diff --git a/.automation b/.automation index a5749321e..d4aa284af 160000 --- a/.automation +++ b/.automation @@ -1 +1 @@ -Subproject commit a5749321ebcaa9798f1d63d7dc15f1380540f0a3 +Subproject commit d4aa284afe40c882639637d0f50ebe927439d681 diff --git a/.github/workflows/stackhpc-all-in-one.yml b/.github/workflows/stackhpc-all-in-one.yml index c6e9de859..1d2027a3e 100644 --- a/.github/workflows/stackhpc-all-in-one.yml +++ b/.github/workflows/stackhpc-all-in-one.yml @@ -11,6 +11,10 @@ on: description: Kayobe container image type: string required: true + os_distribution: + description: Host OS distribution + type: string + default: centos neutron_plugin: description: Neutron ML2 plugin type: string @@ -19,6 +23,10 @@ on: description: Image for the all-in-one VM type: string default: CentOS-stream8 + vm_interface: + description: Default network interface name + type: string + default: eth0 vm_flavor: description: Flavor for the all-in-one VM type: string @@ -81,11 +89,10 @@ jobs: - name: Generate terraform.tfvars run: | cat << EOF > terraform.tfvars - ssh_private_key = "id_rsa" ssh_public_key = "id_rsa.pub" + aio_vm_interface = "${{ env.VM_INTERFACE }}" aio_vm_name = "${{ env.VM_NAME }}" aio_vm_image = "${{ env.VM_IMAGE }}" - aio_vm_keypair = "${{ env.VM_KEYPAIR }}" aio_vm_flavor = "${{ env.VM_FLAVOR }}" aio_vm_network = "${{ env.VM_NETWORK }}" aio_vm_subnet = "${{ env.VM_SUBNET }}" @@ -94,10 +101,10 @@ jobs: env: VM_NAME: "skc-ci-aio-${{ inputs.neutron_plugin }}-${{ github.run_id }}" VM_IMAGE: ${{ inputs.vm_image }} - VM_KEYPAIR: "skc-ci-aio-${{ inputs.neutron_plugin }}-${{ github.run_id }}" VM_FLAVOR: ${{ inputs.vm_flavor }} VM_NETWORK: ${{ inputs.vm_network }} VM_SUBNET: ${{ inputs.vm_subnet }} + VM_INTERFACE: ${{ inputs.vm_interface }} - name: Terraform Plan run: terraform plan @@ -151,10 +158,12 @@ jobs: run: | cat << EOF > etc/kayobe/environments/$KAYOBE_ENVIRONMENT/zz-aio-scenario.yml --- + os_distribution: ${{ env.OS_DISTRIBUTION }} kolla_enable_ovn: ${{ env.ENABLE_OVN }} EOF env: ENABLE_OVN: ${{ inputs.neutron_plugin == 'ovn' }} + OS_DISTRIBUTION: ${{ inputs.os_distribution }} # https://renehernandez.io/snippets/multiline-strings-as-a-job-output-in-github-actions/ - name: Set SSH key output @@ -217,7 +226,7 @@ jobs: - name: Upload test result artifacts uses: actions/upload-artifact@v3 with: - name: tempest-results-${{ inputs.neutron_plugin }} + name: tempest-results-${{ inputs.os_distribution }}-${{ inputs.neutron_plugin }} path: tempest-artifacts/* - name: Fail if any Tempest tests failed @@ -235,5 +244,5 @@ jobs: - name: Prune Docker images over 1 week old # May fail if another prune is running - run: sudo docker image prune --force --filter until=168h || true + run: sudo docker image prune --all --force --filter until=168h || true if: always() diff --git a/.github/workflows/stackhpc-container-image-build.yml b/.github/workflows/stackhpc-container-image-build.yml index 4a639ba73..65428c039 100644 --- a/.github/workflows/stackhpc-container-image-build.yml +++ b/.github/workflows/stackhpc-container-image-build.yml @@ -143,9 +143,9 @@ jobs: retention-days: 7 if: github.event.inputs.seed == 'true' - - name: Prune local Kolla container images + - name: Prune local Kolla container images over 1 week old run: | - sudo docker image prune --force --filter="label=kolla_version" + sudo docker image prune --all --force --filter until=168h --filter="label=kolla_version" sync-container-repositories: name: Trigger container image repository sync diff --git a/.github/workflows/stackhpc-pull-request.yml b/.github/workflows/stackhpc-pull-request.yml index 0504103d3..d13f84566 100644 --- a/.github/workflows/stackhpc-pull-request.yml +++ b/.github/workflows/stackhpc-pull-request.yml @@ -1,5 +1,9 @@ --- +concurrency: + group: stackhpc-pull-request-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + name: Pull request 'on': pull_request: @@ -37,26 +41,56 @@ jobs: uses: ./.github/workflows/stackhpc-build-kayobe-image.yml if: github.repository == 'stackhpc/stackhpc-kayobe-config' - all-in-one-ovs: - name: aio (OVS) + all-in-one-centos-ovs: + name: aio (CentOS OVS) + needs: + - build-kayobe-image + uses: ./.github/workflows/stackhpc-all-in-one.yml + with: + kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }} + neutron_plugin: ovs + OS_CLOUD: sms-lab-release + secrets: inherit + if: github.repository == 'stackhpc/stackhpc-kayobe-config' + + all-in-one-centos-ovn: + name: aio (CentOS OVN) + needs: + - build-kayobe-image + uses: ./.github/workflows/stackhpc-all-in-one.yml + with: + kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }} + neutron_plugin: ovn + OS_CLOUD: sms-lab-release + secrets: inherit + if: github.repository == 'stackhpc/stackhpc-kayobe-config' + + all-in-one-rocky-ovs: + name: aio (Rocky OVS) needs: - build-kayobe-image uses: ./.github/workflows/stackhpc-all-in-one.yml with: kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }} + os_distribution: rocky neutron_plugin: ovs + vm_image: Rocky8 + vm_interface: ens3 OS_CLOUD: sms-lab-release secrets: inherit if: github.repository == 'stackhpc/stackhpc-kayobe-config' - all-in-one-ovn: - name: aio (OVN) + all-in-one-rocky-ovn: + name: aio (Rocky OVN) needs: - build-kayobe-image uses: ./.github/workflows/stackhpc-all-in-one.yml with: kayobe_image: ${{ needs.build-kayobe-image.outputs.kayobe_image }} + os_distribution: rocky neutron_plugin: ovn + vm_image: Rocky8 + vm_interface: ens3 OS_CLOUD: sms-lab-release secrets: inherit if: github.repository == 'stackhpc/stackhpc-kayobe-config' diff --git a/etc/kayobe/ansible/configure-aio-resources.yml b/etc/kayobe/ansible/configure-aio-resources.yml index 3fdb88d0c..78450eaeb 100644 --- a/etc/kayobe/ansible/configure-aio-resources.yml +++ b/etc/kayobe/ansible/configure-aio-resources.yml @@ -6,47 +6,56 @@ vars: venv: '{{ virtualenv_path }}/openstack' tasks: - - block: - - name: Install python openstack client - pip: - name: python-openstackclient - virtualenv: '{{ venv }}' - extra_args: -c "{{ pip_upper_constraints_file }}" + - name: Install python build dependencies + package: + name: + - "{% if ansible_facts.os_family == 'RedHat' %}gcc{% else %}build-essential{% endif %}" + - "python3-dev{% if ansible_facts.os_family == 'RedHat' %}el{% endif %}" + cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" + update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}" + state: present + become: true - - name: Include kolla secrets - include_vars: - dir: '{{ kayobe_env_config_path }}/kolla/' - files_matching: passwords.yml - name: kolla_passwords + - name: Install python openstack client + pip: + name: python-openstackclient + virtualenv: '{{ venv }}' + extra_args: -c "{{ pip_upper_constraints_file }}" - - name: Add an IP to connect to the instances - # FIXME: host configure will have bounced the bridge - # and removed the IP - command: ip a add 10.0.2.1/24 dev breth1 - register: result - failed_when: 'result.rc !