diff options
| -rw-r--r-- | config/installers/daisy/pod_config.yaml.j2 | 91 | ||||
| -rw-r--r-- | config/installers/fuel/pod_config.yml.j2 | 6 | ||||
| -rw-r--r-- | config/pdf/pod1.encrypted.yaml | 275 | ||||
| -rw-r--r-- | config/utils/README.eyaml.rst | 67 | ||||
| -rwxr-xr-x | config/utils/check-jinja2.sh | 67 | ||||
| -rw-r--r-- | config/utils/config.example.yaml | 11 | ||||
| -rwxr-xr-x | config/utils/generate_config.py | 27 | ||||
| -rw-r--r-- | labs/lf/pod2.yaml | 244 |
8 files changed, 741 insertions, 47 deletions
diff --git a/config/installers/daisy/pod_config.yaml.j2 b/config/installers/daisy/pod_config.yaml.j2 index 9a4ac7b5..776d2ecf 100644 --- a/config/installers/daisy/pod_config.yaml.j2 +++ b/config/installers/daisy/pod_config.yaml.j2 @@ -1,45 +1,56 @@ +############################################################################## +# Copyright (c) 2017 ZTE Corporation and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +--- + adapter: {{ conf['jumphost']['remote_params']['type'] }} hosts: -- name: 'controller01' - roles: - - 'CONTROLLER_LB' - ipmi_ip: {{ conf['nodes'][0]['remote_management']['address'] }} - ipmi_user: {{ conf['nodes'][0]['remote_management']['user'] }} - ipmi_pass: {{ conf['nodes'][0]['remote_management']['pass'] }} - mac_addresses:{% for nic in conf['nodes'][0]['interfaces'] %} - - {{ nic['mac_address'] }}{% endfor %} -- name: 'controller02' - roles: - - 'CONTROLLER_LB' - ipmi_ip: {{ conf['nodes'][1]['remote_management']['address'] }} - ipmi_user: {{ conf['nodes'][1]['remote_management']['user'] }} - ipmi_pass: {{ conf['nodes'][1]['remote_management']['pass'] }} - mac_addresses:{% for nic in conf['nodes'][1]['interfaces'] %} - - {{ nic['mac_address'] }}{% endfor %} -- name: 'controller03' - roles: - - 'CONTROLLER_LB' - ipmi_ip: {{ conf['nodes'][2]['remote_management']['address'] }} - ipmi_user: {{ conf['nodes'][2]['remote_management']['user'] }} - ipmi_pass: {{ conf['nodes'][2]['remote_management']['pass'] }} - mac_addresses:{% for nic in conf['nodes'][2]['interfaces'] %} - - {{ nic['mac_address'] }}{% endfor %} -- name: 'computer01' - roles: - - 'COMPUTER' - ipmi_ip: {{ conf['nodes'][3]['remote_management']['address'] }} - ipmi_user: {{ conf['nodes'][3]['remote_management']['user'] }} - ipmi_pass: {{ conf['nodes'][3]['remote_management']['pass'] }} - mac_addresses:{% for nic in conf['nodes'][3]['interfaces'] %} - - {{ nic['mac_address'] }}{% endfor %} -- name: 'computer02' - roles: - - 'COMPUTER' - ipmi_ip: {{ conf['nodes'][4]['remote_management']['address'] }} - ipmi_user: {{ conf['nodes'][4]['remote_management']['user'] }} - ipmi_pass: {{ conf['nodes'][4]['remote_management']['pass'] }} - mac_addresses:{% for nic in conf['nodes'][4]['interfaces'] %} - - {{ nic['mac_address'] }}{% endfor %} + - name: 'controller01' + roles: + - 'CONTROLLER_LB' + ipmi_ip: {{ conf['nodes'][0]['remote_management']['address'] }} + ipmi_user: {{ conf['nodes'][0]['remote_management']['user'] }} + ipmi_pass: {{ conf['nodes'][0]['remote_management']['pass'] }} + mac_addresses:{% for nic in conf['nodes'][0]['interfaces'] %} + - {{ nic['mac_address'] }}{% endfor %} + - name: 'controller02' + roles: + - 'CONTROLLER_LB' + ipmi_ip: {{ conf['nodes'][1]['remote_management']['address'] }} + ipmi_user: {{ conf['nodes'][1]['remote_management']['user'] }} + ipmi_pass: {{ conf['nodes'][1]['remote_management']['pass'] }} + mac_addresses:{% for nic in conf['nodes'][1]['interfaces'] %} + - {{ nic['mac_address'] }}{% endfor %} + - name: 'controller03' + roles: + - 'CONTROLLER_LB' + ipmi_ip: {{ conf['nodes'][2]['remote_management']['address'] }} + ipmi_user: {{ conf['nodes'][2]['remote_management']['user'] }} + ipmi_pass: {{ conf['nodes'][2]['remote_management']['pass'] }} + mac_addresses:{% for nic in conf['nodes'][2]['interfaces'] %} + - {{ nic['mac_address'] }}{% endfor %} + - name: 'computer01' + roles: + - 'COMPUTER' + ipmi_ip: {{ conf['nodes'][3]['remote_management']['address'] }} + ipmi_user: {{ conf['nodes'][3]['remote_management']['user'] }} + ipmi_pass: {{ conf['nodes'][3]['remote_management']['pass'] }} + mac_addresses:{% for nic in conf['nodes'][3]['interfaces'] %} + - {{ nic['mac_address'] }}{% endfor %} + - name: 'computer02' + roles: + - 'COMPUTER' + ipmi_ip: {{ conf['nodes'][4]['remote_management']['address'] }} + ipmi_user: {{ conf['nodes'][4]['remote_management']['user'] }} + ipmi_pass: {{ conf['nodes'][4]['remote_management']['pass'] }} + mac_addresses:{% for nic in conf['nodes'][4]['interfaces'] %} + - {{ nic['mac_address'] }}{% endfor %} disks: daisy: 50 daisy_passwd: 'r00tme' diff --git a/config/installers/fuel/pod_config.yml.j2 b/config/installers/fuel/pod_config.yml.j2 index 56fd0e3e..59659aa3 100644 --- a/config/installers/fuel/pod_config.yml.j2 +++ b/config/installers/fuel/pod_config.yml.j2 @@ -43,9 +43,9 @@ parameters: opnfv_openstack_gateway_node01_tenant_address: {{ net_private | ipaddr_index('6') }} opnfv_openstack_gateway_node02_tenant_address: {{ net_private | ipaddr_index('7') }} opnfv_openstack_gateway_node03_tenant_address: {{ net_private | ipaddr_index('9') }} - opnfv_openstack_proxy_address: {{ net_mgmt | ipaddr_index('80') }} - opnfv_openstack_proxy_node01_address: {{ net_mgmt | ipaddr_index('81') }} - opnfv_openstack_proxy_node02_address: {{ net_mgmt | ipaddr_index('82') }} + opnfv_openstack_proxy_address: {{ net_public | ipaddr_index('103') }} + opnfv_openstack_proxy_node01_address: {{ net_public | ipaddr_index('104') }} + opnfv_openstack_proxy_node02_address: {{ net_public | ipaddr_index('105') }} opnfv_openstack_control_address: {{ net_mgmt | ipaddr_index('10') }} opnfv_openstack_control_node01_address: {{ net_mgmt | ipaddr_index('11') }} opnfv_openstack_control_node02_address: {{ net_mgmt | ipaddr_index('12') }} diff --git a/config/pdf/pod1.encrypted.yaml b/config/pdf/pod1.encrypted.yaml new file mode 100644 index 00000000..31548ea2 --- /dev/null +++ b/config/pdf/pod1.encrypted.yaml @@ -0,0 +1,275 @@ +--- +### POD descriptor file ### + +details: + pod_owner: Lab Owner + contact: email@address.com + lab: Linux Foundation + location: Portland, Oregon, USA + type: {production|development} + link: http://wiki.opnfv.org/ + +jumphost: + name: pod1-jump + node: + # type can be virtual or baremetal + type: {baremetal|virtual} + vendor: supermicro + model: S2600JF + arch: {x86_64|aarch64} + cpus: 2 + # add values based on CFLAGS in GCC + cpu_cflags: {broadwell|hasewell|etc} + # physical