Init BM MCC+MOSK commit
Just put templates to the repo
MOSSUST-114
Change-Id: I2239dd7067d823d3ab15d1d46dc57fc2c7b9444b
diff --git a/bm_mcc_mosk/child/cluster/baremetalhostprofiles.yaml b/bm_mcc_mosk/child/cluster/baremetalhostprofiles.yaml
new file mode 100644
index 0000000..5a8df06
--- /dev/null
+++ b/bm_mcc_mosk/child/cluster/baremetalhostprofiles.yaml
@@ -0,0 +1,360 @@
+---
+apiVersion: metal3.io/v1alpha1
+metadata:
+ namespace: mosk
+ name: ucp-ctl
+ labels:
+ cluster.sigs.k8s.io/cluster-name: mosk
+ kaas.mirantis.com/provider: "baremetal"
+ kaas.mirantis.com/defaultBMHProfile: 'true'
+kind: BareMetalHostProfile
+spec:
+ devices:
+ - device:
+ workBy: "by_id,by_path,by_wwn,by_name"
+ minSize: 60Gi
+ wipeDevice:
+ eraseMetadata:
+ enabled: true
+ partitions:
+ - name: bios_grub
+ size: 4Mi
+ partflags: ['bios_grub']
+ - name: uefi
+ partflags: ['esp']
+ size: 200Mi
+ - name: config-2
+ size: 64Mi
+ - name: root
+ size: 0
+ fileSystems:
+ - fileSystem: vfat
+ partition: config-2
+ - fileSystem: vfat
+ partition: uefi
+ mountPoint: /boot/efi
+ - fileSystem: ext4
+ partition: root
+ mountPoint: /
+ mountOpts: 'rw,noatime,nodiratime,lazytime,nobarrier,commit=240,data=ordered'
+
+ preDeployScript: |
+ #!/bin/bash -ex
+ echo $(date) 'pre_deploy_script done' >> /root/pre_deploy_done
+ postDeployScript: |
+ #!/bin/bash -ex
+ # used for test-debug only!
+ echo -e "root:r00tme" | sudo chpasswd
+ echo 'ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="deadline"' > /etc/udev/rules.d/60-ssd-scheduler.rules
+ echo $(date) 'post_deploy_script done' >> /root/post_deploy_done
+ grubConfig:
+ defaultGrubOptions:
+ - 'GRUB_DISABLE_RECOVERY="true"'
+ - 'GRUB_PRELOAD_MODULES=lvm'
+ - 'GRUB_TIMEOUT=20'
+ - 'GRUB_CMDLINE_LINUX="noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off tsx=on tsx_async_abort=off mitigations=off systemd.journald.forward_to_console=yes console=ttyS0,9600 console=tty0"'
+ kernelParameters:
+ sysctl:
+ kernel.dmesg_restrict: "1"
+ kernel.core_uses_pid: "1"
+ fs.file-max: "9223372036854775807"
+ fs.aio-max-nr: "1048576"
+ fs.inotify.max_user_instances: "4096"
+ vm.max_map_count: "262144"
+ net.ipv4.conf.all.rp_filter: "2"
+ net.ipv4.conf.k8s-lcm.rp_filter: "2"
+ net.ipv4.conf.bond0.rp_filter: "2"
+ fs.inotify.max_user_watches: "81920"
+ modules:
+ - filename: kvm_intel.conf
+ content: |
+ options kvm_intel nested=1
+---
+apiVersion: metal3.io/v1alpha1
+metadata:
+ namespace: mosk
+ name: bm-storage
+ labels:
+ cluster.sigs.k8s.io/cluster-name: mosk
+ kaas.mirantis.com/provider: "baremetal"
+kind: BareMetalHostProfile
+spec:
+ devices:
+ - device:
+ workBy: "by_id,by_path,by_wwn,by_name"
+ byName: /dev/sda
+ minSize: 60Gi
+ wipeDevice:
+ eraseMetadata:
+ enabled: true
+ partitions:
+ - name: bios_grub
+ size: 4Mi
+ partflags: ['bios_grub']
+ - name: uefi
+ partflags: ['esp']
+ size: 200Mi
+ - name: config-2
+ size: 64Mi
+ - name: root
+ size: 0
+ - device:
+ workBy: "by_id,by_path,by_wwn,by_name"
+ byName: /dev/sdb
+ wipe: true
+ fileSystems:
+ - fileSystem: vfat
+ partition: config-2
+ - fileSystem: vfat
+ partition: uefi
+ mountPoint: /boot/efi
+ - fileSystem: ext4
+ partition: root
+ mountPoint: /
+ mountOpts: 'rw,noatime,nodiratime,lazytime,nobarrier,commit=240,data=ordered'
+
+ preDeployScript: |
+ #!/bin/bash -ex
+ echo $(date) 'pre_deploy_script done' >> /root/pre_deploy_done
+ postDeployScript: |
+ #!/bin/bash -ex
+ # used for test-debug only!
+ echo -e "root:r00tme" | sudo chpasswd
+ echo 'ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="deadline"' > /etc/udev/rules.d/60-ssd-scheduler.rules
+ echo $(date) 'post_deploy_script done' >> /root/post_deploy_done
+ grubConfig:
+ defaultGrubOptions:
+ - 'GRUB_DISABLE_RECOVERY="true"'
+ - 'GRUB_PRELOAD_MODULES=lvm'
+ - 'GRUB_TIMEOUT=20'
+ - 'GRUB_CMDLINE_LINUX="noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off tsx=on tsx_async_abort=off mitigations=off systemd.journald.forward_to_console=yes console=ttyS0,9600 console=tty0"'
+ kernelParameters:
+ sysctl:
+ kernel.dmesg_restrict: "1"
+ kernel.core_uses_pid: "1"
+ fs.file-max: "9223372036854775807"
+ fs.aio-max-nr: "1048576"
+ fs.inotify.max_user_instances: "4096"
+ vm.max_map_count: "262144"
+ net.ipv4.conf.all.rp_filter: "2"
+ net.ipv4.conf.k8s-lcm.rp_filter: "2"
+ net.ipv4.conf.bond0.rp_filter: "2"
+ fs.inotify.max_user_watches: "81920"
+ modules:
+ - filename: kvm_intel.conf
+ content: |
+ options kvm_intel nested=1
+---
+apiVersion: metal3.io/v1alpha1
+metadata:
+ namespace: mosk
+ name: bm-sl
+ labels:
+ cluster.sigs.k8s.io/cluster-name: mosk
+ kaas.mirantis.com/provider: "baremetal"
+kind: BareMetalHostProfile
+spec:
+ devices:
+ - device:
+ workBy: "by_id,by_path,by_wwn,by_name"
+ byName: /dev/sda
+ minSize: 60Gi
+ wipeDevice:
+ eraseMetadata:
+ enabled: true
+ partitions:
+ - name: bios_grub
+ size: 4Mi
+ partflags: ['bios_grub']
+ - name: uefi
+ partflags: ['esp']
+ size: 200Mi
+ - name: config-2
+ size: 64Mi
+ - name: root
+ size: 0
+ - device:
+ workBy: "by_id,by_path,by_wwn,by_name"
+ byName: /dev/sdb
+ wipe: true
+ fileSystems:
+ - fileSystem: vfat
+ partition: config-2
+ - fileSystem: vfat
+ partition: uefi
+ mountPoint: /boot/efi
+ - fileSystem: ext4
+ partition: root
+ mountPoint: /
+ mountOpts: 'rw,noatime,nodiratime,lazytime,nobarrier,commit=240,data=ordered'
+
+ preDeployScript: |
+ #!/bin/bash -ex
+ echo $(date) 'pre_deploy_script done' >> /root/pre_deploy_done
+ postDeployScript: |
+ #!/bin/bash -ex
+ # used for test-debug only!
+ echo -e "root:r00tme" | sudo chpasswd
+ echo 'ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="deadline"' > /etc/udev/rules.d/60-ssd-scheduler.rules
+ echo $(date) 'post_deploy_script done' >> /root/post_deploy_done
+ grubConfig:
+ defaultGrubOptions:
+ - 'GRUB_DISABLE_RECOVERY="true"'
+ - 'GRUB_PRELOAD_MODULES=lvm'
+ - 'GRUB_TIMEOUT=20'
+ - 'GRUB_CMDLINE_LINUX="noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off tsx=on tsx_async_abort=off mitigations=off systemd.journald.forward_to_console=yes console=ttyS0,9600 console=tty0"'
+ kernelParameters:
+ sysctl:
+ kernel.dmesg_restrict: "1"
+ kernel.core_uses_pid: "1"
+ fs.file-max: "9223372036854775807"
+ fs.aio-max-nr: "1048576"
+ fs.inotify.max_user_instances: "4096"
+ vm.max_map_count: "262144"
+ net.ipv4.conf.all.rp_filter: "2"
+ net.ipv4.conf.k8s-lcm.rp_filter: "2"
+ net.ipv4.conf.bond0.rp_filter: "2"
+ fs.inotify.max_user_watches: "81920"
+---
+apiVersion: metal3.io/v1alpha1
+metadata:
+ namespace: mosk
+ name: bm-os-ctl
+ labels:
+ cluster.sigs.k8s.io/cluster-name: mosk
+ kaas.mirantis.com/provider: "baremetal"
+kind: BareMetalHostProfile
+spec:
+ devices:
+ - device:
+ workBy: "by_id,by_path,by_wwn,by_name"
+ byName: /dev/sda
+ minSize: 60Gi
+ wipeDevice:
+ eraseMetadata:
+ enabled: true
+ partitions:
+ - name: bios_grub
+ size: 4Mi
+ partflags: ['bios_grub']
+ - name: uefi
+ partflags: ['esp']
+ size: 200Mi
+ - name: config-2
+ size: 64Mi
+ - name: root
+ size: 0
+ - device:
+ workBy: "by_id,by_path,by_wwn,by_name"
+ byName: /dev/sdb
+ wipe: true
+ fileSystems:
+ - fileSystem: vfat
+ partition: config-2
+ - fileSystem: vfat
+ partition: uefi
+ mountPoint: /boot/efi
+ - fileSystem: ext4
+ partition: root
+ mountPoint: /
+ mountOpts: 'rw,noatime,nodiratime,lazytime,nobarrier,commit=240,data=ordered'
+
+ preDeployScript: |
+ #!/bin/bash -ex
+ echo $(date) 'pre_deploy_script done' >> /root/pre_deploy_done
+ postDeployScript: |
+ #!/bin/bash -ex
+ # used for test-debug only!
+ echo -e "root:r00tme" | sudo chpasswd
+ echo 'ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="deadline"' > /etc/udev/rules.d/60-ssd-scheduler.rules
+ echo $(date) 'post_deploy_script done' >> /root/post_deploy_done
+ grubConfig:
+ defaultGrubOptions:
+ - 'GRUB_DISABLE_RECOVERY="true"'
+ - 'GRUB_PRELOAD_MODULES=lvm'
+ - 'GRUB_TIMEOUT=20'
+ - 'GRUB_CMDLINE_LINUX="noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off tsx=on tsx_async_abort=off mitigations=off systemd.journald.forward_to_console=yes console=ttyS0,9600 console=tty0"'
+ kernelParameters:
+ sysctl:
+ kernel.dmesg_restrict: "1"
+ kernel.core_uses_pid: "1"
+ fs.file-max: "9223372036854775807"
+ fs.aio-max-nr: "1048576"
+ fs.inotify.max_user_instances: "4096"
+ vm.max_map_count: "262144"
+ net.ipv4.conf.all.rp_filter: "2"
+ net.ipv4.conf.k8s-lcm.rp_filter: "2"
+ net.ipv4.conf.bond0.rp_filter: "2"
+ fs.inotify.max_user_watches: "81920"
+---
+apiVersion: metal3.io/v1alpha1
+metadata:
+ namespace: mosk
+ name: bm-os-cmp
+ labels:
+ cluster.sigs.k8s.io/cluster-name: mosk
+ kaas.mirantis.com/provider: "baremetal"
+kind: BareMetalHostProfile
+spec:
+ devices:
+ - device:
+ workBy: "by_id,by_path,by_wwn,by_name"
+ byName: /dev/sda
+ minSize: 60Gi
+ wipeDevice:
+ eraseMetadata:
+ enabled: true
+ partitions:
+ - name: bios_grub
+ size: 4Mi
+ partflags: ['bios_grub']
+ - name: uefi
+ partflags: ['esp']
+ size: 200Mi
+ - name: config-2
+ size: 64Mi
+ - name: root
+ size: 0
+ - device:
+ workBy: "by_id,by_path,by_wwn,by_name"
+ byName: /dev/sdb
+ wipe: true
+ fileSystems:
+ - fileSystem: vfat
+ partition: config-2
+ - fileSystem: vfat
+ partition: uefi
+ mountPoint: /boot/efi
+ - fileSystem: ext4
+ partition: root
+ mountPoint: /
+ mountOpts: 'rw,noatime,nodiratime,lazytime,nobarrier,commit=240,data=ordered'
+
+ preDeployScript: |
+ #!/bin/bash -ex
+ echo $(date) 'pre_deploy_script done' >> /root/pre_deploy_done
+ postDeployScript: |
+ #!/bin/bash -ex
+ # used for test-debug only!
