airship/maas
Code Issues Proposed changes

Add MAAS deployment gate

Browse Source 
Change-Id: I240a098121c59157d60eef094a08c74220bf0056
Signed-off-by: Anselme, Schubert (sa246v) <sa246v@att.com>
This commit is contained in:
Anselme, Schubert (sa246v) 2025-01-21 09:32:59 -05:00 committed by Sergiy Markin
parent 4d3ec058d8
commit 024df3253f
15 changed files with 1159 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
.zuul.yaml
View File

@ -10,6 +10,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
---
- project:
check:
jobs:
@ -18,12 +19,14 @@
- airship-maas-chart-build-latest-htk
- airship-maas-docker-build-gate
- airship-maas-lint-yaml
- airship-maas-deploy-kubeadm
gate:
jobs:
- airship-maas-lint-ws
- airship-maas-chart-build-gate
- airship-maas-docker-build-gate
- airship-maas-lint-yaml
- airship-maas-deploy-kubeadm
post:
jobs:
- airship-maas-docker-publish
@ -108,6 +111,87 @@
static:
- latest
- job:
name: airship-maas-deploy-kubeadm
description: Deploys all UC's and Executes functional tests
nodeset: treasuremap-airskiff-1node-ubuntu_jammy
roles:
- zuul: airship/kubernetes-entrypoint
- zuul: openstack/openstack-helm
- zuul: zuul/zuul-jobs
required-projects:
- name: openstack/openstack-helm
- name: openstack/openstack-helm-plugin
- name: airship/treasuremap
override-checkout: v1.9
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- ^releasenotes/.*$
- ^site/seaworthy/.*$
- ^site/airsloop/.*$
- ^site/aiab/.*$
timeout: 10800
pre-run:
- tools/gate/playbooks/prepare-hosts.yaml
- tools/gate/playbooks/mount-volumes.yaml
run:
- tools/gate/playbooks/deploy-env.yaml
- tools/gate/playbooks/airship-run-scripts.yaml
post-run:
- tools/gate/playbooks/osh-infra-collect-logs.yaml
vars:
treasuremap_ref: v1.9
extra_volume:
size: 80G
type: Linux
mount_point: /opt/ext_vol
docker:
root_path: "/opt/ext_vol/docker"
containerd:
root_path: "/opt/ext_vol/containerd"
kubeadm:
pod_network_cidr: "10.244.0.0/16"
service_cidr: "10.96.0.0/16"
osh_plugin_repo: "{{ zuul.project.src_dir }}/../../openstack/openstack-helm-plugin"
loopback_setup: true
loopback_device: /dev/loop100
loopback_image: "/opt/ext_vol/openstack-helm/ceph-loop.img"
ceph_osd_data_device: /dev/loop100
kube_version_repo: "v1.32"
kube_version: "1.32.1-1.1"
calico_setup: true
calico_version: "v3.27.4"
cilium_setup: false
cilium_version: "1.16.0"
flannel_setup: false
flannel_version: v0.25.4
metallb_setup: false
metallb_version: "0.13.12"
helm_version: "v3.14.0"
crictl_version: "v1.30.1"
osh_helm_repo: ../../openstack/openstack-helm
osh_values_overrides_path: ../../openstack/openstack-helm/values_overrides
zuul_osh_relative_path: ../../openstack/openstack-helm
zuul_treasuremap_relative_path: ../../airship/treasuremap
gate_scripts_relative_path: .
run_helm_tests: "no"
distro_suffix: ubuntu_jammy
osh_params:
container_distro_name: ubuntu
container_distro_version: jammy
HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.16.4-linux-amd64.tar.gz
HTK_COMMIT: 49c117443391cec75e0bd52bb4a9d033325927ad
OSH_COMMIT: 49c117443391cec75e0bd52bb4a9d033325927ad
gate_scripts:
- ./tools/deployment/002-build-charts.sh
- ./tools/deployment/003-prepare-k8s.sh
- ./tools/deployment/004-make-images.sh
- ./tools/maas/100-cert-manager.sh
- ./tools/maas/115-ceph.sh
- ./tools/maas/120-postgresql.sh
- ./tools/maas/121-maas.sh
- secret:
name: airship_maas_quay_creds
data:

16
tools/deployment/002-build-charts.sh Executable file
View File

@ -0,0 +1,16 @@
#!/bin/bash
: "${MAAS_PATH:="../maas"}"
cd "${MAAS_PATH}" || exit
mkdir -p artifacts
make all
cd charts || exit
for i in $(find . -maxdepth 1 -name "*.tgz" -print | sed -e 's/\-[0-9.]*\.tgz//'| cut -d / -f 2 | sort)
do
find . -name "$i-[0-9.]*.tgz" -print -exec cp -av {} "../artifacts/$i.tgz" \;
done

47
tools/deployment/003-prepare-k8s.sh Executable file
View File

@ -0,0 +1,47 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
# Add labels to the core namespaces & nodes
kubectl label --overwrite namespace default name=default
kubectl label --overwrite namespace kube-system name=kube-system
kubectl label --overwrite namespace kube-public name=kube-public
kubectl label --overwrite nodes --all openstack-control-plane=enabled
kubectl label --overwrite nodes --all ucp-control-plane=enabled
kubectl label --overwrite nodes --all openstack-compute-node=enabled
kubectl label --overwrite nodes --all openvswitch=enabled
kubectl label --overwrite nodes --all linuxbridge=enabled
kubectl label --overwrite nodes --all ceph-mon=enabled
kubectl label --overwrite nodes --all ceph-osd=enabled
kubectl label --overwrite nodes --all ceph-mds=enabled
kubectl label --overwrite nodes --all ceph-rgw=enabled
kubectl label --overwrite nodes --all ceph-mgr=enabled
# We deploy l3 agent only on the node where we run test scripts.
# In this case virtual router will be created only on this node
# and we don't need L2 overlay (will be implemented later).
kubectl label --overwrite nodes -l "node-role.kubernetes.io/control-plane" l3-agent=enabled
for NAMESPACE in ceph mariadb-operator utility ucp openstack osh-infra; do
tee /tmp/${NAMESPACE}-ns.yaml << EOF
apiVersion: v1
kind: Namespace
metadata:
labels:
kubernetes.io/metadata.name: ${NAMESPACE}
name: ${NAMESPACE}
name: ${NAMESPACE}
EOF
kubectl apply -f /tmp/${NAMESPACE}-ns.yaml
done

27
tools/deployment/004-make-images.sh Executable file
View File

@ -0,0 +1,27 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -x
: "${DISTRO:="ubuntu_jammy"}"
env
echo "[*] Deploy local docker registry..."
docker rm registry --force || true
docker run -d -p 5000:5000 --restart=always --name registry registry:2
echo "[*] Build images and push them to local docker registry..."
make images -e DOCKER_REGISTRY="localhost:5000" -e PUSH_IMAGE=true

16
tools/deployment/sleep.sh Executable file
View File

@ -0,0 +1,16 @@
#!/bin/bash
env_output=$(env)
# Loop through each line of the env output
while IFS= read -r line; do
# Extract the variable name and value
variable=$(echo "$line" | cut -d= -f1)
value=$(echo "$line" | cut -d= -f2-)
# Print the export command
echo "export $variable=\"$value\""
done <<< "$env_output"
echo "Sleeping.............."
while true; do sleep 10; done

