This repository has been archived by the owner on Jun 29, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 49
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This commit adds tinkerbell as a supported platform by the Lokomotive. The Terraform code consumes newly introduced controller and worker Terraform modules, which reduces the amount of code required for introducing this new platform. The commit currently lacks several parts, which will be added at later stage: - Unit tests - Configuration validation rules - CI implementation - Reference documentation - Quick start guide Closes #382. Signed-off-by: Mateusz Gozdek <mateusz@kinvolk.io>
- Loading branch information
Showing
39 changed files
with
2,529 additions
and
50 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 change: 1 addition & 0 deletions
1
assets/terraform-modules/tinkerbell/sandbox/assets/deploy/.gitignore
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
state |
76 changes: 76 additions & 0 deletions
76
assets/terraform-modules/tinkerbell/sandbox/assets/deploy/db/tinkerbell-init.sql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
SET ROLE tinkerbell; | ||
|
||
CREATE TABLE IF NOT EXISTS hardware ( | ||
id UUID UNIQUE | ||
, inserted_at TIMESTAMPTZ | ||
, deleted_at TIMESTAMPTZ | ||
, data JSONB | ||
); | ||
|
||
CREATE INDEX IF NOT EXISTS idx_id ON hardware (id); | ||
CREATE INDEX IF NOT EXISTS idx_deleted_at ON hardware (deleted_at NULLS FIRST); | ||
CREATE INDEX IF NOT EXISTS idxgin_type ON hardware USING GIN (data JSONB_PATH_OPS); | ||
|
||
CREATE TABLE IF NOT EXISTS template ( | ||
id UUID UNIQUE NOT NULL | ||
, name VARCHAR(200) NOT NULL | ||
, created_at TIMESTAMPTZ | ||
, updated_at TIMESTAMPTZ | ||
, deleted_at TIMESTAMPTZ | ||
, data BYTEA | ||
|
||
CONSTRAINT CK_name CHECK (name ~ '^[a-zA-Z0-9_-]*$') | ||
); | ||
|
||
CREATE INDEX IF NOT EXISTS idx_tid ON template (id); | ||
CREATE INDEX IF NOT EXISTS idx_tdeleted_at ON template (deleted_at NULLS FIRST); | ||
|
||
CREATE TABLE IF NOT EXISTS workflow ( | ||
id UUID UNIQUE NOT NULL | ||
, template UUID NOT NULL | ||
, devices JSONB NOT NULL | ||
, created_at TIMESTAMPTZ | ||
, updated_at TIMESTAMPTZ | ||
, deleted_at TIMESTAMPTZ | ||
); | ||
|
||
CREATE INDEX IF NOT EXISTS idx_wid ON workflow (id); | ||
CREATE INDEX IF NOT EXISTS idx_wdeleted_at ON workflow (deleted_at NULLS FIRST); | ||
|
||
CREATE TABLE IF NOT EXISTS workflow_state ( | ||
workflow_id UUID UNIQUE NOT NULL | ||
, current_task_name VARCHAR(200) | ||
, current_action_name VARCHAR(200) | ||
, current_action_state SMALLINT | ||
, current_worker VARCHAR(200) | ||
, action_list JSONB | ||
, current_action_index int | ||
, total_number_of_actions INT | ||
); | ||
|
||
CREATE INDEX IF NOT EXISTS idx_wfid ON workflow_state (workflow_id); | ||
|
||
CREATE TABLE IF NOT EXISTS workflow_event ( | ||
workflow_id UUID NOT NULL | ||
, worker_id UUID NOT NULL | ||
, task_name VARCHAR(200) | ||
, action_name VARCHAR(200) | ||
, execution_time int | ||
, message VARCHAR(200) | ||
, status SMALLINT | ||
, created_at TIMESTAMPTZ | ||
); | ||
|
||
CREATE INDEX IF NOT EXISTS idx_event ON workflow_event (created_at); | ||
|
||
CREATE TABLE IF NOT EXISTS workflow_worker_map ( | ||
workflow_id UUID NOT NULL | ||
, worker_id UUID NOT NULL | ||
); | ||
|
||
CREATE TABLE IF NOT EXISTS workflow_data ( | ||
workflow_id UUID NOT NULL | ||
, version INT | ||
, metadata JSONB | ||
, data JSONB | ||
); |
155 changes: 155 additions & 0 deletions
155
assets/terraform-modules/tinkerbell/sandbox/assets/deploy/docker-compose.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,155 @@ | ||
version: "2.1" | ||
services: | ||
tink-server: | ||
