Update BM MOSK pipeline and templates
MOSSUST-114
Change-Id: Iff949ee6ee52448f8ac2bd729ee90baaec7da410
diff --git a/bm_mcc_mosk/child/cluster/cluster.yaml b/bm_mcc_mosk/child/cluster/cluster.yaml
index 3b13a8f..c4d0949 100644
--- a/bm_mcc_mosk/child/cluster/cluster.yaml
+++ b/bm_mcc_mosk/child/cluster/cluster.yaml
@@ -26,6 +26,7 @@
publicKeys:
- name: vkhlyunev
- name: maintenance-ci-robot
+ - name: maintenance-ci-robot-v2
- name: pglazov
- name: dmeltsaykin
- name: rlubianyi
diff --git a/bm_mcc_mosk/child/cluster/ssh_pubkeys.yaml b/bm_mcc_mosk/child/cluster/ssh_pubkeys.yaml
index 781cf11..b8feb57 100644
--- a/bm_mcc_mosk/child/cluster/ssh_pubkeys.yaml
+++ b/bm_mcc_mosk/child/cluster/ssh_pubkeys.yaml
@@ -44,3 +44,12 @@
publicKey: |
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqfNIy3WuxzRzOY/GBNGOnP5UrCFWZ8uMzW6hEl4wgIEYYIcv8o+C1/hvrfHimG/I/rAwYRS6Dx0bZ7m49zATNxe+EVer3BV63ru34Hzel/XxxyD34ULmrDgvP3olaAKFI17gVOFQ7hCBzDRp3s4YN3ojQspPyeiO+Jt8OwVomxJWgLauAHhl7Z/XPVHpT/fssJGG/eC4oOz4RZ4jAk0BH3Yl8s63grfwrgB79H/+nr0UvBdTkBn3T5WiC4gxnm+jQQwci7/BLQsg1Z3OykfTuyftIexNyVVy/SmdsGi37RJGFKRMMovoZx+261JgaHWBoHqBJa5UpV2usi9z3Py2z avgoor@MacBook-Pro-Denis.local
---
+apiVersion: kaas.mirantis.com/v1alpha1
+kind: PublicKey
+metadata:
+ name: maintenance-ci-robot-v2 #???
+ namespace: mosk
+spec:
+ publicKey: |
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDjL5X8RdcYhxsd6j43p5Clk8hzq/IjfRvekD+xPy6DhD2kyKTnAR1FjtTeFtH1mC+lD+nUnswR1A5dR+5eHemKxz0IkWuDeL8+YdMpOy+bbQyA+tlTukGriPcIUCHOxn7u2u4zV4a+AcZha5obR1zv91nkGaWAfbjDHTl2f4IB3Rx3rJwd/3r7ge1MA0qIRqr1k+FY99477zd+nbYVP8n84+uY7DoaFHtzEWTXqc2CwdEO+5uzMzdWWRUwU1vwe4Ac9i1NtsA33pa1VVMKny2S2k2JcvNpkKDo7x4ezH2fOuHiDTOk4CqUjg7TlpsdMbT8ugj5YE8H/O3Kh25t3Fkn maintenance-ci-robot
+---
diff --git a/bm_mcc_mosk/child/cluster/subnets.yaml b/bm_mcc_mosk/child/cluster/subnets.yaml
index 15e3905..cd8bb1e 100644
--- a/bm_mcc_mosk/child/cluster/subnets.yaml
+++ b/bm_mcc_mosk/child/cluster/subnets.yaml
@@ -65,4 +65,4 @@
spec:
cidr: 10.12.1.0/24
includeRanges:
- - 10.12.1.5-10.12.1.250
\ No newline at end of file
+ - 10.12.1.5-10.12.1.250
diff --git a/bm_mcc_mosk/child/kaas_workloads/os-dpl.yaml b/bm_mcc_mosk/child/kaas_workloads/osdpl.yaml
similarity index 100%
rename from bm_mcc_mosk/child/kaas_workloads/os-dpl.yaml
rename to bm_mcc_mosk/child/kaas_workloads/osdpl.yaml
diff --git a/bm_mcc_mosk/kaas-mgmt/cluster.yaml b/bm_mcc_mosk/kaas-mgmt/cluster.yaml
index 1005e29..05e45a0 100644
--- a/bm_mcc_mosk/kaas-mgmt/cluster.yaml
+++ b/bm_mcc_mosk/kaas-mgmt/cluster.yaml
@@ -1,49 +1,4 @@
---
-apiVersion: kaas.mirantis.com/v1alpha1
-kind: PublicKey
-metadata:
- name: vkhlyunev
- namespace: default
-spec:
- publicKey: |