75
tools/gate/playbooks/airship-run-scripts.yaml Normal file
View File

@ -0,0 +1,75 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- hosts: primary
tasks:
- name: Override images
when: buildset_registry is defined
vars:
work_dir: "{{ zuul.project.src_dir }}"
block:
- name: Buildset registry alias
include_role:
name: deploy-env
tasks_from: buildset_registry_alias
- name: Print zuul
debug:
var: zuul
- name: Override proposed images from artifacts
shell: >
find {{ override_paths | join(" ") }} -type f -exec sed -Ei
"s#['\"]?docker\.io/({{ repo }}):({{ tag }})['\"]?\$#{{ buildset_registry_alias }}:{{ buildset_registry.port }}/\1:\2#g" {} +
loop: "{{ zuul.artifacts | default([]) }}"
args:
chdir: "{{ work_dir }}"
loop_control:
loop_var: zj_zuul_artifact
when: "'metadata' in zj_zuul_artifact and zj_zuul_artifact.metadata.type | default('') == 'container_image'"
vars:
tag: "{{ zj_zuul_artifact.metadata.tag }}"
repo: "{{ zj_zuul_artifact.metadata.repository }}"
override_paths:
- ../openstack-helm*/*/values*
- ../openstack-helm-infra/tools/deployment/
- name: Diff
shell: |
set -ex;
for dir in openstack-helm openstack-helm-infra; do
path="{{ work_dir }}/../${dir}/"
if [ ! -d "${path}" ]; then continue; fi
echo "${dir} diff"
cd "${path}"; git diff; cd -;
done
- name: "creating directory for run artifacts"
file:
path: "/tmp/artifacts"
state: directory
- name: Run gate scripts
include_role:
name: "{{ ([item] | flatten | length == 1) | ternary('airship-run-script', 'airship-run-script-set') }}"
vars:
workload: "{{ [item] | flatten }}"
loop: "{{ gate_scripts }}"
- name: "Downloads artifacts to executor"
synchronize:
src: "/tmp/artifacts"
dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
mode: pull
ignore_errors: True
...

37
tools/gate/playbooks/deploy-env.yaml Normal file
View File

@ -0,0 +1,37 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- hosts: all
become: true
gather_facts: true
roles:
- ensure-python
- ensure-pip
- role: ensure-tox
become: false
- clear-firewall
- deploy-apparmor
- deploy-selenium
- deploy-env
tasks:
- name: Install Packaging python module for tools/airship
block:
- pip:
name: packaging
version: 23.1
executable: pip3
become: true
...

17
tools/gate/playbooks/mount-volumes.yaml Normal file
View File

@ -0,0 +1,17 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- hosts: all
roles:
- mount-extra-volume
...

43
tools/gate/playbooks/osh-infra-collect-logs.yaml Normal file
View File

@ -0,0 +1,43 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- hosts: all
vars_files:
- vars.yaml
vars:
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
logs_dir: "/tmp/logs"
roles:
- gather-host-logs
tags:
- gather-host-logs
- hosts: primary
vars_files:
- vars.yaml
vars:
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
logs_dir: "/tmp/logs"
roles:
- helm-release-status
- describe-kubernetes-objects
- gather-pod-logs
- gather-prom-metrics
- gather-selenium-data
tags:
- helm-release-status
- describe-kubernetes-objects
- gather-pod-logs
- gather-prom-metrics
- gather-selenium-data
...

17
tools/gate/playbooks/prepare-hosts.yaml Normal file
View File

@ -0,0 +1,17 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- hosts: all
roles:
- start-zuul-console
...

