Merge "Add ability to deploy AIO"
diff --git a/de/heat-templates/env/aio.yaml b/de/heat-templates/env/aio.yaml
index af4c87e..b7ab922 100644
--- a/de/heat-templates/env/aio.yaml
+++ b/de/heat-templates/env/aio.yaml
@@ -22,11 +22,10 @@
private_floating_network_cidr: '10.11.12.0/24'
private_floating_interface: ''
tunnel_interface: 'ens3'
- worker_metadata: {"labels": {"openstack-control-plane":"enabled","openstack-compute-node":"enabled","openvswitch":"enabled", "openstack-gateway":"enabled","role":"ceph-osd-node","local-volume-provisioner": "enabled"}}
- cmp_metadata: {"labels": {"openstack-compute-node":"enabled","openvswitch":"enabled", "role":"ceph-osd-node"}}
- gtw_metadata: {"labels": {"openvswitch":"enabled"}}
+ ucp_metadata: {"labels": {"openstack-control-plane":"enabled","openstack-compute-node":"enabled","openvswitch":"enabled", "openstack-gateway":"enabled","role":"ceph-osd-node","local-volume-provisioner": "enabled", "openstack-compute-node":"enabled","openvswitch":"enabled", "role":"ceph-osd-node"}}
#compact.cid: RAM 32768 | Disk 100 | VCPU 8
- ucp_flavor: 'compact.cid'
+ ucp_flavor: 'mosk.aio.ephemeral'
+ #ucp_flavor: 'compact.cid'
# hardware_metadata which is used for Ceph requires flavor with
# ephemeral storage because it is used for Ceph bluestore.
workers_flavor: 'system.compact.openstack.control.ephemeral'
@@ -42,7 +41,7 @@
storageDevices:
- name: vdb
role: hdd
- sizeGb: 20
+ sizeGb: 2
ramGb: 8
cores: 2
# The roles will be assigned based on node labels.
diff --git a/de/heat-templates/fragments/SrvInstancesVM.yaml b/de/heat-templates/fragments/SrvInstancesVM.yaml
index a9a305d..d62225a 100644
--- a/de/heat-templates/fragments/SrvInstancesVM.yaml
+++ b/de/heat-templates/fragments/SrvInstancesVM.yaml
@@ -54,6 +54,15 @@
type: string
single_node:
type: string
+ user_data_config:
+ description: This is part of clout-config which denies to mount drive with label ephemeral0 to /mnt
+ type: string
+ default: |
+ #cloud-config
+ #
+ # Don't mount ephemeral0 to /mnt as it's by default
+ mounts:
+ - [ ephemeral0, null ]
resources:
@@ -100,6 +109,7 @@
parts:
- config: {get_resource: software_config}
- config: {get_resource: inject_files}
+ - config: {get_param: user_data_config}
server:
type: OS::Nova::Server
@@ -151,7 +161,7 @@
value: { get_attr: [server, networks, { get_param: accessible_network}, 0]}
server_private_floating_ip:
description: IP address of server in private floating network
- value: { get_attr: [private_floating_server_port, fixed_ips, 0, ip_address] }
+ value: [ { get_attr: [private_floating_server_port, fixed_ips, 0, ip_address] } ]
server_public_ip:
description: Floating IP address of server in public network
value: { get_attr: [ server_floating_ip, floating_ip_address ] }
diff --git a/de/heat-templates/scripts/instance_boot.sh b/de/heat-templates/scripts/instance_boot.sh
index a5f1b2c..4746813 100644
--- a/de/heat-templates/scripts/instance_boot.sh
+++ b/de/heat-templates/scripts/instance_boot.sh
@@ -223,6 +223,15 @@
retry 10 "Can't bring up docker UCP container" docker_run_retry
}
+function get_authtoken_retry {
+# Download the bundle https://docs.docker.com/ee/ucp/user-access/cli/
+# Create an environment variable with the user security token
+ AUTHTOKEN=$(curl --retry 6 --retry-delay 5 -sk -d '{"username":"'$UCP_USERNAME'","password":"'$UCP_PASSWORD'"}' https://${UCP_MASTER_HOST}/auth/login | jq -r .auth_token)
+ if [ -z ${AUTHTOKEN} ]; then
+ return -1
+ fi
+}
+
function download_bundles {
local tmpd
tmpd=$(mktemp -d)
@@ -232,15 +241,6 @@
curl --retry 6 --retry-delay 5 -k -H "Authorization: Bearer $AUTHTOKEN" https://${UCP_MASTER_HOST}/api/clientbundle -o ${tmpd}/bundle.zip
}
- function get_authtoken_retry {
- # Download the bundle https://docs.docker.com/ee/ucp/user-access/cli/
- # Create an environment variable with the user security token
- AUTHTOKEN=$(curl --retry 6 --retry-delay 5 -sk -d '{"username":"'$UCP_USERNAME'","password":"'$UCP_PASSWORD'"}' https://${UCP_MASTER_HOST}/auth/login | jq -r .auth_token)
- if [ -z ${AUTHTOKEN} ]; then
- return -1
- fi
- }
-
retry 10 "Can't get AUTHTOKEN from master." get_authtoken_retry
retry 10 "Can't download bundle file from master." download_bundles_retry
@@ -272,12 +272,16 @@
}
function create_ucp_config {
+ if [[ "${SINGLE_NODE}" == true ]]; then
+ max_pods="kubelet_max_pods = 220"
+ fi
echo "
[scheduling_configuration]
enable_admin_ucp_scheduling = true
default_node_orchestrator = \"kubernetes\"
[cluster_config]
dns = [\"172.18.208.44\"]
+ ${max_pods}
" | docker config create com.docker.ucp.config -
}
@@ -643,7 +647,12 @@
function disable_master_taint {
- kubectl taint nodes --all com.docker.ucp.manager:NoSchedule-
+ function disable_master_taint_retry {
+ # Enable "Allow all authenticated users, including service accounts to schedule on all nodes, including UCP managers."
+ curl --retry 6 --retry-delay 5 -k -H "Authorization: Bearer $AUTHTOKEN" -k -X PUT https://${UCP_MASTER_HOST}/collectionGrants/authenticated/swarm/scheduler
+ }
+
+ retry 10 "Can't enable permission to schedule all pods on UCP master." disable_master_taint_retry
}
@@ -674,7 +683,9 @@
configure_contrack
disable_iptables_for_bridges
if [[ "${SINGLE_NODE}" == true ]]; then
+ nested_virt_config
disable_master_taint
+ collect_interfaces_metadata
fi
;;
master)
diff --git a/de/heat-templates/top.yaml b/de/heat-templates/top.yaml
index ff3478d..0fd1cf4 100644
--- a/de/heat-templates/top.yaml
+++ b/de/heat-templates/top.yaml
@@ -269,6 +269,12 @@
type: string
default: 'false'
+conditions:
+ aio_deploy:
+ equals:
+ - get_param: single_node
+ - 'true'
+
resources:
keypair_name:
type: OS::Heat::RandomString
@@ -793,7 +799,7 @@
value: { get_attr: [vbmcs, server_ironic_baremetal_ip] }
worker_private_floating_ips:
description: IPs might be used as gateway
- value: { get_attr: [workers, server_private_floating_ip] }
+ value: {if: [aio_deploy, {get_attr: [ucp, server_private_floating_ip]}, {get_attr: [workers, server_private_floating_ip]}]}
private_floating_cidr:
value: { get_param: private_floating_network_cidr }
private_floating_network_pool_start: