Skip to content

Merge sos #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 32 commits into from
Apr 26, 2023
Merged

Merge sos #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
6e6c9c4
Add defaults for cephadm_commands_{pre,post}
priteau Apr 14, 2023
85c4c8a
Merge pull request #485 from stackhpc/cephadm-commands-defaults
priteau Apr 17, 2023
fcb0b89
Add documentation for Magnum in a Multinode
Alex-Welsh Apr 3, 2023
e3b9426
Add geneve to multinode if ovn is enabled
Alex-Welsh Apr 17, 2023
9844438
Merge pull request #466 from stackhpc/multinode-magnum-docs
markgoddard Apr 17, 2023
54b7953
Fix multinode failures from seed misconfiguration
Alex-Welsh Apr 17, 2023
583b7af
Merge pull request #488 from stackhpc/fix-mn-seed
Alex-Welsh Apr 18, 2023
cd55594
stuff for magnum changes
Mar 24, 2023
f715df3
add magnum resources
Mar 28, 2023
7e41dd3
Update aio-init.sh
Mar 28, 2023
553c8b1
install magnumclient
Apr 5, 2023
fda4ec8
include magnum resources
Apr 5, 2023
92c889f
build containers on controller
Apr 5, 2023
40d5644
elastic memory tuning
Apr 5, 2023
35d33f0
include new build artfiacts for yoga
Apr 5, 2023
5f6bdb7
install kubernetes >v24 and helm in kolla magnum-cond container
Apr 5, 2023
3557aa0
kubernetes python client workaround
Apr 5, 2023
174ca10
ML2 plugin conf
Apr 5, 2023
e497889
add package requirement
Apr 5, 2023
160363d
Multinode: fix the controllers gateway to the seed
MoteHue Apr 21, 2023
314a696
Merge stackhpc/xena into stackhpc/yoga
priteau Apr 24, 2023
091b205
Merge pull request #497 from stackhpc/yoga-xena-merge
markgoddard Apr 25, 2023
3e286d8
Merge pull request #495 from stackhpc/multinode-fix-controllers-gateway
markgoddard Apr 25, 2023
2f03e09
update wazuh vulnerability detector
g0rgamesh Apr 25, 2023
a3f6ca3
Merge pull request #500 from stackhpc/vuln_detect_update
markgoddard Apr 25, 2023
52d6cb8
separate aio-magnum-init.sh
Apr 17, 2023
40e9137
aio-magnum-init
Apr 17, 2023
5b9adbc
merge final changes from sos
Apr 25, 2023
d535333
update kayobe automation
Apr 25, 2023
be9da42
Merge branch 'stackhpc:stackhpc/yoga' into merge-sos
scrungus Apr 25, 2023
5ec8f06
aio inventory
Apr 25, 2023
e9998a8
magnum ci workflow
Apr 26, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .automation
Open in desktop
Submodule .automation updated 7 files
+1 −0 .github/CODEOWNERS
+3 −3 .github/workflows/ci.yml
+1 −1 README.md
+5 −5 ansible/kayobe-automation-run-tempest.yml
+3 −3 functions
+3 −0 scripts/config-diff.sh
+25 −0 scripts/kolla-ansible-run.sh
374 changes: 374 additions & 0 deletions .github/workflows/stackhpc-capi-all-in-one.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,374 @@
---
# This reusable workflow deploys a VM on a cloud using Terraform, then deploys
# OpenStack in the VM via Kayobe. Tempest is then used to test the cloud.

name: All in one

on:
workflow_call:
inputs:
kayobe_image:
description: Kayobe container image
type: string
required: true
os_distribution:
description: Host OS distribution
type: string
default: centos
os_release:
description: Host OS release
type: string
default: 8-stream
ssh_username:
description: User for terraform to access the all-in-one VM
type: string
default: cloud-user
neutron_plugin:
description: Neutron ML2 plugin
type: string
required: true
vm_image:
description: Image for the all-in-one VM
type: string
default: bb8c0a34-533f-42fb-a49b-3461e677f3f6
vm_interface:
description: Default network interface name
type: string
default: eth0
vm_flavor:
description: Flavor for the all-in-one VM
type: string
default: general.v1.medium
vm_network:
description: Network for the all-in-one VM
type: string
default: stackhpc-release
vm_subnet:
description: Subnet for the all-in-one VM
type: string
default: stackhpc-release-subnet
OS_CLOUD:
description: Name of cloud in clouds.yaml
type: string
required: true
secrets:
KAYOBE_VAULT_PASSWORD:
required: true
CLOUDS_YAML:
required: true
OS_APPLICATION_CREDENTIAL_ID:
required: true
OS_APPLICATION_CREDENTIAL_SECRET:
required: true

