From d62d663a2daaf301c6ca5ae7d314e61b904af575 Mon Sep 17 00:00:00 2001 From: Kaspars Skels Date: Mon, 15 Jul 2019 15:27:12 -0500 Subject: Initial site reference manifests for intel-pod17 This includes cntt type definition as well as site manifests. Change-Id: I4829c80199795af0c841419b8fd19557295fe244 Signed-off-by: Kaspars Skels --- type/cntt/bootactions/promjoin.yaml | 32 + type/cntt/deployment/deployment-configuration.yaml | 41 + type/cntt/network/KubernetesNetwork.yaml | 97 ++ type/cntt/profiles/genesis.yaml | 49 + type/cntt/profiles/hardware/intel-s2600wt.yaml | 109 ++ type/cntt/profiles/host/cp-intel-s2600wt.yaml | 96 ++ type/cntt/profiles/host/dp-intel-s2600wt.yaml | 103 ++ .../charts/kubernetes/ingress/ingress.yaml | 31 + .../software/charts/osh-infra/elasticsearch.yaml | 34 + type/cntt/software/charts/osh-infra/fluentbit.yaml | 22 + type/cntt/software/charts/osh-infra/fluentd.yaml | 22 + type/cntt/software/charts/osh-infra/grafana.yaml | 23 + type/cntt/software/charts/osh-infra/ingress.yaml | 24 + type/cntt/software/charts/osh-infra/mariadb.yaml | 24 + .../cntt/software/charts/osh-infra/prometheus.yaml | 35 + .../charts/osh/openstack-compute-kit/neutron.yaml | 28 + .../charts/osh/openstack-compute-kit/nova.yaml | 25 + .../software/charts/osh/openstack-heat/heat.yaml | 21 + .../osh/openstack-tenant-ceph/ceph-client.yaml | 23 + .../charts/osh/openstack-tenant-ceph/ceph-osd.yaml | 34 + .../software/charts/ucp/comps/chart-group.yaml | 14 + type/cntt/software/charts/ucp/comps/drydock.yaml | 25 + .../software/charts/ucp/comps/maas-scaled.yaml | 32 + type/cntt/software/charts/ucp/comps/maas.yaml | 29 + .../software/charts/ucp/promenade/promenade.yaml | 50 + type/cntt/software/config/endpoints.yaml | 1088 ++++++++++++++++++++ type/cntt/software/config/service_accounts.yaml | 435 ++++++++ type/cntt/software/manifests/bootstrap.yaml | 39 + type/cntt/software/manifests/full-site.yaml | 61 ++ 29 files changed, 2646 insertions(+) create mode 100644 type/cntt/bootactions/promjoin.yaml create mode 100644 type/cntt/deployment/deployment-configuration.yaml create mode 100644 type/cntt/network/KubernetesNetwork.yaml create mode 100644 type/cntt/profiles/genesis.yaml create mode 100644 type/cntt/profiles/hardware/intel-s2600wt.yaml create mode 100644 type/cntt/profiles/host/cp-intel-s2600wt.yaml create mode 100644 type/cntt/profiles/host/dp-intel-s2600wt.yaml create mode 100644 type/cntt/software/charts/kubernetes/ingress/ingress.yaml create mode 100644 type/cntt/software/charts/osh-infra/elasticsearch.yaml create mode 100644 type/cntt/software/charts/osh-infra/fluentbit.yaml create mode 100644 type/cntt/software/charts/osh-infra/fluentd.yaml create mode 100644 type/cntt/software/charts/osh-infra/grafana.yaml create mode 100644 type/cntt/software/charts/osh-infra/ingress.yaml create mode 100644 type/cntt/software/charts/osh-infra/mariadb.yaml create mode 100644 type/cntt/software/charts/osh-infra/prometheus.yaml create mode 100644 type/cntt/software/charts/osh/openstack-compute-kit/neutron.yaml create mode 100644 type/cntt/software/charts/osh/openstack-compute-kit/nova.yaml create mode 100644 type/cntt/software/charts/osh/openstack-heat/heat.yaml create mode 100644 type/cntt/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml create mode 100644 type/cntt/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml create mode 100644 type/cntt/software/charts/ucp/comps/chart-group.yaml create mode 100644 type/cntt/software/charts/ucp/comps/drydock.yaml create mode 100644 type/cntt/software/charts/ucp/comps/maas-scaled.yaml create mode 100644 type/cntt/software/charts/ucp/comps/maas.yaml create mode 100644 type/cntt/software/charts/ucp/promenade/promenade.yaml create mode 100644 type/cntt/software/config/endpoints.yaml create mode 100644 type/cntt/software/config/service_accounts.yaml create mode 100644 type/cntt/software/manifests/bootstrap.yaml create mode 100644 type/cntt/software/manifests/full-site.yaml (limited to 'type/cntt') diff --git a/type/cntt/bootactions/promjoin.yaml b/type/cntt/bootactions/promjoin.yaml new file mode 100644 index 0000000..1178c10 --- /dev/null +++ b/type/cntt/bootactions/promjoin.yaml @@ -0,0 +1,32 @@ +--- +# This file defines a boot action which is responsible for fetching the node's +# promjoin script from the promenade API. This is the script responsible for +# installing kubernetes on the node and joining the kubernetes cluster. +# #GLOBAL-CANDIDATE# +schema: 'drydock/BootAction/v1' +metadata: + schema: 'metadata/Document/v1' + name: promjoin + storagePolicy: 'cleartext' + layeringDefinition: + abstract: false + layer: site + labels: + application: 'drydock' +data: + signaling: false + # TODO(alanmeadows) move what is global about this document + assets: + - path: /opt/promjoin.sh + type: file + permissions: '555' + # The ip= parameter must match the MaaS network name of the network used + # to contact kubernetes. With a standard, reference Airship deployment where + # L2 networks are shared between all racks, the network name (i.e. calico) + # should be correct. + location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}&ip={{ node.network.private.ip }}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %} + location_pipeline: + - template + data_pipeline: + - utf8_decode +... diff --git a/type/cntt/deployment/deployment-configuration.yaml b/type/cntt/deployment/deployment-configuration.yaml new file mode 100644 index 0000000..bfc6c0c --- /dev/null +++ b/type/cntt/deployment/deployment-configuration.yaml @@ -0,0 +1,41 @@ +--- +# The purpose of this file is to provide shipyard related deployment config +# parameters. This should not require modification for a new site. However, +# shipyard deployment strategies can be very useful in getting around certain +# failures, like misbehaving nodes that hold up the deployment. See more at +# https://opendev.org/airship/shipyard/src/branch/master/doc/source/site-definition-documents.rst#using-a-deployment-strategy +schema: shipyard/DeploymentConfiguration/v1 +metadata: + schema: metadata/Document/v1 + name: deployment-configuration + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + physical_provisioner: + deployment_strategy: deployment-strategy + deploy_interval: 30 + deploy_timeout: 3600 + destroy_interval: 30 + destroy_timeout: 900 + join_wait: 0 + prepare_node_interval: 30 + prepare_node_timeout: 1800 + prepare_site_interval: 10 + prepare_site_timeout: 300 + verify_interval: 10 + verify_timeout: 60 + kubernetes_provisioner: + drain_timeout: 3600 + drain_grace_period: 1800 + clear_labels_timeout: 1800 + remove_etcd_timeout: 1800 + etcd_ready_timeout: 600 + armada: + get_releases_timeout: 300 + get_status_timeout: 300 + manifest: 'full-site' + post_apply_timeout: 7200 + validate_design_timeout: 600 +... diff --git a/type/cntt/network/KubernetesNetwork.yaml b/type/cntt/network/KubernetesNetwork.yaml new file mode 100644 index 0000000..1124d63 --- /dev/null +++ b/type/cntt/network/KubernetesNetwork.yaml @@ -0,0 +1,97 @@ +--- +schema: promenade/KubernetesNetwork/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-network + layeringDefinition: + abstract: false + layer: type + storagePolicy: cleartext + substitutions: + # DNS + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.cluster_domain + dest: + path: .dns.cluster_domain + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.service_ip + dest: + path: .dns.service_ip + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.upstream_servers + dest: + path: .dns.upstream_servers + + # Kubernetes IPs + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.api_service_ip + dest: + path: .kubernetes.service_ip + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.pod_cidr + dest: + path: .kubernetes.pod_cidr + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.service_cidr + dest: + path: .kubernetes.service_cidr + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.apiserver_port + dest: + path: .kubernetes.apiserver_port + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .kubernetes.haproxy_port + dest: + path: .kubernetes.haproxy_port + + # etcd IPs + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .etcd.container_port + dest: + path: .etcd.container_port + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .etcd.haproxy_port + dest: + path: .etcd.haproxy_port + + # proxy + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .proxy.http + dest: + path: .proxy.url + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .proxy.no_proxy + dest: + path: .proxy.additional_no_proxy + +data: + dns: + bootstrap_validation_checks: + - calico-etcd.kube-system.svc.cluster.local + - kubernetes-etcd.kube-system.svc.cluster.local + - kubernetes.default.svc.cluster.local +... diff --git a/type/cntt/profiles/genesis.yaml b/type/cntt/profiles/genesis.yaml new file mode 100644 index 0000000..54c5276 --- /dev/null +++ b/type/cntt/profiles/genesis.yaml @@ -0,0 +1,49 @@ +--- +# The purpose of this file is to apply proper labels to Genesis node so the +# proper services are installed and proper configuration applied. This should +# not need to be changed for a new site. +# #GLOBAL-CANDIDATE# +schema: promenade/Genesis/v1 +metadata: + schema: metadata/Document/v1 + name: genesis-site + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: genesis-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + labels: + dynamic: + - beta.kubernetes.io/fluentd-ds-ready=true + - calico-etcd=enabled + - ceph-mds=enabled + - ceph-mon=enabled + - ceph-osd=enabled + - ceph-rgw=enabled + - ceph-mgr=enabled + - ceph-bootstrap=enabled + - tenant-ceph-control-plane=enabled + - tenant-ceph-mon=enabled + - tenant-ceph-rgw=enabled + - tenant-ceph-mgr=enabled + - kube-dns=enabled + - kube-ingress=enabled + - kubernetes-apiserver=enabled + - kubernetes-controller-manager=enabled + - kubernetes-etcd=enabled + - kubernetes-scheduler=enabled + - promenade-genesis=enabled + - ucp-control-plane=enabled + - maas-rack=enabled + - maas-region=enabled + - ceph-osd-bootstrap=enabled + - openstack-control-plane=enabled + - openvswitch=enabled + - openstack-l3-agent=enabled + - node-exporter=enabled +... diff --git a/type/cntt/profiles/hardware/intel-s2600wt.yaml b/type/cntt/profiles/hardware/intel-s2600wt.yaml new file mode 100644 index 0000000..07836ef --- /dev/null +++ b/type/cntt/profiles/hardware/intel-s2600wt.yaml @@ -0,0 +1,109 @@ +--- +schema: 'drydock/HardwareProfile/v1' +metadata: + schema: 'metadata/Document/v1' + name: intel-s2600wt + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # Vendor of the server chassis + vendor: Intel + # Generation of the chassis model + generation: '4' + # Version of the chassis model within its generation - not version of the hardware definition + hw_version: '3' + # The certified version of the chassis BIOS + bios_version: 'SE5C610.86B.01.01.0019.101220160604' + # Mode of the default boot of hardware - bios, uefi + boot_mode: bios + # Protocol of boot of the hardware - pxe, usb, hdd + bootstrap_protocol: pxe + # Which interface to use for network booting within the OOB manager, not OS device + pxe_interface: 0 + + # Map hardware addresses to aliases/roles to allow a mix of hardware configs + # in a site to result in a consistent configuration + + device_aliases: + ## network + # $ sudo lspci |grep -i ethernet + # 03:00.0 Ethernet controller: Intel Corporation I350 Gigabit Network Connection (rev 01) + # 03:00.3 Ethernet controller: Intel Corporation I350 Gigabit Network Connection (rev 01) + # 05:00.0 Ethernet controller: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (rev 01) + # 05:00.1 Ethernet controller: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (rev 01) + # 05:00.2 Ethernet controller: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (rev 01) + # 05:00.3 Ethernet controller: Intel Corporation Ethernet Controller X710 for 10GbE SFP+ (rev 01) + + # control networks + # eno1 + ctrl_nic1: + address: '0000:03:00.0' + dev_type: 'I350 Gigabit Network Connection' + bus_type: 'pci' + # eno2 + ctrl_nic2: + address: '0000:03:00.3' + dev_type: 'I350 Gigabit Network Connection' + bus_type: 'pci' + + # data networks + # ens785f0 + data_nic1: + address: '0000:05:00.0' + dev_type: 'Ethernet Controller X710 for 10GbE SFP+' + bus_type: 'pci' + # ens785f1 + data_nic2: + address: '0000:05:00.1' + dev_type: 'Ethernet Controller X710 for 10GbE SFP+' + bus_type: 'pci' + # ens785f2 + data_nic3: + address: '0000:05:00.2' + dev_type: 'Ethernet Controller X710 for 10GbE SFP+' + bus_type: 'pci' + # ens785f3 + data_nic4: + address: '0000:05:00.3' + dev_type: 'Ethernet Controller X710 for 10GbE SFP+' + bus_type: 'pci' + + ## storage + # $ sudo lshw -c disk + # *-disk + # description: ATA Disk + # product: INTEL SSDSC2BB48 + # physical id: 0.0.0 + # bus info: scsi@4:0.0.0 + # logical name: /dev/sda + # version: 0101 + # serial: PHDV637602LL480BGN + # size: 447GiB (480GB) + # capabilities: gpt-1.00 partitioned partitioned:gpt + # configuration: ansiversion=5 guid=ea7d0b6a-c105-4409-8d4c-dc104cb38737 logicalsectorsize=512 sectorsize=4096 + # *-disk + # description: ATA Disk + # product: ST91000640NS + # vendor: Seagate + # physical id: 0.0.0 + # bus info: scsi@5:0.0.0 + # logical name: /dev/sdb + # version: SN03 + # serial: 9XG6LX48 + # size: 931GiB (1TB) + # capabilities: gpt-1.00 partitioned partitioned:gpt + # configuration: ansiversion=5 guid=27f17348-e081-4b00-8d4c-5960513a40cd logicalsectorsize=512 sectorsize=512 + + # /dev/sda + bootdisk: + address: '4:0.0.0' + dev_type: 'INTEL SSDSC2BB48' + bus_type: 'scsi' + # /dev/sdb + datadisk: + address: '5:0.0.0' + dev_type: 'ST91000640NS' + bus_type: 'scsi' +... diff --git a/type/cntt/profiles/host/cp-intel-s2600wt.yaml b/type/cntt/profiles/host/cp-intel-s2600wt.yaml new file mode 100644 index 0000000..1eca33e --- /dev/null +++ b/type/cntt/profiles/host/cp-intel-s2600wt.yaml @@ -0,0 +1,96 @@ +--- +# The primary control plane host profile for Airship for DELL R720s, and +# should not need to be altered if you are using matching HW. The active +# participants in the Ceph cluster run on this profile. Other control plane +# services are not affected by primary vs secondary designation. +schema: drydock/HostProfile/v1 +metadata: + schema: metadata/Document/v1 + name: cp-intel-s2600wt + storagePolicy: cleartext + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: cp-global + actions: + - method: replace + path: .interfaces + - method: replace + path: .storage + - method: merge + path: . +data: + hardware_profile: intel-s2600wt + + primary_network: dmz + interfaces: + dmz: + device_link: dmz + slaves: + - ctrl_nic1 + networks: + - dmz + admin: + device_link: admin + slaves: + - ctrl_nic2 + networks: + - admin + data1: + device_link: data1 + slaves: + - data_nic1 + networks: + - private + - management + data2: + device_link: data2 + slaves: + - data_nic2 + networks: + - storage + - public + + storage: + physical_devices: + bootdisk: + labels: + bootdrive: 'true' + partitions: + - name: 'root' + size: '30g' + bootable: true + filesystem: + mountpoint: '/' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'boot' + size: '1g' + filesystem: + mountpoint: '/boot' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'var_log' + size: '100g' + filesystem: + mountpoint: '/var/log' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'var' + size: '>100g' + filesystem: + mountpoint: '/var' + fstype: 'ext4' + mount_options: 'defaults' + + platform: + image: 'xenial' + kernel: 'hwe-16.04' + kernel_params: + kernel_package: 'linux-image-4.15.0-46-generic' + + metadata: + owner_data: + openstack-l3-agent: enabled +... diff --git a/type/cntt/profiles/host/dp-intel-s2600wt.yaml b/type/cntt/profiles/host/dp-intel-s2600wt.yaml new file mode 100644 index 0000000..e05a2c7 --- /dev/null +++ b/type/cntt/profiles/host/dp-intel-s2600wt.yaml @@ -0,0 +1,103 @@ +--- +# The data plane host profile for Airship for DELL R720s, and should +# not need to be altered if you are using matching HW. The host profile is setup +# for cpu isolation (for nova pinning), hugepages, and sr-iov. +schema: drydock/HostProfile/v1 +metadata: + schema: metadata/Document/v1 + name: dp-intel-s2600wt + storagePolicy: cleartext + layeringDefinition: + abstract: false + layer: site + parentSelector: + hosttype: dp-global + actions: + - method: replace + path: .interfaces + - method: replace + path: .storage + - method: merge + path: . +data: + hardware_profile: intel-s2600wt + + primary_network: dmz + interfaces: + dmz: + device_link: dmz + slaves: + - ctrl_nic1 + networks: + - dmz + admin: + device_link: admin + slaves: + - ctrl_nic2 + networks: + - admin + data1: + device_link: data1 + slaves: + - data_nic1 + networks: + - private + - management + data2: + device_link: data2 + slaves: + - data_nic2 + networks: + - storage + - public + + storage: + physical_devices: + bootdisk: + labels: + bootdrive: 'true' + partitions: + - name: 'root' + size: '30g' + bootable: true + filesystem: + mountpoint: '/' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'boot' + size: '1g' + filesystem: + mountpoint: '/boot' + fstype: 'ext4' + mount_options: 'defaults' + - name: 'log' + size: '100g' + filesystem: + mountpoint: '/var/log' + fstype: 'ext4' + mount_options: 'defaults' + # - name: 'cephjournal' + # size: '10g' + - name: 'var' + size: '>100g' + filesystem: + mountpoint: '/var' + fstype: 'ext4' + mount_options: 'defaults' + # datadisk: + # partitions: + # - name: 'nova' + # size: '450g' + # filesystem: + # mountpoint: '/var/lib/nova' + # fstype: 'ext4' + # mount_options: 'defaults' + # - name: 'cephosd' + # size: '>100g' + + platform: + image: 'xenial' + kernel: 'hwe-16.04' + kernel_params: + kernel_package: 'linux-image-4.15.0-46-generic' +... diff --git a/type/cntt/software/charts/kubernetes/ingress/ingress.yaml b/type/cntt/software/charts/kubernetes/ingress/ingress.yaml new file mode 100644 index 0000000..be61953 --- /dev/null +++ b/type/cntt/software/charts/kubernetes/ingress/ingress.yaml @@ -0,0 +1,31 @@ +--- +# The purpose of this file is to define the environment-specific public-facing +# VIP for the ingress controller +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ingress-kube-system + layeringDefinition: + abstract: false + layer: site + parentSelector: + ingress: kube-system + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .vip.ingress_vip + dest: + path: .values.network.vip.addr +data: + values: + network: + ingress: + disable-ipv6: "true" + vip: + manage: true +... diff --git a/type/cntt/software/charts/osh-infra/elasticsearch.yaml b/type/cntt/software/charts/osh-infra/elasticsearch.yaml new file mode 100644 index 0000000..3621e75 --- /dev/null +++ b/type/cntt/software/charts/osh-infra/elasticsearch.yaml @@ -0,0 +1,34 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: elasticsearch + labels: + name: elasticsearch-type + layeringDefinition: + abstract: false + layer: type + parentSelector: + hosttype: elasticsearch-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + master: 2 + data: 1 + client: 2 + storage: + requests: + storage: 40Gi + conf: + elasticsearch: + env: + java_opts: + client: "-Xms2048m -Xmx2048m" + data: "-Xms2048m -Xmx2048m" + master: "-Xms2048m -Xmx2048m" +... diff --git a/type/cntt/software/charts/osh-infra/fluentbit.yaml b/type/cntt/software/charts/osh-infra/fluentbit.yaml new file mode 100644 index 0000000..1d176cd --- /dev/null +++ b/type/cntt/software/charts/osh-infra/fluentbit.yaml @@ -0,0 +1,22 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: fluentbit + labels: + name: fluentbit-type + layeringDefinition: + abstract: false + layer: type + parentSelector: + hosttype: fluentbit-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + fluentd: 1 +... diff --git a/type/cntt/software/charts/osh-infra/fluentd.yaml b/type/cntt/software/charts/osh-infra/fluentd.yaml new file mode 100644 index 0000000..906b26d --- /dev/null +++ b/type/cntt/software/charts/osh-infra/fluentd.yaml @@ -0,0 +1,22 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: fluentd + labels: + name: fluentd-type + layeringDefinition: + abstract: false + layer: type + parentSelector: + hosttype: fluentd-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + fluentd: 1 +... diff --git a/type/cntt/software/charts/osh-infra/grafana.yaml b/type/cntt/software/charts/osh-infra/grafana.yaml new file mode 100644 index 0000000..d12f7d2 --- /dev/null +++ b/type/cntt/software/charts/osh-infra/grafana.yaml @@ -0,0 +1,23 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: grafana + labels: + name: grafana-type + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: grafana-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + grafana: 1 +... diff --git a/type/cntt/software/charts/osh-infra/ingress.yaml b/type/cntt/software/charts/osh-infra/ingress.yaml new file mode 100644 index 0000000..96753c9 --- /dev/null +++ b/type/cntt/software/charts/osh-infra/ingress.yaml @@ -0,0 +1,24 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: osh-infra-ingress-controller + labels: + name: osh-infra-ingress-controller-type + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: osh-infra-ingress-controller-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + ingress: 1 + error_page: 1 +... diff --git a/type/cntt/software/charts/osh-infra/mariadb.yaml b/type/cntt/software/charts/osh-infra/mariadb.yaml new file mode 100644 index 0000000..ddb4424 --- /dev/null +++ b/type/cntt/software/charts/osh-infra/mariadb.yaml @@ -0,0 +1,24 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: osh-infra-mariadb + labels: + name: osh-infra-mariadb-type + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: osh-infra-mariadb-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + server: 1 + ingress: 1 +... diff --git