cores, not including hyper-threads + cores: 10 + memory: 32G + # disk list + disks: + # first disk + - name: {disk#number} + # volume + disk_capacity: {M|MB|G|GB|T|TB} + # several disk types possible + disk_type: {hdd|ssd|cdrom|tape} + # several interface types possible + disk_interface: {sata|sas|ssd|nvme} + # define rotation speed of disk + disk_rotation: {5400|7200|10000|15000} + # second disk + - name: 'disk2' + disk_capacity: 2048G + disk_type: hdd + disk_interface: sas + disk_rotation: 15000 + # operation system installed + os: ubuntu-14.04 + remote_params: &remote_params + # hardware management tool + type: {ipmi|amt} + versions: + - 1.0 + - 2.0 + # sensitive data could be encrypted, see ../utils/README.eyaml.rst + user: > + ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw + DQYJKoZIhvcNAQEBBQAEggEAKn4rdxFJum3vgvpjT4c64gkXzbMog4LyrBb0 + pHeASLqwiuJqCdELWl4e7d4SMp3QBzHqd6aGHJqywDt09L7axFaW9PmdUEVx + KxIZ8NUdDjl7HtuG8D9irU2n5VMHXVyDosMEZe9pRYhQTkuAggR7EDoDjdDj + 0myGFy/UVH3/fxpdySWhyg9kqAYb1ReMgYBudVfm2gw4bjtjJviwASXi8hj6 + 8isdJPf25U6wrvbqQi5J5WVD4Q3PaGy8GACTZ8n+LFyPSwBl3QJ5jfMmzHmq + Po0cqa4MoKi3xQ8Y8z6DxhUrV0yoYWoHvIcpQBu3YCZVzpOqVPZwsapBl963 + 0d0kWzA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAoo59BSqp1DBCu05h+ + /1BZgBDdOvlZ5JlDtpkh73ujYZXR] + pass: > + ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw + DQYJKoZIhvcNAQEBBQAEggEA4pnLYg4U/39mKdytYH1CJYJuJ/qjNrS+KoON + oPU6G9lMJ5U5J7NUuGyBD7O1NTt8VBE+LaBEqmXK5/SQ6mAdns9qs5QLOVSm + r3WKroZdqH3hmW26LuPsXNUfTaCVNOqWPAf6U6Q1fHr1vi09n3mIV/Ph03Kv + /aNeeRsJbBPAtHgCL6aRs+4WoxxYS0eUAVCo4yPDiSN5UFmSg6O304NM2qzi + av2b/gmNFN8AxE5CVi+C/fVGBhdpwmmdC0KmtkY38pYa/hf8Pks4jsFtKNDw + 3KW+pP+BTsgKs/o/WrwCFm4LIJj/E6Pf9qZ/mZ8bAxKlVf+gQj2bgxzT3aa1 + hHhD0TA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAx3f5XDjWzYJA4Jn5H + KJOBgBDq/YBNdEeyT+dCuH59ZE6L] + remote_management: + <<: *remote_params + address: 10.4.7.3/24 + mac_address: "10:23:45:67:89:AC" + # physical interface list + interfaces: + # first interface + - nic: {nic#number} + # ip address of nic + address: 192.168.100.1 + mac_address: "10:23:45:67:89:AC" + # vlan tag, may have multiple tags + vlan: {native|1-4095} + # second interface + - nic: 'nic2' + address: 10.20.0.1/24 + mac_address: "10:23:45:67:89:5B" +nodes: + - name: pod1-node1 + # for nodes in the same pod may have the same configuration + node: &nodeparas + type: baremetal + vendor: supermicro + model: S2600JF + arch: x86_64 + cpus: 2 + cpu_cflags: hasewell + cores: 12 + memory: 128G + # for nodes in the same pod may have the same configuration + disks: &disks + - name: 'disk1' + disk_capacity: 4906G + disk_type: hdd + disk_interface: sata + disk_rotation: 7200 + - name: 'disk2' + disk_capacity: 2048G + disk_type: hdd + disk_interface: sas + disk_rotation: 15000 + - name: 'disk3' + disk_capacity: 600G + disk_type: ssd + disk_interface: ssd + disk_rotation: 15000 + remote_management: + <<: *remote_params + address: 10.4.7.7/24 + mac_address: "10:20:22:67:89:A2" + interfaces: + - name: 'nic1' + speed: {1gb|10gb|25gb|40gb} + features: {dpdk|sriov} + address: 10.2.4.7/24 + mac_address: "10:23:22:67:89:AC" + vlan: 201 + - name: 'nic2' + speed: 1gb + features: '' + # sensitive