-438099ff8b0d9ff2.yaml b/releasenotes/notes/kubernetes-add-sysctl-gc_thresh-tunning-438099ff8b0d9ff2.yaml deleted file mode 100644 index 90c0ca9..0000000 --- a/releasenotes/notes/kubernetes-add-sysctl-gc_thresh-tunning-438099ff8b0d9ff2.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Add sysctl gc_thresh tuning in kubernetes role diff --git a/releasenotes/notes/kubernetes-set-containerd-as-containter-runtime-eef9ac26d7a2d165.yaml b/releasenotes/notes/kubernetes-set-containerd-as-containter-runtime-eef9ac26d7a2d165.yaml deleted file mode 100644 index efe5eb9..0000000 --- a/releasenotes/notes/kubernetes-set-containerd-as-containter-runtime-eef9ac26d7a2d165.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Set containerd as container runtime diff --git a/releasenotes/notes/lookup-ceph-public-iface-e9147f1615e8371b.yaml b/releasenotes/notes/lookup-ceph-public-iface-e9147f1615e8371b.yaml deleted file mode 100644 index 636f265..0000000 --- a/releasenotes/notes/lookup-ceph-public-iface-e9147f1615e8371b.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - Add the ability to lookup for the ip address of the - ceph public network. This is useful when the ceph public - network is differnet from the default network on the system. \ No newline at end of file diff --git a/releasenotes/notes/migrate-to-rabbitmq-operator-908ead4f29c82230.yaml b/releasenotes/notes/migrate-to-rabbitmq-operator-908ead4f29c82230.yaml deleted file mode 100644 index e931c1f..0000000 --- a/releasenotes/notes/migrate-to-rabbitmq-operator-908ead4f29c82230.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -features: - - Introduce usage of RabbitMQ operator, remove usage of old RabbitMQ charts - and start to run a single replica of RabbitMQ for each OpenStack service. -upgrade: - - The playbooks must all be ran in order, and once done make sure to have the - ``cleanup`` playbook run to clean up the old cluster. diff --git a/releasenotes/notes/neutron-integrate-designate-as-ext_dns_driver-36a95992b267e2f1.yaml b/releasenotes/notes/neutron-integrate-designate-as-ext_dns_driver-36a95992b267e2f1.yaml deleted file mode 100644 index 8291359..0000000 --- a/releasenotes/notes/neutron-integrate-designate-as-ext_dns_driver-36a95992b267e2f1.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Use designate as external dns driver and enable dns_domain_ports diff --git a/releasenotes/notes/nova_allow_resize_to_same_host-291e10c353bc1173.yaml b/releasenotes/notes/nova_allow_resize_to_same_host-291e10c353bc1173.yaml deleted file mode 100644 index d858b48..0000000 --- a/releasenotes/notes/nova_allow_resize_to_same_host-291e10c353bc1173.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Set allow_resize_to_same_host as true in Default diff --git a/releasenotes/notes/openstacksdk-add-role-352fd57b4abec9d2.yaml b/releasenotes/notes/openstacksdk-add-role-352fd57b4abec9d2.yaml deleted file mode 100644 index d886f71..0000000 --- a/releasenotes/notes/openstacksdk-add-role-352fd57b4abec9d2.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Add openstacksdk role which installs openstacksdk py package - and configures clouds.yaml. diff --git a/releasenotes/notes/pin-openstacksdk-c4c3c9758689f429.yaml b/releasenotes/notes/pin-openstacksdk-c4c3c9758689f429.yaml deleted file mode 100644 index 9d7de29..0000000 --- a/releasenotes/notes/pin-openstacksdk-c4c3c9758689f429.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -fixes: - - Pin ``openstacksdk`` to 0.61.0 to avoid breaking the ``openstack.cloud`` - collection. diff --git a/releasenotes/notes/rabbitmq-improvements-875277bea9dfc9bb.yaml b/releasenotes/notes/rabbitmq-improvements-875277bea9dfc9bb.yaml deleted file mode 100644 index b38d4f2..0000000 --- a/releasenotes/notes/rabbitmq-improvements-875277bea9dfc9bb.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -features: - - Added additional monitoring to RabbitMQ in order to detect and alert on - alarms raised by it such as memory, etc. -fixes: - - Switch RabbitmqConnections to a more reliable solution that can avoid - alerting on larger scale clouds. diff --git a/releasenotes/notes/rabbitmq-set-resource-requirements-b769c8975ba9723d.yaml b/releasenotes/notes/rabbitmq-set-resource-requirements-b769c8975ba9723d.yaml deleted file mode 100644 index d77cbf5..0000000 --- a/releasenotes/notes/rabbitmq-set-resource-requirements-b769c8975ba9723d.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Set custom resource requirements diff --git a/releasenotes/notes/remove-molecule-workaround-6908afb41ef8c738.yaml b/releasenotes/notes/remove-molecule-workaround-6908afb41ef8c738.yaml deleted file mode 100644 index 107baa6..0000000 --- a/releasenotes/notes/remove-molecule-workaround-6908afb41ef8c738.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -fixes: - - Fix documentation for avoiding workaround involving manual symbolic links - for the Ansible collection. diff --git a/releasenotes/notes/simplify-inventory-structure-07ac1eea6b173eee.yaml b/releasenotes/notes/simplify-inventory-structure-07ac1eea6b173eee.yaml deleted file mode 100644 index f580ac7..0000000 --- a/releasenotes/notes/simplify-inventory-structure-07ac1eea6b173eee.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - Simplified the structure of the required inventory to 3 groups only which - are ``controllers``, ``cephs`` and ``computes``. diff --git a/releasenotes/notes/support-debian-c2c011eb48dfd442.yaml b/releasenotes/notes/support-debian-c2c011eb48dfd442.yaml deleted file mode 100644 index 39099d3..0000000 --- a/releasenotes/notes/support-debian-c2c011eb48dfd442.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -fixes: - - | - Add missing packages for install on `Debian 11` cloud image environment. diff --git a/releasenotes/notes/switch-to-fluxcd-10de5b94a893b285.yaml b/releasenotes/notes/switch-to-fluxcd-10de5b94a893b285.yaml deleted file mode 100644 index 667b232..0000000 --- a/releasenotes/notes/switch-to-fluxcd-10de5b94a893b285.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - FluxCD is now used to deploy the Helm charts which will result in speedier - deployments and eventually dropping the client-side Helm CLI. diff --git a/releasenotes/notes/switch-to-geneve-96bf7ef7c53988f8.yaml b/releasenotes/notes/switch-to-geneve-96bf7ef7c53988f8.yaml deleted file mode 100644 index 761b266..0000000 --- a/releasenotes/notes/switch-to-geneve-96bf7ef7c53988f8.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -fixes: - - Switch Cilium to use Geneve tunnels instead of VXLAN. diff --git a/releasenotes/notes/tempest-add-role-efd573d775e96638.yaml b/releasenotes/notes/tempest-add-role-efd573d775e96638.yaml deleted file mode 100644 index 8426769..0000000 --- a/releasenotes/notes/tempest-add-role-efd573d775e96638.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Added ansible role to deploy tempest diff --git a/releasenotes/notes/tempest-print-tempest-log-always-5dd1b59b52038de2.yaml b/releasenotes/notes/tempest-print-tempest-log-always-5dd1b59b52038de2.yaml deleted file mode 100644 index cb4a0f1..0000000 --- a/releasenotes/notes/tempest-print-tempest-log-always-5dd1b59b52038de2.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Collect tempest log after tempest run diff --git a/releasenotes/notes/tox-lock-ansible-lint-version-619c2a48e6f0c5d6.yaml b/releasenotes/notes/tox-lock-ansible-lint-version-619c2a48e6f0c5d6.yaml deleted file mode 100644 index 7c9d66d..0000000 --- a/releasenotes/notes/tox-lock-ansible-lint-version-619c2a48e6f0c5d6.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -fixes: - - Lock ansible-lint package version in tox diff --git a/releasenotes/notes/update-regex-of-generating-secrets-for-missing-variables-e76187195d20350d.yaml b/releasenotes/notes/update-regex-of-generating-secrets-for-missing-variables-e76187195d20350d.yaml deleted file mode 100644 index 0051a29..0000000 --- a/releasenotes/notes/update-regex-of-generating-secrets-for-missing-variables-e76187195d20350d.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -fixes: - - Skip variables of keepalived vip and interface from secret generating and - use br-ex for keepalived_interface. diff --git a/releasenotes/notes/upgrade-kube-prometheus-stack-b5eac8346cc693b6.yaml b/releasenotes/notes/upgrade-kube-prometheus-stack-b5eac8346cc693b6.yaml deleted file mode 100644 index 12209d7..0000000 --- a/releasenotes/notes/upgrade-kube-prometheus-stack-b5eac8346cc693b6.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -fixes: - - Upgrade ``kube-prometheus-stack`` to ``36.2.0`` and add Ceph monitoring. diff --git a/releasenotes/notes/use-symbolic-link-for-adm-cfg-94f57076773d7864.yaml b/releasenotes/notes/use-symbolic-link-for-adm-cfg-94f57076773d7864.yaml deleted file mode 100644 index 2e3d646..0000000 --- a/releasenotes/notes/use-symbolic-link-for-adm-cfg-94f57076773d7864.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -fixes: - - | - Use symbolic link for kube admin config, instead of copy and maintain - two identical file. `/root/.kube/config` is now a symbolic link of file - `/etc/kubernetes/admin.conf`. This will prevent any unsync file issue. - diff --git a/releasenotes/notes/zuul-fix-image-manifest-creation-d27b972f00fba609.yaml b/releasenotes/notes/zuul-fix-image-manifest-creation-d27b972f00fba609.yaml deleted file mode 100644 index 9371f12..0000000 --- a/releasenotes/notes/zuul-fix-image-manifest-creation-d27b972f00fba609.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -fixes: - - Fix image manifest creation in zuul CI diff --git a/roles/build_openstack_requirements/defaults/main.yml b/roles/build_openstack_requirements/defaults/main.yml deleted file mode 100644 index e9afac1..0000000 --- a/roles/build_openstack_requirements/defaults/main.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: build_openstack_requirements_wheels_directory [[[ -# -# Root directory where all work for wheels is built. -build_openstack_requirements_wheels_directory: /tmp - - # ]]] -# .. envvar:: build_openstack_requirements_wheels_folder [[[ -# -# Folder name inside the ``build_openstack_requirements_wheels_directory`` -build_openstack_requirements_wheels_folder: - wheels-{{ build_openstack_requirements_release }}-{{ ansible_distribution_release }}-{{ ansible_architecture }} - - # ]]] -# .. envvar:: build_openstack_requirements_wheels_path [[[ -# -# Path to generate the wheels inside of -build_openstack_requirements_wheels_path: - "{{ build_openstack_requirements_wheels_directory }}/{{ build_openstack_requirements_wheels_folder }}" - - # ]]] -# .. envvar:: build_openstack_requirements_archive_path [[[ -# -# Path to the archive of the wheels -build_openstack_requirements_archive_path: - "{{ build_openstack_requirements_wheels_path }}.tar.gz" - - # ]]] diff --git a/roles/build_openstack_requirements/tasks/main.yml b/roles/build_openstack_requirements/tasks/main.yml deleted file mode 100644 index 46d9a80..0000000 --- a/roles/build_openstack_requirements/tasks/main.yml +++ /dev/null @@ -1,105 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Generate temporary file for upper-constraints.txt - ansible.builtin.tempfile: - state: file - prefix: upper-constraints- - register: _upper_constraints_file - -- name: Fetch the exact version of upper-constraints.txt - ansible.builtin.get_url: - url: "https://releases.openstack.org/constraints/upper/{{ build_openstack_requirements_release }}" - dest: "{{ _upper_constraints_file.path }}" - mode: 0644 - -- name: Install Ubuntu Cloud Archive keyring - become: true - ansible.builtin.apt: - name: ubuntu-cloud-keyring - state: present - -- name: Add the Ubuntu Cloud Archive repository - become: true - ansible.builtin.apt_repository: - repo: deb http://ubuntu-cloud.archive.canonical.com/ubuntu {{ ansible_distribution_release }}-updates/{{ _uca_release }} main - state: present - vars: - # NOTE(mnaser): If we're building master, we'll use the latest possible Ubuntu cloud archive. - _uca_release: "{{ (build_openstack_requirements_release == 'master') | ternary('yoga', build_openstack_requirements_release) }}" - -- name: Install build requirements - become: true - ansible.builtin.apt: - name: - - liberasurecode-dev - - libkrb5-dev - - libldap2-dev - - libnss3-dev - - libpcre3-dev - - libsasl2-dev - - libssl-dev - - libsystemd-dev - - libvirt-dev - - pkg-config - state: present - -- name: Remove certain dependencies from upper-constraints.txt - ansible.builtin.lineinfile: - path: "{{ _upper_constraints_file.path }}" - regexp: "^{{ item.name }}" - state: absent - when: item.when | default(true) - loop: - # confluent-kafka-python requires librdkafka v1.6.0 or later. - - name: confluent-kafka - when: ansible_architecture == 'aarch64' - # We don't support or use PostgreSQL - - name: psycopg2 - # Not used in any projects that we build - - name: grpcio - - name: APScheduler - -- name: Generate temporary directory for wheels - ansible.builtin.file: - path: "{{ build_openstack_requirements_wheels_path }}" - state: directory - mode: 0755 - -- name: Build all wheels - changed_when: false - ansible.builtin.command: - pip wheel --no-deps -r {{ _upper_constraints_file.path }} - args: - chdir: "{{ build_openstack_requirements_wheels_path }}" - environment: - CASS_DRIVER_BUILD_CONCURRENCY: "{{ ansible_processor_vcpus }}" - MAKEFLAGS: "-j{{ ansible_processor_vcpus }}" - -- name: Build wheels for extra packages - changed_when: false - ansible.builtin.command: - pip wheel --no-deps -c {{ _upper_constraints_file.path }} uwsgi - args: - chdir: "{{ build_openstack_requirements_wheels_path }}" - environment: - MAKEFLAGS: "-j{{ ansible_processor_vcpus }}" - -- name: Create archive with all wheels - # TODO(mnaser): Switch this to "community.general.archive" once Zuul is using - # a new enough Ansible. - archive: - path: "{{ build_openstack_requirements_wheels_path }}/*.whl" - dest: "{{ build_openstack_requirements_archive_path }}" - mode: 0644 diff --git a/roles/ceph_csi_rbd/defaults/main.yml b/roles/ceph_csi_rbd/defaults/main.yml deleted file mode 100644 index 3dd8f08..0000000 --- a/roles/ceph_csi_rbd/defaults/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: ceph_csi_rbd_ceph_fsid [[[ -# -# Filesystem ID for Ceph cluster -ceph_csi_rbd_ceph_fsid: "{{ ceph_mon_fsid }}" - - # ]]] -# .. envvar:: ceph_csi_rbd_mons_group [[[ -# -# Ansible group that contains all Ceph monitors -ceph_csi_rbd_mons_group: controllers - - # ]]] -# .. envvar:: ceph_csi_rbd_id [[[ -# -# ID of the Ceph CSI RBD user -ceph_csi_rbd_id: kube - - # ]]] -# .. envvar:: ceph_csi_rbd_user [[[ -# -# Name of Ceph user to use for Ceph CSI RBD -ceph_csi_rbd_user: "client.{{ ceph_csi_rbd_id }}" - - # ]]] -# .. envvar:: ceph_csi_rbd_pool [[[ -# -# Name of Ceph pool to use for Ceph CSI RBD -ceph_csi_rbd_pool: kube - - # ]]] diff --git a/roles/ceph_csi_rbd/meta/main.yml b/roles/ceph_csi_rbd/meta/main.yml deleted file mode 100644 index 9ad753d..0000000 --- a/roles/ceph_csi_rbd/meta/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for Ceph CSI RBD - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal diff --git a/roles/ceph_csi_rbd/tasks/main.yml b/roles/ceph_csi_rbd/tasks/main.yml deleted file mode 100644 index 5cdcbd4..0000000 --- a/roles/ceph_csi_rbd/tasks/main.yml +++ /dev/null @@ -1,105 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Collect "ceph mon dump" output from a monitor - delegate_to: "{{ groups[ceph_csi_rbd_mons_group][0] }}" - run_once: true - ansible.builtin.command: ceph mon dump -f json - changed_when: false - register: _ceph_mon_dump - -- name: Generate fact with list of Ceph monitors - run_once: true - ansible.builtin.set_fact: - ceph_monitors: "{{ _ceph_mon_dump.stdout | from_json | community.general.json_query('mons[*].addr') | map('regex_replace', '(.*):(.*)', '\\1') }}" - -- name: Create Ceph pool - delegate_to: "{{ groups[ceph_csi_rbd_mons_group][0] }}" - vexxhost.atmosphere.ceph_pool: - name: "{{ ceph_csi_rbd_pool }}" - rule_name: "{{ ceph_csi_rbd_rule_name | default(omit) }}" - application: rbd - pg_autoscale_mode: "on" - -- name: Create {{ ceph_csi_rbd_user }} user - delegate_to: "{{ groups[ceph_csi_rbd_mons_group][0] }}" - vexxhost.atmosphere.ceph_key: - name: "{{ ceph_csi_rbd_user }}" - caps: - mon: profile rbd - mgr: profile rbd pool={{ ceph_csi_rbd_pool }} - osd: profile rbd pool={{ ceph_csi_rbd_pool }} - -- name: Retrieve {{ ceph_csi_rbd_user }} keyring - delegate_to: "{{ groups[ceph_csi_rbd_mons_group][0] }}" - vexxhost.atmosphere.ceph_key: - name: "{{ ceph_csi_rbd_user }}" - state: info - output_format: json - register: _ceph_key - -- name: Store keyring inside fact - ansible.builtin.set_fact: - _ceph_rbd_csi_ceph_keyring: "{{ _ceph_key.stdout | from_json | first }}" - -- name: Deploy Helm chart - kubernetes.core.k8s: - state: present - definition: - - apiVersion: source.toolkit.fluxcd.io/v1beta2 - kind: HelmRepository - metadata: - name: ceph - namespace: kube-system - spec: - interval: 60s - url: https://ceph.github.io/csi-charts - - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - metadata: - name: ceph-csi-rbd - namespace: kube-system - spec: - interval: 60s - chart: - spec: - chart: ceph-csi-rbd - version: 3.5.1 - sourceRef: - kind: HelmRepository - name: ceph - values: - csiConfig: - - clusterID: "{{ ceph_csi_rbd_ceph_fsid }}" - monitors: "{{ ceph_monitors }}" - nodeplugin: - httpMetrics: - containerPort: 8081 - provisioner: - nodeSelector: - openstack-control-plane: enabled - storageClass: - create: true - name: general - annotations: - storageclass.kubernetes.io/is-default-class: "true" - clusterID: "{{ ceph_csi_rbd_ceph_fsid }}" - pool: "{{ ceph_csi_rbd_pool }}" - mountOptions: - - discard - secret: - create: true - userID: "{{ ceph_csi_rbd_id }}" - userKey: "{{ _ceph_rbd_csi_ceph_keyring.key }}" diff --git a/roles/ceph_mgr/tasks/main.yml b/roles/ceph_mgr/tasks/main.yml deleted file mode 100644 index 725c1ad..0000000 --- a/roles/ceph_mgr/tasks/main.yml +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: install packages - ansible.builtin.apt: - name: ["ceph-mgr"] - install_recommends: false - -- name: create manager folder - ansible.builtin.file: - path: "/var/lib/ceph/mgr/ceph-{{ inventory_hostname_short }}" - state: directory - owner: ceph - group: ceph - mode: 0700 - -- name: Create Ceph manager keyring - vexxhost.atmosphere.ceph_key: - name: "mgr.{{ inventory_hostname_short }}" - dest: "/var/lib/ceph/mgr/ceph-{{ inventory_hostname_short }}/keyring" - caps: - mon: allow profile mgr - osd: allow * - mds: allow * - owner: ceph - group: ceph - -- name: ensure permissions are fixed - ansible.builtin.file: - path: "/var/lib/ceph/mon/ceph-{{ inventory_hostname_short }}" - owner: ceph - group: ceph - recurse: true - -- name: enable and start service - ansible.builtin.service: - name: "ceph-mgr@{{ inventory_hostname_short }}" - state: started - enabled: true diff --git a/roles/ceph_mon/defaults/main.yml b/roles/ceph_mon/defaults/main.yml deleted file mode 100644 index 86c1717..0000000 --- a/roles/ceph_mon/defaults/main.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: ceph_mon_group [[[ -# -# Name of Ansible group that contains all Ceph monitors -ceph_mon_group: controllers - - # ]]] -# .. envvar:: ceph_mon_cluster_network [[[ -# -# Cluster (replication) network used by Ceph -ceph_mon_cluster_network: "{{ ceph_mon_public_network }}" - - # ]]] diff --git a/roles/ceph_mon/tasks/bootstrap-ceph.yml b/roles/ceph_mon/tasks/bootstrap-ceph.yml deleted file mode 100644 index 19ab74a..0000000 --- a/roles/ceph_mon/tasks/bootstrap-ceph.yml +++ /dev/null @@ -1,109 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# TODO(mnaser): Move to using vexxhost.atmosphere.ceph_key -- name: create monitor keyring - ansible.builtin.command: - ceph-authtool --gen-key --create-keyring - --name mon. - --cap mon 'allow *' - /tmp/ceph.mon.keyring - args: - creates: /tmp/ceph.mon.keyring - when: - - inventory_hostname == groups[ceph_mon_group][0] - -# TODO(mnaser): Move to using vexxhost.atmosphere.ceph_key -- name: create admin keyring - ansible.builtin.command: - ceph-authtool --gen-key --create-keyring - --name client.admin - --cap mon 'allow *' - --cap osd 'allow *' - --cap mds 'allow *' - --cap mgr 'allow *' - /etc/ceph/ceph.client.admin.keyring - args: - creates: /etc/ceph/ceph.client.admin.keyring - when: - - inventory_hostname == groups[ceph_mon_group][0] - -# TODO(mnaser): Move to using vexxhost.atmosphere.ceph_key -- name: create bootstrap-osd keyring - ansible.builtin.command: - ceph-authtool --gen-key --create-keyring - --name client.bootstrap-osd - --cap mon 'profile bootstrap-osd' - --cap mgr 'allow r' - /var/lib/ceph/bootstrap-osd/ceph.keyring - args: - creates: /var/lib/ceph/bootstrap-osd/ceph.keyring - when: - - inventory_hostname == groups[ceph_mon_group][0] - -# TODO(mnaser): Move to using vexxhost.atmosphere.ceph_key -- name: add admin keyring to monitor - ansible.builtin.command: - ceph-authtool --import-keyring /etc/ceph/ceph.client.admin.keyring - /tmp/ceph.mon.keyring - when: - - inventory_hostname == groups[ceph_mon_group][0] - -# TODO(mnaser): Move to using vexxhost.atmosphere.ceph_key -- name: add bootstrap-osd keyring to monitor - ansible.builtin.command: - ceph-authtool --import-keyring /var/lib/ceph/bootstrap-osd/ceph.keyring - /tmp/ceph.mon.keyring - when: - - inventory_hostname == groups[ceph_mon_group][0] - -- name: create monmap - ansible.builtin.command: - monmaptool --create - --fsid {{ ceph_mon_fsid }} - --add {{ inventory_hostname_short }} {{ ceph_mon_ip_address }} - /tmp/monmap - args: - creates: /tmp/monmap - when: - - inventory_hostname == groups[ceph_mon_group][0] - -- name: create monitor folder - ansible.builtin.file: - path: "/var/lib/ceph/mon/ceph-{{ inventory_hostname_short }}" - state: directory - owner: ceph - group: ceph - mode: 0700 - when: - - inventory_hostname == groups[ceph_mon_group][0] - -- name: configure mon initial members - community.general.ini_file: - path: /etc/ceph/ceph.conf - section: global - option: mon initial members - value: "{{ inventory_hostname_short }}" - owner: ceph - group: ceph - mode: 0640 - -- name: start monitor - ansible.builtin.include_tasks: start-monitor.yml - when: - - inventory_hostname == groups[ceph_mon_group][0] - -- name: set bootstrap node - ansible.builtin.set_fact: - _ceph_mon_bootstrap_node: "{{ groups[ceph_mon_group][0] }}" diff --git a/roles/ceph_mon/tasks/main.yml b/roles/ceph_mon/tasks/main.yml deleted file mode 100644 index 90cdfc2..0000000 --- a/roles/ceph_mon/tasks/main.yml +++ /dev/null @@ -1,92 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: install packages - ansible.builtin.apt: - name: ["ceph-mon"] - install_recommends: false - -- name: set ceph monitor ip address - ansible.builtin.set_fact: - ceph_mon_ip_address: "{{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr(ceph_mon_public_network) | first }}" - -- name: generate basic configuration file - community.general.ini_file: - path: /etc/ceph/ceph.conf - section: global - option: "{{ item.option }}" - value: "{{ item.value }}" - owner: ceph - group: ceph - mode: 0640 - loop: - - option: fsid - value: "{{ ceph_mon_fsid }}" - - option: mon host - value: "{{ groups[ceph_mon_group] | map('extract', hostvars, ['ceph_mon_ip_address']) | join(',') }}" - - option: public network - value: "{{ ceph_mon_public_network }}" - - option: cluster network - value: "{{ ceph_mon_cluster_network }}" - -- name: check if any node is bootstrapped - ansible.builtin.stat: - path: "/var/lib/ceph/mon/ceph-{{ hostvars[item]['inventory_hostname_short'] }}/store.db" - register: _ceph_mon_stat - loop: "{{ groups[ceph_mon_group] }}" - delegate_to: "{{ item }}" - -- name: select pre-existing bootstrap node if exists - ansible.builtin.set_fact: - _ceph_mon_bootstrap_node: "{{ _ceph_mon_stat.results | selectattr('stat.exists', 'equalto', true) | map(attribute='item') | first }}" - when: - - _ceph_mon_stat.results | selectattr('stat.exists', 'equalto', true) | length > 0 - -- name: bootstrap cluster - ansible.builtin.include_tasks: bootstrap-ceph.yml - when: - - _ceph_mon_stat.results | selectattr('stat.exists', 'equalto', true) | length == 0 - -- name: grab admin keyring - delegate_to: "{{ _ceph_mon_bootstrap_node }}" - ansible.builtin.slurp: - src: /etc/ceph/ceph.client.admin.keyring - register: _ceph_mon_admin_keyring - when: inventory_hostname != _ceph_mon_bootstrap_node - -- name: upload client.admin keyring - ansible.builtin.copy: - content: "{{ _ceph_mon_admin_keyring['content'] | b64decode }}" - dest: /etc/ceph/ceph.client.admin.keyring - mode: 0600 - when: inventory_hostname != _ceph_mon_bootstrap_node - -- name: get monitor keyring - ansible.builtin.command: ceph auth get mon. -o /tmp/ceph.mon.keyring - changed_when: false - when: inventory_hostname != _ceph_mon_bootstrap_node - -- name: get monmap keyring - ansible.builtin.command: ceph mon getmap -o /tmp/monmap - changed_when: false - when: inventory_hostname != _ceph_mon_bootstrap_node - -- name: start monitor - ansible.builtin.include_tasks: start-monitor.yml - when: inventory_hostname != _ceph_mon_bootstrap_node - -- name: enable msgr2 - ansible.builtin.command: ceph mon enable-msgr2 - changed_when: false - when: inventory_hostname == _ceph_mon_bootstrap_node diff --git a/roles/ceph_mon/tasks/start-monitor.yml b/roles/ceph_mon/tasks/start-monitor.yml deleted file mode 100644 index d2f46a0..0000000 --- a/roles/ceph_mon/tasks/start-monitor.yml +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: mkfs monitor - ansible.builtin.shell: | - ceph-mon --mkfs -i {{ inventory_hostname_short }} --monmap /tmp/monmap --keyring /tmp/ceph.mon.keyring - args: - creates: "/var/lib/ceph/mon/ceph-{{ inventory_hostname_short }}/store.db" - -- name: ensure permissions are fixed - ansible.builtin.file: - path: "/var/lib/ceph/mon/ceph-{{ inventory_hostname_short }}" - owner: ceph - group: ceph - recurse: true - -# NOTE(mnaser): https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1917414/comments/30 -- name: workaround for aarch64 systems - community.general.ini_file: - path: /lib/systemd/system/ceph-mon@.service - section: Service - option: MemoryDenyWriteExecute - value: false - owner: ceph - group: ceph - mode: 0644 - register: _ceph_aarch64_fix - when: ansible_architecture == 'aarch64' - -- name: enable and start service - ansible.builtin.service: - name: "ceph-mon@{{ inventory_hostname_short }}" - state: started - enabled: true - daemon_reload: "{{ _ceph_aarch64_fix.changed }}" diff --git a/roles/ceph_osd/defaults/main.yml b/roles/ceph_osd/defaults/main.yml deleted file mode 100644 index 9671346..0000000 --- a/roles/ceph_osd/defaults/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: ceph_osd_mons_group [[[ -# -# Name of Ansible group that contains all Ceph monitors -ceph_osd_mons_group: controllers - - # ]]] diff --git a/roles/ceph_osd/tasks/main.yml b/roles/ceph_osd/tasks/main.yml deleted file mode 100644 index e67a6b6..0000000 --- a/roles/ceph_osd/tasks/main.yml +++ /dev/null @@ -1,104 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: install packages - ansible.builtin.apt: - name: ["udev", "ceph-osd"] - install_recommends: false - -- name: grab ceph fsid from monitors - delegate_to: "{{ groups[ceph_osd_mons_group][0] }}" - register: _ceph_fsid - changed_when: false - ansible.builtin.command: ceph fsid - -- name: Collect "ceph mon dump" output from a monitor - delegate_to: "{{ groups[ceph_osd_mons_group][0] }}" - run_once: true - ansible.builtin.command: ceph mon dump -f json - changed_when: false - register: _ceph_mon_dump - -- name: Generate fact with list of Ceph monitors - run_once: true - ansible.builtin.set_fact: - ceph_monitors: "{{ _ceph_mon_dump.stdout | from_json | community.general.json_query('mons[*].addr') | map('regex_replace', '(.*):(.*)', '\\1') }}" - -- name: generate basic configuration file - community.general.ini_file: - path: /etc/ceph/ceph.conf - section: global - option: "{{ item.option }}" - value: "{{ item.value }}" - owner: ceph - group: ceph - mode: 0640 - loop: - - option: fsid - value: "{{ _ceph_fsid.stdout | trim }}" - - option: mon host - value: "{{ ceph_monitors | join(',') }}" - -- name: grab bootstrap-osd from monitors - delegate_to: "{{ groups[ceph_osd_mons_group][0] }}" - register: _ceph_bootstrap_osd_keyring - changed_when: false - ansible.builtin.command: ceph auth get client.bootstrap-osd - -- name: install bootstrap-osd keyring - ansible.builtin.copy: - content: "{{ _ceph_bootstrap_osd_keyring.stdout }}\n" - dest: /var/lib/ceph/bootstrap-osd/ceph.keyring - owner: ceph - group: ceph - mode: 0640 - -- name: workaround to allow usage of loop devices - ansible.builtin.replace: - path: /usr/lib/python3/dist-packages/ceph_volume/util/disk.py - regexp: "'mpath']" - replace: "'mpath', 'loop']" - owner: ceph - group: ceph - mode: 0640 - when: molecule | default(false) - -# NOTE(mnaser): https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1917414/comments/30 -- name: workaround for aarch64 systems - community.general.ini_file: - path: /lib/systemd/system/ceph-osd@.service - section: Service - option: MemoryDenyWriteExecute - value: false - owner: ceph - group: ceph - mode: 0644 - register: _ceph_aarch64_fix - when: ansible_architecture == 'aarch64' - -- name: reload systemd - ansible.builtin.service: - daemon_reload: "{{ _ceph_aarch64_fix.changed }}" - -- name: get which devices don't contain osds - register: _ceph_osd_check - failed_when: false - changed_when: false - ansible.builtin.command: /usr/sbin/ceph-volume lvm list {{ item }} - loop: "{{ ceph_osd_devices }}" - -- name: create osds for volumes which are not setup - changed_when: true - ansible.builtin.command: /usr/sbin/ceph-volume lvm create --data {{ item }} - loop: "{{ _ceph_osd_check.results | selectattr('rc', 'equalto', 1) | map(attribute='item') }}" diff --git a/roles/ceph_repository/defaults/main.yml b/roles/ceph_repository/defaults/main.yml deleted file mode 100644 index 63c9290..0000000 --- a/roles/ceph_repository/defaults/main.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: ceph_repository_apt_key [[[ -# -# Ceph APT repository GPG key -ceph_repository_apt_key: "https://download.ceph.com/keys/release.asc" - - # ]]] -# .. envvar:: ceph_repository_url [[[ -# -# Ceph APT repository URL -ceph_repository_url: https://download.ceph.com/debian-pacific/ - - # ]]] -# .. envvar:: ceph_repository_version [[[ -# -# Ceph version to pin package manager to -ceph_repository_version: 16.2.9 - - # ]]] diff --git a/roles/ceph_repository/tasks/main.yml b/roles/ceph_repository/tasks/main.yml deleted file mode 100644 index 72714db..0000000 --- a/roles/ceph_repository/tasks/main.yml +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: install packages - ansible.builtin.apt: - name: ["gnupg"] - install_recommends: false - -- name: add apt key - ansible.builtin.apt_key: - url: "{{ ceph_repository_apt_key }}" - state: present - -- name: configure version pinning - ansible.builtin.template: - src: apt-preferences.j2 - dest: /etc/apt/preferences.d/ceph - mode: 0644 - -- name: add apt repository - ansible.builtin.apt_repository: - repo: "deb {{ ceph_repository_url }} {{ ansible_distribution_release }} main" - state: present diff --git a/roles/ceph_repository/templates/apt-preferences.j2 b/roles/ceph_repository/templates/apt-preferences.j2 deleted file mode 100644 index 91d6b11..0000000 --- a/roles/ceph_repository/templates/apt-preferences.j2 +++ /dev/null @@ -1,11 +0,0 @@ -Package: ceph-mon -Pin: version {{ ceph_repository_version }}-* -Pin-Priority: 1000 - -Package: ceph-mgr -Pin: version {{ ceph_repository_version }}-* -Pin-Priority: 1000 - -Package: ceph-osd -Pin: version {{ ceph_repository_version }}-* -Pin-Priority: 1000 \ No newline at end of file diff --git a/roles/cert_manager/defaults/main.yml b/roles/cert_manager/defaults/main.yml deleted file mode 100644 index 183b22d..0000000 --- a/roles/cert_manager/defaults/main.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: cert_manager_acme_server [[[ -# -# ACME server URL -cert_manager_acme_server: "{{ lookup('env', 'ATMOSPHERE_ACME_SERVER') | default('https://acme-v02.api.letsencrypt.org/directory', True) }}" - - # ]]] -# .. envvar:: cert_manager_issuer [[[ -# -# Definition for the ``cert-manager`` issuer -# To use self-signed CA certificate, set cert_manager_issuer.ca.secretName as root-secret. -cert_manager_issuer: - acme: - email: mnaser@vexxhost.com - server: "{{ cert_manager_acme_server }}" - privateKeySecretRef: - name: issuer-account-key - solvers: - - http01: - ingress: - class: openstack - - # ]]] diff --git a/roles/cert_manager/meta/main.yml b/roles/cert_manager/meta/main.yml deleted file mode 100644 index a8f7def..0000000 --- a/roles/cert_manager/meta/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for cert-manager - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal diff --git a/roles/cert_manager/tasks/main.yml b/roles/cert_manager/tasks/main.yml deleted file mode 100644 index c2ff92d..0000000 --- a/roles/cert_manager/tasks/main.yml +++ /dev/null @@ -1,154 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Create namespace - kubernetes.core.k8s: - state: present - definition: - apiVersion: v1 - kind: Namespace - metadata: - name: cert-manager - -- name: Deploy Helm chart - kubernetes.core.k8s: - state: present - definition: - - apiVersion: source.toolkit.fluxcd.io/v1beta2 - kind: HelmRepository - metadata: - name: jetstack - namespace: cert-manager - spec: - interval: 60s - url: https://charts.jetstack.io - - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - metadata: - name: cert-manager - namespace: cert-manager - spec: - interval: 60s - chart: - spec: - chart: cert-manager - version: v1.7.1 - sourceRef: - kind: HelmRepository - name: jetstack - install: - crds: CreateReplace - upgrade: - crds: CreateReplace - values: - installCRDs: true - volumes: - - name: etc-ssl-certs - hostPath: - path: /etc/ssl/certs - volumeMounts: - - name: etc-ssl-certs - mountPath: /etc/ssl/certs - readOnly: true - nodeSelector: - openstack-control-plane: enabled - webhook: - nodeSelector: - openstack-control-plane: enabled - cainjector: - nodeSelector: - openstack-control-plane: enabled - startupapicheck: - nodeSelector: - openstack-control-plane: enabled - -- name: Create Issuer - kubernetes.core.k8s: - state: present - definition: - apiVersion: cert-manager.io/v1 - kind: Issuer - metadata: - name: openstack - namespace: openstack - spec: "{{ cert_manager_issuer }}" - # NOTE(mnaser): Since we haven't moved to the operator pattern yet, we need to - # keep retrying a few times as the CRDs might not be installed - # yet. - retries: 60 - delay: 5 - register: _result - until: _result is not failed - -- name: Bootstrap self-signed PKI - block: - - name: Create self-signed issuer - kubernetes.core.k8s: - state: present - definition: - apiVersion: cert-manager.io/v1 - kind: ClusterIssuer - metadata: - name: selfsigned-issuer - spec: - selfSigned: {} - - - name: Bootstrap a custom root certificate for a private PKI - kubernetes.core.k8s: - state: present - definition: - apiVersion: cert-manager.io/v1 - kind: Certificate - metadata: - name: selfsigned-ca - namespace: openstack - spec: - isCA: true - commonName: selfsigned-ca - secretName: root-secret - duration: 86400h # 3600d - renewBefore: 360h # 15d - privateKey: - algorithm: ECDSA - size: 256 - issuerRef: - name: selfsigned-issuer - kind: ClusterIssuer - group: cert-manager.io - - - name: Wait till the root secret is created - kubernetes.core.k8s_info: - api_version: v1 - kind: Secret - wait: true - name: root-secret - namespace: openstack - wait_sleep: 10 - wait_timeout: 300 - register: _openstack_helm_root_secret - - - name: Copy CA certificate on host - ansible.builtin.copy: - content: "{{ _openstack_helm_root_secret.resources[0].data['tls.crt'] | b64decode }}" - dest: "/usr/local/share/ca-certificates/self-signed-osh-ca.crt" - mode: "0644" - - - name: Update ca certificates on host - ansible.builtin.command: - cmd: update-ca-certificates - changed_when: false - when: - - cert_manager_issuer.ca.secretName is defined - - cert_manager_issuer.ca.secretName == "root-secret" diff --git a/roles/cilium/meta/main.yml b/roles/cilium/meta/main.yml deleted file mode 100644 index 0db2ae7..0000000 --- a/roles/cilium/meta/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for Cilium - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal diff --git a/roles/cilium/tasks/main.yml b/roles/cilium/tasks/main.yml deleted file mode 100644 index 170d1b4..0000000 --- a/roles/cilium/tasks/main.yml +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Configure Helm repository - kubernetes.core.helm_repository: - name: cilium - repo_url: https://helm.cilium.io/ - -- name: Deploy Helm chart - kubernetes.core.helm: - name: cilium - chart_ref: cilium/cilium - chart_version: 1.10.7 - release_namespace: kube-system - kubeconfig: /etc/kubernetes/admin.conf - values: - tunnel: geneve - operator: - nodeSelector: - openstack-control-plane: enabled diff --git a/roles/containerd/defaults/main.yml b/roles/containerd/defaults/main.yml deleted file mode 100644 index 2b742d1..0000000 --- a/roles/containerd/defaults/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: containerd_pause_image [[[ -# -# Image to use for ``containerd`` pause container -containerd_pause_image: k8s.gcr.io/pause:3.5 - - # ]]] diff --git a/roles/containerd/handlers/main.yml b/roles/containerd/handlers/main.yml deleted file mode 100644 index 4c5f7e3..0000000 --- a/roles/containerd/handlers/main.yml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Restart containerd - ansible.builtin.service: - name: containerd - state: restarted diff --git a/roles/containerd/tasks/main.yml b/roles/containerd/tasks/main.yml deleted file mode 100644 index 62ffbe2..0000000 --- a/roles/containerd/tasks/main.yml +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Add repository - ansible.builtin.apt_repository: - repo: "deb {{ containerd_repository_url }} {{ ansible_distribution_release }} main" - state: present - when: - - containerd_repository_url is defined - -- name: Install packages - ansible.builtin.apt: - name: containerd - state: present - -- name: Create folder for configuration - ansible.builtin.file: - path: /etc/containerd - state: directory - owner: root - group: root - mode: 0755 - notify: - - Restart containerd - -- name: Update pause image in configuration - ansible.builtin.template: - src: config.toml.j2 - dest: /etc/containerd/config.toml - owner: root - group: root - mode: 0644 - notify: - - Restart containerd - -- name: Force any restarts if necessary - ansible.builtin.meta: flush_handlers - -- name: Enable and start service - ansible.builtin.service: - name: containerd - enabled: true - state: started diff --git a/roles/containerd/templates/config.toml.j2 b/roles/containerd/templates/config.toml.j2 deleted file mode 100644 index 4ce5d20..0000000 --- a/roles/containerd/templates/config.toml.j2 +++ /dev/null @@ -1,5 +0,0 @@ -version = 2 - -[plugins] - [plugins."io.containerd.grpc.v1.cri"] - sandbox_image = "{{ containerd_pause_image }}" \ No newline at end of file diff --git a/roles/coredns/tasks/main.yml b/roles/coredns/tasks/main.yml deleted file mode 100644 index a3ca046..0000000 --- a/roles/coredns/tasks/main.yml +++ /dev/null @@ -1,119 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Deploy Helm chart - kubernetes.core.k8s: - state: present - definition: - - apiVersion: source.toolkit.fluxcd.io/v1beta2 - kind: HelmRepository - metadata: - name: coredns - namespace: openstack - spec: - interval: 60s - url: https://coredns.github.io/helm - - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - metadata: - name: neutron-coredns - namespace: openstack - spec: - interval: 60s - chart: - spec: - chart: coredns - version: 1.19.4 - sourceRef: - kind: HelmRepository - name: coredns - values: - replicaCount: 3 - prometheus: - service: - enabled: true - service: - name: neutron-coredns - clusterIP: 10.96.0.20 - isClusterService: false - servers: - - port: 53 - zones: - - zone: . - plugins: - - name: errors - - name: ready - - name: health - configBlock: |- - lameduck 5s - - name: prometheus - parameters: 0.0.0.0:9153 - - name: cache - - name: reload - - name: loadbalance - - name: forward - parameters: . 