a/type/cntt/software/charts/osh-infra/prometheus.yaml b/type/cntt/software/charts/osh-infra/prometheus.yaml new file mode 100644 index 0000000..4b02c04 --- /dev/null +++ b/type/cntt/software/charts/osh-infra/prometheus.yaml @@ -0,0 +1,35 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: prometheus + labels: + name: prometheus-type + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: prometheus-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + replicas: + prometheus: 1 + resources: + enabled: true + prometheus: + limits: + memory: "4Gi" + cpu: "2000m" + requests: + memory: "2Gi" + cpu: "1000m" + storage: + requests: + storage: 50Gi +... diff --git a/type/cntt/software/charts/osh/openstack-compute-kit/neutron.yaml b/type/cntt/software/charts/osh/openstack-compute-kit/neutron.yaml new file mode 100644 index 0000000..8d47efd --- /dev/null +++ b/type/cntt/software/charts/osh/openstack-compute-kit/neutron.yaml @@ -0,0 +1,28 @@ +--- +# This file defines hardware-specific settings for neutron. If you use the same +# hardware profile as this environment, you should not need to change this file. +# Otherwise, you should review the settings here and adjust for your hardware. +# In particular: +# 1. logical network interface names +# 2. physical device mappigns +# TODO: Should move to global layer and become tied to the hardware profile +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: neutron + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: neutron-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + wait: + timeout: 1800 + test: + timeout: 900 +... diff --git a/type/cntt/software/charts/osh/openstack-compute-kit/nova.yaml b/type/cntt/software/charts/osh/openstack-compute-kit/nova.yaml new file mode 100644 index 0000000..32f94b8 --- /dev/null +++ b/type/cntt/software/charts/osh/openstack-compute-kit/nova.yaml @@ -0,0 +1,25 @@ +--- +# This file defines hardware-specific settings for nova. If you use the same +# hardware profile as this environment, you should not need to change this file. +# Otherwise, you should review the settings here and adjust for your hardware. +# In particular: +# 1. vcpu_pin_set will change if the number of logical CPUs on the hardware +# changes. +# 2. pci alias / passthrough_whitelist could change if the NIC type or NIC +# slotting changes. +# TODO: Should move to global layer and become tied to the hardware profile +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: nova + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: nova-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: {} +... diff --git a/type/cntt/software/charts/osh/openstack-heat/heat.yaml b/type/cntt/software/charts/osh/openstack-heat/heat.yaml new file mode 100644 index 0000000..de5bd51 --- /dev/null +++ b/type/cntt/software/charts/osh/openstack-heat/heat.yaml @@ -0,0 +1,21 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: heat + labels: + name: heat-type + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: heat-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + test: + timeout: 600 +... diff --git a/type/cntt/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml b/type/cntt/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml new file mode 100644 index 0000000..3f5bfba --- /dev/null +++ b/type/cntt/software/charts/osh/openstack-tenant-ceph/ceph-client.yaml @@ -0,0 +1,23 @@ +--- +# The purpose of this file is to define envrionment-specific parameters for the +# ceph client +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: tenant-ceph-client + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: tenant-ceph-client-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + conf: + pool: + target: + osd: 3 +... diff --git a/type/cntt/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml b/type/cntt/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml new file mode 100644 index 0000000..8937fdc --- /dev/null +++ b/type/cntt/software/charts/osh/openstack-tenant-ceph/ceph-osd.yaml @@ -0,0 +1,34 @@ +--- +# The purpose of this file is to define environment-specific parameters for +# ceph-osd +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: tenant-ceph-osd + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: tenant-ceph-osd-global + actions: + - method: replace + path: .values.conf.storage.osd + - method: merge + path: . + storagePolicy: cleartext +data: + values: + labels: + osd: + node_selector_key: tenant-ceph-osd + node_selector_value: enabled + conf: + storage: + osd: + - data: + type: block-logical + location: /dev/sdb + journal: + type: directory + location: /var/lib/openstack-helm/tenant-ceph/osd/osd-sdb +... diff --git a/type/cntt/software/charts/ucp/comps/chart-group.yaml b/type/cntt/software/charts/ucp/comps/chart-group.yaml new file mode 100644 index 0000000..02236b5 --- /dev/null +++ b/type/cntt/software/charts/ucp/comps/chart-group.yaml @@ -0,0 +1,14 @@ +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-drydock-scaled + layeringDefinition: + abstract: false + layer: type + storagePolicy: cleartext +data: + description: Drydock + chart_group: + - ucp-maas-scaled + - ucp-drydock diff --git a/type/cntt/software/charts/ucp/comps/drydock.yaml b/type/cntt/software/charts/ucp/comps/drydock.yaml new file mode 100644 index 0000000..1343340 --- /dev/null +++ b/type/cntt/software/charts/ucp/comps/drydock.yaml @@ -0,0 +1,25 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: ucp-drydock + labels: + name: ucp-drydock-type + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: ucp-drydock-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + network: + api: + ingress: + classes: + cluster: maas-ingress +... diff --git a/type/cntt/software/charts/ucp/comps/maas-scaled.yaml b/type/cntt/software/charts/ucp/comps/maas-scaled.yaml new file mode 100644 index 0000000..531a9f3 --- /dev/null +++ b/type/cntt/software/charts/ucp/comps/maas-scaled.yaml @@ -0,0 +1,32 @@ +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-maas-scaled + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: ucp-maas-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .vip.maas_vip + dest: + path: .values.network.maas_ingress.addr +data: + values: + network: + region_api: + node_port: + enabled: true + pod: + replicas: + region: 2 + rack: 2 +... diff --git a/type/cntt/software/charts/ucp/comps/maas.yaml b/type/cntt/software/charts/ucp/comps/maas.yaml new file mode 100644 index 0000000..d22cf55 --- /dev/null +++ b/type/cntt/software/charts/ucp/comps/maas.yaml @@ -0,0 +1,29 @@ +--- +# This file defines site-specific deviations for MaaS. +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-maas + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: ucp-maas-global + actions: + - method: merge + path: . + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .vip.maas_vip + dest: + path: .values.network.maas_ingress.addr +data: + values: + network: + region_api: + node_port: + enabled: true +... diff --git a/type/cntt/software/charts/ucp/promenade/promenade.yaml b/type/cntt/software/charts/ucp/promenade/promenade.yaml new file mode 100644 index 0000000..e245bd9 --- /dev/null +++ b/type/cntt/software/charts/ucp/promenade/promenade.yaml @@ -0,0 +1,50 @@ +--- +# The purpose of this file is to provide site-specific parameters