From f5713c4aaedd3f32d8d186a43c820fc83f15a66b Mon Sep 17 00:00:00 2001
From: Kevin Carter <kevin.carter@rackspace.com>
Date: Wed, 12 Mar 2025 15:54:42 -0500
Subject: [PATCH 1/6] feat: add script for setup infra

This change takes the setup steps that we have in the hyperconverged
script and moves them into a stand alone setup-infrastructure script
that an operator could use to deploy their environment with a single
interaction.

Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
---
 bin/setup-infrastructure.sh   | 177 +++++++++++++++++++
 scripts/hyperconverged-lab.sh | 311 +++++++++++++---------------------
 2 files changed, 298 insertions(+), 190 deletions(-)
 create mode 100755 bin/setup-infrastructure.sh

diff --git a/bin/setup-infrastructure.sh b/bin/setup-infrastructure.sh
new file mode 100755
index 000000000..de237b1d2
--- /dev/null
+++ b/bin/setup-infrastructure.sh
@@ -0,0 +1,177 @@
+#!/usr/bin/env bash
+# shellcheck disable=SC2124,SC2145,SC2294,SC2086,SC2087,SC2155
+set -e
+
+set -o pipefail
+
+if [ -z "${ACME_EMAIL}" ]; then
+  read -rp "Enter a valid email address for use with ACME, press enter to skip: " ACME_EMAIL
+  export ACME_EMAIL="${ACME_EMAIL:-}"
+fi
+
+if [ -z "${GATEWAY_DOMAIN}" ]; then
+  echo "The domain name for the gateway is required, if you do not have a domain name press enter to use the default"
+  read -rp "Enter the domain name for the gateway [cluster.local]: " GATEWAY_DOMAIN
+  export GATEWAY_DOMAIN="${GATEWAY_DOMAIN:-cluster.local}"
+fi
+
+if [ "${HYPERCONVERGED:-false}" = "true" ]; then
+  kubectl label node --all openstack-control-plane=enabled \
+                           openstack-compute-node=enabled \
+                           openstack-network-node=enabled \
+                           openstack-storage-node=enabled \
+                           node-role.kubernetes.io/worker=worker
+else
+  LABEL_FAIL=0
+  for label in openstack-control-plane=enabled \
+               openstack-compute-node=enabled \
+               openstack-network-node=enabled \
+               openstack-storage-node=enabled \
+               node-role.kubernetes.io/worker=worker; do
+    if [ -z "$(kubectl get nodes -l "${label}" -o name)" ]; then
+      echo "[FAILURE] No nodes with the label ${label} found, please label the nodes you want to use for the OpenStack deployment"
+      LABEL_FAIL=1
+    fi
+  done
+  if [ "${LABEL_FAIL}" -eq 1 ]; then
+    exit 1
+  fi
+fi
+
+kubectl label node -l beta.kubernetes.io/os=linux kubernetes.io/os=linux
+kubectl label node -l node-role.kubernetes.io/control-plane kube-ovn/role=master
+kubectl label node -l ovn.kubernetes.io/ovs_dp_type!=userspace ovn.kubernetes.io/ovs_dp_type=kernel
+kubectl label node -l node-role.kubernetes.io/control-plane longhorn.io/storage-node=enabled
+
+if ! kubectl taint nodes -l node-role.kubernetes.io/control-plane node-role.kubernetes.io/control-plane:NoSchedule-; then
+  echo "Taint already removed"
+fi
+
+if [ -z "${CONTAINER_INTERFACE}" ]; then
+  export CONTAINER_INTERFACE=$(ip -details -json link show | \
+    jq -r '[.[] | if .linkinfo.info_kind // .link_type == "loopback" or
+           (.ifname | test("idrac+")) then empty else .ifname end ] | .[0]')
+  echo "[WARNING] The interface for the OVN network is required."
+  echo "          The script will use the default route interface ${CONTAINER_INTERFACE}"
+fi
+
+if [ -z "${CONTAINER_VLAN_INTERFACE}" ]; then
+  echo "[WARNING] The vlan interface for the OVN network is required."
+  echo "          The script will use the default route interface ${CONTAINER_INTERFACE}"
+  export CONTAINER_VLAN_INTERFACE="${CONTAINER_INTERFACE}"
+fi
+
+if [ -z "${COMPUTE_INTERFACE}" ]; then
+  export COMPUTE_INTERFACE=$(ip -details -json link show | \
+    jq -r '[.[] | if .linkinfo.info_kind // .link_type == "loopback" or
+           (.ifname | test("idrac+")) then empty else .ifname end ] | .[-1]')
+  echo "[WARNING] The interface for the compute network is required."
+  echo "          The script will use the last interface found ${COMPUTE_INTERFACE}"
+fi
+
+if [ "${COMPUTE_INTERFACE}" = "${CONTAINER_INTERFACE}" ]; then
+  echo "[ERROR] The compute interface cannot be the same as the container interface"
+  exit 1
+fi
+
+kubectl annotate \
+        nodes \
+        -l openstack-compute-node=enabled -l openstack-network-node=enabled \
+        ovn.openstack.org/int_bridge='br-int'
+kubectl annotate \
+        nodes \
+        -l openstack-compute-node=enabled -l openstack-network-node=enabled \
+        ovn.openstack.org/bridges='br-ex'
+kubectl annotate \
+        nodes \
+        -l openstack-compute-node=enabled -l openstack-network-node=enabled \
+        ovn.openstack.org/ports="br-ex:${COMPUTE_INTERFACE}"
+kubectl annotate \
+        nodes \
+        -l openstack-compute-node=enabled -l openstack-network-node=enabled \
+        ovn.openstack.org/mappings='physnet1:br-ex'
+kubectl annotate \
+        nodes \
+        -l openstack-compute-node=enabled -l openstack-network-node=enabled \
+        ovn.openstack.org/availability_zones='az1'
+kubectl annotate \
+        nodes \
+        -l openstack-network-node=enabled \
+        ovn.openstack.org/gateway='enabled'
+
+# Deploy kube-ovn
+if [ ! -f /etc/genestack/helm-configs/kube-ovn/kube-ovn-helm-overrides.yaml ]; then
+cat > /etc/genestack/helm-configs/kube-ovn/kube-ovn-helm-overrides.yaml <<EOF
+---
+networking:
+  IFACE: "${CONTAINER_INTERFACE}"
+  vlan:
+    VLAN_INTERFACE_NAME: "${CONTAINER_VLAN_INTERFACE}"
+EOF
+fi
+/opt/genestack/bin/install-kube-ovn.sh
+echo "Waiting for the kube-ovn-controller to be available"
+kubectl -n kube-system wait --timeout=5m deployments.app/kube-ovn-controller --for=condition=available
+
+# Setup shared pod storage
+kubectl apply -f /etc/genestack/manifests/longhorn/longhorn-namespace.yaml
+/opt/genestack/bin/install-longhorn.sh
+sed -i 's/numberOfReplicas.*/numberOfReplicas: "'"${LONGHORN_STORAGE_REPLICAS:-2}"'"/g' \
+       /etc/genestack/manifests/longhorn/longhorn-general-storageclass.yaml
+kubectl apply -f /etc/genestack/manifests/longhorn/longhorn-general-storageclass.yaml
+
+# Deploy prometheus
+/opt/genestack/bin/install-prometheus.sh
+
+# Deploy metallb
+kubectl apply -f /etc/genestack/manifests/metallb/metallb-namespace.yaml
+/opt/genestack/bin/install-metallb.sh
+echo "Waiting for the metallb-controller to be available"
+kubectl -n metallb-system wait --timeout=5m deployments.apps/metallb-controller --for=condition=available
+kubectl apply -f /etc/genestack/manifests/metallb/metallb-openstack-service-lb.yml
+
+# Deploy openstack
+kubectl apply -k /etc/genestack/kustomize/openstack
+
+# Deploy envoy
+/opt/genestack/bin/install-envoy-gateway.sh
+echo "Waiting for the envoy-gateway to be available"
+kubectl -n envoyproxy-gateway-system wait --timeout=5m deployments.apps/envoy-gateway --for=condition=available
+GATEWAY_DOMAIN="${GATEWAY_DOMAIN}" ACME_EMAIL="${ACME_EMAIL}" /opt/genestack/bin/setup-envoy-gateway.sh
+
+# Run a rollout for cert-manager
+echo "Waiting for the cert-manager to be available"
+kubectl -n cert-manager wait --timeout=5m deployments.apps cert-manager --for=condition=available
+
+# Deploy the Genestack secrets
+/opt/genestack/bin/create-secrets.sh
+if ! kubectl create -f /etc/genestack/kubesecrets.yaml; then
+  echo "Secrets already created"
+fi
+
+# Deploy mariadb
+/opt/genestack/bin/install-mariadb-operator.sh
+if ! kubectl -n mariadb-system wait --timeout=1m deployments.apps mariadb-operator-webhook --for=condition=available; then
+  echo "Recycling the mariadb-operator pods because sometimes they're stupid"
+  kubectl -n mariadb-system get pods -o name | xargs kubectl -n mariadb-system delete
+  kubectl -n mariadb-system wait --timeout=5m deployments.apps mariadb-operator-webhook --for=condition=available
+fi
+
+echo "Waiting for the mariadb-operator-webhook to be available"
+kubectl -n openstack apply -k /etc/genestack/kustomize/mariadb-cluster/overlay
+
+# Deploy rabbitmq
+kubectl apply -k /etc/genestack/kustomize/rabbitmq-operator
+kubectl apply -k /etc/genestack/kustomize/rabbitmq-topology-operator
+echo "Waiting for the rabbitmq-cluster-operator to be available"
+kubectl -n rabbitmq-system wait --timeout=5m deployments.apps rabbitmq-cluster-operator --for=condition=available
+kubectl apply -k /etc/genestack/kustomize/rabbitmq-cluster/overlay
+
+# Deploy ovn
+kubectl apply -k /etc/genestack/kustomize/ovn
+
+# Deploy memcached
+/opt/genestack/bin/install-memcached.sh
+
+# Deploy libvirt
+/opt/genestack/bin/install-libvirt.sh
diff --git a/scripts/hyperconverged-lab.sh b/scripts/hyperconverged-lab.sh
index aa4b4fd3c..ab4c46467 100755
--- a/scripts/hyperconverged-lab.sh
+++ b/scripts/hyperconverged-lab.sh
@@ -1,9 +1,9 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # shellcheck disable=SC2124,SC2145,SC2294,SC2086,SC2087,SC2155
 