127.0.0.1:5301 127.0.0.1:5302 - - port: 5301 - zones: - - zone: . - plugins: - - name: forward - parameters: . tls://1.1.1.1 tls://1.0.0.1 - configBlock: |- - tls_servername cloudflare-dns.com - health_check 5s - - port: 5302 - zones: - - zone: . - plugins: - - name: forward - parameters: . tls://8.8.8.8 tls://8.8.4.4 - configBlock: |- - tls_servername dns.google - health_check 5s - nodeSelector: - openstack-control-plane: enabled - customLabels: - application: neutron - component: coredns - deployment: - name: neutron-coredns - - - apiVersion: monitoring.coreos.com/v1 - kind: ServiceMonitor - metadata: - name: neutron-coredns - namespace: monitoring - labels: - release: kube-prometheus-stack - spec: - jobLabel: app.kubernetes.io/name - endpoints: - - port: "metrics" - path: "/metrics" - relabelings: - - sourceLabels: ["__meta_kubernetes_pod_label_application"] - targetLabel: "application" - - sourceLabels: ["__meta_kubernetes_pod_name"] - targetLabel: "instance" - - action: "labeldrop" - regex: "^(container|endpoint|namespace|pod|service)$" - namespaceSelector: - matchNames: - - openstack - selector: - matchLabels: - app.kubernetes.io/name: coredns - app.kubernetes.io/component: metrics diff --git a/roles/csi/defaults/main.yml b/roles/csi/defaults/main.yml deleted file mode 100644 index 67dfc75..0000000 --- a/roles/csi/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -csi_driver: rbd diff --git a/roles/csi/meta/main.yml b/roles/csi/meta/main.yml deleted file mode 100644 index 73bb677..0000000 --- a/roles/csi/meta/main.yml +++ /dev/null @@ -1,29 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Meta role for managing CSI - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal - -dependencies: - - role: ceph_csi_rbd - when: csi_driver == "rbd" - - role: powerstore_csi - when: csi_driver == "powerstore" diff --git a/roles/flux/tasks/main.yml b/roles/flux/tasks/main.yml deleted file mode 100644 index bb89eff..0000000 --- a/roles/flux/tasks/main.yml +++ /dev/null @@ -1,10 +0,0 @@ -- name: Install Flux CLI - ansible.builtin.unarchive: - src: https://github.com/fluxcd/flux2/releases/download/v0.32.0/flux_0.32.0_linux_amd64.tar.gz - dest: /usr/local/bin - remote_src: true - -- name: Install Flux to cluster - run_once: true - changed_when: false - ansible.builtin.command: flux install diff --git a/roles/helm/defaults/main.yml b/roles/helm/defaults/main.yml deleted file mode 100644 index bd0af99..0000000 --- a/roles/helm/defaults/main.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: helm_repository_apt_key [[[ -# -# Helm APT repository GPG key -helm_repository_apt_key: https://baltocdn.com/helm/signing.asc - - # ]]] -# .. envvar:: helm_repository_url [[[ -# -# Helm APT repository URL -helm_repository_url: https://baltocdn.com/helm/stable/debian/ - - # ]]] -# .. envvar:: helm_version [[[ -# -# Helm version to use -helm_version: 3.8.0 - - # ]]] diff --git a/roles/helm/tasks/debian.yml b/roles/helm/tasks/debian.yml deleted file mode 100644 index 59df4d0..0000000 --- a/roles/helm/tasks/debian.yml +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: add apt key - ansible.builtin.apt_key: - url: "{{ helm_repository_apt_key }}" - state: present - -- name: configure version pinning - ansible.builtin.template: - src: apt-preferences.j2 - dest: /etc/apt/preferences.d/helm - mode: 0644 - -- name: Add package repository - ansible.builtin.apt_repository: - repo: "deb {{ helm_repository_url }} all main" - state: present - -- name: Install packages - ansible.builtin.apt: - name: ["git", "helm"] - install_recommends: false - -- name: add bash autocomplete for helm - ansible.builtin.lineinfile: - path: /root/.bashrc - line: 'source <(helm completion bash)' - insertbefore: EOF diff --git a/roles/helm/tasks/main.yml b/roles/helm/tasks/main.yml deleted file mode 100644 index d8cadc2..0000000 --- a/roles/helm/tasks/main.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Gather operating system facts - ansible.builtin.setup: - gather_subset: - - min - -- name: Install packages using operating system specific process - ansible.builtin.include_tasks: "{{ ansible_os_family | lower }}.yml" - -- name: install helm diff - kubernetes.core.helm_plugin: - plugin_path: https://github.com/databus23/helm-diff - state: present diff --git a/roles/helm/tasks/redhat.yml b/roles/helm/tasks/redhat.yml deleted file mode 100644 index 260a645..0000000 --- a/roles/helm/tasks/redhat.yml +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Add package repository - ansible.builtin.yum: - name: "https://harbottle.gitlab.io/harbottle-main/{{ ansible_distribution_major_version }}/x86_64/harbottle-main-release.rpm" - disable_gpg_check: true - state: present - -- name: Install packages - ansible.builtin.yum: - name: helm - state: present diff --git a/roles/helm/templates/apt-preferences.j2 b/roles/helm/templates/apt-preferences.j2 deleted file mode 100644 index f3b959a..0000000 --- a/roles/helm/templates/apt-preferences.j2 +++ /dev/null @@ -1,3 +0,0 @@ -Package: helm -Pin: version {{ helm_version }}-* -Pin-Priority: 1000 diff --git a/roles/helm_diff/tasks/main.yml b/roles/helm_diff/tasks/main.yml deleted file mode 100644 index 909e650..0000000 --- a/roles/helm_diff/tasks/main.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Retrieve values for current Helm release - kubernetes.core.helm_info: - name: "{{ helm_diff_release_name }}" - release_namespace: "{{ helm_diff_release_namespace }}" - register: _helm_diff_info - -- name: Generate diff between old and new values - ansible.utils.fact_diff: - before: "{{ _helm_diff_info.status['values'] }}" - after: "{{ helm_diff_values }}" - -- name: Pause until you can verify values are correct - ansible.builtin.pause: diff --git a/roles/ingress_nginx/meta/main.yml b/roles/ingress_nginx/meta/main.yml deleted file mode 100644 index 39fac40..0000000 --- a/roles/ingress_nginx/meta/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for ingress-nginx - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal diff --git a/roles/ingress_nginx/tasks/main.yml b/roles/ingress_nginx/tasks/main.yml deleted file mode 100644 index 73b1b7b..0000000 --- a/roles/ingress_nginx/tasks/main.yml +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Deploy Helm chart - kubernetes.core.k8s: - state: present - definition: - - apiVersion: source.toolkit.fluxcd.io/v1beta2 - kind: HelmRepository - metadata: - name: ingress-nginx - namespace: openstack - spec: - interval: 60s - url: https://kubernetes.github.io/ingress-nginx - - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - metadata: - name: ingress-nginx - namespace: openstack - spec: - interval: 60s - chart: - spec: - chart: ingress-nginx - version: 4.0.17 - sourceRef: - kind: HelmRepository - name: ingress-nginx - values: - controller: - config: - proxy-buffer-size: 16k - dnsPolicy: ClusterFirstWithHostNet - hostNetwork: true - ingressClassResource: - name: openstack - ingressClass: openstack - extraArgs: - default-ssl-certificate: ingress-nginx/wildcard - kind: DaemonSet - nodeSelector: - openstack-control-plane: enabled - service: - type: ClusterIP - admissionWebhooks: - port: 7443 - defaultBackend: - enabled: true diff --git a/roles/ipmi_exporter/defaults/main.yml b/roles/ipmi_exporter/defaults/main.yml deleted file mode 100644 index 7530b07..0000000 --- a/roles/ipmi_exporter/defaults/main.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: ipmi_exporter_config [[[ -# -# Configuration for the IPMI exporter -ipmi_exporter_config: - modules: - default: - collectors: ["bmc", "ipmi", "chassis", "sel"] - exclude_sensor_ids: - - 42 - - 45 # Entity Presence (Dell PowerEdge servers) - - 48 # Entity Presence (Dell PowerEdge servers) - - 49 # BP0 Presence (Dell PowerEdge servers) - - 50 - - 51 # BP2 Presence (Dell PowerEdge servers) - - 52 - - 54 - - 82 - - 164 - - 168 - - 178 # TPM Presence (Dell PowerEdge servers) - - 180 # TPM Presence (Dell PowerEdge servers) - - 182 # Entity Presence (Dell PowerEdge servers) - - 185 # Entity Presence (Dell PowerEdge servers) - - # ]]] -# .. envvar:: ipmi_exporter_image_repository [[[ -# -# Keepalived container image repository location -ipmi_exporter_image_repository: "{{ atmosphere_image_repository | default('us-docker.pkg.dev/vexxhost-infra/openstack') }}" - - # ]]] -# .. envvar:: ipmi_exporter_image_tag [[[ -# -# Keepalived container image tag -ipmi_exporter_image_tag: 1.4.0 - - # ]]] diff --git a/roles/ipmi_exporter/meta/main.yml b/roles/ipmi_exporter/meta/main.yml deleted file mode 100644 index c44b55c..0000000 --- a/roles/ipmi_exporter/meta/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for IPMI exporter - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal diff --git a/roles/ipmi_exporter/tasks/main.yml b/roles/ipmi_exporter/tasks/main.yml deleted file mode 100644 index 8c2ca9f..0000000 --- a/roles/ipmi_exporter/tasks/main.yml +++ /dev/null @@ -1,173 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Deploy service - kubernetes.core.k8s: - state: present - definition: - - apiVersion: v1 - kind: ConfigMap - metadata: - name: ipmi-exporter - namespace: monitoring - labels: - application: ipmi-exporter - data: - config.yml: "{{ ipmi_exporter_config | to_yaml }}" - - - apiVersion: apps/v1 - kind: DaemonSet - metadata: - name: ipmi-exporter - namespace: monitoring - labels: - application: ipmi-exporter - spec: - selector: - matchLabels: - application: ipmi-exporter - template: - metadata: - annotations: - config-hash: "{{ ipmi_exporter_config | to_yaml | hash('md5') }}" - labels: - application: ipmi-exporter - job: ipmi - spec: - containers: - - name: exporter - image: "{{ ipmi_exporter_image_repository }}/ipmi-exporter:{{ ipmi_exporter_image_tag }}" - ports: - - name: metrics - containerPort: 9290 - securityContext: - privileged: true - volumeMounts: - - name: dev-ipmi0 - mountPath: /dev/ipmi0 - - name: ipmi-exporter - mountPath: /config.yml - subPath: config.yml - volumes: - - name: dev-ipmi0 - hostPath: - path: /dev/ipmi0 - - name: ipmi-exporter - configMap: - name: ipmi-exporter - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: feature.node.kubernetes.io/cpu-cpuid.HYPERVISOR - operator: NotIn - values: ["true"] - - - apiVersion: monitoring.coreos.com/v1 - kind: PodMonitor - metadata: - name: ipmi-exporter - namespace: monitoring - labels: - application: ipmi-exporter - release: kube-prometheus-stack - spec: - jobLabel: job - podMetricsEndpoints: - - port: metrics - path: /metrics - interval: 60s - relabelings: - - sourceLabels: ["__meta_kubernetes_pod_node_name"] - targetLabel: instance - - action: labeldrop - regex: ^(container|endpoint|namespace|pod)$ - selector: - matchLabels: - application: ipmi-exporter - - - apiVersion: monitoring.coreos.com/v1 - kind: PrometheusRule - metadata: - name: ipmi-exporter - namespace: monitoring - labels: - application: ipmi-exporter - release: kube-prometheus-stack - spec: - groups: - - name: rules - rules: - - alert: IpmiCollectorDown - expr: ipmi_up == 0 - - name: collectors-state-warning - rules: - - alert: IpmiCurrent - expr: ipmi_current_state == 1 - labels: - severity: warning - - alert: IpmiFanSpeed - expr: ipmi_fan_speed_state == 1 - labels: - severity: warning - - alert: IpmiPower - expr: ipmi_power_state == 1 - labels: - severity: warning - - alert: IpmiSensor - expr: ipmi_sensor_state == 1 - labels: - severity: warning - - alert: IpmiTemperature - expr: ipmi_temperature_state == 1 - labels: - severity: warning - - alert: IpmiVoltage - expr: ipmi_voltage_state == 1 - labels: - severity: warning - - name: collectors-state-critical - rules: - - alert: IpmiCurrent - expr: ipmi_current_state == 2 - labels: - severity: critical - - alert: IpmiFanSpeed - expr: ipmi_fan_speed_state == 2 - labels: - severity: critical - - alert: IpmiPower - expr: ipmi_power_state == 2 - labels: - severity: critical - - alert: IpmiSensor - expr: ipmi_sensor_state == 2 - labels: - severity: critical - - alert: IpmiTemperature - expr: ipmi_temperature_state == 2 - labels: - severity: critical - - alert: IpmiVoltage - expr: ipmi_voltage_state == 2 - labels: - severity: critical - # NOTE(mnaser): Since we haven't moved to the operator pattern yet, we need to - # keep retrying a few times as the CRDs might not be installed - # yet. - retries: 60 - delay: 5 - register: _result - until: _result is not failed diff --git a/roles/keepalived/defaults/main.yml b/roles/keepalived/defaults/main.yml deleted file mode 100644 index 5fddd22..0000000 --- a/roles/keepalived/defaults/main.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: keepalived_enabled [[[ -# -# Enable Keepalived for the Atmosphere cluster. You can disable this if you -# are forwarding ports directly into the cluster from an external network. -keepalived_enabled: true - - # ]]] -# .. envvar:: keepalived_password [[[ -# -# Keepalived password -keepalived_password: "{{ undef(hint='You must specify a Keepalived password') }}" - - # ]]] -# .. envvar:: keepalived_vip [[[ -# -# Keepalived virtual IP address -keepalived_vip: "{{ undef(hint='You must specify a Keepalived virtual IP address') }}" - - # ]]] -# .. envvar:: keepalived_interface [[[ -# -# Keepalived virtual IP interface -keepalived_interface: "{{ undef(hint='You must specify a Keepalived virtual IP interface') }}" - - # ]]] -# .. envvar:: keepalived_image_repository [[[ -# -# Keepalived container image repository location -keepalived_image_repository: "{{ atmosphere_image_repository | default('us-docker.pkg.dev/vexxhost-infra/openstack') }}" - - # ]]] -# .. envvar:: keepalived_image_tag [[[ -# -# Keepalived container image tag -keepalived_image_tag: 2.0.19 - - # ]]] -# .. envvar:: keepalived_vrid [[[ -# -# Keepalived virtual router id -keepalived_vrid: 51 - - # ]]] diff --git a/roles/keepalived/meta/main.yml b/roles/keepalived/meta/main.yml deleted file mode 100644 index 39b6ca5..0000000 --- a/roles/keepalived/meta/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for keepalived - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal diff --git a/roles/keepalived/tasks/main.yml b/roles/keepalived/tasks/main.yml deleted file mode 100644 index dedddfc..0000000 --- a/roles/keepalived/tasks/main.yml +++ /dev/null @@ -1,181 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Deploy service - when: keepalived_enabled | bool - kubernetes.core.k8s: - state: present - definition: - - apiVersion: v1 - kind: Secret - metadata: - name: keepalived-etc - namespace: openstack - stringData: - keepalived.conf: | - global_defs { - default_interface {{ keepalived_interface }} - } - - vrrp_instance VI_1 { - interface {{ keepalived_interface }} - - state BACKUP - virtual_router_id {{ keepalived_vrid }} - priority 150 - nopreempt - - virtual_ipaddress { - {{ keepalived_vip }} - } - - authentication { - auth_type PASS - auth_pass {{ keepalived_password }} - } - } - - - apiVersion: v1 - kind: ConfigMap - metadata: - name: keepalived-bin - namespace: openstack - data: - wait-for-ip.sh: | - #!/bin/sh -x - - while true; do - ip -4 addr list dev {{ keepalived_interface }} | grep {{ keepalived_interface }} - - # We detected an IP address - if [ $? -eq 0 ]; then - break - fi - - sleep 1 - done - - - apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: keepalived - namespace: openstack - rules: - - apiGroups: - - "" - resources: - - pods - verbs: - - list - - get - - - apiVersion: v1 - automountServiceAccountToken: true - kind: ServiceAccount - metadata: - name: keepalived - namespace: openstack - - - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: keepalived - namespace: openstack - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: keepalived - subjects: - - kind: ServiceAccount - name: keepalived - namespace: openstack - - - apiVersion: apps/v1 - kind: DaemonSet - metadata: - name: keepalived - namespace: openstack - spec: - selector: - matchLabels: - application: keepalived - template: - metadata: - labels: - application: keepalived - spec: - automountServiceAccountToken: true - initContainers: - - name: init - image: "{{ keepalived_image_repository }}/kubernetes-entrypoint:latest" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: DEPENDENCY_POD_JSON - value: '[{"labels":{"application":"neutron","component":"neutron-ovs-agent"},"requireSameNode":true}]' - - name: wait-for-ip - image: "{{ keepalived_image_repository }}/keepalived:{{ keepalived_image_tag }}" - command: - - /bin/wait-for-ip.sh - volumeMounts: - - mountPath: /bin/wait-for-ip.sh - mountPropagation: None - name: keepalived-bin - readOnly: true - subPath: wait-for-ip.sh - containers: - - name: keepalived - image: "{{ keepalived_image_repository }}/keepalived:{{ keepalived_image_tag }}" - command: - - keepalived - - -f - - /etc/keepalived/keepalived.conf - - --dont-fork - - --log-console - - --log-detail - - --dump-conf - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_ADMIN - - NET_BROADCAST - - NET_RAW - volumeMounts: - - mountPath: /etc/keepalived - mountPropagation: None - name: keepalived-etc - readOnly: true - hostNetwork: true - nodeSelector: - openstack-control-plane: enabled - serviceAccountName: keepalived - volumes: - - name: keepalived-etc - secret: - optional: false - secretName: keepalived-etc - - configMap: - defaultMode: 0755 - name: keepalived-bin - optional: false - name: keepalived-bin diff --git a/roles/kube_prometheus_stack/defaults/main.yml b/roles/kube_prometheus_stack/defaults/main.yml deleted file mode 100644 index 3d0fef7..0000000 --- a/roles/kube_prometheus_stack/defaults/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: kube_prometheus_stack_values [[[ -# -# Overrides for Helm chart values -kube_prometheus_stack_values: {} - - # ]]] diff --git a/roles/kube_prometheus_stack/files/prometheus_alerts.yml b/roles/kube_prometheus_stack/files/prometheus_alerts.yml deleted file mode 100644 index 067f533..0000000 --- a/roles/kube_prometheus_stack/files/prometheus_alerts.yml +++ /dev/null @@ -1,870 +0,0 @@ -# NOTE(mnaser): Imported from upstream ceph/ceph, with the following changes: -# -# * Dropped `CephNodeNetworkPacketDrops` due to noisy alerts with -# no actionable items to fix it. -# * Dropped `CephNodeDiskspaceWarning` because we already have a -# few alerts like `NodeFilesystemSpaceFillingUp`, etc. -# -# https://raw.githubusercontent.com/ceph/ceph/v16.2.9/monitoring/ceph-mixin/prometheus_alerts.yml - -groups: - - name: cluster health - rules: - - alert: CephHealthError - expr: ceph_health_status == 2 - for: 5m - labels: - severity: critical - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.2.1 - annotations: - summary: Cluster is in an ERROR state - description: > - Ceph in HEALTH_ERROR state for more than 5 minutes. - Please check "ceph health detail" for more information. - - - alert: CephHealthWarning - expr: ceph_health_status == 1 - for: 15m - labels: - severity: warning - type: ceph_default - annotations: - summary: Cluster is in a WARNING state - description: > - Ceph has been in HEALTH_WARN for more than 15 minutes. - Please check "ceph health detail" for more information. - - - name: mon - rules: - - alert: CephMonDownQuorumAtRisk - expr: ((ceph_health_detail{name="MON_DOWN"} == 1) * on() (count(ceph_mon_quorum_status == 1) == bool (floor(count(ceph_mon_metadata) / 2) + 1))) == 1 - for: 30s - labels: - severity: critical - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.3.1 - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#mon-down - summary: Monitor quorum is at risk - description: | - {{ $min := query "floor(count(ceph_mon_metadata) / 2) +1" | first | value }}Quorum requires a majority of monitors (x {{ $min }}) to be active - Without quorum the cluster will become inoperable, affecting all connected clients and services. - - The following monitors are down: - {{- range query "(ceph_mon_quorum_status == 0) + on(ceph_daemon) group_left(hostname) (ceph_mon_metadata * 0)" }} - - {{ .Labels.ceph_daemon }} on {{ .Labels.hostname }} - {{- end }} - - alert: CephMonDown - expr: (count(ceph_mon_quorum_status == 0) <= (count(ceph_mon_metadata) - floor(count(ceph_mon_metadata) / 2) + 1)) - for: 30s - labels: - severity: warning - type: ceph_default - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#mon-down - summary: One of more ceph monitors are down - description: | - {{ $down := query "count(ceph_mon_quorum_status == 0)" | first | value }}{{ $s := "" }}{{ if gt $down 1.0 }}{{ $s = "s" }}{{ end }}You have {{ $down }} monitor{{ $s }} down. - Quorum is still intact, but the loss of further monitors will make your cluster inoperable. - - The following monitors are down: - {{- range query "(ceph_mon_quorum_status == 0) + on(ceph_daemon) group_left(hostname) (ceph_mon_metadata * 0)" }} - - {{ .Labels.ceph_daemon }} on {{ .Labels.hostname }} - {{- end }} - - alert: CephMonDiskspaceCritical - expr: ceph_health_detail{name="MON_DISK_CRIT"} == 1 - for: 1m - labels: - severity: critical - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.3.2 - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#mon-disk-crit - summary: Disk space on at least one monitor is critically low - description: | - The free space available to a monitor's store is critically low (<5% by default). - You should increase the space available to the monitor(s). The - default location for the store sits under /var/lib/ceph. Your monitor hosts are; - {{- range query "ceph_mon_metadata"}} - - {{ .Labels.hostname }} - {{- end }} - - - alert: CephMonDiskspaceLow - expr: ceph_health_detail{name="MON_DISK_LOW"} == 1 - for: 5m - labels: - severity: warning - type: ceph_default - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#mon-disk-low - summary: Disk space on at least one monitor is approaching full - description: | - The space available to a monitor's store is approaching full (>70% is the default). - You should increase the space available to the monitor store. The - default location for the store sits under /var/lib/ceph. Your monitor hosts are; - {{- range query "ceph_mon_metadata"}} - - {{ .Labels.hostname }} - {{- end }} - - - alert: CephMonClockSkew - expr: ceph_health_detail{name="MON_CLOCK_SKEW"} == 1 - for: 1m - labels: - severity: warning - type: ceph_default - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#mon-clock-skew - summary: Clock skew across the Monitor hosts detected - description: | - The ceph monitors rely on a consistent time reference to maintain - quorum and cluster consistency. This event indicates that at least - one of your mons is not sync'd correctly. - - Review the cluster status with ceph -s. This will show which monitors - are affected. Check the time sync status on each monitor host. - - - name: osd - rules: - - alert: CephOSDDownHigh - expr: count(ceph_osd_up == 0) / count(ceph_osd_up) * 100 >= 10 - labels: - severity: critical - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.4.1 - annotations: - summary: More than 10% of OSDs are down - description: | - {{ $value | humanize }}% or {{ with query "count(ceph_osd_up == 0)" }}{{ . | first | value }}{{ end }} of {{ with query "count(ceph_osd_up)" }}{{ . | first | value }}{{ end }} OSDs are down (>= 10%). - - The following OSDs are down: - {{- range query "(ceph_osd_up * on(ceph_daemon) group_left(hostname) ceph_osd_metadata) == 0" }} - - {{ .Labels.ceph_daemon }} on {{ .Labels.hostname }} - {{- end }} - - alert: CephOSDHostDown - expr: ceph_health_detail{name="OSD_HOST_DOWN"} == 1 - for: 5m - labels: - severity: warning - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.4.8 - annotations: - summary: An OSD host is offline - description: | - The following OSDs are down: - {{- range query "(ceph_osd_up * on(ceph_daemon) group_left(hostname) ceph_osd_metadata) == 0" }} - - {{ .Labels.hostname }} : {{ .Labels.ceph_daemon }} - {{- end }} - - alert: CephOSDDown - expr: ceph_health_detail{name="OSD_DOWN"} == 1 - for: 5m - labels: - severity: warning - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.4.2 - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#osd-down - summary: An OSD has been marked down/unavailable - description: | - {{ $num := query "count(ceph_osd_up == 0)" | first | value }}{{ $s := "" }}{{ if gt $num 1.0 }}{{ $s = "s" }}{{ end }}{{ $num }} OSD{{ $s }} down for over 5mins. - - The following OSD{{ $s }} {{ if eq $s "" }}is{{ else }}are{{ end }} down: - {{- range query "(ceph_osd_up * on(ceph_daemon) group_left(hostname) ceph_osd_metadata) == 0"}} - - {{ .Labels.ceph_daemon }} on {{ .Labels.hostname }} - {{- end }} - - - alert: CephOSDNearFull - expr: ceph_health_detail{name="OSD_NEARFULL"} == 1 - for: 5m - labels: - severity: warning - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.4.3 - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#osd-nearfull - summary: OSD(s) running low on free space (NEARFULL) - description: | - One or more OSDs have reached their NEARFULL threshold - - Use 'ceph health detail' to identify which OSDs have reached this threshold. - To resolve, either add capacity to the cluster, or delete unwanted data - - alert: CephOSDFull - expr: ceph_health_detail{name="OSD_FULL"} > 0 - for: 1m - labels: - severity: critical - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.4.6 - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#osd-full - summary: OSD(s) is full, writes blocked - description: | - An OSD has reached it's full threshold. Writes from all pools that share the - affected OSD will be blocked. - - To resolve, either add capacity to the cluster, or delete unwanted data - - alert: CephOSDBackfillFull - expr: ceph_health_detail{name="OSD_BACKFILLFULL"} > 0 - for: 1m - labels: - severity: warning - type: ceph_default - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#osd-backfillfull - summary: OSD(s) too full for backfill operations - description: | - An OSD has reached it's BACKFILL FULL threshold. This will prevent rebalance operations - completing for some pools. Check the current capacity utilisation with 'ceph df' - - To resolve, either add capacity to the cluster, or delete unwanted data - - alert: CephOSDTooManyRepairs - expr: ceph_health_detail{name="OSD_TOO_MANY_REPAIRS"} == 1 - for: 30s - labels: - severity: warning - type: ceph_default - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#osd-too-many-repairs - summary: OSD has hit a high number of read errors - description: | - Reads from an OSD have used a secondary PG to return data to the client, indicating - a potential failing disk. - - alert: CephOSDTimeoutsPublicNetwork - expr: ceph_health_detail{name="OSD_SLOW_PING_TIME_FRONT"} == 1 - for: 1m - labels: - severity: warning - type: ceph_default - annotations: - summary: Network issues delaying OSD heartbeats (public network) - description: | - OSD heartbeats on the cluster's 'public' network (frontend) are running slow. Investigate the network - for any latency issues on this subnet. Use 'ceph health detail' to show the affected OSDs. - - alert: CephOSDTimeoutsClusterNetwork - expr: ceph_health_detail{name="OSD_SLOW_PING_TIME_BACK"} == 1 - for: 1m - labels: - severity: warning - type: ceph_default - annotations: - summary: Network issues delaying OSD heartbeats (cluster network) - description: | - OSD heartbeats on the cluster's 'cluster' network (backend) are running slow. Investigate the network - for any latency issues on this subnet. Use 'ceph health detail' to show the affected OSDs. - - alert: CephOSDInternalDiskSizeMismatch - expr: ceph_health_detail{name="BLUESTORE_DISK_SIZE_MISMATCH"} == 1 - for: 1m - labels: - severity: warning - type: ceph_default - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#bluestore-disk-size-mismatch - summary: OSD size inconsistency error - description: | - One or more OSDs have an internal inconsistency between the size of the physical device and it's metadata. - This could lead to the OSD(s) crashing in future. You should redeploy the effected OSDs. - - alert: CephDeviceFailurePredicted - expr: ceph_health_detail{name="DEVICE_HEALTH"} == 1 - for: 1m - labels: - severity: warning - type: ceph_default - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#id2 - summary: Device(s) have been predicted to fail soon - description: | - The device health module has determined that one or more devices will fail - soon. To review the device states use 'ceph device ls'. To show a specific - device use 'ceph device info '. - - Mark the OSD as out (so data may migrate to other OSDs in the cluster). Once - the osd is empty remove and replace the OSD. - - alert: CephDeviceFailurePredictionTooHigh - expr: ceph_health_detail{name="DEVICE_HEALTH_TOOMANY"} == 1 - for: 1m - labels: - severity: critical - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.4.7 - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#device-health-toomany - summary: Too many devices have been predicted to fail, unable to resolve - description: | - The device health module has determined that the number of devices predicted to - fail can not be remediated automatically, since it would take too many osd's out of - the cluster, impacting performance and potentially availabililty. You should add new - OSDs to the cluster to allow data to be relocated to avoid the data integrity issues. - - alert: CephDeviceFailureRelocationIncomplete - expr: ceph_health_detail{name="DEVICE_HEALTH_IN_USE"} == 1 - for: 1m - labels: - severity: warning - type: ceph_default - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#device-health-in-use - summary: A device failure is predicted, but unable to relocate data - description: | - The device health module has determined that one or more devices will fail - soon, but the normal process of relocating the data on the device to other - OSDs in the cluster is blocked. - - Check the the cluster has available freespace. It may be necessary to add - more disks to the cluster to allow the data from the failing device to - successfully migrate. - - - alert: CephOSDFlapping - expr: | - ( - rate(ceph_osd_up[5m]) - * on(ceph_daemon) group_left(hostname) ceph_osd_metadata - ) * 60 > 1 - labels: - severity: warning - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.4.4 - annotations: - documentation: https://docs.ceph.com/en/latest/rados/troubleshooting/troubleshooting-osd#flapping-osds - summary: Network issues are causing OSD's to flap (mark each other out) - description: > - OSD {{ $labels.ceph_daemon }} on {{ $labels.hostname }} was - marked down and back up at {{ $value | humanize }} times once a - minute for 5 minutes. This could indicate a network issue (latency, - packet drop, disruption) on the clusters "cluster network". Check the - network environment on the listed host(s). - - - alert: CephOSDReadErrors - expr: ceph_health_detail{name="BLUESTORE_SPURIOUS_READ_ERRORS"} == 1 - for: 30s - labels: - severity: warning - type: ceph_default - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#bluestore-spurious-read-errors - summary: Device read errors detected - description: > - An OSD has encountered read errors, but the OSD has recovered by retrying - the reads. This may indicate an issue with the Hardware or Kernel. - # alert on high deviation from average PG count - - alert: CephPGImbalance - expr: | - abs( - ( - (ceph_osd_numpg > 0) - on (job) group_left avg(ceph_osd_numpg > 0) by (job) - ) / on (job) group_left avg(ceph_osd_numpg > 0) by (job) - ) * on(ceph_daemon) group_left(hostname) ceph_osd_metadata > 0.30 - for: 5m - labels: - severity: warning - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.4.5 - annotations: - summary: PG allocations are not balanced across devices - description: > - OSD {{ $labels.ceph_daemon }} on {{ $labels.hostname }} deviates - by more than 30% from average PG count. - # alert on high commit latency...but how high is too high - - - name: mds - rules: - - alert: CephFilesystemDamaged - expr: ceph_health_detail{name="MDS_DAMAGE"} > 0 - for: 1m - labels: - severity: critical - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.5.1 - annotations: - documentation: https://docs.ceph.com/en/latest/cephfs/health-messages#cephfs-health-messages - summary: Ceph filesystem is damaged. - description: > - The filesystems metadata has been corrupted. Data access - may be blocked. - - Either analyse the output from the mds daemon admin socket, or - escalate to support - - alert: CephFilesystemOffline - expr: ceph_health_detail{name="MDS_ALL_DOWN"} > 0 - for: 1m - labels: - severity: critical - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.5.3 - annotations: - documentation: https://docs.ceph.com/en/latest/cephfs/health-messages/#mds-all-down - summary: Ceph filesystem is offline - description: > - All MDS ranks are unavailable. The ceph daemons providing the metadata - for the Ceph filesystem are all down, rendering the filesystem offline. - - alert: CephFilesystemDegraded - expr: ceph_health_detail{name="FS_DEGRADED"} > 0 - for: 1m - labels: - severity: critical - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.5.4 - annotations: - documentation: https://docs.ceph.com/en/latest/cephfs/health-messages/#fs-degraded - summary: Ceph filesystem is degraded - description: > - One or more metadata daemons (MDS ranks) are failed or in a - damaged state. At best the filesystem is partially available, - worst case is the filesystem is completely unusable. - - alert: CephFilesystemMDSRanksLow - expr: ceph_health_detail{name="MDS_UP_LESS_THAN_MAX"} > 0 - for: 1m - labels: - severity: warning - type: ceph_default - annotations: - documentation: https://docs.ceph.com/en/latest/cephfs/health-messages/#mds-up-less-than-max - summary: Ceph MDS daemon count is lower than configured - description: > - The filesystem's "max_mds" setting defined the number of MDS ranks in - the filesystem. The current number of active MDS daemons is less than - this setting. - - alert: CephFilesystemInsufficientStandby - expr: ceph_health_detail{name="MDS_INSUFFICIENT_STANDBY"} > 0 - for: 1m - labels: - severity: warning - type: ceph_default - annotations: - documentation: https://docs.ceph.com/en/latest/cephfs/health-messages/#mds-insufficient-standby - summary: Ceph filesystem standby daemons too low - description: > - The minimum number of standby daemons determined by standby_count_wanted - is less than the actual number of standby daemons. Adjust the standby count - or increase the number of mds daemons within the filesystem. - - alert: CephFilesystemFailureNoStandby - expr: ceph_health_detail{name="FS_WITH_FAILED_MDS"} > 0 - for: 1m - labels: - severity: critical - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.5.5 - annotations: - documentation: https://docs.ceph.com/en/latest/cephfs/health-messages/#fs-with-failed-mds - summary: Ceph MDS daemon failed, no further standby available - description: > - An MDS daemon has failed, leaving only one active rank without - further standby. Investigate the cause of the failure or add a - standby daemon - - alert: CephFilesystemReadOnly - expr: ceph_health_detail{name="MDS_HEALTH_READ_ONLY"} > 0 - for: 1m - labels: - severity: critical - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.5.2 - annotations: - documentation: https://docs.ceph.com/en/latest/cephfs/health-messages#cephfs-health-messages - summary: Ceph filesystem in read only mode, due to write error(s) - description: > - The filesystem has switched to READ ONLY due to an unexpected - write error, when writing to the metadata pool - - Either analyse the output from the mds daemon admin socket, or - escalate to support - - - name: mgr - rules: - - alert: CephMgrModuleCrash - expr: ceph_health_detail{name="RECENT_MGR_MODULE_CRASH"} == 1 - for: 5m - labels: - severity: critical - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.6.1 - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#recent-mgr-module-crash - summary: A mgr module has recently crashed - description: > - One or more mgr modules have crashed and are yet to be acknowledged by the administrator. A - crashed module may impact functionality within the cluster. Use the 'ceph crash' commands to - investigate which module has failed, and archive it to acknowledge the failure. - - alert: CephMgrPrometheusModuleInactive - expr: up{job="ceph"} == 0 - for: 1m - labels: - severity: critical - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.6.2 - annotations: - summary: Ceph's mgr/prometheus module is not available - description: > - The mgr/prometheus module at {{ $labels.instance }} is unreachable. This - could mean that the module has been disabled or the mgr itself is down. - - Without the mgr/prometheus module metrics and alerts will no longer - function. Open a shell to ceph and use 'ceph -s' to to determine whether the - mgr is active. If the mgr is not active, restart it, otherwise you can check - the mgr/prometheus module is loaded with 'ceph mgr module ls' and if it's - not listed as enabled, enable it with 'ceph mgr module enable prometheus' - - - name: pgs - rules: - - alert: CephPGsInactive - expr: ceph_pool_metadata * on(pool_id,instance) group_left() (ceph_pg_total - ceph_pg_active) > 0 - for: 5m - labels: - severity: critical - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.7.1 - annotations: - summary: One or more Placement Groups are inactive - description: > - {{ $value }} PGs have been inactive for more than 5 minutes in pool {{ $labels.name }}. - Inactive placement groups aren't able to serve read/write - requests. - - alert: CephPGsUnclean - expr: ceph_pool_metadata * on(pool_id,instance) group_left() (ceph_pg_total - ceph_pg_clean) > 0 - for: 15m - labels: - severity: warning - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.7.2 - annotations: - summary: One or more platcment groups are marked unclean - description: > - {{ $value }} PGs haven't been clean for more than 15 minutes in pool {{ $labels.name }}. - Unclean PGs haven't been able to completely recover from a previous failure. - - alert: CephPGsDamaged - expr: ceph_health_detail{name=~"PG_DAMAGED|OSD_SCRUB_ERRORS"} == 1 - for: 5m - labels: - severity: critical - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.7.4 - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pg-damaged - summary: Placement group damaged, manual intervention needed - description: > - During data consistency checks (scrub), at least one PG has been flagged as being - damaged or inconsistent. - - Check to see which PG is affected, and attempt a manual repair if necessary. To list - problematic placement groups, use 'rados list-inconsistent-pg '. To repair PGs use - the 'ceph pg repair ' command. - - alert: CephPGRecoveryAtRisk - expr: ceph_health_detail{name="PG_RECOVERY_FULL"} == 1 - for: 1m - labels: - severity: critical - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.7.5 - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pg-recovery-full - summary: OSDs are too full for automatic recovery - description: > - Data redundancy may be reduced, or is at risk, since one or more OSDs are at or above their - 'full' threshold. Add more capacity to the cluster, or delete unwanted data. - - alert: CephPGUnavilableBlockingIO - # PG_AVAILABILITY, but an OSD is not in a DOWN state - expr: ((ceph_health_detail{name="PG_AVAILABILITY"} == 1) - scalar(ceph_health_detail{name="OSD_DOWN"})) == 1 - for: 1m - labels: - severity: critical - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.7.3 - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pg-availability - summary: Placement group is unavailable, blocking some I/O - description: > - Data availability is reduced impacting the clusters ability to service I/O to some data. One or - more placement groups (PGs) are in a state that blocks IO. - - alert: CephPGBackfillAtRisk - expr: ceph_health_detail{name="PG_BACKFILL_FULL"} == 1 - for: 1m - labels: - severity: critical - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.7.6 - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pg-backfill-full - summary: Backfill operations are blocked, due to lack of freespace - description: > - Data redundancy may be at risk due to lack of free space within the cluster. One or more OSDs - have breached their 'backfillfull' threshold. Add more capacity, or delete unwanted data. - - alert: CephPGNotScrubbed - expr: ceph_health_detail{name="PG_NOT_SCRUBBED"} == 1 - for: 5m - labels: - severity: warning - type: ceph_default - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pg-not-scrubbed - summary: Placement group(s) have not been scrubbed - description: | - One or more PGs have not been scrubbed recently. The scrub process is a data integrity - feature, protectng against bit-rot. It checks that objects and their metadata (size and - attributes) match across object replicas. When PGs miss their scrub window, it may - indicate the scrub window is too small, or PGs were not in a 'clean' state during the - scrub window. - - You can manually initiate a scrub with: ceph pg scrub - - alert: CephPGsHighPerOSD - expr: ceph_health_detail{name="TOO_MANY_PGS"} == 1 - for: 1m - labels: - severity: warning - type: ceph_default - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks/#too-many-pgs - summary: Placement groups per OSD is too high - description: | - The number of placement groups per OSD is too high (exceeds the mon_max_pg_per_osd setting). - - Check that the pg_autoscaler hasn't been disabled for any of the pools, with 'ceph osd pool autoscale-status' - and that the profile selected is appropriate. You may also adjust the target_size_ratio of a pool to guide - the autoscaler based on the expected relative size of the pool - (i.e. 