image: ${TINKERBELL_TINK_SERVER_IMAGE} | ||
restart: unless-stopped | ||
environment: | ||
FACILITY: ${FACILITY:-onprem} | ||
PACKET_ENV: ${PACKET_ENV:-testing} | ||
PACKET_VERSION: ${PACKET_VERSION:-ignored} | ||
ROLLBAR_TOKEN: ${ROLLBAR_TOKEN:-ignored} | ||
ROLLBAR_DISABLE: ${ROLLBAR_DISABLE:-1} | ||
PGDATABASE: tinkerbell | ||
PGHOST: db | ||
PGPASSWORD: tinkerbell | ||
PGPORT: 5432 | ||
PGSSLMODE: disable | ||
PGUSER: tinkerbell | ||
TINKERBELL_GRPC_AUTHORITY: :42113 | ||
TINKERBELL_HTTP_AUTHORITY: :42114 | ||
TINK_AUTH_USERNAME: ${TINKERBELL_TINK_USERNAME} | ||
TINK_AUTH_PASSWORD: ${TINKERBELL_TINK_PASSWORD} | ||
depends_on: | ||
db: | ||
condition: service_healthy | ||
healthcheck: | ||
test: ["CMD-SHELL", "wget -qO- 127.0.0.1:42114/cert"] # port needs to match TINKERBELL_HTTP_AUTHORITY | ||
interval: 5s | ||
timeout: 2s | ||
retries: 30 | ||
volumes: | ||
- ./state/certs:/certs/${FACILITY:-onprem} | ||
ports: | ||
- 42113:42113/tcp | ||
- 42114:42114/tcp | ||
|
||
db: | ||
image: postgres:10-alpine | ||
restart: unless-stopped | ||
environment: | ||
POSTGRES_DB: tinkerbell | ||
POSTGRES_PASSWORD: tinkerbell | ||
POSTGRES_USER: tinkerbell | ||
volumes: | ||
- ./db/tinkerbell-init.sql:/docker-entrypoint-initdb.d/tinkerbell-init.sql:ro | ||
- postgres_data:/var/lib/postgresql/data:rw | ||
ports: | ||
- 5432:5432 | ||
healthcheck: | ||
test: ["CMD-SHELL", "pg_isready -U tinkerbell"] | ||
interval: 1s | ||
timeout: 1s | ||
retries: 30 | ||
|
||
tink-cli: | ||
image: ${TINKERBELL_TINK_CLI_IMAGE} | ||
restart: unless-stopped | ||
environment: | ||
TINKERBELL_GRPC_AUTHORITY: 127.0.0.1:42113 | ||
TINKERBELL_CERT_URL: http://127.0.0.1:42114/cert | ||
depends_on: | ||
tink-server: | ||
condition: service_healthy | ||
db: | ||
condition: service_healthy | ||
network_mode: host | ||
|
||
registry: | ||
build: | ||
context: registry | ||
args: | ||
REGISTRY_USERNAME: $TINKERBELL_REGISTRY_USERNAME | ||
REGISTRY_PASSWORD: $TINKERBELL_REGISTRY_PASSWORD | ||
restart: unless-stopped | ||
healthcheck: | ||
test: ["CMD-SHELL", "curl --cacert /certs/ca.pem https://127.0.0.1"] | ||
interval: 5s | ||
timeout: 1s | ||
retries: 5 | ||
environment: | ||
REGISTRY_HTTP_ADDR: 0.0.0.0:443 | ||
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/server.pem | ||
REGISTRY_HTTP_TLS_KEY: /certs/server-key.pem | ||
REGISTRY_AUTH: htpasswd | ||
REGISTRY_AUTH_HTPASSWD_REALM: "Registry Realm" | ||
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd | ||
volumes: | ||
- ./state/certs:/certs | ||
- ./state/registry:/var/lib/registry | ||
network_mode: host | ||
|
||
boots: | ||
image: ${TINKERBELL_TINK_BOOTS_IMAGE} | ||
restart: unless-stopped | ||
network_mode: host | ||
command: -dhcp-addr 0.0.0.0:67 -tftp-addr $TINKERBELL_HOST_IP:69 -http-addr $TINKERBELL_HOST_IP:80 -log-level DEBUG | ||
environment: | ||
API_AUTH_TOKEN: ${PACKET_API_AUTH_TOKEN:-ignored} | ||
API_CONSUMER_TOKEN: ${PACKET_CONSUMER_TOKEN:-ignored} | ||
FACILITY_CODE: ${FACILITY:-onprem} | ||
PACKET_ENV: ${PACKET_ENV:-testing} | ||
PACKET_VERSION: ${PACKET_VERSION:-ignored} | ||
ROLLBAR_TOKEN: ${ROLLBAR_TOKEN:-ignored} | ||
ROLLBAR_DISABLE: ${ROLLBAR_DISABLE:-1} | ||
MIRROR_HOST: ${TINKERBELL_NGINX_IP:-127.0.0.1} | ||
DNS_SERVERS: 8.8.8.8 | ||
PUBLIC_IP: $TINKERBELL_HOST_IP | ||
BOOTP_BIND: $TINKERBELL_HOST_IP:67 | ||
HTTP_BIND: $TINKERBELL_HOST_IP:80 | ||
SYSLOG_BIND: $TINKERBELL_HOST_IP:514 | ||
TFTP_BIND: $TINKERBELL_HOST_IP:69 | ||
DOCKER_REGISTRY: $TINKERBELL_HOST_IP | ||
REGISTRY_USERNAME: $TINKERBELL_REGISTRY_USERNAME | ||
REGISTRY_PASSWORD: $TINKERBELL_REGISTRY_PASSWORD | ||
TINKERBELL_GRPC_AUTHORITY: $TINKERBELL_HOST_IP:42113 | ||
TINKERBELL_CERT_URL: http://$TINKERBELL_HOST_IP:42114/cert | ||