 set -o pipefail
 set -e
-
+SECONDS=0
 if [ -z "${ACME_EMAIL}" ]; then
   read -rp "Enter a valid email address for use with ACME, press enter to skip: " ACME_EMAIL
   export ACME_EMAIL="${ACME_EMAIL:-}"
@@ -20,15 +20,12 @@ if [ -z "${OS_CLOUD}" ]; then
   export OS_CLOUD="${OS_CLOUD:-default}"
 fi
 
-# SJC3 is special...
-OS_REGION=$(openstack config show -f json | jq -r '.region_name')
-if [ "${OS_REGION}" = "SJC3" ]; then
-  DEFAULT_OS_FLAVOR="gp.0.8.16"
-else
-  DEFAULT_OS_FLAVOR="gp.5.8.16"
-fi
-
 if [ -z "${OS_FLAVOR}" ]; then
+  # List compatible flavors
+  FLAVORS=$(openstack flavor list --min-ram 16000 --min-disk 100 --sort-column Name -c Name -c RAM -c Disk -c VCPUs -f json)
+  DEFAULT_OS_FLAVOR=$(echo "${FLAVORS}" | jq -r '[.[] | select( all(.RAM; . < 24576) )] | .[0].Name')
+  echo "The following flavors are available for use with this build"
+  echo "${FLAVORS}" | jq -r '["Name", "RAM", "Disk", "VCPUs"], (.[] | [.Name, .RAM, .Disk, .VCPUs]) | @tsv' | column -t
   read -rp "Enter name of the flavor to use for the instances [${DEFAULT_OS_FLAVOR}]: " OS_FLAVOR
   export OS_FLAVOR=${OS_FLAVOR:-${DEFAULT_OS_FLAVOR}}
 fi
@@ -182,6 +179,17 @@ elif [ -z "${JUMP_HOST_VIP}" ]; then
   JUMP_HOST_VIP=$(openstack floating ip create PUBLICNET --port ${WORKER_0_PORT} -f json | jq -r '.floating_ip_address')
 fi
 
+for i in {100..109}; do
+  if ! openstack port show hyperconverged-0-compute-float-${i}-port -f value -c id 2> /dev/null; then
+    openstack port create --network hyperconverged-compute-net \
+                          --disable-port-security \
+                          --fixed-ip ip-address="192.168.102.${i}" \
+                          -f value \
+                          -c id \
+                          hyperconverged-0-compute-float-${i}-port
+  fi
+done
+
 if ! COMPUTE_0_PORT=$(openstack port show hyperconverged-0-compute-port -f value -c id) 2> /dev/null; then
   export COMPUTE_0_PORT=$(
     openstack port create --network hyperconverged-compute-net \
@@ -230,11 +238,12 @@ fi
 ssh-add ~/.ssh/hyperconverged-key.pem
 
 # Create the three lab instances
+export OS_IMAGE="${OS_IMAGE:-Ubuntu 24.04}"
 if ! openstack server show hyperconverged-0; then
   openstack server create hyperconverged-0 \
             --port ${WORKER_0_PORT} \
             --port ${COMPUTE_0_PORT} \
-            --image "Ubuntu 24.04" \
+            --image "${OS_IMAGE}" \
             --key-name hyperconverged-key \
             --flavor ${OS_FLAVOR}
 fi
@@ -243,7 +252,7 @@ if ! openstack server show hyperconverged-1; then
   openstack server create hyperconverged-1 \
             --port ${WORKER_1_PORT} \
             --port ${COMPUTE_1_PORT} \
-            --image "Ubuntu 24.04" \
+            --image "${OS_IMAGE}" \
             --key-name hyperconverged-key \
             --flavor ${OS_FLAVOR}
 fi
@@ -252,13 +261,14 @@ if ! openstack server show hyperconverged-2; then
   openstack server create hyperconverged-2 \
             --port ${WORKER_2_PORT} \
             --port ${COMPUTE_2_PORT} \
-            --image "Ubuntu 24.04" \
+            --image "${OS_IMAGE}" \
             --key-name hyperconverged-key \
             --flavor ${OS_FLAVOR}
 fi
 
+echo "Waiting for the jump host to be ready"
 COUNT=0
-while ! ssh -o UserKnownHostsFile=/dev/null -q ubuntu@${JUMP_HOST_VIP} exit; do
+while ! ssh -o ConnectTimeout=2 -o ConnectionAttempts=3 -o UserKnownHostsFile=/dev/null -q ubuntu@${JUMP_HOST_VIP} exit; do
    sleep 2
    echo "SSH is not ready, Trying again..."
    COUNT=$((COUNT+1))
@@ -269,16 +279,37 @@ while ! ssh -o UserKnownHostsFile=/dev/null -q ubuntu@${JUMP_HOST_VIP} exit; do
 done
 