+ echo -e "root:r00tme" | sudo chpasswd
+ echo 'ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="deadline"' > /etc/udev/rules.d/60-ssd-scheduler.rules
+ echo $(date) 'post_deploy_script done' >> /root/post_deploy_done
+ grubConfig:
+ defaultGrubOptions:
+ - 'GRUB_DISABLE_RECOVERY="true"'
+ - 'GRUB_PRELOAD_MODULES=lvm'
+ - 'GRUB_TIMEOUT=20'
+ - 'GRUB_CMDLINE_LINUX="noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off tsx=on tsx_async_abort=off mitigations=off systemd.journald.forward_to_console=yes console=ttyS0,9600 console=tty0"'
+ kernelParameters:
+ sysctl:
+ kernel.dmesg_restrict: "1"
+ kernel.core_uses_pid: "1"
+ fs.file-max: "9223372036854775807"
+ fs.aio-max-nr: "1048576"
+ fs.inotify.max_user_instances: "4096"
+ vm.max_map_count: "262144"
+ net.ipv4.conf.all.rp_filter: "2"
+ net.ipv4.conf.k8s-lcm.rp_filter: "2"
+ net.ipv4.conf.bond0.rp_filter: "2"
+ fs.inotify.max_user_watches: "81920"
+---
diff --git a/bm_mcc_mosk/child/cluster/baremetalhosts.yaml b/bm_mcc_mosk/child/cluster/baremetalhosts.yaml
new file mode 100644
index 0000000..61ee873
--- /dev/null
+++ b/bm_mcc_mosk/child/cluster/baremetalhosts.yaml
@@ -0,0 +1,372 @@
+---
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: BareMetalHostCredential
+metadata:
+ name: cz7625-bmc-credentials
+ namespace: mosk
+ labels:
+ kaas.mirantis.com/provider: baremetal
+spec:
+ username: engineer
+ password:
+ value: KBwdcRqwed3w2
+---
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: BareMetalHostCredential
+metadata:
+ name: cz7627-bmc-credentials
+ namespace: mosk
+ labels:
+ kaas.mirantis.com/provider: baremetal
+spec:
+ username: engineer
+ password:
+ value: KBwdcRqwed3w2
+---
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: BareMetalHostCredential
+metadata:
+ name: cz7756-bmc-credentials
+ namespace: mosk
+ labels:
+ kaas.mirantis.com/provider: baremetal
+spec:
+ username: engineer
+ password:
+ value: KBwdcRqwed3w2
+---
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: BareMetalHostCredential
+metadata:
+ name: cz7792-bmc-credentials
+ namespace: mosk
+ labels:
+ kaas.mirantis.com/provider: baremetal
+spec:
+ username: engineer
+ password:
+ value: KBwdcRqwed3w2
+---
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: BareMetalHostCredential
+metadata:
+ name: cz7876-bmc-credentials
+ namespace: mosk
+ labels:
+ kaas.mirantis.com/provider: baremetal
+spec:
+ username: engineer
+ password:
+ value: KBwdcRqwed3w2
+---
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: BareMetalHostCredential
+metadata:
+ name: cz8073-bmc-credentials
+ namespace: mosk
+ labels:
+ kaas.mirantis.com/provider: baremetal
+spec:
+ username: engineer
+ password:
+ value: KBwdcRqwed3w2
+---
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: BareMetalHostCredential
+metadata:
+ name: cz9039-bmc-credentials
+ namespace: mosk
+ labels:
+ kaas.mirantis.com/provider: baremetal
+spec:
+ username: engineer
+ password:
+ value: KBwdcRqwed3w2
+---
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: BareMetalHostCredential
+metadata:
+ name: cz9046-bmc-credentials
+ namespace: mosk
+ labels:
+ kaas.mirantis.com/provider: baremetal
+spec:
+ username: engineer
+ password:
+ value: KBwdcRqwed3w2
+---
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: BareMetalHostCredential
+metadata:
+ name: cz8061-bmc-credentials
+ namespace: mosk
+ labels:
+ kaas.mirantis.com/provider: baremetal
+spec:
+ username: engineer
+ password:
+ value: KBwdcRqwed3w2
+---
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: BareMetalHostCredential
+metadata:
+ name: cz9047-bmc-credentials
+ namespace: mosk
+ labels:
+ kaas.mirantis.com/provider: baremetal
+spec:
+ username: engineer
+ password:
+ value: KBwdcRqwed3w2
+---
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: BareMetalHostCredential
+metadata:
+ name: cz9048-bmc-credentials
+ namespace: mosk
+ labels:
+ kaas.mirantis.com/provider: baremetal
+spec:
+ username: engineer
+ password:
+ value: KBwdcRqwed3w2
+---
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: BareMetalHostCredential
+metadata:
+ name: cz8159-bmc-credentials
+ namespace: mosk
+ labels:
+ kaas.mirantis.com/provider: baremetal
+spec:
+ username: engineer
+ password:
+ value: KBwdcRqwed3w2
+---
+apiVersion: metal3.io/v1alpha1
+kind: BareMetalHost
+metadata:
+ name: cz7625
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ baremetal: hw-cz7625
+ "hostlabel.bm.kaas.mirantis.com/storage": "storage"
+ "hostlabel.bm.kaas.mirantis.com/worker": "worker"
+ "hostlabel.bm.kaas.mirantis.com/os_ctl": "os_ctl"
+ annotations:
+ "kaas.mirantis.com/baremetalhost-credentials-name": "cz7625-bmc-credentials"
+spec:
+ bootMode: legacy
+ online: true
+ bootMACAddress: 0c:c4:7a:33:24:be
+ bmc:
+ address: 185.8.59.227
+ credentialsName: 'cz7625-bmc-credentials'
+---
+apiVersion: metal3.io/v1alpha1
+kind: BareMetalHost
+metadata:
+ name: cz7627
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ baremetal: hw-cz7627
+ "hostlabel.bm.kaas.mirantis.com/storage": "storage"
+ "hostlabel.bm.kaas.mirantis.com/worker": "worker"
+ "hostlabel.bm.kaas.mirantis.com/os_ctl": "os_ctl"
+ annotations:
+ "kaas.mirantis.com/baremetalhost-credentials-name": "cz7627-bmc-credentials"
+spec:
+ bootMode: legacy
+ online: true
+ bootMACAddress: 0c:c4:7a:33:2d:6a
+ bmc:
+ address: 185.8.59.229
+ credentialsName: 'cz7627-bmc-credentials'
+---
+apiVersion: metal3.io/v1alpha1
+kind: BareMetalHost
+metadata:
+ name: cz7756
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ baremetal: hw-cz7756
+ "hostlabel.bm.kaas.mirantis.com/storage": "storage"
+ "hostlabel.bm.kaas.mirantis.com/worker": "worker"
+ "hostlabel.bm.kaas.mirantis.com/os_ctl": "os_ctl"
+ annotations:
+ "kaas.mirantis.com/baremetalhost-credentials-name": "cz7756-bmc-credentials"
+spec:
+ bootMode: legacy
+ online: true
+ bootMACAddress: 0c:c4:7a:69:a0:4c
+ bmc:
+ address: 5.43.225.88
+ credentialsName: 'cz7756-bmc-credentials'
+---
+apiVersion: metal3.io/v1alpha1
+kind: BareMetalHost
+metadata:
+ name: cz7792
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ baremetal: hw-cz7792
+ "hostlabel.bm.kaas.mirantis.com/storage": "storage"
+ "hostlabel.bm.kaas.mirantis.com/worker": "worker"
+ annotations:
+ "kaas.mirantis.com/baremetalhost-credentials-name": "cz7792-bmc-credentials"
+spec:
+ bootMode: legacy
+ online: true
+ bootMACAddress: 0c:c4:7a:6c:83:5c
+ bmc:
+ address: 5.43.225.112
+ credentialsName: 'cz7792-bmc-credentials'
+---
+apiVersion: metal3.io/v1alpha1
+kind: BareMetalHost
+metadata:
+ name: cz7876
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ baremetal: hw-cz7876
+ "hostlabel.bm.kaas.mirantis.com/storage": "storage"
+ "hostlabel.bm.kaas.mirantis.com/worker": "worker"
+ annotations:
+ "kaas.mirantis.com/baremetalhost-credentials-name": "cz7876-bmc-credentials"
+spec:
+ bootMode: legacy
+ online: true
+ bootMACAddress: 0c:c4:7a:6c:88:d6
+ bmc:
+ address: 5.43.225.208
+ credentialsName: 'cz7876-bmc-credentials'
+---
+apiVersion: metal3.io/v1alpha1
+kind: BareMetalHost
+metadata:
+ name: cz8073
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ baremetal: hw-cz8073
+ "hostlabel.bm.kaas.mirantis.com/storage": "storage"
+ "hostlabel.bm.kaas.mirantis.com/worker": "worker"
+ annotations:
+ "kaas.mirantis.com/baremetalhost-credentials-name": "cz8073-bmc-credentials"
+spec:
+ bootMode: legacy
+ online: true
+ bootMACAddress: 0c:c4:7a:aa:df:ac
+ bmc:
+ address: 5.43.227.118
+ credentialsName: 'cz8073-bmc-credentials'
+---
+apiVersion: metal3.io/v1alpha1
+kind: BareMetalHost
+metadata:
+ name: cz9039
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ baremetal: hw-cz9039
+ "hostlabel.bm.kaas.mirantis.com/storage": "storage"
+ "hostlabel.bm.kaas.mirantis.com/worker": "worker"
+ annotations:
+ "kaas.mirantis.com/baremetalhost-credentials-name": "cz9039-bmc-credentials"
+spec:
+ bootMode: legacy
+ online: true
+ bootMACAddress: 0c:c4:7a:aa:d6:aa
+ bmc:
+ address: 185.8.58.248
+ credentialsName: 'cz9039-bmc-credentials'
+---
+apiVersion: metal3.io/v1alpha1
+kind: BareMetalHost
+metadata:
+ name: cz9046
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ baremetal: hw-cz9046
+ "hostlabel.bm.kaas.mirantis.com/storage": "storage"
+ "hostlabel.bm.kaas.mirantis.com/worker": "worker"
+ annotations:
+ "kaas.mirantis.com/baremetalhost-credentials-name": "cz9046-bmc-credentials"
+spec:
+ bootMode: legacy
+ online: true
+ bootMACAddress: 0c:c4:7a:aa:ce:30
+ bmc:
+ address: 185.8.59.222
+ credentialsName: 'cz9046-bmc-credentials'
+---
+apiVersion: metal3.io/v1alpha1
+kind: BareMetalHost
+metadata:
+ name: cz8061
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ baremetal: hw-cz8061
+ "hostlabel.bm.kaas.mirantis.com/storage": "storage"
+ "hostlabel.bm.kaas.mirantis.com/worker": "worker"
+ annotations:
+ "kaas.mirantis.com/baremetalhost-credentials-name": "cz8061-bmc-credentials"
+spec:
+ bootMode: legacy
+ online: true
+ bootMACAddress: 0c:c4:7a:aa:e0:ce
+ bmc:
+ address: 5.43.225.228
+ credentialsName: 'cz8061-bmc-credentials'
+---
+apiVersion: metal3.io/v1alpha1
+kind: BareMetalHost
+metadata:
+ name: cz9047
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ baremetal: hw-cz9047
+ hostlabel.bm.kaas.mirantis.com/controlplane: "controlplane"
+ annotations:
+ "kaas.mirantis.com/baremetalhost-credentials-name": "cz9047-bmc-credentials"
+spec:
+ bootMode: legacy
+ online: true
+ bootMACAddress: 0c:c4:7a:aa:d5:84
+ bmc:
+ address: 5.43.229.28
+ credentialsName: 'cz9047-bmc-credentials'
+---
+apiVersion: metal3.io/v1alpha1
+kind: BareMetalHost
+metadata:
+ name: cz9048
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ baremetal: hw-cz9048
+ hostlabel.bm.kaas.mirantis.com/controlplane: "controlplane"
+ annotations:
+ "kaas.mirantis.com/baremetalhost-credentials-name": "cz9048-bmc-credentials"
+spec:
+ bootMode: legacy
+ online: true
+ bootMACAddress: 0c:c4:7a:aa:d5:82
+ bmc:
+ address: 5.43.225.23
+ credentialsName: 'cz9048-bmc-credentials'
+---
+apiVersion: metal3.io/v1alpha1
+kind: BareMetalHost
+metadata:
+ name: cz8159
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ baremetal: hw-cz8159
+ hostlabel.bm.kaas.mirantis.com/controlplane: "controlplane"
+ annotations:
+ "kaas.mirantis.com/baremetalhost-credentials-name": "cz8159-bmc-credentials"
+spec:
+ bootMode: legacy
+ online: true
+ bootMACAddress: 0c:c4:7a:6c:bc:f6
+ bmc:
+ address: 185.8.58.9
+ credentialsName: 'cz8159-bmc-credentials'
diff --git a/bm_mcc_mosk/child/cluster/cluster.yaml b/bm_mcc_mosk/child/cluster/cluster.yaml
new file mode 100644
index 0000000..3b13a8f
--- /dev/null
+++ b/bm_mcc_mosk/child/cluster/cluster.yaml
@@ -0,0 +1,55 @@
+apiVersion: cluster.k8s.io/v1alpha1
+kind: Cluster
+metadata:
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ name: mosk
+ namespace: mosk
+spec:
+ clusterNetwork:
+ pods:
+ cidrBlocks:
+ - 10.100.0.0/16
+ services:
+ cidrBlocks:
+ - 10.101.0.0/16
+ providerSpec:
+ value:
+ kind: BaremetalClusterProviderSpec
+ release: mosk-17-1-0-24-1
+ loadBalancerHost: 172.16.180.250
+# loadBalancerHost: ""
+ apiVersion: baremetal.k8s.io/v1alpha1
+ dedicatedControlPlane: false
+ dedicatedMetallbPools: false
+ etcd: {}
+ publicKeys:
+ - name: vkhlyunev
+ - name: maintenance-ci-robot
+ - name: pglazov
+ - name: dmeltsaykin
+ - name: rlubianyi
+ dnsNameservers:
+ - 172.18.176.6
+ helmReleases:
+ - enabled: true
+ name: ceph-controller
+ values: null
+ - name: metallb
+ values: {}
+ - name: stacklight
+ values:
+ elasticsearch:
+ persistentVolumeClaimSize: 30Gi
+ highAvailabilityEnabled: true
+ logging:
+ enabled: true
+ prometheusServer:
+ persistentVolumeClaimSize: 16Gi
+ kaas:
+ management:
+ enabled: false
+# provider: baremetal
+ keycloak: {}
+ release: kaas-2-26-0
+# nodeCidr: 10.10.10.0/24
diff --git a/bm_mcc_mosk/child/cluster/kaascephcluster.yaml b/bm_mcc_mosk/child/cluster/kaascephcluster.yaml
new file mode 100644
index 0000000..bb6f375
--- /dev/null
+++ b/bm_mcc_mosk/child/cluster/kaascephcluster.yaml
@@ -0,0 +1,124 @@
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: KaaSCephCluster
+metadata:
+ name: mosk-ceph
+ namespace: mosk
+spec:
+ cephClusterSpec:
+ objectStorage:
+ rgw:
+ name: rgw-store
+ metadataPool:
+ failureDomain: host
+ replicated:
+ size: 3
+ deviceClass: ssd
+ dataPool:
+ failureDomain: host
+ erasureCoded:
+ dataChunks: 2
+ codingChunks: 1
+ deviceClass: ssd
+ gateway:
+ allNodes: false
+ instances: 3
+ port: 80
+ securePort: 8443
+ preservePoolsOnDelete: false
+# sharedFilesystem:
+# cephFS:
+# - name: cephfs-store
+# dataPools:
+# - name: cephfs-pool-1
+# deviceClass: ssd
+# replicated:
+# size: 3
+# failureDomain: host
+# metadataPool:
+# deviceClass: ssd
+# replicated:
+# size: 3
+# failureDomain: host
+# metadataServer:
+# activeCount: 1
+# activeStandby: false
+ network:
+ clusterNet: 10.12.1.0/24
+ publicNet: 10.12.0.0/24
+ nodes:
+ cz8061:
+ roles:
+ - mgr
+ - mon
+# - mds
+ - rgw
+ - osd
+ storageDevices:
+ - fullPath: /dev/disk/by-id/scsi-SATA_WDC_WDS500G2B0A-_172906426485
+ config:
+ deviceClass: ssd
+ osdsPerDevice: "2"
+ cz9039:
+ roles:
+ - mgr
+ - mon
+# - mds
+ - rgw
+ - osd
+ storageDevices:
+ - fullPath: /dev/disk/by-id/scsi-SATA_Samsung_SSD_850_S2RBNB0HA00867N
+ config:
+ deviceClass: ssd
+ osdsPerDevice: "2"
+ cz9046:
+ roles:
+ - mgr
+ - mon
+ - rgw
+# - mds
+ - osd
+ storageDevices:
+ - fullPath: /dev/disk/by-id/scsi-SATA_WDC_WDS500G2B0A-_172906422906
+ config:
+ deviceClass: ssd
+ osdsPerDevice: "2"
+ pools:
+ - default: true
+ deviceClass: ssd
+ name: kubernetes
+ replicated:
+ size: 3
+ role: kubernetes
+ - default: false
+ deviceClass: ssd
+ name: volumes
+ replicated:
+ size: 3
+ role: volumes
+ - default: false
+ deviceClass: ssd
+ name: vms
+ replicated:
+ size: 3
+ role: vms
+ - default: false
+ deviceClass: ssd
+ name: backup
+ replicated:
+ size: 3
+ role: backup
+ - default: false
+ deviceClass: ssd
+ name: images
+ replicated:
+ size: 3
+ role: images
+ - default: false
+ deviceClass: ssd
+ name: other
+ replicated:
+ size: 3
+ role: other
+ k8sCluster:
+ name: mosk
+ namespace: mosk
diff --git a/bm_mcc_mosk/child/cluster/l2_templates.yaml b/bm_mcc_mosk/child/cluster/l2_templates.yaml
new file mode 100644
index 0000000..c60118d
--- /dev/null
+++ b/bm_mcc_mosk/child/cluster/l2_templates.yaml
@@ -0,0 +1,95 @@
+apiVersion: ipam.mirantis.com/v1alpha1
+kind: L2Template
+metadata:
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ cluster.sigs.k8s.io/cluster-name: mosk
+ name: mosk-base-l2
+ namespace: mosk
+spec:
+ autoIfMappingPrio:
+ - provision
+ - enp
+ - eno
+ - ens
+ clusterRef: mosk
+ l3Layout:
+ - scope: namespace
+ subnetName: lcm-nw
+ - scope: namespace
+ subnetName: storage-frontend
+ - scope: namespace
+ subnetName: storage-backend
+ npTemplate: |-
+ version: 2
+ bonds:
+ bond0:
+ parameters:
+ mode: 802.3ad
+ interfaces:
+ - {{nic 3}}
+ - {{nic 5}}
+ bond1:
+ parameters:
+ mode: 802.3ad
+ interfaces:
+ - {{nic 2}}
+ - {{nic 4}}
+ ethernets:
+ {{nic 0}}:
+ dhcp4: false
+ dhcp6: false
+ match:
+ macaddress: {{mac 0}}
+ set-name: {{nic 0}}
+ mtu: 9000
+ addresses:
+ - {{ip "0:lcm-nw"}}
+ gateway4: {{gateway_from_subnet "lcm-nw"}}
+ nameservers:
+ addresses: {{nameservers_from_subnet "lcm-nw"}}
+ {{nic 2}}:
+ dhcp4: false
+ dhcp6: false
+ match:
+ macaddress: {{mac 2}}
+ set-name: {{nic 2}}
+ mtu: 9000
+ {{nic 3}}:
+ dhcp4: false
+ dhcp6: false
+ match:
+ macaddress: {{mac 3}}
+ set-name: {{nic 3}}
+ mtu: 9000
+ {{nic 4}}:
+ dhcp4: false
+ dhcp6: false
+ match:
+ macaddress: {{mac 4}}
+ set-name: {{nic 4}}
+ mtu: 9000
+ {{nic 5}}:
+ dhcp4: false
+ dhcp6: false
+ match:
+ macaddress: {{mac 4}}
+ set-name: {{nic 4}}
+ mtu: 9000
+ vlans:
+ pr-floating:
+ id: 2404
+ link: bond1
+ mtu: 9000
+ stor-frontend:
+ id: 2405
+ link: bond1
+ mtu: 9000
+ addresses:
+ - {{ip "stor-frontend:storage-frontend"}}
+ stor-backend:
+ id: 2406
+ link: bond1
+ mtu: 9000
+ addresses:
+ - {{ip "stor-backend:storage-backend"}}
\ No newline at end of file
diff --git a/bm_mcc_mosk/child/cluster/machines.yaml b/bm_mcc_mosk/child/cluster/machines.yaml
new file mode 100644
index 0000000..6877908
--- /dev/null
+++ b/bm_mcc_mosk/child/cluster/machines.yaml
@@ -0,0 +1,172 @@
+apiVersion: "cluster.k8s.io/v1alpha1"
+kind: MachineList
+items:
+- apiVersion: "cluster.k8s.io/v1alpha1"
+ kind: Machine
+ metadata:
+ name: cz7625
+ labels: &ucp_os_ctl_labels
+ kaas.mirantis.com/provider: baremetal
+ cluster.sigs.k8s.io/cluster-name: mosk
+ cluster.sigs.k8s.io/control-plane: "controlplane"
+ hostlabel.bm.kaas.mirantis.com/storage: "true"
+ hostlabel.bm.kaas.mirantis.com/worker: "true"
+ hostlabel.bm.kaas.mirantis.com/controlplane: "controlplane"
+ spec:
+ providerSpec:
+ value: &ucp_os_ctl_value
+ apiVersion: "baremetal.k8s.io/v1alpha1"
+ kind: "BareMetalMachineProviderSpec"
+ l2TemplateSelector:
+ name: mosk-base-l2
+ hostSelector:
+ matchLabels:
+ baremetal: hw-cz7625
+ bareMetalHostProfile:
+ namespace: mosk
+ name: bm-os-ctl
+ nodeLabels:
+ - key: openstack-control-plane
+ value: enabled
+ - key: openstack-gateway
+ value: enabled
+ - key: openvswitch
+ value: enabled
+
+- apiVersion: "cluster.k8s.io/v1alpha1"
+ kind: Machine
+ metadata:
+ name: cz7627
+ labels:
+ <<: *ucp_os_ctl_labels
+ spec:
+ providerSpec:
+ value:
+ <<: *ucp_os_ctl_value
+ hostSelector:
+ matchLabels:
+ baremetal: hw-cz7627
+
+- apiVersion: "cluster.k8s.io/v1alpha1"
+ kind: Machine
+ metadata:
+ name: cz7792
+ labels:
+ <<: *ucp_os_ctl_labels
+ spec:
+ providerSpec:
+ value:
+ <<: *ucp_os_ctl_value
+ hostSelector:
+ matchLabels:
+ baremetal: hw-cz7792
+
+- apiVersion: "cluster.k8s.io/v1alpha1"
+ kind: Machine
+ metadata:
+ name: cz9039
+ labels: &ceph_labels
+ kaas.mirantis.com/provider: baremetal
+ cluster.sigs.k8s.io/cluster-name: mosk
+ hostlabel.bm.kaas.mirantis.com/storage: "true"
+ hostlabel.bm.kaas.mirantis.com/worker: "true"
+ spec:
+ providerSpec:
+ value: &ceph_value
+ apiVersion: "baremetal.k8s.io/v1alpha1"
+ kind: "BareMetalMachineProviderSpec"
+ l2TemplateSelector:
+ name: mosk-base-l2
+ hostSelector:
+ matchLabels:
+ baremetal: hw-cz9039
+ bareMetalHostProfile:
+ namespace: mosk
+ name: bm-storage
+ nodeLabels:
+ - key: openstack-compute-node
+ value: enabled
+ - key: openvswitch
+ value: enabled
+
+- apiVersion: "cluster.k8s.io/v1alpha1"
+ kind: Machine
+ metadata:
+ name: cz9046
+ labels:
+ <<: *ceph_labels
+ spec:
+ providerSpec:
+ value:
+ <<: *ceph_value
+ hostSelector:
+ matchLabels:
+ baremetal: hw-cz9046
+
+- apiVersion: "cluster.k8s.io/v1alpha1"
+ kind: Machine
+ metadata:
+ name: cz8061
+ labels:
+ <<: *ceph_labels
+ spec:
+ providerSpec:
+ value:
+ <<: *ceph_value
+ hostSelector:
+ matchLabels:
+ baremetal: hw-cz8061
+
+
+- apiVersion: "cluster.k8s.io/v1alpha1"
+ kind: Machine
+ metadata:
+ name: cz9047
+ labels: &sl_labels
+ kaas.mirantis.com/provider: baremetal
+ cluster.sigs.k8s.io/cluster-name: mosk
+ hostlabel.bm.kaas.mirantis.com/worker: "true"
+ spec:
+ providerSpec:
+ value: &sl_value
+ apiVersion: "baremetal.k8s.io/v1alpha1"
+ kind: "BareMetalMachineProviderSpec"
+ l2TemplateSelector:
+ name: mosk-base-l2
+ hostSelector:
+ matchLabels:
+ baremetal: hw-cz9047
+ bareMetalHostProfile:
+ namespace: mosk
+ name: bm-sl
+ nodeLabels:
+ - key: stacklight
+ value: enabled
+
+- apiVersion: "cluster.k8s.io/v1alpha1"
+ kind: Machine
+ metadata:
+ name: cz9048
+ labels:
+ <<: *sl_labels
+ spec:
+ providerSpec:
+ value:
+ <<: *sl_value
+ hostSelector:
+ matchLabels:
+ baremetal: hw-cz9048
+
+- apiVersion: "cluster.k8s.io/v1alpha1"
+ kind: Machine
+ metadata:
+ name: cz8159
+ labels:
+ <<: *sl_labels
+ spec:
+ providerSpec:
+ value:
+ <<: *sl_value
+ hostSelector:
+ matchLabels:
+ baremetal: hw-cz8159
diff --git a/bm_mcc_mosk/child/cluster/metallbconfig.yaml b/bm_mcc_mosk/child/cluster/metallbconfig.yaml
new file mode 100644
index 0000000..b621be9
--- /dev/null
+++ b/bm_mcc_mosk/child/cluster/metallbconfig.yaml
@@ -0,0 +1,30 @@
+---
+# MetalLBConfig object serves for monitoring of MetalLB address advertisement
+# configuration since MCC 2.24. It can contain a link to MetalLBConfigTemplate
+# or full definition of MetalLB API objects.
+# The example below consumes "kaas-mgmt-metallb" MetalLBConfigTemplate object.
+# Operator can monitor the status of MetalLB configuration of the target
+# cluster using "status" of MetalLBConfig.
+# See MCC documentation for detailed description of MetalLB configuration using
+# MetalLBConfig and MetalLBConfigTemplate objects.
