Age | Commit message (Collapse) | Author | Files | Lines |
|
If keys do not exist, the skipping decryption python stuff doesn't
work, see:
https://build.opnfv.org/ci/job/validate-pdf-jinja2-templates-master/16/consoleFull
Still does not fallback to plain in the case of a 'bad decryption',
but the current code does not either, bad decryption is logged
in any case.
Change-Id: I8da2c7cf8568a6e77ca24cc9ce665410d93b7ba9
Signed-off-by: agardner <agardner@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The example configuration file in the directory pharos/config/utils/
is config.example.yaml.
Change-Id: I493274e4ddb689eb729ed642b5f495b5be0b75b0
Signed-off-by: Alex Yang <yangyang1@zte.com.cn>
|
|
Change-Id: I86935bee9ff30d811f0e756f93716cb415fa3a01
Signed-off-by: Alex Yang <yangyang1@zte.com.cn>
|
|
|
|
|
|
|
|
On CentOS7 systems the gem command is contained in the 'rubygems'
package, not 'ruby-gems'.
After the keys have been moved, there is not reason to keep around the
'keys' directory.
Change-Id: I5cb9f474276de75b650ddf323a279e139fb62d37
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
|
|
Change-Id: I0c4389059edb33fecdd472777d7266c4934f1d07
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
|
|
Removing Qiao Fu who is no longer able to participate in project.
Change-Id: I4bfcb378f3a5da6af59292f8911fa8fc8200cbae
|
|
|
|
|
|
|
|
JIRA: FUEL-313
Change-Id: I046ea732e1047f793f1b3bc6f7fc31cfcee9ff40
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Our PDF installer adapter defines 3 unused reclass params that are
misleading, so drop them (infra_compute_node{01,02,03}_address).
Change-Id: Iedf68bbfa77f3a42572dde30275318c8d04f5eb4
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
If eyaml is not installed or misconfigured, we should output raw
encrypted data and throw a warn/error accordingly, instead of
bailing out completely.
Needed for Fuel deploys on PODs that do not use PDF encryption, e.g.
lf-pod2.
Change-Id: I2905df11a3cf2f2eb1ab9bfd8bd88619af2cab04
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I3a82ed747d2671510a25e65388c7f73ec760afc3
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
JIRA: FUEL-305
Change-Id: Ic5a2d499925aeec5b597394a059640ddae83fb2d
Signed-off-by: Guillermo Herrero <guillermo.herrero@enea.com>
|
|
|
|
|
|
|
|
JIRA: DAISY-74
Add jinja2 templates for daisy network configuration.
For DPDK, TENANT and EXTERNAL networks should share the
same interface now.
Change-Id: I6e9b7a68fb572e9ad844cfcc6ff383aaa25e3bc1
Signed-off-by: Alex Yang <yangyang1@zte.com.cn>
|
|
Note: Also fixed yamllint issues with these files
Inline encrytion of yaml files allows us to make away with securedlab's
restrictions. Going forward, anyone will be able to see Lab PDFs
See:
https://github.com/opnfv/pharos/blob/master/config/utils/README.eyaml.rst
If you are the reviewer on this changeset it is becasue
git blamed showed you to be the author of the pdf in this review.
Encrypting ipmi password etc is optional. I have scrubbed the password from
this change. If you do not need the password to be hidden, please let me
know in the comment, and I will put it back.
If you do need the password hidden, please follow the readme above and
ammend this patch to include the encrypted value that you create on your
pods jumphost.