for the ucp- +# promenade chart. +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-promenade + layeringDefinition: + abstract: false + layer: site + parentSelector: + name: ucp-promenade-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + values: + pod: + env: + promenade_api: [] + # NEWSITE-CHANGEME: If your site uses an http proxy, enter it here. + # Otherwise comment out these lines. + # - name: http_proxy + # value: 'http://proxy.example.com:8080' + # NEWSITE-CHANGEME: If your site uses an https proxy, enter it here. + # Otherwise comment out these lines. + # - name: https_proxy + # value: 'http://proxy.example.com:8080' + # NEWSITE-CHANGEME: If your site uses an http/https proxy, enter the + # IPs / domain names which the proxy should not be used for (i.e. the + # cluster domain and kubernetes service_cidr defined in common-addresses) + # Otherwise comment out these lines. + # - name: no_proxy + # value: '10.96.0.1,.cluster.local' + # NEWSITE-CHANGEME: If your site uses an http proxy, enter it here. + # Otherwise comment out these lines. + # - name: HTTP_PROXY + # value: 'http://proxy.example.com:8080' + # NEWSITE-CHANGEME: If your site uses an https proxy, enter it here. + # Otherwise comment out these lines. + # - name: HTTPS_PROXY + # value: 'http://proxy.example.com:8080' + # NEWSITE-CHANGEME: If your site uses an http/https proxy, enter the + # IPs / domain names which the proxy should not be used for (i.e. the + # cluster domain and kubernetes service_cidr defined in common-addresses) + # Otherwise comment out these lines. + # - name: NO_PROXY + # value: '10.96.0.1,.cluster.local' +... diff --git a/type/cntt/software/config/endpoints.yaml b/type/cntt/software/config/endpoints.yaml new file mode 100644 index 0000000..12bc7da --- /dev/null +++ b/type/cntt/software/config/endpoints.yaml @@ -0,0 +1,1088 @@ +--- +# The purpose of this file is to define the site's endpoint catalog. This should +# not need to be modified for a new site. +# #GLOBAL-CANDIDATE# +schema: pegleg/EndpointCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_endpoints + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.ingress_domain + dest: + - path: .ucp.identity.host_fqdn_override.public.host + pattern: DOMAIN + - path: .ucp.identity.host_fqdn_override.admin.host + pattern: DOMAIN + - path: .ucp.shipyard.host_fqdn_override.public.host + pattern: DOMAIN + - path: .ucp.physicalprovisioner.host_fqdn_override.public.host + pattern: DOMAIN + - path: .ucp.maas_region.host_fqdn_override.public.host + pattern: DOMAIN + - path: .ceph.object_store.host_fqdn_override.public.host + pattern: DOMAIN + - path: .ceph.ceph_object_store.host_fqdn_override.public.host + pattern: DOMAIN +data: + ucp: + identity: + namespace: ucp + name: keystone + hosts: + default: keystone + internal: keystone-api + host_fqdn_override: + default: null + public: + host: iam-airship.DOMAIN + admin: + host: iam-airship.DOMAIN + path: + default: /v3 + scheme: + default: "http" + internal: "http" + port: + api: + default: 80 + internal: 5000 + armada: + name: armada + hosts: + default: armada-api + public: armada + port: + api: + default: 8000 + path: + default: /api/v1.0 + scheme: + default: "http" + host_fqdn_override: + default: null + deckhand: + name: deckhand + hosts: + default: deckhand-int + public: deckhand-api + port: + api: + default: 9000 + path: + default: /api/v1.0 + scheme: + default: "http" + host_fqdn_override: + default: null + postgresql: + name: postgresql + hosts: + default: postgresql + path: /DB_NAME + scheme: postgresql+psycopg2 + port: + postgresql: + default: 5432 + host_fqdn_override: + default: null + postgresql_airflow_celery: + name: postgresql_airflow_celery_db + hosts: + default: postgresql + path: /DB_NAME + scheme: db+postgresql + port: + postgresql: + default: 5432 + host_fqdn_override: + default: null + oslo_db: + hosts: + default: mariadb + discovery: mariadb-discovery + host_fqdn_override: + default: null + path: /DB_NAME + scheme: mysql+pymysql + port: + mysql: + default: 3306 + wsrep: + default: 4567 + key_manager: + name: barbican + hosts: + default: barbican-api + public: barbican + host_fqdn_override: + default: null + path: + default: /v1 + scheme: + default: "http" + port: + api: + default: 9311 + public: 80 + airflow_oslo_messaging: + namespace: null + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: /airflow + scheme: amqp + port: + amqp: + default: 5672 + http: + default: 15672 + oslo_messaging: + namespace: null + statefulset: + name: airship-ucp-rabbitmq-rabbitmq + hosts: + default: rabbitmq + host_fqdn_override: + default: null + path: /keystone + scheme: rabbit + port: + amqp: + default: 5672 + oslo_cache: + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + physicalprovisioner: + name: drydock + hosts: + default: drydock-api + port: + api: + default: 9000 + nodeport: 31900 + public: 80 + path: + default: /api/v1.0 + scheme: + default: "http" + public: "http" + host_fqdn_override: + default: null + public: + host: drydock-airship.DOMAIN + maas_region: + name: maas-region + hosts: + default: maas-region + public: maas + path: + default: /MAAS + scheme: + default: "http" + port: + region_api: + default: 80 + nodeport: 31900 + podport: 80 + public: 80 + region_proxy: + default: 8000 + host_fqdn_override: + default: null + public: + host: maas-airship.DOMAIN + maas_ingress: + hosts: + default: maas-ingress + error_pages: maas-ingress-error + host_fqdn_override: + public: null + port: + http: + default: 80 + https: + default: 443 + ingress_default_server: + default: 8383 + error_pages: + default: 8080 + podport: 8080 + healthz: + podport: 10259 + status: + podport: 18089 + kubernetesprovisioner: + name: promenade + hosts: + default: promenade-api + port: + api: + default: 80 + path: + default: /api/v1.0 + scheme: + default: "http" + host_fqdn_override: + default: null + shipyard: + name: shipyard + hosts: + default: shipyard-int + public: shipyard-api + port: + api: + default: 9000 + public: 80 + path: + default: /api/v1.0 + scheme: + default: "http" + public: "http" + host_fqdn_override: + default: null + public: + host: shipyard-airship.DOMAIN + prometheus_openstack_exporter: + namespace: ucp + hosts: + default: openstack-metrics + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + exporter: + default: 9103 + ceph: + object_store: + name: swift + namespace: ceph + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + public: + host: object-store-airship.DOMAIN + path: + default: /swift/v1 + scheme: + default: "http" + public: "http" + port: + api: + default: 8088 + public: 80 + ceph_object_store: + name: radosgw + namespace: ceph + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + public: + host: object-store-airship.DOMAIN + path: + default: /auth/v1.0 + scheme: + default: "http" + public: "http" + port: + api: + default: 8088 + public: 80 + ceph_mon: + namespace: ceph + hosts: + default: ceph-mon + discovery: ceph-mon-discovery + host_fqdn_override: + default: null + port: + mon: + default: 6789 + ceph_mgr: + namespace: ceph + hosts: + default: ceph-mgr + host_fqdn_override: + default: null + port: + mgr: + default: 7000 + scheme: + default: "http" + tenant_ceph_mon: + namespace: tenant-ceph + hosts: + default: ceph-mon + discovery: ceph-mon-discovery + host_fqdn_override: + default: null + port: + mon: + default: 6790 + tenant_ceph_mgr: + namespace: tenant-ceph + hosts: + default: ceph-mgr + host_fqdn_override: + default: null + port: + mgr: + default: 7001 + metrics: + default: 9284 + scheme: + default: http +... +--- +schema: pegleg/EndpointCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_endpoints + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.ingress_domain + dest: + - path: .osh.object_store.