diff --git a/.dockerignore b/.dockerignore index bda586d9..b6e4bf1a 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,8 +1,8 @@ +.eggs .tox -.vagrant -Vagrantfile __pycache__ +build docs -example +examples promenade.egg-info tools diff --git a/.gitignore b/.gitignore index c5d44895..3b828e16 100644 --- a/.gitignore +++ b/.gitignore @@ -1,20 +1,13 @@ __pycache__ /*.log -/*.tar -/.vagrant -/cni.tgz -/env.sh -/helm -/kubectl -/kubelet -/linux-amd64 -/genesis_image_cache/ -/join_image_cache/ +/.python-version +/build /promenade.egg-info /tmp .tox/ /.eggs -ChangeLog +/AUTHORS +/ChangeLog # Sphinx documentation docs/build/ diff --git a/Vagrantfile b/Vagrantfile deleted file mode 100644 index f391131f..00000000 --- a/Vagrantfile +++ /dev/null @@ -1,49 +0,0 @@ -# -*- mode: ruby -*- -# vi: set ft=ruby : - -Vagrant.configure("2") do |config| - config.vm.box = "promenade/ubuntu1604" - config.vm.box_check_update = false - - provision_env = {} - if ENV['http_proxy'] then - provision_env['http_proxy'] = ENV['http_proxy'] - end - - config.vm.provision :shell, privileged: true, env: provision_env, inline:< true - - config.vm.provider "libvirt" do |lv| - lv.cpus = 2 - lv.memory = "2048" - lv.nested = true - end - - config.vm.define "n0" do |c| - c.vm.hostname = "n0" - c.vm.network "private_network", ip: "192.168.77.10" - end - - config.vm.define "n1" do |c| - c.vm.hostname = "n1" - c.vm.network "private_network", ip: "192.168.77.11" - end - - config.vm.define "n2" do |c| - c.vm.hostname = "n2" - c.vm.network "private_network", ip: "192.168.77.12" - end - - config.vm.define "n3" do |c| - c.vm.hostname = "n3" - c.vm.network "private_network", ip: "192.168.77.13" - end - -end diff --git a/docs/source/getting-started.rst b/docs/source/getting-started.rst index 15d8a7e5..7753f7d2 100644 --- a/docs/source/getting-started.rst +++ b/docs/source/getting-started.rst @@ -1,6 +1,48 @@ Getting Started =============== +Basic Deployment +---------------- + +Setup +^^^^^ + +To create the certificates and scripts needed to perform a basic deployment, +you can use the following helper script: + +.. code-block:: bash + + ./tools/basic-deployment.sh examples/basic build + +This will copy the configuration provided in the ``examples/basic`` directory +into the ``build`` directory. Then, it will generate self-signed certificates +for all the needed components in Deckhand-compatible format. Finally, it will +render the provided configuration into directly-usable ``genesis.sh`` and +``join-.sh`` scripts. + +Execution +^^^^^^^^^ + +Perform the following steps to execute the deployment: + +1. Copy the ``genesis.sh`` script to the genesis node and run it. +2. Validate the genesis node by running ``validate-genesis.sh`` on it. +3. Join master nodes by copying their respective ``join-.sh`` scripts to + them and running them. +4. Validate the master nodes by copying and running their respective + ``validate-.sh`` scripts on each of them. +5. Re-provision the Genesis node + + a) Run the ``/usr/local/bin/promenade-teardown`` script on the Genesis node: + b) Delete the node from the cluster via one of the other nodes ``kubectl delete node ``. + c) Power off and re-image the Genesis node. + d) Join the genesis node as a normal node using its ``join-.sh`` script. + e) Validate the node using ``validate-.sh``. + +6. Join and validate all remaining nodes using the ``join-.sh`` and + ``validate-.sh`` scripts described above. + + Running Tests ------------- @@ -29,6 +71,11 @@ For more verbose output, try: PROMENADE_DEBUG=1 ./tools/gate.sh +For extremely verbose output, try: + +.. code-block:: bash + + GATE_DEBUG=1 PROMENADE_DEBUG=1 ./tools/gate.sh The gate leaves its test VMs running for convenience. To shut everything down: @@ -57,6 +104,7 @@ These can be found in ``tools/g2/bin``. The most important is certainly ./tools/g2/bin/ssh.sh n0 + Development ----------- @@ -72,7 +120,7 @@ host: ./tools/registry/start.sh ./tools/registry/update_cache.sh -Then, the images used by the example can be updated using: +Then, the images used by the basic example can be updated using: .. code-block:: bash @@ -91,71 +139,6 @@ The registry can be stopped with: ./tools/registry/stop.sh -Deployment using Vagrant -^^^^^^^^^^^^^^^^^^^^^^^^ - -Initial Setup of Vagrant -~~~~~~~~~~~~~~~~~~~~~~~~ - -Deployment using Vagrant uses KVM instead of Virtualbox due to better -performance of disk and networking, which both have significant impact on the -stability of the etcd clusters. - -Make sure you have [Vagrant](https://vagrantup.com) installed, then -run `./tools/vagrant/full-vagrant-setup.sh`, which will do the following: - -* Install Vagrant libvirt plugin and its dependencies -* Install NFS dependencies for Vagrant volume sharing -* Install [packer](https://packer.io) and build a KVM image for Ubuntu 16.04 - -Deployment -~~~~~~~~~~ -A complete set of configuration that works with the `Vagrantfile` in the -top-level directory is provided in the `example` directory. - -To exercise that example, first generate certs and combine the configuration -into usable parts: - -.. code-block:: bash - - ./tools/build-example.sh - -Start the VMs: - -.. code-block:: bash - - vagrant up --parallel - -Then bring up the genesis node: - -.. code-block:: bash - - vagrant ssh n0 -c 'sudo /vagrant/example/scripts/genesis.sh' - -Join additional master nodes: - -.. code-block:: bash - - vagrant ssh n1 -c 'sudo /vagrant/example/scripts/join-n1.sh' - vagrant ssh n2 -c 'sudo /vagrant/example/scripts/join-n2.sh' - -Re-provision the genesis node as a normal master: - -.. code-block:: bash - - vagrant ssh n0 -c 'sudo promenade-teardown' - vagrant ssh n1 -c 'sudo kubectl delete node n0' - vagrant destroy -f n0 - vagrant up n0 - vagrant ssh n0 -c 'sudo /vagrant/example/scripts/join-n0.sh' - -Join the remaining worker: - -.. code-block:: bash - - vagrant ssh n3 -c 'sudo /vagrant/example/scripts/join-n3.sh' - - Building the image ^^^^^^^^^^^^^^^^^^ @@ -175,14 +158,11 @@ To build the image from behind a proxy, you can: For convenience, there is a script which builds an image from the current code, -then uses it to construct scripts for the example: +then uses it to generate certificates and construct scripts: .. code-block:: bash - ./tools/dev-build.sh - -*NOTE* the ``dev-build.sh`` script puts Promenade in debug mode, which will -instruct it to use Vagrant's shared directory to source local charts. + ./tools/dev-build.sh examples/basic build Using Promenade Behind a Proxy diff --git a/example/.gitignore b/example/.gitignore deleted file mode 100644 index cb9919a3..00000000 --- a/example/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -certificates.yaml -scripts diff --git a/examples/basic/ArmadaManifest.yaml b/examples/basic/ArmadaManifest.yaml new file mode 100644 index 00000000..0806c11d --- /dev/null +++ b/examples/basic/ArmadaManifest.yaml @@ -0,0 +1,17 @@ +--- +schema: armada/Manifest/v1 +metadata: + schema: metadata/Document/v1 + name: cluster-bootstrap + layeringDefinition: + abstract: false + layer: site +data: + release_prefix: ucp + chart_groups: + - kubernetes-proxy + - container-networking + - dns + - kubernetes + - kubernetes-rbac +... diff --git a/examples/basic/Docker.yaml b/examples/basic/Docker.yaml new file mode 100644 index 00000000..9b303fad --- /dev/null +++ b/examples/basic/Docker.yaml @@ -0,0 +1,15 @@ +--- +schema: promenade/Docker/v1 +metadata: + schema: metadata/Document/v1 + name: docker + layeringDefinition: + abstract: false + layer: site +data: + config: + insecure-registries: + - registry:5000 + live-restore: true + storage-driver: overlay2 +... diff --git a/example/genesis-config.yaml b/examples/basic/Genesis.yaml similarity index 86% rename from example/genesis-config.yaml rename to examples/basic/Genesis.yaml index 0bd3f808..3e050091 100644 --- a/example/genesis-config.yaml +++ b/examples/basic/Genesis.yaml @@ -14,6 +14,9 @@ data: - calico-etcd=enabled - node-role.kubernetes.io/master= dynamic: + - ceph-mds=enabled + - ceph-mon=enabled + - ceph-osd=enabled - kubernetes-apiserver=enabled - kubernetes-controller-manager=enabled - kubernetes-etcd=enabled @@ -31,6 +34,6 @@ data: scheduler: gcr.io/google_containers/hyperkube-amd64:v1.8.0 files: - path: /var/lib/anchor/calico-etcd-bootstrap - content: "" + content: "# placeholder for triggering calico etcd bootstrapping" mode: 0644 ... diff --git a/example/site-config.yaml b/examples/basic/HostSystem.yaml similarity index 71% rename from example/site-config.yaml rename to examples/basic/HostSystem.yaml index 0a248e9f..0261edfb 100644 --- a/example/site-config.yaml +++ b/examples/basic/HostSystem.yaml @@ -1,55 +1,4 @@ --- -schema: promenade/KubernetesNetwork/v1 -metadata: - schema: metadata/Document/v1 - name: kubernetes-network - layeringDefinition: - abstract: false - layer: site -data: - dns: - cluster_domain: cluster.local - service_ip: 10.96.0.10 - bootstrap_validation_checks: - - calico-etcd.kube-system.svc.cluster.local - - kubernetes-etcd.kube-system.svc.cluster.local - - kubernetes.default.svc.cluster.local - upstream_servers: - - 8.8.8.8 - - 8.8.4.4 - - kubernetes: - pod_cidr: 10.97.0.0/16 - service_cidr: 10.96.0.0/16 - service_ip: 10.96.0.1 - - etcd: - service_ip: 10.96.0.2 - - hosts_entries: - - ip: 192.168.77.1 - names: - - registry - -# proxy: -# url: http://proxy.example.com:8080 -# additional_no_proxy: -# - 10.0.1.1 ---- -schema: promenade/Docker/v1 -metadata: - schema: metadata/Document/v1 - name: docker - layeringDefinition: - abstract: false - layer: site -data: - config: - insecure-registries: - - registry:5000 - live-restore: true - storage-driver: overlay2 ---- schema: promenade/HostSystem/v1 metadata: schema: metadata/Document/v1 diff --git a/examples/basic/KubernetesNetwork.yaml b/examples/basic/KubernetesNetwork.yaml new file mode 100644 index 00000000..0b654a37 --- /dev/null +++ b/examples/basic/KubernetesNetwork.yaml @@ -0,0 +1,38 @@ +--- +schema: promenade/KubernetesNetwork/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-network + layeringDefinition: + abstract: false + layer: site +data: + dns: + cluster_domain: cluster.local + service_ip: 10.96.0.10 + bootstrap_validation_checks: + - calico-etcd.kube-system.svc.cluster.local + - kubernetes-etcd.kube-system.svc.cluster.local + - kubernetes.default.svc.cluster.local + upstream_servers: + - 8.8.8.8 + - 8.8.4.4 + + kubernetes: + pod_cidr: 10.97.0.0/16 + service_cidr: 10.96.0.0/16 + service_ip: 10.96.0.1 + + etcd: + service_ip: 10.96.0.2 + + hosts_entries: + - ip: 192.168.77.1 + names: + - registry + +# proxy: +# url: http://proxy.example.com:8080 +# additional_no_proxy: +# - 10.0.1.1 +... diff --git a/example/bootstrap-armada-config.yaml b/examples/basic/armada-resources.yaml similarity index 98% rename from example/bootstrap-armada-config.yaml rename to examples/basic/armada-resources.yaml index de7764db..7731bd29 100644 --- a/example/bootstrap-armada-config.yaml +++ b/examples/basic/armada-resources.yaml @@ -1,20 +1,4 @@ --- -schema: armada/Manifest/v1 -metadata: - schema: metadata/Document/v1 - name: cluster-bootstrap - layeringDefinition: - abstract: false - layer: site -data: - release_prefix: ucp - chart_groups: - - kubernetes-proxy - - container-networking - - dns - - kubernetes - - kubernetes-rbac ---- schema: armada/ChartGroup/v1 metadata: schema: metadata/Document/v1 diff --git a/example/joining-host-config.yaml b/examples/basic/joining-host-config.yaml similarity index 85% rename from example/joining-host-config.yaml rename to examples/basic/joining-host-config.yaml index 648e473e..19b3f68f 100644 --- a/example/joining-host-config.yaml +++ b/examples/basic/joining-host-config.yaml @@ -12,6 +12,9 @@ data: join_ip: 192.168.77.11 labels: dynamic: + - ceph-mon=enabled + - ceph-osd=enabled + - ceph-mds=enabled - ucp-control-plane=enabled --- schema: promenade/KubernetesNode/v1 @@ -30,6 +33,9 @@ data: - node-role.kubernetes.io/master= dynamic: - calico-etcd=enabled + - ceph-mon=enabled + - ceph-osd=enabled + - ceph-mds=enabled - kubernetes-apiserver=enabled - kubernetes-controller-manager=enabled - kubernetes-etcd=enabled @@ -52,6 +58,9 @@ data: - node-role.kubernetes.io/master= dynamic: - calico-etcd=enabled + - ceph-mon=enabled + - ceph-osd=enabled + - ceph-mds=enabled - kubernetes-apiserver=enabled - kubernetes-controller-manager=enabled - kubernetes-etcd=enabled @@ -74,6 +83,9 @@ data: - node-role.kubernetes.io/master= dynamic: - calico-etcd=enabled + - ceph-mon=enabled + - ceph-osd=enabled + - ceph-mds=enabled - kubernetes-apiserver=enabled - kubernetes-controller-manager=enabled - kubernetes-etcd=enabled diff --git a/examples/complete/ArmadaManifest.yaml b/examples/complete/ArmadaManifest.yaml new file mode 100644 index 00000000..0895784c --- /dev/null +++ b/examples/complete/ArmadaManifest.yaml @@ -0,0 +1,19 @@ +--- +schema: armada/Manifest/v1 +metadata: + schema: metadata/Document/v1 + name: cluster-bootstrap + layeringDefinition: + abstract: false + layer: site +data: + release_prefix: ucp + chart_groups: + - kubernetes-proxy + - container-networking + - dns + - kubernetes + - kubernetes-rbac + - ceph + - ucp-infra +... diff --git a/examples/complete/Docker.yaml b/examples/complete/Docker.yaml new file mode 100644 index 00000000..9b303fad --- /dev/null +++ b/examples/complete/Docker.yaml @@ -0,0 +1,15 @@ +--- +schema: promenade/Docker/v1 +metadata: + schema: metadata/Document/v1 + name: docker + layeringDefinition: + abstract: false + layer: site +data: + config: + insecure-registries: + - registry:5000 + live-restore: true + storage-driver: overlay2 +... diff --git a/examples/complete/Genesis.yaml b/examples/complete/Genesis.yaml new file mode 100644 index 00000000..3e050091 --- /dev/null +++ b/examples/complete/Genesis.yaml @@ -0,0 +1,39 @@ +--- +schema: promenade/Genesis/v1 +metadata: + schema: metadata/Document/v1 + name: genesis + layeringDefinition: + abstract: false + layer: site +data: + hostname: n0 + ip: 192.168.77.10 + labels: + static: + - calico-etcd=enabled + - node-role.kubernetes.io/master= + dynamic: + - ceph-mds=enabled + - ceph-mon=enabled + - ceph-osd=enabled + - kubernetes-apiserver=enabled + - kubernetes-controller-manager=enabled + - kubernetes-etcd=enabled + - kubernetes-scheduler=enabled + - promenade-genesis=enabled + - ucp-control-plane=enabled + images: + armada: quay.io/attcomdev/armada:latest + helm: + tiller: gcr.io/kubernetes-helm/tiller:v2.5.1 + kubernetes: + apiserver: gcr.io/google_containers/hyperkube-amd64:v1.8.0 + controller-manager: gcr.io/google_containers/hyperkube-amd64:v1.8.0 + etcd: quay.io/coreos/etcd:v3.0.17 + scheduler: gcr.io/google_containers/hyperkube-amd64:v1.8.0 + files: + - path: /var/lib/anchor/calico-etcd-bootstrap + content: "# placeholder for triggering calico etcd bootstrapping" + mode: 0644 +... diff --git a/examples/complete/HostSystem.yaml b/examples/complete/HostSystem.yaml new file mode 100644 index 00000000..7ff17c05 --- /dev/null +++ b/examples/complete/HostSystem.yaml @@ -0,0 +1,62 @@ +--- +schema: promenade/HostSystem/v1 +metadata: + schema: metadata/Document/v1 + name: host-system + layeringDefinition: + abstract: false + layer: site +data: + files: + - path: /opt/kubernetes/bin/kubelet + tar_url: https://dl.k8s.io/v1.8.0/kubernetes-node-linux-amd64.tar.gz + tar_path: kubernetes/node/bin/kubelet + mode: 0555 + images: + coredns: coredns/coredns:011 + helm: + helm: lachlanevenson/k8s-helm:v2.5.1 + kubernetes: + kubectl: gcr.io/google_containers/hyperkube-amd64:v1.8.0 + packages: + repositories: + - deb http://apt.dockerproject.org/repo ubuntu-xenial main + keys: + - |- + -----BEGIN PGP PUBLIC KEY BLOCK----- + + mQINBFWln24BEADrBl5p99uKh8+rpvqJ48u4eTtjeXAWbslJotmC/CakbNSqOb9o + ddfzRvGVeJVERt/Q/mlvEqgnyTQy+e6oEYN2Y2kqXceUhXagThnqCoxcEJ3+KM4R + mYdoe/BJ/J/6rHOjq7Omk24z2qB3RU1uAv57iY5VGw5p45uZB4C4pNNsBJXoCvPn + TGAs/7IrekFZDDgVraPx/hdiwopQ8NltSfZCyu/jPpWFK28TR8yfVlzYFwibj5WK + dHM7ZTqlA1tHIG+agyPf3Rae0jPMsHR6q+arXVwMccyOi+ULU0z8mHUJ3iEMIrpT + X+80KaN/ZjibfsBOCjcfiJSB/acn4nxQQgNZigna32velafhQivsNREFeJpzENiG + HOoyC6qVeOgKrRiKxzymj0FIMLru/iFF5pSWcBQB7PYlt8J0G80lAcPr6VCiN+4c + NKv03SdvA69dCOj79PuO9IIvQsJXsSq96HB+TeEmmL+xSdpGtGdCJHHM1fDeCqkZ + hT+RtBGQL2SEdWjxbF43oQopocT8cHvyX6Zaltn0svoGs+wX3Z/H6/8P5anog43U + 65c0A+64Jj00rNDr8j31izhtQMRo892kGeQAaaxg4Pz6HnS7hRC+cOMHUU4HA7iM + zHrouAdYeTZeZEQOA7SxtCME9ZnGwe2grxPXh/U/80WJGkzLFNcTKdv+rwARAQAB + tDdEb2NrZXIgUmVsZWFzZSBUb29sIChyZWxlYXNlZG9ja2VyKSA8ZG9ja2VyQGRv + Y2tlci5jb20+iQI4BBMBAgAiBQJVpZ9uAhsvBgsJCAcDAgYVCAIJCgsEFgIDAQIe + AQIXgAAKCRD3YiFXLFJgnbRfEAC9Uai7Rv20QIDlDogRzd+Vebg4ahyoUdj0CH+n + Ak40RIoq6G26u1e+sdgjpCa8jF6vrx+smpgd1HeJdmpahUX0XN3X9f9qU9oj9A4I + 1WDalRWJh+tP5WNv2ySy6AwcP9QnjuBMRTnTK27pk1sEMg9oJHK5p+ts8hlSC4Sl + uyMKH5NMVy9c+A9yqq9NF6M6d6/ehKfBFFLG9BX+XLBATvf1ZemGVHQusCQebTGv + 0C0V9yqtdPdRWVIEhHxyNHATaVYOafTj/EF0lDxLl6zDT6trRV5n9F1VCEh4Aal8 + L5MxVPcIZVO7NHT2EkQgn8CvWjV3oKl2GopZF8V4XdJRl90U/WDv/6cmfI08GkzD + YBHhS8ULWRFwGKobsSTyIvnbk4NtKdnTGyTJCQ8+6i52s+C54PiNgfj2ieNn6oOR + 7d+bNCcG1CdOYY+ZXVOcsjl73UYvtJrO0Rl/NpYERkZ5d/tzw4jZ6FCXgggA/Zxc + jk6Y1ZvIm8Mt8wLRFH9Nww+FVsCtaCXJLP8DlJLASMD9rl5QS9Ku3u7ZNrr5HWXP + HXITX660jglyshch6CWeiUATqjIAzkEQom/kEnOrvJAtkypRJ59vYQOedZ1sFVEL + MXg2UCkD/FwojfnVtjzYaTCeGwFQeqzHmM241iuOmBYPeyTY5veF49aBJA1gEJOQ + TvBR8Q== + =Fm3p + -----END PGP PUBLIC KEY BLOCK----- + additional: + - ceph-common=10.2.7-0ubuntu0.16.04.1 + - curl + - jq + required: + docker: docker-engine=1.13.1-0~ubuntu-xenial + socat: socat=1.7.3.1-1 +... diff --git a/examples/complete/KubernetesNetwork.yaml b/examples/complete/KubernetesNetwork.yaml new file mode 100644 index 00000000..0b654a37 --- /dev/null +++ b/examples/complete/KubernetesNetwork.yaml @@ -0,0 +1,38 @@ +--- +schema: promenade/KubernetesNetwork/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-network + layeringDefinition: + abstract: false + layer: site +data: + dns: + cluster_domain: cluster.local + service_ip: 10.96.0.10 + bootstrap_validation_checks: + - calico-etcd.kube-system.svc.cluster.local + - kubernetes-etcd.kube-system.svc.cluster.local + - kubernetes.default.svc.cluster.local + upstream_servers: + - 8.8.8.8 + - 8.8.4.4 + + kubernetes: + pod_cidr: 10.97.0.0/16 + service_cidr: 10.96.0.0/16 + service_ip: 10.96.0.1 + + etcd: + service_ip: 10.96.0.2 + + hosts_entries: + - ip: 192.168.77.1 + names: + - registry + +# proxy: +# url: http://proxy.example.com:8080 +# additional_no_proxy: +# - 10.0.1.1 +... diff --git a/examples/complete/armada-resources.yaml b/examples/complete/armada-resources.yaml new file mode 100644 index 00000000..13de1810 --- /dev/null +++ b/examples/complete/armada-resources.yaml @@ -0,0 +1,1268 @@ +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-proxy + layeringDefinition: + abstract: false + layer: site +data: + description: Kubernetes proxy + sequenced: true + chart_group: + - kubernetes-proxy +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: container-networking + layeringDefinition: + abstract: false + layer: site +data: + description: Container networking via Calico + sequenced: true + chart_group: + - calico-etcd + - calico +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: dns + layeringDefinition: + abstract: false + layer: site +data: + description: Cluster DNS + chart_group: + - coredns +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-rbac + layeringDefinition: + abstract: false + layer: site +data: + description: Role Based Access Control configuration for Kubernetes + sequenced: true + chart_group: + - kubernetes-rbac +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: ceph + layeringDefinition: + abstract: false + layer: site +data: + description: Ceph Storage + sequenced: true + chart_group: + - ceph + - ucp-ceph-config +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes + layeringDefinition: + abstract: false + layer: site +data: + description: Kubernetes components + chart_group: + - kubernetes-etcd + - kubernetes-apiserver + - kubernetes-controller-manager + - kubernetes-scheduler +--- +schema: armada/ChartGroup/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-infra + layeringDefinition: + abstract: false + layer: site +data: + description: UCP Infrastructure + sequenced: false + chart_group: + - ucp-mariadb + - ucp-memcached + - ucp-keystone +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: helm-toolkit +data: + chart_name: helm-toolkit + release: helm-toolkit + namespace: helm-toolkit + timeout: 600 + upgrade: + no_hooks: true + values: {} + source: + type: git + location: https://git.openstack.org/openstack/openstack-helm + subpath: helm-toolkit + reference: master + dependencies: [] +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-proxy + layeringDefinition: + abstract: false + layer: site + substitutions: + - + src: + schema: deckhand/CertificateAuthority/v1 + name: kubernetes + path: $ + dest: + path: '$.values.tls.ca' + - + src: + schema: deckhand/Certificate/v1 + name: proxy + path: $ + dest: + path: '$.values.tls.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: proxy + path: $ + dest: + path: '$.values.tls.key' +data: + chart_name: proxy + release: kubernetes-proxy + namespace: kube-system + timeout: 600 + upgrade: + no_hooks: true + values: + tls: + ca: placeholder + cert: placeholder + key: placeholder + images: + proxy: gcr.io/google_containers/hyperkube-amd64:v1.8.0 + network: + kubernetes_netloc: apiserver.kubernetes.promenade:6443 + pod_cidr: 10.97.0.0/16 + source: + type: local + location: /etc/genesis/armada/assets/charts + subpath: proxy + dependencies: [] +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: calico-etcd + layeringDefinition: + abstract: false + layer: site + substitutions: + - + src: + schema: deckhand/CertificateAuthority/v1 + name: calico-etcd + path: $ + dest: + path: '$.values.tls.client.ca' + - + src: + schema: deckhand/CertificateAuthority/v1 + name: calico-etcd-peer + path: $ + dest: + path: '$.values.tls.peer.ca' + + - + src: + schema: deckhand/Certificate/v1 + name: calico-etcd-anchor + path: $ + dest: + path: '$.values.anchor.tls.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-anchor + path: $ + dest: + path: '$.values.anchor.tls.key' + + - + src: + schema: deckhand/Certificate/v1 + name: calico-etcd-n0 + path: $ + dest: + path: '$.values.nodes[0].tls.client.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-n0 + path: $ + dest: + path: '$.values.nodes[0].tls.client.key' + - + src: + schema: deckhand/Certificate/v1 + name: calico-etcd-n0-peer + path: $ + dest: + path: '$.values.nodes[0].tls.peer.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-n0-peer + path: $ + dest: + path: '$.values.nodes[0].tls.peer.key' + + - + src: + schema: deckhand/Certificate/v1 + name: calico-etcd-n1 + path: $ + dest: + path: '$.values.nodes[1].tls.client.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-n1 + path: $ + dest: + path: '$.values.nodes[1].tls.client.key' + - + src: + schema: deckhand/Certificate/v1 + name: calico-etcd-n1-peer + path: $ + dest: + path: '$.values.nodes[1].tls.peer.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-n1-peer + path: $ + dest: + path: '$.values.nodes[1].tls.peer.key' + + - + src: + schema: deckhand/Certificate/v1 + name: calico-etcd-n2 + path: $ + dest: + path: '$.values.nodes[2].tls.client.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-n2 + path: $ + dest: + path: '$.values.nodes[2].tls.client.key' + - + src: + schema: deckhand/Certificate/v1 + name: calico-etcd-n2-peer + path: $ + dest: + path: '$.values.nodes[2].tls.peer.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-n2-peer + path: $ + dest: + path: '$.values.nodes[2].tls.peer.key' + + - + src: + schema: deckhand/Certificate/v1 + name: calico-etcd-n3 + path: $ + dest: + path: '$.values.nodes[3].tls.client.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-n3 + path: $ + dest: + path: '$.values.nodes[3].tls.client.key' + - + src: + schema: deckhand/Certificate/v1 + name: calico-etcd-n3-peer + path: $ + dest: + path: '$.values.nodes[3].tls.peer.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: calico-etcd-n3-peer + path: $ + dest: + path: '$.values.nodes[3].tls.peer.key' + +data: + chart_name: etcd + release: calico-etcd + namespace: kube-system + timeout: 600 + upgrade: + no_hooks: true + values: + anchor: + etcdctl_endpoint: 10.96.232.136 + node_selector: + key: calico-etcd + value: enabled + tls: + cert: placeholder + key: placeholder + etcd: + host_data_path: /var/lib/etcd/calico + host_etc_path: /etc/etcd/calico + bootstrapping: + enabled: true + host_directory: /var/lib/anchor + filename: calico-etcd-bootstrap + images: + etcd: quay.io/coreos/etcd:v3.0.17 + etcdctl: quay.io/coreos/etcd:v3.0.17 + nodes: + - name: n0 + tls: + client: + cert: placeholder + key: placeholder + peer: + cert: placeholder + key: placeholder + - name: n1 + tls: + client: + cert: placeholder + key: placeholder + peer: + cert: placeholder + key: placeholder + - name: n2 + tls: + client: + cert: placeholder + key: placeholder + peer: + cert: placeholder + key: placeholder + # n3 is here to demonstrate movability of the cluster + - name: n3 + tls: + client: + cert: placeholder + key: placeholder + peer: + cert: placeholder + key: placeholder + service: + name: calico-etcd + ip: 10.96.232.136 + client: + port: 6666 + target_port: 6666 + peer: + port: 6667 + target_port: 6667 + tls: + client: + ca: placeholder + peer: + ca: placeholder + source: + type: local + location: /etc/genesis/armada/assets/charts + subpath: etcd + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: calico + layeringDefinition: + abstract: false + layer: site + substitutions: + - + src: + schema: deckhand/CertificateAuthority/v1 + name: calico-etcd + path: $ + dest: + path: '$.values.etcd.tls.ca' + - + src: + schema: deckhand/Certificate/v1 + name: calico-node + path: $ + dest: + path: '$.values.etcd.tls.