=0 and "RTNETLINK answers: File exists" not in - result.stderr' - changed_when: result.rc == 0 - become: true + - name: Include kolla secrets + include_vars: + dir: '{{ kayobe_env_config_path }}/kolla/' + files_matching: passwords.yml + name: kolla_passwords - - name: Run init-run-once - script: - cmd: scripts/aio-init.sh - creates: /tmp/.init-runonce - environment: - KOLLA_OPENSTACK_COMMAND: '{{ venv }}/bin/openstack' - OS_PROJECT_DOMAIN_NAME: Default - OS_USER_DOMAIN_NAME: Default - OS_PROJECT_NAME: admin - OS_TENANT_NAME: admin - OS_USERNAME: admin - OS_PASSWORD: "{{ kolla_passwords.keystone_admin_password | mandatory('Could\ - \ not find keystone_admin_password in passwords.yml') }}" - # Use kolla_external_fqdn in wallaby - OS_AUTH_URL: http://{{ kolla_external_fqdn | default(public_net_name - | net_fqdn) | default(public_net_name | net_vip_address, true) }}:5000 - OS_INTERFACE: public - OS_ENDPOINT_TYPE: publicURL - OS_IDENTITY_API_VERSION: 3 - OS_REGION_NAME: RegionOne - OS_AUTH_PLUGIN: password + - name: Add an IP to connect to the instances + # FIXME: host configure will have bounced the bridge + # and removed the IP + command: ip a add 10.0.2.1/24 dev breth1 + register: result + failed_when: 'result.rc !=0 and "RTNETLINK answers: File exists" not in + result.stderr' + changed_when: result.rc == 0 + become: true + + - name: Run init-run-once + script: + cmd: scripts/aio-init.sh + creates: /tmp/.init-runonce + environment: + KOLLA_OPENSTACK_COMMAND: '{{ venv }}/bin/openstack' + OS_PROJECT_DOMAIN_NAME: Default + OS_USER_DOMAIN_NAME: Default + OS_PROJECT_NAME: admin + OS_TENANT_NAME: admin + OS_USERNAME: admin + OS_PASSWORD: "{{ kolla_passwords.keystone_admin_password | mandatory('Could\ + \ not find keystone_admin_password in passwords.yml') }}" + # Use kolla_external_fqdn in wallaby + OS_AUTH_URL: http://{{ kolla_external_fqdn | default(public_net_name + | net_fqdn) | default(public_net_name | net_vip_address, true) }}:5000 + OS_INTERFACE: public + OS_ENDPOINT_TYPE: publicURL + OS_IDENTITY_API_VERSION: 3 + OS_REGION_NAME: RegionOne + OS_AUTH_PLUGIN: password diff --git a/etc/kayobe/compute.yml b/etc/kayobe/compute.yml index b1d8d6562..2d6182930 100644 --- a/etc/kayobe/compute.yml +++ b/etc/kayobe/compute.yml @@ -179,6 +179,12 @@ # compute_qemu_conf_extra. #compute_qemu_conf: +# Whether to enable libvirt SASL authentication. Default is true. +#compute_libvirt_enable_sasl: + +# libvirt SASL password. Default is unset. +#compute_libvirt_sasl_password: + # Whether to enable a libvirt TLS listener. Default is false. #compute_libvirt_enable_tls: diff --git a/etc/kayobe/environments/ci-aio/compute.yml b/etc/kayobe/environments/ci-aio/compute.yml new file mode 100644 index 000000000..e5bd95d6d --- /dev/null +++ b/etc/kayobe/environments/ci-aio/compute.yml @@ -0,0 +1,3 @@ +--- + +compute_libvirt_sasl_password: "{{ lookup('password', kayobe_env_config_path ~ '/secrets/libvirt_sasl_password') }}" diff --git a/etc/kayobe/environments/ci-aio/kolla/globals.yml b/etc/kayobe/environments/ci-aio/kolla/globals.yml index 133da0407..843acf785 100644 --- a/etc/kayobe/environments/ci-aio/kolla/globals.yml +++ b/etc/kayobe/environments/ci-aio/kolla/globals.yml @@ -10,7 +10,7 @@ openstack_service_workers: "1" openstack_service_rpc_workers: "1" docker_yum_baseurl: "{{ stackhpc_repo_docker_url }}" -docker_yum_gpgkey: "https://download.docker.com/linux/{% raw %}{{ ansible_facts.distribution | lower }}{% endraw %}/gpg" +docker_yum_gpgkey: "https://download.docker.com/linux/centos/gpg" # Elasticsearch memory tuning es_heap_size: 1g diff --git a/etc/kayobe/environments/ci-aio/stackhpc-ci.yml b/etc/kayobe/environments/ci-aio/stackhpc-ci.yml index 246707c97..45d107d3e 100644 --- a/etc/kayobe/environments/ci-aio/stackhpc-ci.yml +++ b/etc/kayobe/environments/ci-aio/stackhpc-ci.yml @@ -48,7 +48,9 @@ stackhpc_repo_ubuntu_cloud_archive_version: "{{ stackhpc_pulp_repo_ubuntu_cloud_ stackhpc_repo_ubuntu_focal_version: "{{ stackhpc_pulp_repo_ubuntu_focal_version }}" stackhpc_repo_ubuntu_focal_security_version: "{{ stackhpc_pulp_repo_ubuntu_focal_security_version }}" stackhpc_repo_docker_ce_ubuntu_version: "{{ stackhpc_pulp_repo_docker_ce_ubuntu_version }}" - +stackhpc_repo_rocky_baseos_version: "{{ stackhpc_pulp_repo_rocky_8_6_baseos_version }}" +stackhpc_repo_rocky_appstream_version: "{{ stackhpc_pulp_repo_rocky_8_6_appstream_version }}" +stackhpc_repo_rocky_extras_version: "{{ stackhpc_pulp_repo_rocky_8_6_extras_version }}" # Host and port of container registry. # Push built images to the development Pulp service registry. diff --git a/etc/kayobe/pulp.yml b/etc/kayobe/pulp.yml index 57b61970e..41cd600d4 100644 --- a/etc/kayobe/pulp.yml +++ b/etc/kayobe/pulp.yml @@ -10,6 +10,9 @@ pulp_url: "http://{{ admin_oc_net_name | net_ip(groups['seed'][0]) }}:80" pulp_username: admin pulp_password: "{{ secrets_pulp_password }}" +# Proxy to use when adding remotes. +pulp_proxy_url: "{{ omit }}" + ############################################################################### # StackHPC Pulp server @@ -44,6 +47,7 @@ stackhpc_pulp_repository_deb_repos: client_cert: "{{ stackhpc_release_pulp_client_cert }}" client_key: "{{ stackhpc_release_pulp_client_key }}" policy: on_demand + proxy_url: "{{ pulp_proxy_url }}" architectures: amd64 components: main restricted universe multiverse distributions: focal focal-updates focal-backports @@ -56,6 +60,7 @@ stackhpc_pulp_repository_deb_repos: client_cert: "{{ stackhpc_release_pulp_client_cert }}" client_key: "{{ stackhpc_release_pulp_client_key }}" policy: on_demand + proxy_url: "{{ pulp_proxy_url }}" architectures: amd64 components: main restricted universe multiverse distributions: focal-security @@ -69,6 +74,7 @@ stackhpc_pulp_repository_deb_repos: client_cert: "{{ stackhpc_release_pulp_client_cert }}" client_key: "{{ stackhpc_release_pulp_client_key }}" policy: on_demand + proxy_url: "{{ pulp_proxy_url }}" architectures: amd64 components: main distributions: "focal-updates/{{ openstack_release }}" @@ -82,6 +88,7 @@ stackhpc_pulp_repository_deb_repos: client_cert: "{{ stackhpc_release_pulp_client_cert }}" client_key: "{{ stackhpc_release_pulp_client_key }}" policy: on_demand + proxy_url: "{{ pulp_proxy_url }}" architectures: amd64 