'ceph osd pool set cephfs.cephfs.meta target_size_ratio .1') - - alert: CephPGNotDeepScrubbed - expr: ceph_health_detail{name="PG_NOT_DEEP_SCRUBBED"} == 1 - for: 5m - labels: - severity: warning - type: ceph_default - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pg-not-deep-scrubbed - summary: Placement group(s) have not been deep scrubbed - description: | - One or more PGs have not been deep scrubbed recently. Deep scrub is a data integrity - feature, protectng against bit-rot. It compares the contents of objects and their - replicas for inconsistency. When PGs miss their deep scrub window, it may indicate - that the window is too small or PGs were not in a 'clean' state during the deep-scrub - window. - - You can manually initiate a deep scrub with: ceph pg deep-scrub - - - name: nodes - rules: - - alert: CephNodeRootFilesystemFull - expr: node_filesystem_avail_bytes{mountpoint="/"} / node_filesystem_size_bytes{mountpoint="/"} * 100 < 5 - for: 5m - labels: - severity: critical - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.8.1 - annotations: - summary: Root filesystem is dangerously full - description: > - Root volume (OSD and MON store) is dangerously full: {{ $value | humanize }}% free. - - - alert: CephNodeNetworkPacketErrors - expr: | - ( - increase(node_network_receive_errs_total{device!="lo"}[1m]) + - increase(node_network_transmit_errs_total{device!="lo"}[1m]) - ) / ( - increase(node_network_receive_packets_total{device!="lo"}[1m]) + - increase(node_network_transmit_packets_total{device!="lo"}[1m]) - ) >= 0.0001 or ( - increase(node_network_receive_errs_total{device!="lo"}[1m]) + - increase(node_network_transmit_errs_total{device!="lo"}[1m]) - ) >= 10 - labels: - severity: warning - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.8.3 - annotations: - summary: One or more Nics is seeing packet errors - description: > - Node {{ $labels.instance }} experiences packet errors > 0.01% or - > 10 packets/s on interface {{ $labels.device }}. - - - alert: CephNodeInconsistentMTU - expr: | - node_network_mtu_bytes * (node_network_up{device!="lo"} > 0) == - scalar( - max by (device) (node_network_mtu_bytes * (node_network_up{device!="lo"} > 0)) != - quantile by (device) (.5, node_network_mtu_bytes * (node_network_up{device!="lo"} > 0)) - ) - or - node_network_mtu_bytes * (node_network_up{device!="lo"} > 0) == - scalar( - min by (device) (node_network_mtu_bytes * (node_network_up{device!="lo"} > 0)) != - quantile by (device) (.5, node_network_mtu_bytes * (node_network_up{device!="lo"} > 0)) - ) - labels: - severity: warning - type: ceph_default - annotations: - summary: MTU settings across Ceph hosts are inconsistent - description: > - Node {{ $labels.instance }} has a different MTU size ({{ $value }}) - than the median of devices named {{ $labels.device }}. - - - name: pools - rules: - - alert: CephPoolGrowthWarning - expr: | - (predict_linear(ceph_pool_percent_used[2d], 3600 * 24 * 5) * on(pool_id) - group_right ceph_pool_metadata) >= 95 - labels: - severity: warning - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.9.2 - annotations: - summary: Pool growth rate may soon exceed it's capacity - description: > - Pool '{{ $labels.name }}' will be full in less than 5 days - assuming the average fill-up rate of the past 48 hours. - - alert: CephPoolBackfillFull - expr: ceph_health_detail{name="POOL_BACKFILLFULL"} > 0 - labels: - severity: warning - type: ceph_default - annotations: - summary: Freespace in a pool is too low for recovery/rebalance - description: > - A pool is approaching it's near full threshold, which will - prevent rebalance operations from completing. You should - consider adding more capacity to the pool. - - - alert: CephPoolFull - expr: ceph_health_detail{name="POOL_FULL"} > 0 - for: 1m - labels: - severity: critical - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.9.1 - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pool-full - summary: Pool is full - writes are blocked - description: | - A pool has reached it's MAX quota, or the OSDs supporting the pool - have reached their FULL threshold. Until this is resolved, writes to - the pool will be blocked. - Pool Breakdown (top 5) - {{- range query "topk(5, sort_desc(ceph_pool_percent_used * on(pool_id) group_right ceph_pool_metadata))" }} - - {{ .Labels.name }} at {{ .Value }}% - {{- end }} - Either increase the pools quota, or add capacity to the cluster first - then increase it's quota (e.g. ceph osd pool set quota max_bytes ) - - alert: CephPoolNearFull - expr: ceph_health_detail{name="POOL_NEAR_FULL"} > 0 - for: 5m - labels: - severity: warning - type: ceph_default - annotations: - summary: One or more Ceph pools are getting full - description: | - A pool has exceeeded it warning (percent full) threshold, or the OSDs - supporting the pool have reached their NEARFULL thresholds. Writes may - continue, but you are at risk of the pool going read only if more capacity - isn't made available. - - Determine the affected pool with 'ceph df detail', for example looking - at QUOTA BYTES and STORED. Either increase the pools quota, or add - capacity to the cluster first then increase it's quota - (e.g. ceph osd pool set quota max_bytes ) - - name: healthchecks - rules: - - alert: CephSlowOps - expr: ceph_healthcheck_slow_ops > 0 - for: 30s - labels: - severity: warning - type: ceph_default - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#slow-ops - summary: MON/OSD operations are slow to complete - description: > - {{ $value }} OSD requests are taking too long to process (osd_op_complaint_time exceeded) -# cephadm alerts - - name: cephadm - rules: - - alert: CephadmUpgradeFailed - expr: ceph_health_detail{name="UPGRADE_EXCEPTION"} > 0 - for: 30s - labels: - severity: critical - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.11.2 - annotations: - summary: Ceph version upgrade has failed - description: > - The cephadm cluster upgrade process has failed. The cluster remains in - an undetermined state. - - Please review the cephadm logs, to understand the nature of the issue - - alert: CephadmDaemonFailed - expr: ceph_health_detail{name="CEPHADM_FAILED_DAEMON"} > 0 - for: 30s - labels: - severity: critical - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.11.1 - annotations: - summary: A ceph daemon manged by cephadm is down - description: > - A daemon managed by cephadm is no longer active. Determine, which - daemon is down with 'ceph health detail'. you may start daemons with - the 'ceph orch daemon start ' - - alert: CephadmPaused - expr: ceph_health_detail{name="CEPHADM_PAUSED"} > 0 - for: 1m - labels: - severity: warning - type: ceph_default - annotations: - documentation: https://docs.ceph.com/en/latest/cephadm/operations#cephadm-paused - summary: Orchestration tasks via cephadm are PAUSED - description: > - Cluster management has been paused manually. This will prevent the - orchestrator from service management and reconciliation. If this is - not intentional, resume cephadm operations with 'ceph orch resume' - -# prometheus alerts - - name: PrometheusServer - rules: - - alert: PrometheusJobMissing - expr: absent(up{job="ceph"}) - for: 30s - labels: - severity: critical - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.12.1 - annotations: - summary: The scrape job for Ceph is missing from Prometheus - description: | - The prometheus job that scrapes from Ceph is no longer defined, this - will effectively mean you'll have no metrics or alerts for the cluster. - - Please review the job definitions in the prometheus.yml file of the prometheus - instance. -# Object related events - - name: rados - rules: - - alert: CephObjectMissing - expr: (ceph_health_detail{name="OBJECT_UNFOUND"} == 1) * on() (count(ceph_osd_up == 1) == bool count(ceph_osd_metadata)) == 1 - for: 30s - labels: - severity: critical - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.10.1 - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#object-unfound - summary: Object(s) has been marked UNFOUND - description: | - A version of a RADOS object can not be found, even though all OSDs are up. I/O - requests for this object from clients will block (hang). Resolving this issue may - require the object to be rolled back to a prior version manually, and manually verified. -# Generic - - name: generic - rules: - - alert: CephDaemonCrash - expr: ceph_health_detail{name="RECENT_CRASH"} == 1 - for: 1m - labels: - severity: critical - type: ceph_default - oid: 1.3.6.1.4.1.50495.1.2.1.1.2 - annotations: - documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks/#recent-crash - summary: One or more Ceph daemons have crashed, and are pending acknowledgement - description: | - One or more daemons have crashed recently, and need to be acknowledged. This notification - ensures that software crashes don't go unseen. To acknowledge a crash, use the - 'ceph crash archive ' command. diff --git a/roles/kube_prometheus_stack/meta/main.yml b/roles/kube_prometheus_stack/meta/main.yml deleted file mode 100644 index 560fc41..0000000 --- a/roles/kube_prometheus_stack/meta/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for kube-prometheus-stack - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal diff --git a/roles/kube_prometheus_stack/tasks/main.yml b/roles/kube_prometheus_stack/tasks/main.yml deleted file mode 100644 index da6a0f3..0000000 --- a/roles/kube_prometheus_stack/tasks/main.yml +++ /dev/null @@ -1,103 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Retrieve "etcd" CA certificate - ansible.builtin.slurp: - src: /etc/kubernetes/pki/etcd/ca.crt - register: _etcd_ca_crt - -- name: Retrieve "etcd" client certificate - ansible.builtin.slurp: - src: /etc/kubernetes/pki/etcd/healthcheck-client.crt - register: _etcd_healthcheck_client_crt - -- name: Retrieve "etcd" client key - ansible.builtin.slurp: - src: /etc/kubernetes/pki/etcd/healthcheck-client.key - register: _etcd_healthcheck_client_key - -- name: Create namespace - kubernetes.core.k8s: - state: present - definition: - apiVersion: v1 - kind: Namespace - metadata: - name: monitoring - -- name: Create Secret with "etcd" TLS certificates - kubernetes.core.k8s: - state: present - definition: - apiVersion: v1 - kind: Secret - metadata: - name: kube-prometheus-stack-etcd-client-cert - namespace: monitoring - data: - ca.crt: "{{ _etcd_ca_crt.content }}" - healthcheck-client.crt: "{{ _etcd_healthcheck_client_crt.content }}" - healthcheck-client.key: "{{ _etcd_healthcheck_client_key.content }}" - -- name: Deploy Helm chart - kubernetes.core.k8s: - state: present - definition: - - apiVersion: source.toolkit.fluxcd.io/v1beta2 - kind: HelmRepository - metadata: - name: prometheus-community - namespace: monitoring - spec: - interval: 60s - url: https://prometheus-community.github.io/helm-charts - - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - metadata: - name: kube-prometheus-stack - namespace: monitoring - spec: - interval: 60s - chart: - spec: - chart: kube-prometheus-stack - version: 36.2.0 - sourceRef: - kind: HelmRepository - name: prometheus-community - install: - crds: CreateReplace - upgrade: - crds: CreateReplace - values: "{{ _kube_prometheus_stack_values | combine(kube_prometheus_stack_values, recursive=True) }}" - -# NOTE(mnaser): Since runs are so fast, the Prometheus Operator resoruces are -# created before the MutatingWebhookConfiguration is ready, so -# the resources end up being changed on the second apply. -# -# The workaround for now is to wait for the operator to go up -# which means the MutatingWebhookConfiguration is also ready. -- name: Wait for the Helm chart to be deployed - kubernetes.core.k8s_info: - api_version: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: kube-prometheus-stack - namespace: monitoring - wait_sleep: 5 - wait_timeout: 600 - wait: true - wait_condition: - type: Ready - status: true diff --git a/roles/kube_prometheus_stack/vars/main.yml b/roles/kube_prometheus_stack/vars/main.yml deleted file mode 100644 index 02c2250..0000000 --- a/roles/kube_prometheus_stack/vars/main.yml +++ /dev/null @@ -1,292 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -_kube_prometheus_stack_values: - defaultRules: - disabled: - # NOTE(mnaser): https://github.com/prometheus-community/helm-charts/issues/144 - # https://github.com/openshift/cluster-monitoring-operator/issues/248 - etcdHighNumberOfFailedGRPCRequests: true - alertmanager: - serviceMonitor: - relabelings: - - sourceLabels: ["__meta_kubernetes_pod_name"] - targetLabel: "instance" - - action: "labeldrop" - regex: "^(container|endpoint|namespace|pod|service)$" - alertmanagerSpec: - storage: - volumeClaimTemplate: - spec: - storageClassName: general - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 40Gi - nodeSelector: - openstack-control-plane: enabled - grafana: - serviceMonitor: - relabelings: - - sourceLabels: ["__meta_kubernetes_pod_name"] - targetLabel: "instance" - - action: "labeldrop" - regex: "^(container|endpoint|namespace|pod|service)$" - nodeSelector: - openstack-control-plane: enabled - kubeApiServer: - serviceMonitor: - relabelings: - - sourceLabels: ["__meta_kubernetes_pod_node_name"] - targetLabel: "instance" - - action: "labeldrop" - regex: "^(container|endpoint|namespace|pod|service)$" - kubelet: - serviceMonitor: - cAdvisorRelabelings: - - sourceLabels: [__metrics_path__] - targetLabel: metrics_path - - sourceLabels: ["node"] - targetLabel: "instance" - - action: "labeldrop" - regex: "^(container|endpoint|namespace|node|service)$" - probesRelabelings: - - sourceLabels: [__metrics_path__] - targetLabel: metrics_path - - sourceLabels: ["node"] - targetLabel: "instance" - - action: "labeldrop" - regex: "^(container|endpoint|namespace|node|service)$" - relabelings: - - sourceLabels: [__metrics_path__] - targetLabel: metrics_path - - sourceLabels: ["node"] - targetLabel: "instance" - - action: "labeldrop" - regex: "^(container|endpoint|namespace|node|service)$" - kubeControllerManager: - serviceMonitor: - relabelings: - - sourceLabels: ["__meta_kubernetes_pod_node_name"] - targetLabel: "instance" - - action: "labeldrop" - regex: "^(container|endpoint|namespace|pod|service)$" - coreDns: - serviceMonitor: - relabelings: - - sourceLabels: ["__meta_kubernetes_pod_name"] - targetLabel: "instance" - - regex: "^(container|endpoint|namespace|pod|service)$" - action: "labeldrop" - kubeEtcd: - serviceMonitor: - scheme: https - serverName: localhost - insecureSkipVerify: false - caFile: /etc/prometheus/secrets/kube-prometheus-stack-etcd-client-cert/ca.crt - certFile: /etc/prometheus/secrets/kube-prometheus-stack-etcd-client-cert/healthcheck-client.crt - keyFile: /etc/prometheus/secrets/kube-prometheus-stack-etcd-client-cert/healthcheck-client.key - relabelings: - - sourceLabels: ["__meta_kubernetes_pod_node_name"] - targetLabel: "instance" - - action: "labeldrop" - regex: "^(container|endpoint|namespace|pod|service)$" - kubeScheduler: - service: - port: 10259 - targetPort: 10259 - serviceMonitor: - https: true - insecureSkipVerify: true - relabelings: - - sourceLabels: ["__meta_kubernetes_pod_node_name"] - targetLabel: "instance" - - action: "labeldrop" - regex: "^(container|endpoint|namespace|pod|service)$" - kubeProxy: - serviceMonitor: - relabelings: - - sourceLabels: ["__meta_kubernetes_pod_node_name"] - targetLabel: "instance" - - action: "labeldrop" - regex: "^(container|endpoint|namespace|pod|service)$" - kube-state-metrics: - prometheus: - monitor: - relabelings: - - sourceLabels: ["__meta_kubernetes_pod_name"] - targetLabel: "instance" - - action: "labeldrop" - regex: "^(container|endpoint|namespace|pod|service)$" - nodeSelector: - openstack-control-plane: enabled - prometheus: - serviceMonitor: - relabelings: - - sourceLabels: ["__meta_kubernetes_pod_name"] - targetLabel: "instance" - - action: "labeldrop" - regex: "^(container|endpoint|namespace|pod|service)$" - prometheusSpec: - nodeSelector: - openstack-control-plane: enabled - secrets: - - kube-prometheus-stack-etcd-client-cert - additionalServiceMonitors: - - name: ceph - selector: - matchLabels: - application: ceph - jobLabel: application - namespaceSelector: - matchNames: - - openstack - endpoints: - - port: metrics - honorLabels: true - relabelings: - - action: replace - regex: (.*) - replacement: ceph - targetLabel: cluster - - action: "labeldrop" - regex: "^(container|endpoint|namespace|pod|service)$" - prometheusOperator: - admissionWebhooks: - patch: - nodeSelector: - openstack-control-plane: enabled - serviceMonitor: - relabelings: - - sourceLabels: ["__meta_kubernetes_pod_name"] - targetLabel: "instance" - - action: "labeldrop" - regex: "^(container|endpoint|namespace|pod|service)$" - nodeSelector: - openstack-control-plane: enabled - prometheus-node-exporter: - extraArgs: - - --collector.diskstats.ignored-devices=^(ram|loop|nbd|fd|(h|s|v|xv)d[a-z]|nvme\\d+n\\d+p)\\d+$ - - --collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|fuse.squashfuse_ll|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$ - - --collector.filesystem.mount-points-exclude=^/(dev|proc|run/credentials/.+|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+|var/lib/kubelet/plugins/kubernetes.io/csi/.+|run/containerd/.+)($|/) - - --collector.netclass.ignored-devices=^(lxc|cilium_|qbr|qvb|qvo|tap|ovs-system|br|tbr|gre_sys).*$ - - --collector.netdev.device-exclude=^(lxc|cilium_|qbr|qvb|qvo|tap|ovs-system|br|tbr|gre_sys).*$ - prometheus: - monitor: - relabelings: - - sourceLabels: ["__meta_kubernetes_pod_node_name"] - targetLabel: "instance" - - action: "labeldrop" - regex: "^(container|endpoint|namespace|pod|service)$" - additionalPrometheusRulesMap: - ceph: "{{ lookup('ansible.builtin.file', 'prometheus_alerts.yml') | from_yaml }}" - coredns: - groups: - - name: coredns - rules: - - alert: CoreDNSDown - expr: absent(up{job="coredns"} == 1) - for: 15m - labels: - severity: critical - - alert: CoreDNSLatencyHigh - expr: histogram_quantile(0.99, sum(rate(coredns_dns_request_duration_seconds_bucket{job="coredns"}[5m])) by(server, zone, le)) > 4 - for: 10m - labels: - severity: critical - - alert: CoreDNSErrorsHigh - expr: - sum(rate(coredns_dns_responses_total{job="coredns",rcode="SERVFAIL"}[5m])) - / - sum(rate(coredns_dns_responses_total{job="coredns"}[5m])) > 0.01 - for: 10m - labels: - severity: warning - - alert: CoreDNSErrorsHigh - expr: - sum(rate(coredns_dns_responses_total{job="coredns",rcode="SERVFAIL"}[5m])) - / - sum(rate(coredns_dns_responses_total{job="coredns"}[5m])) > 0.03 - for: 10m - labels: - severity: critical - - name: coredns_forward - rules: - - alert: CoreDNSForwardLatencyHigh - expr: histogram_quantile(0.99, sum(rate(coredns_forward_request_duration_seconds_bucket{job="coredns"}[5m])) by(to, le)) > 4 - for: 10m - labels: - severity: critical - - alert: CoreDNSForwardErrorsHigh - expr: - sum(rate(coredns_forward_responses_total{job="coredns",rcode="SERVFAIL"}[5m])) - / - sum(rate(coredns_forward_responses_total{job="coredns"}[5m])) > 0.01 - for: 10m - labels: - severity: warning - - alert: CoreDNSForwardErrorsHigh - expr: - sum(rate(coredns_forward_responses_total{job="coredns",rcode="SERVFAIL"}[5m])) - / - sum(rate(coredns_forward_responses_total{job="coredns"}[5m])) > 0.03 - for: 10m - labels: - severity: critical - - alert: CoreDNSForwardHealthcheckFailureCount - expr: sum(rate(coredns_forward_healthcheck_failures_total{job="coredns"}[5m])) by (to) > 0 - for: 2m - labels: - severity: warning - - alert: CoreDNSForwardHealthcheckBrokenCount - expr: sum(rate(coredns_forward_healthcheck_broken_total{job="coredns"}[5m])) > 0 - for: 2m - labels: - severity: critical - node-exporter-local: - groups: - - name: node - rules: - - alert: NodeHighLoadAverage - expr: node_load5 / count(node_cpu_seconds_total{mode="system"}) without (cpu, mode) > 1.5 - for: 30m - labels: - severity: warning - - alert: NodeHighMemoryUsage - expr: (node_memory_MemAvailable_bytes / node_memory_MemTotal_bytes) * 100 < 2.5 - for: 2m - labels: - severity: critical - - alert: NodeHighCpuUsage - expr: sum by(instance)(irate(node_cpu_seconds_total{mode='idle'}[5m])) < 1 - for: 2m - labels: - severity: warning - - alert: NodeLowEntropy - expr: node_entropy_available_bits < 1000 - for: 5m - labels: - severity: warning - - name: softnet - rules: - - alert: NodeSoftNetTimesSqueezed - expr: sum(rate(node_softnet_times_squeezed_total[1m])) by (instance) > 10 - for: 10m - labels: - severity: warning - - alert: NodeSoftNetDrops - expr: sum(rate(node_softnet_dropped_total[1m])) by (instance) != 0 - for: 1m - labels: - severity: critical diff --git a/roles/kubernetes/defaults/main.yml b/roles/kubernetes/defaults/main.yml deleted file mode 100644 index 79c2a9a..0000000 --- a/roles/kubernetes/defaults/main.yml +++ /dev/null @@ -1,84 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: kubernetes_repo_url [[[ -# -# Kubernetes repository URL -kubernetes_repo_url: "{{ _kubernetes_upstream_apt_repository }}" - - # ]]] -# .. envvar:: kubernetes_version [[[ -# -# Kubernetes version -kubernetes_version: 1.22.7 - - # ]]] -# .. envvar:: kubernetes_kernel_modules [[[ -# -# List of kernel modules to be automatically loaded -kubernetes_kernel_modules: - - br_netfilter - - # ]]] -# .. envvar:: kubernetes_sysctls [[[ -# -# List of ``sysctl`` parameters to set -kubernetes_sysctls: - - name: net.ipv4.ip_forward - value: 1 - - name: net.ipv4.tcp_l3mdev_accept - value: 1 - - name: net.ipv4.udp_l3mdev_accept - value: 1 - - name: net.bridge.bridge-nf-call-iptables - value: 1 - - name: net.bridge.bridge-nf-call-ip6tables - value: 1 - - name: net.ipv4.conf.all.rp_filter - value: 0 - - name: net.ipv4.neigh.default.gc_thresh1 - value: 128 - - name: net.ipv4.neigh.default.gc_thresh2 - value: 28872 - - name: net.ipv4.neigh.default.gc_thresh3 - value: 32768 - - name: net.ipv6.neigh.default.gc_thresh1 - value: 128 - - name: net.ipv6.neigh.default.gc_thresh2 - value: 28872 - - name: net.ipv6.neigh.default.gc_thresh3 - value: 32768 - - # ]]] -# .. envvar:: kubernetes_control_plane_group [[[ -# -# Name of Ansible group containing all control-plane nodes -kubernetes_control_plane_group: controllers - - # ]]] -# .. envvar:: kubernetes_control_plane_labels [[[ -# -# Labels to apply for all control plane nodes -kubernetes_control_plane_labels: - openstack-control-plane: enabled - openvswitch: enabled - - # ]]] -# .. envvar:: kubernetes_compute_node_labels [[[ -# -# Labels to apply for all compute nodes -kubernetes_compute_node_labels: - openstack-compute-node: enabled - openvswitch: enabled - - # ]]] diff --git a/roles/kubernetes/files/apt-key.gpg b/roles/kubernetes/files/apt-key.gpg deleted file mode 100644 index 3f0b5a850ba73c4b6d7fe5b206030ee9d0b4da46..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2537 zcmajfc{mj69tZFtYb6Ywv1ebZVJuB(aK<`@5*dapjltLl&DfcP9E`}sG{~;3VJfmD zVak?WwAd1|j4j&@rK{6@o_kOCKF|H<{p0t(fBc^B`+Yv`Ef?9Y>G0XHZ~{`Sx~!T!dveZitA&#vuaeY1DI5>;d|o*d4Lp%{Zqwntwi(+p z&Bu6qBYHxkM)FlF1?NBexq_|FI7ZMRv{MlQfEd*#I?S2~-S?+DRbCJj{x0&zaHoZQ z@XaU&J8W*5{FcKo43vWU4Q!jZW?C$j#Cni=E&V2IAI@Oiq;9Kw&NOJ%(OSBnBrU$X z=14XJdhj?r=p0b}R#OU_@|^`VEqP>`34ZLlyHAxPSo3e(9U6k5dJlF&d^A%%f{gE^`-@y{a6B3mlz$$u#o%;ymD4kW91po+l z;{rT1#VSq7Iw*T{#`DM4<>BIFZ2wHUlknyiqNAb7aNx);hMZ^Dv1wr_Utf{2C<$@n zkIiR35y`vYkSzBnB6-)b!D}YqOMT75_}G;*Q1hZWnT<%Q#`R1GkZ~X*HsIn$wo`p| zT^gMEI@~>dpeU%QD(pf4Qy`&I%PONSbT(s5Ry5`6b~8ghoNp1k+-m|$f9vDz!6H*J zrR>zythuj?q7O&1sBd{d3>Nc0C>8QAJlyS#2f7PfR&5bJE&wZiZ;a8Q6l~sRWJ6n; zHR4Ve19d>;On$7g{rThDCb)k%=|`312YtA#XjbHF6#B)@b+xj)du*(?2i>NI-2wLf zyN%<7wHAhb6)}zCDr43kKAgxF7XU|hDV&ncT(|0kk-)MsydLQ`8bVbr0lFmzoem?y zh~lLREe;mg9nQt*-4MMS;Rh1UB{k5L(U^2IM}nh7$o%#~ zdxKfW6scF)Rl2L-YF+wVn}u&F_rX#|B#rp4T;zOq~9?LMqV;q#mRq`8Bz*7v#~A>RJpb=wEXc_4Q17YN_tpp5LlOx1Ia6k{i}^_ zEzWF0ht(1I@9G=}0QAPW0D?IMz?|Bd_|2GM8?iZ~=YG?V9zSi3wrfks-mx5_CEQ?i zC0_qF%O8Ag+xFXChcVGz;iWG3KHAzEq=hgsJx>J!LdsR3FAYx67? z@MImapIS$CkVzLNeNLgwVT0^O*Iy|3JxeLPg$x4hc;;wt=C0q$mzpI(%#Q^Hrdj%h z$qehpZg2In=r$gI)g6mcVy`x%jc;mw6y#aLQ1nljpe_eo9=(|x`ACaX)t7hp+tB^O z^Pa}ui=y%}QBOAn_+dpH3hT{tudv|@IH4s(@@u8EY(??PS`EZb_TAdCmr%LiBe=PY zpNSvn%D3}Y>abPl+$5I!#YM2sbe+swFi2HG+VyM@>HlAsnW8HOjJO5 zxwnT#BhGb`_Mn&rsweDc3LCsj$`r9KnE-^k8OQ zz8UPXw`vlc&7o=X1WaOU%{f4Cftm)g6&IKHmSQNp?0PaqtErb3nF zmh&;WPtS(B_o8FA&=*-V@0Ay`nGhS^=Gw#zfu>-oCCMjL?RR;slGEC+&aK{Nfu)`l zMZhAk-Hk_krYBJ7{oB@IrNzdqK>#T9d#GUz$E7DeVjO7nAY;^~ROC(c1&ZozbbjO2 z$z+lWa=BTkI8VX6^-N=L#7H^4u;5ZSfihayWH0?5K7*Z22>kogm5S zL>(+Z%2_zc@0D?H)LT`h5iEc*=sR6OzP)$q1-$$$6|>JH#mdf^2Nv3OgrPoHNXH&E zha%o$8Fq?uM0x_DxOB!yl=dDhI0Wu})T;%FgG zPhWJ_daFLl{N$H6nv!ZM`WRWuxt0E%yyJD$!=gBel}daw_~heOrSNwqwfj=_TG@l~ zRl);ujf%0vjed^(rDCB~=$n<(Tn*y9c{9I4`D=9!p%fM20x%jdrWiSQ3Ux#pig$Uk zupT+FjTn6`WE(XqX{s;ZUIbcu$FpJjZn7kB7D%1mwF8M=Pq2%4phoANEG}=$u6nj!VvmSoVC`4jWRTyOvR z7^ 0 - -- name: Select first node to initialize cluster - ansible.builtin.set_fact: - _kubernetes_bootstrap_node: "{{ groups[kubernetes_control_plane_group] | first }}" - when: _kubernetes_stat.results | selectattr('stat.exists', 'equalto', true) | length == 0 - -- name: Print selected bootstrap node - ansible.builtin.debug: - msg: "{{ _kubernetes_bootstrap_node }}" - -- name: Upload cluster configuration for bootstrap node - ansible.builtin.template: - src: kubeadm.yaml.j2 - dest: /etc/kubernetes/kubeadm.yaml - owner: root - group: root - mode: 0640 - when: inventory_hostname == _kubernetes_bootstrap_node - -- name: Initialize cluster - throttle: 1 - ansible.builtin.shell: | - kubeadm init --config /etc/kubernetes/kubeadm.yaml --upload-certs - args: - creates: /etc/kubernetes/admin.conf - environment: - PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - when: inventory_hostname == _kubernetes_bootstrap_node - -- name: Join cluster - ansible.builtin.include_tasks: join-cluster.yml - when: inventory_hostname != _kubernetes_bootstrap_node diff --git a/roles/kubernetes/tasks/control-plane.yml b/roles/kubernetes/tasks/control-plane.yml deleted file mode 100644 index f09616d..0000000 --- a/roles/kubernetes/tasks/control-plane.yml +++ /dev/null @@ -1,118 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Upload configuration for Keepalived - when: kubernetes_keepalived_interface is defined - block: - - name: Create folder - ansible.builtin.file: - dest: /etc/keepalived - state: directory - owner: root - group: root - mode: 0755 - - name: Upload configuration - ansible.builtin.template: - src: keepalived.conf.j2 - dest: /etc/keepalived/keepalived.conf - owner: root - group: root - mode: 0644 - - name: Upload health check - ansible.builtin.template: - src: check_apiserver.sh.j2 - dest: /etc/keepalived/check_apiserver.sh - mode: 0755 - - name: Upload Kubernetes manifest - ansible.builtin.copy: - src: keepalived.yaml - dest: /etc/kubernetes/manifests/keepalived.yaml - owner: root - group: root - mode: 0644 - -- name: Upload configuration for HAproxy - when: kubernetes_keepalived_interface is defined - block: - - name: Create folder - ansible.builtin.file: - dest: /etc/haproxy - state: directory - owner: root - group: root - mode: 0755 - - name: Upload configuration - ansible.builtin.template: - src: haproxy.cfg.j2 - dest: /etc/haproxy/haproxy.cfg - owner: root - group: root - mode: 0644 - - name: Upload Kubernetes manifest - ansible.builtin.copy: - src: haproxy.yaml - dest: /etc/kubernetes/manifests/haproxy.yaml - owner: root - group: root - mode: 0644 - -- name: Bootstrap cluster - include_tasks: bootstrap-cluster.yml - -- name: create folder for admin configuration - ansible.builtin.file: - path: /root/.kube - state: directory - owner: root - group: root - mode: 0750 - -- name: Creating a symlink for admin configuration file - ansible.builtin.file: - src: /etc/kubernetes/admin.conf - dest: /root/.kube/config - state: link - force: true - -- name: add bash autocomplete for kubectl - ansible.builtin.lineinfile: - path: /root/.bashrc - line: 'source <(kubectl completion bash)' - insertbefore: EOF - -- name: install pip - ansible.builtin.apt: - name: python3-pip - install_recommends: false - -- name: install kubernetes python package - ansible.builtin.pip: - name: kubernetes - -- name: Allow workloads on control plane nodes - run_once: true - ansible.builtin.shell: | - kubectl taint nodes --all node-role.kubernetes.io/master- - failed_when: false - changed_when: false - -- name: Add labels to control plane nodes - kubernetes.core.k8s: - state: patched - kind: Node - name: "{{ inventory_hostname_short }}" - definition: - metadata: - labels: - openstack-control-plane: enabled diff --git a/roles/kubernetes/tasks/join-cluster.yml b/roles/kubernetes/tasks/join-cluster.yml deleted file mode 100644 index 1b3e6dc..0000000 --- a/roles/kubernetes/tasks/join-cluster.yml +++ /dev/null @@ -1,65 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Check if the node is already part of the cluster - ansible.builtin.stat: - path: /etc/kubernetes/kubelet.conf - register: _stat_etc_kubernetes_kubelet_conf - -- name: Generate control-plane certificates for joining cluster - run_once: true - delegate_to: "{{ _kubernetes_bootstrap_node | default(groups[kubernetes_control_plane_group][0]) }}" - ansible.builtin.command: kubeadm init phase upload-certs --upload-certs - changed_when: false - register: _kubeadm_init_upload_certs - when: - - not _stat_etc_kubernetes_kubelet_conf.stat.exists - - inventory_hostname in groups[kubernetes_control_plane_group] - -- name: Retrieve SHA256 certificate hash - run_once: true - delegate_to: "{{ _kubernetes_bootstrap_node | default(groups[kubernetes_control_plane_group][0]) }}" - community.crypto.x509_certificate_info: - path: /etc/kubernetes/pki/ca.crt - register: _kubeadm_certificate_info - when: - - not _stat_etc_kubernetes_kubelet_conf.stat.exists - -- name: Generate token for joining cluster - run_once: true - delegate_to: "{{ _kubernetes_bootstrap_node | default(groups[kubernetes_control_plane_group][0]) }}" - ansible.builtin.shell: | - kubeadm token create - register: _kubeadm_token_create - when: - - not _stat_etc_kubernetes_kubelet_conf.stat.exists - -- name: Upload kubeadm configuration - ansible.builtin.template: - src: kubeadm.yaml.j2 - dest: /etc/kubernetes/kubeadm.yaml - owner: root - group: root - mode: 0640 - when: - - not _stat_etc_kubernetes_kubelet_conf.stat.exists - -- name: Join cluster - ansible.builtin.shell: | - kubeadm join --config /etc/kubernetes/kubeadm.yaml \ - --ignore-preflight-errors=DirAvailable--etc-kubernetes-manifests - environment: - PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - args: - creates: /etc/kubernetes/kubelet.conf diff --git a/roles/kubernetes/tasks/main.yml b/roles/kubernetes/tasks/main.yml deleted file mode 100644 index d6fb81c..0000000 --- a/roles/kubernetes/tasks/main.yml +++ /dev/null @@ -1,131 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Add repository keys - ansible.builtin.copy: - src: apt-key.gpg - dest: /usr/share/keyrings/kubernetes-archive-keyring.gpg - owner: root - group: root - mode: 0644 - when: - - kubernetes_repo_url == _kubernetes_upstream_apt_repository - -- name: Add repository - ansible.builtin.apt_repository: - repo: - deb - {% if kubernetes_repo_url == _kubernetes_upstream_apt_repository %}[signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg]{% endif %} - {{ kubernetes_repo_url }} - kubernetes-xenial - main - state: present - -- name: Setup version pins - ansible.builtin.template: - src: apt-preferences.j2 - dest: /etc/apt/preferences.d/kubernetes - mode: 0644 - -- name: Install packages - ansible.builtin.apt: - name: - - "containerd" - - "kubeadm={{ kubernetes_version }}-00" - - "kubectl={{ kubernetes_version }}-00" - - "kubelet={{ kubernetes_version }}-00" - state: present - -- name: Enable kernel modules on-boot - ansible.builtin.template: - src: modules-load.conf.j2 - dest: /etc/modules-load.d/k8s.conf - owner: root - group: root - mode: 0644 - -- name: Enable kernel modules in runtime - community.general.modprobe: - name: "{{ item }}" - state: present - loop: "{{ kubernetes_kernel_modules }}" - -- name: Configure sysctl values - ansible.posix.sysctl: - name: "{{ item.name }}" - value: "{{ item.value }}" - state: present - loop: "{{ kubernetes_sysctls }}" - -- name: Check swap status - ansible.builtin.command: /sbin/swapon -s - changed_when: false - register: _swapon - -- name: Disable swap - ansible.builtin.command: /sbin/swapoff -a - ignore_errors: "{{ ansible_check_mode }}" - when: - - _swapon.stdout - -- name: Remove swapfile from /etc/fstab - ansible.posix.mount: - name: "{{ item }}" - fstype: swap - state: absent - with_items: - - swap - - none - -- name: Configure short hostname - ansible.builtin.hostname: - name: "{{ inventory_hostname_short }}" - -- name: Ensure hostname inside hosts file - ansible.builtin.lineinfile: - path: /etc/hosts - regexp: '^127\.0\.1\.1' - line: 127.0.1.1 {{ inventory_hostname }} {{ inventory_hostname_short }} - -- name: Setup control plane - when: inventory_hostname in groups[kubernetes_control_plane_group] - ansible.builtin.include_tasks: control-plane.yml - -- name: Setup nodes - when: inventory_hostname not in groups[kubernetes_control_plane_group] - ansible.builtin.include_tasks: nodes.yml - -- name: Add labels to control plane nodes - delegate_to: "{{ groups[kubernetes_control_plane_group][0] }}" - kubernetes.core.k8s: - state: patched - kind: Node - name: "{{ inventory_hostname_short }}" - definition: - metadata: - labels: "{{ kubernetes_control_plane_labels }}" - when: - - inventory_hostname in groups['controllers'] - -- name: Add labels to compute nodes - delegate_to: "{{ groups[kubernetes_control_plane_group][0] }}" - kubernetes.core.k8s: - state: patched - kind: Node - name: "{{ inventory_hostname_short }}" - definition: - metadata: - labels: "{{ kubernetes_compute_node_labels }}" - when: - - inventory_hostname in groups['computes'] diff --git a/roles/kubernetes/tasks/nodes.yml b/roles/kubernetes/tasks/nodes.yml deleted file mode 100644 index 5b4f688..0000000 --- a/roles/kubernetes/tasks/nodes.yml +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Check if Kubernetes is already deployed - ansible.builtin.stat: - path: /etc/kubernetes/kubelet.conf - register: _kubernetes_kubelet - -- name: Join cluster - when: not _kubernetes_kubelet.stat.exists - ansible.builtin.include_tasks: join-cluster.yml diff --git a/roles/kubernetes/templates/apt-preferences.j2 b/roles/kubernetes/templates/apt-preferences.j2 deleted file mode 100644 index 494a3a8..0000000 --- a/roles/kubernetes/templates/apt-preferences.j2 +++ /dev/null @@ -1,11 +0,0 @@ -Package: kubectl -Pin: version {{ kubernetes_version }}-00 -Pin-Priority: 1000 - -Package: kubeadm -Pin: version {{ kubernetes_version }}-00 -Pin-Priority: 1000 - -Package: kubelet -Pin: version {{ kubernetes_version }}-00 -Pin-Priority: 1000 \ No newline at end of file diff --git a/roles/kubernetes/templates/check_apiserver.sh.j2 b/roles/kubernetes/templates/check_apiserver.sh.j2 deleted file mode 100644 index bc9aa95..0000000 --- a/roles/kubernetes/templates/check_apiserver.sh.j2 +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh - -errorExit() { - echo "*** $*" 1>&2 - exit 1 -} - -curl --silent --max-time 2 --insecure https://localhost:16443/ -o /dev/null || errorExit "Error GET https://localhost:16443/" -if ip addr | grep -q {{ kubernetes_keepalived_vip }}; then - curl --silent --max-time 2 --insecure https://{{ kubernetes_keepalived_vip }}:6443/ -o /dev/null || errorExit "Error GET https://{{ kubernetes_keepalived_vip }}:6443/" -fi \ No newline at end of file diff --git a/roles/kubernetes/templates/haproxy.cfg.j2 b/roles/kubernetes/templates/haproxy.cfg.j2 deleted file mode 100644 index 053ce9a..0000000 --- a/roles/kubernetes/templates/haproxy.cfg.j2 +++ /dev/null @@ -1,51 +0,0 @@ -# /etc/haproxy/haproxy.cfg -#--------------------------------------------------------------------- -# Global settings -#--------------------------------------------------------------------- -global - log /dev/log local0 - log /dev/log local1 notice - daemon - -#--------------------------------------------------------------------- -# common defaults that all the 'listen' and 'backend' sections will -# use if not designated in their block -#--------------------------------------------------------------------- -defaults - mode http - log global - option httplog - option dontlognull - option http-server-close - option forwardfor except 127.0.0.0/8 - option redispatch - retries 1 - timeout http-request 10s - timeout queue 20s - timeout connect 5s - timeout client 20s - timeout server 20s - timeout http-keep-alive 10s - timeout check 10s - -#--------------------------------------------------------------------- -# apiserver frontend which proxys to the masters -#--------------------------------------------------------------------- -frontend apiserver - bind *:6443 - mode tcp - option tcplog - default_backend apiserver - -#--------------------------------------------------------------------- -# round robin balancing for apiserver -#--------------------------------------------------------------------- -backend apiserver - option httpchk GET /healthz - http-check expect status 200 - mode tcp - option ssl-hello-chk - balance roundrobin -{% for host in groups[kubernetes_control_plane_group] %} - server {{ host }} {{ hostvars[host]['ansible_default_ipv4']['address'] }}:16443 check -{% endfor %} diff --git a/roles/kubernetes/templates/keepalived.conf.j2 b/roles/kubernetes/templates/keepalived.conf.j2 deleted file mode 100644 index 58fde31..0000000 --- a/roles/kubernetes/templates/keepalived.conf.j2 +++ /dev/null @@ -1,25 +0,0 @@ -global_defs { - router_id LVS_DEVEL -} - -vrrp_script check_apiserver { - script "/etc/keepalived/check_apiserver.sh" - interval 3 - weight -2 - fall 10 - rise 2 -} - -vrrp_instance kubernetes { - state MASTER - interface {{ kubernetes_keepalived_interface }} - virtual_router_id {{ kubernetes_keepalived_vrid }} - - virtual_ipaddress { - {{ kubernetes_keepalived_vip }} - } - - track_script { - check_apiserver - } -} \ No newline at end of file diff --git a/roles/kubernetes/templates/kubeadm.yaml.j2 b/roles/kubernetes/templates/kubeadm.yaml.j2 deleted file mode 100644 index 5ef4829..0000000 --- a/roles/kubernetes/templates/kubeadm.yaml.j2 +++ /dev/null @@ -1,59 +0,0 @@ ---- -apiVersion: kubeadm.k8s.io/v1beta3 -kind: InitConfiguration -localAPIEndpoint: - bindPort: 16443 -nodeRegistration: - kubeletExtraArgs: - cgroups-per-qos: "false" - enforce-node-allocatable: "" - node-ip: "{{ ansible_default_ipv4.address }}" - container-runtime: "remote" - container-runtime-endpoint: "/run/containerd/containerd.sock" ---- -apiVersion: kubeadm.k8s.io/v1beta2 -kind: JoinConfiguration -nodeRegistration: - kubeletExtraArgs: - cgroups-per-qos: "false" - enforce-node-allocatable: "" - node-ip: "{{ ansible_default_ipv4.address }}" - container-runtime: "remote" - container-runtime-endpoint: "/run/containerd/containerd.sock" -{% if (_kubernetes_bootstrap_node is not defined) or (_kubernetes_bootstrap_node is defined and inventory_hostname != _kubernetes_bootstrap_node) %} -discovery: - bootstrapToken: - token: "{{ _kubeadm_token_create.stdout | trim }}" - apiServerEndpoint: "{{ kubernetes_hostname }}:6443" - caCertHashes: ["sha256:{{ _kubeadm_certificate_info.public_key_fingerprints.sha256 | replace(':', '') }}"] -{% if inventory_hostname in groups[kubernetes_control_plane_group] %} -controlPlane: - localAPIEndpoint: - bindPort: 16443 - certificateKey: {{ _kubeadm_init_upload_certs.stdout_lines[-1] | trim }} -{% endif %} -{% endif %} ---- -apiVersion: kubeadm.k8s.io/v1beta3 -kind: ClusterConfiguration -controlPlaneEndpoint: "{{ kubernetes_hostname }}:6443" -apiServer: - extraArgs: - oidc-username-claim: email -{% if kubernetes_oidc_issuer_url is defined %} - oidc-issuer-url: {{ kubernetes_oidc_issuer_url }} - oidc-client-id: {{ kubernetes_oidc_client_id }} -{% endif %} -controllerManager: - extraArgs: - bind-address: "0.0.0.0" -scheduler: - extraArgs: - bind-address: "0.0.0.0" ---- -apiVersion: kubelet.config.k8s.io/v1beta1 -kind: KubeletConfiguration ---- -apiVersion: kubeproxy.config.k8s.io/v1alpha1 -kind: KubeProxyConfiguration -metricsBindAddress: 0.0.0.0 \ No newline at end of file diff --git a/roles/kubernetes/templates/modules-load.conf.j2 b/roles/kubernetes/templates/modules-load.conf.j2 deleted file mode 100644 index 2c4d984..0000000 --- a/roles/kubernetes/templates/modules-load.conf.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{% for kubernetes_kernel_module in kubernetes_kernel_modules %} -{{ kubernetes_kernel_module }} -{% endfor %} \ No newline at end of file diff --git a/roles/kubernetes/vars/main.yml b/roles/kubernetes/vars/main.yml deleted file mode 100644 index cf153c5..0000000 --- a/roles/kubernetes/vars/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -_kubernetes_upstream_apt_repository: https://apt.kubernetes.io/ diff --git a/roles/node_feature_discovery/meta/main.yml b/roles/node_feature_discovery/meta/main.yml deleted file mode 100644 index 09f196a..0000000 --- a/roles/node_feature_discovery/meta/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for node-feature-discovery - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal diff --git a/roles/node_feature_discovery/tasks/main.yml b/roles/node_feature_discovery/tasks/main.yml deleted file mode 100644 index 39d3c14..0000000 --- a/roles/node_feature_discovery/tasks/main.yml +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Deploy Helm chart - kubernetes.core.k8s: - state: present - definition: - - apiVersion: source.toolkit.fluxcd.io/v1beta2 - kind: HelmRepository - metadata: - name: node-feature-discovery - namespace: monitoring - spec: - interval: 60s - url: https://kubernetes-sigs.github.io/node-feature-discovery/charts - - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - metadata: - name: node-feature-discovery - namespace: monitoring - spec: - interval: 60s - chart: - spec: - chart: node-feature-discovery - version: 0.10.0 - sourceRef: - kind: HelmRepository - name: node-feature-discovery - values: - image: - repository: "{{ atmosphere_image_repository | default('us-docker.pkg.dev/vexxhost-infra/openstack') }}/node-feature-discovery" - tag: 0.10.0 - master: - nodeSelector: - openstack-control-plane: enabled diff --git a/roles/openstack_cli/defaults/main.yml b/roles/openstack_cli/defaults/main.yml deleted file mode 100644 index 03d293c..0000000 --- a/roles/openstack_cli/defaults/main.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: openstack_cli_packages [[[ -# -# List of packages to install for OpenStack CLI -openstack_cli_packages: - - python3-openstackclient - - # ]]] diff --git a/roles/openstack_cli/tasks/main.yml b/roles/openstack_cli/tasks/main.yml deleted file mode 100644 index b1c032a..0000000 --- a/roles/openstack_cli/tasks/main.yml +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Install OpenStack client - become: true - ansible.builtin.apt: - name: "{{ openstack_cli_packages }}" - -- name: Generate OpenStack-Helm endpoints - ansible.builtin.include_role: - name: openstack_helm_endpoints - vars: - openstack_helm_endpoints_list: ["identity"] - -- name: Generate openrc file - become: true - ansible.builtin.template: - src: openrc.j2 - dest: /root/openrc - owner: root - group: root - mode: 0600 diff --git a/roles/openstack_cli/templates/openrc.j2 b/roles/openstack_cli/templates/openrc.j2 deleted file mode 100644 index 7b56e0f..0000000 --- a/roles/openstack_cli/templates/openrc.j2 +++ /dev/null @@ -1,12 +0,0 @@ -# {{ ansible_managed }} - -export OS_IDENTITY_API_VERSION=3 - -export OS_AUTH_URL="{{ openstack_helm_endpoints['identity']['scheme']['public'] }}://{{ openstack_helm_endpoints['identity']['host_fqdn_override']['public']['host'] }}/v3" -export OS_AUTH_TYPE=password -export OS_REGION_NAME="{{ openstack_helm_endpoints['identity']['auth']['admin']['region_name'] }}" -export OS_USER_DOMAIN_NAME=Default -export OS_USERNAME="{{ openstack_helm_endpoints['identity']['auth']['admin']['username'] }}" -export OS_PASSWORD="{{ openstack_helm_endpoints['identity']['auth']['admin']['password'] }}" -export OS_PROJECT_DOMAIN_NAME=Default -export OS_PROJECT_NAME=admin \ No newline at end of file diff --git a/roles/openstack_exporter/defaults/main.yml b/roles/openstack_exporter/defaults/main.yml deleted file mode 100644 index 26435fc..0000000 --- a/roles/openstack_exporter/defaults/main.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - -# .. envvar:: openstack_exporter_image_repository [[[ -# -# OpenStack-exporter container image repository location -openstack_exporter_image_repository: "quay.io/niedbalski" - - # ]]] -# .. envvar:: openstack_exporter_image_tag [[[ -# -# openstack-exporter container image tag -openstack_exporter_image_tag: v1.6.0 - - # ]]] diff --git a/roles/openstack_exporter/meta/main.yml b/roles/openstack_exporter/meta/main.yml deleted file mode 100644 index 4062e84..0000000 --- a/roles/openstack_exporter/meta/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for OpenStack exporter - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal diff --git a/roles/openstack_exporter/tasks/main.yml b/roles/openstack_exporter/tasks/main.yml deleted file mode 100644 index d809237..0000000 --- a/roles/openstack_exporter/tasks/main.yml +++ /dev/null @@ -1,382 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Create keystone user - openstack.cloud.identity_user: - cloud: atmosphere - state: present - name: openstack-exporter-{{ openstack_helm_endpoints_region_name }} - password: "{{ openstack_helm_endpoints_openstack_exporter_keystone_password }}" - domain: service - default_project: service - -- name: Assign admin role to service user - openstack.cloud.role_assignment: - cloud: atmosphere - user: openstack-exporter-{{ openstack_helm_endpoints_region_name }} - role: admin - project: service - domain: service - -- name: Deploy service - kubernetes.core.k8s: - state: present - definition: - - apiVersion: v1 - kind: Secret - metadata: - name: openstack-config - namespace: monitoring - type: Opaque - stringData: - clouds.yaml: | - clouds: - openstack: - auth: - auth_url: http://keystone-api.openstack.svc.cluster.local:5000 - project_domain_name: service - project_name: service - user_domain_name: service - username: openstack-exporter-{{ openstack_helm_endpoints_region_name }} - password: {{ openstack_helm_endpoints_openstack_exporter_keystone_password }} - region_name: {{ openstack_helm_endpoints_region_name }} - interface: internal - identity_api_version: 3 - identity_interface: internal - - - apiVersion: apps/v1 - kind: Deployment - metadata: - name: openstack-exporter - namespace: monitoring - labels: - application: openstack-exporter - spec: - replicas: 1 - selector: - matchLabels: - application: openstack-exporter - template: - metadata: - labels: - application: openstack-exporter - spec: - nodeSelector: - openstack-control-plane: enabled - containers: - - name: openstack-exporter - image: "{{ openstack_exporter_image_repository }}/openstack-exporter-linux-amd64:{{ openstack_exporter_image_tag }}" - args: - - --endpoint-type - - internal - - default - - --collect-metric-time - - --disable-service.identity - - --disable-service.image - - --disable-metric=cinder-limits_volume_max_gb - - --disable-metric=cinder-limits_volume_used_gb - - --disable-metric=cinder-volumes - - --disable-metric=cinder-volume_status - - --disable-metric=neutron-floating_ips - - --disable-metric=neutron-networks - - --disable-metric=neutron-security_groups - - --disable-metric=neutron-subnets - - --disable-metric=neutron-routers - - --disable-metric=nova-flavors - - --disable-metric=nova-availability_zones - - --disable-metric=nova-security_groups - - --disable-metric=nova-limits_vcpus_max - - --disable-metric=nova-limits_vcpus_used - - --disable-metric=nova-limits_memory_max - - --disable-metric=nova-limits_memory_used - port: - name: metrics - containerPort: 9180 - volumeMounts: - - name: openstack-config - mountPath: "/etc/openstack" - volumes: - - name: openstack-config - secret: - secretName: openstack-config - - - apiVersion: v1 - kind: Service - metadata: - name: openstack-exporter - namespace: monitoring - labels: - application: openstack-exporter - spec: - clusterIP: None - ports: - - name: metrics - port: 9180 - targetPort: metrics - selector: - application: openstack-exporter - - - apiVersion: monitoring.coreos.com/v1 - kind: ServiceMonitor - metadata: - name: openstack-exporter - namespace: monitoring - labels: - application: openstack-exporter - spec: - endpoints: - - interval: 1m - scrapeTimeout: 30s - port: metrics - relabelings: - - action: replace - regex: (.*) - replacement: default - targetLabel: instance - jobLabel: jobLabel - namespaceSelector: - any: true - selector: - matchLabels: - application: openstack-exporter - - - apiVersion: monitoring.coreos.com/v1 - kind: PrometheusRule - metadata: - name: openstack-exporter - namespace: monitoring - labels: - application: openstack-exporter - spec: - groups: - - name: cinder - rules: - - alert: CinderAgentDown - annotations: - description: | - '{% raw %}The service {{ $labels.exported_service }} running - on {{ $labels.hostname }} is being reported as down.{% endraw %}' - summary: | - '{% raw %}[{{ $labels.hostname }}] {{ $labels.exported_service }} - down{% endraw %}' - expr: | - openstack_cinder_agent_state != 1 - labels: - severity: warning - - alert: CinderAgentDown - annotations: - description: | - '{% raw %}The service {{ $labels.exported_service }} running on - {{ $labels.hostname }} is being reported as down for 5 minutes. - This can affect volume operations so it must be resolved as - quickly as possible.{% endraw %}' - summary: | - '{% raw %}[{{ $labels.hostname }}] {{ $labels.exported_service }} - down{% endraw %}' - expr: | - openstack_cinder_agent_state != 1 - for: 5m - labels: - severity: critical - - alert: CinderAgentDisabled - annotations: - description: | - '{% raw %}The service {{ $labels.exported_service }} running on {{ $labels.hostname }} - has been disabled for 60 minutes. This can affect volume operations so it must be - resolved as quickly as possible.{% endraw %}' - summary: | - '{% raw %}[{{ $labels.hostname }}] {{ $labels.exported_service }} - disabled{% endraw %}' - expr: | - openstack_cinder_agent_state{adminState!="enabled"} - for: 1h - labels: - severity: warning - - alert: CinderVolumeInError - annotations: - description: | - '{% raw %}The volume {{ $labels.id }} has been in ERROR state for over 24 hours. - It must be cleaned up or removed in order to provide a consistent customer - experience.{% endraw %}' - summary: | - '{% raw %}[{{ $labels.id }}] Volume in ERROR state{% endraw %}' - expr: | - openstack_cinder_volume_status{status=~"error.*"} - for: 24h - labels: - severity: warning - - name: neutron - rules: - - alert: NeutronAgentDown - annotations: - description: | - '{% raw %}The service {{ $labels.exported_service }} running on {{ $labels.hostname }} - is being reported as down.{% endraw %}' - summary: | - '{% raw %}[{{ $labels.hostname }}] {{ $labels.exported_service }} - down{% endraw %}' - expr: | - openstack_neutron_agent_state != 1 - labels: - severity: warning - - alert: NeutronAgentDown - annotations: - description: | - '{% raw %}The service {{ $labels.exported_service }} running on {{ $labels.hostname }} - is being reported as down for 5 minutes. This can affect network operations so it - must be resolved as quickly as possible.{% endraw %}' - summary: | - '{% raw %}[{{ $labels.hostname }}] {{ $labels.exported_service }} - down{% endraw %}' - expr: | - openstack_neutron_agent_state != 1 - for: 5m - labels: - severity: critical - - alert: NeutronAgentDisabled - annotations: - description: | - '{% raw %}The service {{ $labels.exported_service }} running on {{ $labels.hostname }} - has been disabled for 60 minutes. This can affect network operations so it must be - resolved as quickly as possible.{% endraw %}' - summary: | - '{% raw %}[{{ $labels.hostname }}] {{ $labels.exported_service }} - disabled{% endraw %}' - expr: | - openstack_neutron_agent_state{adminState!="up"} - for: 1h - labels: - severity: warning - - alert: NeutronBindingFailedPorts - annotations: - description: | - '{% raw %}The NIC {{ $labels.mac_address }} of {{ $labels.device_owner }} - has binding failed port now.{% endraw %}' - summary: | - '{% raw %}[{{ $labels.device_owner }}] {{ $labels.mac_address }} - binding failed{% endraw %}' - expr: | - openstack_neutron_port{binding_vif_type="binding_failed"} != 0 - labels: - severity: warning - - alert: NeutronNetworkOutOfIPs - annotations: - description: | - '{% raw %}The subnet {{ $labels.subnet_name }} within {{ $labels.network_name }} - is currently at {{ $value }}% utilization. If the IP addresses run out, it will - impact the provisioning of new ports.{% endraw %}' - summary: | - '{% raw %}[{{ $labels.network_name }}] {{ $labels.subnet_name }} - running out of IPs{% endraw %}' - expr: | - sum by (network_id) (openstack_neutron_network_ip_availabilities_used{project_id!=""}) / sum by (network_id) - (openstack_neutron_network_ip_availabilities_total{project_id!=""}) * 100 > 80 - labels: - severity: warning - - name: nova - rules: - - alert: NovaAgentDown - annotations: - description: | - '{% raw %}The service {{ $labels.exported_service }} running on {{ $labels.hostname }} - is being reported as down.{% endraw %}' - summary: | - '{% raw %}[{{ $labels.hostname }}] {{ $labels.exported_service }} - down{% endraw %}' - expr: | - openstack_nova_agent_state != 1 - labels: - severity: warning - - alert: NovaAgentDown - annotations: - description: | - '{% raw %}The service {{ $labels.exported_service }} running on {{ $labels.hostname }} is - being reported as down. This can affect compute operations so it must be resolved as - quickly as possible.{% endraw %}' - summary: | - '{% raw %}[{{ $labels.hostname }}] {{ $labels.exported_service }} - down{% endraw %}' - expr: | - openstack_nova_agent_state != 1 - for: 5m - labels: - severity: critical - - alert: NovaAgentDisabled - annotations: - description: | - '{% raw %}The service {{ $labels.exported_service }} running on {{ $labels.hostname }} has been - disabled for 60 minutes. This can affect compute operations so it must be resolved as quickly - as possible.{% endraw %}' - summary: | - '{% raw %}[{{ $labels.hostname }}] {{ $labels.exported_service }} - disabled{% endraw %}' - expr: | - openstack_nova_agent_state{adminState!="enabled"} - for: 1h - labels: - severity: warning - - alert: NovaInstanceInError - annotations: - description: | - '{% raw %}The instance {{ $labels.id }} has been in ERROR state for over 24 hours. - It must be cleaned up or removed in order to provide a consistent customer - experience.{% endraw %}' - summary: '{% raw %}[{{ $labels.id }}] Instance in ERROR state{% endraw %}' - expr: | - openstack_nova_server_status{status="ERROR"} - for: 24h - labels: - severity: warning - - alert: NovaFailureRisk - annotations: - description: | - '{% raw %}The cloud capacity will be at {{ $value }} in the event of the failure of - a single hypervisor which puts the cloud at risk of not being able to recover should - any hypervisor failures occur. Please ensure that adequate amount of infrastructure - is assigned to this deployment to prevent this.{% endraw %}' - summary: '{% raw %}[nova] Failure risk{% endraw %}' - expr: | - (sum(openstack_nova_memory_available_bytes-openstack_nova_memory_used_bytes) - max(openstack_nova_memory_used_bytes)) - / sum(openstack_nova_memory_available_bytes-openstack_nova_memory_used_bytes) * 100 < 0.25 - for: 6h - labels: - severity: warning - - alert: NovaCapacity - annotations: - description: | - '{% raw %}The cloud capacity is currently at `{{ $value }}` which means there is a - risk of running out of capacity due to the timeline required to add new nodes. - Please ensure that adequate amount of infrastructure is assigned to this deployment - to prevent this.{% endraw %}' - summary: '{% raw %}[nova] Capacity risk{% endraw %}' - expr: | - sum ( - openstack_nova_memory_used_bytes - + on(hostname) group_left(adminState) - (0 * openstack_nova_agent_state{exported_service="nova-compute",adminState="enabled"}) - ) / sum ( - openstack_nova_memory_available_bytes - + on(hostname) group_left(adminState) - (0 * openstack_nova_agent_state{exported_service="nova-compute",adminState="enabled"}) - ) * 100 > 75 - for: 6h - labels: - severity: warning - # NOTE(mnaser): Since we haven't moved to the operator pattern yet, we need to - # keep retrying a few times as the CRDs might not be installed - # yet. - retries: 60 - delay: 5 - register: _result - until: _result is not failed diff --git a/roles/openstack_helm_barbican/defaults/main.yml b/roles/openstack_helm_barbican/defaults/main.yml deleted file mode 100644 index aad757c..0000000 --- a/roles/openstack_helm_barbican/defaults/main.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: openstack_helm_barbican_image_repository [[[ -# -# Image repository location to be prefixed for all images -openstack_helm_barbican_image_repository: "{{ atmosphere_image_repository | default('us-docker.pkg.dev/vexxhost-infra/openstack') }}" - - # ]]] -# .. envvar:: openstack_helm_barbican_image_tag [[[ -# -# Image tag for container -openstack_helm_barbican_image_tag: 12.0.1.dev11 - - # ]]] -# .. envvar:: openstack_helm_barbican_heat_image_tag [[[ -# -# Image tag for Heat to be used for jobs running via Helm hooks -openstack_helm_barbican_heat_image_tag: wallaby - - # ]]] -# .. envvar:: openstack_helm_barbican_values [[[ -# -# Overrides for Helm chart values -openstack_helm_barbican_values: {} - - # ]]] -# .. envvar:: openstack_helm_barbican_kek [[[ -# -# Barbican key encryption key -openstack_helm_barbican_kek: "{{ undef(hint='You must specify a Barbican key encryption key') }}" - - # ]]] -# .. envvar:: openstack_helm_barbican_ingress_annotations [[[ -# -# Ingress annotations -openstack_helm_barbican_ingress_annotations: {} - - # ]]] diff --git a/roles/openstack_helm_barbican/meta/main.yml b/roles/openstack_helm_barbican/meta/main.yml deleted file mode 100644 index 0a1f600..0000000 --- a/roles/openstack_helm_barbican/meta/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for OpenStack Barbican - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal diff --git a/roles/openstack_helm_barbican/tasks/main.yml b/roles/openstack_helm_barbican/tasks/main.yml deleted file mode 100644 index e134811..0000000 --- a/roles/openstack_helm_barbican/tasks/main.yml +++ /dev/null @@ -1,85 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Generate OpenStack-Helm endpoints - ansible.builtin.include_role: - name: openstack_helm_endpoints - vars: - openstack_helm_endpoints_repo_name: openstack-helm - openstack_helm_endpoints_repo_url: https://tarballs.opendev.org/openstack/openstack-helm/ - openstack_helm_endpoints_chart: barbican - -- name: Deploy Helm chart - kubernetes.core.k8s: - state: present - definition: - - apiVersion: source.toolkit.fluxcd.io/v1beta2 - kind: HelmRepository - metadata: - name: openstack-helm - namespace: openstack - spec: - interval: 60s - url: https://tarballs.opendev.org/openstack/openstack-helm/ - - - apiVersion: v1 - kind: Secret - metadata: - name: atmosphere-barbican - namespace: openstack - stringData: - values.yaml: "{{ _openstack_helm_barbican_values | combine(openstack_helm_barbican_values, recursive=True) | to_nice_yaml }}" - - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - metadata: - name: barbican - namespace: openstack - spec: - interval: 60s - chart: - spec: - chart: barbican - version: 0.2.12 - sourceRef: - kind: HelmRepository - name: openstack-helm - install: - disableWait: true - upgrade: - disableWait: true - valuesFrom: - - kind: Secret - name: atmosphere-barbican - - kind: Secret - name: percona-xtradb - valuesKey: root - targetPath: endpoints.oslo_db.auth.admin.password - - kind: Secret - name: rabbitmq-barbican-default-user - valuesKey: username - targetPath: endpoints.oslo_messaging.auth.admin.username - - kind: Secret - name: rabbitmq-barbican-default-user - valuesKey: password - targetPath: endpoints.oslo_messaging.auth.admin.password - -- name: Create Ingress - ansible.builtin.include_role: - name: openstack_helm_ingress - vars: - openstack_helm_ingress_endpoint: key_manager - openstack_helm_ingress_service_name: barbican-api - openstack_helm_ingress_service_port: 9311 - openstack_helm_ingress_annotations: "{{ openstack_helm_barbican_ingress_annotations }}" diff --git a/roles/openstack_helm_barbican/vars/main.yml b/roles/openstack_helm_barbican/vars/main.yml deleted file mode 100644 index 8a4fec0..0000000 --- a/roles/openstack_helm_barbican/vars/main.yml +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -_openstack_helm_barbican_values: - endpoints: "{{ openstack_helm_endpoints }}" - images: - tags: - bootstrap: "{{ openstack_helm_barbican_image_repository }}/heat:{{ openstack_helm_barbican_heat_image_tag }}" - db_drop: "{{ openstack_helm_barbican_image_repository }}/heat:{{ openstack_helm_barbican_heat_image_tag }}" - db_init: "{{ openstack_helm_barbican_image_repository }}/heat:{{ openstack_helm_barbican_heat_image_tag }}" - dep_check: "{{ openstack_helm_barbican_image_repository }}/kubernetes-entrypoint:latest" - ks_endpoints: "{{ openstack_helm_barbican_image_repository }}/heat:{{ openstack_helm_barbican_heat_image_tag }}" - ks_service: "{{ openstack_helm_barbican_image_repository }}/heat:{{ openstack_helm_barbican_heat_image_tag }}" - ks_user: "{{ openstack_helm_barbican_image_repository }}/heat:{{ openstack_helm_barbican_heat_image_tag }}" - barbican_db_sync: "{{ openstack_helm_barbican_image_repository }}/barbican:{{ openstack_helm_barbican_image_tag }}" - barbican_api: "{{ openstack_helm_barbican_image_repository }}/barbican:{{ openstack_helm_barbican_image_tag }}" - rabbit_init: "{{ openstack_helm_barbican_image_repository }}/rabbitmq:3.8.23-management" - pod: - replicas: - api: 3 - conf: - barbican: - DEFAULT: - log_config_append: null - oslo_messaging_notifications: - driver: noop - simple_crypto_plugin: - kek: "{{ openstack_helm_barbican_kek }}" - simple_crypto_kek_rewrap: - old_kek: "{{ openstack_helm_barbican_kek }}" - - manifests: - ingress_api: false - service_ingress_api: false diff --git a/roles/openstack_helm_cinder/defaults/main.yml b/roles/openstack_helm_cinder/defaults/main.yml deleted file mode 100644 index 97380e2..0000000 --- a/roles/openstack_helm_cinder/defaults/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: openstack_helm_cinder_image_repository [[[ -# -# Image repository location to be prefixed for all images -openstack_helm_cinder_image_repository: "{{ atmosphere_image_repository | default('us-docker.pkg.dev/vexxhost-infra/openstack') }}" - - # ]]] -# .. envvar:: openstack_helm_cinder_image_tag [[[ -# -# Image tag for container -openstack_helm_cinder_image_tag: 18.1.1.dev29-1 - - # ]]] -# .. envvar:: openstack_helm_cinder_heat_image_tag [[[ -# -# Image tag for Heat to be used for jobs running via Helm hooks -openstack_helm_cinder_heat_image_tag: wallaby - - # ]]] -# .. envvar:: openstack_helm_cinder_values [[[ -# -# Overrides for Helm chart values -openstack_helm_cinder_values: {} - - # ]]] -# .. envvar:: openstack_helm_cinder_ingress_annotations [[[ -# -# Ingress annotations -openstack_helm_cinder_ingress_annotations: {} - - # ]]] diff --git a/roles/openstack_helm_cinder/meta/main.yml b/roles/openstack_helm_cinder/meta/main.yml deleted file mode 100644 index 1329a76..0000000 --- a/roles/openstack_helm_cinder/meta/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for OpenStack Cinder - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal diff --git a/roles/openstack_helm_cinder/tasks/main.yml b/roles/openstack_helm_cinder/tasks/main.yml deleted file mode 100644 index 7816d5b..0000000 --- a/roles/openstack_helm_cinder/tasks/main.yml +++ /dev/null @@ -1,85 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Generate OpenStack-Helm endpoints - ansible.builtin.include_role: - name: openstack_helm_endpoints - vars: - openstack_helm_endpoints_repo_name: openstack-helm - openstack_helm_endpoints_repo_url: https://tarballs.opendev.org/openstack/openstack-helm/ - openstack_helm_endpoints_chart: cinder - -- name: Deploy Helm chart - kubernetes.core.k8s: - state: present - definition: - - apiVersion: source.toolkit.fluxcd.io/v1beta2 - kind: HelmRepository - metadata: - name: openstack-helm - namespace: openstack - spec: - interval: 60s - url: https://tarballs.opendev.org/openstack/openstack-helm/ - - - apiVersion: v1 - kind: Secret - metadata: - name: atmosphere-cinder - namespace: openstack - stringData: - values.yaml: "{{ _openstack_helm_cinder_values | combine(openstack_helm_cinder_values, recursive=True) | to_nice_yaml }}" - - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - metadata: - name: cinder - namespace: openstack - spec: - interval: 60s - chart: - spec: - chart: cinder - version: 0.2.25 - sourceRef: - kind: HelmRepository - name: openstack-helm - install: - disableWait: true - upgrade: - disableWait: true - valuesFrom: - - kind: Secret - name: atmosphere-cinder - - kind: Secret - name: percona-xtradb - valuesKey: root - targetPath: endpoints.oslo_db.auth.admin.password - - kind: Secret - name: rabbitmq-cinder-default-user - valuesKey: username - targetPath: endpoints.oslo_messaging.auth.admin.username - - kind: Secret - name: rabbitmq-cinder-default-user - valuesKey: password - targetPath: endpoints.oslo_messaging.auth.admin.password - -- name: Create Ingress - ansible.builtin.include_role: - name: openstack_helm_ingress - vars: - openstack_helm_ingress_endpoint: volumev3 - openstack_helm_ingress_service_name: cinder-api - openstack_helm_ingress_service_port: 8776 - openstack_helm_ingress_annotations: "{{ _openstack_helm_cinder_ingress_annotations | combine(openstack_helm_cinder_ingress_annotations) }}" diff --git a/roles/openstack_helm_cinder/vars/main.yml b/roles/openstack_helm_cinder/vars/main.yml deleted file mode 100644 index 155b1a4..0000000 --- a/roles/openstack_helm_cinder/vars/main.yml +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -_openstack_helm_cinder_values: - endpoints: "{{ openstack_helm_endpoints }}" - images: - tags: - bootstrap: "{{ openstack_helm_cinder_image_repository }}/heat:{{ openstack_helm_cinder_heat_image_tag }}" - cinder_api: "{{ openstack_helm_cinder_image_repository }}/cinder:{{ openstack_helm_cinder_image_tag }}" - cinder_backup_storage_init: "{{ openstack_helm_cinder_image_repository }}/cinder:{{ openstack_helm_cinder_image_tag }}" - cinder_backup: "{{ openstack_helm_cinder_image_repository }}/cinder:{{ openstack_helm_cinder_image_tag }}" - cinder_db_sync: "{{ openstack_helm_cinder_image_repository }}/cinder:{{ openstack_helm_cinder_image_tag }}" - cinder_scheduler: "{{ openstack_helm_cinder_image_repository }}/cinder:{{ openstack_helm_cinder_image_tag }}" - cinder_storage_init: "{{ openstack_helm_cinder_image_repository }}/cinder:{{ openstack_helm_cinder_image_tag }}" - cinder_volume_usage_audit: "{{ openstack_helm_cinder_image_repository }}/cinder:{{ openstack_helm_cinder_image_tag }}" - cinder_volume: "{{ openstack_helm_cinder_image_repository }}/cinder:{{ openstack_helm_cinder_image_tag }}" - db_drop: "{{ openstack_helm_cinder_image_repository }}/heat:{{ openstack_helm_cinder_heat_image_tag }}" - db_init: "{{ openstack_helm_cinder_image_repository }}/heat:{{ openstack_helm_cinder_heat_image_tag }}" - dep_check: "{{ openstack_helm_cinder_image_repository }}/kubernetes-entrypoint:latest" - ks_endpoints: "{{ openstack_helm_cinder_image_repository }}/heat:{{ openstack_helm_cinder_heat_image_tag }}" - ks_service: "{{ openstack_helm_cinder_image_repository }}/heat:{{ openstack_helm_cinder_heat_image_tag }}" - ks_user: "{{ openstack_helm_cinder_image_repository }}/heat:{{ openstack_helm_cinder_heat_image_tag }}" - rabbit_init: "{{ openstack_helm_cinder_image_repository }}/rabbitmq:3.8.23-management" - pod: - replicas: - api: 3 - scheduler: 3 - conf: - paste: - composite:openstack_volume_api_v3: - use: call:cinder.api.middleware.auth:pipeline_factory - noauth: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3 - keystone: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3 - keystone_nolimit: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3 - cinder: - DEFAULT: - allowed_direct_url_schemes: cinder - backup_driver: cinder.backup.drivers.ceph.CephBackupDriver - log_config_append: null - os_region_name: "{{ openstack_helm_endpoints['identity']['auth']['cinder']['region_name'] }}" - volume_usage_audit_period: hour - volume_name_template: volume-%s - barbican: - barbican_endpoint_type: internal - cors: - allowed_origins: "*" - oslo_messaging_notifications: - driver: noop - manifests: - ingress_api: false - job_clean: false - service_ingress_api: false - -_openstack_helm_cinder_ingress_annotations: - nginx.ingress.kubernetes.io/proxy-body-size: "0" - nginx.ingress.kubernetes.io/proxy-request-buffering: "off" diff --git a/roles/openstack_helm_endpoints/defaults/main.yml b/roles/openstack_helm_endpoints/defaults/main.yml deleted file mode 100644 index 7008143..0000000 --- a/roles/openstack_helm_endpoints/defaults/main.yml +++ /dev/null @@ -1,445 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: openstack_helm_endpoints_config [[[ -# -# Additional overrides for the OpenStack Helm endpoints -openstack_helm_endpoints_config: {} - - # ]]] -# .. envvar:: openstack_helm_endpoints_region_name [[[ -# -# Default OpenStack region name -openstack_helm_endpoints_region_name: "{{ undef(hint='You must specify an OpenStack region name') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_rabbitmq_admin_password [[[ -# -# RabbitMQ administrator password -openstack_helm_endpoints_rabbitmq_admin_password: "{{ undef(hint='You must specify a RabbitMQ admin password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_memcached_secret_key [[[ -# -# Memcached secret key for ``oslo.cache`` -openstack_helm_endpoints_memcached_secret_key: "{{ undef(hint='You must specify a Memcached secret key') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_keystone_api_host [[[ -# -# API hostname for OpenStack Identity Service -openstack_helm_endpoints_keystone_api_host: "{{ undef(hint='You must specify a Keystone API hostname') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_keystone_region_name [[[ -# -# Region name for service -openstack_helm_endpoints_keystone_region_name: "{{ openstack_helm_endpoints_region_name }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_keystone_admin_password [[[ -# -# Keystone password for ``admin`` user -openstack_helm_endpoints_keystone_admin_password: "{{ undef(hint='You must specify a Keystone administrator password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_keystone_mariadb_password [[[ -# -# Database password for service -openstack_helm_endpoints_keystone_mariadb_password: "{{ undef(hint='You must specify a Keystone MariaDB password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_keystone_rabbitmq_password [[[ -# -# RabbitMQ password for service -openstack_helm_endpoints_keystone_rabbitmq_password: "{{ undef(hint='You must specify a Keystone RabbitMQ password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_glance_api_host [[[ -# -# API hostname for OpenStack Image Service -openstack_helm_endpoints_glance_api_host: "{{ undef(hint='You must specify a Glance API hostname') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_glance_region_name [[[ -# -# Region name for service -openstack_helm_endpoints_glance_region_name: "{{ openstack_helm_endpoints_region_name }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_glance_keystone_password [[[ -# -# Keystone password for service -openstack_helm_endpoints_glance_keystone_password: "{{ undef(hint='You must specify a Glance Keystone password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_glance_mariadb_password [[[ -# -# Database password for service -openstack_helm_endpoints_glance_mariadb_password: "{{ undef(hint='You must specify a Glance MariaDB password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_glance_rabbitmq_password [[[ -# -# RabbitMQ password for service -openstack_helm_endpoints_glance_rabbitmq_password: "{{ undef(hint='You must specify a Glance RabbitMQ password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_cinder_api_host [[[ -# -# API hostname for OpenStack Block Storage Service -openstack_helm_endpoints_cinder_api_host: "{{ undef(hint='You must specify a Cinder API hostname') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_cinder_region_name [[[ -# -# Region name for service -openstack_helm_endpoints_cinder_region_name: "{{ openstack_helm_endpoints_region_name }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_cinder_keystone_password [[[ -# -# Keystone password for service -openstack_helm_endpoints_cinder_keystone_password: "{{ undef(hint='You must specify a Cinder Keystone password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_cinder_mariadb_password [[[ -# -# Database password for service -openstack_helm_endpoints_cinder_mariadb_password: "{{ undef(hint='You must specify a Cinder MariaDB password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_cinder_rabbitmq_password [[[ -# -# RabbitMQ password for service -openstack_helm_endpoints_cinder_rabbitmq_password: "{{ undef(hint='You must specify a Cinder RabbitMQ password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_placement_api_host [[[ -# -# API hostname for OpenStack Placement Service -openstack_helm_endpoints_placement_api_host: "{{ undef(hint='You must specify a Placement API hostname') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_placement_region_name [[[ -# -# Region name for service -openstack_helm_endpoints_placement_region_name: "{{ openstack_helm_endpoints_region_name }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_placement_keystone_password [[[ -# -# Keystone password for service -openstack_helm_endpoints_placement_keystone_password: "{{ undef(hint='You must specify a Placement Keystone password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_placement_mariadb_password [[[ -# -# Database password for service -openstack_helm_endpoints_placement_mariadb_password: "{{ undef(hint='You must specify a Placement MariaDB password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_barbican_api_host [[[ -# -# API hostname for OpenStack Barbican Service -openstack_helm_endpoints_barbican_api_host: "{{ undef(hint='You must specify a Barbican API hostname') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_barbican_region_name [[[ -# -# Region name for service -openstack_helm_endpoints_barbican_region_name: "{{ openstack_helm_endpoints_region_name }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_barbican_keystone_password [[[ -# -# Keystone password for service -openstack_helm_endpoints_barbican_keystone_password: "{{ undef(hint='You must specify a Barbican Keystone password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_barbican_mariadb_password [[[ -# -# Database password for service -openstack_helm_endpoints_barbican_mariadb_password: "{{ undef(hint='You must specify a Barbican MariaDB password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_neutron_api_host [[[ -# -# API hostname for OpenStack Networking Service -openstack_helm_endpoints_neutron_api_host: "{{ undef(hint='You must specify a Neutron API hostname') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_neutron_region_name [[[ -# -# Region name for service -openstack_helm_endpoints_neutron_region_name: "{{ openstack_helm_endpoints_region_name }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_neutron_keystone_password [[[ -# -# Keystone password for service -openstack_helm_endpoints_neutron_keystone_password: "{{ undef(hint='You must specify a Neutron Keystone password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_neutron_mariadb_password [[[ -# -# Database password for service -openstack_helm_endpoints_neutron_mariadb_password: "{{ undef(hint='You must specify a Neutron MariaDB password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_neutron_rabbitmq_password [[[ -# -# RabbitMQ password for service -openstack_helm_endpoints_neutron_rabbitmq_password: "{{ undef(hint='You must specify a Neutron RabbitMQ password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_neutron_metadata_secret [[[ -# -# Shared secret for Nova metadata service -openstack_helm_endpoints_neutron_metadata_secret: "{{ undef(hint='You must specify a Neutron metadata secret') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_nova_api_host [[[ -# -# API hostname for OpenStack Compute Service -openstack_helm_endpoints_nova_api_host: "{{ undef(hint='You must specify a Nova API hostname') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_nova_novnc_host [[[ -# -# API hostname for OpenStack Compute Service (VNC) -openstack_helm_endpoints_nova_novnc_host: "{{ undef(hint='You must specify a Nova NoVNC hostname') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_nova_region_name [[[ -# -# Region name for service -openstack_helm_endpoints_nova_region_name: "{{ openstack_helm_endpoints_region_name }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_nova_keystone_password [[[ -# -# Keystone password for service -openstack_helm_endpoints_nova_keystone_password: "{{ undef(hint='You must specify a Nova Keystone password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_nova_mariadb_password [[[ -# -# Database password for service -openstack_helm_endpoints_nova_mariadb_password: "{{ undef(hint='You must specify a Nova MariaDB password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_nova_rabbitmq_password [[[ -# -# RabbitMQ password for service -openstack_helm_endpoints_nova_rabbitmq_password: "{{ undef(hint='You must specify a Nova RabbitMQ password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_ironic_api_host [[[ -# -# API hostname for OpenStack Bare Metal Service -openstack_helm_endpoints_ironic_api_host: "{{ undef(hint='You must specify an Ironic API hostname') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_ironic_region_name [[[ -# -# Region name for service -openstack_helm_endpoints_ironic_region_name: "{{ openstack_helm_endpoints_region_name }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_ironic_keystone_password [[[ -# -# Keystone password for service -openstack_helm_endpoints_ironic_keystone_password: "{{ undef(hint='You must specify an Ironic Keystone password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_ironic_mariadb_password [[[ -# -# Database password for service -openstack_helm_endpoints_ironic_mariadb_password: "{{ undef(hint='You must specify an Ironic MariaDB password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_ironic_rabbitmq_password [[[ -# -# RabbitMQ password for service -openstack_helm_endpoints_ironic_rabbitmq_password: "{{ undef(hint='You must specify an Ironic RabbitMQ password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_designate_api_host [[[ -# -# API