 # Run bootstrap
+if [ "${HYPERCONVERGED_DEV:-false}" = "true" ]; then
+  export SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+  if [ ! -d "${SCRIPT_DIR}" ]; then
+    echo "HYPERCONVERGED_DEV is true, but we've failed to determine the base genestack directory"
+    exit 1
+  fi
+  ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null -t ubuntu@${JUMP_HOST_VIP} "sudo chown \${USER}:\${USER} /opt"
+  echo "Copying the development source code to the jump host"
+  rsync -az \
+        -e "ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null" \
+        --rsync-path="sudo rsync" \
+        $(readlink -fn ${SCRIPT_DIR}/../) ubuntu@${JUMP_HOST_VIP}:/opt/
+fi
+
 ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null -t ubuntu@${JUMP_HOST_VIP} <<EOC
 set -e
-if [ -f ~/.venvs/genestack/bin/pip ]; then
-  exit 0
+if [ ! -d "/opt/genestack" ]; then
+  sudo git clone --recurse-submodules -j4 https://github.com/rackerlabs/genestack /opt/genestack
+else
+  sudo git config --global --add safe.directory /opt/genestack
+  pushd /opt/genestack
+    sudo git submodule update --init --recursive
+  popd
+fi
+
+if [ ! -d "/etc/genestack" ]; then
+  sudo /opt/genestack/bootstrap.sh
+  sudo chown \${USER}:\${USER} -R /etc/genestack
 fi
-# SSH into the floating ip address of the hyperconverged-0 server
-sudo git clone --recurse-submodules -j4 https://github.com/rackerlabs/genestack /opt/genestack
-sudo /opt/genestack/bootstrap.sh
-sudo chown \${USER}:\${USER} -R /etc/genestack
 
+if [ ! -f "/etc/genestack/manifests/metallb/metallb-openstack-service-lb.yml" ]; then
 cat > /etc/genestack/manifests/metallb/metallb-openstack-service-lb.yml <<EOF
 ---
 apiVersion: metallb.io/v1beta1
@@ -300,7 +331,9 @@ spec:
   ipAddressPools:
     - gateway-api-external
 EOF
+fi
 
+if [ ! -f "/etc/genestack/inventory/inventory.yaml" ]; then
 cat > /etc/genestack/inventory/inventory.yaml <<EOF
 ---
 all:
@@ -378,6 +411,7 @@ all:
             hyperconverged-1.${GATEWAY_DOMAIN}: null
             hyperconverged-2.${GATEWAY_DOMAIN}: null
 EOF
+fi
 
 if [ ! -f "/etc/genestack/helm-configs/barbican/barbican-helm-overrides.yaml" ]; then
 cat > /etc/genestack/helm-configs/barbican/barbican-helm-overrides.yaml <<EOF
@@ -557,191 +591,88 @@ conf:
       threads: 1
 EOF
 fi
-
-# Create the OVN interface
-export CONTAINER_INTERFACE=\$(ip -details -json link show | jq -r '[.[] |
-        if .linkinfo.info_kind // .link_type == "loopback" or (.ifname | test("idrac+")) then
-            empty
-        else
-            .ifname
-        end
-    ] | .[0]')
-
-cat > /etc/genestack/helm-configs/kube-ovn/kube-ovn-helm-overrides.yaml <<EOF
-networking:
-  IFACE: "\${CONTAINER_INTERFACE}"
-  vlan:
-    VLAN_INTERFACE_NAME: "\${CONTAINER_INTERFACE}"
-EOF
 EOC
 
-# Run host setup
+# Run host and K8S setup
 ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null -t ubuntu@${JUMP_HOST_VIP} <<EOC
 set -e
-python3 -m venv ~/.venvs/genestack
-~/.venvs/genestack/bin/pip install -r /opt/genestack/requirements.txt
-source /opt/genestack/scripts/genestack.rc
-ANSIBLE_SSH_PIPELINING=0 ansible-playbook /opt/genestack/ansible/playbooks/host-setup.yml --become
+if [ ! -f "/usr/local/bin/queue_max.sh" ]; then
+  python3 -m venv ~/.venvs/genestack
+  ~/.venvs/genestack/bin/pip install -r /opt/genestack/requirements.txt
+  source /opt/genestack/scripts/genestack.rc
+  ANSIBLE_SSH_PIPELINING=0 ansible-playbook /opt/genestack/ansible/playbooks/host-setup.yml --become
+fi
+if [ ! -d "/var/lib/kubelet" ]; then
+  source /opt/genestack/scripts/genestack.rc
+  cd /opt/genestack/submodules/kubespray
+  ANSIBLE_SSH_PIPELINING=0 ansible-playbook cluster.yml --become
+fi
+mkdir -p /opt/kube-plugins
+pushd /opt/kube-plugins
+  if [ ! -f "/usr/local/bin/kubectl" ]; then
+    curl -LO "https://dl.k8s.io/release/\$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+    sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
+  fi
+  if [ ! -f "/usr/local/bin/kubectl-convert" ]; then
+    curl -LO "https://dl.k8s.io/release/\$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl-convert"
+    sudo install -o root -g root -m 0755 kubectl-convert /usr/local/bin/kubectl-convert
+  fi
+  if [ ! -f "/usr/local/bin/kubectl-ko" ]; then
+    curl -LO https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/kubectl-ko
+    sudo install -o root -g root -m 0755 kubectl-ko /usr/local/bin/kubectl-ko
+  fi
+popd
 EOC
 
