Init BM MCC+MOSK commit
Just put templates to the repo
MOSSUST-114
Change-Id: I2239dd7067d823d3ab15d1d46dc57fc2c7b9444b
diff --git a/bm_mcc_mosk/utils/tsl_gen.sh b/bm_mcc_mosk/utils/tsl_gen.sh
new file mode 100644
index 0000000..736c4de
--- /dev/null
+++ b/bm_mcc_mosk/utils/tsl_gen.sh
@@ -0,0 +1,62 @@
+set -e
+rm -rf /root/cert && mkdir -p /root/cert && pushd /root/cert
+
+tee ca-config.json << EOF
+{
+ "signing": {
+ "default": {
+ "expiry": "8760h"
+ },
+ "profiles": {
+ "kubernetes": {
+ "usages": [
+ "signing",
+ "key encipherment",
+ "server auth",
+ "client auth"
+ ],
+ "expiry": "8760h"
+ }
+ }
+ }
+}
+EOF
+
+tee ca-csr.json << EOF
+{
+ "CN": "kubernetes",
+ "key": {
+ "algo": "rsa",
+ "size": 2048
+ },
+ "names":[{
+ "C": "EU",
+ "ST": "CZ",
+ "L": "DC",
+ "O": "Mirantis",
+ "OU": "EU BM 2401"
+ }]
+}
+EOF
+
+tee server-csr.json << EOF
+{
+ "CN": "*.subdomain.team.sustaining",
+ "hosts": [
+ "*.subdomain.team.sustaining"
+ ],
+ "key": {
+ "algo": "rsa",
+ "size": 2048
+ },
+ "names": [ {
+ "C": "EU",
+ "L": "DC",
+ "ST": "CZ"
+ }]
+}
+EOF
+cfssl gencert -initca ca-csr.json | cfssljson -bare ca
+cfssl gencert -ca=ca.pem -ca-key=ca-key.pem --config=ca-config.json -profile=kubernetes server-csr.json | cfssljson -bare server
+popd
+python3 tsl_to_yaml.py
\ No newline at end of file
diff --git a/bm_mcc_mosk/utils/tsl_to_yaml.py b/bm_mcc_mosk/utils/tsl_to_yaml.py
new file mode 100644
index 0000000..d2c1292
--- /dev/null
+++ b/bm_mcc_mosk/utils/tsl_to_yaml.py
@@ -0,0 +1,67 @@
+import yaml
+
+secrets_template = {
+ 'apiVersion': 'v1',
+ 'kind': 'Secret',
+ 'metadata': {
+ 'name': 'osh-dev-hidden',
+ 'namespace': 'openstack',
+ 'labels': {
+ "openstack.lcm.mirantis.com/osdpl_secret": 'true'
+ }
+ },
+
+ 'type': 'Opaque',
+ 'stringData': {
+ "ca_cert": "",
+ "api_cert": "",
+ "api_key": ""
+ }
+}
+
+data_dict = {
+ 'kind': 'OpenStackDeploymentSecret',
+ 'metadata': {
+ 'name': 'mosk',
+ 'namespace': 'openstack'},
+ "spec": {
+ "features": {
+ "ssl": {
+ "public_endpoints": {
+ "ca_cert": {
+ "value_from": {
+ "secret_key_ref": {
+ "key": "ca_cert",
+ "name": "mosk_ssl_keys"}
+ }
+ },
+ "api_cert": {
+ "value_from": {
+ "secret_key_ref": {
+ "key": "api_cert", "name": "mosk_ssl_keys"}
+ }
+ },
+ "api_key": {
+ "value_from": {
+ "secret_key_ref": {
+ "key": "api_key",
+ "name": "mosk_ssl_keys"}
+ }
+ },
+ }
+ }
+ }
+ }
+
+}
+files = {"ca_cert": "/root/cert/ca.pem",
+ "api_cert": "/root/cert/server.pem",
+ "api_key": "/root/cert/server-key.pem"}
+for f, path in files.items():
+ with open(path, "r") as certfile:
+ secrets_template["stringData"][f] = certfile.read()
+
+out_file_path = "/root/child/osdpl-ssl-secrets.yaml"
+
+with open(out_file_path, "w") as f:
+ yaml.dump(secrets_template, f)
diff --git a/bm_mcc_mosk/utils/wipe_cluster.sh b/bm_mcc_mosk/utils/wipe_cluster.sh
new file mode 100644
index 0000000..d6b2d46
--- /dev/null
+++ b/bm_mcc_mosk/utils/wipe_cluster.sh
@@ -0,0 +1,117 @@
+#!/bin/bash
+
+while [ "$#" -gt 0 ]; do
+ case "$1" in
+ -n|--namespace) NAMESPACE="$2"; shift 2;;
+ -n=*|--namespace=*) NAMESPACE="${1#*=}"; shift 1;;
+
+ -c|--child-name) CHILD_NAME="$2"; shift 2;;
+ -c=*|--child-name=*) CHILD_NAME="${1#*=}"; shift 1;;
+
+ -f|--force) FORCE="true"; shift 1;;
+
+ --*|-*|*) echo "unknown option: $1"; help; exit 1;;
+ esac
+done
+
+
+function wait_threads() {
+ while [[ $(jobs -r -p | wc -l) -gt 0 ]]; do
+ sleep 0.1
+ done
+}
+
+function wait_threads_limit() {
+ local LIMIT=$1
+ while [[ $(jobs -r -p | wc -l) -ge $LIMIT ]]; do
+ sleep 0.1
+ done
+}
+
+#function k_patch() {
+# local TYPE=$1
+# local ITEM=$2