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.ceph_object_store.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.image.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.cloudformation.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.orchestration.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.compute.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.compute_novnc_proxy.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.placement.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.network.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.identity.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.identity.host_fqdn_override.admin.host + pattern: DOMAIN + - path: .osh.dashboard.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.volume.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.volumev2.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh.volumev3.host_fqdn_override.public.host + pattern: DOMAIN +data: + osh: + object_store: + name: swift + namespace: openstack + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + public: + host: object-store-airship.DOMAIN + path: + default: /swift/v1/KEY_$(tenant_id)s + scheme: + default: "http" + public: "http" + port: + api: + default: 8088 + public: 80 + ceph_object_store: + name: radosgw + namespace: openstack + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + public: + host: object-store-airship.DOMAIN + path: + default: /auth/v1.0 + scheme: + default: "http" + public: "http" + port: + api: + default: 8088 + public: 80 + oslo_db: + hosts: + default: mariadb + discovery: mariadb-discovery + host_fqdn_override: + default: null + path: /DB_NAME + scheme: mysql+pymysql + port: + mysql: + default: 3306 + wsrep: + default: 4567 + prometheus_mysql_exporter: + namespace: openstack + hosts: + default: mysql-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: 'http' + port: + metrics: + default: 9104 + oslo_messaging: + statefulset: + name: airship-openstack-rabbitmq-rabbitmq + namespace: openstack + hosts: + default: openstack-rabbitmq + host_fqdn_override: + default: null + path: /VHOST_NAME + scheme: rabbit + port: + amqp: + default: 5672 + http: + default: 15672 + openstack_rabbitmq_exporter: + namespace: openstack + hosts: + default: openstack-rabbitmq-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9095 + oslo_cache: + namespace: openstack + hosts: + default: memcached + host_fqdn_override: + default: null + port: + memcache: + default: 11211 + identity: + namespace: openstack + name: keystone + hosts: + default: keystone + internal: keystone-api + host_fqdn_override: + default: null + public: + host: identity-airship.DOMAIN + admin: + host: identity-airship.DOMAIN + path: + default: /v3 + scheme: + default: "http" + internal: "http" + port: + api: + default: 80 + internal: 5000 + image: + name: glance + hosts: + default: glance-api + public: glance + host_fqdn_override: + default: null + public: + host: image-airship.DOMAIN + path: + default: null + scheme: + default: "http" + public: "http" + port: + api: + default: 9292 + public: 80 + image_registry: + name: glance-registry + hosts: + default: glance-registry + public: glance-reg + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 9191 + public: 80 + volume: + name: cinder + hosts: + default: cinder-api + public: cinder + host_fqdn_override: + default: null + public: + host: volume-airship.DOMAIN + path: + default: "/v1/%(tenant_id)s" + scheme: + default: "http" + public: "http" + port: + api: + default: 8776 + public: 80 + volumev2: + name: cinderv2 + hosts: + default: cinder-api + public: cinder + host_fqdn_override: + default: null + public: + host: volume-airship.DOMAIN + path: + default: "/v2/%(tenant_id)s" + scheme: + default: "http" + public: "http" + port: + api: + default: 8776 + public: 80 + volumev3: + name: cinderv3 + hosts: + default: cinder-api + public: cinder + host_fqdn_override: + default: null + public: + host: volume-airship.DOMAIN + path: + default: "/v3/%(tenant_id)s" + scheme: + default: "http" + public: "http" + port: + api: + default: 8776 + public: 80 + orchestration: + name: heat + hosts: + default: heat-api + public: heat + host_fqdn_override: + default: null + public: + host: orchestration-airship.DOMAIN + path: + default: "/v1/%(project_id)s" + scheme: + default: "http" + public: "http" + port: + api: + default: 8004 + public: 80 + cloudformation: + name: heat-cfn + hosts: + default: heat-cfn + public: cloudformation + host_fqdn_override: + default: null + public: + host: cloudformation-airship.DOMAIN + path: + default: /v1 + scheme: + default: "http" + public: "http" + port: + api: + default: 8000 + public: 80 + cloudwatch: + name: heat-cloudwatch + hosts: + default: heat-cloudwatch + public: cloudwatch + host_fqdn_override: + default: null + path: + default: null + type: null + scheme: + default: "http" + port: + api: + default: 8003 + public: 80 + network: + name: neutron + hosts: + default: neutron-server + public: neutron + host_fqdn_override: + default: null + public: + host: network-airship.DOMAIN + path: + default: null + scheme: + default: "http" + public: "http" + port: + api: + default: 9696 + public: 80 + compute: + name: nova + hosts: + default: nova-api + public: nova + host_fqdn_override: + default: null + public: + host: compute-airship.DOMAIN + path: + default: "/v2/%(tenant_id)s" + scheme: + default: "http" + public: "http" + port: + api: + default: 8774 + public: 80 + novncproxy: + default: 80 + compute_metadata: + name: nova + hosts: + default: nova-metadata + public: metadata + host_fqdn_override: + default: null + path: + default: / + scheme: + default: "http" + port: + metadata: + default: 8775 + public: 80 + compute_novnc_proxy: + name: nova + hosts: + default: nova-novncproxy + public: novncproxy + host_fqdn_override: + default: null + public: + host: nova-novncproxy-airship.DOMAIN + path: + default: /vnc_auto.html + scheme: + default: "http" + public: "http" + port: + novnc_proxy: + default: 6080 + public: 80 + compute_spice_proxy: + name: nova + hosts: + default: nova-spiceproxy + host_fqdn_override: + default: null + path: + default: /spice_auto.html + scheme: + default: "http" + port: + spice_proxy: + default: 6082 + placement: + name: placement + hosts: + default: placement-api + public: placement + host_fqdn_override: + default: null + public: + host: placement-airship.DOMAIN + path: + default: / + scheme: + default: "http" + public: "http" + port: + api: + default: 8778 + public: 80 + dashboard: + name: horizon + hosts: + default: horizon-int + public: horizon + host_fqdn_override: + default: null + public: + host: dashboard-airship.DOMAIN + path: + default: null + scheme: + default: "http" + public: "http" + port: + web: + default: 80 + public: 80 +... +--- +schema: pegleg/EndpointCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_endpoints + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .dns.ingress_domain + dest: + - path: .osh_infra.kibana.