-# Run K8S setup
+# Run Genestack Infrastucture/OpenStack Setup
 ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null -t ubuntu@${JUMP_HOST_VIP} <<EOC
 set -e
-if [ -d "/var/lib/kubelet" ]; then
-  exit 0
-fi
-source /opt/genestack/scripts/genestack.rc
-cd /opt/genestack/submodules/kubespray
-ANSIBLE_SSH_PIPELINING=0 ansible-playbook cluster.yml --become
-EOC
-
-# Run K8S post setup
-ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null -t ubuntu@${JUMP_HOST_VIP} <<EOC
-set -e
-if [ ! -f "/usr/local/bin/kubectl" ]; then
-  curl -LO "https://dl.k8s.io/release/\$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
-  sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
-fi
-if [ ! -f "/usr/local/bin/kubectl-convert" ]; then
-  curl -LO "https://dl.k8s.io/release/\$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl-convert"
-  sudo install -o root -g root -m 0755 kubectl-convert /usr/local/bin/kubectl-convert
-fi
-if [ ! -f "/usr/local/bin/kubectl-ko" ]; then
-  curl -LO https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/kubectl-ko
-  sudo install -o root -g root -m 0755 kubectl-ko /usr/local/bin/kubectl-ko
-fi
-EOC
-
-# Run K8s Label setup
-ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null -t ubuntu@${JUMP_HOST_VIP} <<EOC
-set -e
-sudo kubectl label node --all openstack-control-plane=enabled \
-                              openstack-compute-node=enabled \
-                              openstack-network-node=enabled \
-                              openstack-storage-node=enabled \
-                              node-role.kubernetes.io/worker=worker
-
-sudo kubectl label node -l beta.kubernetes.io/os=linux kubernetes.io/os=linux
-sudo kubectl label node -l node-role.kubernetes.io/control-plane kube-ovn/role=master
-sudo kubectl label node -l ovn.kubernetes.io/ovs_dp_type!=userspace ovn.kubernetes.io/ovs_dp_type=kernel
-sudo kubectl label node -l node-role.kubernetes.io/control-plane longhorn.io/storage-node=enabled
-
-if ! sudo kubectl taint nodes -l node-role.kubernetes.io/control-plane node-role.kubernetes.io/control-plane:NoSchedule-; then
-  echo "Taint already removed"
-fi
-
-export COMPUTE_INTERFACE=\$(ip -details -json link show | jq -r '[.[] |
-        if .linkinfo.info_kind // .link_type == "loopback" or (.ifname | test("idrac+")) then
-            empty
-        else
-            .ifname
-        end
-    ] | .[-1]')
-sudo kubectl annotate \
-        nodes \
-        -l openstack-compute-node=enabled -l openstack-network-node=enabled \
-        ovn.openstack.org/int_bridge='br-int'
-sudo kubectl annotate \
-        nodes \
-        -l openstack-compute-node=enabled -l openstack-network-node=enabled \
-        ovn.openstack.org/bridges='br-ex'
-sudo kubectl annotate \
-        nodes \
-        -l openstack-compute-node=enabled -l openstack-network-node=enabled \
-        ovn.openstack.org/ports="br-ex:\${COMPUTE_INTERFACE}"
-sudo kubectl annotate \
-        nodes \
-        -l openstack-compute-node=enabled -l openstack-network-node=enabled \
-        ovn.openstack.org/mappings='physnet1:br-ex'
-sudo kubectl annotate \
-        nodes \
-        -l openstack-compute-node=enabled -l openstack-network-node=enabled \
-        ovn.openstack.org/availability_zones='az1'
-sudo kubectl annotate \
-        nodes \
-        -l openstack-network-node=enabled \
-        ovn.openstack.org/gateway='enabled'
-EOC
-
-# Run Core K8S Components setup
-ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null -t ubuntu@${JUMP_HOST_VIP} <<EOC
-set -e
-sudo /opt/genestack/bin/install-kube-ovn.sh
-sudo kubectl -n kube-system wait --timeout=5m deployments.app/kube-ovn-controller --for=condition=available
-sudo kubectl apply -f /etc/genestack/manifests/longhorn/longhorn-namespace.yaml
-sudo /opt/genestack/bin/install-longhorn.sh
-sudo sed -i 's/numberOfReplicas.*/numberOfReplicas: "1"/g' /etc/genestack/manifests/longhorn/longhorn-general-storageclass.yaml
-sudo kubectl apply -f /etc/genestack/manifests/longhorn/longhorn-general-storageclass.yaml
-EOC
-
-# Run Genestack Infrastucture setup
-ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null -t ubuntu@${JUMP_HOST_VIP} <<EOC
-set -e
-sudo /opt/genestack/bin/install-prometheus.sh
-sudo kubectl apply -f /etc/genestack/manifests/metallb/metallb-namespace.yaml
-sudo /opt/genestack/bin/install-metallb.sh
-echo "Waiting for the metallb-controller to be available"
-sudo kubectl -n metallb-system wait --timeout=5m deployments.apps/metallb-controller --for=condition=available
-sudo kubectl apply -f /etc/genestack/manifests/metallb/metallb-openstack-service-lb.yml
-sudo kubectl apply -k /etc/genestack/kustomize/openstack
-sudo /opt/genestack/bin/install-envoy-gateway.sh
-echo "Waiting for the envoy-gateway to be available"
-sudo kubectl -n envoyproxy-gateway-system wait --timeout=5m deployments.apps/envoy-gateway --for=condition=available
-sudo GATEWAY_DOMAIN="${GATEWAY_DOMAIN}" ACME_EMAIL="${ACME_EMAIL}" /opt/genestack/bin/setup-envoy-gateway.sh
-echo "Waiting for the cert-manager to be available"
-sudo kubectl -n cert-manager wait --timeout=5m deployments.apps cert-manager --for=condition=available
-sudo /opt/genestack/bin/create-secrets.sh
-if ! sudo kubectl create -f /etc/genestack/kubesecrets.yaml; then
-  echo "Secrets already created"
-fi
-sudo /opt/genestack/bin/install-mariadb-operator.sh
-sudo kubectl apply -k /etc/genestack/kustomize/rabbitmq-operator
-sudo kubectl apply -k /etc/genestack/kustomize/rabbitmq-topology-operator
-echo "Waiting for the mariadb-operator-webhook to be available"
-if ! sudo kubectl -n mariadb-system wait --timeout=1m deployments.apps mariadb-operator-webhook --for=condition=available; then
-  echo "Recycling the mariadb-operator pods because sometimes they're stupid"
-  sudo kubectl -n mariadb-system get pods -o name | xargs sudo kubectl -n mariadb-system delete
-  sudo kubectl -n mariadb-system wait --timeout=5m deployments.apps mariadb-operator-webhook --for=condition=available
-fi
-sudo kubectl -n openstack apply -k /etc/genestack/kustomize/mariadb-cluster/overlay
-echo "Waiting for the rabbitmq-cluster-operator to be available"
-sudo kubectl -n rabbitmq-system wait --timeout=5m deployments.apps rabbitmq-cluster-operator --for=condition=available
-sudo kubectl apply -k /etc/genestack/kustomize/rabbitmq-cluster/overlay
-sudo kubectl apply -k /etc/genestack/kustomize/ovn
-sudo /opt/genestack/bin/install-memcached.sh
-sudo /opt/genestack/bin/install-libvirt.sh
-EOC
-
-# Run Genestack OpenStack Setup
-ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null -t ubuntu@${JUMP_HOST_VIP} <<EOC
+echo "Installing OpenStack Infrastructure"
+sudo LONGHORN_STORAGE_REPLICAS=1 \
+     GATEWAY_DOMAIN="${GATEWAY_DOMAIN}" \
+     ACME_EMAIL="${ACME_EMAIL}" \
+     HYPERCONVERGED=true \
+     /opt/genestack/bin/setup-infrastructure.sh
+echo "Installing OpenStack"
 sudo /opt/genestack/bin/setup-openstack.sh
 EOC
 
 # Run Genestack post setup
 ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null -t ubuntu@${JUMP_HOST_VIP} <<EOC
-sudo /opt/genestack/bin/setup-openstack-rc.sh
+set -e
+if ! sudo /opt/genestack/bin/setup-openstack-rc.sh; then
+  sleep 5
+  sudo /opt/genestack/bin/setup-openstack-rc.sh
+fi
 source /opt/genestack/scripts/genestack.rc
-openstack --os-cloud default flavor create hyperconverged-test \
-          --public \
-          --ram 2048 \
-          --disk 10 \
-          --vcpus 2
-openstack --os-cloud default network create \
-          --share \
-          --availability-zone-hint az1 \
-          --external \
-          --provider-network-type flat \
-          --provider-physical-network physnet1 \
-          flat
-openstack --os-cloud default subnet create \
-          --subnet-range 192.168.102.0/24 \
-          --gateway 192.168.102.1 \
-          --dns-nameserver 1.1.1.1 \
-          --allocation-pool start=192.168.102.100,end=192.168.102.200 \
-          --dhcp \
-          --network flat \
-          flat_subnet
+if ! openstack --os-cloud default flavor show hyperconverged-test; then
+  openstack --os-cloud default flavor create hyperconverged-test \
+            --public \
+            --ram 2048 \
+            --disk 10 \
+            --vcpus 2
+fi
+if ! openstack --os-cloud default network show flat; then
+  openstack --os-cloud default network create \
+            --share \
+            --availability-zone-hint az1 \
+            --external \
+            --provider-network-type flat \
+            --provider-physical-network physnet1 \
+            flat
+fi
+if ! openstack --os-cloud default subnet show flat_subnet; then
+  openstack --os-cloud default subnet create \
+            --subnet-range 192.168.102.0/24 \
+            --gateway 192.168.102.1 \
+            --dns-nameserver 1.1.1.1 \
+            --allocation-pool start=192.168.102.100,end=192.168.102.109 \
+            --dhcp \
+            --network flat \
+            flat_subnet
+fi
 EOC
 
+echo "The lab is now ready for use and took ${SECONDS} seconds to complete."
 echo "This is the jump host address ${JUMP_HOST_VIP}, write this down."
 echo "This is the VIP address internally ${METAL_LB_IP} with public address ${METAL_LB_VIP} within MetalLB, write this down."

From 8b1aed93a4cf83701fbd0fd518260bbb49a60d58 Mon Sep 17 00:00:00 2001
From: Kevin Carter <kevin.carter@rackspace.com>
Date: Thu, 13 Mar 2025 09:13:51 -0500
Subject: [PATCH 2/6] feat: create a hyperconverged uninstall script

This change simply adds a cleanup script to remove resources that the
hyperconverged lab creates.

Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
---
 scripts/hyperconverged-lab-uninstall.sh | 95 +++++++++++++++++++++++++
 1 file changed, 95 insertions(+)
 create mode 100755 scripts/hyperconverged-lab-uninstall.sh

diff --git a/scripts/hyperconverged-lab-uninstall.sh b/scripts/hyperconverged-lab-uninstall.sh
new file mode 100755
index 000000000..108319db0
--- /dev/null
+++ b/scripts/hyperconverged-lab-uninstall.sh
@@ -0,0 +1,95 @@
+#!/usr/bin/env bash
+# shellcheck disable=SC2124,SC2145,SC2294,SC2086,SC2087,SC2155
+
+set -o pipefail
+set -e
+SECONDS=0
+
+if [ -z "${OS_CLOUD}" ]; then
+  read -rp "Enter name of the cloud configuration used for this build [default]: " OS_CLOUD
+  export OS_CLOUD="${OS_CLOUD:-default}"
+fi
+
+function serverDelete() {
+  if ! openstack server delete "${1}" 2> /dev/null; then
+    echo "Failed to delete server ${1}"
+  fi
+}
+
+function portDelete() {
+  if ! openstack port delete "${1}" 2> /dev/null; then
+    echo "Failed to delete port ${1}"
+  fi
+}
+
+function securityGroupDelete() {
+  if ! openstack security group delete "${1}" 2> /dev/null; then
+    echo "Failed to delete security group ${1}"
+  fi
+}
+
+function networkDelete() {
+  if ! openstack network delete "${1}" 2> /dev/null; then
+    echo "Failed to delete network ${1}"
+  fi
+}
+
+function subnetDelete() {
+  if ! openstack subnet delete "${1}" 2> /dev/null; then
+    echo "Failed to delete subnet ${1}"
+  fi
+}
+
+for i in $(openstack floating ip list --router hyperconverged-router -f value -c "Floating IP Address"); do
+  if ! openstack floating ip unset "${i}" 2> /dev/null; then
+    echo "Failed to unset floating ip ${i}"
+  fi
+  if ! openstack floating ip delete "${i}" 2> /dev/null; then
+    echo "Failed to delete floating ip ${i}"
+  fi
+done
+
+serverDelete hyperconverged-2
+serverDelete hyperconverged-1
+serverDelete hyperconverged-0
+
+if ! openstack keypair delete hyperconverged-key 2> /dev/null; then
+  echo "Failed to delete keypair hyperconverged-key"
+fi
+
+portDelete hyperconverged-2-compute-port
+portDelete hyperconverged-1-compute-port
+portDelete hyperconverged-0-compute-port
+for i in {100..109}; do
+  portDelete "hyperconverged-0-compute-float-${i}-port"
+done
+portDelete hyperconverged-2-mgmt-port
+portDelete hyperconverged-1-mgmt-port
+portDelete hyperconverged-0-mgmt-port
+portDelete metallb-vip-0-port
+
+securityGroupDelete hyperconverged-jump-secgroup
+securityGroupDelete hyperconverged-http-secgroup
+securityGroupDelete hyperconverged-secgroup
+
+if ! openstack router remove subnet hyperconverged-router hyperconverged-subnet 2> /dev/null; then
+  echo "Failed to remove hyperconverged-subnet from router hyperconverged-router"
+fi
+if ! openstack router remove subnet hyperconverged-router hyperconverged-compute-subnet 2> /dev/null; then
+  echo "Failed to remove hyperconverged-compute-subnet from router hyperconverged-router"
+fi
+if ! openstack router remove gateway hyperconverged-router PUBLICNET 2> /dev/null; then
+  echo "Failed to remove gateway from router hyperconverged-router"
+fi
+if ! openstack router delete hyperconverged-router 2> /dev/null; then
+  echo "Failed to delete router hyperconverged-router"
+fi
+
+subnetDelete hyperconverged-compute-subnet
+subnetDelete hyperconverged-subnet
+
+networkDelete hyperconverged-compute-net
+networkDelete hyperconverged-net
+
+echo "Cleanup complete"
+echo "The lab uninstall took ${SECONDS} seconds to complete."

From 4526625d880ca448bd5513722b7a24c178d6bfd2 Mon Sep 17 00:00:00 2001
From: Kevin Carter <kevin.carter@rackspace.com>
Date: Thu, 13 Mar 2025 09:43:17 -0500
Subject: [PATCH 3/6] feat: add dynamic ssh username

Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
---
 bin/setup-openstack-rc.sh     |  7 +++++--
 scripts/hyperconverged-lab.sh | 26 ++++++++++++++++----------
 2 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/bin/setup-openstack-rc.sh b/bin/setup-openstack-rc.sh
index b738e2a46..68d66782c 100755
--- a/bin/setup-openstack-rc.sh
+++ b/bin/setup-openstack-rc.sh
@@ -4,10 +4,13 @@ set -e
 function installYq() {
     export VERSION=v4.2.0
     export BINARY=yq_linux_amd64
-    wget https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY}.tar.gz -O - | tar xz && mv ${BINARY} /usr/local/bin/yq
+    wget https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY}.tar.gz -q -O - | tar xz && mv ${BINARY} /usr/local/bin/yq
 }
 
-yq --version || (echo "yq is not installed. Attempting to install yq" && installYq)
+if ! yq --version 2> /dev/null; then
+  echo "yq is not installed. Attempting to install yq"
+  installYq
+fi
 
 USER_NAME="$(who am i | awk '{print $1}')"
 USER_PATH="$(getent passwd ${USER_NAME} | awk -F':' '{print $6}')"
diff --git a/scripts/hyperconverged-lab.sh b/scripts/hyperconverged-lab.sh
index ab4c46467..35847e85a 100755
--- a/scripts/hyperconverged-lab.sh
+++ b/scripts/hyperconverged-lab.sh
@@ -30,6 +30,12 @@ if [ -z "${OS_FLAVOR}" ]; then
   export OS_FLAVOR=${OS_FLAVOR:-${DEFAULT_OS_FLAVOR}}
 fi
 
+# Set the default image and ssh username
+export OS_IMAGE="${OS_IMAGE:-Ubuntu 24.04}"
+if [ -z "${SSH_USERNAME}" ]; then
+  export SSH_USERNAME=$(openstack image show "${OS_IMAGE}" -f json -c properties | jq -r '.properties.default_user' || echo "ubuntu")
+fi
+
 if ! openstack router show hyperconverged-router; then
   openstack router create hyperconverged-router --external-gateway PUBLICNET
 fi
@@ -180,7 +186,7 @@ elif [ -z "${JUMP_HOST_VIP}" ]; then
 fi
 
 for i in {100..109}; do
-  if ! openstack port show hyperconverged-0-compute-float-${i}-port -f value -c id 2> /dev/null; then
+  if ! openstack port show hyperconverged-0-compute-float-${i}-port 2> /dev/null; then
     openstack port create --network hyperconverged-compute-net \
                           --disable-port-security \
                           --fixed-ip ip-address="192.168.102.${i}" \
@@ -238,7 +244,6 @@ fi
 ssh-add ~/.ssh/hyperconverged-key.pem
 
 # Create the three lab instances
-export OS_IMAGE="${OS_IMAGE:-Ubuntu 24.04}"
 if ! openstack server show hyperconverged-0; then
   openstack server create hyperconverged-0 \
             --port ${WORKER_0_PORT} \
@@ -268,7 +273,7 @@ fi
 
 echo "Waiting for the jump host to be ready"
 COUNT=0
-while ! ssh -o ConnectTimeout=2 -o ConnectionAttempts=3 -o UserKnownHostsFile=/dev/null -q ubuntu@${JUMP_HOST_VIP} exit; do
+while ! ssh -o ConnectTimeout=2 -o ConnectionAttempts=3 -o UserKnownHostsFile=/dev/null -q ${SSH_USERNAME}@${JUMP_HOST_VIP} exit; do
    sleep 2
    echo "SSH is not ready, Trying again..."
    COUNT=$((COUNT+1))
@@ -285,15 +290,15 @@ if [ "${HYPERCONVERGED_DEV:-false}" = "true" ]; then
     echo "HYPERCONVERGED_DEV is true, but we've failed to determine the base genestack directory"
     exit 1
   fi
-  ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null -t ubuntu@${JUMP_HOST_VIP} "sudo chown \${USER}:\${USER} /opt"
+  ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null -t ${SSH_USERNAME}@${JUMP_HOST_VIP} "sudo chown \${USER}:\${USER} /opt"
   echo "Copying the development source code to the jump host"
   rsync -az \
         -e "ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null" \
         --rsync-path="sudo rsync" \
-        $(readlink -fn ${SCRIPT_DIR}/../) ubuntu@${JUMP_HOST_VIP}:/opt/
+        $(readlink -fn ${SCRIPT_DIR}/../) ${SSH_USERNAME}@${JUMP_HOST_VIP}:/opt/
 fi
 
-ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null -t ubuntu@${JUMP_HOST_VIP} <<EOC
+ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null -t ${SSH_USERNAME}@${JUMP_HOST_VIP} <<EOC
 set -e
 if [ ! -d "/opt/genestack" ]; then
   sudo git clone --recurse-submodules -j4 https://github.com/rackerlabs/genestack /opt/genestack
@@ -594,7 +599,7 @@ fi
 EOC
 
 # Run host and K8S setup
-ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null -t ubuntu@${JUMP_HOST_VIP} <<EOC
+ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null -t ${SSH_USERNAME}@${JUMP_HOST_VIP} <<EOC
 set -e
 if [ ! -f "/usr/local/bin/queue_max.sh" ]; then
   python3 -m venv ~/.venvs/genestack
@@ -607,7 +612,8 @@ if [ ! -d "/var/lib/kubelet" ]; then
   cd /opt/genestack/submodules/kubespray
   ANSIBLE_SSH_PIPELINING=0 ansible-playbook cluster.yml --become
 fi
-mkdir -p /opt/kube-plugins
+sudo mkdir -p /opt/kube-plugins
+sudo chown \${USER}:\${USER} /opt/kube-plugins
 pushd /opt/kube-plugins
   if [ ! -f "/usr/local/bin/kubectl" ]; then
     curl -LO "https://dl.k8s.io/release/\$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
@@ -625,7 +631,7 @@ popd
 EOC
 
 # Run Genestack Infrastucture/OpenStack Setup
-ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null -t ubuntu@${JUMP_HOST_VIP} <<EOC
+ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null -t ${SSH_USERNAME}@${JUMP_HOST_VIP} <<EOC
 set -e
 echo "Installing OpenStack Infrastructure"
 sudo LONGHORN_STORAGE_REPLICAS=1 \
@@ -638,7 +644,7 @@ sudo /opt/genestack/bin/setup-openstack.sh
 EOC
 
 # Run Genestack post setup
-ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null -t ubuntu@${JUMP_HOST_VIP} <<EOC
+ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null -t ${SSH_USERNAME}@${JUMP_HOST_VIP} <<EOC
 set -e
 if ! sudo /opt/genestack/bin/setup-openstack-rc.sh; then
   sleep 5

From 21c0f06e896082780e5681ced0da7ddacea1e349 Mon Sep 17 00:00:00 2001
From: Kevin Carter <kevin.carter@rackspace.com>
Date: Thu, 13 Mar 2025 11:24:50 -0500
Subject: [PATCH 4/6] feat: add interactive image and ssh username settings

Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
---
 scripts/hyperconverged-lab.sh | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/scripts/hyperconverged-lab.sh b/scripts/hyperconverged-lab.sh
index 35847e85a..8fb4f8679 100755
--- a/scripts/hyperconverged-lab.sh
+++ b/scripts/hyperconverged-lab.sh
@@ -33,7 +33,19 @@ fi
 # Set the default image and ssh username
 export OS_IMAGE="${OS_IMAGE:-Ubuntu 24.04}"
 if [ -z "${SSH_USERNAME}" ]; then
-  export SSH_USERNAME=$(openstack image show "${OS_IMAGE}" -f json -c properties | jq -r '.properties.default_user' || echo "ubuntu")
+  if ! IMAGE_DEFAULT_PROPERTY=$(openstack image show "${OS_IMAGE}" -f json -c properties); then
+    read -rp "Image not found. Enter the image name: " OS_IMAGE
+    IMAGE_DEFAULT_PROPERTY=$(openstack image show "${OS_IMAGE}" -f json -c properties)
+  fi
+  if [ "${IMAGE_DEFAULT_PROPERTY}" ]; then
+    if SSH_USERNAME=$(echo "${IMAGE_DEFAULT_PROPERTY}" | jq -r '.properties.default_user'); then
+      echo "Discovered the default username for the image ${OS_IMAGE} as ${SSH_USERNAME}"
+    fi
+  fi
+  if [ -z "${SSH_USERNAME}" ] || [ "${SSH_USERNAME}" = "null" ]; then
+    echo "The image ${OS_IMAGE} does not have a default user property, please enter the default username"
+    read -rp "Enter the default username for the image: " SSH_USERNAME
+  fi
 fi
 
 if ! openstack router show hyperconverged-router; then
@@ -290,7 +302,8 @@ if [ "${HYPERCONVERGED_DEV:-false}" = "true" ]; then
     echo "HYPERCONVERGED_DEV is true, but we've failed to determine the base genestack directory"
     exit 1
   fi
-  ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null -t ${SSH_USERNAME}@${JUMP_HOST_VIP} "sudo chown \${USER}:\${USER} /opt"
+  ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null -t ${SSH_USERNAME}@${JUMP_HOST_VIP} \
+    "sudo apt update && sudo apt install -y rsync git; sudo chown \${USER}:\${USER} /opt"
   echo "Copying the development source code to the jump host"
   rsync -az \
         -e "ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null" \

From 55776cfc7c11993d65045ecbc591e106618cf7b2 Mon Sep 17 00:00:00 2001
From: Kevin Carter <kevin.carter@rackspace.com>
Date: Thu, 13 Mar 2025 12:20:03 -0500
Subject: [PATCH 5/6] chore: cleanup stderr making the lab bring me more joy

Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
---
 scripts/hyperconverged-lab.sh | 69 ++++++++++++++++++-----------------
 1 file changed, 35 insertions(+), 34 deletions(-)

diff --git a/scripts/hyperconverged-lab.sh b/scripts/hyperconverged-lab.sh
index 8fb4f8679..01d48d006 100755
--- a/scripts/hyperconverged-lab.sh
+++ b/scripts/hyperconverged-lab.sh
@@ -48,15 +48,16 @@ if [ -z "${SSH_USERNAME}" ]; then
   fi
 fi
 
-if ! openstack router show hyperconverged-router; then
+if ! openstack router show hyperconverged-router 2> /dev/null; then
   openstack router create hyperconverged-router --external-gateway PUBLICNET
 fi
 
-if ! openstack network show hyperconverged-net; then
+if ! openstack network show hyperconverged-net 2> /dev/null; then
   openstack network create hyperconverged-net
 fi
 
-if ! TENANT_SUB_NETWORK_ID=$(openstack subnet show hyperconverged-subnet -f json | jq -r '.id'); then
+if ! TENANT_SUB_NETWORK_ID=$(openstack subnet show hyperconverged-subnet -f json  2> /dev/null | jq -r '.id'); then
+  echo "Creating the hyperconverged-subnet"
   TENANT_SUB_NETWORK_ID=$(
     openstack subnet create hyperconverged-subnet \
               --network hyperconverged-net \
@@ -67,16 +68,17 @@ if ! TENANT_SUB_NETWORK_ID=$(openstack subnet show hyperconverged-subnet -f json
   )
 fi
 
-if ! openstack router show hyperconverged-router -f json | jq -r '.interfaces_info.[].subnet_id' | grep -q ${TENANT_SUB_NETWORK_ID}; then
+if ! openstack router show hyperconverged-router -f json 2> /dev/null | jq -r '.interfaces_info.[].subnet_id' | grep -q ${TENANT_SUB_NETWORK_ID}; then
   openstack router add subnet hyperconverged-router hyperconverged-subnet
 fi
 
