stackhpc · oneswig · Dec 1, 2023 · Dec 1, 2023 · Feb 13, 2024 · May 31, 2024
diff --git a/a-seed-from-nothing.sh b/a-seed-from-nothing.sh
@@ -4,7 +4,7 @@
 SECONDS=0
 
 # Cloud User: cloud-user (CentOS) or ubuntu?
-CLOUD_USER=cloud-user
+CLOUD_USER=ubuntu
 
 ENABLE_OVN=true
 
@@ -16,17 +16,20 @@ echo "[INFO] Given docker registry IP: $registry_ip"
 # Disable the firewall.
 if [[ "${CLOUD_USER}" = "ubuntu" ]]
 then
+    grep -q $HOSTNAME /etc/hosts || (echo "$(ip r | grep -o '^default via.*src [0-9.]*' | awk '{print $NF}') $HOSTNAME" | sudo tee -a /etc/hosts)
     dpkg -l ufw && sudo systemctl is-enabled ufw && sudo systemctl stop ufw && sudo systemctl disable ufw
 else
     rpm -q firewalld && sudo systemctl is-enabled firewalld && sudo systemctl stop firewalld && sudo systemctl disable firewalld
-fi
 
-# Disable SELinux.
-sudo setenforce 0
+    # Disable SELinux.
+    sudo setenforce 0
+fi
 
 # Useful packages
 if [[ "${CLOUD_USER}" = "ubuntu" ]]
 then
+    # Avoid the interactive dialog prompting for service restart: set policy to leave services unchanged
+    echo "\$nrconf{restart} = 'l';" | sudo tee /etc/needrestart/conf.d/90-aufn.conf
     sudo apt update
     sudo apt install -y git tmux lvm2 iptables
 else
@@ -60,6 +63,19 @@ then
         exit -1
         ;;
     esac
+elif [[ "${CLOUD_USER}" = "ubuntu" ]]
+then
+    # Prepare for disabling of Netplan and enabling of systemd-networkd.
+    # Netplan has an interaction with systemd and cloud-init to populate
+    # systemd-networkd files, but ephemerally.  If /etc/systemd/network is
+    # empty and netplan config files are present in /run, copy them over.
+    persistent_netcfg=$(ls /etc/systemd/network)
+    ephemeral_netcfg=$(ls /run/systemd/network)
+    if [[ -z "$persistent_netcfg" && ! -z "$ephemeral_netcfg" ]]
+    then
+        echo "Creating persistent versions of Netplan ephemeral config"
+        sudo cp /run/systemd/network/* /etc/systemd/network
+    fi
 fi
 
 # Exit on error
@@ -88,7 +104,7 @@ fi
 
 # Clone Kayobe.
 cd $HOME
-[[ -d kayobe ]] || git clone https://opendev.org/openstack/kayobe.git -b stable/yoga
+[[ -d kayobe ]] || git clone https://opendev.org/openstack/kayobe.git -b stable/2023.1
 cd kayobe
 
 # Bump the provisioning time - it can be lengthy on virtualised storage
@@ -100,10 +116,10 @@ sed -i.bak 's%^[# ]*wait_active_timeout:.*%    wait_active_timeout: 5000%' ~/kay
 # Clone this Kayobe configuration.
 mkdir -p config/src
 cd config/src/
-[[ -d kayobe-config ]] || git clone https://github.com/stackhpc/a-universe-from-nothing.git -b stable/yoga kayobe-config
+[[ -d kayobe-config ]] || git clone https://github.com/stackhpc/a-universe-from-nothing.git -b stable/2023.1 kayobe-config
 
 # Set default registry name to the one we just created
-sed -i.bak 's/^docker_registry.*/docker_registry: '$registry_ip':4000/' kayobe-config/etc/kayobe/docker.yml
+sed -i.bak 's/^docker_registry:.*/docker_registry: '$registry_ip':4000/' kayobe-config/etc/kayobe/docker.yml
 
 # Configure host networking (bridge, routes & firewall)
 ./kayobe-config/configure-local-networking.sh
@@ -145,6 +161,11 @@ if ! ./dev/seed-deploy.sh; then
     ./dev/seed-deploy.sh
 fi
 
+# Run TENKS
+cd ~/kayobe
+export TENKS_CONFIG_PATH=config/src/kayobe-config/tenks.yml
+./dev/tenks-deploy-overcloud.sh ./tenks
+
 # Duration
 duration=$SECONDS
 echo "[INFO] $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
diff --git a/openstack-device.tf b/openstack-device.tf
@@ -1,5 +1,5 @@
 resource "openstack_compute_keypair_v2" "ufn_lab_key" {
-  name       = "ufn_lab_key"
+  name       = "${var.lab_prefix}_lab_key"
   public_key = tls_private_key.default.public_key_openssh
 }
 