164
tools/maas/100-cert-manager.sh Executable file
View File

@ -0,0 +1,164 @@
#!/bin/bash
set -eux
: ${CERT_MANAGER_VERSION:="v1.16.1"}
cert_path="/etc/openstack-helm"
ca_cert_root="$cert_path/certs/ca"
function check_cert {
# $1: the certificate file, e.g. ca.pem
# $2: the key file, e.g. ca-key.pem
local cert="$(openssl x509 -noout -modulus -in $1)"
local key="$(openssl rsa -noout -modulus -in $2)"
if ! [ "$cert" = "$key" ]; then
echo "Failure: tls private key does not match cert"
exit 1
else
echo "Pass: $cert is valid with $key"
fi
}
# Download cfssl and cfssljson if they are not available on the system
if type cfssl && type cfssljson; then
echo "cfssl and cfssljson found - skipping installation"
else
echo "installing cfssl and cfssljson"
temp_bin=$(mktemp --directory)
cd $temp_bin
CFSSLURL=https://pkg.cfssl.org/R1.2
curl --retry 3 --retry-connrefused -sSL -o cfssl $CFSSLURL/cfssl_linux-amd64
curl --retry 3 --retry-connrefused -sSL -o cfssljson $CFSSLURL/cfssljson_linux-amd64
chmod +x {cfssl,cfssljson}
export PATH=$PATH:$temp_bin
fi
# Sets up a directory for the certs
sudo rm -rf $cert_path
sudo mkdir -p $ca_cert_root
sudo chmod -R go+w $cert_path
cd $ca_cert_root
cat > ca-csr.json <<EOF
{
"CN": "ACME Company",
"key": {
"algo": "rsa",
"size": 4096
},
"names": [
{
"C": "US",
"L": "SomeState",
"ST": "SomeCity",
"O": "SomeOrg",
"OU": "SomeUnit"
}
]
}
EOF
cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
check_cert ca.pem ca-key.pem
cat > cfssl.json <<EOF
{
"signing": {
"default": {
"expiry": "8760h"
},
"profiles": {
"intermediate_ca": {
"expiry": "8760h",
"usages": [
"signing",
"digital signature",
"cert sign",
"crl sign",
"key encipherment",
"server auth",
"client auth"
],
"ca_constraint": {
"is_ca": true
}
}
}
}
}
EOF
cat > intermediate-ca.json <<EOF
{
"CN": "OpenStack Helm CA",
"key": {
"algo": "rsa",
"size": 4096
},
"names": [
{
"C": "GB",
"L": "Space",
"ST": "Earth",
"O": "OSH",
"OU": "OSH"
}
],
"ca": {
"expiry": "8760h"
}
}
EOF
cfssl gencert -initca intermediate-ca.json | cfssljson -bare intermediate-ca -
cfssl sign -ca ca.pem -ca-key ca-key.pem -config cfssl.json -profile intermediate_ca \
intermediate-ca.csr | cfssljson -bare intermediate-ca
check_cert intermediate-ca.pem intermediate-ca-key.pem
kubectl create ns cert-manager
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install cert-manager jetstack/cert-manager --namespace cert-manager \
--version ${CERT_MANAGER_VERSION} \
--set installCRDs=true \
--set extraArgs[0]="--enable-certificate-owner-ref=true" \
--timeout=600s
helm repo remove jetstack
key=$(cat /etc/openstack-helm/certs/ca/ca-key.pem | base64 | tr -d "\n")
crt=$(cat /etc/openstack-helm/certs/ca/ca.pem | base64 | tr -d "\n")
cat > /tmp/ca-issuers.yaml <<EOF
---
apiVersion: v1
kind: Secret
metadata:
name: ca-key-pair
namespace: cert-manager
data:
tls.crt: $crt
tls.key: $key
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: ca-issuer
spec:
ca:
secretName: ca-key-pair
EOF
kubectl wait --for=condition=Ready pods --all -n cert-manager --timeout=180s
# Per [0], put a sleep here to guard against the error - failed calling webhook "webhook.cert-manager.io"
# [0] https://github.com/jetstack/cert-manager/issues/2602
sleep 45
kubectl apply -f /tmp/ca-issuers.yaml