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: calico-node + path: $ + dest: + path: '$.values.etcd.tls.key' +data: + chart_name: calico + release: calico + namespace: kube-system + timeout: 600 + upgrade: + no_hooks: true + values: + calico: + ip_autodetection_method: interface=ens3 + pod_ip_cidr: 10.97.0.0/16 + ctl: + install_on_host: true + etcd: + service: + ip: 10.96.232.136 + port: 6666 + tls: + ca: placeholder + cert: placeholder + key: placeholder + images: + cni: quay.io/calico/cni:v1.11.0 + ctl: quay.io/calico/ctl:v1.6.1 + node: quay.io/calico/node:v2.6.1 + policy_controller: quay.io/calico/kube-controllers:v1.0.0 + source: + type: local + location: /etc/genesis/armada/assets/charts + subpath: calico + dependencies: [] +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: coredns + layeringDefinition: + abstract: false + layer: site + substitutions: + - + src: + schema: deckhand/CertificateAuthority/v1 + name: kubernetes + path: $ + dest: + path: '$.values.tls.ca' + - + src: + schema: deckhand/Certificate/v1 + name: coredns + path: $ + dest: + path: '$.values.tls.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: coredns + path: $ + dest: + path: '$.values.tls.key' +data: + chart_name: coredns + release: coredns + namespace: kube-system + timeout: 600 + upgrade: + no_hooks: true + values: + coredns: + cluster_domain: cluster.local + upstream_nameservers: + - 8.8.8.8 + - 8.8.4.4 + + zones: + - name: promenade + services: + - bind_name: apiserver.kubernetes + service: + name: kubernetes-apiserver + namespace: kube-system + - bind_name: etcd.kubernetes + service: + name: kubernetes-etcd + namespace: kube-system + - bind_name: etcd.calico + service: + name: calico-etcd + namespace: kube-system + images: + anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.0 + coredns: coredns/coredns:011 + tls: + ca: placeholder + cert: placeholder + key: placeholder + network: + kubernetes_netloc: apiserver.kubernetes.promenade:6443 + source: + type: local + location: /etc/genesis/armada/assets/charts + subpath: coredns + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-apiserver + layeringDefinition: + abstract: false + layer: site + substitutions: + - + src: + schema: deckhand/CertificateAuthority/v1 + name: kubernetes + path: $ + dest: + path: $.values.tls.ca + + - + src: + schema: deckhand/Certificate/v1 + name: apiserver + path: $ + dest: + path: $.values.tls.cert + - + src: + schema: deckhand/CertificateKey/v1 + name: apiserver + path: $ + dest: + path: $.values.tls.key + - + src: + schema: deckhand/CertificateAuthority/v1 + name: kubernetes-etcd + path: $ + dest: + path: $.values.apiserver.etcd.tls.ca + - + src: + schema: deckhand/Certificate/v1 + name: apiserver-etcd + path: $ + dest: + path: $.values.apiserver.etcd.tls.cert + - + src: + schema: deckhand/CertificateKey/v1 + name: apiserver-etcd + path: $ + dest: + path: $.values.apiserver.etcd.tls.key + - + src: + schema: deckhand/PublicKey/v1 + name: service-account + path: $ + dest: + path: $.values.service_account.public_key + +data: + chart_name: apiserver + release: kubernetes-apiserver + namespace: kube-system + timeout: 600 + upgrade: + no_hooks: true + values: + apiserver: + etcd: + endpoints: https://etcd.kubernetes.promenade:2379 + tls: + ca: placeholder + cert: placeholder + key: placeholder + images: + anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.0 + apiserver: gcr.io/google_containers/hyperkube-amd64:v1.8.0 + service_account: + public_key: placeholder + tls: + ca: placeholder + cert: placeholder + key: placeholder + network: + kubernetes_service_ip: 10.96.0.1 + pod_cidr: 10.97.0.0/16 + service_cidr: 10.96.0.0/16 + + source: + type: local + location: /etc/genesis/armada/assets/charts + subpath: apiserver + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-controller-manager + layeringDefinition: + abstract: false + layer: site + substitutions: + - + src: + schema: deckhand/CertificateAuthority/v1 + name: kubernetes + path: $ + dest: + path: $.values.tls.ca + + - + src: + schema: deckhand/Certificate/v1 + name: controller-manager + path: $ + dest: + path: $.values.tls.cert + - + src: + schema: deckhand/CertificateKey/v1 + name: controller-manager + path: $ + dest: + path: $.values.tls.key + - + src: + schema: deckhand/PrivateKey/v1 + name: service-account + path: $ + dest: + path: $.values.service_account.private_key + +data: + chart_name: controller_manager + release: kubernetes-controller-manager + namespace: kube-system + timeout: 600 + upgrade: + no_hooks: true + values: + images: + anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.0 + controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.8.0 + service_account: + private_key: placeholder + tls: + ca: placeholder + cert: placeholder + key: placeholder + network: + kubernetes_netloc: apiserver.kubernetes.promenade:6443 + pod_cidr: 10.97.0.0/16 + service_cidr: 10.96.0.0/16 + + source: + type: local + location: /etc/genesis/armada/assets/charts + subpath: controller_manager + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-scheduler + layeringDefinition: + abstract: false + layer: site + substitutions: + - + src: + schema: deckhand/CertificateAuthority/v1 + name: kubernetes + path: $ + dest: + path: $.values.tls.ca + - + src: + schema: deckhand/Certificate/v1 + name: scheduler + path: $ + dest: + path: $.values.tls.cert + - + src: + schema: deckhand/CertificateKey/v1 + name: scheduler + path: $ + dest: + path: $.values.tls.key + +data: + chart_name: scheduler + release: kubernetes-scheduler + namespace: kube-system + timeout: 600 + upgrade: + no_hooks: true + values: + tls: + ca: placeholder + cert: placeholder + key: placeholder + + network: + kubernetes_netloc: apiserver.kubernetes.promenade:6443 + + images: + anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.0 + scheduler: gcr.io/google_containers/hyperkube-amd64:v1.8.0 + + source: + type: local + location: /etc/genesis/armada/assets/charts + subpath: scheduler + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-etcd + layeringDefinition: + abstract: false + layer: site + substitutions: + - + src: + schema: deckhand/CertificateAuthority/v1 + name: kubernetes-etcd + path: $ + dest: + path: '$.values.tls.client.ca' + - + src: + schema: deckhand/CertificateAuthority/v1 + name: kubernetes-etcd-peer + path: $ + dest: + path: '$.values.tls.peer.ca' + + - + src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-anchor + path: $ + dest: + path: '$.values.anchor.tls.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-anchor + path: $ + dest: + path: '$.values.anchor.tls.key' + + - + src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-n0 + path: $ + dest: + path: '$.values.nodes[0].tls.client.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-n0 + path: $ + dest: + path: '$.values.nodes[0].tls.client.key' + - + src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-n0-peer + path: $ + dest: + path: '$.values.nodes[0].tls.peer.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-n0-peer + path: $ + dest: + path: '$.values.nodes[0].tls.peer.key' + + - + src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-n1 + path: $ + dest: + path: '$.values.nodes[1].tls.client.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-n1 + path: $ + dest: + path: '$.values.nodes[1].tls.client.key' + - + src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-n1-peer + path: $ + dest: + path: '$.values.nodes[1].tls.peer.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-n1-peer + path: $ + dest: + path: '$.values.nodes[1].tls.peer.key' + + - + src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-n2 + path: $ + dest: + path: '$.values.nodes[2].tls.client.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-n2 + path: $ + dest: + path: '$.values.nodes[2].tls.client.key' + - + src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-n2-peer + path: $ + dest: + path: '$.values.nodes[2].tls.peer.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-n2-peer + path: $ + dest: + path: '$.values.nodes[2].tls.peer.key' + + - + src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-n3 + path: $ + dest: + path: '$.values.nodes[3].tls.client.