-if ! openstack network show hyperconverged-compute-net; then
+if ! openstack network show hyperconverged-compute-net 2> /dev/null; then
   openstack network create hyperconverged-compute-net \
             --disable-port-security
 fi
 
-if ! TENANT_COMPUTE_SUB_NETWORK_ID=$(openstack subnet show hyperconverged-compute-subnet -f json | jq -r '.id'); then
+if ! TENANT_COMPUTE_SUB_NETWORK_ID=$(openstack subnet show hyperconverged-compute-subnet -f json 2> /dev/null | jq -r '.id'); then
+  echo "Creating the hyperconverged-compute-subnet"
   TENANT_COMPUTE_SUB_NETWORK_ID=$(
     openstack subnet create hyperconverged-compute-subnet \
               --network hyperconverged-compute-net \
@@ -85,15 +87,15 @@ if ! TENANT_COMPUTE_SUB_NETWORK_ID=$(openstack subnet show hyperconverged-comput
   )
 fi
 
-if ! openstack router show hyperconverged-router -f json | jq -r '.interfaces_info.[].subnet_id' | grep -q ${TENANT_COMPUTE_SUB_NETWORK_ID}; then
+if ! openstack router show hyperconverged-router -f json | jq -r '.interfaces_info.[].subnet_id' | grep -q ${TENANT_COMPUTE_SUB_NETWORK_ID} 2> /dev/null; then
   openstack router add subnet hyperconverged-router hyperconverged-compute-subnet
 fi
 
-if ! openstack security group show hyperconverged-http-secgroup; then
+if ! openstack security group show hyperconverged-http-secgroup 2> /dev/null; then
   openstack security group create hyperconverged-http-secgroup
 fi
 
-if ! openstack security group show hyperconverged-http-secgroup -f json | jq -r '.rules.[].port_range_max' | grep -q 443; then
+if ! openstack security group show hyperconverged-http-secgroup -f json 2> /dev/null | jq -r '.rules.[].port_range_max' | grep -q 443; then
   openstack security group rule create hyperconverged-http-secgroup \
             --protocol tcp \
             --ingress \
@@ -101,7 +103,7 @@ if ! openstack security group show hyperconverged-http-secgroup -f json | jq -r
             --dst-port 443 \
             --description "https"
 fi
-if ! openstack security group show hyperconverged-http-secgroup -f json | jq -r '.rules.[].port_range_max' | grep -q 80; then
+if ! openstack security group show hyperconverged-http-secgroup -f json 2> /dev/null | jq -r '.rules.[].port_range_max' | grep -q 80; then
   openstack security group rule create hyperconverged-http-secgroup \
             --protocol tcp \
             --ingress \
@@ -110,11 +112,11 @@ if ! openstack security group show hyperconverged-http-secgroup -f json | jq -r
             --description "http"
 fi
 
-if ! openstack security group show hyperconverged-secgroup; then
+if ! openstack security group show hyperconverged-secgroup 2> /dev/null; then
   openstack security group create hyperconverged-secgroup
 fi
 
-if ! openstack security group show hyperconverged-secgroup -f json | jq -r '.rules.[].description' | grep -q "all internal traffic"; then
+if ! openstack security group show hyperconverged-secgroup -f json 2> /dev/null | jq -r '.rules.[].description' | grep -q "all internal traffic"; then
   openstack security group rule create hyperconverged-secgroup \
             --protocol any \
             --ingress \
@@ -122,11 +124,11 @@ if ! openstack security group show hyperconverged-secgroup -f json | jq -r '.rul
             --description "all internal traffic"
 fi
 
-if ! openstack security group show hyperconverged-jump-secgroup; then
+if ! openstack security group show hyperconverged-jump-secgroup 2> /dev/null; then
   openstack security group create hyperconverged-jump-secgroup
 fi
 
-if ! openstack security group show hyperconverged-jump-secgroup -f json | jq -r '.rules.[].port_range_max' | grep -q 22; then
+if ! openstack security group show hyperconverged-jump-secgroup -f json 2> /dev/null | jq -r '.rules.[].port_range_max' | grep -q 22; then
   openstack security group rule create hyperconverged-jump-secgroup \
             --protocol tcp \
             --ingress \
@@ -134,7 +136,7 @@ if ! openstack security group show hyperconverged-jump-secgroup -f json | jq -r
             --dst-port 22 \
             --description "ssh"
 fi
-if ! openstack security group show hyperconverged-jump-secgroup -f json | jq -r '.rules.[].protocol' | grep -q icmp; then
+if ! openstack security group show hyperconverged-jump-secgroup -f json 2> /dev/null | jq -r '.rules.[].protocol' | grep -q icmp; then
   openstack security group rule create hyperconverged-jump-secgroup \
             --protocol icmp \
             --ingress \
@@ -142,19 +144,21 @@ if ! openstack security group show hyperconverged-jump-secgroup -f json | jq -r
             --description "ping"
 fi
 
-if ! METAL_LB_IP=$(openstack port show metallb-vip-0-port -f json | jq -r '.fixed_ips[0].ip_address'); then
+if ! METAL_LB_IP=$(openstack port show metallb-vip-0-port -f json 2> /dev/null | jq -r '.fixed_ips[0].ip_address'); then
+  echo "Creating the MetalLB VIP port"
   METAL_LB_IP=$(openstack port create --security-group hyperconverged-http-secgroup --network hyperconverged-net metallb-vip-0-port -f json | jq -r '.fixed_ips[0].ip_address')
 fi
 
 METAL_LB_PORT_ID=$(openstack port show metallb-vip-0-port -f value -c id)
 
-if ! METAL_LB_VIP=$(openstack floating ip list --port ${METAL_LB_PORT_ID} -f json | jq -r '.[]."Floating IP Address"'); then
+if ! METAL_LB_VIP=$(openstack floating ip list --port ${METAL_LB_PORT_ID} -f json  2> /dev/null | jq -r '.[]."Floating IP Address"'); then
+  echo "Creating the MetalLB VIP floating IP"
   METAL_LB_VIP=$(openstack floating ip create PUBLICNET --port ${METAL_LB_PORT_ID} -f json | jq -r '.floating_ip_address')
 elif [ -z "${METAL_LB_VIP}" ]; then
   METAL_LB_VIP=$(openstack floating ip create PUBLICNET --port ${METAL_LB_PORT_ID} -f json | jq -r '.floating_ip_address')
 fi
 
-if ! WORKER_0_PORT=$(openstack port show hyperconverged-0-mgmt-port -f value -c id); then
+if ! WORKER_0_PORT=$(openstack port show hyperconverged-0-mgmt-port -f value -c id 2> /dev/null); then
   export WORKER_0_PORT=$(
     openstack port create --allowed-address ip-address=${METAL_LB_IP} \
                           --security-group hyperconverged-secgroup \
@@ -167,7 +171,7 @@ if ! WORKER_0_PORT=$(openstack port show hyperconverged-0-mgmt-port -f value -c
   )
 fi
 
-if ! WORKER_1_PORT=$(openstack port show hyperconverged-1-mgmt-port -f value -c id); then
+if ! WORKER_1_PORT=$(openstack port show hyperconverged-1-mgmt-port -f value -c id 2> /dev/null); then
   export WORKER_1_PORT=$(
     openstack port create --allowed-address ip-address=${METAL_LB_IP} \
                           --security-group hyperconverged-secgroup \
@@ -179,7 +183,7 @@ if ! WORKER_1_PORT=$(openstack port show hyperconverged-1-mgmt-port -f value -c
   )
 fi
 