data could be encrypted, see ../utils/README.eyaml.rst + address: > + ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw + DQYJKoZIhvcNAQEBBQAEggEAlOui3RhZJZsowEAzRgnLlbneCi7mtqAAXKGY + tP9kjfew7nXDWtDRlJrPk+cLmAzHotKYbMoDTr4LxwKatxG7rYTcalOhJvje + r3lkvMxHzgJtzoNP0fsl+ZaqfsHR87j8i/bJ3I7Rd+jxIVHRRQ0FDblhAltB + BGEwr7j8bgS1ekHTFzGPsR/wEJxB9ui5rS6nHxpLQrbcu/0AnLra71k1askw + r0xV3glINp9NdCO47uPTVLIR9aNPbtI6tSzapIwrhd1EWIY0CC1x+KFEVHG/ + J9+lcu4EMzH29PKFIFci3qrR+mHGO7XsQfIcH49YJi8FxM6LT8NHfWka2i/W + PjGIQjA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCbj3JraYjos/V6WeKv + YAOzgBAnn2fbh9w/TBSSwXZQux2d] + mac_address: "10:23:22:67:89:5B" + vlan: 202 + - name: 'nic3' + speed: 10gb + features: 'dpdk|sriov' + mac_address: "00:1b:21:22:f1:b4" + vlan: 203 + - name: 'nic4' + speed: 10gb + features: 'dpdk|sriov' + mac_address: "00:1b:21:22:f1:b5" + vlan: 204 + - name: pod1-node2 + node: *nodeparas + # disks are same as pod1-node1 + disks: *disks + remote_management: + <<: *remote_params + address: 10.4.7.8/24 + mac_address: "10:20:22:67:88:A3" + interfaces: + - name: 'nic1' + speed: 1gb + features: '' + address: 10.2.4.8/24 + mac_address: "10:23:22:67:88:AC" + vlan: 201 + - name: 'nic2' + speed: 1gb + features: '' + address: 10.2.4.8/24 + mac_address: "10:23:22:67:88:5B" + vlan: 202 + - name: 'nic3' + speed: 10gb + features: 'dpdk|sriov' + mac_address: "00:1b:21:22:f8:b4" + vlan: 203 + - name: 'nic4' + speed: 10gb + features: 'dpdk|sriov' + mac_address: "00:1b:21:22:f8:b5" + - name: pod1-node3 + node: *nodeparas + # disks are same as pod1-node1 + disks: *disks + remote_management: + <<: *remote_params + address: 10.4.7.9/24 + mac_address: "10:30:22:67:88:A3" + interfaces: + - name: 'nic1' + speed: 1gb + features: '' + address: 10.2.4.9/24 + mac_address: "10:33:22:67:88:AC" + vlan: 201 + - name: 'nic2' + speed: 1gb + features: '' + address: 10.2.4.9/24 + mac_address: "10:33:22:67:88:5B" + vlan: 202 + - name: 'nic3' + speed: 10gb + features: 'dpdk|sriov' + mac_address: "00:3b:21:22:f8:b4" + vlan: 203 + - name: 'nic4' + speed: 10gb + features: 'dpdk|sriov' + mac_address: "00:3b:21:22:f8:b5" + - name: pod1-node4 + node: *nodeparas + # disks are same as pod1-node1 + disks: *disks + remote_management: + <<: *remote_params + address: 10.4.7.10/24 + mac_address: "10:40:22:67:88:A3" + interfaces: + - name: 'nic1' + speed: 1gb + features: '' + address: 10.2.4.10/24 + mac_address: "10:43:22:67:88:AC" + vlan: 201 + - name: 'nic2' + speed: 1gb + features: '' + address: 10.2.4.10/24 + mac_address: "10:43:22:67:88:5B" + vlan: 202 + - name: 'nic3' + speed: 10gb + features: 'dpdk|sriov' + mac_address: "00:4b:21:22:f8:b4" + vlan: 203 + - name: 'nic4' + speed: 10gb + features: 'dpdk|sriov' + mac_address: "00:4b:21:22:f8:b5" + - name: pod1-node5 + node: *nodeparas + # disks are same as pod1-node1 + disks: *disks + remote_management: + <<: *remote_params + address: 10.4.7.11/24 + mac_address: "10:50:22:67:88:A3" + interfaces: + - name: 'nic1' + speed: 1gb + features: '' + address: 10.2.4.11/24 + mac_address: "10:53:22:67:88:AC" + vlan: 201 + - name: 'nic2' + speed: 1gb + features: '' + address: 10.2.4.11/24 + mac_address: "10:53:22:67:88:5B" + vlan: 202 + - name: 