distributions: focal components: stable @@ -189,6 +196,7 @@ stackhpc_pulp_repository_rpm_repos: client_cert: "{{ stackhpc_release_pulp_client_cert }}" client_key: "{{ stackhpc_release_pulp_client_key }}" policy: on_demand + proxy_url: "{{ pulp_proxy_url }}" sync_policy: mirror_complete state: present required: "{{ stackhpc_pulp_sync_centos_stream8 | bool }}" @@ -197,6 +205,7 @@ stackhpc_pulp_repository_rpm_repos: client_cert: "{{ stackhpc_release_pulp_client_cert }}" client_key: "{{ stackhpc_release_pulp_client_key }}" policy: on_demand + proxy_url: "{{ pulp_proxy_url }}" sync_policy: mirror_complete state: present required: "{{ stackhpc_pulp_sync_centos_stream8 | bool }}" @@ -205,6 +214,7 @@ stackhpc_pulp_repository_rpm_repos: client_cert: "{{ stackhpc_release_pulp_client_cert }}" client_key: "{{ stackhpc_release_pulp_client_key }}" policy: on_demand + proxy_url: "{{ pulp_proxy_url }}" sync_policy: mirror_complete state: present required: "{{ stackhpc_pulp_sync_centos_stream8 | bool }}" @@ -257,6 +267,7 @@ stackhpc_pulp_repository_rpm_repos: client_cert: "{{ stackhpc_release_pulp_client_cert }}" client_key: "{{ stackhpc_release_pulp_client_key }}" policy: on_demand + proxy_url: "{{ pulp_proxy_url }}" sync_policy: mirror_content_only state: present required: "{{ stackhpc_pulp_sync_el_8 | bool }}" @@ -265,6 +276,7 @@ stackhpc_pulp_repository_rpm_repos: client_cert: "{{ stackhpc_release_pulp_client_cert }}" client_key: "{{ stackhpc_release_pulp_client_key }}" policy: on_demand + proxy_url: "{{ pulp_proxy_url }}" sync_policy: mirror_complete state: present required: "{{ stackhpc_pulp_sync_el_8 | bool }}" @@ -275,6 +287,7 @@ stackhpc_pulp_repository_rpm_repos: client_cert: "{{ stackhpc_release_pulp_client_cert }}" client_key: "{{ stackhpc_release_pulp_client_key }}" policy: on_demand + proxy_url: "{{ pulp_proxy_url }}" sync_policy: mirror_complete state: present required: "{{ stackhpc_pulp_sync_el_8 }}" @@ -535,6 +548,7 @@ stackhpc_pulp_images_kolla_filtered: "{{ stackhpc_pulp_images_kolla | select('se stackhpc_pulp_repository_container_repos_kolla_common: url: "{{ stackhpc_release_pulp_registry_url }}" policy: on_demand + proxy_url: "{{ pulp_proxy_url }}" remote_username: "{{ stackhpc_release_pulp_username }}" remote_password: "{{ stackhpc_release_pulp_password }}" state: present diff --git a/etc/kayobe/stackhpc.yml b/etc/kayobe/stackhpc.yml index b0d1b0d41..566bb27c6 100644 --- a/etc/kayobe/stackhpc.yml +++ b/etc/kayobe/stackhpc.yml @@ -104,15 +104,15 @@ stackhpc_repo_treasuredata_4_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/t stackhpc_repo_treasuredata_4_version: "{{ stackhpc_repo_distribution }}" # Rocky 8 BaseOS -stackhpc_repo_rocky_baseos_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/rocky/8/BaseOS/x86_64/os/{{ stackhpc_repo_rocky_baseos_version }}" +stackhpc_repo_rocky_baseos_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/rocky/8.6/BaseOS/x86_64/os/{{ stackhpc_repo_rocky_baseos_version }}" stackhpc_repo_rocky_baseos_version: "{{ stackhpc_repo_distribution }}" # Rocky 8 AppStream -stackhpc_repo_rocky_appstream_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/rocky/8/AppStream/x86_64/os/{{ stackhpc_repo_rocky_appstream_version }}" +stackhpc_repo_rocky_appstream_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/rocky/8.6/AppStream/x86_64/os/{{ stackhpc_repo_rocky_appstream_version }}" stackhpc_repo_rocky_appstream_version: "{{ stackhpc_repo_distribution }}" # Rocky 8 extras -stackhpc_repo_rocky_extras_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/rocky/8/extras/x86_64/os/{{ stackhpc_repo_rocky_extras_version }}" +stackhpc_repo_rocky_extras_url: "{{ stackhpc_repo_mirror_url }}/pulp/content/rocky/8.6/extras/x86_64/os/{{ stackhpc_repo_rocky_extras_version }}" stackhpc_repo_rocky_extras_version: "{{ stackhpc_repo_distribution }}" ############################################################################### diff --git a/requirements.txt b/requirements.txt index ae14ea044..03d417191 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1 @@ -git+https://github.com/stackhpc/kayobe@stackhpc/xena +kayobe@git+https://github.com/stackhpc/kayobe@stackhpc/xena diff --git a/terraform/aio/README.rst b/terraform/aio/README.rst index 3646b757d..edb465943 100644 --- a/terraform/aio/README.rst +++ b/terraform/aio/README.rst @@ -82,11 +82,9 @@ Generate Terraform variables: .. code-block:: console cat << EOF > terraform.tfvars - ssh_private_key = "id_rsa" ssh_public_key = "id_rsa.pub" aio_vm_name = "kayobe-aio" aio_vm_image = "CentOS-stream8" - aio_vm_keypair = "kayobe-aio" aio_vm_flavor = "general.v1.medium" aio_vm_network = "stackhpc-ipv4-geneve" aio_vm_subnet = "stackhpc-ipv4-geneve-subnet" diff --git a/terraform/aio/outputs.tf b/terraform/aio/outputs.tf index faa49b079..8d184e3a9 100644 --- a/terraform/aio/outputs.tf +++ b/terraform/aio/outputs.tf @@ -11,5 +11,5 @@ output "access_gw" { } output "access_interface" { - value = "eth0" + value = var.aio_vm_interface } diff --git a/terraform/aio/scripts/configure-local-networking.sh b/terraform/aio/scripts/configure-local-networking.sh deleted file mode 100644 index c7bd70bf8..000000000 --- a/terraform/aio/scripts/configure-local-networking.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/bash - -set -e - -# WORKAROUND: internal DNS missing from SMS lab. -cat << EOF | sudo tee -a /etc/hosts -10.0.0.34 pelican pelican.service.compute.sms-lab.cloud -10.205.3.187 pulp-server pulp-server.internal.sms-cloud -EOF - -# IP of the seed hypervisor on the OpenStack 'public' network created by init-runonce.sh. -public_ip="10.0.2.1" - -# IP addresses on the all-in-one Kayobe cloud network. -# These IP addresses map to those statically configured in -# etc/kayobe/network-allocation.yml and etc/kayobe/networks.yml. -controller_vip=192.168.33.2 - -# Forward the following ports to the controller. -# 80: Horizon -# 6080: VNC console -forwarded_ports="80 6080" - -sudo ip l add breth1 type bridge -sudo ip l set breth1 up -sudo ip a add 192.168.33.3/24 dev breth1 -sudo ip l add eth1 type dummy -sudo ip l set eth1 up -sudo ip l set eth1 master breth1 - -iface=$(ip route | awk '$1 == "default" {print $5; exit}') - -#sudo iptables -A POSTROUTING -t nat -o $iface -j MASQUERADE -sudo sysctl -w net.ipv4.conf.all.forwarding=1 - -# Install iptables. -if $(which dnf >/dev/null 2>&1); then - sudo dnf -y install iptables -fi - -# Configure port forwarding from the hypervisor to the Horizon GUI on the -# controller. -sudo iptables -A FORWARD -i $iface -o breth1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT -sudo