69
tools/maas/110-build-images.sh Executable file
View File

@ -0,0 +1,69 @@
#!/bin/bash
#
# Copyright 2017 The Openstack-Helm Authors.
# Copyright 2018 AT&T Intellectual Property. All other rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
: "${BASE_IMG:="public.ecr.aws/docker/library/ubuntu:jammy"}"
: "${IMG_PATH:="./images"}"
: "${MAAS_REPO:="quay.io/airshipit"}"
: "${SSTREAM_RELEASE:="jammy"}"
# Build kube-entrypoint image
grep -q "${MAAS_REPO}/kubernetes-entrypoint" <(docker image ls) >/dev/null ||
docker build \
-t "${MAAS_REPO}/kubernetes-entrypoint:latest-ubuntu_jammy" \
--network=host \
-f ../kubernetes-entrypoint/images/Dockerfile.ubuntu_jammy \
--build-arg MAKE_TARGET=build \
../kubernetes-entrypoint
# Build maas images
grep -q "${MAAS_REPO}/maas-region-controller" <(docker image ls) >/dev/null ||
docker build \
-t "${MAAS_REPO}/maas-region-controller:latest" \
--network=host \
-f "${IMG_PATH}/maas-region-controller-jammy/Dockerfile" \
"${IMG_PATH}/maas-region-controller-jammy"
grep -q "${MAAS_REPO}/maas-rack-controller" <(docker image ls) >/dev/null ||
docker build \
-t "${MAAS_REPO}/maas-rack-controller:latest" \
--network=host \
-f "${IMG_PATH}/maas-rack-controller-jammy/Dockerfile" \
"${IMG_PATH}/maas-rack-controller-jammy"
grep -q "${MAAS_REPO}/sstream-cache" <(docker image ls) >/dev/null ||
docker build \
-t "${MAAS_REPO}/sstream-cache:latest" \
--network=host \
-f "${IMG_PATH}/sstream-cache/Dockerfile" \
--build-arg FROM="${BASE_IMG}" \
--build-arg SSTREAM_IMAGE=https://images.maas.io/ephemeral-v3/stable/ \
--build-arg SSTREAM_RELEASE="${SSTREAM_RELEASE}" \
"${IMG_PATH}/sstream-cache"
# Save images to tar files
stat -f /tmp/kubernetes-entrypoint.tar >/dev/null || docker image save "${MAAS_REPO}/kubernetes-entrypoint" -o /tmp/kubernetes-entrypoint.tar
stat -f /tmp/maas-region-controller.tar >/dev/null || docker image save "${MAAS_REPO}/maas-region-controller:latest" -o /tmp/maas-region-controller.tar
stat -f /tmp/maas-rack-controller.tar >/dev/null || docker image save "${MAAS_REPO}/maas-rack-controller:latest" -o /tmp/maas-rack-controller.tar
stat -f /tmp/sstream-cache.tar >/dev/null || docker image save "${MAAS_REPO}/sstream-cache:latest" -o /tmp/sstream-cache.tar
# Load images to minikube
grep -q "${MAAS_REPO}/kubernetes-entrypoint:latest-ubuntu_jammy" <(sudo -E minikube image ls) >/dev/null || sudo -E minikube image load /tmp/kubernetes-entrypoint.tar
grep -q "${MAAS_REPO}/maas-region-controller:latest" <(sudo -E minikube image ls) >/dev/null || sudo -E minikube image load /tmp/maas-region-controller.tar
grep -q "${MAAS_REPO}/maas-rack-controller:latest" <(sudo -E minikube image ls) >/dev/null || sudo -E minikube image load /tmp/maas-rack-controller.tar
grep -q "${MAAS_REPO}/sstream-cache:latest" <(sudo -E minikube image ls) >/dev/null || sudo -E minikube image load /tmp/sstream-cache.tar