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: MetalLBConfig
+metadata:
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ cluster.sigs.k8s.io/cluster-name: mosk
+ name: mosk-metallb
+ namespace: mosk
+spec:
+ ipAddressPools:
+ - name: default
+ spec:
+ addresses:
+ - 172.16.180.26-172.16.180.75
+ autoAssign: true
+ avoidBuggyIPs: false
+ l2Advertisements:
+ - name: default
+ spec:
+ ipAddressPools:
+ - default
\ No newline at end of file
diff --git a/bm_mcc_mosk/child/cluster/project.yaml b/bm_mcc_mosk/child/cluster/project.yaml
new file mode 100644
index 0000000..40eb69f
--- /dev/null
+++ b/bm_mcc_mosk/child/cluster/project.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: mosk
+ labels:
+ kubernetes.io/metadata.name: mosk
\ No newline at end of file
diff --git a/bm_mcc_mosk/child/cluster/ssh_pubkeys.yaml b/bm_mcc_mosk/child/cluster/ssh_pubkeys.yaml
new file mode 100644
index 0000000..781cf11
--- /dev/null
+++ b/bm_mcc_mosk/child/cluster/ssh_pubkeys.yaml
@@ -0,0 +1,46 @@
+---
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: PublicKey
+metadata:
+ name: vkhlyunev
+ namespace: mosk
+spec:
+ publicKey: |
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDeGiSOs0zAwcxuc9y6BzidYFXQXLOLcBKSoW1tPYJ+bVGRwNRVh63/+/X+eOPbBp6xTNNHVyOpYHt1WUbIHsAqAx/XbzBp+j3/4+8+ucvWR3X9TTxK7Q+oB3SSy2iEeimiJmxfjiHu1hfcgN8L9YvXVquGC/EZbk/r27j7Gcxli7zesr9/kBBhigDSQeehJBJZ0ux3luVkjWSDYTeKqZhNNPFoD6eWmOfsAKNMhe/8IRD9e0zY4MsELi1tZl2zoQ69249e4M1aCuGxm+t+tHLzywX0tVZmM1yX7TDuszHbiii8HrjNwB1/K80HRwRrwVIne9P7wFSlC2exLkdfWd2D
+---
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: PublicKey
+metadata:
+ name: maintenance-ci-robot
+ namespace: mosk
+spec:
+ publicKey: |
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDci6MBY68s3FJ9V1OP5vdtVo/daJnkNXCPSPYbCX8/d0E3UJKgE81YvsxfuKp3r1rUNwTuGnkq+VUWcbIgpQNy69OuKxQkoGsRgYTA8n4ZZcuWz+dVenP90xLYHcnyACg63HUVEp5foLvu1WzOdH2A4bHmsl0ePM5IdnFyToHj+Nhwz1NSvbK1OkQHoEcIbkbIkIa/kWY2mgEIIUgb9YmaCI96eiVtQpFPQ4k7hpdrUAkG4e0jT8JA3zQoB++S12p0d0K3SQtJ3+YATUm+rKnHchHZ/uEAgBgoOLiu99p7Aiie76jlGxZp8A/hPqU/zS61z7ER4lJeyR/pXh53Ja+1 maintenance-ci
+---
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: PublicKey
+metadata:
+ name: rlubianyi
+ namespace: mosk
+spec:
+ publicKey: |
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXWwy6p3t4AGvaCtFDJxqKZiPDotJnbu2IKg2p7sl7YXQw+APLKk9maHyUehQQuGzidgBZpmBOMAXENcO1FGFj56cnp4W9tldTiRq1bWcUMq42wfNwIToP6dAXj5ZyhL+UZj1GsCThSasDhFe4Xife0cn69KHJqtmahApQK6D7tpZr2UNDYNWh/2JIrUOcJXZU+BqNg7zm1KNb6e9lKXL6KLDeaCiQ0bj+L/unqepLdg26eO7AQSZ/rt2qAnbfcquozECtDhT4cbK8q9xJODlJQ3eQGOgTH3m8jGijL+3UdPFUzbo4KwSK4V9FmB711HVBCQM4nlH9zumIUSxutnkd rlubianyi@rlubianyi-pc
+---
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: PublicKey
+metadata:
+ name: pglazov
+ namespace: mosk
+spec:
+ publicKey: |
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhZxqF+NSuP+Dr2nmGHf4NIpH2xWSmq+UE/HGP6j81rKSBZeRb2SuRXLtLVh3NZ+3GLa4UQGvedcnsqzgvSt05LYujloHnLxIsrsOWbLxOcdUYkorhXenGKBxKopwViRNV2PovMAnwyZ27GkXH8RQ52XISOdTIIV7r8M3kLpxCor2jHnOzJOcr7rhLeSFTK5zw6//T3S+IOQ5/HEs+8NK1sNw2lxBTuk+dAydiaCsQqm4GMl5vZSy0j7cnsy+lq69zN2/Bi4JzKLDKF2ap4zDh/ELhUBoQhh12T0djFV9Qv9fTWI4LUW8cVyqxbfreJrZqSAyMgSRrGSUBclFTmn5Z pavel@pavel-All-Series
+---
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: PublicKey
+metadata:
+ name: dmeltsaykin
+ namespace: mosk
+spec:
+ publicKey: |
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqfNIy3WuxzRzOY/GBNGOnP5UrCFWZ8uMzW6hEl4wgIEYYIcv8o+C1/hvrfHimG/I/rAwYRS6Dx0bZ7m49zATNxe+EVer3BV63ru34Hzel/XxxyD34ULmrDgvP3olaAKFI17gVOFQ7hCBzDRp3s4YN3ojQspPyeiO+Jt8OwVomxJWgLauAHhl7Z/XPVHpT/fssJGG/eC4oOz4RZ4jAk0BH3Yl8s63grfwrgB79H/+nr0UvBdTkBn3T5WiC4gxnm+jQQwci7/BLQsg1Z3OykfTuyftIexNyVVy/SmdsGi37RJGFKRMMovoZx+261JgaHWBoHqBJa5UpV2usi9z3Py2z avgoor@MacBook-Pro-Denis.local
+---
diff --git a/bm_mcc_mosk/child/cluster/subnets.yaml b/bm_mcc_mosk/child/cluster/subnets.yaml
new file mode 100644
index 0000000..15e3905
--- /dev/null
+++ b/bm_mcc_mosk/child/cluster/subnets.yaml
@@ -0,0 +1,68 @@
+apiVersion: ipam.mirantis.com/v1alpha1
+kind: Subnet
+metadata:
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ ipam/SVC-k8s-lcm: "1"
+ name: lcm-nw
+ namespace: mosk
+spec:
+ cidr: 172.16.180.0/23
+ gateway: 172.16.180.1
+ includeRanges:
+ - 172.16.180.10-172.16.180.25
+ nameservers:
+ - 172.18.176.6
+---
+apiVersion: ipam.mirantis.com/v1alpha1
+kind: Subnet
+metadata:
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ name: k8s-ext
+ namespace: mosk
+spec:
+ cidr: 172.17.42.0/26
+ includeRanges:
+ - 172.17.42.15-172.17.42.30
+ gateway: 172.17.42.1
+ nameservers:
+ - 172.18.176.6
+---
+apiVersion: ipam.mirantis.com/v1alpha1
+kind: Subnet
+metadata:
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ name: tenant
+ namespace: mosk
+spec:
+ cidr: 10.12.2.0/24
+---
+apiVersion: ipam.mirantis.com/v1alpha1
+kind: Subnet
+metadata:
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ ipam/SVC-ceph-public: "true"
+ cluster.sigs.k8s.io/cluster-name: mosk
+ name: storage-frontend
+ namespace: mosk
+spec:
+ cidr: 10.12.0.0/24
+ includeRanges:
+ - 10.12.0.5-10.12.0.250
+---
+apiVersion: ipam.mirantis.com/v1alpha1
+kind: Subnet
+metadata:
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ ipam/SVC-ceph-cluster: "true"
+ cluster.sigs.k8s.io/cluster-name: mosk
+ name: storage-backend
+ namespace: mosk
+spec:
+ cidr: 10.12.1.0/24
+ includeRanges:
+ - 10.12.1.5-10.12.1.250
\ No newline at end of file
diff --git a/bm_mcc_mosk/child/kaas_workloads/coredns.yaml b/bm_mcc_mosk/child/kaas_workloads/coredns.yaml
new file mode 100644
index 0000000..5587647
--- /dev/null
+++ b/bm_mcc_mosk/child/kaas_workloads/coredns.yaml
@@ -0,0 +1,55 @@
+apiVersion: lcm.mirantis.com/v1alpha1
+kind: HelmBundle
+metadata:
+ name: coredns
+ namespace: osh-system
+spec:
+ repositories:
+ - name: hub_stable
+ url: https://charts.helm.sh/stable
+ releases:
+ - name: coredns
+ chart: hub_stable/coredns
+ version: 1.8.1
+ namespace: coredns
+ values:
+ image:
+ repository: mirantis.azurecr.io/openstack/extra/coredns
+ tag: "1.6.9"
+ isClusterService: false
+ servers:
+ - zones:
+ - zone: .
+ scheme: dns://
+ use_tcp: false
+ port: 53
+ plugins:
+ - name: cache
+ parameters: 30
+ - name: errors
+ # Serves a /health endpoint on :8080, required for livenessProbe
+ - name: health
+ # Serves a /ready endpoint on :8181, required for readinessProbe
+ - name: ready
+ # Required to query kubernetes API for data
+ - name: kubernetes
+ parameters: cluster.local
+ - name: loadbalance
+ parameters: round_robin
+ # Serves a /metrics endpoint on :9153, required for serviceMonitor
+ - name: prometheus
+ parameters: 0.0.0.0:9153
+ - name: forward
+ parameters: . /etc/resolv.conf
+ - name: file
+ parameters: /etc/coredns/subdomain.team.sustaining.db subdomain.team.sustaining
+ serviceType: LoadBalancer
+ zoneFiles:
+ - filename: subdomain.team.sustaining.db
+ domain: subdomain.team.sustaining
+ contents: |
+ subdomain.team.sustaining. IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
+ subdomain.team.sustaining. IN NS b.iana-servers.net.
+ subdomain.team.sustaining. IN NS a.iana-servers.net.
+ subdomain.team.sustaining. IN A !!!EXT_DNS_IP
+ *.subdomain.team.sustaining. IN A !!!EXT_DNS_IP
\ No newline at end of file
diff --git a/bm_mcc_mosk/child/kaas_workloads/os-dpl.yaml b/bm_mcc_mosk/child/kaas_workloads/os-dpl.yaml
new file mode 100644
index 0000000..e2f6dc0
--- /dev/null
+++ b/bm_mcc_mosk/child/kaas_workloads/os-dpl.yaml
@@ -0,0 +1,97 @@
+apiVersion: lcm.mirantis.com/v1alpha1
+kind: OpenStackDeployment
+metadata:
+ name: osh-dev
+ namespace: openstack
+spec:
+ openstack_version: yoga
+ preset: compute
+ local_volume_storage_class: openstack-operator-bind-mounts
+ persistent_volume_storage_class: kubernetes-ssd
+ public_domain_name: subdomain.team.sustaining
+ internal_domain_name: cluster.local
+ size: tiny
+ features:
+ ssl:
+ public_endpoints:
+ api_cert:
+ value_from:
+ secret_key_ref:
+ key: api_cert
+ name: osh-dev-hidden
+ api_key:
+ value_from:
+ secret_key_ref:
+ key: api_key
+ name: osh-dev-hidden
+ ca_cert:
+ value_from:
+ secret_key_ref:
+ key: ca_cert
+ name: osh-dev-hidden
+ logging:
+ cinder:
+ level: DEBUG
+ glance:
+ level: DEBUG
+ heat:
+ level: DEBUG
+ keystone:
+ level: DEBUG
+ neutron:
+ level: DEBUG
+ nova:
+ level: DEBUG
+ octavia:
+ level: DEBUG
+ nova:
+ live_migration_interface: stor-backend
+ images:
+ backend: ceph
+ encryption:
+ enabled: false
+ neutron:
+ tunnel_interface: stor-backend
+ floating_network:
+ physnet: physnet1
+ enabled: true
+ subnet:
+ range: 172.17.42.0/26
+ gateway: 172.17.42.1
+ pool_start: 172.17.42.31
+ pool_end: 172.17.42.60
+ external_networks:
+ - bridge: br-ex
+ interface: bond0
+ mtu: null
+ network_types:
+ - flat
+ physnet: physnet1
+ vlan_ranges: null
+ services:
+ orchestration:
+ heat:
+ values:
+ conf:
+ heat:
+ clients_heat:
+ insecure: true
+ load-balancer:
+ octavia:
+ values:
+ octavia:
+ settings:
+ lbmgmt_cidr: "10.255.0.0/16"
+ lbmgmt_subnet_start: "10.255.1.0"
+ lbmgmt_subnet_end: "10.255.255.254"
+ networking:
+ neutron:
+ values:
+ conf:
+ neutron:
+ DEFAULT:
+ global_physnet_mtu: 9000
+ plugins:
+ ml2_conf:
+ ml2:
+ path_mtu: 9000
\ No newline at end of file
diff --git a/bm_mcc_mosk/kaas-mgmt/baremetalhostprofiles.yaml b/bm_mcc_mosk/kaas-mgmt/baremetalhostprofiles.yaml
new file mode 100644
index 0000000..81be899
--- /dev/null
+++ b/bm_mcc_mosk/kaas-mgmt/baremetalhostprofiles.yaml
@@ -0,0 +1,182 @@
+# BareMetalHostProfile resource allows you to define how the storage
+# devices and the operating system are provisioned and configured.
+apiVersion: metal3.io/v1alpha1
+metadata:
+ namespace: default
+ name: default-simple-since-2-24
+ labels:
+ kaas.mirantis.com/defaultBMHProfile: 'true'
+kind: BareMetalHostProfile
+spec:
+ # List of definitions of the physical storage devices. To configure more
+ # storage devices per host, add additional devices to this list.
+ # Each section in the list allows you to define disk parameters and
+ # restrictions in the 'device' field, and a list of partitions to be
+ # created on the device in the 'paritions' field.
+ devices:
+ # Define configuration of the first device on the host. This device
+ # will be partitioned and used as a system boot device. Minimal size
+ # for this device is 60Gib. If your device is smaller, change
+ # the 'minSize' parameter in the device definition appropriately.
+ # Use of a system device smaller than 60Gib is not recommended.
+ - device:
+ # Use the appropriate name of the device in the system. '/dev/sda'
+ # typically defines the first device on a system with 2 disks.
+ #byName: /dev/sda
+ minSize: 60Gi
+ # Deprecated. 'wipe' field, if set to 'true', forces the Container Cloud
+ # bare metal provisioning system to erase the contents of the device before using it.
+ #wipe: true
+ wipeDevice:
+ eraseMetadata:
+ enabled: true
+ # eraseDevice:
+ # timeout: 3600
+ # blkdiscard:
+ # enabled: false
+ # zeroout: "fallback"
+ # userDefined:
+ # enabled: false
+ # command: ""
+ # script: ""
+ # Do not change the names of partitions in this section.
+ # They are defined as expected by the Ubuntu operating system that
+ # will be installed.
+ partitions:
+ - name: bios_grub
+ # 4Mb boot partition is required for legacy (non-UEFI) systems.
+ size: 4Mi
+ partflags: ['bios_grub']
+ - name: uefi
+ partflags: ['esp']
+ size: 200Mi
+ - name: config-2
+ # Size of this partition is limited to 64Mb.
+ size: 64Mi
+ - name: lvm_root_part
+ # The 0 size for the partition means that this partition will
+ # use all remaining space on the device. Change it only if
+ # you want to have a root file system of specific size.
+ # WARNING: only last one partition on disk could be set as "0" size.
+ size: 0
+ # Define configuration of the second device on the host. This device
+ # will be used to store application data for management services of
+ # Container Cloud.
+ # The application data is stored in directories on this device,
+ # mounted as volumes to the application pods.
+ - device:
+ # Use the appropriate name of the device in the system. Typically,
+ # '/dev/sdb' defines the second device on a system with 3 disks.
+ #byName: /dev/sdb
+ minSize: 30Gi
+ # Deprecated. 'wipe' field, if set to 'true', forces the Container Cloud
+ # bare metal provisioning system to erase the contents of the device before using it.
+ #wipe: true
+ wipeDevice:
+ eraseMetadata:
+ enabled: true
+ # eraseDevice:
+ # timeout: 3600
+ # blkdiscard:
+ # enabled: false
+ # zeroout: "fallback"
+ # userDefined:
+ # enabled: false
+ # command: ""
+ # script: ""
+ # This device is partitioned for use by local volume provisioner.
+ partitions:
+ - name: lvm_lvp_part
+ # The 0 size for the partition means that this partition will
+ # use all remaining space on the device.
+ # WARNING: only last one partition on disk could be set as "0" size.
+ size: 0
+ volumeGroups:
+ - name: lvm_root
+ devices:
+ - partition: lvm_root_part
+ - name: lvm_lvp
+ devices:
+ - partition: lvm_lvp_part
+ logicalVolumes:
+ - name: root
+ vg: lvm_root
+ # If you set the size to 0, the logical volume will use all available
+ # space in its volume group.
+ # WARNING: only last one partition on disk could be set as "0" size.