@@ -110,13 +110,61 @@ resource "null_resource" "registry" {
   }
 }
 
+resource "openstack_compute_secgroup_v2" "AUFN" {
+  name        = "${var.lab_prefix}-lab-rules"
+  description = "Access rules for AUFN lab deployment"
+
+  rule {
+    from_port   = 22
+    to_port     = 22
+    ip_protocol = "tcp"
+    cidr        = "0.0.0.0/0"
+  }
+
+  rule {
+    from_port   = 80
+    to_port     = 80
+    ip_protocol = "tcp"
+    cidr        = "0.0.0.0/0"
+  }
+
+  rule {
+    from_port   = 3000
+    to_port     = 3000
+    ip_protocol = "tcp"
+    cidr        = "0.0.0.0/0"
+  }
+
+  rule {
+    from_port   = 5601
+    to_port     = 5601
+    ip_protocol = "tcp"
+    cidr        = "0.0.0.0/0"
+  }
+
+  rule {
+    from_port   = 9091
+    to_port     = 9091
+    ip_protocol = "tcp"
+    cidr        = "0.0.0.0/0"
+  }
+
+  rule {
+    from_port   = 9093
+    to_port     = 9093
+    ip_protocol = "tcp"
+    cidr        = "0.0.0.0/0"
+  }
+}
+
 resource "openstack_compute_instance_v2" "lab" {
 
   count           = var.lab_count
   name            = format("%s-lab-%02d", var.lab_prefix, count.index)
   image_name      = var.image_name
   flavor_name     = var.lab_flavor
   key_pair        = openstack_compute_keypair_v2.ufn_lab_key.name
+  security_groups = ["default", openstack_compute_secgroup_v2.AUFN.name ]
 
   dynamic "block_device" {
     for_each = var.boot_labs_from_volume ? [1] : []

diff --git a/pull-retag-push-images.sh b/pull-retag-push-images.sh
@@ -6,7 +6,7 @@ set -e
 SECONDS=0
 
 # DISTRO: CentOS or Ubuntu?
-DISTRO=centos
+DISTRO=ubuntu
 
 if [[ "${DISTRO}" = "ubuntu" ]]
 then
@@ -25,7 +25,7 @@ else
     cat << "EOF" | sudo tee /etc/yum.repos.d/docker-ce.repo
 [docker-ce-stable]
 name=Docker CE Stable - $basearch
-baseurl=https://download.docker.com/linux/centos/8/$basearch/stable
+baseurl=https://download.docker.com/linux/centos/9/$basearch/stable
 enabled=1
 gpgcheck=1
 gpgkey=https://download.docker.com/linux/centos/gpg
@@ -41,88 +41,95 @@ if [ ! "$(sudo docker ps -q -f name=registry)" ]; then
     sudo docker run -d -p 4000:5000 --restart=always --name registry registry
 fi
 
