bm_mcc_mosk/mcc_seed_2401_userdata.yaml

#cloud-config
output : { all : '| tee -a /var/log/cloud-init-output.log' }

ssh_pwauth: True

disable_root: false
chpasswd:
  list: |
    ubuntu:qalab
    root:r00tme
  expire: False

ntp:
  enabled: true
  servers:
    - 0.pool.ntp.org
    - 1.pool.ntp.org
    - 2.pool.ntp.org
    - 3.pool.ntp.org

# this would disable apt:submodule to refresh already overwritten (below) sources.list.
apt:
  preserve_sources_list: true
package_update: false
package_upgrade: false
package_reboot_if_required: false

instance_boot:
  - &instance_boot |
    service="apt-daily-upgrade.service apt-daily.service apt-daily-upgrade.timer apt-daily.timer
    kerneloops snapd snapd.socket cups-browsed.service cups apport.service apport-forward.socket motd-news.service motd-news.timer unattended-upgrades.service
    ua-messaging.timer  ua-messaging.service  ua-timer.timer"
    for r in ${service} ; do
    systemctl disable ${r} || true
    systemctl mask ${r} || true
    systemctl stop ${r} || true
    done

    export DEBIAN_FRONTEND=noninteractive
    export DEBCONF_NONINTERACTIVE_SEEN=true
    APT_OPTS="-o APT::Install-Suggests=0 -o APT::Install-Recommends=0 -o Dpkg::Options::=--force-confold -o Dpkg::Options::=--force-confdef"
    apt-get ${APT_OPTS} -y remove --purge unattended-upgrades || true

    function wait_condition_send() {
      local status=${1:-SUCCESS}
      local reason=${2:-empty}
      local data_binary="{\"status\": \"$status\", \"reason\": \"$reason\"}"
      echo "Sending signal to wait condition: $data_binary"
      $wait_condition_notify -k --data-binary "$data_binary"
      if [ "$status" == "FAILURE" ]; then
        exit 1
      fi
    }

    # Re-pin repo, just to cleanup src\and etc metadata download
    source /etc/lsb-release
    cat << EOF > /etc/apt/sources.list
    deb [arch=amd64] https://mirror.mirantis.com/nightly/ubuntu/ ${DISTRIB_CODENAME} main restricted universe
    deb [arch=amd64] https://mirror.mirantis.com/nightly/ubuntu/ ${DISTRIB_CODENAME}-updates main restricted universe
    EOF

    # Remove 50command-not-found and update cache
    rm -f /etc/apt/apt.conf.d/50command-not-found
    apt-get update

    if [[ -n "$hack_tuning_enabled" ]]; then
      echo "Add dirty hacks in system"
      sysctl -w vm.dirty_ratio=40
      sysctl -w vm.dirty_background_ratio=20
      echo 0 > /sys/block/vda/queue/rotational || true
      echo 32768 > /sys/block/vda/queue/read_ahead_kb || true
      GRUB_CMDLINE_LINUX_DEFAULT="console=tty1 console=ttyS0 noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off tsx=on tsx_async_abort=off mitigations=off"
      if ! [[ $(cat /proc/cmdline) =~ $GRUB_CMDLINE_LINUX_DEFAULT ]]; then
        echo "Update mount options for / partition"
        sed -i '/rootfs/s/defaults\t/rw,noatime,nodiratime,lazytime,nobarrier,commit=240,data=ordered\t/' /etc/fstab
        echo "Update kernel cmdline in grub and reboot"
        echo "GRUB_CMDLINE_LINUX_DEFAULT=\"${GRUB_CMDLINE_LINUX_DEFAULT}\"" > /etc/default/grub.d/60-make-linux-fast-again.cfg
        update-grub2
        cloud-init clean --reboot # clean cloud-init cache and reboot so it emulates first boot
      fi
    fi

    netplan --debug apply
    # NOTE(vsaienko): the netplan apply is asyncronous, there is no guarantee
    # that changes are applied when command exited. Pause some time to make
    # sure we call next check when network is reconfigured.
    sleep 15