'nic3' + speed: 10gb + features: 'dpdk|sriov' + mac_address: "00:5b:21:22:f8:b4" + vlan: 203 + - name: 'nic4' + speed: 10gb + features: 'dpdk|sriov' + mac_address: "00:5b:21:22:f8:b5" diff --git a/config/utils/README.eyaml.rst b/config/utils/README.eyaml.rst new file mode 100644 index 00000000..083d5192 --- /dev/null +++ b/config/utils/README.eyaml.rst @@ -0,0 +1,67 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. SPDX-License-Identifier: CC-BY-4.0 +.. (c) 2017 OPNFV and others. + +Use eyaml to decrypt secret values +================================== + +Prerequisites +------------- + +#. Install eyaml and create keys (All of this should be done on the slave server) + + .. code-block:: bash + + $ sudo yum install ruby-gems || sudo apt-get install ruby + $ sudo gem install hiera-eyaml + $ eyaml createkeys + +#. Move keys to /etc/eyaml_keys + + .. code-block:: bash + + $ sudo mkdir -p /etc/eyaml_keys/ + $ sudo mv ./keys/* /etc/eyaml_keys/ + +#. Set up eyaml config.yaml + + .. code-block:: bash + + $ mkdir ~/.eyaml/ + $ cp config.yaml.example ~/.eyaml/config.yaml + +Encryption +---------- + +#. Copy a PDF (yaml) to current directory (or edit the PDF in-place) + +NOTE: There is a sample encrypted PDF located at `../pdf/pod1.encrypted.yaml`. +Data in that file is only an example and can't be decrypted without the PEM, +which is not provided. + + .. code-block:: bash + + $ cp ~/foo/securedlab/labs/lf/pod2.yaml . + +#. Create some encrypted values + + .. code-block:: bash + + $ eyaml encrypt -s 'opnfv' + +#. Replace values to be encrypted + + .. code-block:: yaml + + type: ipmi + versions: + - 2.0 + user: ENC[PKCS7 ...] + pass: ENC[PKCS7 ...] + +Decryption +---------- + + .. code-block:: bash + + $ ./generate_config.py -y pod2.yaml -j ../installers/apex/pod_config.yaml.j2 diff --git a/config/utils/check-jinja2.sh b/config/utils/check-jinja2.sh new file mode 100755 index 00000000..a19d2090 --- /dev/null +++ b/config/utils/check-jinja2.sh @@ -0,0 +1,67 @@ +#!/bin/bash +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2016 Linux Foundation and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +set +x +set +o errexit +export PATH=$PATH:/usr/local/bin/ + +GEN_CFG='./config/utils/generate_config.py' +INSTALLER_ADAPTERS='./config/installers/*' +TMPF='/tmp/out.yml' # should be outside Jenkins WS to prevent data leakage +RC=0 + +# Build a table header, using ';' as column sep +SUMMARY='PDF Verify Matrix;YAML Lint;' +for adapter in ${INSTALLER_ADAPTERS}; do + SUMMARY+="$(basename "${adapter}");" +done + +# Iterate all PDFs, check with each installer adapter, log results +while IFS= read -r lab_config; do + valid_yaml='OK' + echo -e "\n\nyamllint -s ${lab_config}" + if ! yamllint -s "${lab_config}"; then valid_yaml='FAIL'; fi + SUMMARY+="\n${lab_config#labs/};${valid_yaml};" + for adapter in ${INSTALLER_ADAPTERS}; do + pdf_inst=0 + pdf_inst_pass=0 + pdf_yaml_pass=0 + while IFS= read -r jinja_template; do + echo -e "\n${GEN_CFG} -y ${lab_config} -j ${jinja_template}" + if "${GEN_CFG}" -y "${lab_config}" \ + -j "${jinja_template}" > "${TMPF}"; then + echo 'Result: PASS' + ((pdf_inst_pass+=1)) + echo -e "\nyamllint -s ${jinja_template%.j2}" + if yamllint -s "${TMPF}"; then ((pdf_yaml_pass+=1)); fi + else + echo 'Result: FAIL' + RC=1 + fi + ((pdf_inst+=1)) + done < <(find "${adapter}" -name '*.j2') + SUMMARY+="${pdf_yaml_pass}/${pdf_inst_pass}/${pdf_inst};" + done +done < <(find 'config' 'labs' -name 'pod*.yaml') + +rm -f "${TMPF}" +echo -e '\n\nNOTE: tuple fmt: (valid YAML output/sucessful parse/templates).