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-n3 + path: $ + dest: + path: '$.values.nodes[3].tls.client.key' + - + src: + schema: deckhand/Certificate/v1 + name: kubernetes-etcd-n3-peer + path: $ + dest: + path: '$.values.nodes[3].tls.peer.cert' + - + src: + schema: deckhand/CertificateKey/v1 + name: kubernetes-etcd-n3-peer + path: $ + dest: + path: '$.values.nodes[3].tls.peer.key' + +data: + chart_name: etcd + release: kubernetes-etcd + namespace: kube-system + timeout: 600 + upgrade: + no_hooks: true + values: + anchor: + etcdctl_endpoint: 10.96.0.2 + node_selector: + key: kubernetes-etcd + value: enabled + tls: + cert: placeholder + key: placeholder + etcd: + host_data_path: /var/lib/etcd/kubernetes + host_etc_path: /etc/etcd/kubernetes + images: + etcd: quay.io/coreos/etcd:v3.0.17 + etcdctl: quay.io/coreos/etcd:v3.0.17 + nodes: + - name: n0 + tls: + client: + cert: placeholder + key: placeholder + peer: + cert: placeholder + key: placeholder + - name: n1 + tls: + client: + cert: placeholder + key: placeholder + peer: + cert: placeholder + key: placeholder + - name: n2 + tls: + client: + cert: placeholder + key: placeholder + peer: + cert: placeholder + key: placeholder + - name: n3 + tls: + client: + cert: placeholder + key: placeholder + peer: + cert: placeholder + key: placeholder + service: + name: kubernetes-etcd + ip: 10.96.0.2 + client: + port: 2379 + target_port: 2379 + peer: + port: 2380 + target_port: 2380 + tls: + client: + ca: placeholder + peer: + ca: placeholder + source: + type: local + location: /etc/genesis/armada/assets/charts + subpath: etcd + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: kubernetes-rbac + layeringDefinition: + abstract: false + layer: site +data: + chart_name: rbac + release: rbac + namespace: kube-system + timeout: 600 + values: {} + upgrade: + no_hooks: true + source: + type: local + location: /etc/genesis/armada/assets/charts + subpath: rbac + dependencies: [] +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ceph +data: + chart_name: ceph + release: ceph + namespace: ceph + timeout: 3600 + install: + no_hooks: false + upgrade: + no_hooks: false + pre: + delete: + - name: ceph-bootstrap + type: job + labels: + - application: ceph + - component: bootstrap + - release_group: armada-ucp + - name: ceph-mds-keyring-generator + type: job + labels: + - application: ceph + - component: mds-keyring-generator + - release_group: armada-ucp + - name: ceph-mon-keyring-generator + type: job + labels: + - application: ceph + - component: mon-keyring-generator + - release_group: armada-ucp + - name: ceph-rgw-keyring-generator + type: job + labels: + - application: ceph + - component: rgw-keyring-generator + - release_group: armada-ucp + - name: ceph-storage-keys-generator + type: job + labels: + - application: ceph + - component: storage-keys-generator + - release_group: armada-ucp + - name: ceph-osd-keyring-generator + type: job + labels: + - application: ceph + - component: osd-keyring-generator + - release_group: armada-ucp + values: + labels: + jobs: + node_selector_key: ucp-control-plane + node_selector_value: enabled + endpoints: + identity: + namespace: ucp + object_store: + namespace: ceph + ceph_mon: + namespace: ceph + ceph: + rgw_keystone_auth: true + storage: + osd_directory: /var/lib/openstack-helm/ceph/osd + network: + public: 192.168.77.0/24 + cluster: 192.168.77.0/24 + deployment: + storage_secrets: true + ceph: true + rbd_provisioner: true + client_secrets: false + rgw_keystone_user_and_endpoints: false + bootstrap: + enabled: true + images: + tags: + ks_user: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + ks_service: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + ks_endpoints: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + bootstrap: quay.io/attcomdev/ceph-daemon:tag-build-master-jewel-ubuntu-16.04 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + daemon: quay.io/attcomdev/ceph-daemon:tag-build-master-jewel-ubuntu-16.04 + ceph_config_helper: docker.io/port/ceph-config-helper:v1.7.5 + rbd_provisioner: quay.io/external_storage/rbd-provisioner:v0.1.1 + source: + type: git + location: https://git.openstack.org/openstack/openstack-helm + subpath: ceph + reference: master + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-ceph-config +data: + chart_name: ucp-ceph-config + release: ucp-ceph-config + namespace: ucp + timeout: 3600 + install: + no_hooks: false + upgrade: + no_hooks: false + pre: + delete: + - name: ceph-namespace-client-key-generator + type: job + labels: + - application: ceph + - component: namespace-client-key-generator + - release_group: armada-ucp + values: + labels: + jobs: + node_selector_key: ucp-control-plane + node_selector_value: enabled + endpoints: + identity: + namespace: ucp + object_store: + namespace: ceph + ceph_mon: + namespace: ceph + ceph: + rgw_keystone_auth: true + network: + public: 192.168.77.0/24 + cluster: 192.168.77.0/24 + deployment: + storage_secrets: false + ceph: false + rbd_provisioner: false + client_secrets: true + rgw_keystone_user_and_endpoints: false + source: + type: git + location: https://git.openstack.org/openstack/openstack-helm + subpath: ceph + reference: master + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-mariadb +data: + chart_name: ucp-mariadb + release: ucp-mariadb + namespace: ucp + install: + no_hooks: false + upgrade: + no_hooks: false + values: + images: + tags: + mariadb: docker.io/mariadb:10.1.23 + labels: + node_selector_key: ucp-control-plane + node_selector_value: enabled + pod: + replicas: + server: 1 + source: + type: git + location: https://git.openstack.org/openstack/openstack-helm + subpath: mariadb + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-memcached +data: + chart_name: ucp-memcached + release: ucp-memcached + namespace: ucp + install: + no_hooks: false + upgrade: + no_hooks: false + values: + images: + tags: + memcached: docker.io/memcached:1.4 + labels: + node_selector_key: ucp-control-plane + node_selector_value: enabled + source: + type: git + location: https://git.openstack.org/openstack/openstack-helm + subpath: memcached + dependencies: + - helm-toolkit +--- +schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: ucp-keystone +data: + chart_name: ucp-keystone + release: keystone + namespace: ucp + install: + no_hooks: false + upgrade: + no_hooks: false + pre: + delete: + - name: keystone-db-sync + type: job + labels: + - job-name: keystone-db-sync + - name: keystone-db-init + type: job + labels: + - job-name: keystone-db-init + post: + delete: [] + create: [] + values: + conf: + keystone: + override: + paste: + override: + images: + tags: + bootstrap: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + test: docker.io/kolla/ubuntu-source-rally:4.0.0 + db_init: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + db_sync: docker.io/kolla/ubuntu-source-keystone:3.0.3 + db_drop: docker.io/kolla/ubuntu-source-heat-engine:3.0.3 + fernet_setup: docker.io/kolla/ubuntu-source-keystone:3.0.3 + fernet_rotate: docker.io/kolla/ubuntu-source-keystone:3.0.3 + credential_setup: docker.io/kolla/ubuntu-source-keystone:3.0.3 + credential_rotate: docker.io/kolla/ubuntu-source-keystone:3.0.3 + api: docker.io/kolla/ubuntu-source-keystone:3.0.3 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + pod: + replicas: + api: 1 + labels: + node_selector_key: ucp-control-plane + node_selector_value: enabled + source: + type: git + location: https://git.openstack.org/openstack/openstack-helm + subpath: keystone + dependencies: + - helm-toolkit +... diff --git a/examples/complete/joining-host-config.yaml b/examples/complete/joining-host-config.yaml new file mode 100644 index 00000000..19b3f68f --- /dev/null +++ b/examples/complete/joining-host-config.yaml @@ -0,0 +1,94 @@ +--- +schema: promenade/KubernetesNode/v1 +metadata: + schema: metadata/Document/v1 + name: n0 + layeringDefinition: + abstract: false + layer: site +data: + hostname: n0 + ip: 192.168.77.10 + join_ip: 192.168.77.11 + labels: + dynamic: + - ceph-mon=enabled + - ceph-osd=enabled + - ceph-mds=enabled + - ucp-control-plane=enabled +--- +schema: promenade/KubernetesNode/v1 +metadata: + schema: metadata/Document/v1 + name: n1 + layeringDefinition: + abstract: false + layer: site +data: + hostname: n1 + ip: 192.168.77.11 + join_ip: 192.168.77.10 + labels: + static: + - node-role.kubernetes.io/master= + dynamic: + - calico-etcd=enabled + - ceph-mon=enabled + - ceph-osd=enabled + - ceph-mds=enabled + - kubernetes-apiserver=enabled + - kubernetes-controller-manager=enabled + - kubernetes-etcd=enabled + - kubernetes-scheduler=enabled + - ucp-control-plane=enabled +--- +schema: promenade/KubernetesNode/v1 +metadata: + schema: metadata/Document/v1 + name: n2 + layeringDefinition: + abstract: false + layer: site +data: + hostname: n2 + ip: 192.168.77.12 + join_ip: 192.168.77.10 + labels: + static: + - node-role.kubernetes.io/master= + dynamic: + - calico-etcd=enabled + - ceph-mon=enabled + - ceph-osd=enabled + - ceph-mds=enabled + - kubernetes-apiserver=enabled + - kubernetes-controller-manager=enabled + - kubernetes-etcd=enabled + - kubernetes-scheduler=enabled + - ucp-control-plane=enabled +--- +schema: promenade/KubernetesNode/v1 +metadata: + schema: metadata/Document/v1 + name: n3 + layeringDefinition: + abstract: false + layer: site +data: + hostname: n3 + ip: 192.168.77.13 + join_ip: 192.168.77.11 + labels: + static: + - node-role.kubernetes.io/master= + dynamic: + - calico-etcd=enabled + - ceph-mon=enabled + - ceph-osd=enabled + - ceph-mds=enabled + - kubernetes-apiserver=enabled + - kubernetes-controller-manager=enabled + - kubernetes-etcd=enabled + - kubernetes-scheduler=enabled + - ucp-control-plane=enabled +... diff --git a/promenade/templates/roles/common/usr/local/bin/promenade-teardown b/promenade/templates/roles/common/usr/local/bin/promenade-teardown index 0e7e40c3..2341a8fd 100755 --- a/promenade/templates/roles/common/usr/local/bin/promenade-teardown +++ b/promenade/templates/roles/common/usr/local/bin/promenade-teardown @@ -4,8 +4,8 @@ set -xe -if [ $(kubectl get nodes | grep '\bReady\b' | wc -l) -lt 3 ]; then - echo Not enough live nodes to proceed with genesis teardown. 1>&2 +if [ $(kubectl get nodes | grep '\bReady\b' | wc -l) -lt 2 ]; then + echo Not enough live nodes to proceed with teardown. 1>&2 exit 1 fi diff --git a/promenade/templates/roles/genesis/etc/kubernetes/manifests/auxiliary-kubernetes-etcd.yaml b/promenade/templates/roles/genesis/etc/kubernetes/manifests/auxiliary-kubernetes-etcd.yaml index 37d8e240..78d220c2 100644 --- a/promenade/templates/roles/genesis/etc/kubernetes/manifests/auxiliary-kubernetes-etcd.yaml +++ b/promenade/templates/roles/genesis/etc/kubernetes/manifests/auxiliary-kubernetes-etcd.yaml @@ -23,7 +23,7 @@ spec: if [ $MEMBER_COUNT -gt 1 ]; then MEMBER_ID=$(etcdctl member list | grep auxiliary | awk -F ', ' '{ print $1 }') if [ -n $MEMBER_ID ]; then - while [ $MEMBER_COUNT -lt 4 ]; do + while [ $MEMBER_COUNT -lt 3 ]; do sleep 30 MEMBER_COUNT=$(etcdctl member list | grep '\bstarted\b' | wc -l) done diff --git a/tools/build-example.sh b/tools/basic-deployment.sh similarity index 54% rename from tools/build-example.sh rename to tools/basic-deployment.sh index 347d21ed..198d0c13 100755 --- a/tools/build-example.sh +++ b/tools/basic-deployment.sh @@ -1,34 +1,42 @@ #!/usr/bin/env bash -set -ex +set -eux IMAGE_PROMENADE=${IMAGE_PROMENADE:-quay.io/attcomdev/promenade:latest} +PROMENADE_DEBUG=${PROMENADE_DEBUG:-0} + +SCRIPT_DIR=$(realpath $(dirname $0)) +CONFIG_SOURCE=$(realpath ${1:-${SCRIPT_DIR}/../examples/basic}) +BUILD_DIR=$(realpath ${2:-${SCRIPT_DIR}/../build}) + echo === Cleaning up old data === -rm -rf example/scripts -mkdir example/scripts +rm -rf ${BUILD_DIR} +mkdir -p ${BUILD_DIR} + +cp "${CONFIG_SOURCE}"/*.yaml ${BUILD_DIR} echo === Generating updated certificates === docker run --rm -t \ -w /target \ -e PROMENADE_DEBUG=$PROMENADE_DEBUG \ - -v $(pwd):/target \ + -v ${BUILD_DIR}:/target \ ${IMAGE_PROMENADE} \ promenade \ generate-certs \ - -o example \ - example/*.yaml + -o /target \ + $(ls ${BUILD_DIR}) echo === Building bootstrap scripts === docker run --rm -t \ -w /target \ -e PROMENADE_DEBUG=$PROMENADE_DEBUG \ - -v $(pwd):/target \ + -v ${BUILD_DIR}:/target \ ${IMAGE_PROMENADE} \ promenade \ build-all \ - -o example/scripts \ + -o /target \ --validators \ - example/*.yaml + $(ls ${BUILD_DIR}) echo === Done === diff --git a/tools/dev-build.sh b/tools/dev-build.sh index 06c12287..7565689b 100755 --- a/tools/dev-build.sh +++ b/tools/dev-build.sh @@ -1,12 +1,13 @@ #!/usr/bin/env bash -set -ex +set -eux -SCRIPT_DIR=$(dirname $0) +SCRIPT_DIR=$(realpath $(dirname $0)) +SOURCE_DIR=$(realpath $SCRIPT_DIR/..) echo === Building image === -docker build -t quay.io/attcomdev/promenade:latest $(realpath $SCRIPT_DIR/..) +docker build -t quay.io/attcomdev/promenade:latest ${SOURCE_DIR} export PROMENADE_DEBUG=${PROMENADE_DEBUG:-1} -exec $SCRIPT_DIR/build-example.sh +exec $SCRIPT_DIR/basic-deployment.sh ${@} diff --git a/tools/g2/lib/all.sh b/tools/g2/lib/all.sh index 9b39668a..c5a346a8 100644 --- a/tools/g2/lib/all.sh +++ b/tools/g2/lib/all.sh @@ -1,3 +1,6 @@ +set -e +set -o nounset + LIB_DIR=$(realpath $(dirname $BASH_SOURCE)) source $LIB_DIR/config.sh @@ -11,6 +14,6 @@ source $LIB_DIR/ssh.sh source $LIB_DIR/validate.sh source $LIB_DIR/virsh.sh -if [ "x${PROMENADE_DEBUG}" = "x1" ]; then +if [[ -v GATE_DEBUG && ${GATE_DEBUG} = "1" ]]; then set -x fi diff --git a/tools/g2/lib/config.sh b/tools/g2/lib/config.sh index 9b3d20a7..ca485587 100644 --- a/tools/g2/lib/config.sh +++ b/tools/g2/lib/config.sh @@ -5,3 +5,24 @@ export PROMENADE_DEBUG=${PROMENADE_DEBUG:-0} export REGISTRY_DATA_DIR=${REGISTRY_DATA_DIR:-/mnt/registry} export VIRSH_POOL=${VIRSH_POOL:-promenade} export VIRSH_POOL_PATH=${VIRSH_POOL_PATH:-/var/lib/libvirt/promenade} + +config_configuration() { + jq -cr '.configuration[]' < ${GATE_MANIFEST} +} + +config_vm_memory() { + jq -cr '.vm.memory' < ${GATE_MANIFEST} +} + +config_vm_names() { + jq -cr '.vm.names[]' < ${GATE_MANIFEST} +} + +config_vm_ip() { + NAME=${1} + echo 192.168.77.1${NAME:1} +} + +config_vm_vcpus() { + jq -cr '.vm.vcpus' < ${GATE_MANIFEST} +} diff --git a/tools/g2/lib/const.sh b/tools/g2/lib/const.sh index afe53f28..023d9fc6 100644 --- a/tools/g2/lib/const.sh +++ b/tools/g2/lib/const.sh @@ -2,14 +2,9 @@ GENESIS_NAME=n0 SSH_CONFIG_DIR=${WORKSPACE}/tools/g2/config-ssh TEMPLATE_DIR=${WORKSPACE}/tools/g2/templates XML_DIR=${WORKSPACE}/tools/g2/xml -VM_NAMES=( +ALL_VM_NAMES=( n0 n1 n2 n3 ) - -vm_ip() { - NAME=${1} - echo 192.168.77.1${NAME:1} -} diff --git a/tools/g2/lib/log.sh b/tools/g2/lib/log.sh index 1221af2e..45613387 100644 --- a/tools/g2/lib/log.sh +++ b/tools/g2/lib/log.sh @@ -1,4 +1,4 @@ -if [[ "x${GATE_COLOR}" = "x1" ]]; then +if [[ -v GATE_COLOR && ${GATE_COLOR} = "1" ]]; then C_CLEAR="\e[0m" C_ERROR="\e[38;5;160m" C_HEADER="\e[38;5;164m" @@ -16,7 +16,9 @@ else fi log() { - echo -e ${C_MUTE}$(date --utc)${C_CLEAR} $* 1>&2 + d=$(date --utc) + echo -e ${C_MUTE}${d}${C_CLEAR} $* 1>&2 + echo -e ${d} $* >> ${LOG_FILE} } log_stage_diagnostic_header() { @@ -60,8 +62,10 @@ log_temp_dir() { echo -e Working in ${C_TEMP}${TEMP_DIR}${C_CLEAR} } -if [[ "x${PROMENADE_DEBUG}" = "x1" ]]; then +if [[ -v GATE_DEBUG && ${GATE_DEBUG} = "1" ]]; then export LOG_FILE=/dev/stderr +elif [[ -v TEMP_DIR ]]; then + export LOG_FILE=${TEMP_DIR}/gate.log else export LOG_FILE=/dev/null fi diff --git a/tools/g2/lib/registry.sh b/tools/g2/lib/registry.sh index de8e3b58..501828ae 100644 --- a/tools/g2/lib/registry.sh +++ b/tools/g2/lib/registry.sh @@ -2,12 +2,12 @@ registry_down() { REGISTRY_ID=$(docker ps -qa -f name=registry) if [ "x${REGISTRY_ID}" != "x" ]; then log Removing docker registry - docker rm -fv ${REGISTRY_ID} &> ${LOG_FILE} + docker rm -fv ${REGISTRY_ID} &>> ${LOG_FILE} fi } registry_list_images() { - FILES=${@:-${WORKSPACE}/example/*.yaml} + FILES=$(find $(config_configuration) -type f -name '*.yaml') HOSTNAME_REGEX='[a-zA-Z0-9][a-zA-Z0-9_-]{0,62}' DOMAIN_NAME_REGEX="${HOSTNAME_REGEX}(\.