+ size: 0
+ - name: lvp
+ vg: lvm_lvp
+ # If you set the size to 0, the logical volume will use all available
+ # space in its volume group.
+ # WARNING: only last one partition on disk could be set as "0" size.
+ size: 0
+ fileSystems:
+ - fileSystem: vfat
+ partition: config-2
+ - fileSystem: vfat
+ partition: uefi
+ mountPoint: /boot/efi
+ - fileSystem: ext4
+ logicalVolume: root
+ mountPoint: /
+ - fileSystem: ext4
+ logicalVolume: lvp
+ mountPoint: /mnt/local-volumes/
+ preDeployScript: |
+ #!/bin/bash -ex
+ echo $(date) 'pre_deploy_script done' >> /root/pre_deploy_done
+ postDeployScript: |
+ #!/bin/bash -ex
+ echo $(date) 'post_deploy_script done' >> /root/post_deploy_done
+ grubConfig:
+ defaultGrubOptions:
+ - 'GRUB_DISABLE_RECOVERY="true"'
+ - 'GRUB_PRELOAD_MODULES=lvm'
+ - 'GRUB_TIMEOUT=20'
+ # 'kernelParameters' section defines parameters of the operating system.
+ # See comments for the individual options for more information.
+ kernelParameters:
+ sysctl:
+ # Please check list of prohibited to change options:
+ # https://docs.mirantis.com/mke/3.6/install/predeployment/set-up-kernel-default-protections.html
+ # With this setting, kernel logs will be available only to the 'root'
+ # user.
+ kernel.dmesg_restrict: "1"
+ # Controls whether core dumps will append the PID to the core filename
+ # useful for debugging multi-threaded applications.
+ kernel.core_uses_pid: "1"
+ # Increase system file descriptor limit up to
+ # 9223372036854775807 (0x7fffffffffffffff) on a 64-bit system.
+ # Linux kernel documentation suggests that inode-max should be 3-4 times
+ # larger than this value.
+ fs.file-max: "9223372036854775807"
+ # The Linux kernel provides the Asynchronous non-blocking I/O (AIO) feature that allows a
+ # process to initiate multiple I/O operations simultaneously without having to wait for any of them to complete.
+ # This helps boost performance for applications that are able to overlap processing and I/O.
+ fs.aio-max-nr: "1048576"
+ # The inotify API provides a mechanism for monitoring file system events.
+ # Inotify can be used to monitor individual files, or to monitor directories.
+ # When a directory is monitored, inotify will return events for the directory itself, and for files inside the directory.
+ fs.inotify.max_user_instances: "4096"
+ # This file contains the maximum number of memory map areas a process may have.
+ # Memory map areas are used as a side-effect of calling malloc, directly by mmap and mprotect, and also when loading shared libraries.
+ # While most applications need less than a thousand maps, certain programs,
+ # particularly malloc debuggers, may consume lots of them, e.g., up to one or two maps per allocation.
+ vm.max_map_count: "262144"
+ # This option enables "Loose mode" assymetric-routing between k8s-lcm (LCM network) and bond0 (PXE network).
+ # Required only during bootstrap process, since bootstrap-seed node might not
+ # contain all required networks. (For example, when only pxe network configured on seed node)
+ # For details, see
+ # https://docs.mirantis.com/container-cloud/latest/deployment-guide/deploy-bm-mgmt.html
+ net.ipv4.conf.all.rp_filter: "2"
+ net.ipv4.conf.k8s-lcm.rp_filter: "2"
+ net.ipv4.conf.bond0.rp_filter: "2"
+ fs.inotify.max_user_watches: "81920"
+ # 'modules' field contains a list of files to be created in the
+ # '/etc/modprobe.d/' directory and the contents of the files.
+ # Use them to configure specific kernel modules on your system.
+ #modules:
+ # - filename: kvm_intel.conf
+ # content: |
+ # options kvm_intel nested=1
diff --git a/bm_mcc_mosk/kaas-mgmt/baremetalhosts.yaml b/bm_mcc_mosk/kaas-mgmt/baremetalhosts.yaml
new file mode 100644
index 0000000..41591fc
--- /dev/null
+++ b/bm_mcc_mosk/kaas-mgmt/baremetalhosts.yaml
@@ -0,0 +1,89 @@
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: BareMetalHostCredential
+metadata:
+ name: cz9040-bmc-credentials
+ namespace: default
+ labels:
+ kaas.mirantis.com/provider: baremetal
+spec:
+ username: engineer
+ password:
+ value: KBwdcRqwed3w2
+---
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: BareMetalHostCredential
+metadata:
+ name: cz9041-bmc-credentials
+ namespace: default
+ labels:
+ kaas.mirantis.com/provider: baremetal
+spec:
+ username: engineer
+ password:
+ value: KBwdcRqwed3w2
+---
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: BareMetalHostCredential
+metadata:
+ name: cz9042-bmc-credentials
+ namespace: default
+ labels:
+ kaas.mirantis.com/provider: baremetal
+spec:
+ username: engineer
+ password:
+ value: KBwdcRqwed3w2
+---
+apiVersion: metal3.io/v1alpha1
+kind: BareMetalHost
+metadata:
+ name: cz9040
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ baremetal: hw-cz9040
+ hostlabel.bm.kaas.mirantis.com/controlplane: "controlplane"
+ annotations:
+ "kaas.mirantis.com/baremetalhost-credentials-name": "cz9040-bmc-credentials"
+spec:
+ bootMode: legacy
+ online: true
+ bootMACAddress: 0c:c4:7a:aa:c9:02
+ bmc:
+ address: 185.8.58.246
+ credentialsName: 'cz9040-bmc-credentials'
+---
+apiVersion: metal3.io/v1alpha1
+kind: BareMetalHost
+metadata:
+ name: cz9041
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ baremetal: hw-cz9041
+ hostlabel.bm.kaas.mirantis.com/controlplane: "controlplane"
+ annotations:
+ "kaas.mirantis.com/baremetalhost-credentials-name": "cz9041-bmc-credentials"
+spec:
+ bootMode: legacy
+ online: true
+ bootMACAddress: 0c:c4:7a:aa:d5:60
+ bmc:
+ address: 185.8.58.243
+ credentialsName: 'cz9041-bmc-credentials'
+---
+apiVersion: metal3.io/v1alpha1
+kind: BareMetalHost
+metadata:
+ name: cz9042
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ baremetal: hw-cz9042
+ hostlabel.bm.kaas.mirantis.com/controlplane: "controlplane"
+ annotations:
+ "kaas.mirantis.com/baremetalhost-credentials-name": "cz9042-bmc-credentials"
+spec:
+ bootMode: legacy
+ online: true
+ bootMACAddress: 0c:c4:7a:aa:c9:3a
+ bmc:
+ address: 185.8.58.244
+ credentialsName: 'cz9042-bmc-credentials'
diff --git a/bm_mcc_mosk/kaas-mgmt/bootstrapregion.yaml b/bm_mcc_mosk/kaas-mgmt/bootstrapregion.yaml
new file mode 100644
index 0000000..687e29b
--- /dev/null
+++ b/bm_mcc_mosk/kaas-mgmt/bootstrapregion.yaml
@@ -0,0 +1,7 @@
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: BootstrapRegion
+metadata:
+ name: region-one
+ namespace: default
+spec:
+ provider: baremetal
diff --git a/bm_mcc_mosk/kaas-mgmt/cluster.yaml b/bm_mcc_mosk/kaas-mgmt/cluster.yaml
new file mode 100644
index 0000000..1005e29
--- /dev/null
+++ b/bm_mcc_mosk/kaas-mgmt/cluster.yaml
@@ -0,0 +1,105 @@
+---
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: PublicKey
+metadata:
+ name: vkhlyunev
+ namespace: default
+spec:
+ publicKey: |
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDeGiSOs0zAwcxuc9y6BzidYFXQXLOLcBKSoW1tPYJ+bVGRwNRVh63/+/X+eOPbBp6xTNNHVyOpYHt1WUbIHsAqAx/XbzBp+j3/4+8+ucvWR3X9TTxK7Q+oB3SSy2iEeimiJmxfjiHu1hfcgN8L9YvXVquGC/EZbk/r27j7Gcxli7zesr9/kBBhigDSQeehJBJZ0ux3luVkjWSDYTeKqZhNNPFoD6eWmOfsAKNMhe/8IRD9e0zY4MsELi1tZl2zoQ69249e4M1aCuGxm+t+tHLzywX0tVZmM1yX7TDuszHbiii8HrjNwB1/K80HRwRrwVIne9P7wFSlC2exLkdfWd2D
+---
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: PublicKey
+metadata:
+ name: maintenance-ci-robot
+ namespace: default
+spec:
+ publicKey: |
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDci6MBY68s3FJ9V1OP5vdtVo/daJnkNXCPSPYbCX8/d0E3UJKgE81YvsxfuKp3r1rUNwTuGnkq+VUWcbIgpQNy69OuKxQkoGsRgYTA8n4ZZcuWz+dVenP90xLYHcnyACg63HUVEp5foLvu1WzOdH2A4bHmsl0ePM5IdnFyToHj+Nhwz1NSvbK1OkQHoEcIbkbIkIa/kWY2mgEIIUgb9YmaCI96eiVtQpFPQ4k7hpdrUAkG4e0jT8JA3zQoB++S12p0d0K3SQtJ3+YATUm+rKnHchHZ/uEAgBgoOLiu99p7Aiie76jlGxZp8A/hPqU/zS61z7ER4lJeyR/pXh53Ja+1 maintenance-ci
+---
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: PublicKey
+metadata:
+ name: rlubianyi
+ namespace: default
+spec:
+ publicKey: |
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXWwy6p3t4AGvaCtFDJxqKZiPDotJnbu2IKg2p7sl7YXQw+APLKk9maHyUehQQuGzidgBZpmBOMAXENcO1FGFj56cnp4W9tldTiRq1bWcUMq42wfNwIToP6dAXj5ZyhL+UZj1GsCThSasDhFe4Xife0cn69KHJqtmahApQK6D7tpZr2UNDYNWh/2JIrUOcJXZU+BqNg7zm1KNb6e9lKXL6KLDeaCiQ0bj+L/unqepLdg26eO7AQSZ/rt2qAnbfcquozECtDhT4cbK8q9xJODlJQ3eQGOgTH3m8jGijL+3UdPFUzbo4KwSK4V9FmB711HVBCQM4nlH9zumIUSxutnkd rlubianyi@rlubianyi-pc
+---
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: PublicKey
+metadata:
+ name: pglazov
+ namespace: default
+spec:
+ publicKey: |
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhZxqF+NSuP+Dr2nmGHf4NIpH2xWSmq+UE/HGP6j81rKSBZeRb2SuRXLtLVh3NZ+3GLa4UQGvedcnsqzgvSt05LYujloHnLxIsrsOWbLxOcdUYkorhXenGKBxKopwViRNV2PovMAnwyZ27GkXH8RQ52XISOdTIIV7r8M3kLpxCor2jHnOzJOcr7rhLeSFTK5zw6//T3S+IOQ5/HEs+8NK1sNw2lxBTuk+dAydiaCsQqm4GMl5vZSy0j7cnsy+lq69zN2/Bi4JzKLDKF2ap4zDh/ELhUBoQhh12T0djFV9Qv9fTWI4LUW8cVyqxbfreJrZqSAyMgSRrGSUBclFTmn5Z pavel@pavel-All-Series
+---
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: PublicKey
+metadata:
+ name: dmeltsaykin
+ namespace: default
+spec:
+ publicKey: |
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqfNIy3WuxzRzOY/GBNGOnP5UrCFWZ8uMzW6hEl4wgIEYYIcv8o+C1/hvrfHimG/I/rAwYRS6Dx0bZ7m49zATNxe+EVer3BV63ru34Hzel/XxxyD34ULmrDgvP3olaAKFI17gVOFQ7hCBzDRp3s4YN3ojQspPyeiO+Jt8OwVomxJWgLauAHhl7Z/XPVHpT/fssJGG/eC4oOz4RZ4jAk0BH3Yl8s63grfwrgB79H/+nr0UvBdTkBn3T5WiC4gxnm+jQQwci7/BLQsg1Z3OykfTuyftIexNyVVy/SmdsGi37RJGFKRMMovoZx+261JgaHWBoHqBJa5UpV2usi9z3Py2z avgoor@MacBook-Pro-Denis.local
+---
+apiVersion: cluster.k8s.io/v1alpha1
+kind: Cluster
+metadata:
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ name: kaas-mgmt
+ namespace: default
+spec:
+ clusterNetwork:
+ pods:
+ cidrBlocks:
+ - 10.200.0.0/16
+ services:
+ cidrBlocks:
+ - 10.201.0.0/16
+ providerSpec:
+ value:
+ kind: BaremetalClusterProviderSpec
+ release: mke-16-1-0-3-7-5
+ apiVersion: baremetal.k8s.io/v1alpha1
+ dedicatedControlPlane: false
+ dedicatedMetallbPools: true
+ publicKeys:
+ - name: vkhlyunev
+ - name: maintenance-ci-robot
+ - name: pglazov
+ - name: dmeltsaykin
+ - name: rlubianyi
+ loadBalancerHost: ""
+ dnsNameservers:
+ - 172.18.176.6
+ helmReleases:
+ - name: metallb
+ values: {}
+ - name: stacklight
+ values:
+ elasticsearch:
+ persistentVolumeClaimSize: 30Gi
+ highAvailabilityEnabled: true
+ logging:
+ enabled: true
+ prometheusServer:
+ persistentVolumeClaimSize: 16Gi
+ kaas:
+ release: kaas-2-26-0
+ management:
+ enabled: true
+ regional:
+ - helmReleases:
+ - name: baremetal-operator
+ values: {}
+ - name: baremetal-provider
+ values:
+ customHostnamesEnabled: true
+ dnsmasq:
+ dynamic_bootp: true
+ - name: kaas-ipam
+ values: {}
+ provider: baremetal
diff --git a/bm_mcc_mosk/kaas-mgmt/ipam-objects.yaml b/bm_mcc_mosk/kaas-mgmt/ipam-objects.yaml
new file mode 100644
index 0000000..eb5535d
--- /dev/null
+++ b/bm_mcc_mosk/kaas-mgmt/ipam-objects.yaml
@@ -0,0 +1,209 @@
+---
+# This template allows you to configure networking for servers
+# of the management cluster of Mirantis Container Cloud. Network
+# configuration requires the following resources.