hostname for OpenStack DNS Service -openstack_helm_endpoints_designate_api_host: "{{ undef(hint='You must specify a Designate API hostname') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_designate_region_name [[[ -# -# Region name for service -openstack_helm_endpoints_designate_region_name: "{{ openstack_helm_endpoints_region_name }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_designate_keystone_password [[[ -# -# Keystone password for service -openstack_helm_endpoints_designate_keystone_password: "{{ undef(hint='You must specify a Designate Keystone password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_designate_mariadb_password [[[ -# -# Database password for service -openstack_helm_endpoints_designate_mariadb_password: "{{ undef(hint='You must specify a Designate MariaDB password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_designate_rabbitmq_password [[[ -# -# RabbitMQ password for service -openstack_helm_endpoints_designate_rabbitmq_password: "{{ undef(hint='You must specify a Designate RabbitMQ password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_octavia_api_host [[[ -# -# API hostname for OpenStack Load Balancer Service -openstack_helm_endpoints_octavia_api_host: "{{ undef(hint='You must specify an Octavia API hostname') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_octavia_region_name [[[ -# -# Region name for service -openstack_helm_endpoints_octavia_region_name: "{{ openstack_helm_endpoints_region_name }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_octavia_keystone_password [[[ -# -# Keystone password for service -openstack_helm_endpoints_octavia_keystone_password: "{{ undef(hint='You must specify an Octavia Keystone password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_octavia_mariadb_password [[[ -# -# Database password for service -openstack_helm_endpoints_octavia_mariadb_password: "{{ undef(hint='You must specify an Octavia MariaDB password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_octavia_rabbitmq_password [[[ -# -# RabbitMQ password for service -openstack_helm_endpoints_octavia_rabbitmq_password: "{{ undef(hint='You must specify an Octavia RabbitMQ password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_senlin_api_host [[[ -# -# API hostname for OpenStack Clustering Service -openstack_helm_endpoints_senlin_api_host: "{{ undef(hint='You must specify a Senlin API hostname') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_senlin_region_name [[[ -# -# Region name for service -openstack_helm_endpoints_senlin_region_name: "{{ openstack_helm_endpoints_region_name }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_senlin_keystone_password [[[ -# -# Keystone password for service -openstack_helm_endpoints_senlin_keystone_password: "{{ undef(hint='You must specify a Senlin Keystone password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_senlin_mariadb_password [[[ -# -# Database password for service -openstack_helm_endpoints_senlin_mariadb_password: "{{ undef(hint='You must specify a Senlin MariaDB password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_senlin_rabbitmq_password [[[ -# -# RabbitMQ password for service -openstack_helm_endpoints_senlin_rabbitmq_password: "{{ undef(hint='You must specify a Senlin RabbitMQ password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_heat_api_host [[[ -# -# API hostname for OpenStack Orchestration Service -openstack_helm_endpoints_heat_api_host: "{{ undef(hint='You must specify a Heat API hostname') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_heat_region_name [[[ -# -# Region name for service -openstack_helm_endpoints_heat_region_name: "{{ openstack_helm_endpoints_region_name }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_heat_keystone_password [[[ -# -# Keystone password for service -openstack_helm_endpoints_heat_keystone_password: "{{ undef(hint='You must specify a Heat Keystone password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_heat_trustee_keystone_password [[[ -# -# Keystone password for service -openstack_helm_endpoints_heat_trustee_keystone_password: "{{ undef(hint='You must specify a Heat trustee Keystone password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_heat_stack_user_keystone_password [[[ -# -# Keystone password for service -openstack_helm_endpoints_heat_stack_user_keystone_password: "{{ undef(hint='You must specify a Heat stack user Keystone password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_heat_mariadb_password [[[ -# -# Database password for service -openstack_helm_endpoints_heat_mariadb_password: "{{ undef(hint='You must specify a Heat MariaDB password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_heat_rabbitmq_password [[[ -# -# RabbitMQ password for service -openstack_helm_endpoints_heat_rabbitmq_password: "{{ undef(hint='You must specify a Heat RabbitMQ password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_heat_cfn_api_host [[[ -# -# API hostname for OpenStack Orchestration Service (CloudFormation) -openstack_helm_endpoints_heat_cfn_api_host: "{{ undef(hint='You must specify a Heat CloudFormation API hostname') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_horizon_api_host [[[ -# -# API hostname for OpenStack Dashboard -openstack_helm_endpoints_horizon_api_host: "{{ undef(hint='You must specify a Horizon API hostname') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_horizon_mariadb_password [[[ -# -# Database password for service -openstack_helm_endpoints_horizon_mariadb_password: "{{ undef(hint='You must specify a Horizon MariaDB password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_tempest_region_name [[[ -# -# Region name for service -openstack_helm_endpoints_tempest_region_name: "{{ openstack_helm_endpoints_region_name }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_tempest_keystone_password [[[ -# -# Keystone password for service -openstack_helm_endpoints_tempest_keystone_password: "{{ undef(hint='You must specify a Tempest Keystone password') }}" - - # ]]] -# .. envvar:: openstack_helm_endpoints_openstack_exporter_keystone_password [[[ -# -# Keystone password for service -openstack_helm_endpoints_openstack_exporter_keystone_password: "{{ undef(hint='You must specify a OpenStack Exporter Keystone password') }}" - - # ]]] diff --git a/roles/openstack_helm_endpoints/tasks/main.yml b/roles/openstack_helm_endpoints/tasks/main.yml deleted file mode 100644 index 4764ad7..0000000 --- a/roles/openstack_helm_endpoints/tasks/main.yml +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Retrieve list of all the needed endpoints - ansible.builtin.set_fact: - openstack_helm_endpoints_list: |- - {{ lookup('ansible.builtin.url', 'https://opendev.org/openstack/' ~ openstack_helm_endpoints_repo_name ~ '/raw/branch/master/' ~ openstack_helm_endpoints_chart ~ '/values.yaml', split_lines=False) | from_yaml | community.general.json_query('keys(endpoints)') | difference(_openstack_helm_endpoints_ignore) }} - when: - - openstack_helm_endpoints_list is not defined or openstack_helm_endpoints_list == None - -# NOTE(mnaser): Since we manage one-RabbitMQ per service, we create the RabbitMQ -# cluster here and then append the necessary values to be used -# inside the `oslo_messaging` section. -- name: Create RabbitMQ cluster - ansible.builtin.include_role: - name: rabbitmq - vars: - rabbitmq_cluster_name: "{{ openstack_helm_endpoints_chart }}" - when: - - '"oslo_messaging" in openstack_helm_endpoints_list' - -- name: Reset value for OpenStack_Helm endpoints - ansible.builtin.set_fact: - openstack_helm_endpoints: "{{ openstack_helm_endpoints_config }}" - -- name: Generate OpenStack-Helm endpoints - ansible.builtin.set_fact: - openstack_helm_endpoints: | - {{ openstack_helm_endpoints | combine(lookup('vars', '_openstack_helm_endpoints_' + service), recursive=True) }} - loop: "{{ openstack_helm_endpoints_list }}" - loop_control: - loop_var: service - -# NOTE(mnaser): Since we use `openstack_helm_endpoints_list` to ensure that we -# have a common entry for endpoints and stay DRY, we need to -# reset the fact so it works for follow-up requests. -- name: Clean-up facts - ansible.builtin.set_fact: - openstack_helm_endpoints_list: diff --git a/roles/openstack_helm_endpoints/vars/main.yml b/roles/openstack_helm_endpoints/vars/main.yml deleted file mode 100644 index 9bba6ab..0000000 --- a/roles/openstack_helm_endpoints/vars/main.yml +++ /dev/null @@ -1,419 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -_openstack_helm_endpoints_ignore: - - ceph_object_store - - cloudwatch - - cluster_domain_suffix - - compute_spice_proxy - - fluentd - - ingress - - kube_dns - - ldap - - libvirt_exporter - - local_image_registry - - monitoring - - object_store - - oci_image_registry - - prometheus_rabbitmq_exporter - -_openstack_helm_endpoints_oslo_db: - oslo_db: - hosts: - default: percona-xtradb-haproxy - -_openstack_helm_endpoints_oslo_messaging: - oslo_messaging: - statefulset: null - hosts: - default: "rabbitmq-{{ openstack_helm_endpoints_chart }}" - -_openstack_helm_endpoints_oslo_cache: - oslo_cache: - auth: - memcache_secret_key: "{{ openstack_helm_endpoints_memcached_secret_key }}" - -_openstack_helm_endpoints_identity: - identity: - auth: - admin: - region_name: "{{ openstack_helm_endpoints_keystone_region_name }}" - username: "admin-{{ openstack_helm_endpoints_keystone_region_name }}" - password: "{{ openstack_helm_endpoints_keystone_admin_password }}" - hosts: - default: keystone-api - scheme: - public: https - host_fqdn_override: - public: - host: "{{ openstack_helm_endpoints_keystone_api_host }}" - port: - api: - default: 5000 - public: 443 - oslo_db: - auth: - keystone: - password: "{{ openstack_helm_endpoints_keystone_mariadb_password }}" - oslo_messaging: - auth: - keystone: - password: "{{ openstack_helm_endpoints_keystone_rabbitmq_password }}" - -_openstack_helm_endpoints_image: - identity: - auth: - glance: - region_name: "{{ openstack_helm_endpoints_glance_region_name }}" - username: "glance-{{ openstack_helm_endpoints_glance_region_name }}" - password: "{{ openstack_helm_endpoints_glance_keystone_password }}" - image: - scheme: - public: https - host_fqdn_override: - public: - host: "{{ openstack_helm_endpoints_glance_api_host }}" - port: - api: - public: 443 - oslo_db: - auth: - glance: - password: "{{ openstack_helm_endpoints_glance_mariadb_password }}" - oslo_messaging: - auth: - glance: - password: "{{ openstack_helm_endpoints_glance_rabbitmq_password }}" - -_openstack_helm_endpoints_volumev3: - identity: - auth: - cinder: - region_name: "{{ openstack_helm_endpoints_cinder_region_name }}" - username: "cinder-{{ openstack_helm_endpoints_cinder_region_name }}" - password: "{{ openstack_helm_endpoints_cinder_keystone_password }}" - volumev3: - scheme: - public: https - host_fqdn_override: - public: - host: "{{ openstack_helm_endpoints_cinder_api_host }}" - port: - api: - public: 443 - oslo_db: - auth: - cinder: - password: "{{ openstack_helm_endpoints_cinder_mariadb_password }}" - oslo_messaging: - auth: - cinder: - password: "{{ openstack_helm_endpoints_cinder_rabbitmq_password }}" - -_openstack_helm_endpoints_placement: - identity: - auth: - placement: - region_name: "{{ openstack_helm_endpoints_placement_region_name }}" - username: "placement-{{ openstack_helm_endpoints_placement_region_name }}" - password: "{{ openstack_helm_endpoints_placement_keystone_password }}" - oslo_db: - auth: - placement: - password: "{{ openstack_helm_endpoints_placement_mariadb_password }}" - placement: - scheme: - public: https - host_fqdn_override: - public: - host: "{{ openstack_helm_endpoints_placement_api_host }}" - port: - api: - public: 443 - -_openstack_helm_endpoints_key_manager: - identity: - auth: - barbican: - region_name: "{{ openstack_helm_endpoints_barbican_region_name }}" - username: "barbican-{{ openstack_helm_endpoints_barbican_region_name }}" - password: "{{ openstack_helm_endpoints_barbican_keystone_password }}" - oslo_db: - auth: - barbican: - password: "{{ openstack_helm_endpoints_barbican_mariadb_password }}" - key_manager: - scheme: - public: https - host_fqdn_override: - public: - host: "{{ openstack_helm_endpoints_barbican_api_host }}" - port: - api: - public: 443 - -_openstack_helm_endpoints_network: - identity: - auth: - neutron: - region_name: "{{ openstack_helm_endpoints_neutron_region_name }}" - username: "neutron-{{ openstack_helm_endpoints_neutron_region_name }}" - password: "{{ openstack_helm_endpoints_neutron_keystone_password }}" - network: - scheme: - public: https - host_fqdn_override: - public: - host: "{{ openstack_helm_endpoints_neutron_api_host }}" - port: - api: - public: 443 - oslo_db: - auth: - neutron: - password: "{{ openstack_helm_endpoints_neutron_mariadb_password }}" - oslo_messaging: - auth: - neutron: - password: "{{ openstack_helm_endpoints_neutron_rabbitmq_password }}" - -_openstack_helm_endpoints_compute: - identity: - auth: - nova: - region_name: "{{ openstack_helm_endpoints_nova_region_name }}" - username: "nova-{{ openstack_helm_endpoints_nova_region_name }}" - password: "{{ openstack_helm_endpoints_nova_keystone_password }}" - compute: - scheme: - public: https - host_fqdn_override: - public: - host: "{{ openstack_helm_endpoints_nova_api_host }}" - port: - api: - public: 443 - oslo_db: - auth: - nova: - password: "{{ openstack_helm_endpoints_nova_mariadb_password }}" - oslo_messaging: - auth: - nova: - password: "{{ openstack_helm_endpoints_nova_rabbitmq_password }}" - -_openstack_helm_endpoints_oslo_db_api: - oslo_db_api: - auth: - nova: - password: "{{ openstack_helm_endpoints_nova_mariadb_password }}" - hosts: - default: percona-xtradb-haproxy - -_openstack_helm_endpoints_oslo_db_cell0: - oslo_db_cell0: - auth: - nova: - password: "{{ openstack_helm_endpoints_nova_mariadb_password }}" - hosts: - default: percona-xtradb-haproxy - -_openstack_helm_endpoints_compute_metadata: - compute_metadata: - secret: "{{ openstack_helm_endpoints_neutron_metadata_secret }}" - hosts: - public: nova-metadata - port: - metadata: - public: 8775 - -_openstack_helm_endpoints_compute_novnc_proxy: - compute_novnc_proxy: - scheme: - public: https - host_fqdn_override: - public: - host: "{{ openstack_helm_endpoints_nova_novnc_host }}" - port: - novnc_proxy: - public: 443 - -_openstack_helm_endpoints_baremetal: - identity: - auth: - ironic: - region_name: "{{ openstack_helm_endpoints_ironic_region_name }}" - username: "ironic-{{ openstack_helm_endpoints_ironic_region_name }}" - password: "{{ openstack_helm_endpoints_ironic_keystone_password }}" - baremetal: - scheme: - public: https - host_fqdn_override: - public: - host: "{{ openstack_helm_endpoints_ironic_api_host }}" - port: - api: - public: 443 - oslo_db: - auth: - ironic: - password: "{{ openstack_helm_endpoints_ironic_mariadb_password }}" - oslo_messaging: - auth: - ironic: - password: "{{ openstack_helm_endpoints_ironic_rabbitmq_password }}" - -_openstack_helm_endpoints_dns: - identity: - auth: - designate: - region_name: "{{ openstack_helm_endpoints_designate_region_name }}" - username: "desigante-{{ openstack_helm_endpoints_designate_region_name }}" - password: "{{ openstack_helm_endpoints_designate_keystone_password }}" - dns: - scheme: - public: https - host_fqdn_override: - public: - host: "{{ openstack_helm_endpoints_designate_api_host }}" - port: - api: - public: 443 - oslo_db: - auth: - designate: - password: "{{ openstack_helm_endpoints_designate_mariadb_password }}" - oslo_messaging: - auth: - designate: - password: "{{ openstack_helm_endpoints_designate_rabbitmq_password }}" - -_openstack_helm_endpoints_load_balancer: - identity: - auth: - octavia: - region_name: "{{ openstack_helm_endpoints_octavia_region_name }}" - username: "octavia-{{ openstack_helm_endpoints_octavia_region_name }}" - password: "{{ openstack_helm_endpoints_octavia_keystone_password }}" - load_balancer: - scheme: - public: https - host_fqdn_override: - public: - host: "{{ openstack_helm_endpoints_octavia_api_host }}" - port: - api: - public: 443 - oslo_db: - auth: - octavia: - password: "{{ openstack_helm_endpoints_octavia_mariadb_password }}" - oslo_messaging: - auth: - octavia: - password: "{{ openstack_helm_endpoints_octavia_rabbitmq_password }}" - -_openstack_helm_endpoints_cloudformation: - cloudformation: - scheme: - public: https - host_fqdn_override: - public: - host: "{{ openstack_helm_endpoints_heat_cfn_api_host }}" - port: - api: - public: 443 - -_openstack_helm_endpoints_clustering: - identity: - auth: - senlin: - region_name: "{{ openstack_helm_endpoints_senlin_region_name }}" - username: "senlin-{{ openstack_helm_endpoints_senlin_region_name }}" - password: "{{ openstack_helm_endpoints_senlin_keystone_password }}" - clustering: - scheme: - public: https - host_fqdn_override: - public: - host: "{{ openstack_helm_endpoints_senlin_api_host }}" - port: - api: - public: 443 - oslo_db: - auth: - senlin: - password: "{{ openstack_helm_endpoints_senlin_mariadb_password }}" - oslo_messaging: - auth: - senlin: - password: "{{ openstack_helm_endpoints_senlin_rabbitmq_password }}" - -_openstack_helm_endpoints_orchestration: - identity: - auth: - heat: - region_name: "{{ openstack_helm_endpoints_heat_region_name }}" - username: "heat-{{ openstack_helm_endpoints_heat_region_name }}" - password: "{{ openstack_helm_endpoints_heat_keystone_password }}" - heat_trustee: - region_name: "{{ openstack_helm_endpoints_heat_region_name }}" - username: "heat-trustee-{{ openstack_helm_endpoints_heat_region_name }}" - password: "{{ openstack_helm_endpoints_heat_trustee_keystone_password }}" - heat_stack_user: - region_name: "{{ openstack_helm_endpoints_heat_region_name }}" - username: "heat-stack-user-{{ openstack_helm_endpoints_heat_region_name }}" - password: "{{ openstack_helm_endpoints_heat_stack_user_keystone_password }}" - path: - public: /v3 - orchestration: - scheme: - public: https - host_fqdn_override: - public: - host: "{{ openstack_helm_endpoints_heat_api_host }}" - port: - api: - public: 443 - oslo_db: - auth: - heat: - password: "{{ openstack_helm_endpoints_heat_mariadb_password }}" - oslo_messaging: - auth: - heat: - password: "{{ openstack_helm_endpoints_heat_rabbitmq_password }}" - -_openstack_helm_endpoints_dashboard: - dashboard: - scheme: - public: https - host_fqdn_override: - public: - host: "{{ openstack_helm_endpoints_horizon_api_host }}" - port: - api: - public: 443 - oslo_db: - auth: - horizon: - password: "{{ openstack_helm_endpoints_horizon_mariadb_password }}" - -_openstack_helm_endpoints_tempest: - identity: - auth: - tempest: - region_name: "{{ openstack_helm_endpoints_tempest_region_name }}" - username: "tempest-{{ openstack_helm_endpoints_tempest_region_name }}" - password: "{{ openstack_helm_endpoints_tempest_keystone_password }}" diff --git a/roles/openstack_helm_glance/defaults/main.yml b/roles/openstack_helm_glance/defaults/main.yml deleted file mode 100644 index c9878e2..0000000 --- a/roles/openstack_helm_glance/defaults/main.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: openstack_helm_glance_image_repository [[[ -# -# Image repository location to be prefixed for all images -openstack_helm_glance_image_repository: "{{ atmosphere_image_repository | default('us-docker.pkg.dev/vexxhost-infra/openstack') }}" - - # ]]] -# .. envvar:: openstack_helm_glance_image_tag [[[ -# -# Image tag for container -openstack_helm_glance_image_tag: 22.1.1.dev2-1 - - # ]]] -# .. envvar:: openstack_helm_glance_heat_image_tag [[[ -# -# Image tag for Heat to be used for jobs running via Helm hooks -openstack_helm_glance_heat_image_tag: wallaby - - # ]]] -# .. envvar:: openstack_helm_glance_values [[[ -# -# Overrides for Helm chart values -openstack_helm_glance_values: {} - - # ]]] -# .. envvar:: openstack_helm_glance_images [[[ -# -# List of images to provision inside OpenStack -openstack_helm_glance_images: [] - - # ]]] -# .. envvar:: openstack_helm_glance_ingress_annotations [[[ -# -# Ingress annotations -openstack_helm_glance_ingress_annotations: {} - - # ]]] diff --git a/roles/openstack_helm_glance/meta/main.yml b/roles/openstack_helm_glance/meta/main.yml deleted file mode 100644 index 37cf04b..0000000 --- a/roles/openstack_helm_glance/meta/main.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for OpenStack Glance - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal - -dependencies: - - role: openstacksdk diff --git a/roles/openstack_helm_glance/tasks/main.yml b/roles/openstack_helm_glance/tasks/main.yml deleted file mode 100644 index 9d35a14..0000000 --- a/roles/openstack_helm_glance/tasks/main.yml +++ /dev/null @@ -1,124 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Generate OpenStack-Helm endpoints - ansible.builtin.include_role: - name: openstack_helm_endpoints - vars: - openstack_helm_endpoints_repo_name: openstack-helm - openstack_helm_endpoints_repo_url: https://tarballs.opendev.org/openstack/openstack-helm/ - openstack_helm_endpoints_chart: glance - -- name: Deploy Helm chart - kubernetes.core.k8s: - state: present - definition: - - apiVersion: source.toolkit.fluxcd.io/v1beta2 - kind: HelmRepository - metadata: - name: openstack-helm - namespace: openstack - spec: - interval: 60s - url: https://tarballs.opendev.org/openstack/openstack-helm/ - - - apiVersion: v1 - kind: Secret - metadata: - name: atmosphere-glance - namespace: openstack - stringData: - values.yaml: "{{ _openstack_helm_glance_values | combine(openstack_helm_glance_values, recursive=True) | to_nice_yaml }}" - - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - metadata: - name: glance - namespace: openstack - spec: - interval: 60s - chart: - spec: - chart: glance - version: 0.2.10 - sourceRef: - kind: HelmRepository - name: openstack-helm - install: - disableWait: true - upgrade: - disableWait: true - valuesFrom: - - kind: Secret - name: atmosphere-glance - - kind: Secret - name: percona-xtradb - valuesKey: root - targetPath: endpoints.oslo_db.auth.admin.password - - kind: Secret - name: rabbitmq-glance-default-user - valuesKey: username - targetPath: endpoints.oslo_messaging.auth.admin.username - - kind: Secret - name: rabbitmq-glance-default-user - valuesKey: password - targetPath: endpoints.oslo_messaging.auth.admin.password - -- name: Create Ingress - ansible.builtin.include_role: - name: openstack_helm_ingress - vars: - openstack_helm_ingress_endpoint: image - openstack_helm_ingress_service_name: glance-api - openstack_helm_ingress_service_port: 9292 - openstack_helm_ingress_annotations: "{{ _openstack_helm_glance_ingress_annotations | combine(openstack_helm_glance_ingress_annotations) }}" - -- name: Create images - when: openstack_helm_glance_images | length > 0 - block: - - name: Wait until image service ready - kubernetes.core.k8s_info: - api_version: apps/v1 - kind: Deployment - name: glance-api - namespace: openstack - wait_sleep: 10 - wait_timeout: 600 - wait: true - wait_condition: - type: Available - status: true - - - name: Download images - ansible.builtin.get_url: - url: "{{ item.source_url | regex_replace('\\/$', '') }}/{{ item.image_file }}" - dest: "/tmp/{{ item.image_file }}" - mode: "0600" - loop: "{{ openstack_helm_glance_images }}" - - - name: Upload images - openstack.cloud.image: - cloud: atmosphere - name: "{{ item.name }}" - state: present - filename: "/tmp/{{ item.image_file }}" - min_disk: "{{ item.min_disk | default(omit) }}" - min_ram: "{{ item.min_ram | default(omit) }}" - container_format: "{{ item.container_format | default(omit) }}" - disk_format: "{{ item.disk_format | default(omit) }}" - properties: "{{ item.properties | default(omit) }}" - kernel: "{{ item.kernel | default(omit) }}" - ramdisk: "{{ item.ramdisk | default(omit) }}" - is_public: "{{ item.is_public | default(omit) }}" - loop: "{{ openstack_helm_glance_images }}" diff --git a/roles/openstack_helm_glance/vars/main.yml b/roles/openstack_helm_glance/vars/main.yml deleted file mode 100644 index dbd2b2e..0000000 --- a/roles/openstack_helm_glance/vars/main.yml +++ /dev/null @@ -1,57 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -_openstack_helm_glance_values: - endpoints: "{{ openstack_helm_endpoints }}" - storage: rbd - images: - tags: - bootstrap: "{{ openstack_helm_glance_image_repository }}/heat:{{ openstack_helm_glance_heat_image_tag }}" - db_drop: "{{ openstack_helm_glance_image_repository }}/heat:{{ openstack_helm_glance_heat_image_tag }}" - db_init: "{{ openstack_helm_glance_image_repository }}/heat:{{ openstack_helm_glance_heat_image_tag }}" - dep_check: "{{ openstack_helm_glance_image_repository }}/kubernetes-entrypoint:latest" - glance_api: "{{ openstack_helm_glance_image_repository }}/glance:{{ openstack_helm_glance_image_tag }}" - glance_db_sync: "{{ openstack_helm_glance_image_repository }}/glance:{{ openstack_helm_glance_image_tag }}" - glance_metadefs_load: "{{ openstack_helm_glance_image_repository }}/glance:{{ openstack_helm_glance_image_tag }}" - glance_registry: "{{ openstack_helm_glance_image_repository }}/glance:{{ openstack_helm_glance_image_tag }}" - glance_storage_init: "{{ openstack_helm_glance_image_repository }}/glance:{{ openstack_helm_glance_image_tag }}" - ks_endpoints: "{{ openstack_helm_glance_image_repository }}/heat:{{ openstack_helm_glance_heat_image_tag }}" - ks_service: "{{ openstack_helm_glance_image_repository }}/heat:{{ openstack_helm_glance_heat_image_tag }}" - ks_user: "{{ openstack_helm_glance_image_repository }}/heat:{{ openstack_helm_glance_heat_image_tag }}" - rabbit_init: "{{ openstack_helm_glance_image_repository }}/rabbitmq:3.8.23-management" - bootstrap: - enabled: false - pod: - replicas: - api: 3 - conf: - glance: - DEFAULT: - log_config_append: null - show_image_direct_url: true - show_multiple_locations: true - enable_import_methods: "[]" - cors: - allowed_origins: "*" - image_formats: - disk_formats: "qcow2,raw" - oslo_messaging_notifications: - driver: noop - manifests: - ingress_api: false - service_ingress_api: false - -_openstack_helm_glance_ingress_annotations: - nginx.ingress.kubernetes.io/proxy-body-size: "0" - nginx.ingress.kubernetes.io/proxy-request-buffering: "off" diff --git a/roles/openstack_helm_heat/defaults/main.yml b/roles/openstack_helm_heat/defaults/main.yml deleted file mode 100644 index 9cd7010..0000000 --- a/roles/openstack_helm_heat/defaults/main.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: openstack_helm_heat_image_repository [[[ -# -# Image repository location to be prefixed for all images -openstack_helm_heat_image_repository: "{{ atmosphere_image_repository | default('us-docker.pkg.dev/vexxhost-infra/openstack') }}" - - # ]]] -# .. envvar:: openstack_helm_heat_image_tag [[[ -# -# Image tag for container -openstack_helm_heat_image_tag: 16.0.1.dev16 - - # ]]] -# .. envvar:: openstack_helm_heat_auth_encryption_key [[[ -# -# Unique value to use for encrypting Heat secrets -openstack_helm_heat_auth_encryption_key: "{{ undef(hint='You must specifiy an encryption key for Heat.') }}" - - # ]]] -# .. envvar:: openstack_helm_heat_diff [[[ -# -# Disable a diff of the release values and ask for manual confirmation -openstack_helm_heat_diff: false - - # ]]] -# .. envvar:: openstack_helm_heat_migrate_from_mariadb [[[ -# -# Execute a migration from legacy MariaDB to Percona XtraDB cluster -openstack_helm_heat_migrate_from_mariadb: false - - # ]]] -# .. envvar:: openstack_helm_heat_values [[[ -# -# Overrides for Helm chart values -openstack_helm_heat_values: {} - - # ]]] -# .. envvar:: openstack_helm_heat_ingress_annotations [[[ -# -# Ingress annotations -openstack_helm_heat_ingress_annotations: {} - - # ]]] diff --git a/roles/openstack_helm_heat/meta/main.yml b/roles/openstack_helm_heat/meta/main.yml deleted file mode 100644 index 813e309..0000000 --- a/roles/openstack_helm_heat/meta/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for OpenStack Heat - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal diff --git a/roles/openstack_helm_heat/tasks/main.yml b/roles/openstack_helm_heat/tasks/main.yml deleted file mode 100644 index 18879b5..0000000 --- a/roles/openstack_helm_heat/tasks/main.yml +++ /dev/null @@ -1,94 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Generate OpenStack-Helm endpoints - ansible.builtin.include_role: - name: openstack_helm_endpoints - vars: - openstack_helm_endpoints_repo_name: openstack-helm - openstack_helm_endpoints_repo_url: https://tarballs.opendev.org/openstack/openstack-helm/ - openstack_helm_endpoints_chart: heat - -- name: Deploy Helm chart - kubernetes.core.k8s: - state: present - definition: - - apiVersion: source.toolkit.fluxcd.io/v1beta2 - kind: HelmRepository - metadata: - name: openstack-helm - namespace: openstack - spec: - interval: 60s - url: https://tarballs.opendev.org/openstack/openstack-helm/ - - - apiVersion: v1 - kind: Secret - metadata: - name: atmosphere-heat - namespace: openstack - stringData: - values.yaml: "{{ _openstack_helm_heat_values | to_nice_yaml }}" - - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - metadata: - name: heat - namespace: openstack - spec: - interval: 60s - chart: - spec: - chart: heat - version: 0.2.8 - sourceRef: - kind: HelmRepository - name: openstack-helm - install: - disableWait: true - upgrade: - disableWait: true - valuesFrom: - - kind: Secret - name: atmosphere-heat - - kind: Secret - name: percona-xtradb - valuesKey: root - targetPath: endpoints.oslo_db.auth.admin.password - - kind: Secret - name: rabbitmq-heat-default-user - valuesKey: username - targetPath: endpoints.oslo_messaging.auth.admin.username - - kind: Secret - name: rabbitmq-heat-default-user - valuesKey: password - targetPath: endpoints.oslo_messaging.auth.admin.password - -- name: Create Ingress - ansible.builtin.include_role: - name: openstack_helm_ingress - vars: - openstack_helm_ingress_endpoint: orchestration - openstack_helm_ingress_service_name: heat-api - openstack_helm_ingress_service_port: 8004 - openstack_helm_ingress_annotations: "{{ openstack_helm_heat_ingress_annotations }}" - -- name: Create Ingress - ansible.builtin.include_role: - name: openstack_helm_ingress - vars: - openstack_helm_ingress_endpoint: cloudformation - openstack_helm_ingress_service_name: heat-cfn - openstack_helm_ingress_service_port: 8000 - openstack_helm_ingress_annotations: "{{ openstack_helm_heat_ingress_annotations }}" diff --git a/roles/openstack_helm_heat/vars/main.yml b/roles/openstack_helm_heat/vars/main.yml deleted file mode 100644 index b206c87..0000000 --- a/roles/openstack_helm_heat/vars/main.yml +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -_openstack_helm_heat_values: "{{ __openstack_helm_heat_values | combine(openstack_helm_heat_values, recursive=True) }}" -__openstack_helm_heat_values: - endpoints: "{{ openstack_helm_endpoints }}" - images: - tags: - bootstrap: "{{ openstack_helm_heat_image_repository }}/heat:{{ openstack_helm_heat_image_tag }}" - db_drop: "{{ openstack_helm_heat_image_repository }}/heat:{{ openstack_helm_heat_image_tag }}" - db_init: "{{ openstack_helm_heat_image_repository }}/heat:{{ openstack_helm_heat_image_tag }}" - dep_check: "{{ openstack_helm_heat_image_repository }}/kubernetes-entrypoint:latest" - heat_api: "{{ openstack_helm_heat_image_repository }}/heat:{{ openstack_helm_heat_image_tag }}" - heat_cfn: "{{ openstack_helm_heat_image_repository }}/heat:{{ openstack_helm_heat_image_tag }}" - heat_cloudwatch: "{{ openstack_helm_heat_image_repository }}/heat:{{ openstack_helm_heat_image_tag }}" - heat_db_sync: "{{ openstack_helm_heat_image_repository }}/heat:{{ openstack_helm_heat_image_tag }}" - heat_engine_cleaner: "{{ openstack_helm_heat_image_repository }}/heat:{{ openstack_helm_heat_image_tag }}" - heat_engine: "{{ openstack_helm_heat_image_repository }}/heat:{{ openstack_helm_heat_image_tag }}" - heat_purge_deleted: "{{ openstack_helm_heat_image_repository }}/heat:{{ openstack_helm_heat_image_tag }}" - ks_endpoints: "{{ openstack_helm_heat_image_repository }}/heat:{{ openstack_helm_heat_image_tag }}" - ks_service: "{{ openstack_helm_heat_image_repository }}/heat:{{ openstack_helm_heat_image_tag }}" - ks_user: "{{ openstack_helm_heat_image_repository }}/heat:{{ openstack_helm_heat_image_tag }}" - rabbit_init: "{{ openstack_helm_heat_image_repository }}/rabbitmq:3.8.23-management" - pod: - replicas: - api: 3 - cfn: 3 - cloudwatch: 3 - engine: 3 - conf: - heat: - DEFAULT: - auth_encryption_key: "{{ openstack_helm_heat_auth_encryption_key }}" - log_config_append: null - region_name_for_services: "{{ openstack_helm_endpoints['identity']['auth']['heat']['region_name'] }}" - server_keystone_endpoint_type: public - clients_keystone: - endpoint_type: publicURL - oslo_messaging_notifications: - driver: noop - manifests: - ingress_api: false - ingress_cfn: false - service_ingress_api: false - service_ingress_cfn: false diff --git a/roles/openstack_helm_horizon/defaults/main.yml b/roles/openstack_helm_horizon/defaults/main.yml deleted file mode 100644 index 1a61592..0000000 --- a/roles/openstack_helm_horizon/defaults/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: openstack_helm_horizon_image_repository [[[ -# -# Image repository location to be prefixed for all images -openstack_helm_horizon_image_repository: "{{ atmosphere_image_repository | default('us-docker.pkg.dev/vexxhost-infra/openstack') }}" - - # ]]] -# .. envvar:: openstack_helm_horizon_image_tag [[[ -# -# Image tag for container -openstack_helm_horizon_image_tag: 19.2.1.dev13 - - # ]]] -# .. envvar:: openstack_helm_horizon_heat_image_tag [[[ -# -# Image tag for Heat to be used for jobs running via Helm hooks -openstack_helm_horizon_heat_image_tag: wallaby - - # ]]] -# .. envvar:: openstack_helm_horizon_values [[[ -# -# Overrides for Helm chart values -openstack_helm_horizon_values: {} - - # ]]] -# .. envvar:: openstack_helm_horizon_ingress_annotations [[[ -# -# Ingress annotations -openstack_helm_horizon_ingress_annotations: {} - - # ]]] diff --git a/roles/openstack_helm_horizon/files/50-monasca-ui-settings.py b/roles/openstack_helm_horizon/files/50-monasca-ui-settings.py deleted file mode 100644 index 28b4a99..0000000 --- a/roles/openstack_helm_horizon/files/50-monasca-ui-settings.py +++ /dev/null @@ -1,56 +0,0 @@ -from django.conf import settings -from django.utils.translation import ugettext_lazy as _ - -# Service group names (global across all projects): -MONITORING_SERVICES_GROUPS = [ - {'name': _('OpenStack Services'), 'groupBy': 'service'}, - {'name': _('Servers'), 'groupBy': 'hostname'} -] - -# Services being monitored -MONITORING_SERVICES = getattr( - settings, - 'MONITORING_SERVICES_GROUPS', - MONITORING_SERVICES_GROUPS -) - -MONITORING_SERVICE_VERSION = getattr( - settings, 'MONITORING_SERVICE_VERSION', '2_0' -) -MONITORING_SERVICE_TYPE = getattr( - settings, 'MONITORING_SERVICE_TYPE', 'monitoring' -) -MONITORING_ENDPOINT_TYPE = getattr( - # NOTE(trebskit) # will default to OPENSTACK_ENDPOINT_TYPE - settings, 'MONITORING_ENDPOINT_TYPE', None -) - -# Grafana button titles/file names (global across all projects): -# GRAFANA_LINKS = [{"raw": True, "path": "monasca-dashboard", "title": "Sub page1"}] -GRAFANA_LINKS = [] -DASHBOARDS = getattr(settings, 'GRAFANA_LINKS', GRAFANA_LINKS) - -GRAFANA_URL = {"regionOne": "/grafana"} - -SHOW_GRAFANA_HOME = getattr(settings, 'SHOW_GRAFANA_HOME', True) - -ENABLE_LOG_MANAGEMENT_BUTTON = getattr( - settings, 'ENABLE_LOG_MANAGEMENT_BUTTON', False) -ENABLE_EVENT_MANAGEMENT_BUTTON = getattr( - settings, 'ENABLE_EVENT_MANAGEMENT_BUTTON', False) - -KIBANA_POLICY_RULE = getattr(settings, 'KIBANA_POLICY_RULE', - 'monitoring:kibana_access') -KIBANA_POLICY_SCOPE = getattr(settings, 'KIBANA_POLICY_SCOPE', - 'monitoring') -KIBANA_HOST = getattr(settings, 'KIBANA_HOST', - 'http://192.168.10.6:5601/') - -OPENSTACK_SSL_NO_VERIFY = getattr( - settings, 'OPENSTACK_SSL_NO_VERIFY', False) -OPENSTACK_SSL_CACERT = getattr( - settings, 'OPENSTACK_SSL_CACERT', None) - -POLICY_FILES = getattr(settings, 'POLICY_FILES', {}) -POLICY_FILES.update({'monitoring': 'monitoring_policy.json', }) # noqa -setattr(settings, 'POLICY_FILES', POLICY_FILES) diff --git a/roles/openstack_helm_horizon/meta/main.yml b/roles/openstack_helm_horizon/meta/main.yml deleted file mode 100644 index 67b3399..0000000 --- a/roles/openstack_helm_horizon/meta/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for OpenStack Horizon - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal diff --git a/roles/openstack_helm_horizon/tasks/main.yml b/roles/openstack_helm_horizon/tasks/main.yml deleted file mode 100644 index a8e19c0..0000000 --- a/roles/openstack_helm_horizon/tasks/main.yml +++ /dev/null @@ -1,86 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Generate OpenStack-Helm endpoints - ansible.builtin.include_role: - name: openstack_helm_endpoints - vars: - openstack_helm_endpoints_repo_name: openstack-helm - openstack_helm_endpoints_repo_url: https://tarballs.opendev.org/openstack/openstack-helm/ - openstack_helm_endpoints_chart: horizon - -- name: Deploy Helm chart - kubernetes.core.k8s: - state: present - definition: - - apiVersion: source.toolkit.fluxcd.io/v1beta2 - kind: HelmRepository - metadata: - name: openstack-helm - namespace: openstack - spec: - interval: 60s - url: https://tarballs.opendev.org/openstack/openstack-helm/ - - - apiVersion: v1 - kind: Secret - metadata: - name: atmosphere-horizon - namespace: openstack - stringData: - values.yaml: "{{ _openstack_helm_horizon_values | combine(openstack_helm_horizon_values, recursive=True) | to_nice_yaml }}" - - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - metadata: - name: horizon - namespace: openstack - spec: - interval: 60s - chart: - spec: - chart: horizon - version: 0.2.24 - sourceRef: - kind: HelmRepository - name: openstack-helm - install: - disableWait: true - upgrade: - disableWait: true - valuesFrom: - - kind: Secret - name: atmosphere-horizon - - kind: Secret - name: percona-xtradb - valuesKey: root - targetPath: endpoints.oslo_db.auth.admin.password - -- name: Create Ingress - ansible.builtin.include_role: - name: openstack_helm_ingress - vars: - openstack_helm_ingress_endpoint: dashboard - openstack_helm_ingress_service_name: horizon-int - openstack_helm_ingress_service_port: 80 - openstack_helm_ingress_annotations: "{{ openstack_helm_horizon_ingress_annotations }}" - # NOTE: Remove grafana path from horizon ingress till monasca realized - # openstack_helm_ingress_paths: - # - path: /grafana - # pathType: Prefix - # backend: - # service: - # name: grafana - # port: - # number: 80 diff --git a/roles/openstack_helm_horizon/vars/main.yml b/roles/openstack_helm_horizon/vars/main.yml deleted file mode 100644 index 53ace33..0000000 --- a/roles/openstack_helm_horizon/vars/main.yml +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -_openstack_helm_horizon_values: - endpoints: "{{ openstack_helm_endpoints }}" - images: - tags: - bootstrap: "{{ openstack_helm_horizon_image_repository }}/heat:{{ openstack_helm_horizon_heat_image_tag }}" - db_drop: "{{ openstack_helm_horizon_image_repository }}/heat:{{ openstack_helm_horizon_heat_image_tag }}" - db_init: "{{ openstack_helm_horizon_image_repository }}/heat:{{ openstack_helm_horizon_heat_image_tag }}" - dep_check: "{{ openstack_helm_horizon_image_repository }}/kubernetes-entrypoint:latest" - ks_endpoints: "{{ openstack_helm_horizon_image_repository }}/heat:{{ openstack_helm_horizon_heat_image_tag }}" - ks_service: "{{ openstack_helm_horizon_image_repository }}/heat:{{ openstack_helm_horizon_heat_image_tag }}" - ks_user: "{{ openstack_helm_horizon_image_repository }}/heat:{{ openstack_helm_horizon_heat_image_tag }}" - horizon_db_sync: "{{ openstack_helm_horizon_image_repository }}/horizon:{{ openstack_helm_horizon_image_tag }}" - horizon: "{{ openstack_helm_horizon_image_repository }}/horizon:{{ openstack_helm_horizon_image_tag }}" - rabbit_init: "{{ openstack_helm_horizon_image_repository }}/rabbitmq:3.8.23-management" - pod: - replicas: - server: 3 - conf: - horizon: - local_settings: - config: - secure_proxy_ssl_header: "True" - horizon_images_upload_mode: direct - openstack_enable_password_retrieve: "True" - raw: - WEBSSO_KEYSTONE_URL: https://{{ openstack_helm_endpoints['identity']['host_fqdn_override']['public']['host'] }}/v3 - local_settings_d: - _50_monasca_ui_settings: "{{ lookup('file', '50-monasca-ui-settings.py') }}" - extra_panels: - - designatedashboard - - heat_dashboard - - ironic_ui - - magnum_ui - - monitoring - - neutron_vpnaas_dashboard - - octavia_dashboard - - senlin_dashboard - policy: - monitoring: - default: "@" - monasca_user_role: role:monasca-user - monitoring:monitoring: rule:monasca_user_role - monitoring:kibana_access: rule:monasca_user_role - manifests: - ingress_api: false - service_ingress_api: false diff --git a/roles/openstack_helm_infra_ceph_provisioners/defaults/main.yml b/roles/openstack_helm_infra_ceph_provisioners/defaults/main.yml deleted file mode 100644 index 31f39db..0000000 --- a/roles/openstack_helm_infra_ceph_provisioners/defaults/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: openstack_helm_infra_ceph_provisioners_ceph_mon_group [[[ -# -# Ansible inventory group containing Ceph monitors. -openstack_helm_infra_ceph_provisioners_ceph_mon_group: controllers - - # ]]] -# .. envvar:: openstack_helm_infra_ceph_provisioners_ceph_monitors [[[ -# -# IP address list of Ceph monitors -openstack_helm_infra_ceph_provisioners_ceph_monitors: "{{ _ceph_csi_rbd_helm_info.status['values']['csiConfig'][0]['monitors'] }}" - - # ]]] -# .. envvar:: openstack_helm_infra_ceph_provisioners_ceph_fsid [[[ -# -# Filesystem ID for Ceph cluster -openstack_helm_infra_ceph_provisioners_ceph_fsid: "{{ _ceph_csi_rbd_helm_info.status['values']['csiConfig'][0]['clusterID'] }}" - - # ]]] -# .. envvar:: openstack_helm_infra_ceph_provisioners_ceph_public_network [[[ -# -# Public network used by Ceph -openstack_helm_infra_ceph_provisioners_ceph_public_network: "{{ ceph_mon_public_network }}" - - # ]]] -# .. envvar:: openstack_helm_infra_ceph_provisioners_ceph_cluster_network [[[ -# -# Cluster (replication) network used by Ceph -openstack_helm_infra_ceph_provisioners_ceph_cluster_network: "{{ openstack_helm_infra_ceph_provisioners_ceph_public_network }}" - - # ]]] diff --git a/roles/openstack_helm_infra_ceph_provisioners/meta/main.yml b/roles/openstack_helm_infra_ceph_provisioners/meta/main.yml deleted file mode 100644 index 10d37da..0000000 --- a/roles/openstack_helm_infra_ceph_provisioners/meta/main.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for Ceph provisioners - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal - -dependencies: - - role: ceph_csi_rbd diff --git a/roles/openstack_helm_infra_ceph_provisioners/tasks/main.yml b/roles/openstack_helm_infra_ceph_provisioners/tasks/main.yml deleted file mode 100644 index 817fa91..0000000 --- a/roles/openstack_helm_infra_ceph_provisioners/tasks/main.yml +++ /dev/null @@ -1,146 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Retrieve Helm values for "ceph-csi-rbd" - kubernetes.core.helm_info: - name: ceph-csi-rbd - release_namespace: kube-system - register: _ceph_csi_rbd_helm_info - -- name: Create Ceph service - kubernetes.core.k8s: - state: present - definition: - apiVersion: v1 - kind: Service - metadata: - name: ceph-mon - namespace: openstack - labels: - application: ceph - spec: - clusterIP: None - ports: - - name: mon - port: 6789 - targetPort: 6789 - - name: mon-msgr2 - port: 3300 - targetPort: 3300 - - name: metrics - port: 9283 - targetPort: 9283 - -- name: Generate Ceph endpoint list - ansible.builtin.set_fact: - _openstack_helm_infra_ceph_provisioners_ceph_monitors: | - {{ - _openstack_helm_infra_ceph_provisioners_ceph_monitors | default([]) + - [{'ip': item}] - }} - loop: "{{ openstack_helm_infra_ceph_provisioners_ceph_monitors }}" - -- name: Create Ceph endpoints - kubernetes.core.k8s: - state: present - definition: - apiVersion: v1 - kind: Endpoints - metadata: - name: ceph-mon - namespace: openstack - labels: - application: ceph - subsets: - - addresses: "{{ _openstack_helm_infra_ceph_provisioners_ceph_monitors }}" - ports: - - name: mon - port: 6789 - protocol: TCP - - name: mon-msgr2 - port: 3300 - protocol: TCP - - name: metrics - port: 9283 - protocol: TCP - -- name: Retrieve client.admin keyring - delegate_to: "{{ groups[openstack_helm_infra_ceph_provisioners_ceph_mon_group][0] }}" - vexxhost.atmosphere.ceph_key: - name: client.admin - state: info - output_format: json - register: _openstack_helm_infra_ceph_provisioners_ceph_key - -- name: Parse client.admin keyring - ansible.builtin.set_fact: - _openstack_helm_infra_ceph_provisioners_keyring: "{{ _openstack_helm_infra_ceph_provisioners_ceph_key.stdout | from_json | first }}" - -- name: Create "pvc-ceph-client-key" secret - kubernetes.core.k8s: - state: present - definition: - apiVersion: v1 - kind: Secret - type: kubernetes.io/rbd - metadata: - name: pvc-ceph-client-key - namespace: openstack - labels: - application: ceph - stringData: - key: "{{ _openstack_helm_infra_ceph_provisioners_keyring.key }}" - -- name: Deploy Helm chart - kubernetes.core.k8s: - state: present - definition: - - apiVersion: source.toolkit.fluxcd.io/v1beta2 - kind: HelmRepository - metadata: - name: openstack-helm-infra - namespace: openstack - spec: - interval: 60s - url: https://tarballs.opendev.org/openstack/openstack-helm-infra/ - - - apiVersion: v1 - kind: Secret - metadata: - name: atmosphere-ceph-provisioners - namespace: openstack - stringData: - values.yaml: "{{ openstack_helm_infra_ceph_provisioners_values | to_nice_yaml }}" - - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - metadata: - name: ceph-provisioners - namespace: openstack - spec: - interval: 60s - chart: - spec: - chart: ceph-provisioners - version: 0.1.8 - sourceRef: - kind: HelmRepository - name: openstack-helm-infra - install: - disableWait: true - upgrade: - disableWait: true - valuesFrom: - - kind: Secret - name: atmosphere-ceph-provisioners diff --git a/roles/openstack_helm_infra_ceph_provisioners/vars/main.yml b/roles/openstack_helm_infra_ceph_provisioners/vars/main.yml deleted file mode 100644 index df99dca..0000000 --- a/roles/openstack_helm_infra_ceph_provisioners/vars/main.yml +++ /dev/null @@ -1,18 +0,0 @@ -openstack_helm_infra_ceph_provisioners_values: - network: - public: "{{ openstack_helm_infra_ceph_provisioners_ceph_public_network }}" - cluster: "{{ openstack_helm_infra_ceph_provisioners_ceph_cluster_network }}" - conf: - ceph: - global: - fsid: "{{ openstack_helm_infra_ceph_provisioners_ceph_fsid }}" - manifests: - configmap_bin: false - configmap_bin_common: false - deployment_rbd_provisioner: false - deployment_csi_rbd_provisioner: false - deployment_cephfs_provisioner: false - job_cephfs_client_key: false - job_namespace_client_key_cleaner: false - job_namespace_client_key: false - storageclass: false diff --git a/roles/openstack_helm_infra_libvirt/defaults/main.yml b/roles/openstack_helm_infra_libvirt/defaults/main.yml deleted file mode 100644 index 0c63a4d..0000000 --- a/roles/openstack_helm_infra_libvirt/defaults/main.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: openstack_helm_infra_libvirt_image_repository [[[ -# -# Image repository location to be prefixed for all images -openstack_helm_infra_libvirt_image_repository: "{{ atmosphere_image_repository | default('us-docker.pkg.dev/vexxhost-infra/openstack') }}" - - # ]]] -# .. envvar:: openstack_helm_infra_libvirt_image_tag [[[ -# -# Image tag for container -openstack_helm_infra_libvirt_image_tag: wallaby - - # ]]] -# .. envvar:: openstack_helm_infra_libvirt_values [[[ -# -# Overrides for Helm chart values -openstack_helm_infra_libvirt_values: {} - - # ]]] diff --git a/roles/openstack_helm_infra_libvirt/meta/main.yml b/roles/openstack_helm_infra_libvirt/meta/main.yml deleted file mode 100644 index bc97584..0000000 --- a/roles/openstack_helm_infra_libvirt/meta/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for Libvirt - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal diff --git a/roles/openstack_helm_infra_libvirt/tasks/main.yml b/roles/openstack_helm_infra_libvirt/tasks/main.yml deleted file mode 100644 index 594b4e1..0000000 --- a/roles/openstack_helm_infra_libvirt/tasks/main.yml +++ /dev/null @@ -1,64 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Generate OpenStack-Helm endpoints - ansible.builtin.include_role: - name: openstack_helm_endpoints - vars: - openstack_helm_endpoints_repo_name: openstack-helm-infra - openstack_helm_endpoints_repo_url: https://tarballs.opendev.org/openstack/openstack-helm-infra/ - openstack_helm_endpoints_chart: libvirt - -- name: Deploy Helm chart - kubernetes.core.k8s: - state: present - definition: - - apiVersion: source.toolkit.fluxcd.io/v1beta2 - kind: HelmRepository - metadata: - name: openstack-helm-infra - namespace: openstack - spec: - interval: 60s - url: https://tarballs.opendev.org/openstack/openstack-helm-infra/ - - - apiVersion: v1 - kind: Secret - metadata: - name: atmosphere-libvirt - namespace: openstack - stringData: - values.yaml: "{{ _openstack_helm_infra_libvirt_values | combine(openstack_helm_infra_libvirt_values, recursive=True) | to_nice_yaml }}" - - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - metadata: - name: libvirt - namespace: openstack - spec: - interval: 60s - chart: - spec: - chart: libvirt - version: 0.1.8 - sourceRef: - kind: HelmRepository - name: openstack-helm-infra - install: - disableWait: true - upgrade: - disableWait: true - valuesFrom: - - kind: Secret - name: atmosphere-libvirt diff --git a/roles/openstack_helm_infra_libvirt/vars/main.yml b/roles/openstack_helm_infra_libvirt/vars/main.yml deleted file mode 100644 index 232513b..0000000 --- a/roles/openstack_helm_infra_libvirt/vars/main.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -_openstack_helm_infra_libvirt_values: - endpoints: "{{ openstack_helm_endpoints }}" - images: - tags: - ceph_config_helper: "{{ openstack_helm_infra_libvirt_image_repository }}/libvirt:{{ openstack_helm_infra_libvirt_image_tag }}" - dep_check: "{{ openstack_helm_infra_libvirt_image_repository }}/kubernetes-entrypoint:latest" - libvirt: "{{ openstack_helm_infra_libvirt_image_repository }}/libvirt:{{ openstack_helm_infra_libvirt_image_tag }}" - conf: - ceph: - enabled: "{{ atmosphere_ceph_enabled | default(true) | bool }}" - libvirt: - listen_addr: 0.0.0.0 diff --git a/roles/openstack_helm_infra_memcached/defaults/main.yml b/roles/openstack_helm_infra_memcached/defaults/main.yml deleted file mode 100644 index 7d46c47..0000000 --- a/roles/openstack_helm_infra_memcached/defaults/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: openstack_helm_infra_memcached_values [[[ -# -# Overrides for Helm chart values -openstack_helm_infra_memcached_values: {} - - # ]]] diff --git a/roles/openstack_helm_infra_memcached/meta/main.yml b/roles/openstack_helm_infra_memcached/meta/main.yml deleted file mode 100644 index cd0fc41..0000000 --- a/roles/openstack_helm_infra_memcached/meta/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for Memcached - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal diff --git a/roles/openstack_helm_infra_memcached/tasks/main.yml b/roles/openstack_helm_infra_memcached/tasks/main.yml deleted file mode 100644 index cb482d5..0000000 --- a/roles/openstack_helm_infra_memcached/tasks/main.yml +++ /dev/null @@ -1,133 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Generate OpenStack-Helm endpoints - ansible.builtin.include_role: - name: openstack_helm_endpoints - vars: - openstack_helm_endpoints_repo_name: openstack-helm-infra - openstack_helm_endpoints_repo_url: https://tarballs.opendev.org/openstack/openstack-helm-infra/ - openstack_helm_endpoints_chart: memcached - -- name: Deploy Helm chart - kubernetes.core.k8s: - state: present - definition: - - apiVersion: source.toolkit.fluxcd.io/v1beta2 - kind: HelmRepository - metadata: - name: openstack-helm-infra - namespace: openstack - spec: - interval: 60s - url: https://tarballs.opendev.org/openstack/openstack-helm-infra/ - - - apiVersion: v1 - kind: Secret - metadata: - name: atmosphere-memcached - namespace: openstack - stringData: - values.yaml: "{{ _openstack_helm_infra_memcached_values | to_nice_yaml }}" - - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - metadata: - name: memcached - namespace: openstack - spec: - interval: 60s - chart: - spec: - chart: memcached - version: 0.1.6 - sourceRef: - kind: HelmRepository - name: openstack-helm-infra - install: - disableWait: true - upgrade: - disableWait: true - valuesFrom: - - kind: Secret - name: atmosphere-memcached - - - apiVersion: v1 - kind: Service - metadata: - name: memcached-metrics - namespace: openstack - labels: - application: memcached - component: server - spec: - selector: - application: memcached - component: server - ports: - - name: metrics - port: 9150 - targetPort: 9150 - - - apiVersion: monitoring.coreos.com/v1 - kind: ServiceMonitor - metadata: - name: memcached - namespace: monitoring - labels: - release: kube-prometheus-stack - spec: - jobLabel: application - endpoints: - - port: "metrics" - path: "/metrics" - relabelings: - - sourceLabels: ["__meta_kubernetes_pod_name"] - targetLabel: "instance" - - action: "labeldrop" - regex: "^(container|endpoint|namespace|pod|service)$" - namespaceSelector: - matchNames: - - openstack - selector: - matchLabels: - application: memcached - component: server - - - apiVersion: monitoring.coreos.com/v1 - kind: PrometheusRule - metadata: - name: memcached - namespace: monitoring - labels: - release: kube-prometheus-stack - spec: - groups: - - name: memcached - rules: - - alert: MemcachedDown - expr: memcached_up == 0 - for: 5m - labels: - severity: critical - - alert: MemcachedConnectionLimitApproaching - expr: (memcached_current_connections / memcached_max_connections * 100) > 80 - for: 5m - labels: - severity: warning - - alert: MemcachedConnectionLimitApproaching - expr: (memcached_current_connections / memcached_max_connections * 100) > 95 - for: 5m - labels: - severity: critical diff --git a/roles/openstack_helm_infra_memcached/vars/main.yml b/roles/openstack_helm_infra_memcached/vars/main.yml deleted file mode 100644 index 4acb969..0000000 --- a/roles/openstack_helm_infra_memcached/vars/main.yml +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -_openstack_helm_infra_memcached_values: "{{ __openstack_helm_infra_memcached_values | combine(openstack_helm_infra_memcached_values, recursive=True) }}" -__openstack_helm_infra_memcached_values: - endpoints: "{{ openstack_helm_endpoints }}" - images: - tags: - memcached: quay.io/vexxhost/memcached:1.6.9 - prometheus_memcached_exporter: quay.io/vexxhost/memcached-exporter:v0.9.0-1 - monitoring: - prometheus: - enabled: true diff --git a/roles/openstack_helm_infra_openvswitch/defaults/main.yml b/roles/openstack_helm_infra_openvswitch/defaults/main.yml deleted file mode 100644 index fdab6e9..0000000 --- a/roles/openstack_helm_infra_openvswitch/defaults/main.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: openstack_helm_infra_openvswitch_image_repository [[[ -# -# Image repository location to be prefixed for all images -openstack_helm_infra_openvswitch_image_repository: "{{ atmosphere_image_repository | default('us-docker.pkg.dev/vexxhost-infra/openstack') }}" - - # ]]] -# .. envvar:: openstack_helm_infra_openvswitch_image_tag [[[ -# -# Image tag for container -openstack_helm_infra_openvswitch_image_tag: wallaby - - # ]]] -# .. envvar:: openstack_helm_infra_openvswitch_values [[[ -# -# Overrides for Helm chart values -openstack_helm_infra_openvswitch_values: {} - - # ]]] diff --git a/roles/openstack_helm_infra_openvswitch/meta/main.yml b/roles/openstack_helm_infra_openvswitch/meta/main.yml deleted file mode 100644 index 6cf0382..0000000 --- a/roles/openstack_helm_infra_openvswitch/meta/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for Open vSwitch - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal diff --git a/roles/openstack_helm_infra_openvswitch/tasks/main.yml b/roles/openstack_helm_infra_openvswitch/tasks/main.yml deleted file mode 100644 index 2e24498..0000000 --- a/roles/openstack_helm_infra_openvswitch/tasks/main.yml +++ /dev/null @@ -1,65 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Generate OpenStack-Helm endpoints - ansible.builtin.include_role: - name: openstack_helm_endpoints - vars: - openstack_helm_endpoints_repo_name: openstack-helm-infra - openstack_helm_endpoints_repo_url: https://tarballs.opendev.org/openstack/openstack-helm-infra/ - openstack_helm_endpoints_chart: openvswitch - -- name: Deploy Helm chart - kubernetes.core.k8s: - state: present - definition: - - apiVersion: source.toolkit.fluxcd.io/v1beta2 - kind: HelmRepository - metadata: - name: openstack-helm-infra - namespace: openstack - spec: - interval: 60s - url: https://tarballs.opendev.org/openstack/openstack-helm-infra/ - - - apiVersion: v1 - kind: Secret - metadata: - name: atmosphere-openvswitch - namespace: openstack - stringData: - values.yaml: "{{ _openstack_helm_infra_openvswitch_values | combine(openstack_helm_infra_openvswitch_values, recursive=True) | to_nice_yaml }}" - - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - metadata: - name: openvswitch - namespace: openstack - spec: - interval: 60s - timeout: 60m - chart: - spec: - chart: openvswitch - version: 0.1.6 - sourceRef: - kind: HelmRepository - name: openstack-helm-infra - install: - disableWait: true - upgrade: - disableWait: true - valuesFrom: - - kind: Secret - name: atmosphere-openvswitch diff --git a/roles/openstack_helm_infra_openvswitch/vars/main.yml b/roles/openstack_helm_infra_openvswitch/vars/main.yml deleted file mode 100644 index e84639e..0000000 --- a/roles/openstack_helm_infra_openvswitch/vars/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -_openstack_helm_infra_openvswitch_values: - endpoints: "{{ openstack_helm_endpoints }}" - images: - tags: - dep_check: "{{ openstack_helm_infra_openvswitch_image_repository }}/kubernetes-entrypoint:latest" - openvswitch_db_server: "{{ openstack_helm_infra_openvswitch_image_repository }}/openvswitch:{{ openstack_helm_infra_openvswitch_image_tag }}" - openvswitch_vswitchd: "{{ openstack_helm_infra_openvswitch_image_repository }}/openvswitch:{{ openstack_helm_infra_openvswitch_image_tag }}" diff --git a/roles/openstack_helm_ingress/defaults/main.yml b/roles/openstack_helm_ingress/defaults/main.yml deleted file mode 100644 index 1ae03fe..0000000 --- a/roles/openstack_helm_ingress/defaults/main.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: openstack_helm_ingress_annotations [[[ -# -# Additional annotations to include for Kubernetes ingress -openstack_helm_ingress_annotations: {} - - # ]]] -# .. envvar:: openstack_helm_ingress_paths [[[ -# -# Additional paths to include for Kubernetes ingress -openstack_helm_ingress_paths: [] - - # ]]] diff --git a/roles/openstack_helm_ingress/tasks/main.yml b/roles/openstack_helm_ingress/tasks/main.yml deleted file mode 100644 index 11b0cdf..0000000 --- a/roles/openstack_helm_ingress/tasks/main.yml +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Create Ingress ({{ openstack_helm_ingress_endpoint }}) - kubernetes.core.k8s: - state: present - definition: - apiVersion: v1 - kind: Ingress - metadata: - name: "{{ openstack_helm_ingress_endpoint | replace('_', '-') }}" - namespace: openstack - annotations: "{{ _openstack_helm_ingress_annotations | combine(openstack_helm_ingress_annotations, recursive=True) }}" - spec: - ingressClassName: openstack - rules: - - host: "{{ openstack_helm_endpoints[openstack_helm_ingress_endpoint]['host_fqdn_override']['public']['host'] }}" - http: - paths: "{{ _openstack_helm_ingress_paths }}" - tls: - - secretName: "{{ openstack_helm_ingress_service_name }}-certs" - hosts: - - "{{ openstack_helm_endpoints[openstack_helm_ingress_endpoint]['host_fqdn_override']['public']['host'] }}" diff --git a/roles/openstack_helm_ingress/vars/main.yml b/roles/openstack_helm_ingress/vars/main.yml deleted file mode 100644 index a000c50..0000000 --- a/roles/openstack_helm_ingress/vars/main.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -_openstack_helm_ingress_annotations: - cert-manager.io/issuer: openstack - -_openstack_helm_ingress_paths: "{{ openstack_helm_ingress_paths + __openstack_helm_ingress_paths }}" -__openstack_helm_ingress_paths: - - path: / - pathType: Prefix - backend: - service: - name: "{{ openstack_helm_ingress_service_name }}" - port: - number: "{{ openstack_helm_ingress_service_port }}" diff --git a/roles/openstack_helm_keystone/defaults/main.yml b/roles/openstack_helm_keystone/defaults/main.yml deleted file mode 100644 index bc43a20..0000000 --- a/roles/openstack_helm_keystone/defaults/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: openstack_helm_keystone_image_repository [[[ -# -# Image repository location to be prefixed for all images -openstack_helm_keystone_image_repository: "{{ atmosphere_image_repository | default('us-docker.pkg.dev/vexxhost-infra/openstack') }}" - - # ]]] -# .. envvar:: openstack_helm_keystone_image_tag [[[ -# -# Image tag for container -openstack_helm_keystone_image_tag: 19.0.1.dev11 - - # ]]] -# .. envvar:: openstack_helm_keystone_heat_image_tag [[[ -# -# Image tag for Heat to be used for jobs running via Helm hooks -openstack_helm_keystone_heat_image_tag: wallaby - - # ]]] -# .. envvar:: openstack_helm_keystone_values [[[ -# -# Overrides for Helm chart values -openstack_helm_keystone_values: {} - - # ]]] -# .. envvar:: openstack_helm_keystone_ingress_annotations [[[ -# -# Ingress annotations -openstack_helm_keystone_ingress_annotations: {} - - # ]]] diff --git a/roles/openstack_helm_keystone/meta/main.yml b/roles/openstack_helm_keystone/meta/main.yml deleted file mode 100644 index 2b0e0af..0000000 --- a/roles/openstack_helm_keystone/meta/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for OpenStack Keystone - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal diff --git a/roles/openstack_helm_keystone/tasks/main.yml b/roles/openstack_helm_keystone/tasks/main.yml deleted file mode 100644 index 160281f..0000000 --- a/roles/openstack_helm_keystone/tasks/main.yml +++ /dev/null @@ -1,85 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Generate OpenStack-Helm endpoints - ansible.builtin.include_role: - name: openstack_helm_endpoints - vars: - openstack_helm_endpoints_repo_name: openstack-helm - openstack_helm_endpoints_repo_url: https://tarballs.opendev.org/openstack/openstack-helm/ - openstack_helm_endpoints_chart: keystone - -- name: Deploy Helm chart - kubernetes.core.k8s: - state: present - definition: - - apiVersion: source.toolkit.fluxcd.io/v1beta2 - kind: HelmRepository - metadata: - name: openstack-helm - namespace: openstack - spec: - interval: 60s - url: https://tarballs.opendev.org/openstack/openstack-helm/ - - - apiVersion: v1 - kind: Secret - metadata: - name: atmosphere-keystone - namespace: openstack - stringData: - values.yaml: "{{ _openstack_helm_keystone_values | combine(openstack_helm_keystone_values, recursive=True) | to_nice_yaml }}" - - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - metadata: - name: keystone - namespace: openstack - spec: - interval: 60s - chart: - spec: - chart: keystone - version: 0.2.19 - sourceRef: - kind: HelmRepository - name: openstack-helm - install: - disableWait: true - upgrade: - disableWait: true - valuesFrom: - - kind: Secret - name: atmosphere-keystone - - kind: Secret - name: percona-xtradb - valuesKey: root - targetPath: endpoints.oslo_db.auth.admin.password - - kind: Secret - name: rabbitmq-keystone-default-user - valuesKey: username - targetPath: endpoints.oslo_messaging.auth.admin.username - - kind: Secret - name: rabbitmq-keystone-default-user - valuesKey: password - targetPath: endpoints.oslo_messaging.auth.admin.password - -- name: Create Ingress - ansible.builtin.include_role: - name: openstack_helm_ingress - vars: - openstack_helm_ingress_endpoint: identity - openstack_helm_ingress_service_name: keystone-api - openstack_helm_ingress_service_port: 5000 - openstack_helm_ingress_annotations: "{{ openstack_helm_keystone_ingress_annotations }}" diff --git a/roles/openstack_helm_keystone/vars/main.yml b/roles/openstack_helm_keystone/vars/main.yml deleted file mode 100644 index 501b95f..0000000 --- a/roles/openstack_helm_keystone/vars/main.yml +++ /dev/null @@ -1,86 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -_openstack_helm_keystone_values: - endpoints: "{{ openstack_helm_endpoints }}" - images: - tags: - bootstrap: "{{ openstack_helm_keystone_image_repository }}/heat:{{ openstack_helm_keystone_heat_image_tag }}" - db_drop: "{{ openstack_helm_keystone_image_repository }}/heat:{{ openstack_helm_keystone_heat_image_tag }}" - db_init: "{{ openstack_helm_keystone_image_repository }}/heat:{{ openstack_helm_keystone_heat_image_tag }}" - dep_check: "{{ openstack_helm_keystone_image_repository }}/kubernetes-entrypoint:latest" - keystone_api: "{{ openstack_helm_keystone_image_repository }}/keystone:{{ openstack_helm_keystone_image_tag }}" - keystone_credential_cleanup: "{{ openstack_helm_keystone_image_repository }}/heat:{{ openstack_helm_keystone_heat_image_tag }}" - keystone_credential_rotate: "{{ openstack_helm_keystone_image_repository }}/keystone:{{ openstack_helm_keystone_image_tag }}" - keystone_credential_setup: "{{ openstack_helm_keystone_image_repository }}/keystone:{{ openstack_helm_keystone_image_tag }}" - keystone_db_sync: "{{ openstack_helm_keystone_image_repository }}/keystone:{{ openstack_helm_keystone_image_tag }}" - keystone_domain_manage: "{{ openstack_helm_keystone_image_repository }}/heat:{{ openstack_helm_keystone_heat_image_tag }}" - keystone_fernet_rotate: "{{ openstack_helm_keystone_image_repository }}/keystone:{{ openstack_helm_keystone_image_tag }}" - keystone_fernet_setup: "{{ openstack_helm_keystone_image_repository }}/keystone:{{ openstack_helm_keystone_image_tag }}" - ks_user: "{{ openstack_helm_keystone_image_repository }}/heat:{{ openstack_helm_keystone_heat_image_tag }}" - rabbit_init: "{{ openstack_helm_keystone_image_repository }}/rabbitmq:3.8.23-management" - pod: - # mounts = { - # keystone_api = { - # keystone_api = { - # volumeMounts = [ - # { - # name = kubernetes_config_map.keystone_ldap_ca.metadata[0].name - # mountPath = "/etc/keystone/ldap" - # }, - # { - # name = kubernetes_config_map.keystone_openid_connect_metadata.metadata[0].name - # mountPath = "/var/lib/apache2/oidc" - # } - # ], - # volumes = [ - # { - # name = kubernetes_config_map.keystone_ldap_ca.metadata[0].name - # configMap = { - # name = kubernetes_config_map.keystone_ldap_ca.metadata[0].name - # } - # }, - # { - # name = kubernetes_config_map.keystone_openid_connect_metadata.metadata[0].name - # configMap = { - # name = kubernetes_config_map.keystone_openid_connect_metadata.metadata[0].name - # } - # } - # ] - # } - # } - # }, - replicas: - api: 3 - conf: - keystone: - DEFAULT: - log_config_append: null - auth: - methods: password,token,openid,application_credential - cors: - allowed_origins: "*" - federation: - assertion_prefix: OIDC- - remote_id_attribute: OIDC-iss - # TODO(mnaser): Lookup using openstack_helm_endpoints - trusted_dashboard: "https://{{ openstack_helm_endpoints_horizon_api_host }}/auth/websso/" - identity: - domain_configurations_from_database: true - oslo_messaging_notifications: - driver: noop - manifests: - job_credential_cleanup: false - ingress_api: false - service_ingress_api: false diff --git a/roles/openstack_helm_neutron/defaults/main.yml b/roles/openstack_helm_neutron/defaults/main.yml deleted file mode 100644 index 95ffe95..0000000 --- a/roles/openstack_helm_neutron/defaults/main.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: openstack_helm_neutron_image_repository [[[ -# -# Image repository location to be prefixed for all images -openstack_helm_neutron_image_repository: "{{ atmosphere_image_repository | default('us-docker.pkg.dev/vexxhost-infra/openstack') }}" - - # ]]] -# .. envvar:: openstack_helm_neutron_image_tag [[[ -# -# Image tag for container -openstack_helm_neutron_image_tag: 18.2.1.dev7-6 - - # ]]] -# .. envvar:: openstack_helm_neutron_heat_image_tag [[[ -# -# Image tag for Heat to be used for jobs running via Helm hooks -openstack_helm_neutron_heat_image_tag: wallaby - - # ]]] -# .. envvar:: openstack_helm_neutron_values [[[ -# -# Overrides for Helm chart values -openstack_helm_neutron_values: {} - - # ]]] -# .. envvar:: openstack_helm_neutron_networks [[[ -# -# List of networks to provision inside OpenStack -openstack_helm_neutron_networks: [] - - # ]]] -# .. envvar:: openstack_helm_neutron_ingress_annotations [[[ -# -# Ingress annotations -openstack_helm_neutron_ingress_annotations: {} - - # ]]] diff --git a/roles/openstack_helm_neutron/meta/main.yml b/roles/openstack_helm_neutron/meta/main.yml deleted file mode 100644 index ea1d39e..0000000 --- a/roles/openstack_helm_neutron/meta/main.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for OpenStack Neutron - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal - -dependencies: - - role: openstacksdk diff --git a/roles/openstack_helm_neutron/tasks/main.yml b/roles/openstack_helm_neutron/tasks/main.yml deleted file mode 100644 index d7158c3..0000000 --- a/roles/openstack_helm_neutron/tasks/main.yml +++ /dev/null @@ -1,136 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Generate OpenStack-Helm endpoints - ansible.builtin.include_role: - name: openstack_helm_endpoints - vars: - openstack_helm_endpoints_repo_name: openstack-helm - openstack_helm_endpoints_repo_url: https://tarballs.opendev.org/openstack/openstack-helm/ - openstack_helm_endpoints_chart: neutron - -- name: Deploy Helm chart - kubernetes.core.k8s: - state: present - definition: - - apiVersion: source.toolkit.fluxcd.io/v1beta2 - kind: HelmRepository - metadata: - name: openstack-helm - namespace: openstack - spec: - interval: 60s - url: https://tarballs.opendev.org/openstack/openstack-helm/ - - - apiVersion: v1 - kind: Secret - metadata: - name: atmosphere-neutron - namespace: openstack - stringData: - values.yaml: "{{ _openstack_helm_neutron_values | combine(openstack_helm_neutron_values, recursive=True) | to_nice_yaml }}" - - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - metadata: - name: neutron - namespace: openstack - spec: - interval: 60s - chart: - spec: - chart: neutron - version: 0.2.14 - sourceRef: - kind: HelmRepository - name: openstack-helm - install: - disableWait: true - upgrade: - disableWait: true - valuesFrom: - - kind: Secret - name: atmosphere-neutron - - kind: Secret - name: percona-xtradb - valuesKey: root - targetPath: endpoints.oslo_db.auth.admin.password - - kind: Secret - name: rabbitmq-neutron-default-user - valuesKey: username - targetPath: endpoints.oslo_messaging.auth.admin.username - - kind: Secret - name: rabbitmq-neutron-default-user - valuesKey: password - targetPath: endpoints.oslo_messaging.auth.admin.password - -- name: Create Ingress - ansible.builtin.include_role: - name: openstack_helm_ingress - vars: - openstack_helm_ingress_endpoint: network - openstack_helm_ingress_service_name: neutron-server - openstack_helm_ingress_service_port: 9696 - openstack_helm_ingress_annotations: "{{ openstack_helm_neutron_ingress_annotations }}" - -- name: Create networks - when: openstack_helm_neutron_networks | length > 0 - block: - - name: Wait until network service ready - kubernetes.core.k8s_info: - api_version: apps/v1 - kind: Deployment - name: neutron-server - namespace: openstack - wait_sleep: 10 - wait_timeout: 600 - wait: true - wait_condition: - type: Available - status: true - - - name: Create networks - openstack.cloud.network: - cloud: atmosphere - # Network settings - name: "{{ item.name }}" - external: "{{ item.external | default(omit) }}" - shared: "{{ item.shared | default(omit) }}" - mtu_size: "{{ item.mtu_size | default(omit) }}" - port_security_enabled: "{{ item.port_security_enabled | default(omit) }}" - provider_network_type: "{{ item.provider_network_type | default(omit) }}" - provider_physical_network: "{{ item.provider_physical_network | default(omit) }}" - provider_segmentation_id: "{{ item.provider_segmentation_id | default(omit) }}" - loop: "{{ openstack_helm_neutron_networks }}" - - - name: Create subnets - openstack.cloud.subnet: - cloud: atmosphere - # Subnet settings - network_name: "{{ item.0.name }}" - name: "{{ item.1.name }}" - ip_version: "{{ item.1.ip_version | default(omit) }}" - cidr: "{{ item.1.cidr | default(omit) }}" - gateway_ip: "{{ item.1.gateway_ip | default(omit) }}" - no_gateway_ip: "{{ item.1.no_gateway_ip | default(omit) }}" - allocation_pool_start: "{{ item.1.allocation_pool_start | default(omit) }}" - allocation_pool_end: "{{ item.1.allocation_pool_end | default(omit) }}" - dns_nameservers: "{{ item.1.dns_nameservers | default(omit) }}" - enable_dhcp: "{{ item.1.enable_dhcp | default(omit) }}" - host_routes: "{{ item.1.host_routes | default(omit) }}" - ipv6_address_mode: "{{ item.1.ipv6_address_mode | default(omit) }}" - ipv6_ra_mode: "{{ item.1.ipv6_ra_mode | default(omit) }}" - with_subelements: - - "{{ openstack_helm_neutron_networks }}" - - subnets diff --git a/roles/openstack_helm_neutron/vars/main.yml b/roles/openstack_helm_neutron/vars/main.yml deleted file mode 100644 index 352f973..0000000 --- a/roles/openstack_helm_neutron/vars/main.yml +++ /dev/null @@ -1,87 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -_openstack_helm_neutron_values: - endpoints: "{{ openstack_helm_endpoints }}" - images: - tags: - bootstrap: "{{ openstack_helm_neutron_image_repository }}/heat:{{ openstack_helm_neutron_heat_image_tag }}" - db_drop: "{{ openstack_helm_neutron_image_repository }}/heat:{{ openstack_helm_neutron_heat_image_tag }}" - db_init: "{{ openstack_helm_neutron_image_repository }}/heat:{{ openstack_helm_neutron_heat_image_tag }}" - dep_check: "{{ openstack_helm_neutron_image_repository }}/kubernetes-entrypoint:latest" - ks_endpoints: "{{ openstack_helm_neutron_image_repository }}/heat:{{ openstack_helm_neutron_heat_image_tag }}" - ks_service: "{{ openstack_helm_neutron_image_repository }}/heat:{{ openstack_helm_neutron_heat_image_tag }}" - ks_user: "{{ openstack_helm_neutron_image_repository }}/heat:{{ openstack_helm_neutron_heat_image_tag }}" - neutron_bagpipe_bgp: "{{ openstack_helm_neutron_image_repository }}/neutron:{{ openstack_helm_neutron_image_tag }}" - neutron_db_sync: "{{ openstack_helm_neutron_image_repository }}/neutron:{{ openstack_helm_neutron_image_tag }}" - neutron_dhcp: "{{ openstack_helm_neutron_image_repository }}/neutron:{{ openstack_helm_neutron_image_tag }}" - neutron_ironic_agent: "{{ openstack_helm_neutron_image_repository }}/neutron:{{ openstack_helm_neutron_image_tag }}" - neutron_l2gw: "{{ openstack_helm_neutron_image_repository }}/neutron:{{ openstack_helm_neutron_image_tag }}" - neutron_l3: "{{ openstack_helm_neutron_image_repository }}/neutron:{{ openstack_helm_neutron_image_tag }}" - neutron_linuxbridge_agent: "{{ openstack_helm_neutron_image_repository }}/neutron:{{ openstack_helm_neutron_image_tag }}" - neutron_metadata: "{{ openstack_helm_neutron_image_repository }}/neutron:{{ openstack_helm_neutron_image_tag }}" - neutron_netns_cleanup_cron: "{{ openstack_helm_neutron_image_repository }}/neutron:{{ openstack_helm_neutron_image_tag }}" - neutron_openvswitch_agent: "{{ openstack_helm_neutron_image_repository }}/neutron:{{ openstack_helm_neutron_image_tag }}" - neutron_server: "{{ openstack_helm_neutron_image_repository }}/neutron:{{ openstack_helm_neutron_image_tag }}" - neutron_sriov_agent_init: "{{ openstack_helm_neutron_image_repository }}/neutron:{{ openstack_helm_neutron_image_tag }}" - neutron_sriov_agent: "{{ openstack_helm_neutron_image_repository }}/neutron:{{ openstack_helm_neutron_image_tag }}" - rabbit_init: "{{ openstack_helm_neutron_image_repository }}/rabbitmq:3.8.23-management" - pod: - replicas: - server: 3 - conf: - paste: - composite:neutronapi_v2_0: - keystone: cors http_proxy_to_wsgi request_id catch_errors authtoken keystonecontext extensions neutronapiapp_v2_0 - neutron: - DEFAULT: - api_workers: 8 - dhcp_agents_per_network: 3 - log_config_append: null - rpc_workers: 8 - service_plugins: qos,router,segments,trunk,vpnaas - external_dns_driver: designate - cors: - allowed_origin: "*" - nova: - live_migration_events: true - oslo_messaging_notifications: - driver: noop - service_providers: - service_provider: VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default - dhcp_agent: - DEFAULT: - dnsmasq_dns_servers: 10.96.0.20 - enable_isolated_metadata: true - l3_agent: - AGENT: - extensions: vpnaas - vpnagent: - vpn_device_driver: neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver - metadata_agent: - DEFAULT: - nova_metadata_port: 8775 - metadata_proxy_shared_secret: "{{ openstack_helm_endpoints['compute_metadata']['secret'] }}" - plugins: - ml2_conf: - ml2: - extension_drivers: dns_domain_ports,port_security,qos - type_drivers: flat,gre,vlan,vxlan - ml2_type_gre: - tunnel_id_ranges: 1:1000 - ml2_type_vlan: - network_vlan_ranges: external:1:4094 - manifests: - ingress_server: false - service_ingress_server: false diff --git a/roles/openstack_helm_nova/defaults/main.yml b/roles/openstack_helm_nova/defaults/main.yml deleted file mode 100644 index 4a81d5a..0000000 --- a/roles/openstack_helm_nova/defaults/main.yml +++ /dev/null @@ -1,73 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: openstack_helm_nova_image_repository [[[ -# -# Image repository location to be prefixed for all images -openstack_helm_nova_image_repository: "{{ atmosphere_image_repository | default('us-docker.pkg.dev/vexxhost-infra/openstack') }}" - - # ]]] -# .. envvar:: openstack_helm_nova_image_tag [[[ -# -# Image tag for container -openstack_helm_nova_image_tag: 23.1.1.dev11 - - # ]]] -# .. envvar:: openstack_helm_nova_ssh_image_tag [[[ -# -# Image tag for SSH container -openstack_helm_nova_ssh_image_tag: wallaby - - # ]]] -# .. envvar:: openstack_helm_nova_heat_image_tag [[[ -# -# Image tag for Heat to be used for jobs running via Helm hooks -openstack_helm_nova_heat_image_tag: wallaby - - # ]]] -# .. envvar:: openstack_helm_nova_diff [[[ -# -# Disable a diff of the release values and ask for manual confirmation -openstack_helm_nova_diff: false - - # ]]] -# .. envvar:: openstack_helm_nova_migrate_from_mariadb [[[ -# -# Execute a migration from legacy MariaDB to Percona XtraDB cluster -openstack_helm_nova_migrate_from_mariadb: false - - # ]]] -# .. envvar:: openstack_helm_nova_values [[[ -# -# Overrides for Helm chart values -openstack_helm_nova_values: {} - - # ]]] -# .. envvar:: openstack_helm_nova_ssh_key [[[ -# -# Private SSH key used for cold & live migration -openstack_helm_nova_ssh_key: "{{ undef(hint='You must specifiy an SSH key for Nova.') }}" - - # ]]] -# .. envvar:: openstack_helm_nova_flavors [[[ -# -# List of flavors to provision inside Nova -openstack_helm_nova_flavors: [] - - # ]]] -# .. envvar:: openstack_helm_nova_ingress_annotations [[[ -# -# Ingress annotations -openstack_helm_nova_ingress_annotations: {} - - # ]]] diff --git a/roles/openstack_helm_nova/meta/main.yml b/roles/openstack_helm_nova/meta/main.yml deleted file mode 100644 index 0f9ae3f..0000000 --- a/roles/openstack_helm_nova/meta/main.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for OpenStack Nova - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal - -dependencies: - - role: openstacksdk diff --git a/roles/openstack_helm_nova/tasks/main.yml b/roles/openstack_helm_nova/tasks/main.yml deleted file mode 100644 index 29efde1..0000000 --- a/roles/openstack_helm_nova/tasks/main.yml +++ /dev/null @@ -1,165 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Generate OpenStack-Helm endpoints - ansible.builtin.include_role: - name: openstack_helm_endpoints - vars: - openstack_helm_endpoints_repo_name: openstack-helm - openstack_helm_endpoints_repo_url: https://tarballs.opendev.org/openstack/openstack-helm/ - openstack_helm_endpoints_chart: nova - -- name: Generate public key for SSH private key - become: false - delegate_to: localhost - block: - - name: Generate temporary file for SSH public key - changed_when: false - ansible.builtin.tempfile: - state: file - prefix: nova_ssh_key_ - register: _nova_ssh_key_tempfile - # NOTE(mnaser): It's important to add a trailing newline at the end of this - # string or else `ssh-keygen` will not be happy.