Passwords and Usernames removed:
$ egrep -r '(pass|user)'
zte/pod2/daisy/config/deploy.yml: ipmi_user:
zte/pod2/daisy/config/deploy.yml: ipmi_pass:
zte/pod2/daisy/config/deploy.yml: ipmi_user:
zte/pod2/daisy/config/deploy.yml: ipmi_pass:
zte/pod2/daisy/config/deploy.yml: ipmi_user:
zte/pod2/daisy/config/deploy.yml: ipmi_pass:
zte/pod2/daisy/config/deploy.yml: ipmi_user:
zte/pod2/daisy/config/deploy.yml: ipmi_pass:
zte/pod2/daisy/config/deploy.yml: ipmi_user:
zte/pod2/daisy/config/deploy.yml: ipmi_pass:
zte/pod2/daisy/config/deploy.yml:daisy_passwd: ''
zte/virtual1/daisy/config/deploy.yml:daisy_passwd: ''
zte/pod3.yaml: user:
zte/pod3.yaml: pass:
zte/pod3/daisy/config/deploy.yml: ipmi_user:
zte/pod3/daisy/config/deploy.yml: ipmi_pass:
zte/pod3/daisy/config/deploy.yml: ipmi_user:
zte/pod3/daisy/config/deploy.yml: ipmi_pass:
zte/pod3/daisy/config/deploy.yml: ipmi_user:
zte/pod3/daisy/config/deploy.yml: ipmi_pass:
zte/pod3/daisy/config/deploy.yml: ipmi_user:
zte/pod3/daisy/config/deploy.yml: ipmi_pass:
zte/pod3/daisy/config/deploy.yml: ipmi_user:
zte/pod3/daisy/config/deploy.yml: ipmi_pass:
zte/pod3/daisy/config/deploy.yml:daisy_passwd: ''
zte/pod1.yaml: user:
zte/pod1.yaml: pass:
zte/virtual2/daisy/config/deploy.yml:daisy_passwd: ''
zte/pod2.yaml: user:
zte/pod2.yaml: pass:
lf/pod2.yaml: user: >
Change-Id: I876f4b553c51dd4592701539cfce66bcf8c114ab
Signed-off-by: agardner <agardner@linuxfoundation.org>
|
|
Inline encrytion of yaml files allows us to make away with securedlab's
restrictions. Going forward, anyone will be able to see Lab PDFs
See:
https://github.com/opnfv/pharos/blob/master/config/utils/README.eyaml.rst
If you are the reviewer on this changeset it is becasue
git blamed showed you to be the author of the pdf in this review.
Encrypting ipmi password etc is optional. I have scrubbed the password
from this change. If you do not need the password to be hidden, please let me
know in the comment, and I will put it back.
If you do need the password hidden, please follow the readme above and
ammend this patch to include the encrypted value that you create on your
pods jumphost.
Change-Id: Idc70540477d8569f15335e75e7725c1e4e56a60b
Signed-off-by: agardner <agardner@linuxfoundation.org>
|
|
Inline encrytion of yaml files allows us to make away with securedlab's
restrictions
Going forward, anyone will be able to see Lab PDFs
See:
https://github.com/opnfv/pharos/blob/master/config/utils/README.eyaml.rst
If you are the reviewer on this changeset it is becasue
git blamed showed you to be the author of the pdf in this review.
Encrypting ipmi password is optional. I have scrubbed the password from
this change. If you do not need the password to be hidden, please let me
know in the comment, and I will put it back.
If you do need the password hidden, please follow the readme above and
ammend this patch to include the encrypted value that you create on your
pods jumphost.
Change-Id: Ie3e935e7e9250a387858c29eb77c3c06b4fe3f57
Signed-off-by: agardner <agardner@linuxfoundation.org>
|
|
Inline encrytion of yaml files allows us to make away with securedlab's
restrictions. Going forward, anyone will be able to see Lab PDFs
See:
https://github.com/opnfv/pharos/blob/master/config/utils/README.eyaml.rst
If you are the reviewer on this changeset it is becasue
git blamed showed you to be the author of the pdf in this review.
Encrypting ipmi password is optional. I have scrubbed the password from
this change. If you do not need the password to be hidden, please let me
know in the comment, and I will put it back.
If you do need the password hidden, please follow the readme above and
ammend this patch to include the encrypted value that you create on your
pods jumphost.
Change-Id: I52a5c117da599fd46aa246de20077d5bdbe8a3b6
Signed-off-by: agardner <agardner@linuxfoundation.org>
|
|
Inline encrytion of yaml files allows us to make away with securedlab's
restrictions
Going forward, anyone will be able to see Lab PDFs
See:
https://github.com/opnfv/pharos/blob/master/config/utils/README.eyaml.rst
If you are the reviewer on this changeset it is becasue
git blamed showed you to be the author of the pdf in this review.
Encrypting ipmi password is optional. I have scrubbed the password from
this change. If you do not need the password to be hidden, please let me
know in the comment, and I will put it back.
If you do need the password hidden, please follow the readme above and
ammend this patch to include the encrypted value that you create on your
pods jumphost.
Change-Id: Ic2db523e7f82a0fb48e462a1fbe1402267f22618
Signed-off-by: agardner <agardner@linuxfoundation.org>
|
|
Stupid jenkins
Change-Id: Ibfd83e7dadd674cfe7d7a9c2a712ef069fb8d5de
Signed-off-by: agardner <agardner@linuxfoundation.org>
|
|
Securedlab will be going away now that we can encrypt strings
(eyaml)
we need to check jinja2 PDF templates that will be moving into pharos
This adds one pod yaml files and fixes paths in check-jinja2.sh
After this is merged I can create a jenkins job for pharos.
Then I can start moving pdf files into the pharos repo
Change-Id: I2f2f2925275de49035d7d0160249d75b25ca0d20
Signed-off-by: agardner <agardner@linuxfoundation.org>
|
|
|
|
Change-Id: I4b9a9a569d22570f027a49bc31736f6787177171
Signed-off-by: Alex Yang <yangyang1@zte.com.cn>
|
|
Note: IDF data encryption is not supported. Supporting that is
trivial, but it leads to slightly more complicated code, plus it
breaks support for multiline scalar encrypted data in the PDF ('>'),
forcing us to define each encrypted value as inline string.
While at it, fix silly limitation of jinja2 path residing in a subdir
of CWD.
Change-Id: I441ec754d8b6e4aad2ed73aba0b9b18ed65f05f4
Signed-off-by: agardner <agardner@linuxfoundation.org>
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Instead of assuming the PXE network interface is always the first,
read its index from 'net_config' section.
Change-Id: I0b4e9fc89297f4bd718a2e5336746917347c89e1
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I683788846a716f1af6ae8aa3b25cc3a866ae0045
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I8d4cc9505eb1d405b8f6a3ef1053249d803bda7b
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
Change-Id: I848f13acca08c4c8a24eeecd3554ea6d50bbb565
Signed-off-by: Guillermo Herrero <guillermo.herrero@enea.com>
|
|
|
|
Change-Id: Ibb481d57e3c154c409c2635096330f2e63dce9db
Signed-off-by: Jack Morgan <jack.morgan@intel.com>
|
|
Change-Id: I4ff233460bb4fbd88277f2798f5f6380ff3b367d
Signed-off-by: Guillermo Herrero <guillermo.herrero@enea.com>
|
|
For a given 'podN.yaml' file, check whether a file named
'idf-podN.yaml' exists in the same directory, and if it does,
pass its contents under the 'idf' dict key to the j2 template.
This assumes the contents of IDF yaml have a root 'idf' key.
Change-Id: I6c6f1b9f28c38989f8a6ed4a389c9a1da423d76d
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
|
|
Removed committers have not touched the project in over a year
Current committers,
Please vote with +2,0,-2 on this change
I will ask the TSC to ammend the by-law on removing committers, so that
It can be done by vote if a committer is inactive for a long period
Change-Id: I55234cea80e26fd377a1b7d5a6e062db8b78defe
Signed-off-by: agardner <agardner@linuxfoundation.org>
|
|
v3 -> v4:
- extract common variable refs, fold some reusable code;
- provide dummy defaults for PDFs without net_config;
- keep yamllint happy about spaces and empty lines;
v4 -> v5:
- more folding, define a macro for multiple IP address definition;
v5 -> v6:
- added MaaS network / DHCP range support;
v6 -> v7:
- removed macro, template code reverted to output style
JIRA: FUEL-275
Change-Id: Ib1cc319534d06c088b1db16a43aef663a8ada0d8
Signed-off-by: Guillermo Herrero <guillermo.herrero@enea.com>
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|