+
+# WARNING: Since Container Cloud 2.24, the default networking
+# definition schema has been significantly changed.
+# Older templates will not work for 2.24+ release bootstrap deployment.
+# For details, see
+# https://docs.mirantis.com/container-cloud/latest/deployment-guide/deploy-bm-mgmt.html
+
+# The 'mgmt-lb-pxe' Subnet object defines the range of IP addresses
+# used by MetalLB to expose services in the PXE network. This
+# includes Ironic API (bare metal provisioning server), HTTP server
+# that provides images for network boot and server provisioning,
+# and the caching server for accessing the Container Cloud artifacts
+# deployed on the hosts.
+apiVersion: "ipam.mirantis.com/v1alpha1"
+kind: Subnet
+metadata:
+ name: mgmt-lb-pxe
+ namespace: default
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ cluster.sigs.k8s.io/cluster-name: kaas-mgmt
+ ipam/SVC-MetalLB: "presents"
+ metallb/address-pool-auto-assign: "false"
+ metallb/address-pool-name: services-pxe
+ metallb/address-pool-protocol: layer2
+spec:
+ cidr: 172.16.180.0/23
+ includeRanges:
+ - 172.16.181.10-172.16.181.13
+---
+apiVersion: "ipam.mirantis.com/v1alpha1"
+kind: Subnet
+metadata:
+ name: mgmt-pxe
+ namespace: default
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ ipam/SVC-dhcp-range: "presents"
+spec:
+ cidr: 172.16.180.0/23
+ includeRanges:
+ - 172.16.181.14-172.16.181.30
+
+---
+# The 'mgmt-pxe-nics' Subnet object defines the range of IP addresses
+# for NIC IPs, from the PXE range that will be allocated on the nodes NICs
+# in the PXE network after nodes provisioning.
+# Required to elliminate prossible dhcp routing issues.
+apiVersion: "ipam.mirantis.com/v1alpha1"
+kind: Subnet
+metadata:
+ name: mgmt-pxe-nics
+ namespace: default
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ cluster.sigs.k8s.io/cluster-name: kaas-mgmt
+ # Label 'ipam/SVC-pxe-nics' is mandatory for this type of network.
+ ipam/SVC-pxe-nics: "presents"
+spec:
+ cidr: 172.16.180.0/23
+ gateway: 172.16.180.1
+ includeRanges:
+ - 172.16.181.31-172.16.181.50
+
+---
+apiVersion: "ipam.mirantis.com/v1alpha1"
+kind: Subnet
+metadata:
+ name: mgmt-k8s-api-lb
+ namespace: default
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ cluster.sigs.k8s.io/cluster-name: kaas-mgmt
+ ipam/SVC-LBhost: "presents"
+spec:
+ cidr: 172.16.181.3/32
+ useWholeCidr: true
+---
+# The 'mgmt-nics' Subnet defines the range of IP addresses to be allocated
+# to the nodes in the management/LCM network. The IP address of Kubernetes
+# API endpoint for the cluster is excluded from that range. The
+# MetalLB address pools are also excluded from that range.
+apiVersion: "ipam.mirantis.com/v1alpha1"
+kind: Subnet
+metadata:
+ name: mgmt-nics
+ namespace: default
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ cluster.sigs.k8s.io/cluster-name: kaas-mgmt
+ ipam/SVC-k8s-lcm: "presents"
+spec:
+ cidr: 172.16.180.0/23
+ gateway: 172.16.180.1
+ nameservers:
+ - 172.18.176.6
+ - 8.8.8.8
+ includeRanges:
+ - 172.16.181.51-172.16.181.100
+
+---
+# The 'mgmt-k8s-lb' Subnet object defines the range of IP addresses
+# used by MetalLB to expose services in the LCM/Management network.
+# It defines the same MetalLB address pool that was previously defined
+# in MetalLB chart values configInline parameter (which is deprecated).
+# These services include Keycloak, MCC UI, Stacklight services,
+# and the caching server for accessing the Container Cloud artifacts
+# deployed on the hosts.
+apiVersion: "ipam.mirantis.com/v1alpha1"
+kind: Subnet
+metadata:
+ name: mgmt-k8s-lb
+ namespace: default
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ cluster.sigs.k8s.io/cluster-name: kaas-mgmt
+ ipam/SVC-MetalLB: "presents"
+ metallb/address-pool-auto-assign: "true"
+ metallb/address-pool-name: default
+ metallb/address-pool-protocol: layer2
+spec:
+ cidr: 172.16.180.0/23
+ includeRanges:
+ - 172.16.181.101-172.16.181.140
+
+---
+apiVersion: ipam.mirantis.com/v1alpha1
+kind: MetalLBConfigTemplate
+metadata:
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ cluster.sigs.k8s.io/cluster-name: kaas-mgmt
+ name: kaas-mgmt-metallb
+ namespace: default
+spec:
+ templates:
+ l2Advertisements: |
+ - name: default
+ spec:
+ ipAddressPools:
+ - default
+ - services-pxe
+---
+# L2Template allows you to create advanced host networking
+# configurations for your management cluster. For example,
+# you can create bond interfaces on top of physical interfaces
+# on the host, or use multiple subnets to separate different
+# types of network traffic.
+# More elaborate network configurations for the management cluster
+# require changes in this resource template and potential
+# adding of more Subnet resources for other networks.
+# For more details, see
+# https://docs.mirantis.com/container-cloud/latest/deployment-guide/deploy-bm-mgmt.rst
+apiVersion: ipam.mirantis.com/v1alpha1
+kind: L2Template
+metadata:
+ name: default
+ namespace: default
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ cluster.sigs.k8s.io/cluster-name: kaas-mgmt
+ ipam/DefaultForCluster: "1"
+spec:
+ autoIfMappingPrio:
+ - provision
+ - enp
+ - eno
+ - ens
+ # The 'l3Layout' section defines the list of subnets to be used in the
+ # 'npTemplate' field.
+ l3Layout:
+ - scope: namespace
+ # 'subnetName' defines the name of the subnet that is used
+ # to refer to it throughout the 'npTemplate' below.
+ subnetName: kaas-mgmt
+ # 'labelSelector' is the combination of labels that allows
+ # detecting a unique subnet. These labels refer to the Subnet object.
+ labelSelector:
+ kaas.mirantis.com/provider: baremetal
+ ipam/SVC-k8s-lcm: "presents"
+ - scope: namespace
+ subnetName: mgmt-pxe
+ labelSelector:
+ kaas.mirantis.com/provider: baremetal
+ ipam/SVC-pxe-nics: "presents"
+ # The following is the template used to generate a netplan configuration
+ # file for Ubuntu. It contains an example of the definition of ethernet
+ # interfaces, with assigned addresses from the subnets defined in the 'l3Layout'
+ # field above. The gateway and nameservers are also
+ # taken from the subnet using the L2Temlpate-specific macros.
+ npTemplate: |
+ version: 2
+ renderer: networkd
+ ethernets:
+ {{nic 0}}:
+ dhcp4: false
+ dhcp6: false
+ addresses:
+ - {{ip "0:kaas-mgmt"}}
+ gateway4: {{gateway_from_subnet "kaas-mgmt"}}
+ nameservers:
+ addresses: {{nameservers_from_subnet "kaas-mgmt"}}
+ match:
+ macaddress: {{mac 0}}
+ set-name: {{nic 0}}
\ No newline at end of file
diff --git a/bm_mcc_mosk/kaas-mgmt/machines.yaml b/bm_mcc_mosk/kaas-mgmt/machines.yaml
new file mode 100644
index 0000000..3e1d6b0
--- /dev/null
+++ b/bm_mcc_mosk/kaas-mgmt/machines.yaml
@@ -0,0 +1,48 @@
+apiVersion: "cluster.k8s.io/v1alpha1"
+kind: MachineList
+items:
+- apiVersion: "cluster.k8s.io/v1alpha1"
+ kind: Machine
+ metadata:
+ name: cz9040
+ labels: &cp_labels
+ kaas.mirantis.com/provider: baremetal
+ cluster.sigs.k8s.io/cluster-name: kaas-mgmt
+ cluster.sigs.k8s.io/control-plane: "true"
+ spec:
+ providerSpec:
+ value: &cp_value
+ apiVersion: "baremetal.k8s.io/v1alpha1"
+ kind: "BareMetalMachineProviderSpec"
+ hostSelector:
+ matchLabels:
+ baremetal: hw-cz9040
+
+- apiVersion: "cluster.k8s.io/v1alpha1"
+ kind: Machine
+ metadata:
+ name: cz9041
+ labels:
+ <<: *cp_labels
+ spec:
+ providerSpec:
+ value:
+ <<: *cp_value
+ hostSelector:
+ matchLabels:
+ baremetal: hw-cz9041
+
+- apiVersion: "cluster.k8s.io/v1alpha1"
+ kind: Machine
+ metadata:
+ name: cz9042
+ labels:
+ <<: *cp_labels
+ spec:
+ providerSpec:
+ value:
+ <<: *cp_value
+ hostSelector:
+ matchLabels:
+ baremetal: hw-cz9042
+
diff --git a/bm_mcc_mosk/kaas-mgmt/metallbconfig.yaml b/bm_mcc_mosk/kaas-mgmt/metallbconfig.yaml
new file mode 100644
index 0000000..8c218d0
--- /dev/null
+++ b/bm_mcc_mosk/kaas-mgmt/metallbconfig.yaml
@@ -0,0 +1,19 @@
+---
+# MetalLBConfig object serves for monitoring of MetalLB address advertisement
+# configuration since MCC 2.24. It can contain a link to MetalLBConfigTemplate
+# or full definition of MetalLB API objects.
+# The example below consumes "kaas-mgmt-metallb" MetalLBConfigTemplate object.
+# Operator can monitor the status of MetalLB configuration of the target
+# cluster using "status" of MetalLBConfig.
+# See MCC documentation for detailed description of MetalLB configuration using
+# MetalLBConfig and MetalLBConfigTemplate objects.
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: MetalLBConfig
+metadata:
+ labels:
+ kaas.mirantis.com/provider: baremetal
+ cluster.sigs.k8s.io/cluster-name: kaas-mgmt
+ name: kaas-mgmt-metallb
+ namespace: default
+spec:
+ templateName: kaas-mgmt-metallb
diff --git a/bm_mcc_mosk/mcc_seed_2401.yaml b/bm_mcc_mosk/mcc_seed_2401.yaml
new file mode 100644
index 0000000..68f8d54
--- /dev/null
+++ b/bm_mcc_mosk/mcc_seed_2401.yaml
@@ -0,0 +1,103 @@
+heat_template_version: queens
+
+description: Single server instance fragment
+
+parameters:
+ seed_net:
+ type: string
+ default: 'system-phys-2401'
+ seed_subnet_cfg01_ip:
+ type: string
+ default: "172.16.180.2"
+ seed_subnet_gateway_ip:
+ type: string
+ default: 172.16.180.1
+ seed_subnet_cidr:
+ type: string
+ default: 172.16.180.0/23
+ seed_net_dhcp:
+ type: boolean
+ default: false
+ seed_subnet_pool_start:
+ type: string
+ default: 172.16.180.3
+ seed_subnet_pool_end:
+ type: string
+ default: 172.16.180.61
+ nameservers:
+ type: comma_delimited_list
+ default: '172.18.176.6,172.16.180.1,8.8.8.8'
+ flavor:
+ type: string
+ default: kaas.medium
+ seed_seed_instance_name:
+ type: string
+ default: kaas_test
+ key_pair:
+ type: string
+ default: system-key-8133
+ seed_instance_domain:
+ type: string
+ default: msust
+ net_public:
+ type: string
+ default: public
+ availability_zone:
+ type: string
+ default: nova
+ instance_boot_timeout:
+ type: number
+ default: 600
+
+resources:
+ instance_wait_handle:
+ type: OS::Heat::WaitConditionHandle
+
+ instance_wait_condition:
+ type: OS::Heat::WaitCondition
+ depends_on: kaas_instance
+ properties:
+ handle: { get_resource: instance_wait_handle }
+ timeout: { get_param: instance_boot_timeout }
+
+ seed_subnet:
+ type: OS::Neutron::Subnet
+ properties:
+ name: { list_join: ['-', [ { get_param: seed_net }, 'subnet', { get_param: env_name } ]] }
+ network: { get_param: seed_net }
+ gateway_ip: { get_param: seed_subnet_gateway_ip }
+ cidr: { get_param: seed_subnet_cidr }
+ enable_dhcp: { get_param: seed_subnet_dhcp }
+ dns_nameservers: { get_param: nameservers }
+
+ seed_port01:
+ type: OS::Neutron::Port
+ properties:
+ port_security_enabled: false
+ network_id: { get_param: seed_net }
+ fixed_ips:
+ - ip_address: { get_param: seed_subnet_cfg01_ip }
+
+ seed_instance:
+ type: OS::Nova::Server
+ depends_on: seed_subnet
+ properties:
+ image_update_policy: REBUILD
+ flavor: { get_param: flavor }
+ image: 'focal-server-cloudimg-amd64-20220419'
+ key_name: { get_param: key_pair }
+ availability_zone: { get_param: availability_zone }
+ name:
+ list_join:
+ - '.'
+ - [ { get_param: seed_instance_name }, { get_param: seed_instance_domain } ]
+ networks:
+ - port: { get_resource: seed_port01 }
+ user_data_format: RAW
+ user_data:
+ str_replace:
+ template: { get_file: mcc_seed_2401_userdata.yaml }
+ params:
+ $wait_condition_notify: { get_attr: [ instance_wait_handle, curl_cli ] }
+ $os_az: { get_param: availability_zone }
+ $nameservers: { get_param: nameservers }
diff --git a/bm_mcc_mosk/mcc_seed_2401_userdata.yaml b/bm_mcc_mosk/mcc_seed_2401_userdata.yaml
new file mode 100644
index 0000000..06eb55f
--- /dev/null
+++ b/bm_mcc_mosk/mcc_seed_2401_userdata.yaml
@@ -0,0 +1,221 @@
+#cloud-config
+output : { all : '| tee -a /var/log/cloud-init-output.log' }
+
+ssh_pwauth: True
+
+disable_root: false
+chpasswd:
+ list: |
+ ubuntu:qalab
+ root:r00tme
+ expire: False
+
+ntp:
+ enabled: true
+ servers:
+ - 0.pool.ntp.org
+ - 1.pool.ntp.org
+ - 2.pool.ntp.org
+ - 3.pool.ntp.org
+
+# this would disable apt:submodule to refresh already overwritten (below) sources.list.