iptables -A FORWARD -i breth1 -o $iface -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT -for port in $forwarded_ports; do - # Allow new connections. - sudo iptables -A FORWARD -i $iface -o breth1 -p tcp --syn --dport $port -m conntrack --ctstate NEW -j ACCEPT - # Destination NAT. - sudo iptables -t nat -A PREROUTING -i $iface -p tcp --dport $port -j DNAT --to-destination $controller_vip -done - -# Configure an IP on the 'public' network to allow access to/from the cloud. -if ! sudo ip a show dev breth1 | grep $public_ip/24 >/dev/null 2>&1; then - sudo ip a add $public_ip/24 dev breth1 -fi - -# This prevents network.service from restarting correctly. -sudo killall dhclient || true diff --git a/terraform/aio/templates/userdata.cfg.tpl b/terraform/aio/templates/userdata.cfg.tpl index e94bafd3c..9cae72983 100644 --- a/terraform/aio/templates/userdata.cfg.tpl +++ b/terraform/aio/templates/userdata.cfg.tpl @@ -2,3 +2,20 @@ # Don't automatically mount ephemeral disk mounts: - [/dev/vdb, null] +# WORKAROUND: internal DNS missing from SMS lab. +runcmd: + - 'echo "10.0.0.34 pelican pelican.service.compute.sms-lab.cloud" >> /etc/hosts' + - 'echo "10.205.3.187 pulp-server pulp-server.internal.sms-cloud" >> /etc/hosts' +# Configure SSH keys here, to avoid creating an ephemeral keypair. +# This means only the instance needs to be cleaned up if the destroy fails. +ssh_authorized_keys: + - ${ssh_public_key} + +write_files: + # WORKAROUND: https://bugs.launchpad.net/kolla-ansible/+bug/1995409 + - content: | + #!/bin/bash + docker exec openvswitch_vswitchd ovs-vsctl "$@" + owner: root:root + path: /usr/bin/ovs-vsctl + permissions: '0755' diff --git a/terraform/aio/vm.tf b/terraform/aio/vm.tf index dc39b088f..911b0a5a3 100644 --- a/terraform/aio/vm.tf +++ b/terraform/aio/vm.tf @@ -1,7 +1,3 @@ -variable "ssh_private_key" { - type = string -} - variable "ssh_public_key" { type = string } @@ -16,8 +12,9 @@ variable "aio_vm_image" { default = "CentOS-stream8" } -variable "aio_vm_keypair" { +variable "aio_vm_interface" { type = string + default = "eth0" } variable "aio_vm_flavor" { @@ -41,17 +38,11 @@ data "openstack_networking_subnet_v2" "network" { name = var.aio_vm_subnet } -resource "openstack_compute_keypair_v2" "keypair" { - name = var.aio_vm_keypair - public_key = file(var.ssh_public_key) -} - resource "openstack_compute_instance_v2" "kayobe-aio" { name = var.aio_vm_name flavor_name = var.aio_vm_flavor - key_pair = var.aio_vm_keypair config_drive = true - user_data = file("templates/userdata.cfg.tpl") + user_data = templatefile("templates/userdata.cfg.tpl", {ssh_public_key = file(var.ssh_public_key)}) network { name = var.aio_vm_network } @@ -65,29 +56,4 @@ resource "openstack_compute_instance_v2" "kayobe-aio" { delete_on_termination = true } - provisioner "file" { - source = "scripts/configure-local-networking.sh" - destination = "/home/cloud-user/configure-local-networking.sh" - - connection { - type = "ssh" - host = self.access_ip_v4 - user = "cloud-user" - private_key = file(var.ssh_private_key) - } - } - - provisioner "remote-exec" { - inline = [ - "sudo bash /home/cloud-user/configure-local-networking.sh" - ] - - connection { - type = "ssh" - host = self.access_ip_v4 - user = "cloud-user" - private_key = file(var.ssh_private_key) - } - - } }