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDeGiSOs0zAwcxuc9y6BzidYFXQXLOLcBKSoW1tPYJ+bVGRwNRVh63/+/X+eOPbBp6xTNNHVyOpYHt1WUbIHsAqAx/XbzBp+j3/4+8+ucvWR3X9TTxK7Q+oB3SSy2iEeimiJmxfjiHu1hfcgN8L9YvXVquGC/EZbk/r27j7Gcxli7zesr9/kBBhigDSQeehJBJZ0ux3luVkjWSDYTeKqZhNNPFoD6eWmOfsAKNMhe/8IRD9e0zY4MsELi1tZl2zoQ69249e4M1aCuGxm+t+tHLzywX0tVZmM1yX7TDuszHbiii8HrjNwB1/K80HRwRrwVIne9P7wFSlC2exLkdfWd2D
----
-apiVersion: kaas.mirantis.com/v1alpha1
-kind: PublicKey
-metadata:
- name: maintenance-ci-robot
- namespace: default
-spec:
- publicKey: |
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDci6MBY68s3FJ9V1OP5vdtVo/daJnkNXCPSPYbCX8/d0E3UJKgE81YvsxfuKp3r1rUNwTuGnkq+VUWcbIgpQNy69OuKxQkoGsRgYTA8n4ZZcuWz+dVenP90xLYHcnyACg63HUVEp5foLvu1WzOdH2A4bHmsl0ePM5IdnFyToHj+Nhwz1NSvbK1OkQHoEcIbkbIkIa/kWY2mgEIIUgb9YmaCI96eiVtQpFPQ4k7hpdrUAkG4e0jT8JA3zQoB++S12p0d0K3SQtJ3+YATUm+rKnHchHZ/uEAgBgoOLiu99p7Aiie76jlGxZp8A/hPqU/zS61z7ER4lJeyR/pXh53Ja+1 maintenance-ci
----
-apiVersion: kaas.mirantis.com/v1alpha1
-kind: PublicKey
-metadata:
- name: rlubianyi
- namespace: default
-spec:
- publicKey: |
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXWwy6p3t4AGvaCtFDJxqKZiPDotJnbu2IKg2p7sl7YXQw+APLKk9maHyUehQQuGzidgBZpmBOMAXENcO1FGFj56cnp4W9tldTiRq1bWcUMq42wfNwIToP6dAXj5ZyhL+UZj1GsCThSasDhFe4Xife0cn69KHJqtmahApQK6D7tpZr2UNDYNWh/2JIrUOcJXZU+BqNg7zm1KNb6e9lKXL6KLDeaCiQ0bj+L/unqepLdg26eO7AQSZ/rt2qAnbfcquozECtDhT4cbK8q9xJODlJQ3eQGOgTH3m8jGijL+3UdPFUzbo4KwSK4V9FmB711HVBCQM4nlH9zumIUSxutnkd rlubianyi@rlubianyi-pc
----
-apiVersion: kaas.mirantis.com/v1alpha1
-kind: PublicKey
-metadata:
- name: pglazov
- namespace: default
-spec:
- publicKey: |
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhZxqF+NSuP+Dr2nmGHf4NIpH2xWSmq+UE/HGP6j81rKSBZeRb2SuRXLtLVh3NZ+3GLa4UQGvedcnsqzgvSt05LYujloHnLxIsrsOWbLxOcdUYkorhXenGKBxKopwViRNV2PovMAnwyZ27GkXH8RQ52XISOdTIIV7r8M3kLpxCor2jHnOzJOcr7rhLeSFTK5zw6//T3S+IOQ5/HEs+8NK1sNw2lxBTuk+dAydiaCsQqm4GMl5vZSy0j7cnsy+lq69zN2/Bi4JzKLDKF2ap4zDh/ELhUBoQhh12T0djFV9Qv9fTWI4LUW8cVyqxbfreJrZqSAyMgSRrGSUBclFTmn5Z pavel@pavel-All-Series
----
-apiVersion: kaas.mirantis.com/v1alpha1
-kind: PublicKey
-metadata:
- name: dmeltsaykin
- namespace: default
-spec:
- publicKey: |
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqfNIy3WuxzRzOY/GBNGOnP5UrCFWZ8uMzW6hEl4wgIEYYIcv8o+C1/hvrfHimG/I/rAwYRS6Dx0bZ7m49zATNxe+EVer3BV63ru34Hzel/XxxyD34ULmrDgvP3olaAKFI17gVOFQ7hCBzDRp3s4YN3ojQspPyeiO+Jt8OwVomxJWgLauAHhl7Z/XPVHpT/fssJGG/eC4oOz4RZ4jAk0BH3Yl8s63grfwrgB79H/+nr0UvBdTkBn3T5WiC4gxnm+jQQwci7/BLQsg1Z3OykfTuyftIexNyVVy/SmdsGi37RJGFKRMMovoZx+261JgaHWBoHqBJa5UpV2usi9z3Py2z avgoor@MacBook-Pro-Denis.local
----
apiVersion: cluster.k8s.io/v1alpha1
kind: Cluster
metadata:
@@ -66,12 +21,6 @@
apiVersion: baremetal.k8s.io/v1alpha1
dedicatedControlPlane: false
dedicatedMetallbPools: true
- publicKeys:
- - name: vkhlyunev
- - name: maintenance-ci-robot
- - name: pglazov