+apt:
+ preserve_sources_list: true
+package_update: false
+package_upgrade: false
+package_reboot_if_required: false
+
+instance_boot:
+ - &instance_boot |
+ service="apt-daily-upgrade.service apt-daily.service apt-daily-upgrade.timer apt-daily.timer
+ kerneloops snapd snapd.socket cups-browsed.service cups apport.service apport-forward.socket motd-news.service motd-news.timer unattended-upgrades.service
+ ua-messaging.timer ua-messaging.service ua-timer.timer"
+ for r in ${service} ; do
+ systemctl disable ${r} || true
+ systemctl mask ${r} || true
+ systemctl stop ${r} || true
+ done
+
+ export DEBIAN_FRONTEND=noninteractive
+ export DEBCONF_NONINTERACTIVE_SEEN=true
+ APT_OPTS="-o APT::Install-Suggests=0 -o APT::Install-Recommends=0 -o Dpkg::Options::=--force-confold -o Dpkg::Options::=--force-confdef"
+ apt-get ${APT_OPTS} -y remove --purge unattended-upgrades || true
+
+ function wait_condition_send() {
+ local status=${1:-SUCCESS}
+ local reason=${2:-empty}
+ local data_binary="{\"status\": \"$status\", \"reason\": \"$reason\"}"
+ echo "Sending signal to wait condition: $data_binary"
+ $wait_condition_notify -k --data-binary "$data_binary"
+ if [ "$status" == "FAILURE" ]; then
+ exit 1
+ fi
+ }
+
+ # Re-pin repo, just to cleanup src\and etc metadata download
+ source /etc/lsb-release
+ cat << EOF > /etc/apt/sources.list
+ deb [arch=amd64] https://mirror.mirantis.com/nightly/ubuntu/ ${DISTRIB_CODENAME} main restricted universe
+ deb [arch=amd64] https://mirror.mirantis.com/nightly/ubuntu/ ${DISTRIB_CODENAME}-updates main restricted universe
+ EOF
+
+ # Remove 50command-not-found and update cache
+ rm -f /etc/apt/apt.conf.d/50command-not-found
+ apt-get update
+
+ if [[ -n "$hack_tuning_enabled" ]]; then
+ echo "Add dirty hacks in system"
+ sysctl -w vm.dirty_ratio=40
+ sysctl -w vm.dirty_background_ratio=20
+ echo 0 > /sys/block/vda/queue/rotational || true
+ echo 32768 > /sys/block/vda/queue/read_ahead_kb || true
+ GRUB_CMDLINE_LINUX_DEFAULT="console=tty1 console=ttyS0 noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off tsx=on tsx_async_abort=off mitigations=off"
+ if ! [[ $(cat /proc/cmdline) =~ $GRUB_CMDLINE_LINUX_DEFAULT ]]; then
+ echo "Update mount options for / partition"
+ sed -i '/rootfs/s/defaults\t/rw,noatime,nodiratime,lazytime,nobarrier,commit=240,data=ordered\t/' /etc/fstab
+ echo "Update kernel cmdline in grub and reboot"
+ echo "GRUB_CMDLINE_LINUX_DEFAULT=\"${GRUB_CMDLINE_LINUX_DEFAULT}\"" > /etc/default/grub.d/60-make-linux-fast-again.cfg
+ update-grub2
+ cloud-init clean --reboot # clean cloud-init cache and reboot so it emulates first boot
+ fi
+ fi
+
+ netplan --debug apply
+ # NOTE(vsaienko): the netplan apply is asyncronous, there is no guarantee
+ # that changes are applied when command exited. Pause some time to make
+ # sure we call next check when network is reconfigured.
+ sleep 15
+
+ echo "Checking connectivity to mirror.mirantis.com"
+ wait_time=0
+ until $( timeout 30s curl -s mirror.mirantis.com >> /dev/null ); do
+ if [[ $wait_time -gt 5 ]]; then
+ echo "FAILURE: unable to access mirror.mirantis.com (network check)"
+ wait_condition_send "FAILURE" "mirror.mirantis.com is unreachable"
+ exit 1
+ fi
+ sleep $(( 3 * wait_time++ ))
+ done
+
+ echo "Configuring regional user for clean-seed scenarios"
+ sudo groupadd docker
+ sudo groupadd regional
+ sudo useradd -g regional -G users,admin,docker -s /bin/bash -m regional
+ echo -e "\nregional ALL=(ALL) NOPASSWD: ALL\n" | sudo tee -a /etc/sudoers
+ sudo mkdir -p /home/regional/.ssh
+ sudo cp /home/ubuntu/.ssh/authorized_keys /home/regional/.ssh/authorized_keys
+ sudo chmod 600 /home/regional/.ssh/authorized_keys
+ sudo chown -R regional:regional /home/regional
+ apt-get ${APT_OPTS} -y install bridge-utils docker.io ipmitool wget golang-cfssl jq
+ usermod -aG docker ubuntu
+ cd /root/
+ wget https://binary.mirantis.com/releases/get_container_cloud.sh
+ chmod 0755 get_container_cloud.sh
+ ./get_container_cloud.sh
+ cp /root/mirantis.lic kaas-bootstrap/
+
+ echo "Sending wait_condition signal"
+ wait_condition_send "SUCCESS" "Instance is UP and running"
+
+runcmd:
+ - [bash, -cex, *instance_boot]
+
+write_files:
+ - path: /root/.ssh/authorized_keys
+ content: |
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDeGiSOs0zAwcxuc9y6BzidYFXQXLOLcBKSoW1tPYJ+bVGRwNRVh63/+/X+eOPbBp6xTNNHVyOpYHt1WUbIHsAqAx/XbzBp+j3/4+8+ucvWR3X9TTxK7Q+oB3SSy2iEeimiJmxfjiHu1hfcgN8L9YvXVquGC/EZbk/r27j7Gcxli7zesr9/kBBhigDSQeehJBJZ0ux3luVkjWSDYTeKqZhNNPFoD6eWmOfsAKNMhe/8IRD9e0zY4MsELi1tZl2zoQ69249e4M1aCuGxm+t+tHLzywX0tVZmM1yX7TDuszHbiii8HrjNwB1/K80HRwRrwVIne9P7wFSlC2exLkdfWd2D vkhlyunev
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDci6MBY68s3FJ9V1OP5vdtVo/daJnkNXCPSPYbCX8/d0E3UJKgE81YvsxfuKp3r1rUNwTuGnkq+VUWcbIgpQNy69OuKxQkoGsRgYTA8n4ZZcuWz+dVenP90xLYHcnyACg63HUVEp5foLvu1WzOdH2A4bHmsl0ePM5IdnFyToHj+Nhwz1NSvbK1OkQHoEcIbkbIkIa/kWY2mgEIIUgb9YmaCI96eiVtQpFPQ4k7hpdrUAkG4e0jT8JA3zQoB++S12p0d0K3SQtJ3+YATUm+rKnHchHZ/uEAgBgoOLiu99p7Aiie76jlGxZp8A/hPqU/zS61z7ER4lJeyR/pXh53Ja+1 maintenance-ci
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXWwy6p3t4AGvaCtFDJxqKZiPDotJnbu2IKg2p7sl7YXQw+APLKk9maHyUehQQuGzidgBZpmBOMAXENcO1FGFj56cnp4W9tldTiRq1bWcUMq42wfNwIToP6dAXj5ZyhL+UZj1GsCThSasDhFe4Xife0cn69KHJqtmahApQK6D7tpZr2UNDYNWh/2JIrUOcJXZU+BqNg7zm1KNb6e9lKXL6KLDeaCiQ0bj+L/unqepLdg26eO7AQSZ/rt2qAnbfcquozECtDhT4cbK8q9xJODlJQ3eQGOgTH3m8jGijL+3UdPFUzbo4KwSK4V9FmB711HVBCQM4nlH9zumIUSxutnkd rlubianyi@rlubianyi-pc
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhZxqF+NSuP+Dr2nmGHf4NIpH2xWSmq+UE/HGP6j81rKSBZeRb2SuRXLtLVh3NZ+3GLa4UQGvedcnsqzgvSt05LYujloHnLxIsrsOWbLxOcdUYkorhXenGKBxKopwViRNV2PovMAnwyZ27GkXH8RQ52XISOdTIIV7r8M3kLpxCor2jHnOzJOcr7rhLeSFTK5zw6//T3S+IOQ5/HEs+8NK1sNw2lxBTuk+dAydiaCsQqm4GMl5vZSy0j7cnsy+lq69zN2/Bi4JzKLDKF2ap4zDh/ELhUBoQhh12T0djFV9Qv9fTWI4LUW8cVyqxbfreJrZqSAyMgSRrGSUBclFTmn5Z pavel@pavel-All-Series
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqfNIy3WuxzRzOY/GBNGOnP5UrCFWZ8uMzW6hEl4wgIEYYIcv8o+C1/hvrfHimG/I/rAwYRS6Dx0bZ7m49zATNxe+EVer3BV63ru34Hzel/XxxyD34ULmrDgvP3olaAKFI17gVOFQ7hCBzDRp3s4YN3ojQspPyeiO+Jt8OwVomxJWgLauAHhl7Z/XPVHpT/fssJGG/eC4oOz4RZ4jAk0BH3Yl8s63grfwrgB79H/+nr0UvBdTkBn3T5WiC4gxnm+jQQwci7/BLQsg1Z3OykfTuyftIexNyVVy/SmdsGi37RJGFKRMMovoZx+261JgaHWBoHqBJa5UpV2usi9z3Py2z avgoor@MacBook-Pro-Denis.local
+
+ - path: /etc/bash_completion.d/kaas
+ content: |
+ PATH=${PATH}:~/kaas-bootstrap/bin:/home/ubuntu/bootstrap/dev/bin
+ if [ -f ~/kubeconfig ]; then export KUBECONFIG=~/kubeconfig ; fi
+ if [ -f ~/bootstrap/dev/kubeconfig ]; then export KUBECONFIG=~/bootstrap/dev/kubeconfig; fi
+ echo "KUBECONFIG=${KUBECONFIG}"
+ echo "kubectl=$(which kubectl)"
+
+ - path: /etc/netplan/51-kaas-init.yaml
+ content: |
+ network:
+ version: 2
+ renderer: networkd
+ ethernets:
+ ens3:
+ nameservers:
+ addresses: $nameservers
+ dhcp4: false
+ dhcp6: false
+ bridges:
+ br0:
+ dhcp4: false
+ dhcp6: false
+ addresses:
+ - 172.16.180.2/23
+ mtu: 9100
+ nameservers:
+ addresses:
+ - 172.18.176.6
+ - 172.16.180.1
+ - 8.8.8.8
+ search: [ ]
+ interfaces:
+ - ens3
+ routes:
+ - to: 0.0.0.0/0
+ via: 172.16.180.1
+ parameters:
+ forward-delay: 4
+ stp: false
+ - path: /root/do_deploy.sh
+ content: |
+ set -e
+ source /root/env_vars.sh
+ while [ ! -d /root/templates ] ; do sleep 4 ; done
+ [[ "$(sed -n 693p /root/kaas-bootstrap/bootstrap.sh)" -eq "configure" ]] && sed -i "693d" /root/kaas-bootstrap/bootstrap.sh
+ /root/kaas-bootstrap/bootstrap.sh all
+ export KUBECONFIG=/root/kubeconfig
+ echo r00tme | /root/kaas-bootstrap/container-cloud bootstrap user add --username root --roles global-admin,management-admin,reader,writer,operator --kubeconfig kubeconfig --password-stdin
+ - path: /root/do_child.sh
+ content: |
+ set -e
+ while [ ! -d /root/child/templates ] ; do echo 'no child templates!' ; sleep 4 ; done
+ export KUBECONFIG=/root/kubeconfig
+ kubectl apply -f /root/child/templates/project.yaml
+ sleep 2 && kubectl -n mosk apply -f /root/child/templates/ssh_pubkeys.yaml
+ sleep 2 && kubectl -n mosk apply -f /root/child/templates/cluster.yaml
+ sleep 2 && kubectl -n mosk apply -f /root/child/templates/baremetalhosts.yaml
+ sleep 2 && kubectl -n mosk apply -f /root/child/templates/baremetalhostprofiles.yaml
+ sleep 2 && kubectl -n mosk apply -f /root/child/templates/subnets.yaml
+ sleep 2 && kubectl -n mosk apply -f /root/child/templates/l2_templates.yaml
+ sleep 2 && kubectl -n mosk apply -f /root/child/templates/metallbconfig.yaml
+ sleep 2 && kubectl -n mosk apply -f /root/child/templates/machines.yaml
+ sleep 2 && kubectl -n mosk apply -f /root/child/templates/kaascephcluster.yaml
+
+ - path: /etc/udev/rules.d/60-ssd-scheduler.rules
+ content: |
+ ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="deadline"
+
+ - path: /root/env_vars.sh
+ content: |
+ export KAAS_BM_ENABLED="true"
+ export KAAS_BM_PXE_IP="172.16.180.5"
+ export KAAS_BM_PXE_MASK="23"
+ export KAAS_BM_PXE_BRIDGE="br0"
+ export CLUSTER_NAME=kaas-mgmt
+ export OUT_DIR=/root/templates
+ - path: /root/get_child_kubeconfig.sh
+ content: |
+ /root/kaas-bootstrap/bin/kubectl --kubeconfig /root/kubeconfig -n mosk get secrets mosk-kubeconfig -o jsonpath='{.data.admin\.conf}' | base64 -d | sed 's/:5443/:443/g' | tee /root/child.kubeconfig
+ export KUBECONFIG=/root/child.kubeconfig
+ - path: /root/mirantis.lic
+ content: |
+ eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9Cg.eyJleHAiOjE3MzgzOTY4MDAsImlhdCI6MTY3NTMyNDgwMCwic3ViIjoiZGV2fHNpLWRldiIsImxpY2Vuc2UiOnsiZGV2Ijp0cnVlLCJsaW1pdHMiOnsiY2x1c3RlcnMiOjAsIndvcmtlcnNfcGVyX2NsdXN0ZXIiOjB9LCJvcGVuc3RhY2siOnsiY2x1c3RlcnMiOjAsIndvcmtlcnNfcGVyX2NsdXN0ZXIiOjB9fX0K.18naIn5bHkrQJGnqsiv8BHAEhdz_mnMSR2Oz0hAKyhVTdn5Hd7ESJFvPe2agEl7IJf4n6--NPa9zqW0y9zcixnoxB_7xvMntNCaPzfAap8Lm7RSghDJicyJ1xXTj4NNf3ocnbA8rCUNkrSbh2GKFNBqiDMqZTGC7Jozee5HjBzaxFUF0Z0Nr3T0q53DrZmiAhe0P8LtbxFhMICptcMnX-c4mw_hc5TziLZdpR0TUCJk4B0Cit4PABzZWjDCt5gWpy70ZCTTG2xo5dikd-WYBp6f43U5LUroYkhKTHjLMphHnsEDDBu2qaV18ONSuFSQ-Sfg_Mg9ndS_IMTvS9IipsA