jobs:
# NOTE: Runner needs unzip and nodejs packages.
all-in-one:
name: All in one
runs-on: [self-hosted, stackhpc-kayobe-config-aio]
permissions: {}
env:
KAYOBE_ENVIRONMENT: ci-capi-aio
KAYOBE_VAULT_PASSWORD: ${{ secrets.KAYOBE_VAULT_PASSWORD }}
KAYOBE_IMAGE: ${{ inputs.kayobe_image }}
steps:
- uses: actions/checkout@v3
with:
submodules: true

- name: Install terraform
uses: hashicorp/setup-terraform@v2

- name: Initialise terraform
run: terraform init
working-directory: ${{ github.workspace }}/terraform/aio

- name: Generate SSH keypair
run: ssh-keygen -f id_rsa -N ''
working-directory: ${{ github.workspace }}/terraform/aio

- name: Generate clouds.yaml
run: |
cat << EOF > clouds.yaml
${{ secrets.CLOUDS_YAML }}
EOF
working-directory: ${{ github.workspace }}/terraform/aio

- name: Generate terraform.tfvars
run: |
cat << EOF > terraform.tfvars
ssh_public_key = "id_rsa.pub"
ssh_username = "${{ env.SSH_USERNAME }}"
aio_vm_interface = "${{ env.VM_INTERFACE }}"
aio_vm_name = "${{ env.VM_NAME }}"
aio_vm_image = "${{ env.VM_IMAGE }}"
aio_vm_flavor = "${{ env.VM_FLAVOR }}"
aio_vm_network = "${{ env.VM_NETWORK }}"
aio_vm_subnet = "${{ env.VM_SUBNET }}"
EOF
working-directory: ${{ github.workspace }}/terraform/aio
env:
SSH_USERNAME: "${{ inputs.ssh_username }}"
VM_NAME: "skc-ci-aio-${{ inputs.neutron_plugin }}-${{ github.run_id }}"
VM_IMAGE: ${{ inputs.vm_image }}
VM_FLAVOR: ${{ inputs.vm_flavor }}
VM_NETWORK: ${{ inputs.vm_network }}
VM_SUBNET: ${{ inputs.vm_subnet }}
VM_INTERFACE: ${{ inputs.vm_interface }}

- name: Terraform Plan
run: terraform plan
working-directory: ${{ github.workspace }}/terraform/aio
env:
OS_CLOUD: ${{ inputs.OS_CLOUD }}
OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}
OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}

- name: Terraform Apply
run: terraform apply -auto-approve
working-directory: ${{ github.workspace }}/terraform/aio
env:
OS_CLOUD: ${{ inputs.OS_CLOUD }}
OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}
OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}

- name: Get Terraform outputs
id: tf_outputs
run: |
terraform output -json
working-directory: ${{ github.workspace }}/terraform/aio

- name: Write Terraform outputs
run: |
cat << EOF > etc/kayobe/environments/$KAYOBE_ENVIRONMENT/tf-outputs.yml
${{ steps.tf_outputs.outputs.stdout }}
EOF

- name: Write Terraform network config
run: |
cat << EOF > etc/kayobe/environments/$KAYOBE_ENVIRONMENT/tf-networks.yml

admin_oc_net_name: admin
admin_cidr: "{{ access_cidr.value }}"
admin_allocation_pool_start: 0.0.0.0
admin_allocation_pool_end: 0.0.0.0
admin_gateway: "{{ access_gw.value }}"
admin_bootproto: dhcp
admin_ips:
controller0: "{{ access_ip_v4.value }}"
EOF

- name: Write Terraform network interface config
run: |
cat << EOF > etc/kayobe/environments/$KAYOBE_ENVIRONMENT/inventory/group_vars/controllers/tf-network-interfaces
admin_interface: "{{ access_interface.value }}"
EOF

- name: Write all-in-one scenario config
run: |
cat << EOF > etc/kayobe/environments/$KAYOBE_ENVIRONMENT/zz-aio-scenario.yml
---
os_distribution: ${{ env.OS_DISTRIBUTION }}
os_release: "${{ env.OS_RELEASE }}"
kolla_enable_ovn: ${{ env.ENABLE_OVN }}
EOF
env:
ENABLE_OVN: ${{ inputs.neutron_plugin == 'ovn' }}
OS_DISTRIBUTION: ${{ inputs.os_distribution }}
OS_RELEASE: ${{ inputs.os_release }}