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh_infra.grafana.host_fqdn_override.public.host + pattern: DOMAIN + - path: .osh_infra.nagios.host_fqdn_override.public.host + pattern: DOMAIN + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .ldap.base_url + dest: + path: .osh_infra.ldap.host_fqdn_override.public.host + pattern: DOMAIN + - src: + schema: pegleg/CommonAddresses/v1 + name: common-addresses + path: .ldap.auth_path + dest: + path: .osh_infra.ldap.path.default + pattern: AUTH_PATH +data: + osh_infra: + ceph_object_store: + name: radosgw + namespace: osh-infra + hosts: + default: ceph-rgw + public: radosgw + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 8088 + public: 80 + elasticsearch: + name: elasticsearch + namespace: osh-infra + hosts: + data: elasticsearch-data + default: elasticsearch-logging + discovery: elasticsearch-discovery + public: elasticsearch + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + prometheus_elasticsearch_exporter: + namespace: null + hosts: + default: elasticsearch-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9108 + fluentd: + namespace: osh-infra + name: fluentd + hosts: + default: fluentd-logging + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + service: + default: 24224 + metrics: + default: 24220 + prometheus_fluentd_exporter: + namespace: osh-infra + hosts: + default: fluentd-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: "http" + port: + metrics: + default: 9309 + oslo_db: + namespace: osh-infra + hosts: + default: mariadb + host_fqdn_override: + default: null + path: /DB_NAME + scheme: mysql+pymysql + port: + mysql: + default: 3306 + prometheus_mysql_exporter: + namespace: osh-infra + hosts: + default: mysql-exporter + host_fqdn_override: + default: null + path: + default: /metrics + scheme: + default: 'http' + port: + metrics: + default: 9104 + grafana: + name: grafana + namespace: osh-infra + hosts: + default: grafana-dashboard + public: grafana + host_fqdn_override: + default: null + public: + host: grafana-airship.DOMAIN + path: + default: null + scheme: + default: "http" + public: "http" + port: + grafana: + default: 3000 + public: 80 + monitoring: + name: prometheus + namespace: osh-infra + hosts: + default: prom-metrics + public: prometheus + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 9090 + http: + default: 80 + kibana: + name: kibana + namespace: osh-infra + hosts: + default: kibana-dash + public: kibana + host_fqdn_override: + default: null + public: + host: kibana-airship.DOMAIN + path: + default: null + scheme: + default: "http" + public: "http" + port: + kibana: + default: 5601 + public: 80 + alerts: + name: alertmanager + namespace: osh-infra + hosts: + default: alerts-engine + public: alertmanager + discovery: alertmanager-discovery + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + api: + default: 9093 + public: 80 + mesh: + default: 6783 + kube_state_metrics: + namespace: kube-system + hosts: + default: kube-state-metrics + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + http: + default: 8080 + kube_scheduler: + scheme: + default: "http" + path: + default: /metrics + kube_controller_manager: + scheme: + default: "http" + path: + default: /metrics + node_metrics: + namespace: kube-system + hosts: + default: node-exporter + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + metrics: + default: 9100 + prometheus_port: + default: 9100 + process_exporter_metrics: + namespace: kube-system + hosts: + default: process-exporter + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + metrics: + default: 9256 + prometheus_openstack_exporter: + namespace: openstack + hosts: + default: openstack-metrics + host_fqdn_override: + default: null + path: + default: null + scheme: + default: "http" + port: + exporter: + default: 9103 + nagios: + name: nagios + namespace: osh-infra + hosts: + default: nagios-metrics + public: nagios + host_fqdn_override: + default: null + public: + host: nagios-airship.DOMAIN + path: + default: null + scheme: + default: "http" + public: "http" + port: + http: + default: 80 + public: 80 + ldap: + hosts: + default: ldap + host_fqdn_override: + default: null + public: + host: DOMAIN + path: + default: /AUTH_PATH + scheme: + default: "ldap" + port: + ldap: + default: 389 +... diff --git a/type/cntt/software/config/service_accounts.yaml b/type/cntt/software/config/service_accounts.yaml new file mode 100644 index 0000000..751f1b1 --- /dev/null +++ b/type/cntt/software/config/service_accounts.yaml @@ -0,0 +1,435 @@ +--- +# The purpose of this file is to define the account catalog for the site. This +# mostly contains service usernames, but also contain some information which +# should be changed like the region (site) name. +schema: pegleg/AccountCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: ucp_service_accounts + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + ucp: + postgres: + admin: + username: postgres + replica: + username: standby + exporter: + username: psql_exporter + oslo_db: + admin: + username: root + oslo_messaging: + admin: + username: rabbitmq + keystone: + admin: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + username: admin + project_name: admin + user_domain_name: default + project_domain_name: default + oslo_messaging: + admin: + username: rabbitmq + keystone: + username: keystone + oslo_db: + username: keystone + database: keystone + promenade: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: promenade + drydock: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: drydock + postgres: + username: drydock + database: drydock + shipyard: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: shipyard + postgres: + username: shipyard + database: shipyard + airflow: + postgres: + username: airflow + database: airflow + oslo_messaging: + admin: + username: rabbitmq + user: + username: airflow + maas: + admin: + username: admin + email: none@none + postgres: + username: maas + database: maasdb + barbican: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: barbican + oslo_db: + username: barbican + database: barbican + oslo_messaging: + admin: + username: rabbitmq + keystone: + username: keystone + armada: + keystone: + project_domain_name: default + user_domain_name: default + project_name: service + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + username: armada + deckhand: + keystone: + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + role: admin + project_name: service + project_domain_name: default + user_domain_name: default + username: deckhand + postgres: + username: deckhand + database: deckhand + prometheus_openstack_exporter: + user: + region_name: RegionOne + role: admin + username: prometheus-openstack-exporter + project_name: service + user_domain_name: default + project_domain_name: default + ceph: + swift: + keystone: + role: admin + # NEWSITE-CHANGEME: Replace with the site name + region_name: RegionOne + username: swift + project_name: service + user_domain_name: default + project_domain_name: default +... +--- +schema: pegleg/AccountCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_service_accounts + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.keystone.admin.