226
tools/maas/115-ceph.sh Executable file
View File

@ -0,0 +1,226 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
: ${CEPH_OSD_DATA_DEVICE:="/dev/loop100"}
: ${POD_NETWORK_CIDR:="10.244.0.0/16"}
: ${OSH_HELM_REPO:="../../openstack/openstack-helm"}
: ${OSH_VALUES_OVERRIDES_PATH:="../../openstack/openstack-helm/values_overrides"}
NUMBER_OF_OSDS="$(kubectl get nodes -l ceph-osd=enabled --no-headers | wc -l)"
#NOTE: Deploy command
[ -s /tmp/ceph-fs-uuid.txt ] || uuidgen > /tmp/ceph-fs-uuid.txt
CEPH_FS_ID="$(cat /tmp/ceph-fs-uuid.txt)"
#NOTE(portdirect): to use RBD devices with Ubuntu kernels < 4.5 this
# should be set to 'hammer'
. /etc/os-release
if [ "x${ID}" == "xcentos" ] || \
([ "x${ID}" == "xubuntu" ] && \
dpkg --compare-versions "$(uname -r)" "lt" "4.5"); then
CRUSH_TUNABLES=hammer
else
CRUSH_TUNABLES=null
fi
tee /tmp/ceph.yaml <<EOF
endpoints:
ceph_mon:
namespace: ceph
port:
mon:
default: 6789
ceph_mgr:
namespace: ceph
port:
mgr:
default: 7000
metrics:
default: 9283
network:
public: "${POD_NETWORK_CIDR}"
cluster: "${POD_NETWORK_CIDR}"
port:
mon: 6789
rgw: 8088
mgr: 7000
deployment:
storage_secrets: true
ceph: true
csi_rbd_provisioner: true
client_secrets: false
rgw_keystone_user_and_endpoints: false
bootstrap:
enabled: true
conf:
rgw_ks:
enabled: false
ceph:
global:
fsid: ${CEPH_FS_ID}
mon_addr: :6789
mon_allow_pool_size_one: true
osd_pool_default_size: 1
osd:
osd_crush_chooseleaf_type: 0
pool:
crush:
tunables: ${CRUSH_TUNABLES}
target:
osd: ${NUMBER_OF_OSDS}
final_osd: ${NUMBER_OF_OSDS}
pg_per_osd: 100
default:
crush_rule: same_host
spec:
# Health metrics pool
- name: .mgr
application: mgr_devicehealth
replication: 1
percent_total_data: 5
# RBD pool
- name: rbd
application: rbd
replication: 1
percent_total_data: 40
# CephFS pools
- name: cephfs_metadata
application: cephfs
replication: 1
percent_total_data: 5
- name: cephfs_data
application: cephfs
replication: 1
percent_total_data: 10
# RadosGW pools
- name: .rgw.root
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.control
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.data.root
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.gc
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.log
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.intent-log
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.meta
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.usage
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.users.keys
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.users.email
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.users.swift
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.users.uid
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.buckets.extra
application: rgw
replication: 1
percent_total_data: 0.1
- name: default.rgw.buckets.index
application: rgw
replication: 1
percent_total_data: 3
- name: default.rgw.buckets.data
application: rgw
replication: 1
percent_total_data: 29
storage:
osd:
- data:
type: bluestore
location: ${CEPH_OSD_DATA_DEVICE}
# block_db:
# location: ${CEPH_OSD_DB_WAL_DEVICE}
# size: "5GB"
# block_wal:
# location: ${CEPH_OSD_DB_WAL_DEVICE}
# size: "2GB"
pod:
replicas:
mds: 1
mgr: 1
rgw: 1
jobs:
ceph_defragosds:
# Execute every 15 minutes for gates
cron: "*/15 * * * *"
history:
# Number of successful job to keep
successJob: 1
# Number of failed job to keep
failJob: 1
concurrency:
# Skip new job if previous job still active
execPolicy: Forbid
startingDeadlineSecs: 60
manifests:
job_bootstrap: false
EOF
for CHART in ceph-mon ceph-osd ceph-client ceph-provisioners; do
helm dependency build ${OSH_HELM_REPO}/${CHART}
helm upgrade --install ${CHART} ${OSH_HELM_REPO}/${CHART} \
--namespace=ceph \
--values=/tmp/ceph.yaml \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_CEPH_DEPLOY:-$(helm osh get-values-overrides ${DOWNLOAD_OVERRIDES:-} -p ${OSH_VALUES_OVERRIDES_PATH} -c ${CHART} ${FEATURES})}
#NOTE: Wait for deploy
helm osh wait-for-pods ceph
#NOTE: Validate deploy
MON_POD=$(kubectl get pods \
--namespace=ceph \
--selector="application=ceph" \
--selector="component=mon" \
--no-headers | awk '{ print $1; exit }')
kubectl exec -n ceph ${MON_POD} -- ceph -s
done
# Delete the test pod if it still exists
kubectl delete pods -l application=ceph-osd,release_group=ceph-osd,component=test --namespace=ceph --ignore-not-found
helm test ceph-osd --namespace ceph --timeout 900s
# Delete the test pod if it still exists
kubectl delete pods -l application=ceph-client,release_group=ceph-client,component=test --namespace=ceph --ignore-not-found
helm test ceph-client --namespace ceph --timeout 900s