# Use a heredoc to define a multiline string output
# https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings
- name: Set SSH key output
id: ssh_key
run: |
echo "ssh_key<<EOF" >> $GITHUB_OUTPUT
cat terraform/aio/id_rsa >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT

# The same tag may be reused (e.g. pr-123), so ensure we have the latest image.
- name: Pull latest Kayobe image
run: |
sudo docker image pull $KAYOBE_IMAGE

- name: Host configure
run: |
sudo -E docker run -t --rm \
-v $(pwd):/stack/kayobe-automation-env/src/kayobe-config \
-e KAYOBE_ENVIRONMENT -e KAYOBE_VAULT_PASSWORD -e KAYOBE_AUTOMATION_SSH_PRIVATE_KEY \
$KAYOBE_IMAGE \
/stack/kayobe-automation-env/src/kayobe-config/.automation/pipeline/overcloud-host-configure.sh
env:
KAYOBE_AUTOMATION_SSH_PRIVATE_KEY: ${{ steps.ssh_key.outputs.ssh_key }}

- name: Magnum container build
run: |
sudo -E docker run -it --rm \
-v $(pwd):/stack/kayobe-automation-env/src/kayobe-config \
-e KAYOBE_ENVIRONMENT -e KAYOBE_VAULT_PASSWORD -e KAYOBE_AUTOMATION_SSH_PRIVATE_KEY \
$KAYOBE_IMAGE \
/stack/kayobe-automation-env/src/kayobe-config/.automation/pipeline/overcloud-container-image-build.sh magnum
env:
KAYOBE_AUTOMATION_SSH_PRIVATE_KEY: ${{ steps.ssh_key.outputs.ssh_key }}

- name: Install management cluster
run: |
sudo -E docker run -t --rm \
-v $(pwd):/stack/kayobe-automation-env/src/kayobe-config \
-e KAYOBE_ENVIRONMENT -e KAYOBE_VAULT_PASSWORD -e KAYOBE_AUTOMATION_SSH_PRIVATE_KEY \
$KAYOBE_IMAGE \
/stack/kayobe-automation-env/src/kayobe-config/.automation/pipeline/overcloud-host-command-run.sh --command $MGMT_SCRIPT -l controllers
env:
KAYOBE_AUTOMATION_SSH_PRIVATE_KEY: ${{ steps.ssh_key.outputs.ssh_key }}
MGMT_SCRIPT: |
# # Install `kubectl` CLI
curl -fsLo /tmp/kubectl "https://dl.k8s.io/release/$(curl -fsL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
sudo install -o root -g root -m 0755 /tmp/kubectl /usr/local/bin/kubectl

# Install k3s
curl -fsL https://get.k3s.io | sudo bash -s - --disable traefik

# copy kubeconfig file into standard location
mkdir -p $HOME/.kube
sudo cp /etc/rancher/k3s/k3s.yaml $HOME/.kube/config
sudo chown $USER $HOME/.kube/config

# Install helm
curl -fsL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash

# Install cert manager
helm upgrade cert-manager cert-manager \
--install \
--namespace cert-manager \
--create-namespace \
--repo https://charts.jetstack.io \
--version v1.11.1 \
--set installCRDs=true \
--wait

# Install Cluster API resources
mkdir -p capi
cat <<EOF > capi/kustomization.yaml
---
resources:
- https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.3.3/cluster-api-components.yaml
- https://github.com/kubernetes-sigs/cluster-api-provider-openstack/releases/download/v0.7.1/infrastructure-components.yaml
patches:
- patch: |-
- op: replace
path: /spec/template/spec/containers/0/args
value:
- --leader-elect
- --metrics-bind-addr=localhost:8080
target:
kind: Deployment
namespace: capi-system
name: capi-controller-manager
- patch: |-
- op: replace
path: /spec/template/spec/containers/0/args
value:
- --leader-elect
- --metrics-bind-addr=localhost:8080
target:
kind: Deployment
namespace: capi-kubeadm-bootstrap-system
name: capi-kubeadm-bootstrap-controller-manager
- patch: |-
- op: replace
path: /spec/template/spec/containers/0/args
value:
- --leader-elect
- --metrics-bind-addr=localhost:8080
target:
kind: Deployment
namespace: capi-kubeadm-control-plane-system
name: capi-kubeadm-control-plane-controller-manager
EOF
kubectl apply -k capi