+# local PATCH=$3
+#
+# echo $TYPE
+# echo $ITEM
+# echo $PATCH
+# echo kubectl -n ${NAMESPACE} patch $TYPE $ITEM --type merge -p $PATCH 2>/dev/null
+#
+# kubectl -n ${NAMESPACE} patch $TYPE $ITEM --type merge -p $PATCH 2>/dev/null || true
+#}
+
+#function k_delete() {
+# local TYPE=$1
+# local ITEM=$2
+#
+# kubectl -n ${NAMESPACE} delete $TYPE $ITEM || true
+#}
+
+
+echo "= Cleanup env ${NAMESPACE}"
+
+BMH=$(kubectl -n ${NAMESPACE} get bmh -o json | jq '.items[].metadata.name' -r)
+for bmh in $BMH; do
+ if [[ $FORCE ]]; then
+ echo "= Path baremetalhost: $bmh"
+ kubectl -n ${NAMESPACE} patch bmh $bmh '{"spec": {"automatedCleaningMode": "disabled"}}' 2>/dev/null || true
+ fi
+done
+
+MACHINE=$(kubectl -n ${NAMESPACE} get machine -o json | jq '.items[].metadata.name' -r)
+for machine in $MACHINE; do
+ echo "= Delete machines: $machine"
+ if [[ $FORCE ]]; then
+ kubectl -n ${NAMESPACE} patch machine $machine --type merge -p '{"metadata": {"annotations": {"kaas.mirantis.com/validate": "false"}}}' 2>/dev/null || true
+ kubectl -n ${NAMESPACE} patch machine $machine --type merge -p '{"metadata": {"finalizers": null}}' 2>/dev/null || true
+ sleep 1
+ fi
+ kubectl -n ${NAMESPACE} delete machine $machine &
+ sleep 3 && kubectl -n ${NAMESPACE} patch machine $machine --type merge -p '{"metadata": {"finalizers": null}}' 2>/dev/null || true
+ wait_threads
+done
+
+for bmh in $BMH; do
+ echo "= Delete baremetalhost: $bmh"
+ if [[ $FORCE ]]; then
+ kubectl -n ${NAMESPACE} patch bmh $bmh --type merge -p '{"metadata": {"annotations": {"kaas.mirantis.com/validate": "false"}}}' 2>/dev/null || true
+ kubectl -n ${NAMESPACE} patch bmh $bmh --type merge -p '{"spec": {"consumerRef": null}}' 2>/dev/null || true
+ kubectl -n ${NAMESPACE} patch bmh $bmh --type merge -p '{"metadata": {"finalizers": null}}' 2>/dev/null || true
+ fi
+ kubectl -n ${NAMESPACE} delete bmh $bmh &
+ sleep 1 && kubectl -n ${NAMESPACE} patch bmh $bmh --type merge -p '{"metadata": {"finalizers": null}}' 2>/dev/null || true
+ wait_threads
+done
+
+SECRET=$(kubectl -n ${NAMESPACE} get secret -o json | jq '.items[].metadata.name' -r)
+for secret in $SECRET; do
+ echo "= Delete secret: $secret"
+ if [[ $FORCE ]]; then
+ kubectl -n ${NAMESPACE} patch secret $secret --type merge -p '{"metadata": {"annotations": {"kaas.mirantis.com/validate": "false"}}}' 2>/dev/null || true
+ kubectl -n ${NAMESPACE} patch secret $secret --type merge -p '{"metadata": {"finalizers": null}}' 2>/dev/null || true
+ fi
+ kubectl -n ${NAMESPACE} delete secret $secret &
+ sleep 1 && kubectl -n ${NAMESPACE} patch secret $secret --type merge -p '{"metadata": {"finalizers": null}}' 2>/dev/null || true
+ wait_threads
+done
+
+CLUSTER=$(kubectl -n ${NAMESPACE} get cluster -o json | jq '.items[].metadata.name' -r)
+for cluster in $CLUSTER; do
+ echo "= Delete cluster: $cl"
+ if [[ $FORCE ]]; then
+ kubectl -n ${NAMESPACE} patch cluster $cluster --type merge -p '{"metadata": {"annotations": {"kaas.mirantis.com/validate": "false"}}}' 2>/dev/null || true
+ kubectl -n ${NAMESPACE} patch cluster $cluster --type merge -p '{"metadata": {"finalizers": null}}' 2>/dev/null || true
+ fi
+ kubectl -n ${NAMESPACE} delete cluster $cluster || true
+done
+
+wait_threads
+
+echo "= Delete namespace: ${NAMESPACE}"
+kubectl delete ns ${NAMESPACE} || true
+kubectl -n kaas scale deployment/ironic --replicas=0
+sleep 10
+kubectl -n kaas scale deployment/ironic --replicas=1
+(kubectl api-resources --verbs=list --namespaced -o name | xargs -n 1 kubectl get --show-kind --ignore-not-found -n "${NAMESPACE}" ) || true
+echo "Done."