87
tools/maas/120-postgresql.sh Executable file
View File

@ -0,0 +1,87 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Deploy command
: ${OSH_HELM_REPO:="../../openstack/openstack-helm"}
: ${OSH_VALUES_OVERRIDES_PATH:="../../openstack/openstack-helm/values_overrides"}
: ${OSH_EXTRA_HELM_ARGS:=""}
: ${OSH_EXTRA_HELM_ARGS_POSTGRESQL:="$(helm osh get-values-overrides -p ${OSH_VALUES_OVERRIDES_PATH} -c postgresql ${FEATURES})"}
DEP_CHECK_IMG="${DEP_CHECK_IMG:-quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_jammy}"
# Generate value overrides to deploy postgresql
cat <<EOF >/tmp/values.postgres.yaml
labels:
server:
node_selector_key: ucp-control-plane
node_selector_value: enabled
test:
node_selectory_key: ucp-control-plane
node_selector_value: enabled
prometheus_postgresql_exporter:
node_selector_key: ucp-control-plane
node_selector_value: enabled
job:
node_selector_key: ucp-control-plane
node_selector_value: enabled
images:
tags:
dep_check: ${DEP_CHECK_IMG}
pod:
replicas:
server: 1
prometheus_postgresql_exporter: 0
mandatory_access_control:
type: apparmor
storage:
pvc:
class_name: general
archive_pvc:
class_name: general
monitoring:
prometheus:
postgresql_exporter:
scrape: false
volume:
backup:
enabled: false
class_name: general
manifests:
secret_admin: true
secret_backup_restore: true
cron_job_postgresql_backup: false
pvc_backup: true
monitoring:
prometheus:
configmap_bin: false
configmap_etc: false
deployment_exporter: false
job_user_create: false
secret_etc: false
service_exporter: false
EOF
helm dependency build ${OSH_HELM_REPO}/postgresql
helm upgrade --install postgresql ${OSH_HELM_REPO}/postgresql \
--namespace=ucp \
--values=/tmp/values.postgres.yaml \
${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_POSTGRESQL}
#NOTE: Wait for deploy
helm osh wait-for-pods ucp