    echo "Checking connectivity to mirror.mirantis.com"
    wait_time=0
    until $( timeout 30s curl -s mirror.mirantis.com >> /dev/null ); do
      if [[ $wait_time -gt 5 ]]; then
        echo "FAILURE: unable to access mirror.mirantis.com (network check)"
        wait_condition_send "FAILURE" "mirror.mirantis.com is unreachable"
        exit 1
      fi
      sleep $(( 3 * wait_time++ ))
    done
    
    echo "Configuring regional user for clean-seed scenarios"
    sudo groupadd docker
    sudo groupadd regional
    sudo useradd -g regional -G users,admin,docker -s /bin/bash -m regional
    echo -e "\nregional ALL=(ALL) NOPASSWD: ALL\n" | sudo tee -a /etc/sudoers
    sudo mkdir -p /home/regional/.ssh
    sudo cp /home/ubuntu/.ssh/authorized_keys /home/regional/.ssh/authorized_keys
    sudo chmod 600 /home/regional/.ssh/authorized_keys
    sudo chown -R regional:regional /home/regional
    apt-get ${APT_OPTS} -y install bridge-utils docker.io ipmitool wget golang-cfssl jq
    usermod -aG docker ubuntu
    cd /root/
    wget https://binary.mirantis.com/releases/get_container_cloud.sh
    chmod 0755 get_container_cloud.sh
    ./get_container_cloud.sh
    cp /root/mirantis.lic kaas-bootstrap/

    echo "Sending wait_condition signal"
    wait_condition_send "SUCCESS" "Instance is UP and running"

runcmd:
  - [bash, -cex, *instance_boot]

write_files:
  - path: /root/.ssh/authorized_keys
    content: |
        ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDeGiSOs0zAwcxuc9y6BzidYFXQXLOLcBKSoW1tPYJ+bVGRwNRVh63/+/X+eOPbBp6xTNNHVyOpYHt1WUbIHsAqAx/XbzBp+j3/4+8+ucvWR3X9TTxK7Q+oB3SSy2iEeimiJmxfjiHu1hfcgN8L9YvXVquGC/EZbk/r27j7Gcxli7zesr9/kBBhigDSQeehJBJZ0ux3luVkjWSDYTeKqZhNNPFoD6eWmOfsAKNMhe/8IRD9e0zY4MsELi1tZl2zoQ69249e4M1aCuGxm+t+tHLzywX0tVZmM1yX7TDuszHbiii8HrjNwB1/K80HRwRrwVIne9P7wFSlC2exLkdfWd2D vkhlyunev
        ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDci6MBY68s3FJ9V1OP5vdtVo/daJnkNXCPSPYbCX8/d0E3UJKgE81YvsxfuKp3r1rUNwTuGnkq+VUWcbIgpQNy69OuKxQkoGsRgYTA8n4ZZcuWz+dVenP90xLYHcnyACg63HUVEp5foLvu1WzOdH2A4bHmsl0ePM5IdnFyToHj+Nhwz1NSvbK1OkQHoEcIbkbIkIa/kWY2mgEIIUgb9YmaCI96eiVtQpFPQ4k7hpdrUAkG4e0jT8JA3zQoB++S12p0d0K3SQtJ3+YATUm+rKnHchHZ/uEAgBgoOLiu99p7Aiie76jlGxZp8A/hPqU/zS61z7ER4lJeyR/pXh53Ja+1 maintenance-ci
        ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXWwy6p3t4AGvaCtFDJxqKZiPDotJnbu2IKg2p7sl7YXQw+APLKk9maHyUehQQuGzidgBZpmBOMAXENcO1FGFj56cnp4W9tldTiRq1bWcUMq42wfNwIToP6dAXj5ZyhL+UZj1GsCThSasDhFe4Xife0cn69KHJqtmahApQK6D7tpZr2UNDYNWh/2JIrUOcJXZU+BqNg7zm1KNb6e9lKXL6KLDeaCiQ0bj+L/unqepLdg26eO7AQSZ/rt2qAnbfcquozECtDhT4cbK8q9xJODlJQ3eQGOgTH3m8jGijL+3UdPFUzbo4KwSK4V9FmB711HVBCQM4nlH9zumIUSxutnkd rlubianyi@rlubianyi-pc
        ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhZxqF+NSuP+Dr2nmGHf4NIpH2xWSmq+UE/HGP6j81rKSBZeRb2SuRXLtLVh3NZ+3GLa4UQGvedcnsqzgvSt05LYujloHnLxIsrsOWbLxOcdUYkorhXenGKBxKopwViRNV2PovMAnwyZ27GkXH8RQ52XISOdTIIV7r8M3kLpxCor2jHnOzJOcr7rhLeSFTK5zw6//T3S+IOQ5/HEs+8NK1sNw2lxBTuk+dAydiaCsQqm4GMl5vZSy0j7cnsy+lq69zN2/Bi4JzKLDKF2ap4zDh/ELhUBoQhh12T0djFV9Qv9fTWI4LUW8cVyqxbfreJrZqSAyMgSRrGSUBclFTmn5Z pavel@pavel-All-Series
        ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqfNIy3WuxzRzOY/GBNGOnP5UrCFWZ8uMzW6hEl4wgIEYYIcv8o+C1/hvrfHimG/I/rAwYRS6Dx0bZ7m49zATNxe+EVer3BV63ru34Hzel/XxxyD34ULmrDgvP3olaAKFI17gVOFQ7hCBzDRp3s4YN3ojQspPyeiO+Jt8OwVomxJWgLauAHhl7Z/XPVHpT/fssJGG/eC4oOz4RZ4jAk0BH3Yl8s63grfwrgB79H/+nr0UvBdTkBn3T5WiC4gxnm+jQQwci7/BLQsg1Z3OykfTuyftIexNyVVy/SmdsGi37RJGFKRMMovoZx+261JgaHWBoHqBJa5UpV2usi9z3Py2z avgoor@MacBook-Pro-Denis.local
        ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDjL5X8RdcYhxsd6j43p5Clk8hzq/IjfRvekD+xPy6DhD2kyKTnAR1FjtTeFtH1mC+lD+nUnswR1A5dR+5eHemKxz0IkWuDeL8+YdMpOy+bbQyA+tlTukGriPcIUCHOxn7u2u4zV4a+AcZha5obR1zv91nkGaWAfbjDHTl2f4IB3Rx3rJwd/3r7ge1MA0qIRqr1k+FY99477zd+nbYVP8n84+uY7DoaFHtzEWTXqc2CwdEO+5uzMzdWWRUwU1vwe4Ac9i1NtsA33pa1VVMKny2S2k2JcvNpkKDo7x4ezH2fOuHiDTOk4CqUjg7TlpsdMbT8ugj5YE8H/O3Kh25t3Fkn maintenance-ci-robot