` - - name: Write contents of current private SSH key - changed_when: false - ansible.builtin.copy: - dest: "{{ _nova_ssh_key_tempfile.path }}" - content: "{{ openstack_helm_nova_ssh_key }}\n" - mode: "0600" - - name: Generate public key for SSH private key - changed_when: false - community.crypto.openssh_keypair: - path: "{{ _nova_ssh_key_tempfile.path }}" - regenerate: never - register: _nova_ssh_publickey - always: - - name: Delete temporary file for public SSH key - changed_when: false - ansible.builtin.file: - path: "{{ _nova_ssh_key_tempfile.path }}" - state: absent - -- name: Deploy Helm chart - kubernetes.core.k8s: - state: present - definition: - - apiVersion: source.toolkit.fluxcd.io/v1beta2 - kind: HelmRepository - metadata: - name: openstack-helm - namespace: openstack - spec: - interval: 60s - url: https://tarballs.opendev.org/openstack/openstack-helm/ - - - apiVersion: v1 - kind: Secret - metadata: - name: atmosphere-nova - namespace: openstack - stringData: - values.yaml: "{{ _openstack_helm_nova_values | to_nice_yaml }}" - - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - metadata: - name: nova - namespace: openstack - spec: - interval: 60s - chart: - spec: - chart: nova - version: 0.2.32 - sourceRef: - kind: HelmRepository - name: openstack-helm - install: - disableWait: true - upgrade: - disableWait: true - valuesFrom: - - kind: Secret - name: atmosphere-nova - - kind: Secret - name: percona-xtradb - valuesKey: root - targetPath: endpoints.oslo_db.auth.admin.password - - kind: Secret - name: percona-xtradb - valuesKey: root - targetPath: endpoints.oslo_db_api.auth.admin.password - - kind: Secret - name: percona-xtradb - valuesKey: root - targetPath: endpoints.oslo_db_cell0.auth.admin.password - - kind: Secret - name: rabbitmq-nova-default-user - valuesKey: username - targetPath: endpoints.oslo_messaging.auth.admin.username - - kind: Secret - name: rabbitmq-nova-default-user - valuesKey: password - targetPath: endpoints.oslo_messaging.auth.admin.password - -- name: Create Ingress - ansible.builtin.include_role: - name: openstack_helm_ingress - vars: - openstack_helm_ingress_endpoint: compute - openstack_helm_ingress_service_name: nova-api - openstack_helm_ingress_service_port: 8774 - openstack_helm_ingress_annotations: "{{ openstack_helm_nova_ingress_annotations }}" - -- name: Create Ingress - ansible.builtin.include_role: - name: openstack_helm_ingress - vars: - openstack_helm_ingress_endpoint: compute_novnc_proxy - openstack_helm_ingress_service_name: nova-novncproxy - openstack_helm_ingress_service_port: 6080 - openstack_helm_ingress_annotations: "{{ openstack_helm_nova_ingress_annotations }}" - -- name: Create flavors - when: openstack_helm_nova_flavors | length > 0 - block: - - name: Wait until compute api service ready - kubernetes.core.k8s_info: - api_version: apps/v1 - kind: Deployment - name: nova-api-osapi - namespace: openstack - wait_sleep: 10 - wait_timeout: 600 - wait: true - wait_condition: - type: Available - status: true - - - name: Create flavors - openstack.cloud.compute_flavor: - cloud: atmosphere - # Flavor settings - flavorid: "{{ item.flavorid | default(omit) }}" - name: "{{ item.name }}" - vcpus: "{{ item.vcpus }}" - ram: "{{ item.ram }}" - disk: "{{ item.disk | default(omit) }}" - ephemeral: "{{ item.ephemeral | default(omit) }}" - swap: "{{ item.swap | default(omit) }}" - is_public: "{{ item.is_public | default(omit) }}" - rxtx_factor: "{{ item.rxtx_factor | default(omit) }}" - extra_specs: "{{ item.extra_specs | default(omit) }}" - loop: "{{ openstack_helm_nova_flavors }}" diff --git a/roles/openstack_helm_nova/vars/main.yml b/roles/openstack_helm_nova/vars/main.yml deleted file mode 100644 index 953099a..0000000 --- a/roles/openstack_helm_nova/vars/main.yml +++ /dev/null @@ -1,138 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -_openstack_helm_nova_values: "{{ __openstack_helm_nova_values | combine(openstack_helm_nova_values, recursive=True) }}" -__openstack_helm_nova_values: - endpoints: "{{ openstack_helm_endpoints }}" - labels: - agent: - compute_ironic: - node_selector_key: openstack-control-plane - node_selector_value: enabled - images: - tags: - bootstrap: "{{ openstack_helm_nova_image_repository }}/heat:{{ openstack_helm_nova_heat_image_tag }}" - db_drop: "{{ openstack_helm_nova_image_repository }}/heat:{{ openstack_helm_nova_heat_image_tag }}" - db_init: "{{ openstack_helm_nova_image_repository }}/heat:{{ openstack_helm_nova_heat_image_tag }}" - dep_check: "{{ openstack_helm_nova_image_repository }}/kubernetes-entrypoint:latest" - ks_endpoints: "{{ openstack_helm_nova_image_repository }}/heat:{{ openstack_helm_nova_heat_image_tag }}" - ks_service: "{{ openstack_helm_nova_image_repository }}/heat:{{ openstack_helm_nova_heat_image_tag }}" - ks_user: "{{ openstack_helm_nova_image_repository }}/heat:{{ openstack_helm_nova_heat_image_tag }}" - nova_api: "{{ openstack_helm_nova_image_repository }}/nova:{{ openstack_helm_nova_image_tag }}" - nova_archive_deleted_rows: "{{ openstack_helm_nova_image_repository }}/nova:{{ openstack_helm_nova_image_tag }}" - nova_cell_setup_init: "{{ openstack_helm_nova_image_repository }}/heat:{{ openstack_helm_nova_heat_image_tag }}" - nova_cell_setup: "{{ openstack_helm_nova_image_repository }}/nova:{{ openstack_helm_nova_image_tag }}" - # TODO(mnaser): Fix Ironic images - nova_compute_ironic: "docker.io/kolla/ubuntu-source-nova-compute-ironic:wallaby" - nova_compute_ssh: "{{ openstack_helm_nova_image_repository }}/nova-ssh:{{ openstack_helm_nova_ssh_image_tag }}" - nova_compute: "{{ openstack_helm_nova_image_repository }}/nova:{{ openstack_helm_nova_image_tag }}" - nova_conductor: "{{ openstack_helm_nova_image_repository }}/nova:{{ openstack_helm_nova_image_tag }}" - nova_consoleauth: "{{ openstack_helm_nova_image_repository }}/nova:{{ openstack_helm_nova_image_tag }}" - nova_db_sync: "{{ openstack_helm_nova_image_repository }}/nova:{{ openstack_helm_nova_image_tag }}" - nova_novncproxy_assets: "{{ openstack_helm_nova_image_repository }}/nova:{{ openstack_helm_nova_image_tag }}" - nova_novncproxy: "{{ openstack_helm_nova_image_repository }}/nova:{{ openstack_helm_nova_image_tag }}" - nova_placement: "{{ openstack_helm_nova_image_repository }}/nova:{{ openstack_helm_nova_image_tag }}" - nova_scheduler: "{{ openstack_helm_nova_image_repository }}/nova:{{ openstack_helm_nova_image_tag }}" - nova_service_cleaner: "{{ openstack_helm_nova_image_repository }}/cli:latest" - nova_spiceproxy_assets: "{{ openstack_helm_nova_image_repository }}/nova:{{ openstack_helm_nova_image_tag }}" - nova_spiceproxy: "{{ openstack_helm_nova_image_repository }}/nova:{{ openstack_helm_nova_image_tag }}" - rabbit_init: "{{ openstack_helm_nova_image_repository }}/rabbitmq:3.8.23-management" - network: - ssh: - enabled: true - public_key: "{{ _nova_ssh_publickey.public_key }}" - private_key: "{{ openstack_helm_nova_ssh_key }}" - bootstrap: - structured: - flavors: - enabled: false - pod: - replicas: - api_metadata: 3 - osapi: 3 - conductor: 3 - scheduler: 3 - novncproxy: 3 - spiceproxy: 3 - conf: - ceph: - enabled: "{{ atmosphere_ceph_enabled | default(true) | bool }}" - paste: - composite:openstack_compute_api_v21: - keystone: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v21 - composite:openstack_compute_api_v21_legacy_v2_compatible: - keystone: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken keystonecontext legacy_v2_compatible osapi_compute_app_v21 - nova: - DEFAULT: - allow_resize_to_same_host: true - cpu_allocation_ratio: 4.5 - ram_allocation_ratio: 0.9 - disk_allocation_ratio: 3.0 - resume_guests_state_on_host_boot: true - osapi_compute_workers: 8 - metadata_workers: 8 - cache: - backend: oslo_cache.memcache_pool - cinder: - catalog_info: volumev3::internalURL - conductor: - workers: 8 - compute: - consecutive_build_service_disable_threshold: 0 - cors: - allowed_origin: "*" - allow_headers: "X-Auth-Token,X-OpenStack-Nova-API-Version" - filter_scheduler: - enabled_filters: - AvailabilityZoneFilter, - ComputeFilter, - AggregateTypeAffinityFilter, - ComputeCapabilitiesFilter, - PciPassthroughFilter, - ImagePropertiesFilter, - ServerGroupAntiAffinityFilter, - ServerGroupAffinityFilter - image_properties_default_architecture: x86_64 - max_instances_per_host: 200 - glance: - enable_rbd_download: true - neutron: - metadata_proxy_shared_secret: "{{ openstack_helm_endpoints['compute_metadata']['secret'] }}" - oslo_messaging_notifications: - driver: noop - scheduler: - workers: 8 - nova_ironic: - DEFAULT: - log_config_append: null - force_config_drive: true - manifests: - deployment_consoleauth: false - deployment_placement: false - ingress_metadata: false - ingress_novncproxy: false - ingress_osapi: false - ingress_placement: false - job_db_init_placement: false - job_ks_placement_endpoints: false - job_ks_placement_service: false - job_ks_placement_user: false - secret_keystone_placement: false - service_ingress_metadata: false - service_ingress_novncproxy: false - service_ingress_osapi: false - service_ingress_placement: false - service_placement: false - # NOTE(mnaser): Enable this once we've got Ironic deployed. - statefulset_compute_ironic: false diff --git a/roles/openstack_helm_placement/defaults/main.yml b/roles/openstack_helm_placement/defaults/main.yml deleted file mode 100644 index 8436b2c..0000000 --- a/roles/openstack_helm_placement/defaults/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: openstack_helm_placement_image_repository [[[ -# -# Image repository location to be prefixed for all images -openstack_helm_placement_image_repository: "{{ atmosphere_image_repository | default('us-docker.pkg.dev/vexxhost-infra/openstack') }}" - - # ]]] -# .. envvar:: openstack_helm_placement_image_tag [[[ -# -# Image tag for container -openstack_helm_placement_image_tag: 5.0.1 - - # ]]] -# .. envvar:: openstack_helm_placement_heat_image_tag [[[ -# -# Image tag for Heat to be used for jobs running via Helm hooks -openstack_helm_placement_heat_image_tag: wallaby - - # ]]] -# .. envvar:: openstack_helm_placement_values [[[ -# -# Overrides for Helm chart values -openstack_helm_placement_values: {} - - # ]]] -# .. envvar:: openstack_helm_placement_ingress_annotations [[[ -# -# Ingress annotations -openstack_helm_placement_ingress_annotations: {} - - # ]]] diff --git a/roles/openstack_helm_placement/meta/main.yml b/roles/openstack_helm_placement/meta/main.yml deleted file mode 100644 index 7b99251..0000000 --- a/roles/openstack_helm_placement/meta/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for OpenStack Placement - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal diff --git a/roles/openstack_helm_placement/tasks/main.yml b/roles/openstack_helm_placement/tasks/main.yml deleted file mode 100644 index b896643..0000000 --- a/roles/openstack_helm_placement/tasks/main.yml +++ /dev/null @@ -1,77 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Generate OpenStack-Helm endpoints - ansible.builtin.include_role: - name: openstack_helm_endpoints - vars: - openstack_helm_endpoints_repo_name: openstack-helm - openstack_helm_endpoints_repo_url: https://tarballs.opendev.org/openstack/openstack-helm/ - openstack_helm_endpoints_chart: placement - -- name: Deploy Helm chart - kubernetes.core.k8s: - state: present - definition: - - apiVersion: source.toolkit.fluxcd.io/v1beta2 - kind: HelmRepository - metadata: - name: openstack-helm - namespace: openstack - spec: - interval: 60s - url: https://tarballs.opendev.org/openstack/openstack-helm/ - - - apiVersion: v1 - kind: Secret - metadata: - name: atmosphere-placement - namespace: openstack - stringData: - values.yaml: "{{ _openstack_helm_placement_values | combine(openstack_helm_placement_values, recursive=True) | to_nice_yaml }}" - - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - metadata: - name: placement - namespace: openstack - spec: - interval: 60s - chart: - spec: - chart: placement - version: 0.2.10 - sourceRef: - kind: HelmRepository - name: openstack-helm - install: - disableWait: true - upgrade: - disableWait: true - valuesFrom: - - kind: Secret - name: atmosphere-placement - - kind: Secret - name: percona-xtradb - valuesKey: root - targetPath: endpoints.oslo_db.auth.admin.password - -- name: Create Ingress - ansible.builtin.include_role: - name: openstack_helm_ingress - vars: - openstack_helm_ingress_endpoint: placement - openstack_helm_ingress_service_name: placement-api - openstack_helm_ingress_service_port: 8778 - openstack_helm_ingress_annotations: "{{ openstack_helm_placement_ingress_annotations }}" diff --git a/roles/openstack_helm_placement/vars/main.yml b/roles/openstack_helm_placement/vars/main.yml deleted file mode 100644 index 83bd267..0000000 --- a/roles/openstack_helm_placement/vars/main.yml +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -_openstack_helm_placement_values: - endpoints: "{{ openstack_helm_endpoints }}" - images: - tags: - bootstrap: "{{ openstack_helm_placement_image_repository }}/heat:{{ openstack_helm_placement_heat_image_tag }}" - db_drop: "{{ openstack_helm_placement_image_repository }}/heat:{{ openstack_helm_placement_heat_image_tag }}" - db_init: "{{ openstack_helm_placement_image_repository }}/heat:{{ openstack_helm_placement_heat_image_tag }}" - dep_check: "{{ openstack_helm_placement_image_repository }}/kubernetes-entrypoint:latest" - ks_endpoints: "{{ openstack_helm_placement_image_repository }}/heat:{{ openstack_helm_placement_heat_image_tag }}" - ks_service: "{{ openstack_helm_placement_image_repository }}/heat:{{ openstack_helm_placement_heat_image_tag }}" - ks_user: "{{ openstack_helm_placement_image_repository }}/heat:{{ openstack_helm_placement_heat_image_tag }}" - placement_db_sync: "{{ openstack_helm_placement_image_repository }}/placement:{{ openstack_helm_placement_image_tag }}" - placement: "{{ openstack_helm_placement_image_repository }}/placement:{{ openstack_helm_placement_image_tag }}" - rabbit_init: "{{ openstack_helm_placement_image_repository }}/rabbitmq:3.8.23-management" - pod: - replicas: - api: 3 - conf: - placement: - DEFAULT: - log_config_append: null - oslo_messaging_notifications: - driver: noop - manifests: - ingress: false - service_ingress: false diff --git a/roles/openstack_helm_senlin/defaults/main.yml b/roles/openstack_helm_senlin/defaults/main.yml deleted file mode 100644 index 770364b..0000000 --- a/roles/openstack_helm_senlin/defaults/main.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: openstack_helm_senlin_image_repository [[[ -# -# Image repository location to be prefixed for all images -openstack_helm_senlin_image_repository: "{{ atmosphere_image_repository | default('us-docker.pkg.dev/vexxhost-infra/openstack') }}" - - # ]]] -# .. envvar:: openstack_helm_senlin_image_tag [[[ -# -# Image tag for container -openstack_helm_senlin_image_tag: 11.0.1.dev3 - - # ]]] -# .. envvar:: openstack_helm_senlin_heat_image_tag [[[ -# -# Image tag for Heat to be used for jobs running via Helm hooks -openstack_helm_senlin_heat_image_tag: wallaby - - # ]]] -# .. envvar:: openstack_helm_senlin_diff [[[ -# -# Disable a diff of the release values and ask for manual confirmation -openstack_helm_senlin_diff: false - - # ]]] -# .. envvar:: openstack_helm_senlin_migrate_from_mariadb [[[ -# -# Execute a migration from legacy MariaDB to Percona XtraDB cluster -openstack_helm_senlin_migrate_from_mariadb: false - - # ]]] -# .. envvar:: openstack_helm_senlin_values [[[ -# -# Overrides for Helm chart values -openstack_helm_senlin_values: {} - - # ]]] -# .. envvar:: openstack_helm_senlin_ingress_annotations [[[ -# -# Ingress annotations -openstack_helm_senlin_ingress_annotations: {} - - # ]]] diff --git a/roles/openstack_helm_senlin/meta/main.yml b/roles/openstack_helm_senlin/meta/main.yml deleted file mode 100644 index 5a0c03c..0000000 --- a/roles/openstack_helm_senlin/meta/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for OpenStack Senlin - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal diff --git a/roles/openstack_helm_senlin/tasks/main.yml b/roles/openstack_helm_senlin/tasks/main.yml deleted file mode 100644 index b5c6eda..0000000 --- a/roles/openstack_helm_senlin/tasks/main.yml +++ /dev/null @@ -1,85 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Generate OpenStack-Helm endpoints - ansible.builtin.include_role: - name: openstack_helm_endpoints - vars: - openstack_helm_endpoints_repo_name: openstack-helm - openstack_helm_endpoints_repo_url: https://tarballs.opendev.org/openstack/openstack-helm/ - openstack_helm_endpoints_chart: senlin - -- name: Deploy Helm chart - kubernetes.core.k8s: - state: present - definition: - - apiVersion: source.toolkit.fluxcd.io/v1beta2 - kind: HelmRepository - metadata: - name: openstack-helm - namespace: openstack - spec: - interval: 60s - url: https://tarballs.opendev.org/openstack/openstack-helm/ - - - apiVersion: v1 - kind: Secret - metadata: - name: atmosphere-senlin - namespace: openstack - stringData: - values.yaml: "{{ _openstack_helm_senlin_values | to_nice_yaml }}" - - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - metadata: - name: senlin - namespace: openstack - spec: - interval: 60s - chart: - spec: - chart: senlin - version: 0.2.6 - sourceRef: - kind: HelmRepository - name: openstack-helm - install: - disableWait: true - upgrade: - disableWait: true - valuesFrom: - - kind: Secret - name: atmosphere-senlin - - kind: Secret - name: percona-xtradb - valuesKey: root - targetPath: endpoints.oslo_db.auth.admin.password - - kind: Secret - name: rabbitmq-senlin-default-user - valuesKey: username - targetPath: endpoints.oslo_messaging.auth.admin.username - - kind: Secret - name: rabbitmq-senlin-default-user - valuesKey: password - targetPath: endpoints.oslo_messaging.auth.admin.password - -- name: Create Ingress - ansible.builtin.include_role: - name: openstack_helm_ingress - vars: - openstack_helm_ingress_endpoint: clustering - openstack_helm_ingress_service_name: senlin-api - openstack_helm_ingress_service_port: 8778 - openstack_helm_ingress_annotations: "{{ openstack_helm_senlin_ingress_annotations }}" diff --git a/roles/openstack_helm_senlin/vars/main.yml b/roles/openstack_helm_senlin/vars/main.yml deleted file mode 100644 index d54f5ba..0000000 --- a/roles/openstack_helm_senlin/vars/main.yml +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -_openstack_helm_senlin_values: "{{ __openstack_helm_senlin_values | combine(openstack_helm_senlin_values, recursive=True) }}" -__openstack_helm_senlin_values: - endpoints: "{{ openstack_helm_endpoints }}" - images: - tags: - bootstrap: "{{ openstack_helm_senlin_image_repository }}/heat:{{ openstack_helm_senlin_heat_image_tag }}" - db_drop: "{{ openstack_helm_senlin_image_repository }}/heat:{{ openstack_helm_senlin_heat_image_tag }}" - db_init: "{{ openstack_helm_senlin_image_repository }}/heat:{{ openstack_helm_senlin_heat_image_tag }}" - dep_check: "{{ openstack_helm_senlin_image_repository }}/kubernetes-entrypoint:latest" - ks_endpoints: "{{ openstack_helm_senlin_image_repository }}/heat:{{ openstack_helm_senlin_heat_image_tag }}" - ks_service: "{{ openstack_helm_senlin_image_repository }}/heat:{{ openstack_helm_senlin_heat_image_tag }}" - ks_user: "{{ openstack_helm_senlin_image_repository }}/heat:{{ openstack_helm_senlin_heat_image_tag }}" - rabbit_init: "{{ openstack_helm_senlin_image_repository }}/rabbitmq:3.8.23-management" - senlin_api: "{{ openstack_helm_senlin_image_repository }}/senlin:{{ openstack_helm_senlin_image_tag }}" - senlin_conductor: "{{ openstack_helm_senlin_image_repository }}/senlin:{{ openstack_helm_senlin_image_tag }}" - senlin_db_sync: "{{ openstack_helm_senlin_image_repository }}/senlin:{{ openstack_helm_senlin_image_tag }}" - senlin_engine_cleaner: "{{ openstack_helm_senlin_image_repository }}/senlin:{{ openstack_helm_senlin_image_tag }}" - senlin_engine: "{{ openstack_helm_senlin_image_repository }}/senlin:{{ openstack_helm_senlin_image_tag }}" - senlin_health_manager: "{{ openstack_helm_senlin_image_repository }}/senlin:{{ openstack_helm_senlin_image_tag }}" - pod: - replicas: - api: 3 - conductor: 3 - engine: 3 - health_manager: 3 - conf: - senlin: - DEFAULT: - log_config_append: null - oslo_messaging_notifications: - driver: noop - manifests: - ingress_api: false - service_ingress_api: false diff --git a/roles/openstack_helm_tempest/defaults/main.yml b/roles/openstack_helm_tempest/defaults/main.yml deleted file mode 100644 index 944faa0..0000000 --- a/roles/openstack_helm_tempest/defaults/main.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -# .. vim: foldmarker=[[[,]]]:foldmethod=marker - -# .. Copyright (C) 2022 VEXXHOST, Inc. -# .. SPDX-License-Identifier: Apache-2.0 - -# Default variables -# ================= - -# .. contents:: Sections -# :local: - - -# .. envvar:: openstack_helm_tempest_image_repository [[[ -# -# Image repository location to be prefixed for all images -openstack_helm_tempest_image_repository: "{{ atmosphere_image_repository | default('us-docker.pkg.dev/vexxhost-infra/openstack') }}" - - # ]]] -# .. envvar:: openstack_helm_tempest_image_tag [[[ -# -# Image tag for container -openstack_helm_tempest_image_tag: 30.1.0-4 - - # ]]] -# .. envvar:: openstack_helm_tempest_heat_image_tag [[[ -# -# Image tag for Heat to be used for jobs running via Helm hooks -openstack_helm_tempest_heat_image_tag: wallaby - - # ]]] -# .. envvar:: openstack_helm_tempest_values [[[ -# -# Overrides for Helm chart values -openstack_helm_tempest_values: {} - - # ]]] diff --git a/roles/openstack_helm_tempest/meta/main.yml b/roles/openstack_helm_tempest/meta/main.yml deleted file mode 100644 index 09e2ee9..0000000 --- a/roles/openstack_helm_tempest/meta/main.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for OpenStack Tempest - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal - -dependencies: - - role: openstacksdk diff --git a/roles/openstack_helm_tempest/tasks/main.yml b/roles/openstack_helm_tempest/tasks/main.yml deleted file mode 100644 index 1237bee..0000000 --- a/roles/openstack_helm_tempest/tasks/main.yml +++ /dev/null @@ -1,122 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Generate OpenStack-Helm endpoints - ansible.builtin.include_role: - name: openstack_helm_endpoints - vars: - openstack_helm_endpoints_repo_name: openstack-helm - openstack_helm_endpoints_repo_url: https://tarballs.opendev.org/openstack/openstack-helm/ - openstack_helm_endpoints_chart: tempest - -- name: Configure tempest - block: - - name: Get test image object - openstack.cloud.image_info: - cloud: atmosphere - image: cirros - register: _openstack_helm_tempest_test_image - when: openstack_helm_tempest_values.conf.tempest.compute.image_ref is not defined - - - name: Configure test image ref - ansible.builtin.set_fact: - openstack_helm_tempest_values: "{{ openstack_helm_tempest_values | default({}) | combine({item.key: item.value}, recursive=True) }}" - with_dict: - conf: - tempest: - compute: - image_ref: "{{ _openstack_helm_tempest_test_image.openstack_image.id }}" - when: - - openstack_helm_tempest_values.conf.tempest.compute.image_ref is not defined - - _openstack_helm_tempest_test_image.openstack_image.id is defined - - - name: Get test flavor object - openstack.cloud.compute_flavor_info: - cloud: atmosphere - name: m1.tiny - register: _openstack_helm_tempest_test_flavor - when: openstack_helm_tempest_values.conf.tempest.compute.flavor_ref is not defined - - - name: Set test flavor ref - ansible.builtin.set_fact: - openstack_helm_tempest_values: "{{ openstack_helm_tempest_values | default({}) | combine({item.key: item.value}, recursive=True) }}" - with_dict: - conf: - tempest: - compute: - flavor_ref: "{{ _openstack_helm_tempest_test_flavor.openstack_flavors[0].id }}" - when: - - openstack_helm_tempest_values.conf.tempest.compute.flavor_ref is not defined - - _openstack_helm_tempest_test_flavor.openstack_flavors[0].id is defined - - - name: Get test network object - openstack.cloud.networks_info: - cloud: atmosphere - name: public - register: _openstack_helm_tempest_test_network - when: openstack_helm_tempest_values.conf.tempest.network.public_network_id is not defined - - - name: Set test network ref - ansible.builtin.set_fact: - openstack_helm_tempest_values: "{{ openstack_helm_tempest_values | default({}) | combine({item.key: item.value}, recursive=True) }}" - with_dict: - conf: - tempest: - network: - public_network_id: "{{ _openstack_helm_tempest_test_network.openstack_networks[0].id }}" - when: - - openstack_helm_tempest_values.conf.tempest.network.public_network_id is not defined - - _openstack_helm_tempest_test_network.openstack_networks[0].id is defined - -- name: Configure Helm repository - kubernetes.core.helm_repository: - name: openstack-helm - repo_url: https://tarballs.opendev.org/openstack/openstack-helm/ - -- name: Deploy Helm chart - failed_when: false - kubernetes.core.helm: - name: tempest - chart_ref: openstack-helm/tempest - chart_version: 0.2.3 - release_namespace: openstack - kubeconfig: /etc/kubernetes/admin.conf - wait: true - wait_timeout: 20m - values: "{{ _openstack_helm_tempest_values | combine(openstack_helm_tempest_values, recursive=True) }}" - -- name: Get tempest job object - kubernetes.core.k8s_info: - api_version: batch/v1 - kind: Job - name: tempest-run-tests - namespace: openstack - register: _tempest_job_obj - -- name: Get tempest log - kubernetes.core.k8s_log: - namespace: openstack - label_selectors: - - job-name=tempest-run-tests - register: _tempest_log - -- name: Print tempest log details - ansible.builtin.debug: - msg: "{{ _tempest_log.log_lines }}" - -- name: Fail when tempest result is failed - ansible.builtin.fail: - msg: "Tempest failed!" - when: _tempest_job_obj.resources[0]['status']['succeeded'] is not defined or - _tempest_job_obj.resources[0]['status']['succeeded'] != 1 diff --git a/roles/openstack_helm_tempest/vars/main.yml b/roles/openstack_helm_tempest/vars/main.yml deleted file mode 100644 index 8a97656..0000000 --- a/roles/openstack_helm_tempest/vars/main.yml +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -_openstack_helm_tempest_values: - endpoints: "{{ openstack_helm_endpoints }}" - images: - tags: - dep_check: "{{ openstack_helm_tempest_image_repository }}/kubernetes-entrypoint:latest" - tempest_run_tests: "{{ openstack_helm_tempest_image_repository }}/tempest:{{ openstack_helm_tempest_image_tag }}" - ks_user: "{{ openstack_helm_tempest_image_repository }}/heat:{{ openstack_helm_tempest_heat_image_tag }}" - jobs: - run_tests: - restartPolicy: Never - backoffLimit: 0 - conf: - tempest: - service_available: - cinder: true - glance: true - horizon: true - neutron: true - nova: true - swift: false - compute: - endpoint_type: internal - fixed_network_name: public - dashboard: - dashboard_url: "http://horizon-int.openstack.svc.cluster.local" - image: - endpoint_type: internal - network: - endpoint_type: internal - floating_network_name: public - shared_physical_network: false - placement: - endpoint_type: internal - validation: - image_ssh_user: cirros - volume: - endpoint_type: internal - object-storage: - endpoint_type: internal - pvc: - enabled: false diff --git a/roles/openstack_namespace/tasks/main.yml b/roles/openstack_namespace/tasks/main.yml deleted file mode 100644 index a864a09..0000000 --- a/roles/openstack_namespace/tasks/main.yml +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Create namespace - kubernetes.core.k8s: - state: present - definition: - apiVersion: v1 - kind: Namespace - metadata: - name: openstack diff --git a/roles/openstacksdk/tasks/main.yml b/roles/openstacksdk/tasks/main.yml deleted file mode 100644 index f444d9d..0000000 --- a/roles/openstacksdk/tasks/main.yml +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Generate OpenStack-Helm endpoints - ansible.builtin.include_role: - name: openstack_helm_endpoints - vars: - openstack_helm_endpoints_list: ["identity"] - -- name: Install openstacksdk - ansible.builtin.pip: - name: openstacksdk==0.61.0 - -- name: Create openstack config directory - become: true - ansible.builtin.file: - path: /etc/openstack - state: directory - owner: root - group: root - mode: "0600" - -- name: Generate cloud config file - become: true - ansible.builtin.template: - src: clouds.yaml.j2 - dest: /etc/openstack/clouds.yaml - owner: root - group: root - mode: '0600' diff --git a/roles/openstacksdk/templates/clouds.yaml.j2 b/roles/openstacksdk/templates/clouds.yaml.j2 deleted file mode 100644 index 53fb9d2..0000000 --- a/roles/openstacksdk/templates/clouds.yaml.j2 +++ /dev/null @@ -1,10 +0,0 @@ -clouds: - atmosphere: - auth: - auth_url: "https://{{ openstack_helm_endpoints['identity']['host_fqdn_override']['public']['host'] }}" - username: "{{ openstack_helm_endpoints['identity']['auth']['admin']['username'] }}" - password: "{{ openstack_helm_endpoints['identity']['auth']['admin']['password'] }}" - project_name: admin - user_domain_name: Default - project_domain_name: Default - region_name: "{{ openstack_helm_endpoints['identity']['auth']['admin']['region_name'] }}" diff --git a/roles/percona_xtradb_cluster/meta/main.yml b/roles/percona_xtradb_cluster/meta/main.yml deleted file mode 100644 index 0a13f94..0000000 --- a/roles/percona_xtradb_cluster/meta/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for Percona XtraDB Cluster - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal diff --git a/roles/percona_xtradb_cluster/tasks/main.yml b/roles/percona_xtradb_cluster/tasks/main.yml deleted file mode 100644 index 6aa01fd..0000000 --- a/roles/percona_xtradb_cluster/tasks/main.yml +++ /dev/null @@ -1,201 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Deploy operator - kubernetes.core.k8s: - state: present - definition: - - apiVersion: source.toolkit.fluxcd.io/v1beta2 - kind: HelmRepository - metadata: - name: percona - namespace: openstack - spec: - interval: 60s - url: https://percona.github.io/percona-helm-charts/ - - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - metadata: - name: pxc-operator - namespace: openstack - spec: - interval: 60s - chart: - spec: - chart: pxc-operator - version: 1.10.0 - sourceRef: - kind: HelmRepository - name: percona - install: - crds: CreateReplace - upgrade: - crds: CreateReplace - values: - nodeSelector: - openstack-control-plane: enabled - -- name: Deploy cluster - kubernetes.core.k8s: - state: present - definition: - - apiVersion: pxc.percona.com/v1-10-0 - kind: PerconaXtraDBCluster - metadata: - name: percona-xtradb - namespace: openstack - spec: - crVersion: 1.10.0 - secretsName: percona-xtradb - pxc: - size: 3 - # NOTE(mnaser): https://jira.percona.com/browse/PXC-3914 - image: us-docker.pkg.dev/vexxhost-infra/openstack/percona-xtradb-cluster:5.7.36-31.55-socatfix - autoRecovery: true - configuration: | - [mysqld] - max_connections=8192 - sidecars: - - name: exporter - image: quay.io/prometheus/mysqld-exporter:v0.14.0 - ports: - - name: metrics - containerPort: 9104 - livenessProbe: - httpGet: - path: / - port: 9104 - env: - - name: MONITOR_PASSWORD - valueFrom: - secretKeyRef: - name: percona-xtradb - key: monitor - - name: DATA_SOURCE_NAME - value: "monitor:$(MONITOR_PASSWORD)@(localhost:3306)/" - nodeSelector: - openstack-control-plane: enabled - volumeSpec: - persistentVolumeClaim: - resources: - requests: - storage: 160Gi - haproxy: - enabled: true - size: 3 - image: percona/percona-xtradb-cluster-operator:1.10.0-haproxy - nodeSelector: - openstack-control-plane: enabled - - - apiVersion: monitoring.coreos.com/v1 - kind: PodMonitor - metadata: - name: percona-xtradb-pxc - namespace: monitoring - labels: - release: kube-prometheus-stack - spec: - jobLabel: app.kubernetes.io/component - podMetricsEndpoints: - - port: metrics - path: /metrics - relabelings: - - sourceLabels: ["__meta_kubernetes_pod_name"] - targetLabel: "instance" - - action: "labeldrop" - regex: "^(container|endpoint|namespace|pod|service)$" - namespaceSelector: - matchNames: - - openstack - selector: - matchLabels: - app.kubernetes.io/component: pxc - app.kubernetes.io/instance: percona-xtradb - - - apiVersion: monitoring.coreos.com/v1 - kind: PrometheusRule - metadata: - name: percona-xtradb-pxc - namespace: monitoring - labels: - release: kube-prometheus-stack - spec: - groups: - # TODO: basic rules - - name: general - rules: - - alert: MySQLDown - expr: mysql_up != 1 - for: 5m - labels: - severity: critical - - alert: MysqlTooManyConnections - expr: max_over_time(mysql_global_status_threads_connected[1m]) / mysql_global_variables_max_connections * 100 > 80 - for: 2m - labels: - severity: warning - - alert: MysqlHighThreadsRunning - expr: max_over_time(mysql_global_status_threads_running[1m]) / mysql_global_variables_max_connections * 100 > 60 - for: 2m - labels: - severity: warning - - alert: MysqlSlowQueries - expr: increase(mysql_global_status_slow_queries[1m]) > 0 - for: 2m - labels: - severity: warning - - name: galera - rules: - - alert: MySQLGaleraNotReady - expr: mysql_global_status_wsrep_ready != 1 - for: 5m - labels: - severity: critical - - alert: MySQLGaleraOutOfSync - expr: mysql_global_status_wsrep_local_state != 4 and mysql_global_variables_wsrep_desync == 0 - for: 5m - labels: - severity: critical - - alert: MySQLGaleraDonorFallingBehind - expr: mysql_global_status_wsrep_local_state == 2 and mysql_global_status_wsrep_local_recv_queue > 100 - for: 5m - labels: - severity: warning - - alert: MySQLReplicationNotRunning - expr: mysql_slave_status_slave_io_running == 0 or mysql_slave_status_slave_sql_running == 0 - for: 2m - labels: - severity: critical - - alert: MySQLReplicationLag - expr: (instance:mysql_slave_lag_seconds > 30) and on(instance) (predict_linear(instance:mysql_slave_lag_seconds[5m], 60 * 2) > 0) - for: 1m - labels: - severity: critical - - alert: MySQLHeartbeatLag - expr: (instance:mysql_heartbeat_lag_seconds > 30) and on(instance) (predict_linear(instance:mysql_heartbeat_lag_seconds[5m], 60 * 2) > 0) - for: 1m - labels: - severity: critical - - alert: MySQLInnoDBLogWaits - expr: rate(mysql_global_status_innodb_log_waits[15m]) > 10 - labels: - severity: warning - # NOTE(mnaser): Since we haven't moved to the operator pattern yet, we need to - # keep retrying a few times as the CRDs might not be installed - # yet. - retries: 60 - delay: 5 - register: _result - until: _result is not failed diff --git a/roles/powerstore_csi/meta/main.yml b/roles/powerstore_csi/meta/main.yml deleted file mode 100644 index 7f03021..0000000 --- a/roles/powerstore_csi/meta/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for PowerStore CSI - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal diff --git a/roles/powerstore_csi/tasks/main.yml b/roles/powerstore_csi/tasks/main.yml deleted file mode 100644 index ec85eb5..0000000 --- a/roles/powerstore_csi/tasks/main.yml +++ /dev/null @@ -1,52 +0,0 @@ ---- -- name: Clone PowerStore CSI from GitHub - ansible.builtin.git: - repo: https://github.com/dell/csi-powerstore.git - dest: /var/lib/csi-powerstore - version: v2.3.0 - -- name: Create Secret - kubernetes.core.k8s: - state: present - definition: - apiVersion: v1 - kind: Secret - metadata: - name: csi-powerstore-config - namespace: kube-system - stringData: - config: "{{ powerstore_csi_config | to_yaml }}" - -- name: Create StorageClass - kubernetes.core.k8s: - state: present - definition: - apiVersion: storage.k8s.io/v1 - kind: StorageClass - metadata: - name: general - annotations: - storageclass.kubernetes.io/is-default-class: "true" - provisioner: csi-powerstore.dellemc.com - reclaimPolicy: Delete - allowVolumeExpansion: true - volumeBindingMode: Immediate - -- name: Deploy Helm chart - kubernetes.core.helm: - name: csi-powerstore - chart_ref: /var/lib/csi-powerstore/helm/csi-powerstore - release_namespace: kube-system - kubeconfig: /etc/kubernetes/admin.conf - values: - # NOTE(mnaser): The newer versions of the Helm charts automatically detect - # these values so we can drop them once we move to v2.4.0 - images: - attacher: k8s.gcr.io/sig-storage/csi-attacher:v3.4.0 - driver: dellemc/csi-powerstore:v2.3.0 - externalhealthmonitorcontroller: gcr.io/k8s-staging-sig-storage/csi-external-health-monitor-controller:v0.5.0 - metadataretriever: dellemc/csi-metadata-retriever:v1.0.0 - provisioner: k8s.gcr.io/sig-storage/csi-provisioner:v3.1.0 - registrar: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.5.1 - resizer: k8s.gcr.io/sig-storage/csi-resizer:v1.4.0 - snapshotter: k8s.gcr.io/sig-storage/csi-snapshotter:v5.0.1 diff --git a/roles/prometheus_pushgateway/meta/main.yml b/roles/prometheus_pushgateway/meta/main.yml deleted file mode 100644 index 0a3a806..0000000 --- a/roles/prometheus_pushgateway/meta/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for Prometheus Pushgateway - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal diff --git a/roles/prometheus_pushgateway/tasks/main.yml b/roles/prometheus_pushgateway/tasks/main.yml deleted file mode 100644 index 20a1b63..0000000 --- a/roles/prometheus_pushgateway/tasks/main.yml +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Deploy Helm chart - kubernetes.core.k8s: - state: present - definition: - - apiVersion: source.toolkit.fluxcd.io/v1beta2 - kind: HelmRepository - metadata: - name: prometheus-community - namespace: monitoring - spec: - interval: 60s - url: https://prometheus-community.github.io/helm-charts - - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - metadata: - name: prometheus-pushgateway - namespace: monitoring - spec: - interval: 60s - chart: - spec: - chart: prometheus-pushgateway - version: 1.16.0 - sourceRef: - kind: HelmRepository - name: prometheus-community - values: - nodeSelector: - openstack-control-plane: enabled - serviceMonitor: - enabled: true - namespace: monitoring - additionalLabels: - release: kube-prometheus-stack - relabelings: - - sourceLabels: ["__meta_kubernetes_pod_name"] - targetLabel: "instance" - - regex: "^(container|endpoint|namespace|pod|service)$" - action: "labeldrop" diff --git a/roles/rabbitmq/meta/main.yml b/roles/rabbitmq/meta/main.yml deleted file mode 100644 index dbe22a6..0000000 --- a/roles/rabbitmq/meta/main.