234
tools/maas/121-maas.sh Executable file
View File

@ -0,0 +1,234 @@
#!/bin/bash
#
# Copyright 2017 The Openstack-Helm Authors.
# Copyright 2018 AT&T Intellectual Property. All other rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
DEFAULT_IMAGE="${DEFAULT_IMAGE:-jammy}"
DEFAULT_KERNEL="${DEFAULT_KERNEL:-ga-22.04}"
DEFAULT_OS="${DEFAULT_OS:-ubuntu}"
DEP_CHECK_IMG="${DEP_CHECK_IMG:-quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_jammy}"
REGION_CTL_IMG="${REGION_CTL_IMG:-localhost:5000/airshipit/maas-region-controller-jammy:latest}"
RACK_CTL_IMG="${RACK_CTL_IMG:-localhost:5000/airshipit/maas-rack-controller-jammy:latest}"
CACHE_IMG="${CACHE_IMG:-localhost:5000/airshipit/sstream-cache-jammy:latest}"
# Generate value overrides to deploy maas
cat <<eof >/tmp/values.maas.yaml
labels:
rack:
node_selector_key: ucp-control-plane
node_selector_value: enabled
region:
node_selector_key: ucp-control-plane
node_selector_value: enabled
ingress:
node_selector_key: ucp-control-plane
node_selector_value: enabled
syslog:
node_selector_key: ucp-control-plane
node_selector_value: enabled
test:
node_selector_key: ucp-control-plane
node_selector_value: enabled
images:
tags:
db_sync: ${REGION_CTL_IMG}
maas_rack: ${RACK_CTL_IMG}
maas_region: ${REGION_CTL_IMG}
bootstrap: ${REGION_CTL_IMG}
export_api_key: ${REGION_CTL_IMG}
maas_cache: ${CACHE_IMG}
dep_check: ${DEP_CHECK_IMG}
maas_syslog: ${REGION_CTL_IMG}
enable_tls: ${REGION_CTL_IMG}
network:
region_api:
ingress:
classes:
namespace: nginx
cluster: nginx
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
node_port:
enabled: true
region_proxy:
node_port:
enabled: false
pod:
mandatory_access_control:
type: apparmor
replicas:
rack: 1
region: 1
syslog: 1
storage:
syslog:
pvc:
class_name: general
rackd:
pvc:
class_name: general
manifests:
ingress_region: false
configmap_ingress: false
maas_ingress: false
dependencies:
static:
rack_controller:
services:
- service: maas_region
endpoint: internal
jobs:
- maas-export-api-key
region_controller:
jobs:
- maas-db-sync
services:
- service: maas_db
endpoint: internal
db_init:
services:
- service: maas_db
endpoint: internal
db_sync:
jobs:
- maas-db-init
bootstrap_admin_user:
jobs:
- maas-db-sync
services:
- service: maas_region
endpoint: internal
- service: maas_db
endpoint: internal
import_resources:
jobs:
- maas-bootstrap-admin-user
services:
- service: maas_region
endpoint: internal
- service: maas_db
endpoint: internal
export_api_key:
jobs:
- maas-bootstrap-admin-user
services:
- service: maas_region
endpoint: internal
- service: maas_db
endpoint: internal
endpoints:
maas_region:
host_fqdn_override:
default: null
public:
host: maas-region.ucp.svc.cluster.local
hosts:
default: maas-region
name: maas-region
path:
default: /MAAS
port:
region_api:
nodeport: 31900
nodeporttls: 31901
public: 443
internal: 80
scheme:
default: https
maas_syslog:
host_fqdn_override:
public:
host: maas-syslog.ucp.svc.cluster.local
conf:
# ssh:
# private_key: null
# curtin:
# override: false
# late_commands:
# install_modules_extra: ["curtin", "in-target", "--", "apt-get", "-y", "install", "linux-generic"]
# cloudconfig:
# override: false
# sections:
# bootcmd:
# - rm -fr /var/lib/apt/lists
# - sysctl net.ipv6.conf.all.disable_ipv6=1
# - sysctl net.ipv6.conf.default.disable_ipv6=1
# - sysctl net.ipv6.conf.lo.disable_ipv6=0
# drydock:
# bootaction_url: null
cache:
enabled: true
syslog:
log_level: DEBUG
maas:
cgroups:
disable_cgroups_region: false
disable_cgroups_rack: false
ntp:
use_external_only: true
ntp_servers:
- 138.197.135.239
- 162.159.200.123
- 206.108.0.133
- 217.180.209.214
dns:
require_dnssec: "no"
dns_servers:
- 8.8.4.4
- 8.8.8.8
proxy:
peer_proxy_enabled: false
proxy_enabled: false
images:
default_os: ${DEFAULT_OS}
default_image: ${DEFAULT_IMAGE}
default_kernel: ${DEFAULT_KERNEL}
credentials:
secret:
namespace: ucp
extra_settings:
network_discovery: disabled
active_discovery_interval: 0
enlist_commissioning: false
force_v1_network_yaml: true
system_passwd: null
system_user: null
tls:
enabled: true
create: true
insecure: "'true'"
cert_manager:
enabled: true
issuer:
kind: ClusterIssuer
name: ca-issuer
eof
# Deploy maas
cp -r ../../openstack/openstack-helm/helm-toolkit ./charts/deps/helm-toolkit
helm dependency update ./charts/maas
helm upgrade --install maas ./charts/maas \
--namespace=ucp \
--values=/tmp/values.maas.yaml
# Wait for all pods to be running
helm osh wait-for-pods ucp
# Run tests
helm test maas --namespace=ucp