${HOSTNAME_REGEX})*" @@ -31,9 +31,9 @@ registry_populate() { for image in $(registry_list_images); do if ! docker pull localhost:5000/${image} &> /dev/null; then log Loading image ${image} into local registry - docker pull ${image} >& ${LOG_FILE} - docker tag ${image} localhost:5000/${image} >& ${LOG_FILE} - docker push localhost:5000/${image} >& ${LOG_FILE} + docker pull ${image} &>> ${LOG_FILE} + docker tag ${image} localhost:5000/${image} &>> ${LOG_FILE} + docker push localhost:5000/${image} &>> ${LOG_FILE} fi done } @@ -51,7 +51,7 @@ registry_up() { RUNNING_REGISTRY_ID=$(docker ps -q -f name=registry) if [ "x${RUNNING_REGISTRY_ID}" = "x" -a "x${REGISTRY_ID}" != "x" ]; then log Removing stopped docker registry - docker rm -fv ${REGISTRY_ID} &> ${LOG_FILE} + docker rm -fv ${REGISTRY_ID} &>> ${LOG_FILE} fi if [ "x${REGISTRY_ID}" = "x" ]; then @@ -62,6 +62,6 @@ registry_up() { --restart=always \ --name registry \ -v $REGISTRY_DATA_DIR:/var/lib/registry \ - registry:2 &> ${LOG_FILE} + registry:2 &>> ${LOG_FILE} fi } diff --git a/tools/g2/lib/ssh.sh b/tools/g2/lib/ssh.sh index ec7e20a8..249997ac 100644 --- a/tools/g2/lib/ssh.sh +++ b/tools/g2/lib/ssh.sh @@ -25,7 +25,7 @@ ssh_keypair_declare() { log Validating SSH keypair exists if [ ! -s ${SSH_CONFIG_DIR}/id_rsa ]; then log Generating SSH keypair - ssh-keygen -N '' -f ${SSH_CONFIG_DIR}/id_rsa > ${LOG_FILE} + ssh-keygen -N '' -f ${SSH_CONFIG_DIR}/id_rsa &>> ${LOG_FILE} fi } diff --git a/tools/g2/lib/virsh.sh b/tools/g2/lib/virsh.sh index af7f0207..416e436c 100644 --- a/tools/g2/lib/virsh.sh +++ b/tools/g2/lib/virsh.sh @@ -11,12 +11,12 @@ img_base_declare() { --name promenade-base.img \ --format qcow2 \ --capacity ${BASE_IMAGE_SIZE} \ - --prealloc-metadata &> ${LOG_FILE} + --prealloc-metadata &>> ${LOG_FILE} virsh vol-upload \ --vol promenade-base.img \ --file base.img \ - --pool ${VIRSH_POOL} &> ${LOG_FILE} + --pool ${VIRSH_POOL} &>> ${LOG_FILE} fi } @@ -27,7 +27,7 @@ iso_gen() { log Removing existing cloud-init ISO for ${NAME} virsh vol-delete \ --pool ${VIRSH_POOL} \ - --vol cloud-init-${NAME}.iso &> ${LOG_FILE} + --vol cloud-init-${NAME}.iso &>> ${LOG_FILE} fi log Creating cloud-init ISO for ${NAME} @@ -35,7 +35,7 @@ iso_gen() { mkdir -p ${ISO_DIR} cd ${ISO_DIR} - export BR_IP_NODE=$(vm_ip ${NAME}) + export BR_IP_NODE=$(config_vm_ip ${NAME}) export NAME export SSH_PUBLIC_KEY=$(ssh_load_pubkey) envsubst < ${TEMPLATE_DIR}/user-data.sub > user-data @@ -50,18 +50,18 @@ iso_gen() { -o cidata.iso \ meta-data \ network-config \ - user-data &> ${LOG_FILE} + user-data &>> ${LOG_FILE} virsh vol-create-as \ --pool ${VIRSH_POOL} \ --name cloud-init-${NAME}.iso \ --capacity $(stat -c %s ${ISO_DIR}/cidata.iso) \ - --format raw &> ${LOG_FILE} + --format raw &>> ${LOG_FILE} virsh vol-upload \ --pool ${VIRSH_POOL} \ --vol cloud-init-${NAME}.iso \ - --file ${ISO_DIR}/cidata.iso &> ${LOG_FILE} + --file ${ISO_DIR}/cidata.iso &>> ${LOG_FILE} } iso_path() { @@ -77,7 +77,7 @@ net_clean() { net_declare() { if ! virsh net-list --name | grep ^promenade$ > /dev/null; then log Creating promenade network - virsh net-create ${XML_DIR}/network.xml &> ${LOG_FILE} + virsh net-create ${XML_DIR}/network.xml &>> ${LOG_FILE} fi } @@ -85,25 +85,25 @@ pool_declare() { log Validating virsh pool setup if ! virsh pool-uuid ${VIRSH_POOL} &> /dev/null; then log Creating pool ${VIRSH_POOL} - virsh pool-create-as --name ${VIRSH_POOL} --type dir --target ${VIRSH_POOL_PATH} &> ${LOG_FILE} + virsh pool-create-as --name ${VIRSH_POOL} --type dir --target ${VIRSH_POOL_PATH} &>> ${LOG_FILE} fi } vm_clean() { NAME=${1} if virsh list --name | grep ${NAME} &> /dev/null; then - virsh destroy ${NAME} &> ${LOG_FILE} + virsh destroy ${NAME} &>> ${LOG_FILE} fi if virsh list --name --all | grep ${NAME} &> /dev/null; then log Removing VM ${NAME} - virsh undefine --remove-all-storage --domain ${NAME} &> ${LOG_FILE} + virsh undefine --remove-all-storage --domain ${NAME} &>> ${LOG_FILE} fi } vm_clean_all() { log Removing all VMs in parallel - for NAME in ${VM_NAMES[@]}; do + for NAME in ${ALL_VM_NAMES[@]}; do vm_clean ${NAME} & done wait @@ -122,13 +122,13 @@ vm_create() { --graphics vnc,listen=0.0.0.0 \ --noautoconsole \ --network network=promenade \ - --vcpus 2 \ - --memory 2048 \ + --vcpus $(config_vm_vcpus) \ + --memory $(config_vm_memory) \ --import \ --disk vol=${VIRSH_POOL}/promenade-${NAME}.img,format=qcow2,bus=virtio \ --disk pool=${VIRSH_POOL},size=20,format=qcow2,bus=virtio \ --disk pool=${VIRSH_POOL},size=20,format=qcow2,bus=virtio \ - --disk vol=${VIRSH_POOL}/cloud-init-${NAME}.iso,device=cdrom &> ${LOG_FILE} + --disk vol=${VIRSH_POOL}/cloud-init-${NAME}.iso,device=cdrom &>> ${LOG_FILE} ssh_wait ${NAME} ssh_cmd ${NAME} sync @@ -136,12 +136,12 @@ vm_create() { vm_create_all() { log Starting all VMs in parallel - for NAME in ${VM_NAMES[@]}; do + for NAME in $(config_vm_names); do vm_create ${NAME} & done wait - for NAME in ${VM_NAMES[@]}; do + for NAME in $(config_vm_names); do vm_validate ${NAME} done } @@ -149,23 +149,23 @@ vm_create_all() { vm_start() { NAME=${1} log Starting VM ${NAME} - virsh start ${NAME} &> ${LOG_FILE} + virsh start ${NAME} &>> ${LOG_FILE} ssh_wait ${NAME} } vm_stop() { NAME=${1} log Stopping VM ${NAME} - virsh destroy ${NAME} &> ${LOG_FILE} + virsh destroy ${NAME} &>> ${LOG_FILE} } vm_restart_all() { - for NAME in ${VM_NAMES[@]}; do + for NAME in $(config_vm_names); do vm_stop ${NAME} & done wait - for NAME in ${VM_NAMES[@]}; do + for NAME in $(config_vm_names); do vm_start ${NAME} & done wait @@ -174,7 +174,7 @@ vm_restart_all() { vm_validate() { NAME=${1} if ! virsh list --name | grep ${NAME} &> /dev/null; then - log VM ${NAME} did not start correctly. Use PROMENADE_DEBUG=1 for more details. + log VM ${NAME} did not start correctly. exit 1 fi } @@ -185,7 +185,7 @@ vol_create_root() { if virsh vol-list --pool ${VIRSH_POOL} | grep promenade-${NAME}.img &> /dev/null; then log Deleting previous volume promenade-${NAME}.img - virsh vol-delete --pool ${VIRSH_POOL} promenade-${NAME}.img &> ${LOG_FILE} + virsh vol-delete --pool ${VIRSH_POOL} promenade-${NAME}.img &>> ${LOG_FILE} fi log Creating root volume for ${NAME} @@ -195,5 +195,5 @@ vol_create_root() { --capacity 64G \ --format qcow2 \ --backing-vol promenade-base.img \ - --backing-vol-format qcow2 &> ${LOG_FILE} + --backing-vol-format qcow2 &>> ${LOG_FILE} } diff --git a/tools/g2/manifests/genesis.json b/tools/g2/manifests/genesis.json index d74b8ece..a9eeb957 100644 --- a/tools/g2/manifests/genesis.json +++ b/tools/g2/manifests/genesis.json @@ -1,4 +1,7 @@ { + "configuration": [ + "examples/complete" + ], "stages": [ { "name": "Gate Setup", @@ -24,6 +27,12 @@ "name": "Genesis", "script": "genesis.sh" } - ] + ], + "vm": { + "memory": 8096, + "names": [ + "n0" + ], + "vcpus": 4 + } } - diff --git a/tools/g2/manifests/full.json b/tools/g2/manifests/resiliency.json similarity index 76% rename from tools/g2/manifests/full.json rename to tools/g2/manifests/resiliency.json index fdb8a316..2e8dbd7f 100644 --- a/tools/g2/manifests/full.json +++ b/tools/g2/manifests/resiliency.json @@ -1,4 +1,7 @@ { + "configuration": [ + "examples/basic" + ], "stages": [ { "name": "Gate Setup", @@ -35,7 +38,10 @@ }, { "name": "Reprovision Genesis", - "script": "reprovision-genesis.sh" + "script": "reprovision-genesis.sh", + "arguments": [ + "n1 n2 n3" + ] }, { "name": "Hard Reboot Cluster", @@ -45,5 +51,15 @@ "name": "Move Master", "script": "move-master.sh" } - ] + ], + "vm": { + "memory": 2048, + "names": [ + "n0", + "n1", + "n2", + "n3" + ], + "vcpus": 2 + } } diff --git a/tools/g2/manifests/prepare.json b/tools/g2/manifests/smoke.json similarity index 84% rename from tools/g2/manifests/prepare.json rename to tools/g2/manifests/smoke.json index 16d2e3fb..db5c4b8c 100644 --- a/tools/g2/manifests/prepare.json +++ b/tools/g2/manifests/smoke.json @@ -1,4 +1,7 @@ { + "configuration": [ + "examples/complete" + ], "stages": [ { "name": "Build Image", diff --git a/tools/g2/manifests/quick.json b/tools/g2/manifests/two.json similarity index 80% rename from tools/g2/manifests/quick.json rename to tools/g2/manifests/two.json index f2d76a8d..dab64796 100644 --- a/tools/g2/manifests/quick.json +++ b/tools/g2/manifests/two.json @@ -1,4 +1,7 @@ { + "configuration": [ + "examples/basic" + ], "stages": [ { "name": "Gate Setup", @@ -28,17 +31,20 @@ "name": "Join Masters", "script": "join-masters.sh", "arguments": [ - "n1", - "n2" + "n1" ] }, - { - "name": "Reprovision Genesis", - "script": "reprovision-genesis.sh" - }, { "name": "Hard Reboot Cluster", "script": "hard-reboot-cluster.sh" } - ] + ], + "vm": { + "memory": 2048, + "names": [ + "n0", + "n1" + ], + "vcpus": 2 + } } diff --git a/tools/g2/manifests/ucp.json b/tools/g2/manifests/ucp.json new file mode 100644 index 00000000..b6dcb793 --- /dev/null +++ b/tools/g2/manifests/ucp.json @@ -0,0 +1,57 @@ +{ + "configuration": [ + "examples/complete" + ], + "stages": [ + { + "name": "Gate Setup", + "script": "gate-setup.sh" + }, + { + "name": "Build Image", + "script": "build-image.sh" + }, + { + "name": "Generate Certificates", + "script": "generate-certificates.sh" + }, + { + "name": "Build Scripts", + "script": "build-scripts.sh" + }, + { + "name": "Create VMs", + "script": "create-vms.sh" + }, + { + "name": "Genesis", + "script": "genesis.sh" + }, + { + "name": "Join Masters", + "script": "join-masters.sh", + "arguments": [ + "n1" + ] + }, + { + "name": "Reprovision Genesis", + "script": "reprovision-genesis.sh", + "arguments": [ + "n1" + ] + }, + { + "name": "Hard Reboot Cluster", + "script": "hard-reboot-cluster.sh" + } + ], + "vm": { + "memory": 8096, + "names": [ + "n0", + "n1" + ], + "vcpus": 4 + } +} diff --git a/tools/g2/stages/build-image.sh b/tools/g2/stages/build-image.sh index fe3c5cb1..478bd625 100755 --- a/tools/g2/stages/build-image.sh +++ b/tools/g2/stages/build-image.sh @@ -5,4 +5,8 @@ set -e source ${GATE_UTILS} log Building docker image ${IMAGE_PROMENADE} -sudo docker build -q -t ${IMAGE_PROMENADE} ${WORKSPACE} +docker build -q -t ${IMAGE_PROMENADE} ${WORKSPACE} + +log Loading Promenade image ${IMAGE_PROMENADE} into local registry +docker tag ${IMAGE_PROMENADE} localhost:5000/${IMAGE_PROMENADE} &>> ${LOG_FILE} +docker push localhost:5000/${IMAGE_PROMENADE} &>> ${LOG_FILE} diff --git a/tools/g2/stages/build-scripts.sh b/tools/g2/stages/build-scripts.sh index 0a16e5b6..fdc33419 100755 --- a/tools/g2/stages/build-scripts.sh +++ b/tools/g2/stages/build-scripts.sh @@ -8,7 +8,7 @@ cd ${TEMP_DIR} mkdir scripts log Building scripts -sudo docker run --rm -t \ +docker run --rm -t \ -w /target \ -v ${TEMP_DIR}:/target \ -e PROMENADE_DEBUG=${PROMENADE_DEBUG} \ diff --git a/tools/g2/stages/generate-certificates.sh b/tools/g2/stages/generate-certificates.sh index 68571d00..2419b149 100755 --- a/tools/g2/stages/generate-certificates.sh +++ b/tools/g2/stages/generate-certificates.sh @@ -7,13 +7,15 @@ source ${GATE_UTILS} OUTPUT_DIR=${TEMP_DIR}/config mkdir -p ${OUTPUT_DIR} -log Copying example configuration -cp ${WORKSPACE}/example/*.yaml ${OUTPUT_DIR} +for source_dir in $(config_configuration); do + log Copying configuration from ${source_dir} + cp ${WORKSPACE}/${source_dir}/*.yaml ${OUTPUT_DIR} +done registry_replace_references ${OUTPUT_DIR}/*.yaml log Generating certificates -sudo docker run --rm -t \ +docker run --rm -t \ -w /target \ -v ${OUTPUT_DIR}:/target \ -e PROMENADE_DEBUG=${PROMENADE_DEBUG} \ diff --git a/tools/g2/stages/join-masters.sh b/tools/g2/stages/join-masters.sh index f77204a5..037dbce7 100755 --- a/tools/g2/stages/join-masters.sh +++ b/tools/g2/stages/join-masters.sh @@ -20,5 +20,5 @@ done validate_cluster n0 -validate_etcd_membership kubernetes n0 genesis n1 n2 n3 -validate_etcd_membership calico n0 n0 n1 n2 n3 +validate_etcd_membership kubernetes n0 genesis ${@} +validate_etcd_membership calico n0 n0 ${@} diff --git a/tools/g2/stages/reprovision-genesis.sh b/tools/g2/stages/reprovision-genesis.sh index e27837ac..e362f836 100755 --- a/tools/g2/stages/reprovision-genesis.sh +++ b/tools/g2/stages/reprovision-genesis.sh @@ -4,6 +4,8 @@ set -e source ${GATE_UTILS} +EXPECTED_MEMBERS=${@} + promenade_teardown_node ${GENESIS_NAME} n1 vm_clean ${GENESIS_NAME} @@ -16,5 +18,5 @@ ssh_cmd ${GENESIS_NAME} /root/promenade/validate-${GENESIS_NAME}.sh validate_cluster n1 -validate_etcd_membership kubernetes n1 n1 n2 n3 -validate_etcd_membership calico n1 n1 n2 n3 +validate_etcd_membership kubernetes n1 ${EXPECTED_MEMBERS} +validate_etcd_membership calico n1 ${EXPECTED_MEMBERS} diff --git a/tools/gate.sh b/tools/gate.sh index afb46c62..c482fa4c 100755 --- a/tools/gate.sh +++ b/tools/gate.sh @@ -10,10 +10,10 @@ chmod -R 755 ${TEMP_DIR} export GATE_COLOR=${GATE_COLOR:-1} -source ${GATE_UTILS} +MANIFEST_ARG=${1:-resiliency} +export GATE_MANIFEST=${WORKSPACE}/tools/g2/manifests/${MANIFEST_ARG}.json -MANIFEST_ARG=${1:-full} -MANIFEST=${WORKSPACE}/tools/g2/manifests/${MANIFEST_ARG}.json +source ${GATE_UTILS} STAGES_DIR=${WORKSPACE}/tools/g2/stages @@ -21,7 +21,7 @@ log_temp_dir ${TEMP_DIR} echo STAGES=$(mktemp) -jq -cr '.stages | .[]' ${MANIFEST} > ${STAGES} +jq -cr '.stages | .[]' ${GATE_MANIFEST} > ${STAGES} # NOTE(mark-burnett): It is necessary to use a non-stdin file descriptor for # the read below, since we will be calling SSH, which will consume the @@ -34,7 +34,7 @@ while read -u 3 stage; do if echo ${stage} | jq -e .arguments > /dev/null; then ARGUMENTS=($(echo ${stage} | jq -r '.arguments[]')) else - ARGUMENTS=() + ARGUMENTS= fi log_stage_header "${NAME}" @@ -42,7 +42,7 @@ while read -u 3 stage; do log_stage_success else log_color_reset - log_stage_error "${NAME}" ${TEMP_DIR} + log_stage_error "${NAME}" ${LOG_FILE} if echo ${stage} | jq -e .on_error > /dev/null; then log_stage_diagnostic_header ON_ERROR=${WORKSPACE}/$(echo ${stage} | jq -r .on_error) diff --git a/tools/registry/revert_example.sh b/tools/registry/revert_example.sh index fc94cb26..5536d6aa 100755 --- a/tools/registry/revert_example.sh +++ b/tools/registry/revert_example.sh @@ -6,5 +6,5 @@ IMAGES_FILE=$(dirname $0)/IMAGES IFS=, grep -v '^#.*' $IMAGES_FILE | while read src tag dst; do - sed -i "s;registry:5000/$dst:$tag;$src:$tag;g" example/*.yaml + sed -i "s;registry:5000/$dst:$tag;$src:$tag;g" examples/basic/*.yaml done diff --git a/tools/registry/update_example.sh b/tools/registry/update_example.sh index 21621dd1..69019cb2 100755 --- a/tools/registry/update_example.sh +++ b/tools/registry/update_example.sh @@ -6,5 +6,5 @@ IMAGES_FILE=$(dirname $0)/IMAGES IFS=, grep -v '^#.*' $IMAGES_FILE | while read src tag dst; do - sed -i "s;$src:$tag;registry:5000/$dst:$tag;g" example/*.yaml + sed -i "s;$src:$tag;registry:5000/$dst:$tag;g" examples/basic/*.yaml done diff --git a/tools/vagrant/build-vagrant-box.sh b/tools/vagrant/build-vagrant-box.sh deleted file mode 100755 index 85f4f69b..00000000 --- a/tools/vagrant/build-vagrant-box.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/usr/bin/env bash - -set -ex - -WORKDIR=$(mktemp -d) - -function cleanup { - rm -rf "${WORKDIR}" -} - -trap cleanup EXIT - -sudo apt-get update -sudo apt-get install -y --no-install-recommends \ - curl \ - unzip - -git clone https://github.com/jakobadam/packer-qemu-templates.git ${WORKDIR} - -cd ${WORKDIR}/ubuntu - - -sed -i -e 's#http://releases.ubuntu.com/16.04/ubuntu-16.04-server-amd64.iso#http://old-releases.ubuntu.com/releases/xenial/ubuntu-16.04.2-server-amd64.iso#g' ubuntu.json -sed -i -e 's/de5ee8665048f009577763efbf4a6f0558833e59/f529548fa7468f2d8413b8427d8e383b830df5f6/g' ubuntu.json -sed -i -e 's#http://releases.ubuntu.com/16.04/ubuntu-16.04.1-server-amd64.iso#http://old-releases.ubuntu.com/releases/xenial/ubuntu-16.04.2-server-amd64.iso#g' ubuntu-vagrant.json -sed -i -e 's/de5ee8665048f009577763efbf4a6f0558833e59/f529548fa7468f2d8413b8427d8e383b830df5f6/g' ubuntu-vagrant.json -sed -i -e 's#http://releases.ubuntu.com/16.04/ubuntu-16.04.3-server-amd64.iso#http://old-releases.ubuntu.com/releases/xenial/ubuntu-16.04.2-server-amd64.iso#g' ubuntu1604.json -sed -i -e 's/a06cd926f5855d4f21fb4bc9978a35312f815fbda0d0ef7fdc846861f4fc4600/737ae7041212c628de5751d15c3016058b0e833fdc32e7420209b76ca3d0a535/g' ubuntu1604.json -sed -i -e 's#http://releases.ubuntu.com/16.04/ubuntu-16.04-server-amd64.iso#http://old-releases.ubuntu.com/releases/xenial/ubuntu-16.04.1-server-amd64.iso#g' ubuntu.json - -PACKER_LOG="yes" packer build -var-file=ubuntu1604.json ubuntu-vagrant.json - -vagrant box add promenade/ubuntu1604 box/libvirt/ubuntu1604-1.box diff --git a/tools/vagrant/full-vagrant-setup.sh b/tools/vagrant/full-vagrant-setup.sh deleted file mode 100755 index 30f067d3..00000000 --- a/tools/vagrant/full-vagrant-setup.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/env bash - -set -ex - -SCRIPT_DIR=$(dirname $0) - -$SCRIPT_DIR/install-vagrant-nfs-deps.sh -$SCRIPT_DIR/install-vagrant-libvirt.sh -$SCRIPT_DIR/install-packer.sh -$SCRIPT_DIR/build-vagrant-box.sh diff --git a/tools/vagrant/install-packer.sh b/tools/vagrant/install-packer.sh deleted file mode 100755 index 77fd79c3..00000000 --- a/tools/vagrant/install-packer.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash - -set -ex - -PACKER_VERSION=${PACKER_VERSION:-1.0.3} - -WORKDIR=$(mktemp -d) - -function cleanup { - rm -rf "${WORKDIR}" -} - -trap cleanup EXIT - -cd ${WORKDIR} - -curl -Lo packer.zip https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_linux_amd64.zip - -unzip packer.zip - -sudo mv packer /usr/local/bin/ diff --git a/tools/vagrant/install-vagrant-libvirt.sh b/tools/vagrant/install-vagrant-libvirt.sh deleted file mode 100755 index 7b387f9b..00000000 --- a/tools/vagrant/install-vagrant-libvirt.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/env bash - -set -ex - -sudo apt-get update - -sudo apt-get build-dep -y \ - ruby-libvirt - -sudo apt-get install -y --no-install-recommends \ - build-essential \ - dnsmasq \ - ebtables \ - libvirt-bin \ - libvirt-dev \ - libxml2-dev \ - libxslt-dev \ - qemu \ - ruby-dev \ - zlib1g-dev - -vagrant plugin install vagrant-libvirt diff --git a/tools/vagrant/install-vagrant-nfs-deps.sh b/tools/vagrant/install-vagrant-nfs-deps.sh deleted file mode 100755 index 1f1de850..00000000 --- a/tools/vagrant/install-vagrant-nfs-deps.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/env bash - -set -ex - -sudo apt-get update -sudo apt-get install -y --no-install-recommends \ - nfs-common \ - nfs-kernel-server \ - portmap