# Install addon manager
helm upgrade cluster-api-addon-provider cluster-api-addon-provider \
--install \
--repo https://stackhpc.github.io/cluster-api-addon-provider \
--version 0.1.0-dev.0.main.26 \
--namespace capi-addon-system \
--create-namespace \
--wait \
--timeout 30m

sudo dnf install -y python3-pip

sudo pip3 install python-magnumclient kubernetes

- name: Get kubeconfig
run: |
echo "kubeconfig<<EOF" >> $GITHUB_OUTPUT
sudo -E docker run -t --rm \
-v $(pwd):/stack/kayobe-automation-env/src/kayobe-config \
-e KAYOBE_ENVIRONMENT -e KAYOBE_VAULT_PASSWORD -e KAYOBE_AUTOMATION_SSH_PRIVATE_KEY \
$KAYOBE_IMAGE \
/stack/kayobe-automation-env/src/kayobe-config/.automation/pipeline/overcloud-host-command-run.sh --command "cat ~/.kube/config" -l controllers >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
env:
KAYOBE_AUTOMATION_SSH_PRIVATE_KEY: ${{ steps.ssh_key.outputs.ssh_key }}

- name: Set kubeconfig
run: |
echo $KUBECONFIG > etc/kayobe/environments/$KAYOBE_ENVIRONMENT/kolla/config/magnum/kubeconfig

- name: Service deploy
run: |
sudo -E docker run -t --rm \
-v $(pwd):/stack/kayobe-automation-env/src/kayobe-config \
-e KAYOBE_ENVIRONMENT -e KAYOBE_VAULT_PASSWORD -e KAYOBE_AUTOMATION_SSH_PRIVATE_KEY \
$KAYOBE_IMAGE \
/stack/kayobe-automation-env/src/kayobe-config/.automation/pipeline/overcloud-service-deploy.sh
env:
KAYOBE_AUTOMATION_SSH_PRIVATE_KEY: ${{ steps.ssh_key.outputs.ssh_key }}

- name: Configure aio resources
run: |
sudo -E docker run -t --rm \
-v $(pwd):/stack/kayobe-automation-env/src/kayobe-config \
-e KAYOBE_ENVIRONMENT -e KAYOBE_VAULT_PASSWORD -e KAYOBE_AUTOMATION_SSH_PRIVATE_KEY \
$KAYOBE_IMAGE \
/stack/kayobe-automation-env/src/kayobe-config/.automation/pipeline/playbook-run.sh etc/kayobe/ansible/configure-aio-resources.yml
env:
KAYOBE_AUTOMATION_SSH_PRIVATE_KEY: ${{ steps.ssh_key.outputs.ssh_key }}

- name: Tempest tests
run: |
mkdir -p tempest-artifacts
sudo -E docker run -t --rm \
-v $(pwd):/stack/kayobe-automation-env/src/kayobe-config \
-v $(pwd)/tempest-artifacts:/stack/tempest-artifacts \
-e KAYOBE_ENVIRONMENT -e KAYOBE_VAULT_PASSWORD -e KAYOBE_AUTOMATION_SSH_PRIVATE_KEY \
$KAYOBE_IMAGE \
/stack/kayobe-automation-env/src/kayobe-config/.automation/pipeline/tempest.sh -e ansible_user=stack
env:
KAYOBE_AUTOMATION_SSH_PRIVATE_KEY: ${{ steps.ssh_key.outputs.ssh_key }}

- name: Upload test result artifacts
uses: actions/upload-artifact@v3
with:
name: tempest-results-${{ inputs.os_distribution }}-${{ inputs.os_release }}-${{ inputs.neutron_plugin }}
path: tempest-artifacts/*

- name: Fail if any Tempest tests failed
run: |
test $(wc -l < tempest-artifacts/failed-tests) -lt 1

- name: Destroy
run: terraform destroy -auto-approve
working-directory: ${{ github.workspace }}/terraform/aio
env:
OS_CLOUD: ${{ inputs.OS_CLOUD }}
OS_APPLICATION_CREDENTIAL_ID: ${{ secrets.OS_APPLICATION_CREDENTIAL_ID }}
OS_APPLICATION_CREDENTIAL_SECRET: ${{ secrets.OS_APPLICATION_CREDENTIAL_SECRET }}
if: always()

- name: Prune Docker images over 1 week old
# May fail if another prune is running
run: sudo docker image prune --all --force --filter until=168h || true
if: always()
Loading