- - name: dmeltsaykin
- - name: rlubianyi
loadBalancerHost: ""
dnsNameservers:
- 172.18.176.6
diff --git a/bm_mcc_mosk/mcc_seed_2401.yaml b/bm_mcc_mosk/mcc_seed_2401.yaml
index 68f8d54..fa01aaa 100644
--- a/bm_mcc_mosk/mcc_seed_2401.yaml
+++ b/bm_mcc_mosk/mcc_seed_2401.yaml
@@ -15,7 +15,7 @@
seed_subnet_cidr:
type: string
default: 172.16.180.0/23
- seed_net_dhcp:
+ seed_subnet_dhcp:
type: boolean
default: false
seed_subnet_pool_start:
@@ -30,11 +30,12 @@
flavor:
type: string
default: kaas.medium
- seed_seed_instance_name:
+ seed_instance_name:
type: string
- default: kaas_test
+ default: mcc-mosk
key_pair:
type: string
+# default: vkhlyunev
default: system-key-8133
seed_instance_domain:
type: string
@@ -48,6 +49,8 @@
instance_boot_timeout:
type: number
default: 600
+ env_name:
+ type: string
resources:
instance_wait_handle:
@@ -55,7 +58,7 @@
instance_wait_condition:
type: OS::Heat::WaitCondition
- depends_on: kaas_instance
+ depends_on: seed_instance
properties:
handle: { get_resource: instance_wait_handle }
timeout: { get_param: instance_boot_timeout }
@@ -101,3 +104,8 @@
$wait_condition_notify: { get_attr: [ instance_wait_handle, curl_cli ] }
$os_az: { get_param: availability_zone }
$nameservers: { get_param: nameservers }
+
+outputs:
+ seed_ext_ip:
+ description: IP for ssh access
+ value: { get_param: seed_subnet_cfg01_ip }
diff --git a/bm_mcc_mosk/mcc_seed_2401_userdata.yaml b/bm_mcc_mosk/mcc_seed_2401_userdata.yaml
index 06eb55f..22b3fc3 100644
--- a/bm_mcc_mosk/mcc_seed_2401_userdata.yaml
+++ b/bm_mcc_mosk/mcc_seed_2401_userdata.yaml
@@ -128,6 +128,7 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXWwy6p3t4AGvaCtFDJxqKZiPDotJnbu2IKg2p7sl7YXQw+APLKk9maHyUehQQuGzidgBZpmBOMAXENcO1FGFj56cnp4W9tldTiRq1bWcUMq42wfNwIToP6dAXj5ZyhL+UZj1GsCThSasDhFe4Xife0cn69KHJqtmahApQK6D7tpZr2UNDYNWh/2JIrUOcJXZU+BqNg7zm1KNb6e9lKXL6KLDeaCiQ0bj+L/unqepLdg26eO7AQSZ/rt2qAnbfcquozECtDhT4cbK8q9xJODlJQ3eQGOgTH3m8jGijL+3UdPFUzbo4KwSK4V9FmB711HVBCQM4nlH9zumIUSxutnkd rlubianyi@rlubianyi-pc
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhZxqF+NSuP+Dr2nmGHf4NIpH2xWSmq+UE/HGP6j81rKSBZeRb2SuRXLtLVh3NZ+3GLa4UQGvedcnsqzgvSt05LYujloHnLxIsrsOWbLxOcdUYkorhXenGKBxKopwViRNV2PovMAnwyZ27GkXH8RQ52XISOdTIIV7r8M3kLpxCor2jHnOzJOcr7rhLeSFTK5zw6//T3S+IOQ5/HEs+8NK1sNw2lxBTuk+dAydiaCsQqm4GMl5vZSy0j7cnsy+lq69zN2/Bi4JzKLDKF2ap4zDh/ELhUBoQhh12T0djFV9Qv9fTWI4LUW8cVyqxbfreJrZqSAyMgSRrGSUBclFTmn5Z pavel@pavel-All-Series
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqfNIy3WuxzRzOY/GBNGOnP5UrCFWZ8uMzW6hEl4wgIEYYIcv8o+C1/hvrfHimG/I/rAwYRS6Dx0bZ7m49zATNxe+EVer3BV63ru34Hzel/XxxyD34ULmrDgvP3olaAKFI17gVOFQ7hCBzDRp3s4YN3ojQspPyeiO+Jt8OwVomxJWgLauAHhl7Z/XPVHpT/fssJGG/eC4oOz4RZ4jAk0BH3Yl8s63grfwrgB79H/+nr0UvBdTkBn3T5WiC4gxnm+jQQwci7/BLQsg1Z3OykfTuyftIexNyVVy/SmdsGi37RJGFKRMMovoZx+261JgaHWBoHqBJa5UpV2usi9z3Py2z avgoor@MacBook-Pro-Denis.local