-if ! WORKER_2_PORT=$(openstack port show hyperconverged-2-mgmt-port -f value -c id); then
+if ! WORKER_2_PORT=$(openstack port show hyperconverged-2-mgmt-port -f value -c id 2> /dev/null); then
   export WORKER_2_PORT=$(
     openstack port create --allowed-address ip-address=${METAL_LB_IP} \
                           --security-group hyperconverged-secgroup \
@@ -191,24 +195,23 @@ if ! WORKER_2_PORT=$(openstack port show hyperconverged-2-mgmt-port -f value -c
   )
 fi
 
-if ! JUMP_HOST_VIP=$(openstack floating ip list --port ${WORKER_0_PORT} -f json | jq -r '.[]."Floating IP Address"'); then
+if ! JUMP_HOST_VIP=$(openstack floating ip list --port ${WORKER_0_PORT} -f json 2> /dev/null | jq -r '.[]."Floating IP Address"'); then
   JUMP_HOST_VIP=$(openstack floating ip create PUBLICNET --port ${WORKER_0_PORT} -f json | jq -r '.floating_ip_address')
 elif [ -z "${JUMP_HOST_VIP}" ]; then
   JUMP_HOST_VIP=$(openstack floating ip create PUBLICNET --port ${WORKER_0_PORT} -f json | jq -r '.floating_ip_address')
 fi
 
+echo "Creating pre-defined compute ports for the flat test network"
 for i in {100..109}; do
   if ! openstack port show hyperconverged-0-compute-float-${i}-port 2> /dev/null; then
     openstack port create --network hyperconverged-compute-net \
                           --disable-port-security \
                           --fixed-ip ip-address="192.168.102.${i}" \
-                          -f value \
-                          -c id \
                           hyperconverged-0-compute-float-${i}-port
   fi
 done
 
-if ! COMPUTE_0_PORT=$(openstack port show hyperconverged-0-compute-port -f value -c id) 2> /dev/null; then
+if ! COMPUTE_0_PORT=$(openstack port show hyperconverged-0-compute-port -f value -c id 2> /dev/null); then
   export COMPUTE_0_PORT=$(
     openstack port create --network hyperconverged-compute-net \
                           --no-fixed-ip \
@@ -219,7 +222,7 @@ if ! COMPUTE_0_PORT=$(openstack port show hyperconverged-0-compute-port -f value
   )
 fi
 
-if ! COMPUTE_1_PORT=$(openstack port show hyperconverged-1-compute-port -f value -c id) 2> /dev/null; then
+if ! COMPUTE_1_PORT=$(openstack port show hyperconverged-1-compute-port -f value -c id 2> /dev/null); then
   export COMPUTE_1_PORT=$(
     openstack port create --network hyperconverged-compute-net \
                           --no-fixed-ip \
@@ -230,7 +233,7 @@ if ! COMPUTE_1_PORT=$(openstack port show hyperconverged-1-compute-port -f value
   )
 fi
 
-if ! COMPUTE_2_PORT=$(openstack port show hyperconverged-2-compute-port -f value -c id) 2> /dev/null; then
+if ! COMPUTE_2_PORT=$(openstack port show hyperconverged-2-compute-port -f value -c id 2> /dev/null); then
   export COMPUTE_2_PORT=$(
     openstack port create --network hyperconverged-compute-net \
                           --no-fixed-ip \
@@ -241,7 +244,7 @@ if ! COMPUTE_2_PORT=$(openstack port show hyperconverged-2-compute-port -f value
   )
 fi
 
-if ! openstack keypair show hyperconverged-key; then
+if ! openstack keypair show hyperconverged-key 2> /dev/null; then
     if [ ! -f ~/.ssh/hyperconverged-key.pem ]; then
       openstack keypair create hyperconverged-key > ~/.ssh/hyperconverged-key.pem
       chmod 600 ~/.ssh/hyperconverged-key.pem
@@ -256,7 +259,7 @@ fi
 ssh-add ~/.ssh/hyperconverged-key.pem
 
 # Create the three lab instances
-if ! openstack server show hyperconverged-0; then
+if ! openstack server show hyperconverged-0 2> /dev/null; then
   openstack server create hyperconverged-0 \
             --port ${WORKER_0_PORT} \
             --port ${COMPUTE_0_PORT} \
@@ -265,7 +268,7 @@ if ! openstack server show hyperconverged-0; then
             --flavor ${OS_FLAVOR}
 fi
 
-if ! openstack server show hyperconverged-1; then
+if ! openstack server show hyperconverged-1 2> /dev/null; then
   openstack server create hyperconverged-1 \
             --port ${WORKER_1_PORT} \
             --port ${COMPUTE_1_PORT} \
@@ -274,7 +277,7 @@ if ! openstack server show hyperconverged-1; then
             --flavor ${OS_FLAVOR}
 fi
 
-if ! openstack server show hyperconverged-2; then
+if ! openstack server show hyperconverged-2 2> /dev/null; then
   openstack server create hyperconverged-2 \
             --port ${WORKER_2_PORT} \
             --port ${COMPUTE_2_PORT} \
@@ -659,10 +662,8 @@ EOC
 # Run Genestack post setup
 ssh -o ForwardAgent=yes -o UserKnownHostsFile=/dev/null -t ${SSH_USERNAME}@${JUMP_HOST_VIP} <<EOC
 set -e
-if ! sudo /opt/genestack/bin/setup-openstack-rc.sh; then
-  sleep 5
-  sudo /opt/genestack/bin/setup-openstack-rc.sh
-fi
+sudo /opt/genestack/bin/setup-openstack-rc.sh
+sudo /opt/genestack/bin/setup-openstack-rc.sh
 source /opt/genestack/scripts/genestack.rc
 if ! openstack --os-cloud default flavor show hyperconverged-test; then
   openstack --os-cloud default flavor create hyperconverged-test \

From ae38db2372dd6101a95056eea243798374b0f80d Mon Sep 17 00:00:00 2001
From: Kevin Carter <kevin.carter@rackspace.com>
Date: Thu, 13 Mar 2025 13:04:43 -0500
Subject: [PATCH 6/6] chore: add docs for environment variables for lab builds

Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
---
 docs/build-test-envs.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/docs/build-test-envs.md b/docs/build-test-envs.md
index 6a5e4701e..8df0e1f7b 100644
--- a/docs/build-test-envs.md
+++ b/docs/build-test-envs.md
@@ -15,6 +15,31 @@ The following script will deploy a hyperconverged lab environment on an OpenStac
     --8<-- "scripts/hyperconverged-lab.sh"
     ```
 
+The build script is interactive and will prompt you for the following information
+
+| <div style="width:156px">Variable</div> | Description | <div style="width:156px">Default</div> |
+|----------|-------------|---------|
+| `ACME_EMAIL` | Email address for Let's Encrypt. If an email address is defined and a real domain is used, the deployment will attempt to pull production certificates. | "" |
+| `GATEWAY_DOMAIN` | Domain name used for routes within the gateway API. If a valid domain is used, it will be associated with the gateway routes. | "cluster.local" |
+| `OS_CLOUD` | OpenStack cloud name. | "default" |
+| `OS_FLAVOR` | OpenStack instance flavor, this will automatically select a flavor with < 24GiB of RAM. | "gp.X.8.16" |
+| `OS_IMAGE` | OpenStack image name. | "Ubuntu 20.04" |
+| `HYPERCONVERGED_DEV` | enable hyperconverged development mode. This will attempt to sync a local copy of Genestack to the development environment. | `false` |
+
+All of the variables can be defined on the command line using environment variables.
+
+!!! example "Deploying a Hyper-converged Lab Environment with Environment Variables"
+
+    ``` shell
+    export ACME_EMAIL="user@domain.com"
+    export GATEWAY_DOMAIN="cluster.local"
+    export OS_CLOUD="default"
+    export OS_FLAVOR="gp.0.8.16"
+    export OS_IMAGE="Ubuntu 20.04"
+    export HYPERCONVERGED_DEV="false"
+    /opt/genestack/scripts/hyperconverged-lab.sh
+    ```
+
 ## Overview
 
 A simple reference architecture for a hyper-converged lab environment is shown below. This environment consists of three nodes