+ - path: /etc/docker/daemon.json
+ content: '{"default-address-pools": [{"base": "10.50.0.0/16","size": 24}]}'
+
+
+
+
diff --git a/bm_mcc_mosk/utils/tsl_gen.sh b/bm_mcc_mosk/utils/tsl_gen.sh
new file mode 100644
index 0000000..736c4de
--- /dev/null
+++ b/bm_mcc_mosk/utils/tsl_gen.sh
@@ -0,0 +1,62 @@
+set -e
+rm -rf /root/cert && mkdir -p /root/cert && pushd /root/cert
+
+tee ca-config.json << EOF
+{
+ "signing": {
+ "default": {
+ "expiry": "8760h"
+ },
+ "profiles": {
+ "kubernetes": {
+ "usages": [
+ "signing",
+ "key encipherment",
+ "server auth",
+ "client auth"
+ ],
+ "expiry": "8760h"
+ }
+ }
+ }
+}
+EOF
+
+tee ca-csr.json << EOF
+{
+ "CN": "kubernetes",
+ "key": {
+ "algo": "rsa",
+ "size": 2048
+ },
+ "names":[{
+ "C": "EU",
+ "ST": "CZ",
+ "L": "DC",
+ "O": "Mirantis",
+ "OU": "EU BM 2401"
+ }]
+}
+EOF
+
+tee server-csr.json << EOF
+{
+ "CN": "*.subdomain.team.sustaining",
+ "hosts": [
+ "*.subdomain.team.sustaining"
+ ],
+ "key": {
+ "algo": "rsa",
+ "size": 2048
+ },
+ "names": [ {
+ "C": "EU",
+ "L": "DC",
+ "ST": "CZ"
+ }]
+}
+EOF
+cfssl gencert -initca ca-csr.json | cfssljson -bare ca
+cfssl gencert -ca=ca.pem -ca-key=ca-key.pem --config=ca-config.json -profile=kubernetes server-csr.json | cfssljson -bare server
+popd
+python3 tsl_to_yaml.py
\ No newline at end of file
diff --git a/bm_mcc_mosk/utils/tsl_to_yaml.py b/bm_mcc_mosk/utils/tsl_to_yaml.py
new file mode 100644
index 0000000..d2c1292
--- /dev/null
+++ b/bm_mcc_mosk/utils/tsl_to_yaml.py
@@ -0,0 +1,67 @@
+import yaml
+
+secrets_template = {
+ 'apiVersion': 'v1',
+ 'kind': 'Secret',
+ 'metadata': {
+ 'name': 'osh-dev-hidden',
+ 'namespace': 'openstack',
+ 'labels': {
+ "openstack.lcm.mirantis.com/osdpl_secret": 'true'
+ }
+ },
+
+ 'type': 'Opaque',
+ 'stringData': {
+ "ca_cert": "",
+ "api_cert": "",
+ "api_key": ""
+ }
+}
+
+data_dict = {
+ 'kind': 'OpenStackDeploymentSecret',
+ 'metadata': {
+ 'name': 'mosk',
+ 'namespace': 'openstack'},
+ "spec": {
+ "features": {
+ "ssl": {
+ "public_endpoints": {
+ "ca_cert": {
+ "value_from": {
+ "secret_key_ref": {
+ "key": "ca_cert",
+ "name": "mosk_ssl_keys"}
+ }
+ },
+ "api_cert": {
+ "value_from": {
+ "secret_key_ref": {
+ "key": "api_cert", "name": "mosk_ssl_keys"}
+ }
+ },
+ "api_key": {
+ "value_from": {
+ "secret_key_ref": {
+ "key": "api_key",
+ "name": "mosk_ssl_keys"}
+ }
+ },
+ }
+ }
+ }
+ }
+
+}
+files = {"ca_cert": "/root/cert/ca.pem",
+ "api_cert": "/root/cert/server.pem",
+ "api_key": "/root/cert/server-key.pem"}
+for f, path in files.items():
+ with open(path, "r") as certfile:
+ secrets_template["stringData"][f] = certfile.read()
+
+out_file_path = "/root/child/osdpl-ssl-secrets.yaml"
+
+with open(out_file_path, "w") as f:
+ yaml.dump(secrets_template, f)
diff --git a/bm_mcc_mosk/utils/wipe_cluster.sh b/bm_mcc_mosk/utils/wipe_cluster.sh
new file mode 100644
index 0000000..d6b2d46
--- /dev/null
+++ b/bm_mcc_mosk/utils/wipe_cluster.sh
@@ -0,0 +1,117 @@
+#!/bin/bash
+
+while [ "$#" -gt 0 ]; do
+ case "$1" in
+ -n|--namespace) NAMESPACE="$2"; shift 2;;
+ -n=*|--namespace=*) NAMESPACE="${1#*=}"; shift 1;;
+
+ -c|--child-name) CHILD_NAME="$2"; shift 2;;
+ -c=*|--child-name=*) CHILD_NAME="${1#*=}"; shift 1;;
+
+ -f|--force) FORCE="true"; shift 1;;
+
+ --*|-*|*) echo "unknown option: $1"; help; exit 1;;
+ esac
+done
+
+
+function wait_threads() {
+ while [[ $(jobs -r -p | wc -l) -gt 0 ]]; do
+ sleep 0.1
+ done
+}
+
+function wait_threads_limit() {
+ local LIMIT=$1
+ while [[ $(jobs -r -p | wc -l) -ge $LIMIT ]]; do
+ sleep 0.1
+ done
+}
+
+#function k_patch() {
+# local TYPE=$1
+# local ITEM=$2
+# local PATCH=$3
+#
+# echo $TYPE
+# echo $ITEM
+# echo $PATCH
+# echo kubectl -n ${NAMESPACE} patch $TYPE $ITEM --type merge -p $PATCH 2>/dev/null
+#
+# kubectl -n ${NAMESPACE} patch $TYPE $ITEM --type merge -p $PATCH 2>/dev/null || true
+#}
+
+#function k_delete() {
+# local TYPE=$1
+# local ITEM=$2
+#
+# kubectl -n ${NAMESPACE} delete $TYPE $ITEM || true
+#}
+
+
+echo "= Cleanup env ${NAMESPACE}"
+
+BMH=$(kubectl -n ${NAMESPACE} get bmh -o json | jq '.items[].metadata.name' -r)
+for bmh in $BMH; do
+ if [[ $FORCE ]]; then
+ echo "= Path baremetalhost: $bmh"
+ kubectl -n ${NAMESPACE} patch bmh $bmh '{"spec": {"automatedCleaningMode": "disabled"}}' 2>/dev/null || true
+ fi
+done
+
+MACHINE=$(kubectl -n ${NAMESPACE} get machine -o json | jq '.items[].metadata.name' -r)
+for machine in $MACHINE; do
+ echo "= Delete machines: $machine"
+ if [[ $FORCE ]]; then
+ kubectl -n ${NAMESPACE} patch machine $machine --type merge -p '{"metadata": {"annotations": {"kaas.mirantis.com/validate": "false"}}}' 2>/dev/null || true
+ kubectl -n ${NAMESPACE} patch machine $machine --type merge -p '{"metadata": {"finalizers": null}}' 2>/dev/null || true
+ sleep 1
+ fi
+ kubectl -n ${NAMESPACE} delete machine $machine &
+ sleep 3 && kubectl -n ${NAMESPACE} patch machine $machine --type merge -p '{"metadata": {"finalizers": null}}' 2>/dev/null || true
+ wait_threads
+done
+
+for bmh in $BMH; do
+ echo "= Delete baremetalhost: $bmh"
+ if [[ $FORCE ]]; then
+ kubectl -n ${NAMESPACE} patch bmh $bmh --type merge -p '{"metadata": {"annotations": {"kaas.mirantis.com/validate": "false"}}}' 2>/dev/null || true
+ kubectl -n ${NAMESPACE} patch bmh $bmh --type merge -p '{"spec": {"consumerRef": null}}' 2>/dev/null || true
+ kubectl -n ${NAMESPACE} patch bmh $bmh --type merge -p '{"metadata": {"finalizers": null}}' 2>/dev/null || true
+ fi
+ kubectl -n ${NAMESPACE} delete bmh $bmh &
+ sleep 1 && kubectl -n ${NAMESPACE} patch bmh $bmh --type merge -p '{"metadata": {"finalizers": null}}' 2>/dev/null || true
+ wait_threads
+done
+
+SECRET=$(kubectl -n ${NAMESPACE} get secret -o json | jq '.items[].metadata.name' -r)
+for secret in $SECRET; do
+ echo "= Delete secret: $secret"
+ if [[ $FORCE ]]; then
+ kubectl -n ${NAMESPACE} patch secret $secret --type merge -p '{"metadata": {"annotations": {"kaas.mirantis.com/validate": "false"}}}' 2>/dev/null || true
+ kubectl -n ${NAMESPACE} patch secret $secret --type merge -p '{"metadata": {"finalizers": null}}' 2>/dev/null || true
+ fi
+ kubectl -n ${NAMESPACE} delete secret $secret &
+ sleep 1 && kubectl -n ${NAMESPACE} patch secret $secret --type merge -p '{"metadata": {"finalizers": null}}' 2>/dev/null || true
+ wait_threads
+done
+
+CLUSTER=$(kubectl -n ${NAMESPACE} get cluster -o json | jq '.items[].metadata.name' -r)
+for cluster in $CLUSTER; do
+ echo "= Delete cluster: $cl"
+ if [[ $FORCE ]]; then
+ kubectl -n ${NAMESPACE} patch cluster $cluster --type merge -p '{"metadata": {"annotations": {"kaas.mirantis.com/validate": "false"}}}' 2>/dev/null || true
+ kubectl -n ${NAMESPACE} patch cluster $cluster --type merge -p '{"metadata": {"finalizers": null}}' 2>/dev/null || true
+ fi
+ kubectl -n ${NAMESPACE} delete cluster $cluster || true
+done
+
+wait_threads
+
+echo "= Delete namespace: ${NAMESPACE}"
+kubectl delete ns ${NAMESPACE} || true
+kubectl -n kaas scale deployment/ironic --replicas=0
+sleep 10
+kubectl -n kaas scale deployment/ironic --replicas=1
+(kubectl api-resources --verbs=list --namespaced -o name | xargs -n 1 kubectl get --show-kind --ignore-not-found -n "${NAMESPACE}" ) || true
+echo "Done."
diff --git a/jobs/pipelines/mosk/deploy-bm.groovy b/jobs/pipelines/mosk/deploy-bm.groovy
new file mode 100644
index 0000000..9e2977e
--- /dev/null
+++ b/jobs/pipelines/mosk/deploy-bm.groovy
@@ -0,0 +1 @@
+// STUB FOR REPLAY TESTING
\ No newline at end of file
diff --git a/jobs/project.yaml b/jobs/project.yaml
index b922e0d..60ac4ca 100644
--- a/jobs/project.yaml
+++ b/jobs/project.yaml
@@ -19,6 +19,7 @@
- deploy_bm:
disabled: false
# trigger_time: H(40-59) 0 * * 1-5
+ - bm-mcc-mosk-base
- bm-cicd-pike-ovs-maas
- bm-cicd-queens-ovs-maas
- bm-cicd-queens-ovs-cl-maas
diff --git a/jobs/templates/bm-mcc-mosk-base.yml b/jobs/templates/bm-mcc-mosk-base.yml
new file mode 100644
index 0000000..66e758d
--- /dev/null
+++ b/jobs/templates/bm-mcc-mosk-base.yml
@@ -0,0 +1,62 @@
+- job-template:
+ project-type: pipeline
+ description: '{job-description}'
+ concurrent: true
+ disabled: false
+ name: bm-mcc-mosk-base
+ parameters:
+ - string:
+ default: sre-team-infra
+ description: ''
+ name: NODE_NAME
+ trim: 'false'
+ - string:
+ default: bm-cicd-queens-ovs-maas
+ description: ''
+ name: ENV_NAME
+ trim: 'false'
+ - string:
+ default: ''
+ description: |-
+ Example: refs/changes/89/411189/36
+ (for now - only one reference allowed)
+ name: TCP_QA_REFS
+ trim: 'false'
+ - string:
+ default: https://keystone.ic-eu.ssl.mirantis.net/v3
+ description: 'Openstack keystone catalog endpoint, for example https://10.90.0.80:5000/v3'
+ name: OS_AUTH_URL
+ trim: 'false'
+ - string:
+ default: sre-team
+ description: OpenStack project (tenant) name
+ name: OS_PROJECT_NAME
+ trim: 'false'
+ - string:
+ default: default
+ description: OpenStack user domain name
+ name: OS_USER_DOMAIN_NAME
+ trim: 'false'
+ - string:
+ default: sre-qa-ci-eu
+ description: Jenkins credentials ID with username and password to create a
+ heat stack in OpenStack
+ name: OS_CREDENTIALS
+ trim: 'false'
+ - text:
+ default: ''
+ description: |-
+ Add env vars for deploy and testing
+ name: EXTRA_VARS
+ trim: 'false'
+ pipeline-scm:
+ lightweight-checkout: false
+ scm:
+ - git:
+ branches:
+ - FETCH_HEAD
+ refspec: ${{TCP_QA_REFS}}
+ url: https://gerrit.mcp.mirantis.com/mcp/tcp-qa
+ script-path: jobs/pipelines/mosk/deploy-bm.groovy
+ logrotate:
+ daysToKeep: 365
diff --git a/jobs/view.yaml b/jobs/view.yaml
index 83f294f..1397b1c 100644
--- a/jobs/view.yaml
+++ b/jobs/view.yaml
@@ -91,6 +91,7 @@
filter-executors: true
filter-queue: true
job-name:
+ - bm-mcc-mosk-base
- deploy_bm
- bm-cicd-pike-ovs-maas
- bm-cicd-queens-ovs-maas