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDjL5X8RdcYhxsd6j43p5Clk8hzq/IjfRvekD+xPy6DhD2kyKTnAR1FjtTeFtH1mC+lD+nUnswR1A5dR+5eHemKxz0IkWuDeL8+YdMpOy+bbQyA+tlTukGriPcIUCHOxn7u2u4zV4a+AcZha5obR1zv91nkGaWAfbjDHTl2f4IB3Rx3rJwd/3r7ge1MA0qIRqr1k+FY99477zd+nbYVP8n84+uY7DoaFHtzEWTXqc2CwdEO+5uzMzdWWRUwU1vwe4Ac9i1NtsA33pa1VVMKny2S2k2JcvNpkKDo7x4ezH2fOuHiDTOk4CqUjg7TlpsdMbT8ugj5YE8H/O3Kh25t3Fkn maintenance-ci-robot
- path: /etc/bash_completion.d/kaas
content: |
@@ -169,30 +170,30 @@
parameters:
forward-delay: 4
stp: false
- - path: /root/do_deploy.sh
+ - path: /root/do_deploy_mcc_mgmt.sh
content: |
set -e
source /root/env_vars.sh
- while [ ! -d /root/templates ] ; do sleep 4 ; done
+ while [ ! -d "${OUT_DIR}" ] ; do sleep 4 ; done
[[ "$(sed -n 693p /root/kaas-bootstrap/bootstrap.sh)" -eq "configure" ]] && sed -i "693d" /root/kaas-bootstrap/bootstrap.sh
/root/kaas-bootstrap/bootstrap.sh all
export KUBECONFIG=/root/kubeconfig
echo r00tme | /root/kaas-bootstrap/container-cloud bootstrap user add --username root --roles global-admin,management-admin,reader,writer,operator --kubeconfig kubeconfig --password-stdin
- - path: /root/do_child.sh
+ - path: /root/do_deploy_child.sh
content: |
set -e
- while [ ! -d /root/child/templates ] ; do echo 'no child templates!' ; sleep 4 ; done
+ while [ ! -d /root/bm_mcc_mosk/child/cluster ] ; do echo 'no child templates!' ; sleep 4 ; done
export KUBECONFIG=/root/kubeconfig
- kubectl apply -f /root/child/templates/project.yaml
- sleep 2 && kubectl -n mosk apply -f /root/child/templates/ssh_pubkeys.yaml
- sleep 2 && kubectl -n mosk apply -f /root/child/templates/cluster.yaml
- sleep 2 && kubectl -n mosk apply -f /root/child/templates/baremetalhosts.yaml
- sleep 2 && kubectl -n mosk apply -f /root/child/templates/baremetalhostprofiles.yaml
- sleep 2 && kubectl -n mosk apply -f /root/child/templates/subnets.yaml
- sleep 2 && kubectl -n mosk apply -f /root/child/templates/l2_templates.yaml
- sleep 2 && kubectl -n mosk apply -f /root/child/templates/metallbconfig.yaml
- sleep 2 && kubectl -n mosk apply -f /root/child/templates/machines.yaml
- sleep 2 && kubectl -n mosk apply -f /root/child/templates/kaascephcluster.yaml
+ /root/kaas-bootstrap/bin/kubectl apply -f /root/bm_mcc_mosk/child/cluster/project.yaml
+ sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/ssh_pubkeys.yaml
+ sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/cluster.yaml
+ sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/baremetalhosts.yaml
+ sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/baremetalhostprofiles.yaml
+ sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/subnets.yaml
+ sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/l2_templates.yaml
+ sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/metallbconfig.yaml
+ sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/machines.yaml
+ sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/kaascephcluster.yaml
- path: /etc/udev/rules.d/60-ssd-scheduler.rules
content: |
@@ -205,10 +206,11 @@
export KAAS_BM_PXE_MASK="23"
export KAAS_BM_PXE_BRIDGE="br0"
export CLUSTER_NAME=kaas-mgmt
- export OUT_DIR=/root/templates
+ export OUT_DIR=/root/bm_mcc_mosk/kaas-mgmt/
+ export KAAS_BOOTSTRAP_INFINITE_TIMEOUT=true
- path: /root/get_child_kubeconfig.sh
content: |
- /root/kaas-bootstrap/bin/kubectl --kubeconfig /root/kubeconfig -n mosk get secrets mosk-kubeconfig -o jsonpath='{.data.admin\.conf}' | base64 -d | sed 's/:5443/:443/g' | tee /root/child.kubeconfig
+ /root/kaas-bootstrap/bin/kubectl --kubeconfig /root/kubeconfig -n mosk get secrets mosk-kubeconfig -o jsonpath='{.data.admin\.conf}' | base64 -d | sed 's/:5443/:443/g' > /root/child.kubeconfig
export KUBECONFIG=/root/child.kubeconfig
- path: /root/mirantis.lic
content: |
diff --git a/bm_mcc_mosk/utils/tsl_gen.sh b/bm_mcc_mosk/utils/tsl_gen.sh
index 736c4de..41af942 100644
--- a/bm_mcc_mosk/utils/tsl_gen.sh
+++ b/bm_mcc_mosk/utils/tsl_gen.sh
@@ -59,4 +59,4 @@
cfssl gencert -initca ca-csr.json | cfssljson -bare ca
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem --config=ca-config.json -profile=kubernetes server-csr.json | cfssljson -bare server
popd
-python3 tsl_to_yaml.py
\ No newline at end of file
+python3 /root/bm_mcc_mosk/utils/tsl_to_yaml.py
\ No newline at end of file
diff --git a/bm_mcc_mosk/utils/tsl_to_yaml.py b/bm_mcc_mosk/utils/tsl_to_yaml.py
index d2c1292..8c3b416 100644
--- a/bm_mcc_mosk/utils/tsl_to_yaml.py
+++ b/bm_mcc_mosk/utils/tsl_to_yaml.py
@@ -61,7 +61,7 @@
with open(path, "r") as certfile:
secrets_template["stringData"][f] = certfile.read()
-out_file_path = "/root/child/osdpl-ssl-secrets.yaml"
+out_file_path = "/root/bm_mcc_mosk/child/kaas_workloads/osdpl-ssl-secrets.yaml"
with open(out_file_path, "w") as f:
yaml.dump(secrets_template, f)
diff --git a/bm_mcc_mosk/utils/update_kube_dns_conf.py b/bm_mcc_mosk/utils/update_kube_dns_conf.py
new file mode 100644
index 0000000..3658a21
--- /dev/null
+++ b/bm_mcc_mosk/utils/update_kube_dns_conf.py
@@ -0,0 +1,20 @@
+import sys
+import yaml
+
+assert len(sys.argv) > 1
+internal_ip = sys.argv[1]
+domain = "subdomain.team.sustaining"
+template = """
+{domain}:53 {{
+ errors
+ cache 30
+ forward . {internal_ip}
+}}"""
+with open("/root/coredns.conf", "r") as f:
+ content = yaml.safe_load(f)
+content['data']['Corefile'] += template.format(
+ domain=domain, internal_ip=internal_ip)
+
+out_file_path = "/root/coredns.patched.conf"
+with open(out_file_path, "w") as f:
+ yaml.safe_dump(content, f)