\n' +echo -e "${SUMMARY}" | sed -e 's/^/;/g' -e 's/;/;| /g' | column -t -s ';' + +cat <<EOF + +To troubleshoot PDF parsing against a specific installer adapter, +execute the following commands locally (e.g. for zte-pod2/joid): +$ ./config/utils/generate_config.py \\ + -y labs/zte/pod2.yaml \\ + -j ./pharos/config/installers/joid/pod_config.yaml.j2 + +EOF +exit "${RC}" diff --git a/config/utils/config.example.yaml b/config/utils/config.example.yaml new file mode 100644 index 00000000..084d11d2 --- /dev/null +++ b/config/utils/config.example.yaml @@ -0,0 +1,11 @@ +############################################################################## +# Copyright (c) 2017 OPNFV and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +pkcs7_private_key: /etc/eyaml_keys/private_key.pkcs7.pem +pkcs7_public_key: /etc/eyaml_keys/public_key.pkcs7.pem diff --git a/config/utils/generate_config.py b/config/utils/generate_config.py index 18af98db..ba4192cb 100755 --- a/config/utils/generate_config.py +++ b/config/utils/generate_config.py @@ -1,10 +1,20 @@ #!/usr/bin/python +############################################################################## +# Copyright (c) 2017 OPNFV and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## """This module does blah blah.""" import argparse import ipaddress +import logging import os import yaml from jinja2 import Environment, FileSystemLoader +from subprocess import CalledProcessError, check_output PARSER = argparse.ArgumentParser() PARSER.add_argument("--yaml", "-y", type=str, required=True) @@ -38,12 +48,20 @@ def dpkg_arch(arch, to_dpkg=True): else: return ARCH_DPKG_TABLE[arch] -ENV = Environment(loader=FileSystemLoader('./')) +ENV = Environment(loader=FileSystemLoader(os.path.dirname(ARGS.jinja2))) ENV.filters['ipaddr_index'] = ipaddr_index ENV.filters['dpkg_arch'] = dpkg_arch -with open(ARGS.yaml) as _: - DICT = yaml.safe_load(_) +# Run `eyaml decrypt` on the whole file, in case any PDF data is encrypted +# Note: eyaml return code is 0 even if keys are not available +try: + DICT = yaml.safe_load(check_output(['eyaml', 'decrypt', '-f', ARGS.yaml])) +except CalledProcessError as ex: + pass +if not DICT: + logging.warn('PDF decryption failed, fallback to using raw data.') + with open(ARGS.yaml) as _: + DICT = yaml.safe_load(_) # If an installer descriptor file (IDF) exists, include it (temporary) IDF_PATH = '/idf-'.join(os.path.split(ARGS.yaml)) @@ -56,6 +74,7 @@ if os.path.exists(IDF_PATH): # print(DICT) # Render template and print generated conf to console -TEMPLATE = ENV.get_template(ARGS.jinja2) +TEMPLATE = ENV.get_template(os.path.basename(ARGS.jinja2)) + #pylint: disable=superfluous-parens print(TEMPLATE.render(conf=DICT)) diff --git a/labs/lf/pod2.yaml b/labs/lf/pod2.yaml new file mode 100644 index 00000000..e9ede116 --- /dev/null +++ b/labs/lf/pod2.yaml @@ -0,0 +1,244 @@ +--- +### LF POD 2 descriptor file ### + +details: + pod_owner: Trevor Bramwell + contact: tbramwell@linuxfoundation.org + lab: LF Pharos Lab + location: Portland + type: production + link: https://wiki.opnfv.org/display/pharos/LF+POD+2 +############################################################################## +net_config: + # NOTE: Network names are likely to change after the PDF spec is updated + oob: + interface: 0 + ip-range: 172.30.8.65-172.30.8.75 + vlan: 410 + admin: + interface: 0 + vlan: native + network: 192.168.11.0 # Untagged, 'PXE/Admin' on wiki, different IP + mask: 24 + mgmt: + interface: 0 + vlan: 300 + network: 10.167.4.0 # Tagged, 'vlan 300' on wiki + mask: 24 + storage: + interface: 3 + vlan: 301 + network: 10.2.0.0 # Tagged, not the same with 'storage' on wiki + mask: 24 + private: + interface: 1 + vlan: 1000 + network: 10.1.0.0 # Tagged, not the same with 'private' on wiki + mask: 24 + public: + interface: 2 + vlan: native + network: 172.30.10.0 # Untagged, 'public' on wiki + mask: 24 + gateway: 172.30.10.1 + dns: + - 8.8.8.8 + - 8.8.4.4 +############################################################################## +jumphost: + name: pod2-jump + node: + type: baremetal + vendor: Cisco Systems Inc + model: UCSB-B200-M4 + arch: x86_64 + cpus: 2 + cpu_cflags: haswell + cores: 8 + memory: 128G + disks: &disks + - name: 'disk1' + disk_capacity: 2400G + disk_type: hdd + disk_interface: sas + disk_rotation: + os: centos-7 + remote_params: &remote_params + type: ipmi + versions: + - 2.0 + user: > + ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw + DQYJKoZIhvcNAQEBBQAEggEAKn4rdxFJum3vgvpjT4c64gkXzbMog4LyrBb0 + pHeASLqwiuJqCdELWl4e7d4SMp3QBzHqd6aGHJqywDt09L7axFaW9PmdUEVx + KxIZ8NUdDjl7HtuG8D9irU2n5VMHXVyDosMEZe9pRYhQTkuAggR7EDoDjdDj + 0myGFy/UVH3/fxpdySWhyg9kqAYb1ReMgYBudVfm2gw4bjtjJviwASXi8hj6 + 8isdJPf25U6wrvbqQi5J5WVD4Q3PaGy8GACTZ8n+LFyPSwBl3QJ5jfMmzHmq + Po0cqa4MoKi3xQ8Y8z6DxhUrV0yoYWoHvIcpQBu3YCZVzpOqVPZwsapBl963 + 0d0kWzA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAoo59BSqp1DBCu05h+ + /1BZgBDdOvlZ5JlDtpkh73ujYZXR] + pass: > + ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw + DQYJKoZIhvcNAQEBBQAEggEA4pnLYg4U/39mKdytYH1CJYJuJ/qjNrS+KoON + oPU6G9lMJ5U5J7NUuGyBD7O1NTt8VBE+LaBEqmXK5/SQ6mAdns9qs5QLOVSm + r3WKroZdqH3hmW26LuPsXNUfTaCVNOqWPAf6U6Q1fHr1vi09n3mIV/Ph03Kv + /aNeeRsJbBPAtHgCL6aRs+4WoxxYS0eUAVCo4yPDiSN5UFmSg6O304NM2qzi + av2b/gmNFN8AxE5CVi+C/fVGBhdpwmmdC0KmtkY38pYa/hf8Pks4jsFtKNDw + 3KW+pP+BTsgKs/o/WrwCFm4LIJj/E6Pf9qZ/mZ8bAxKlVf+gQj2bgxzT3aa1 + hHhD0TA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAx3f5XDjWzYJA4Jn5H + KJOBgBDq/YBNdEeyT+dCuH59ZE6L] + remote_management: + <<: *remote_params + address: 172.30.8.83 + mac_address: "a8:9d:21:c9:c4:9e" + interfaces: + - mac_address: "00:25:b5:a0:00:1a" + speed: 40gb + features: 'dpdk|sriov' + - mac_address: "00:25:b5:a0:00:1b" + speed: 40gb + features: 'dpdk|sriov' + - mac_address: "00:25:b5:a0:00:1c" + speed: 40gb + features: 'dpdk|sriov' + - mac_address: "00:25:b5:a0:00:1d" + speed: 40gb + features: 'dpdk|sriov' + fixed_ips: + admin: 192.168.11.1 + mgmt: 10.167.4.1 + public: 172.30.10.72 +############################################################################## +nodes: + - name: pod2-node1 + node: &nodeparams + type: baremetal + vendor: Cisco Systems Inc + model: UCSB-B200-M4 + arch: x86_64 + cpus: 2 + cpu_cflags: haswell + cores: 8 + memory: 32G + disks: *disks + remote_management: + <<: *remote_params + address: 172.30.8.75 + mac_address: "a8:9d:21:c9:8b:56" + interfaces: + - mac_address: "00:25:b5:a0:00:2a" + speed: 40gb + features: 'dpdk|sriov' + - mac_address: "00:25:b5:a0:00:2b" + speed: 40gb + features: 'dpdk|sriov' + - mac_address: "00:25:b5:a0:00:2c" + speed: 40gb + features: 'dpdk|sriov' + - mac_address: "00:25:b5:a0:00:2d" + speed: 40gb + features: 'dpdk|sriov' + fixed_ips: + admin: 192.168.11.2 + mgmt: 10.167.4.2 + public: 172.30.10.2 + ############################################################################ + - name: pod2-node2 + node: *nodeparams + disks: *disks + remote_management: + <<: *remote_params + address: 172.30.8.65 + mac_address: "a8:9d:21:c9:4d:26" + interfaces: + - mac_address: "00:25:b5:a0:00:3a" + speed: 40gb + features: 'dpdk|sriov' + - mac_address: "00:25:b5:a0:00:3b" + speed: 40gb + features: 'dpdk|sriov' + - mac_address: "00:25:b5:a0:00:3c" + speed: 40gb + features: 'dpdk|sriov' + - mac_address: "00:25:b5:a0:00:3d" + speed: 40gb + features: 'dpdk|sriov' + fixed_ips: + admin: 192.168.11.3 + mgmt: 10.167.4.3 + public: 172.30.10.3 + ############################################################################ + - name: pod2-node3 + node: *nodeparams + disks: *disks + remote_management: + <<: *remote_params + address: 172.30.8.74 + mac_address: "a8:9d:21:c9:3a:92" + interfaces: + - mac_address: "00:25:b5:a0:00:4a" + speed: 40gb + features: 'dpdk|sriov' + - mac_address: "00:25:b5:a0:00:4b" + speed: 40gb + features: 'dpdk|sriov' + - mac_address: "00:25:b5:a0:00:4c" + speed: 40gb + features: 'dpdk|sriov' + - mac_address: "00:25:b5:a0:00:4d" + speed: 40gb + features: 'dpdk|sriov' + fixed_ips: + admin: 192.168.11.4 + mgmt: 10.167.4.4 + public: 172.30.10.4 + ############################################################################ + - name: pod2-node4 + node: *nodeparams + disks: *disks + remote_management: + <<: *remote_params + address: 172.30.8.73 + mac_address: "74:a2:e6:a4:14:9c" + interfaces: + - mac_address: "00:25:b5:a0:00:5a" + speed: 40gb + features: 'dpdk|sriov' + - mac_address: "00:25:b5:a0:00:5b" + speed: 40gb + features: 'dpdk|sriov' + - mac_address: "00:25:b5:a0:00:5c" + speed: 40gb + features: 'dpdk|sriov' + - mac_address: "00:25:b5:a0:00:5d" + speed: 40gb + features: 'dpdk|sriov' + fixed_ips: + admin: 192.168.11.5 + mgmt: 10.167.4.5 + public: 172.30.10.5 + ############################################################################ + - name: pod2-node5 + node: *nodeparams + disks: *disks + remote_management: + <<: *remote_params + address: 172.30.8.72 + mac_address: "a8:9d:21:a0:15:9c" + interfaces: + - mac_address: "00:25:b5:a0:00:6a" + speed: 40gb + features: 'dpdk|sriov' + - mac_address: "00:25:b5:a0:00:6b" + speed: 40gb + features: 'dpdk|sriov' + - mac_address: "00:25:b5:a0:00:6c" + speed: 40gb + features: 'dpdk|sriov' + - mac_address: "00:25:b5:a0:00:6d" + speed: 40gb + features: 'dpdk|sriov' + fixed_ips: + admin: 192.168.11.6 + mgmt: 10.167.4.6 + public: 172.30.10.6 |