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for RabbitMQ - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal - -dependencies: - - role: rabbitmq_operator diff --git a/roles/rabbitmq/tasks/main.yml b/roles/rabbitmq/tasks/main.yml deleted file mode 100644 index b650123..0000000 --- a/roles/rabbitmq/tasks/main.yml +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Deploy cluster - kubernetes.core.k8s: - state: present - definition: - apiVersion: rabbitmq.com/v1beta1 - kind: RabbitmqCluster - metadata: - name: "rabbitmq-{{ rabbitmq_cluster_name }}" - namespace: openstack - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: openstack-control-plane - operator: In - values: - - enabled - rabbitmq: - additionalConfig: | - vm_memory_high_watermark.relative = 0.9 - resources: - requests: - cpu: 500m - memory: 1Gi - limits: - cpu: "1" - memory: 2Gi - wait: true - wait_timeout: 600 - wait_condition: - type: ClusterAvailable - status: "True" - # NOTE(mnaser): Since we haven't moved to the operator pattern yet, we need to - # keep retrying a few times as the CRDs might not be installed - # yet. - retries: 60 - delay: 5 - register: _result - until: _result is not failed diff --git a/roles/rabbitmq_operator/meta/main.yml b/roles/rabbitmq_operator/meta/main.yml deleted file mode 100644 index 1b188e7..0000000 --- a/roles/rabbitmq_operator/meta/main.yml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -galaxy_info: - author: VEXXHOST, Inc. - description: Ansible role for RabbitMQ operator - license: Apache-2.0 - min_ansible_version: 5.5.0 - platforms: - - name: Ubuntu - versions: - - focal diff --git a/roles/rabbitmq_operator/tasks/main.yml b/roles/rabbitmq_operator/tasks/main.yml deleted file mode 100644 index 5124b24..0000000 --- a/roles/rabbitmq_operator/tasks/main.yml +++ /dev/null @@ -1,190 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Deploy Helm chart - kubernetes.core.k8s: - state: present - definition: - - apiVersion: source.toolkit.fluxcd.io/v1beta2 - kind: HelmRepository - metadata: - name: bitnami - namespace: openstack - spec: - interval: 60s - url: https://charts.bitnami.com/bitnami - - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - metadata: - name: rabbitmq-cluster-operator - namespace: openstack - spec: - interval: 60s - chart: - spec: - chart: rabbitmq-cluster-operator - version: 2.5.2 - sourceRef: - kind: HelmRepository - name: bitnami - install: - crds: CreateReplace - upgrade: - crds: CreateReplace - values: - rabbitmqImage: - repository: library/rabbitmq - tag: 3.10.2-management - credentialUpdaterImage: - repository: rabbitmqoperator/default-user-credential-updater - tag: 1.0.2 - clusterOperator: - image: - repository: rabbitmqoperator/cluster-operator - tag: 1.13.1 - fullnameOverride: rabbitmq-cluster-operator - nodeSelector: - openstack-control-plane: enabled - msgTopologyOperator: - image: - repository: rabbitmqoperator/messaging-topology-operator - tag: 1.6.0 - fullnameOverride: rabbitmq-messaging-topology-operator - nodeSelector: - openstack-control-plane: enabled - useCertManager: true - -- name: Deploy monitoring for RabbitMQ - kubernetes.core.k8s: - state: present - definition: - - apiVersion: monitoring.coreos.com/v1 - kind: PodMonitor - metadata: - name: rabbitmq - namespace: monitoring - labels: - release: kube-prometheus-stack - spec: - jobLabel: app.kubernetes.io/component - podMetricsEndpoints: - - port: prometheus - path: /metrics - relabelings: - - sourceLabels: ["__meta_kubernetes_pod_name"] - targetLabel: "instance" - - action: "labeldrop" - regex: "^(container|endpoint|namespace|pod|service)$" - namespaceSelector: - matchNames: - - openstack - selector: - matchLabels: - app.kubernetes.io/component: rabbitmq - - - apiVersion: monitoring.coreos.com/v1 - kind: PrometheusRule - metadata: - name: rabbitmq - namespace: monitoring - labels: - release: kube-prometheus-stack - spec: - groups: - - name: recording - rules: - - record: rabbitmq:usage:memory - labels: - job: rabbitmq - expr: | - sum without (job) ( - rabbitmq_process_resident_memory_bytes - ) / sum without ( - container, - pod, - job, - namespace, - node, - resource, - uid, - unit - ) ( - label_replace( - cluster:namespace:pod_memory:active:kube_pod_container_resource_limits, - "instance", - "$1", - "pod", - "(.*)" - ) - ) - - name: alarms - rules: - - alert: RabbitmqAlarmFreeDiskSpace - expr: rabbitmq_alarms_free_disk_space_watermark == 1 - labels: - severity: critical - - alert: RabbitmqAlarmMemoryUsedWatermark - expr: rabbitmq_alarms_memory_used_watermark == 1 - labels: - severity: critical - - alert: RabbitmqAlarmFileDescriptorLimit - expr: rabbitmq_alarms_file_descriptor_limit == 1 - labels: - severity: critical - - name: limits - rules: - - alert: RabbitmqMemoryHigh - expr: rabbitmq:usage:memory > 0.80 - labels: - severity: warning - - alert: RabbitmqMemoryHigh - expr: rabbitmq:usage:memory > 0.95 - labels: - severity: critical - - alert: RabbitmqFileDescriptorsUsage - expr: rabbitmq_process_open_fds / rabbitmq_process_max_fds > 0.80 - labels: - severity: warning - - alert: RabbitmqFileDescriptorsUsage - expr: rabbitmq_process_open_fds / rabbitmq_process_max_fds > 0.95 - labels: - severity: critical - - alert: RabbitmqTcpSocketsUsage - expr: rabbitmq_process_open_tcp_sockets / rabbitmq_process_max_tcp_sockets > 0.80 - labels: - severity: warning - - alert: RabbitmqTcpSocketsUsage - expr: rabbitmq_process_open_tcp_sockets / rabbitmq_process_max_tcp_sockets > 0.95 - labels: - severity: critical - - name: msgs - rules: - - alert: RabbitmqUnackedMessages - expr: sum(rabbitmq_queue_messages_unacked) BY (queue) > 1000 - for: 5m - labels: - severity: warning - - alert: RabbitmqUnackedMessages - expr: sum(rabbitmq_queue_messages_unacked) BY (queue) > 1000 - for: 1h - labels: - severity: critical - # NOTE(mnaser): Since we haven't moved to the operator pattern yet, we need to - # keep retrying a few times as the CRDs might not be installed - # yet. - retries: 60 - delay: 5 - register: _result - until: _result is not failed diff --git a/setup.cfg b/setup.cfg deleted file mode 100644 index 19a7912..0000000 --- a/setup.cfg +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -[metadata] -name = ansible-collection-atmosphere diff --git a/setup.py b/setup.py deleted file mode 100644 index dd38643..0000000 --- a/setup.py +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import setuptools - -setuptools.setup(pbr=True) diff --git a/tools/generate-galaxy-yml.py b/tools/generate-galaxy-yml.py deleted file mode 100644 index d8e2163..0000000 --- a/tools/generate-galaxy-yml.py +++ /dev/null @@ -1,28 +0,0 @@ -import yaml -from pbr.version import VersionInfo - -GALAXY_YML = { - 'namespace': 'vexxhost', - 'name': 'atmosphere', - 'version': VersionInfo('ansible-collection-atmosphere').release_string().replace('.dev', '-'), - 'readme': 'README.md', - 'authors': [ - "Mohammed Naser ", - ], - 'dependencies': { - 'ansible.posix': '1.3.0', - 'ansible.utils': '2.5.2', - 'community.crypto': '2.2.3', - 'community.general': '4.5.0', - 'kubernetes.core': '2.3.2', - 'openstack.cloud': '1.7.0', - }, - 'build_ignore': [ - '.tox', - '.vscode', - 'doc', - ], -} - -with open('galaxy.yml', 'w') as f: - yaml.dump(GALAXY_YML, f, default_flow_style=False) diff --git a/tox.ini b/tox.ini deleted file mode 100644 index e668c8b..0000000 --- a/tox.ini +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -[tox] -requires = tox-ansible -skipsdist = True - -[testenv] -skipsdist = True -passenv = - OS_* - TERM - ATMOSPHERE_* -commands_pre = - python3 {toxinidir}/tools/generate-galaxy-yml.py - ansible-galaxy collection install -f {toxinidir} - -[testenv:linters] -deps = - {[testenv:build]deps} - ansible-lint==6.4.0 -commands = - ansible-lint {toxinidir}/roles {posargs} - -[testenv:build] -deps = - ansible-core - pbr - pyyaml -commands = - ansible-galaxy collection build --force - -[testenv:molecule] -deps = - ansible - molecule==3.5.2 - -rmolecule/default/requirements.txt -commands = - molecule {posargs} - -[testenv:docs] -deps = - -r{toxinidir}/doc/requirements.txt -commands = - sphinx-build -E -W -d doc/build/doctrees -b html doc/source/ doc/build/html diff --git a/zuul.d/github.yaml b/zuul.d/github.yaml deleted file mode 100644 index 6c328b3..0000000 --- a/zuul.d/github.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- job: - name: ansible-collection-atmosphere-github-mirror - parent: vexxhost-upload-git-mirror - vars: - git_mirror_repository: vexxhost/ansible-collection-atmosphere - -- project: - post: - jobs: - - ansible-collection-atmosphere-github-mirror \ No newline at end of file diff --git a/zuul.d/images-master.yaml b/zuul.d/images-master.yaml deleted file mode 100644 index 3e9346d..0000000 --- a/zuul.d/images-master.yaml +++ /dev/null @@ -1,99 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- job: - name: ansible-collection-atmosphere-build-images-master - parent: ansible-collection-atmosphere-build-images - abstract: true - dependencies: &image_dependencies - - name: ansible-collection-atmosphere-buildset-registry - soft: false - - name: ansible-collection-atmosphere-merge-wheels-master - soft: true - requires: &image_requires - - ansible-collection-atmosphere-wheels-master - files: &image_files - - images/master.yml - vars: &image_vars - openstack_release: master - -- job: - name: ansible-collection-atmosphere-build-images-master-amd64 - parent: ansible-collection-atmosphere-build-images-master - nodeset: ubuntu-focal - -- job: - name: ansible-collection-atmosphere-build-images-master-aarch64 - parent: ansible-collection-atmosphere-build-images-master - nodeset: ubuntu-focal-arm64 - -- job: - name: ansible-collection-atmosphere-build-images-manifest-master - parent: ansible-collection-atmosphere-build-images-manifest - dependencies: - - name: ansible-collection-atmosphere-buildset-registry - soft: false - - name: ansible-collection-atmosphere-build-images-master-amd64 - soft: false - - name: ansible-collection-atmosphere-build-images-master-aarch64 - soft: false - files: *image_files - vars: &manifest_vars - openstack_release: master - - -- job: - name: ansible-collection-atmosphere-upload-images-master - parent: ansible-collection-atmosphere-upload-images - abstract: true - dependencies: *image_dependencies - requires: *image_requires - files: *image_files - vars: *image_vars - -- job: - name: ansible-collection-atmosphere-upload-images-master-amd64 - parent: ansible-collection-atmosphere-upload-images-master - nodeset: ubuntu-focal - -- job: - name: ansible-collection-atmosphere-upload-images-master-aarch64 - parent: ansible-collection-atmosphere-upload-images-master - nodeset: ubuntu-focal-arm64 - -- job: - name: ansible-collection-atmosphere-upload-images-manifest-master - parent: ansible-collection-atmosphere-upload-images-manifest - dependencies: - - name: ansible-collection-atmosphere-buildset-registry - soft: false - - name: ansible-collection-atmosphere-upload-images-master-amd64 - soft: false - - name: ansible-collection-atmosphere-upload-images-master-aarch64 - soft: false - files: *image_files - vars: *manifest_vars - - -- project: - check: - jobs: - - ansible-collection-atmosphere-build-images-master-amd64 - - ansible-collection-atmosphere-build-images-master-aarch64 - - ansible-collection-atmosphere-build-images-manifest-master - gate: - jobs: - - ansible-collection-atmosphere-upload-images-master-amd64 - - ansible-collection-atmosphere-upload-images-master-aarch64 - - ansible-collection-atmosphere-upload-images-manifest-master \ No newline at end of file diff --git a/zuul.d/images.yaml b/zuul.d/images.yaml deleted file mode 100644 index 8dfe728..0000000 --- a/zuul.d/images.yaml +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- job: - name: ansible-collection-atmosphere-buildset-registry - parent: opendev-buildset-registry - -- job: - name: ansible-collection-atmosphere-build-images - parent: opendev-build-docker-image - abstract: true - required-projects: - - openstack/loci - pre-run: - - zuul.d/playbooks/ansible-collection-atmosphere-build-images/pre-run.yml - run: - - zuul.d/playbooks/ansible-collection-atmosphere-build-images/run.yml - -- job: - name: ansible-collection-atmosphere-upload-images - parent: ansible-collection-atmosphere-build-images - abstract: true - secrets: - name: docker_credentials - secret: gar-credentials - pass-to-parent: true - -- job: - name: ansible-collection-atmosphere-build-images-manifest - pre-run: - - zuul.d/playbooks/ansible-collection-atmosphere-build-images-manifest/pre-run.yml - run: - - zuul.d/playbooks/ansible-collection-atmosphere-build-images-manifest/run.yml - -- job: - name: ansible-collection-atmosphere-upload-images-manifest - parent: ansible-collection-atmosphere-build-images-manifest - secrets: - name: docker_credentials - secret: gar-credentials - pass-to-parent: true - -- project: - check: - jobs: - - ansible-collection-atmosphere-buildset-registry - gate: - jobs: - - ansible-collection-atmosphere-buildset-registry diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml deleted file mode 100644 index 40b1589..0000000 --- a/zuul.d/jobs.yaml +++ /dev/null @@ -1,68 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- job: - name: ansible-collection-atmosphere-check-commit - nodeset: - nodes: [] - run: - - zuul.d/playbooks/ansible-collection-atmosphere-check-commit/run.yml - -- job: - name: ansible-collection-atmosphere-tox - parent: tox - -- job: - name: ansible-collection-atmosphere-tox-linters - parent: ansible-collection-atmosphere-tox - vars: - tox_envlist: linters - -- job: - name: ansible-collection-atmosphere-tox-build - parent: ansible-collection-atmosphere-tox - post-run: - - zuul.d/playbooks/ansible-collection-atmosphere-tox-build/post-run.yml - vars: - tox_envlist: build - irrelevant-files: - - doc/.* - -- job: - name: ansible-collection-atmosphere-promote - parent: opendev-promote-python - vars: - download_artifact_job: ansible-collection-atmosphere-tox-build - download_artifact_type: - - ansible_collection - irrelevant-files: - - doc/.* - -- job: - name: ansible-collection-atmosphere-tox-molecule - parent: vexxhost-tox-molecule - cleanup-run: - - zuul.d/playbooks/ansible-collection-atmosphere-tox-molecule/cleanup-run.yml - timeout: 7200 - vars: - tox_environment: - ATMOSPHERE_STACK_NAME: "atmosphere-{{ zuul.build }}" - irrelevant-files: - - doc/.* - -- job: - name: ansible-collection-atmosphere-tox-molecule-default - parent: ansible-collection-atmosphere-tox-molecule - vars: - tox_envlist: default diff --git a/zuul.d/playbooks/ansible-collection-atmosphere-build-images-manifest/pre-run.yml b/zuul.d/playbooks/ansible-collection-atmosphere-build-images-manifest/pre-run.yml deleted file mode 100644 index f390d11..0000000 --- a/zuul.d/playbooks/ansible-collection-atmosphere-build-images-manifest/pre-run.yml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- hosts: all - roles: - - ensure-podman - - use-buildset-registry \ No newline at end of file diff --git a/zuul.d/playbooks/ansible-collection-atmosphere-build-images-manifest/run.yml b/zuul.d/playbooks/ansible-collection-atmosphere-build-images-manifest/run.yml deleted file mode 100644 index 98eb70a..0000000 --- a/zuul.d/playbooks/ansible-collection-atmosphere-build-images-manifest/run.yml +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- hosts: all - tasks: - - name: Include manifest file with all the image information - ansible.builtin.include_vars: - file: "../../../images/{{ openstack_release }}.yml" - name: image_manifest - - - name: Login container registry - when: zuul.job is not search("build") - command: - podman login -u {{ docker_credentials.username }} -p {{ docker_credentials.password }} {{ image_manifest.registry }} - - - name: Create manifest for every project built - command: - podman manifest create {{ item | basename }}:{{ image_manifest['projects'][item.rsplit('/')[-1]]['tag'] }} - loop: "{{ zuul.artifacts | selectattr('metadata.repository', 'defined') | map(attribute='metadata.repository') | sort | unique }}" - - - name: Add image to their manifest - command: - podman manifest add - --arch {{ (item.metadata.arch == "aarch64") | ternary("arm64", "amd64") }} - {{ item.metadata.project }}:{{ image_manifest['projects'][item.metadata.project]['tag'] }} - {{ item.url }} - loop: "{{ zuul.artifacts | selectattr('metadata.type', 'defined') | selectattr('metadata.type', 'equalto', 'image') | list }}" - - - name: Push manifests to container registry - command: - podman manifest push - {{ item | basename }}:{{ image_manifest['projects'][item.rsplit('/')[-1]]['tag'] }} - {{ item }}:{{ image_manifest['projects'][item.rsplit('/')[-1]]['tag'] }} - loop: "{{ zuul.artifacts | selectattr('metadata.repository', 'defined') | map(attribute='metadata.repository') | sort | unique }}" diff --git a/zuul.d/playbooks/ansible-collection-atmosphere-build-images/pre-run.yml b/zuul.d/playbooks/ansible-collection-atmosphere-build-images/pre-run.yml deleted file mode 100644 index 1032b4c..0000000 --- a/zuul.d/playbooks/ansible-collection-atmosphere-build-images/pre-run.yml +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- hosts: all - roles: - - ensure-pip diff --git a/zuul.d/playbooks/ansible-collection-atmosphere-build-images/run.yml b/zuul.d/playbooks/ansible-collection-atmosphere-build-images/run.yml deleted file mode 100644 index 1c153c9..0000000 --- a/zuul.d/playbooks/ansible-collection-atmosphere-build-images/run.yml +++ /dev/null @@ -1,163 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- hosts: all - tasks: - - name: Include manifest file with all the image information - ansible.builtin.include_vars: - file: "../../../images/{{ openstack_release }}.yml" - name: image_manifest - - - name: Check if the image is already built - ansible.builtin.command: - docker manifest inspect {{ image_manifest.registry }}/{{ item.key }}:{{ item.value.tag }} - register: _docker_manifest_inspect - with_dict: "{{ image_manifest.projects }}" - loop_control: - label: "{{ item.key }}" - # NOTE(mnaser): We want to mark the task as "changed" if we have to do - # any work (i.e if the image is not already built). - failed_when: false - changed_when: _docker_manifest_inspect.rc != 0 - - - name: Fail the job if all the images are already built - ansible.builtin.fail: - msg: All the images are already built, did you forget to bump the tag? - when: _docker_manifest_inspect is not changed - - - name: Generate a fact with the list of projects to be built - ansible.builtin.set_fact: - images_to_build: "{{ _docker_manifest_inspect.results | select('changed') | list | map(attribute='item.key') | list }}" - - - name: Clone projects that need to be built - ansible.builtin.git: - repo: "https://opendev.org/openstack/{{ item }}" - dest: "/tmp/{{ item }}" - version: "{{ image_manifest['projects'][item]['revision'] }}" - loop: "{{ images_to_build }}" - - - name: Generate the PBR version for the projects - ansible.builtin.shell: - /usr/bin/python3 setup.py --version - args: - chdir: "/tmp/{{ item }}" - environment: - PYTHONWARNINGS: "ignore:Unverified HTTPS request" - register: _pbr_version - loop: "{{ images_to_build }}" - - - name: Assert that the PBR version exists in the tag - ansible.builtin.assert: - that: item.stdout.strip() in image_manifest['projects'][item.item].tag - loop: "{{ _pbr_version.results }}" - loop_control: - label: "{{ item.item }}" - - - name: Set fact for wheels tarball from artifacts - ansible.builtin.set_fact: - wheels_path: "{{ item.url }}" - loop: "{{ (zuul.artifacts | default([])) | selectattr('metadata.type', 'defined') | selectattr('metadata.type', 'equalto', 'wheels') | list }}" - - - name: Set the fact for wheels path to default if none is detected - ansible.builtin.set_fact: - wheels_path: "https://tarballs.opendev.org/vexxhost/ansible-collection-atmosphere/ansible-collection-atmosphere-wheels-{{ openstack_release }}-master.tar.gz" - when: wheels_path is not defined - - - name: Build the images - ansible.builtin.include_role: - name: build-docker-image - register: _build_docker_image - loop: "{{ images_to_build }}" - vars: - zuul_work_dir: "{{ zuul.projects['opendev.org/openstack/loci'].src_dir }}" - docker_registry: "{{ image_manifest.registry }}" - docker_images: - - context: . - repository: "{{ item }}" - tags: - - "{{ image_manifest['projects'][item]['tag'] }}-{{ ansible_architecture }}" - build_args: - # TODO(mnaser): build base image - - FROM="ubuntu:focal" - - PROJECT="{{ item }}" - - PROJECT_REF="{{ image_manifest['projects'][item]['revision'] }}" - - PROJECT_RELEASE="{{ openstack_release }}" - - WHEELS="{{ wheels_path }}" - - PROFILES="{{ image_manifest['projects'][item].get('profies', []) | join(' ') }}" - - PIP_PACKAGES="{{ image_manifest['projects'][item].get('pip_packages', []) | join(' ') }}" - - DIST_PACKAGES="{{ image_manifest['projects'][item].get('dist_packages', []) | join(' ') }}" - - - name: Upload the images - ansible.builtin.include_role: - name: upload-docker-image - register: _build_docker_image - when: zuul.job is search("upload") - loop: "{{ images_to_build }}" - vars: - zuul_work_dir: "{{ zuul.projects['opendev.org/openstack/loci'].src_dir }}" - docker_registry: "{{ image_manifest.registry }}" - docker_images: - - context: . - repository: "{{ item }}" - tags: - - "{{ image_manifest['projects'][item]['tag'] }}-{{ ansible_architecture }}" - - - name: Return artifacts to Zuul - block: - - name: Return artifacts to Zuul for build - when: zuul.job is search("build") - zuul_return: - data: - zuul: - artifacts: - - name: "{{ item }} ({{ ansible_architecture }})" - url: "docker://{{ _docker_registry }}/{{ item }}:{{ image_manifest['projects'][item]['tag'] }}-{{ ansible_architecture }}" - metadata: - type: image - repository: "docker://{{ _docker_registry }}/{{ item }}" - project: "{{ item }}" - arch: "{{ ansible_architecture }}" - vars: - _docker_registry: "zuul-jobs.buildset-registry:5000" - loop: "{{ _build_docker_image.results | map(attribute='item') | list }}" - - - name: Return artifacts to Zuul for upload - when: zuul.job is search("upload") - zuul_return: - data: - zuul: - artifacts: - - name: "{{ item }} ({{ ansible_architecture }})" - url: "docker://{{ image_manifest.registry }}/{{ item }}:{{ ('change_' + zuul.change) if (zuul.change is defined) else zuul.pipeline }}_{{ image_manifest['projects'][item]['tag'] }}-{{ ansible_architecture }}" - metadata: - type: image - repository: "docker://{{ image_manifest.registry }}/{{ item }}" - project: "{{ item }}" - arch: "{{ ansible_architecture }}" - loop: "{{ _build_docker_image.results | map(attribute='item') | list }}" - - - name: Return artifacts to Zuul for promote - when: zuul.job is search("promote") - zuul_return: - data: - zuul: - artifacts: - - name: "{{ item }} ({{ ansible_architecture }})" - url: "docker://{{ image_manifest.registry }}/{{ item }}:{{ image_manifest['projects'][item]['tag'] }}-{{ ansible_architecture }}" - metadata: - type: image - repository: "docker://{{ image_manifest.registry }}/{{ item }}" - project: "{{ item }}" - arch: "{{ ansible_architecture }}" - loop: "{{ _build_docker_image.results | map(attribute='item') | list }}" diff --git a/zuul.d/playbooks/ansible-collection-atmosphere-build-wheels/post-run.yml b/zuul.d/playbooks/ansible-collection-atmosphere-build-wheels/post-run.yml deleted file mode 100644 index 09b306e..0000000 --- a/zuul.d/playbooks/ansible-collection-atmosphere-build-wheels/post-run.yml +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- hosts: all - tasks: - - name: Find tarballs in the project directory - find: - file_type: file - paths: "{{ build_openstack_requirements_wheels_directory }}" - patterns: "*.tar.gz" - register: result - - - name: Display stat for tarballs - stat: - path: "{{ item.path }}" - with_items: "{{ result.files }}" - - - name: Create destination directory on executor - delegate_to: localhost - file: - path: "{{ zuul.executor.work_root }}/artifacts" - state: directory - mode: 0755 - - - name: Collect tarball artifacts - synchronize: - dest: "{{ zuul.executor.work_root }}/artifacts" - mode: pull - src: "{{ item.path }}" - verify_host: true - owner: no - group: no - with_items: "{{ result.files }}" - - - name: Return artifacts to Zuul - loop: "{{ result.files }}" - zuul_return: - data: - zuul: - artifacts: - - name: "Wheels ({{ ansible_architecture }})" - url: "artifacts/{{ item.path | basename }}" - metadata: - type: wheels \ No newline at end of file diff --git a/zuul.d/playbooks/ansible-collection-atmosphere-build-wheels/pre-run.yml b/zuul.d/playbooks/ansible-collection-atmosphere-build-wheels/pre-run.yml deleted file mode 100644 index 17680c5..0000000 --- a/zuul.d/playbooks/ansible-collection-atmosphere-build-wheels/pre-run.yml +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- hosts: all - roles: - - ensure-pip \ No newline at end of file diff --git a/zuul.d/playbooks/ansible-collection-atmosphere-build-wheels/run.yml b/zuul.d/playbooks/ansible-collection-atmosphere-build-wheels/run.yml deleted file mode 100644 index e5977a6..0000000 --- a/zuul.d/playbooks/ansible-collection-atmosphere-build-wheels/run.yml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Build wheels for OpenStack requirements - hosts: all - roles: - - build_openstack_requirements \ No newline at end of file diff --git a/zuul.d/playbooks/ansible-collection-atmosphere-check-commit/run.yml b/zuul.d/playbooks/ansible-collection-atmosphere-check-commit/run.yml deleted file mode 100644 index 7f59337..0000000 --- a/zuul.d/playbooks/ansible-collection-atmosphere-check-commit/run.yml +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- hosts: localhost - gather_facts: false - tasks: - - name: Get the commit for the ref - uri: - url: "https://{{ zuul.project.canonical_hostname }}/api/v1/repos/{{ zuul.project.name }}/git/refs/{{ zuul.ref | replace('refs/', '') | urlencode }}" - return_content: true - register: _git_ref - - - name: Get the commit details - uri: - url: "{{ _git_ref.json[0].object.url }}" - return_content: true - register: _git_commit - - - block: - - name: Run assertions on commit - assert: - that: "{{ item.that }}" - fail_msg: "{{ item.msg }}" - loop: - - that: "'Sem-Ver' in (zuul.message | b64decode)" - msg: "Sem-Ver tag missing from commit message, see: https://docs.openstack.org/pbr/latest/user/features.html#version" - - that: "(_git_commit.json.files | selectattr('filename', 'search', 'releasenotes/') | list | length) != 0" - msg: "Missing release note in commit message, please create one using `reno`." - loop_control: - label: "{{ item.that }}" - register: _assertions - - always: - - name: Generate list of Zuul warnings - set_fact: - _warnings: "{{ _assertions.results | selectattr('failed', 'equalto', true) | map(attribute='msg') | list }}" - - name: Print list of Zuul warnings - debug: - msg: "{{_warnings }}" - - name: Generate a list of Zuul warnings - zuul_return: - data: - zuul: - warnings: "{{ _warnings }}" \ No newline at end of file diff --git a/zuul.d/playbooks/ansible-collection-atmosphere-merge-wheels/post-run.yml b/zuul.d/playbooks/ansible-collection-atmosphere-merge-wheels/post-run.yml deleted file mode 100644 index 073c2fe..0000000 --- a/zuul.d/playbooks/ansible-collection-atmosphere-merge-wheels/post-run.yml +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- hosts: all - tasks: - - name: Display stat for tarballs - stat: - path: /tmp/wheels.tar.gz - - - name: Create destination directory on executor - delegate_to: localhost - file: - path: "{{ zuul.executor.work_root }}/artifacts" - state: directory - mode: 0755 - - - name: Collect tarball artifacts - synchronize: - dest: "{{ zuul.executor.work_root }}/artifacts" - mode: pull - src: /tmp/wheels.tar.gz - verify_host: true - owner: no - group: no - - - name: Return artifacts to Zuul - zuul_return: - data: - zuul: - artifacts: - - name: Wheels - url: artifacts/wheels.tar.gz - metadata: - type: wheels \ No newline at end of file diff --git a/zuul.d/playbooks/ansible-collection-atmosphere-merge-wheels/run.yml b/zuul.d/playbooks/ansible-collection-atmosphere-merge-wheels/run.yml deleted file mode 100644 index 8a75cd9..0000000 --- a/zuul.d/playbooks/ansible-collection-atmosphere-merge-wheels/run.yml +++ /dev/null @@ -1,52 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- hosts: all - gather_facts: false - tasks: - - name: Download all artifacts - ansible.builtin.get_url: - url: "{{ item.url }}" - dest: "/tmp/{{ item.url | basename }}" - mode: '0440' - loop: "{{ zuul.artifacts }}" - when: item.metadata.get("type") == "wheels" - - - name: Create a folder for all wheels - ansible.builtin.file: - path: "/tmp/wheels" - state: directory - - - name: Extract all wheels into the same folder - ansible.builtin.unarchive: - src: "/tmp/{{ item.url | basename }}" - dest: /tmp/wheels - remote_src: true - loop: "{{ zuul.artifacts }}" - when: item.metadata.get("type") == "wheels" - - - name: Add upper-constraints.txt to the folder - ansible.builtin.get_url: - url: "https://releases.openstack.org/constraints/upper/{{ build_openstack_requirements_release }}" - dest: /tmp/wheels/upper-constraints.txt - mode: 0644 - - - name: Create archive with all wheels - # TODO(mnaser): Switch this to "community.general.archive" once Zuul is using - # a new enough Ansible. - archive: - dest: /tmp/wheels.tar.gz - path: - - /tmp/wheels/*.whl - - /tmp/wheels/*.txt \ No newline at end of file diff --git a/zuul.d/playbooks/ansible-collection-atmosphere-tox-build/post-run.yml b/zuul.d/playbooks/ansible-collection-atmosphere-tox-build/post-run.yml deleted file mode 100644 index 6ec1ba2..0000000 --- a/zuul.d/playbooks/ansible-collection-atmosphere-tox-build/post-run.yml +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- hosts: all - tasks: - - name: Find tarballs in the project directory - find: - file_type: file - paths: "{{ zuul.project.src_dir }}" - patterns: "*.tar.gz" - register: result - - - name: Display stat for tarballs - stat: - path: "{{ item.path }}" - with_items: "{{ result.files }}" - - - name: Create destination directory on executor - delegate_to: localhost - file: - path: "{{ zuul.executor.work_root }}/artifacts" - state: directory - mode: 0755 - - - name: Collect tarball artifacts - synchronize: - dest: "{{ zuul.executor.work_root }}/artifacts" - mode: pull - src: "{{ item.path }}" - verify_host: true - owner: no - group: no - with_items: "{{ result.files }}" - - - name: Return artifacts to Zuul - loop: "{{ result.files }}" - zuul_return: - data: - zuul: - artifacts: - - name: Ansible Collection - url: "artifacts/{{ item.path | basename }}" - metadata: - type: ansible_collection \ No newline at end of file diff --git a/zuul.d/playbooks/ansible-collection-atmosphere-tox-molecule/cleanup-run.yml b/zuul.d/playbooks/ansible-collection-atmosphere-tox-molecule/cleanup-run.yml deleted file mode 100644 index 4489a0e..0000000 --- a/zuul.d/playbooks/ansible-collection-atmosphere-tox-molecule/cleanup-run.yml +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- hosts: all - roles: - - role: tox - vars: - tox_envlist: molecule - tox_extra_args: '-- destroy --all' diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml deleted file mode 100644 index fd79f72..0000000 --- a/zuul.d/project.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- project: - check: - jobs: - - ansible-collection-atmosphere-check-commit - - ansible-collection-atmosphere-tox-build - - ansible-collection-atmosphere-tox-molecule-default - - ansible-collection-atmosphere-tox-linters - - opendev-tox-docs - gate: - jobs: - - ansible-collection-atmosphere-check-commit - - ansible-collection-atmosphere-tox-build - - ansible-collection-atmosphere-tox-molecule-default - - ansible-collection-atmosphere-tox-linters - - opendev-tox-docs - promote: - jobs: - - ansible-collection-atmosphere-promote - - opendev-promote-docs - release: - jobs: - - opendev-publish-tox-docs \ No newline at end of file diff --git a/zuul.d/secrets.yaml b/zuul.d/secrets.yaml deleted file mode 100644 index 348b2ab..0000000 --- a/zuul.d/secrets.yaml +++ /dev/null @@ -1,89 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- secret: - name: gar-credentials - data: - username: _json_key_base64 - password: !encrypted/pkcs1-oaep - - nd98syNJVdfw5xeqs8uzso3zQTQ2tMxQmiFopVLxUgZ/wUBTxoY30UzwuE4Zk1G1VbfCR - NWg+ERH70NYJ7mRLAtE2mTIDbfElFYBE473uJjw9pZl8B7krvXemOsyxg1aS6mgDwHB5c - z2a7tHBl0qSlZ13PzWTH7WUKZ3k8GnM1Zi38GU3F7ED/HaoYsObQzgQkG5UzcnKsSlgtN - dccZQB1dtM/15g3+FpoojLen/pNXw3FzIVtA/RmTL5f0XULZQmzReZitzVk30/gBnByMq - 0x2SxvxIu+oTNhZIA96plwf/dhv/CMZDUCVEikO6Rjh427rcB7dC4BY35jzI8tWLfuGI6 - pYN221S/+SN/Q+1D90iPV5z0M3Sj7N7JO3lIEfk3M5XBu9CWUN1/hTrAu/d7Ju9MDZEM8 - BQUxuRu9/GrjPQ7SXQm53yVURJQm+eZBbWznSaY9eMjBj7LjlqufgE7sTp3FphuI++qS4 - /OZnmfH7Y2kUbWTwNdTlxnAve0799KoLnEGVWTCLfvWWRMpASq/o3/k2FSRWg1flY6/Nm - +2jcCfS9vT0twMy4mSbEuZkQc+20AWygUcO2KruRzQMW3nt/79XUVAdVWN2MRtfPXMA8g - 0i2O4BMf7bOtt1eSG7+Tjt9k2HMLNsQm/NMLaO+KmuJ+B1AErzsaMf2Vv6EspQ= - - qeYL/crs2lHFvXzJlFjgo22VsUoTSNkliMZ9aYFbGCOXk72Vv3M7jf21x9RGnlrTzwv2t - jtsPL0B88+lSmh5DAwDLhn2AG2e33ksQ+UDdR8ZBk4EBAeu2dpeRL3EFtDig2H+73BXxG - XuTo+4Up2ebm7qU+Y/XXZnPPHfpRVAf+x1LWn9XA4QC9Z1lSe1Vzfo6gBF3vsqdPC570b - Ox3lWQcwq6Pm8pGMJi747Xz+IzgtVkJLRaGcfIJ9rQvSJWqTT77hiXEKEMj23S6khHD8/ - EuVyoAuJspTnG/pO5CtBS8t/+P+zO4F1Ul3D84Y55/QeyvdL8SmJcHMk2V1YXWmfHaZ1S - UlrCertCBHSwHFmvQLFrBfkc1/ktgh7xu0idZ51PBSE+Rl81uAgqVMHwoIf5wiisfaboQ - cW9hvRs18Fkz5CcHTrgXB6Ee0aBy0NTVseVzbdiStCJpjOmgwygJE30pmAhevWK0sRnMD - 82FAwM5uvkoEpq2nH36ZXZ8yrthK7OwXSIcffUZJjmA1zOG1KUmgS7iBA9im6G7bM7d9s - FbcXhHKNAD/ol9JzvC9yXkFF02NVMTIq8qcKohoPFEN7+ShmQ1hMv9/Bws1uIclzdIuiU - /xSmQV1ZizYPzmq/jdmIHUsqgL2HUp6/8OEyXIAGIOMY5Zs+EBdhvPl+9kILvg= - - Nz1XfrdKkaCTAvGLsnQu05z1DTSLiOmbYf0m3t8TwOCY277/RCE80wATo3pf4v6CivBrk - SHKOQujzawIkmPoLTif6xeC3n+qI9+oGXHHQwk2hm+QSs7B5r/qGEX2ig+OjL2HHg6fCL - Ahinb69wBXx8cTFU4jEFkRigGiJvIDkO5ZiRvpfNIv0ba/qGgxuTD8j0NKctub3iSAyM1 - ZkJ5GNDxBNLuCw0w13KdXY1CrYknhqETo6B3lJhzdhjoW/7saogVpTJexxa4OC1hWEkZ4 - eaP14xgBl6l+lhSYx8NjVxxLio9NgpuUfamqBhm5ns1AGVVrCER44+SHZLXXFplM6NUfh - KQnlr1DLiS2Xl6Et9QbNo4YxmEPNDjKvqwpsPjo7thtT1Jz8QlBoikx1tk2QM+tjaYgoo - 9RhDDD1fadOinDE+RWt7AE0H2yY/Ko2htHzB67IFJNfKh2A1Nuf6dH2DODigCU2By2kP7 - SWzB1Ofh20uPlcaXEP2AKeMsOgXLNVjaosE2FhtUvnmyBR2jHyCX+g+K5V3GsjZQ+6GNC - h1C4YU5SutqyVKRn+wnGzB7tPqffdr+mD9HqxO30VrT/2q5QXoO2uzdGzzp+SNNmKLUB/ - AokS3buEXwm1xjjpIc9MJJP8970vhKwXLvzUMKDxxsv1V7CTFo6om1ohmMNThU= - - CUrQ60Grgj0IS5XIEmEiWoLpa45Y1sGRkCu/JZvQOteBr1tGlv/boSbMQp1yIXIeEpYpa - 76Wm+veET1zRs9GyqcAlVq2K9W9ejaG6a+/dlt+T8kU3OPuPl8Mm1XKaq0Q/7PZPaxuTf - ulV7Tv1jpx+yFfxXSk+wnyLpNJGlpR0h13oOiPIfyQ899ytMd9lKfKRB/H9Gf1P1MvpjZ - vJEh7FeyO07c30raFnkGynnwpCqidoHkGLGTyuP1P+994vX94w0VxnB/YIXap4mq/33Bf - ldYAmogLrdDVnrOky2WYBzAJ2R/NJ3JhnrX7ETL6nwrEA/NHv4tzz+2rxifTdG1C/CA/a - v6MytbrtRt4QpsfrCy/xFXUCwrtXBGGa7/RlxWaAAatEBuVtW2ocrhUpZVHvdo4r9wBj1 - BoE2C2xnTJEBM4tEO5TnM4sLy+OzsbGmWLjq0P2n3h3wtvIDcXiJhWSY9OUJj5sgy1yxB - OQqk4YBb1Z/u9PGf5a401PEw4xTwEV2J4OYTgA0GJvCWPlp4xDdDbBlTBfDOvjI61qpTV - 4huXLXYXMeD/85nnpnEUNot9vTEL+9w3g++pHjtxSgsGsUt4iSXUjVoBTisnzSLfnrabV - hK4RVCwge6eDy8DDMC+BA7j4IufyvQFxJDHxjXTzFsDmVdOkd7b1DY1gt1lcNA= - - W92kGTv477Rr5yJAnKyyEAxjJAfL1SEzWA5RwthhcJ55NNvkOkD8OFnXfWUnwGMxJoN5b - ef7gqxt3mfTKhpgbqKQ5ukFv4wPgxT62AMFZD6J/mRoo0Czfau/PL3nZkTuHtNS1ptF1a - RbD+ggxWwgCzdep4/CS2duAXTLH650sykTEvANA9nE8aR1q5UX5MJYW9Vyi90nxuAIDP1 - wegPY7AUL4ZRnT2oxKqnSOND3mAYMzI72HM/V6lsFS5roX4I3PlGxCJECJW7pWKRhfRtz - vOTKsU9IrqKta+8bCpKQysPEceDzHvhyJmF4X086B/YD/qHCo0CA7Mf9Hf9E1EfGPb04h - Ox9E4cQRP7K/9xVAK1bl114gUkuW6J6i+UacAuMLTizoC/cxiQY9lFNDqpEKGN/yRBH3h - XXc+TkfAOmT6adDe/aCPkvWxVGEtTAVn0rGYweJucvDGI/251IEV/DxqT9a5SWo2Wpe+3 - 8mnxHT3ordm5uD9IaJrqX81xQ8to72e1sfT7yWPApmDOPwIicEzC9+OnFKfGHATf8pC22 - rMSRZnCBNKaH34TgsKvZV1ZfXhYUGvzbRvRVIfriqCZ3JJvSEiihVpiTVTi71zE8hl+kZ - s8lIE0gKGnvHiuTU/q7nWRZ1DC5dPIXqiPfx6e2bEpDy4sY07bHx2a0qXPSefg= - - rw5LfGaIX+R9mZxU73+DdzHI5GT4ztLtVbovbE0iUcVUJgMjcY8jVEWm7DpFD6lwA6bsX - lw/deoVtFysfSN1XhfFVExU/apQ0eJgX38d6s1peKiJD7BPnpdIvJNfzHeaR3lUbhHXQo - Vl8VAIaIo1wsxHJRpXddZmqQRki23UBT2Yy2y8avEYPUJEYjyeyGaGvLu4V8kVTR7PoZJ - 1uvR1kA2HrLKQp+kPf5Y0WT96LmsC6A+mtroy8aklCVnECxHC5J9Kvnhqgl6D4hFc5pkY - 3INaYydCfTVhcaDg21UH27yLCL3jsp0t9RZ7jKlgSPWao6kzb04hnfcs8B8V280miBmIz - F6Em6wO+6rWZn9G/lq5f/8pA9a5wmRhQxoz9CT/u7ZyyzqytYC49Lyiz96B3vuUn9R4Ll - Hf5wkeSp07fsjDUrnP9I0pvXuQ9PxCoBVtW9ZzsjWzV2KZN+41ZriQLwnOB1tgsZFOs40 - 4vfLaq7WAyHC4OsTJbJp9CtpKUVHU4iE1rErzG4C9U6MdRG3RKGwdR/es9ur702J2U/c8 - uHVVdG92WUQqDeRTmc6AtUfQaAZaGctJsl3NNbS1H556jUv04UDzAyXwti+0UnH+HCPuU - yBGNoDpI4H9d67wg2/hdcLUeXxiTOqcBKNAJLlzg2K81gMRL2FDc+xOgSIjF50= - - a6mkLSfZw0AKad9CK9+x7YKKCdt76ZJxrggTzlrTcZl83Ko+sknhdCOjon74CJXwaNxaA - 2w9M5FUaQRLwzXGdlktHnl11F2xgShomrL9TUPA9qyqdZxi1pRJowbzbLAwYf/VsdExYy - j98PAvgBddDHZZtrNGSbjObJeChKy4jvY+fbnInjzw/PmzB3iTsF6g5VAXOOEdr7XqyRF - 7vBVc2C7uzDOxmD4QODOkfUDRrXPgNt5I5iRQRJPpUOeoCuubpSZU4aflL/FggwBQUbAg - sL/JJhlsW1hegcRjuxRpN2xXq9O9bzjiRVzW1EVa1G7vj+WC9kWrzEBNXEWJK2UHq/zq+ - YYt1OEiCc74w57t8jAXSf7Mvhuu7KM5StMOxT2NGUcM8ibYZCSxyWfGjMA1nmtVQ99ODX - ECKI7Wgyenr4EFlTcKmkONzkvOjV0RPqR7Ybq18i9JRBDtIQv8yr64R7esnSzmygNa00S - XmM1bG5hIbNzxcFK0O5uvlVCVMPfPpqMpRwbrU2IVnMBxXCSsWUPtdSdLrO8XNLSkUq8N - eplFuqIRRVT4gzuWFBC7pfuODu23zS496WiBURzRlux0V8rxs7t3EOjoWWrs9DwL1ZJoE - nmVp5gTIO2uJsJDxQ0bJ0v1glu7bWlWymhMgVrjn24JeeG206b2hB4I6K4d2R0= \ No newline at end of file diff --git a/zuul.d/wheels-master.yaml b/zuul.d/wheels-master.yaml deleted file mode 100644 index ebd4f66..0000000 --- a/zuul.d/wheels-master.yaml +++ /dev/null @@ -1,66 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- job: - name: ansible-collection-atmosphere-build-wheels-master - parent: ansible-collection-atmosphere-build-wheels - files: &build-wheels-files - - roles/build_openstack_requirements/.* - - zuul.d/wheels-master.yaml - vars: - build_openstack_requirements_release: master - -- job: - name: ansible-collection-atmosphere-build-wheels-master-amd64 - parent: ansible-collection-atmosphere-build-wheels-master - nodeset: ubuntu-focal - -- job: - name: ansible-collection-atmosphere-build-wheels-master-aarch64 - parent: ansible-collection-atmosphere-build-wheels-master - nodeset: ubuntu-focal-arm64 - -- job: - name: ansible-collection-atmosphere-merge-wheels-master - parent: ansible-collection-atmosphere-merge-wheels - files: *build-wheels-files - dependencies: - - ansible-collection-atmosphere-build-wheels-master-amd64 - - ansible-collection-atmosphere-build-wheels-master-aarch64 - provides: - - ansible-collection-atmosphere-wheels-master - vars: - build_openstack_requirements_release: master - -- job: - name: ansible-collection-atmosphere-promote-wheels-master - parent: ansible-collection-atmosphere-promote-wheels - files: *build-wheels-files - vars: - artifact_extra_name: wheels-master - -- project: - check: - jobs: - - ansible-collection-atmosphere-build-wheels-master-amd64 - - ansible-collection-atmosphere-build-wheels-master-aarch64 - - ansible-collection-atmosphere-merge-wheels-master - gate: - jobs: - - ansible-collection-atmosphere-build-wheels-master-amd64 - - ansible-collection-atmosphere-build-wheels-master-aarch64 - - ansible-collection-atmosphere-merge-wheels-master - promote: - jobs: - - ansible-collection-atmosphere-promote-wheels-master \ No newline at end of file diff --git a/zuul.d/wheels-wallaby.yaml b/zuul.d/wheels-wallaby.yaml deleted file mode 100644 index bb9c41a..0000000 --- a/zuul.d/wheels-wallaby.yaml +++ /dev/null @@ -1,66 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- job: - name: ansible-collection-atmosphere-build-wheels-wallaby - parent: ansible-collection-atmosphere-build-wheels - files: &build-wheels-files - - roles/build_openstack_requirements/.* - - zuul.d/wheels-wallaby.yaml - vars: - build_openstack_requirements_release: wallaby - -- job: - name: ansible-collection-atmosphere-build-wheels-wallaby-amd64 - parent: ansible-collection-atmosphere-build-wheels-wallaby - nodeset: ubuntu-focal - -- job: - name: ansible-collection-atmosphere-build-wheels-wallaby-aarch64 - parent: ansible-collection-atmosphere-build-wheels-wallaby - nodeset: ubuntu-focal-arm64 - -- job: - name: ansible-collection-atmosphere-merge-wheels-wallaby - parent: ansible-collection-atmosphere-merge-wheels - files: *build-wheels-files - dependencies: - - ansible-collection-atmosphere-build-wheels-wallaby-amd64 - - ansible-collection-atmosphere-build-wheels-wallaby-aarch64 - provides: - - ansible-collection-atmosphere-wheels-wallaby - vars: - build_openstack_requirements_release: wallaby - -- job: - name: ansible-collection-atmosphere-promote-wheels-wallaby - parent: ansible-collection-atmosphere-promote-wheels - files: *build-wheels-files - vars: - artifact_extra_name: wheels-wallaby - -- project: - check: - jobs: - - ansible-collection-atmosphere-build-wheels-wallaby-amd64 - - ansible-collection-atmosphere-build-wheels-wallaby-aarch64 - - ansible-collection-atmosphere-merge-wheels-wallaby - gate: - jobs: - - ansible-collection-atmosphere-build-wheels-wallaby-amd64 - - ansible-collection-atmosphere-build-wheels-wallaby-aarch64 - - ansible-collection-atmosphere-merge-wheels-wallaby - promote: - jobs: - - ansible-collection-atmosphere-promote-wheels-wallaby \ No newline at end of file diff --git a/zuul.d/wheels.yaml b/zuul.d/wheels.yaml deleted file mode 100644 index 9c3c5fc..0000000 --- a/zuul.d/wheels.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# Copyright (c) 2022 VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- job: - name: ansible-collection-atmosphere-build-wheels - abstract: true - pre-run: - - zuul.d/playbooks/ansible-collection-atmosphere-build-wheels/pre-run.yml - run: - - zuul.d/playbooks/ansible-collection-atmosphere-build-wheels/run.yml - post-run: - - zuul.d/playbooks/ansible-collection-atmosphere-build-wheels/post-run.yml - vars: - build_openstack_requirements_wheels_directory: /tmp - -- job: - name: ansible-collection-atmosphere-merge-wheels - abstract: true - run: - - zuul.d/playbooks/ansible-collection-atmosphere-merge-wheels/run.yml - post-run: - - zuul.d/playbooks/ansible-collection-atmosphere-merge-wheels/post-run.yml - -- job: - name: ansible-collection-atmosphere-promote-wheels - parent: opendev-promote-python - abstract: true - vars: - download_artifact_job: "{{ zuul.job | replace('promote', 'merge') }}" - download_artifact_type: - - wheels \ No newline at end of file