-tag=${1:-yoga}
-images="kolla/${DISTRO}-source-bifrost-deploy
-kolla/${DISTRO}-source-kolla-toolbox
-kolla/${DISTRO}-source-haproxy
-kolla/${DISTRO}-source-mariadb-server
-kolla/${DISTRO}-source-mariadb-clustercheck
-kolla/${DISTRO}-source-fluentd
-kolla/${DISTRO}-source-cron
-kolla/${DISTRO}-source-keepalived
-kolla/${DISTRO}-source-neutron-server
-kolla/${DISTRO}-source-neutron-l3-agent
-kolla/${DISTRO}-source-neutron-metadata-agent
-kolla/${DISTRO}-source-neutron-openvswitch-agent
-kolla/${DISTRO}-source-neutron-dhcp-agent
-kolla/${DISTRO}-source-glance-api
-kolla/${DISTRO}-source-nova-compute
-kolla/${DISTRO}-source-keystone-fernet
-kolla/${DISTRO}-source-keystone-ssh
-kolla/${DISTRO}-source-keystone
-kolla/${DISTRO}-source-nova-api
-kolla/${DISTRO}-source-nova-conductor
-kolla/${DISTRO}-source-nova-ssh
-kolla/${DISTRO}-source-nova-novncproxy
-kolla/${DISTRO}-source-nova-scheduler
-kolla/${DISTRO}-source-placement-api
-kolla/${DISTRO}-source-openvswitch-vswitchd
-kolla/${DISTRO}-source-openvswitch-db-server
-kolla/${DISTRO}-source-nova-libvirt
-kolla/${DISTRO}-source-memcached
-kolla/${DISTRO}-source-rabbitmq
-kolla/${DISTRO}-source-heat-api
-kolla/${DISTRO}-source-heat-api-cfn
-kolla/${DISTRO}-source-heat-engine
-kolla/${DISTRO}-source-horizon
-kolla/${DISTRO}-source-kibana
-kolla/${DISTRO}-source-elasticsearch
-kolla/${DISTRO}-source-elasticsearch-curator
-kolla/${DISTRO}-source-barbican-base
-kolla/${DISTRO}-source-barbican-api
-kolla/${DISTRO}-source-barbican-worker
-kolla/${DISTRO}-source-barbican-keystone-listener
-kolla/${DISTRO}-source-magnum-base
-kolla/${DISTRO}-source-magnum-api
-kolla/${DISTRO}-source-magnum-conductor
-kolla/${DISTRO}-source-prometheus-alertmanager
-kolla/${DISTRO}-source-prometheus-v2-server
-kolla/${DISTRO}-source-prometheus-cadvisor
-kolla/${DISTRO}-source-prometheus-haproxy-exporter
-kolla/${DISTRO}-source-prometheus-mtail
-kolla/${DISTRO}-source-prometheus-memcached-exporter
-kolla/${DISTRO}-source-prometheus-blackbox-exporter
-kolla/${DISTRO}-source-prometheus-node-exporter
-kolla/${DISTRO}-source-prometheus-elasticsearch-exporter
-kolla/${DISTRO}-source-prometheus-mysqld-exporter
-kolla/${DISTRO}-source-prometheus-openstack-exporter
-kolla/${DISTRO}-source-prometheus-libvirt-exporter
-kolla/${DISTRO}-source-grafana
-kolla/${DISTRO}-source-cinder-scheduler
-kolla/${DISTRO}-source-cinder-volume
-kolla/${DISTRO}-source-cinder-backup
-kolla/${DISTRO}-source-cinder-api
-kolla/${DISTRO}-source-ovn-controller
-kolla/${DISTRO}-source-ovn-northd
-kolla/${DISTRO}-source-ovn-nb-db-server
-kolla/${DISTRO}-source-ovn-sb-db-server
-kolla/${DISTRO}-source-dnsmasq
-kolla/${DISTRO}-source-ironic-api
-kolla/${DISTRO}-source-ironic-conductor
-kolla/${DISTRO}-source-ironic-inspector
-kolla/${DISTRO}-source-ironic-neutron-agent
-kolla/${DISTRO}-source-ironic-pxe
-kolla/${DISTRO}-source-nova-compute-ironic
-kolla/${DISTRO}-source-manila-api
-kolla/${DISTRO}-source-manila-share
-kolla/${DISTRO}-source-manila-data
-kolla/${DISTRO}-source-manila-scheduler"
+registry=quay.io
+acct=openstack.kolla
+if [[ "${DISTRO}" = "ubuntu" ]]
+then
+    tag=${1:-2023.1-ubuntu-jammy}
+else
+    tag=${1:-2023.1-rocky-9}
+fi
+images="bifrost-deploy
+kolla-toolbox
+haproxy
+mariadb-server
+mariadb-clustercheck
+fluentd
+cron
+keepalived
+neutron-server
+neutron-l3-agent
+neutron-metadata-agent
+neutron-openvswitch-agent
+neutron-dhcp-agent
+glance-api
+nova-compute
+keystone-fernet
+keystone-ssh
+keystone
+nova-api
+nova-conductor
+nova-ssh
+nova-novncproxy
+nova-scheduler
+placement-api
+openvswitch-vswitchd
+openvswitch-db-server
+nova-libvirt
+memcached
+rabbitmq
+heat-api
+heat-api-cfn
+heat-engine
+horizon
+opensearch
+opensearch-dashboards
+barbican-base
+barbican-api
+barbican-worker
+barbican-keystone-listener
+magnum-base
+magnum-api
+magnum-conductor
+prometheus-alertmanager
+prometheus-v2-server
+prometheus-cadvisor
+prometheus-haproxy-exporter
+prometheus-mtail
+prometheus-memcached-exporter
+prometheus-blackbox-exporter
+prometheus-node-exporter
+prometheus-elasticsearch-exporter
+prometheus-mysqld-exporter
+prometheus-openstack-exporter
+prometheus-libvirt-exporter
+grafana
+cinder-scheduler
+cinder-volume
+cinder-backup
+cinder-api
+ovn-controller
+ovn-northd
+ovn-nb-db-server
+ovn-sb-db-server
+dnsmasq
+ironic-api
+ironic-conductor
+ironic-inspector
+ironic-neutron-agent
+ironic-pxe
+nova-compute-ironic
+manila-api
+manila-share
+manila-data
+manila-scheduler"
 
 for image in $images; do
-    sudo docker pull $image:$tag
-    sudo docker tag docker.io/$image:$tag localhost:4000/openstack.$image:$tag
-    sudo docker push localhost:4000/openstack.$image:$tag
-    sudo docker image remove docker.io/$image:$tag
+    echo "Processing $acct/$image:$tag..."
+    sudo docker pull $registry/$acct/$image:$tag
+    sudo docker tag $registry/$acct/$image:$tag localhost:4000/$acct/$image:$tag
+    sudo docker push localhost:4000/$acct/$image:$tag
+    sudo docker image remove $registry/$acct/$image:$tag
 done
 
 # Duration