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.cinder.cinder.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.glance.glance.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.heat.heat.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.heat.heat_trustee.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.heat.heat_stack_user.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.swift.keystone.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.neutron.neutron.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.nova.nova.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.nova.placement.region_name + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh.barbican.barbican.region_name +data: + osh: + keystone: + admin: + username: admin + project_name: admin + user_domain_name: default + project_domain_name: default + oslo_db: + username: keystone + database: keystone + oslo_messaging: + keystone: + username: keystone-rabbitmq-user + ldap: + # NEWSITE-CHANGEME: Replace with the site's LDAP account used to + # authenticate to the active directory backend to validate keystone + # users. + username: "test@ldap.example.com" + cinder: + cinder: + role: admin + username: cinder + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: cinder + database: cinder + oslo_messaging: + cinder: + username: cinder-rabbitmq-user + glance: + glance: + role: admin + username: glance + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: glance + database: glance + oslo_messaging: + glance: + username: glance-rabbitmq-user + ceph_object_store: + username: glance + heat: + heat: + role: admin + username: heat + project_name: service + user_domain_name: default + project_domain_name: default + heat_trustee: + role: admin + username: heat-trust + project_name: service + user_domain_name: default + project_domain_name: default + heat_stack_user: + role: admin + username: heat-domain + domain_name: heat + oslo_db: + username: heat + database: heat + oslo_messaging: + heat: + username: heat-rabbitmq-user + swift: + keystone: + role: admin + username: swift + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + admin: + username: root + prometheus_mysql_exporter: + user: + username: osh-oslodb-exporter + neutron: + neutron: + role: admin + username: neutron + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: neutron + database: neutron + oslo_messaging: + neutron: + username: neutron-rabbitmq-user + nova: + nova: + role: admin + username: nova + project_name: service + user_domain_name: default + project_domain_name: default + placement: + role: admin + username: placement + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: nova + database: nova + oslo_db_api: + username: nova + database: nova_api + oslo_db_cell0: + username: nova + database: "nova_cell0" + oslo_messaging: + nova: + username: nova-rabbitmq-user + horizon: + oslo_db: + username: horizon + database: horizon + barbican: + barbican: + role: admin + username: barbican + project_name: service + user_domain_name: default + project_domain_name: default + oslo_db: + username: barbican + database: barbican + oslo_messaging: + barbican: + username: barbican-rabbitmq-user + oslo_messaging: + admin: + username: admin + tempest: + tempest: + role: admin + username: tempest + project_name: service + user_domain_name: default + project_domain_name: default +... +--- +schema: pegleg/AccountCatalogue/v1 +metadata: + schema: metadata/Document/v1 + name: osh_infra_service_accounts + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext + substitutions: + - src: + schema: pegleg/CommonSoftwareConfig/v1 + name: common-software-config + path: .osh.region_name + dest: + path: .osh_infra.prometheus_openstack_exporter.user.region_name +data: + osh_infra: + ceph_object_store: + admin: + username: s3_admin + elasticsearch: + username: elasticsearch + grafana: + admin: + username: grafana + oslo_db: + username: grafana + database: grafana + oslo_db_session: + username: grafana_session + database: grafana_session + elasticsearch: + admin: + username: elasticsearch + oslo_db: + admin: + username: root + prometheus_mysql_exporter: + user: + username: osh-infra-oslodb-exporter + prometheus_openstack_exporter: + user: + role: admin + username: prometheus-openstack-exporter + project_name: service + user_domain_name: default + project_domain_name: default + nagios: + admin: + username: nagios + prometheus: + admin: + username: prometheus + ldap: + admin: + # NEWSITE-CHANGEME: Replace with the site's LDAP account used to + # authenticate to the active directory backend to validate keystone + # users. + bind: "test@ldap.example.com" +... diff --git a/type/cntt/software/manifests/bootstrap.yaml b/type/cntt/software/manifests/bootstrap.yaml new file mode 100644 index 0000000..e015410 --- /dev/null +++ b/type/cntt/software/manifests/bootstrap.yaml @@ -0,0 +1,39 @@ +--- +schema: armada/Manifest/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: cluster-bootstrap + labels: + name: cluster-bootstrap-type + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: cluster-bootstrap-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + release_prefix: airship + chart_groups: + - podsecuritypolicy + - kubernetes-proxy + - kubernetes-container-networking + - kubernetes-dns + - kubernetes-etcd + - kubernetes-haproxy + - kubernetes-core + - ingress-kube-system + - ucp-ceph + - ucp-ceph-config + - ucp-core + - ucp-keystone + - ucp-divingbell + - ucp-armada + - ucp-deckhand + - ucp-drydock + - ucp-promenade + - ucp-shipyard +... diff --git a/type/cntt/software/manifests/full-site.yaml b/type/cntt/software/manifests/full-site.yaml new file mode 100644 index 0000000..2cb0c84 --- /dev/null +++ b/type/cntt/software/manifests/full-site.yaml @@ -0,0 +1,61 @@ +--- +schema: armada/Manifest/v1 +metadata: + schema: metadata/Document/v1 + replacement: true + name: full-site + labels: + name: full-site-type + layeringDefinition: + abstract: false + layer: type + parentSelector: + name: full-site-global + actions: + - method: merge + path: . + storagePolicy: cleartext +data: + release_prefix: airship + chart_groups: + - podsecuritypolicy + - kubernetes-proxy + - kubernetes-container-networking + - kubernetes-dns + - kubernetes-etcd + - kubernetes-haproxy + - kubernetes-core + - ingress-kube-system + - ucp-ceph-update + - ucp-ceph-config + - ucp-core + - ucp-keystone + - ucp-divingbell + - ucp-armada + - ucp-deckhand + - ucp-drydock-scaled + - ucp-promenade + - ucp-shipyard + - ucp-prometheus-openstack-exporter + - osh-infra-ingress-controller + - osh-infra-ceph-config + - osh-infra-radosgw + - osh-infra-logging + - osh-infra-monitoring + - osh-infra-mariadb + - osh-infra-dashboards + - openstack-ingress-controller + - openstack-ceph-config + - openstack-tenant-ceph + - openstack-mariadb + - openstack-rabbitmq + - openstack-memcached + - openstack-keystone + - openstack-radosgw + - openstack-glance + - openstack-cinder + - openstack-compute-kit + - openstack-heat + - osh-infra-prometheus-openstack-exporter + - openstack-horizon +... -- cgit 1.2.3-korg