  - path: /etc/bash_completion.d/kaas
    content: |
        PATH=${PATH}:~/kaas-bootstrap/bin:/home/ubuntu/bootstrap/dev/bin
        if [ -f ~/kubeconfig ]; then export KUBECONFIG=~/kubeconfig ; fi
        if [ -f ~/bootstrap/dev/kubeconfig ]; then export KUBECONFIG=~/bootstrap/dev/kubeconfig; fi
        echo "KUBECONFIG=${KUBECONFIG}"
        echo "kubectl=$(which kubectl)"

  - path: /etc/netplan/51-kaas-init.yaml
    content: |
      network:
        version: 2
        renderer: networkd
        ethernets:
          ens3:
            nameservers:
              addresses: $nameservers
            dhcp4: false
            dhcp6: false
        bridges:
          br0:
            dhcp4: false
            dhcp6: false
            addresses:
              - 172.16.180.2/23
            mtu: 9100
            nameservers:
              addresses:
                - 172.18.176.6
                - 172.16.180.1
                - 8.8.8.8
              search: [ ]
            interfaces:
            - ens3
            routes:
              - to: 0.0.0.0/0
                via: 172.16.180.1
            parameters:
                forward-delay: 4
                stp: false
  - path: /root/do_deploy_mcc_mgmt.sh
    content: |
      set -e
      source /root/env_vars.sh
      while [ ! -d "${OUT_DIR}" ] ; do sleep 4 ; done
      [[ "$(sed -n 693p /root/kaas-bootstrap/bootstrap.sh)" -eq "configure" ]] && sed -i "693d" /root/kaas-bootstrap/bootstrap.sh
      # PROD-44779
      set +e -o pipefail
      /root/kaas-bootstrap/bootstrap.sh all 2>&1 | tee deploy_mcc_mgmt_output.log
      retcode=$?
      set -e
      if [[ $retcode -ne 0 ]] ; then
        grep "Keycloak service is unavailable" deploy_mcc_mgmt_output.log && echo "PRODX-44779 is still there, ignoring" || exit $retcode
      else
        echo 'REMOVE PRODX-44779 WORKAROUND'
      fi
      export KUBECONFIG=/root/kubeconfig
      echo r00tme | /root/kaas-bootstrap/container-cloud bootstrap user add --username root --roles global-admin,management-admin,reader,writer,operator --kubeconfig kubeconfig --password-stdin
  - path: /root/do_deploy_child.sh
    content: |
      set -e
      while [ ! -d /root/bm_mcc_mosk/child/cluster ] ; do echo 'no child templates!' ; sleep 4 ; done
      export KUBECONFIG=/root/kubeconfig
      /root/kaas-bootstrap/bin/kubectl apply -f /root/bm_mcc_mosk/child/cluster/project.yaml
      sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/ssh_pubkeys.yaml
      sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/cluster.yaml
      sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/baremetalhosts.yaml
      sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/baremetalhostprofiles.yaml
      sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/subnets.yaml
      sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/l2_templates.yaml
      sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/metallbconfig.yaml
      sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/machines.yaml
      sleep 2 && /root/kaas-bootstrap/bin/kubectl -n mosk apply -f /root/bm_mcc_mosk/child/cluster/kaascephcluster.yaml

  - path: /etc/udev/rules.d/60-ssd-scheduler.rules
    content: |
        ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="deadline"

  - path: /root/env_vars.sh
    content: |
        export KAAS_BM_ENABLED="true"
        export KAAS_BM_PXE_IP="172.16.180.5"
        export KAAS_BM_PXE_MASK="23"
        export KAAS_BM_PXE_BRIDGE="br0"
        export CLUSTER_NAME=kaas-mgmt
        export OUT_DIR=/root/bm_mcc_mosk/kaas-mgmt/
        export KAAS_BOOTSTRAP_INFINITE_TIMEOUT=true
  - path: /root/get_child_kubeconfig.sh
    content: |
        /root/kaas-bootstrap/bin/kubectl --kubeconfig /root/kubeconfig -n mosk get secrets mosk-kubeconfig -o jsonpath='{.data.admin\.conf}' | base64 -d | sed 's/:5443/:443/g' > /root/child.kubeconfig
        export KUBECONFIG=/root/child.kubeconfig
  - path: /root/mirantis.lic
    content: |
        eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9Cg.eyJleHAiOjE3MzgzOTY4MDAsImlhdCI6MTY3NTMyNDgwMCwic3ViIjoiZGV2fHNpLWRldiIsImxpY2Vuc2UiOnsiZGV2Ijp0cnVlLCJsaW1pdHMiOnsiY2x1c3RlcnMiOjAsIndvcmtlcnNfcGVyX2NsdXN0ZXIiOjB9LCJvcGVuc3RhY2siOnsiY2x1c3RlcnMiOjAsIndvcmtlcnNfcGVyX2NsdXN0ZXIiOjB9fX0K.18naIn5bHkrQJGnqsiv8BHAEhdz_mnMSR2Oz0hAKyhVTdn5Hd7ESJFvPe2agEl7IJf4n6--NPa9zqW0y9zcixnoxB_7xvMntNCaPzfAap8Lm7RSghDJicyJ1xXTj4NNf3ocnbA8rCUNkrSbh2GKFNBqiDMqZTGC7Jozee5HjBzaxFUF0Z0Nr3T0q53DrZmiAhe0P8LtbxFhMICptcMnX-c4mw_hc5TziLZdpR0TUCJk4B0Cit4PABzZWjDCt5gWpy70ZCTTG2xo5dikd-WYBp6f43U5LUroYkhKTHjLMphHnsEDDBu2qaV18ONSuFSQ-Sfg_Mg9ndS_IMTvS9IipsA
  - path: /etc/docker/daemon.json
    content: '{"default-address-pools": [{"base": "10.50.0.0/16","size": 24}]}'