ELASTIC_SEARCH_URL: $TINKERBELL_HOST_IP:9200 | ||
DATA_MODEL_VERSION: 1 | ||
depends_on: | ||
db: | ||
condition: service_healthy | ||
ports: | ||
- $TINKERBELL_HOST_IP:80:80/tcp | ||
- 67:67/udp | ||
- 69:69/udp | ||
|
||
nginx: | ||
image: nginx:alpine | ||
restart: unless-stopped | ||
tty: true | ||
ports: | ||
- $TINKERBELL_NGINX_IP:80:80/tcp | ||
volumes: | ||
- ./state/webroot:/usr/share/nginx/html/ | ||
|
||
hegel: | ||
image: ${TINKERBELL_TINK_HEGEL_IMAGE} | ||
restart: unless-stopped | ||
network_mode: host | ||
environment: | ||
ROLLBAR_TOKEN: ${ROLLBAR_TOKEN-ignored} | ||
ROLLBAR_DISABLE: 1 | ||
PACKET_ENV: testing | ||
PACKET_VERSION: ${PACKET_VERSION:-ignored} | ||
GRPC_PORT: 42115 | ||
HEGEL_FACILITY: ${FACILITY:-onprem} | ||
HEGEL_USE_TLS: 0 | ||
TINKERBELL_GRPC_AUTHORITY: 127.0.0.1:42113 | ||
TINKERBELL_CERT_URL: http://127.0.0.1:42114/cert | ||
DATA_MODEL_VERSION: 1 | ||
depends_on: | ||
db: | ||
condition: service_healthy | ||
|
||
volumes: | ||
postgres_data: |
7 changes: 7 additions & 0 deletions
7
assets/terraform-modules/tinkerbell/sandbox/assets/deploy/flatcar-install/Dockerfile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
FROM ubuntu | ||
|
||
RUN apt update && \ | ||
apt install -y udev gpg wget | ||
|
||
RUN wget https://raw.githubusercontent.com/flatcar-linux/init/flatcar-master/bin/flatcar-install -O /usr/local/bin/flatcar-install && \ | ||
chmod +x /usr/local/bin/flatcar-install |
7 changes: 7 additions & 0 deletions
7
assets/terraform-modules/tinkerbell/sandbox/assets/deploy/registry/Dockerfile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
FROM registry:2.7.1 | ||
RUN apk add --no-cache --update curl apache2-utils | ||
ARG REGISTRY_USERNAME | ||
ARG REGISTRY_PASSWORD | ||
RUN mkdir -p /certs /auth | ||
RUN htpasswd -Bbn ${REGISTRY_USERNAME} ${REGISTRY_PASSWORD} > /auth/htpasswd | ||
EXPOSE 443 |
1 change: 1 addition & 0 deletions
1
assets/terraform-modules/tinkerbell/sandbox/assets/deploy/tls/.gitignore
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
*/ |
7 changes: 7 additions & 0 deletions
7
assets/terraform-modules/tinkerbell/sandbox/assets/deploy/tls/Dockerfile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
FROM alpine:3.11 | ||
ENTRYPOINT [ "/entrypoint.sh" ] | ||
|
||
RUN apk add --no-cache --update --upgrade ca-certificates postgresql-client | ||
RUN apk add --no-cache --update --upgrade --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing cfssl | ||
|
||
COPY . . |
17 changes: 17 additions & 0 deletions
17
assets/terraform-modules/tinkerbell/sandbox/assets/deploy/tls/ca-config.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
{ | ||
"signing": { | ||
"default": { | ||
"expiry": "168h" | ||
}, | ||
"profiles": { | ||
"server": { | ||
"expiry": "8760h", | ||
"usages": ["signing", "key encipherment", "server auth"] | ||
}, | ||
"signing": { | ||
"expiry": "8760h", | ||
"usages": ["signing", "key encipherment"] | ||
} | ||
} | ||
} | ||
} |
12 changes: 12 additions & 0 deletions
12
assets/terraform-modules/tinkerbell/sandbox/assets/deploy/tls/ca.in.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
{ | ||
"CN": "Autogenerated CA", | ||
"key": { | ||
"algo": "rsa", | ||
"size": 2048 | ||
}, | ||
"names": [ | ||
{ | ||
"L": "@FACILITY@" | ||
} | ||
] | ||
} |
13 changes: 13 additions & 0 deletions
13
assets/terraform-modules/tinkerbell/sandbox/assets/deploy/tls/entrypoint.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
#!/usr/bin/env sh | ||
|
||
# set -o errexit -o nounset -o pipefail | ||
|
||
if [ -z "${TINKERBELL_TLS_CERT:-}" ]; then | ||
( | ||
echo "creating directory" | ||
mkdir -p "certs" | ||
./gencerts.sh | ||
) | ||
fi | ||
|
||
"$@" |
Oops, something went wrong.