From 9b52c31a3108ba1e9aba3c34bab5633ba0f94e01 Mon Sep 17 00:00:00 2001 From: Stig Telfer Date: Fri, 1 Dec 2023 17:43:18 +0000 Subject: [PATCH 1/9] Add security groups for AUFN services --- openstack-device.tf | 48 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/openstack-device.tf b/openstack-device.tf index 3d621fb..01137b7 100644 --- a/openstack-device.tf +++ b/openstack-device.tf @@ -110,6 +110,53 @@ resource "null_resource" "registry" { } } +resource "openstack_compute_secgroup_v2" "AUFN" { + name = "${var.lab_prefix}-lab-rules" + description = "Access rules for AUFN lab deployment" + + rule { + from_port = 22 + to_port = 22 + ip_protocol = "tcp" + cidr = "0.0.0.0/0" + } + + rule { + from_port = 80 + to_port = 80 + ip_protocol = "tcp" + cidr = "0.0.0.0/0" + } + + rule { + from_port = 3000 + to_port = 3000 + ip_protocol = "tcp" + cidr = "0.0.0.0/0" + } + + rule { + from_port = 5601 + to_port = 5601 + ip_protocol = "tcp" + cidr = "0.0.0.0/0" + } + + rule { + from_port = 9091 + to_port = 9091 + ip_protocol = "tcp" + cidr = "0.0.0.0/0" + } + + rule { + from_port = 9093 + to_port = 9093 + ip_protocol = "tcp" + cidr = "0.0.0.0/0" + } +} + resource "openstack_compute_instance_v2" "lab" { count = var.lab_count @@ -117,6 +164,7 @@ resource "openstack_compute_instance_v2" "lab" { image_name = var.image_name flavor_name = var.lab_flavor key_pair = openstack_compute_keypair_v2.ufn_lab_key.name + security_groups = ["default", openstack_compute_secgroup_v2.AUFN.name ] dynamic "block_device" { for_each = var.boot_labs_from_volume ? [1] : [] From c5a80480650386ee95b9042f3aaa0eb1829e8d0a Mon Sep 17 00:00:00 2001 From: Stig Telfer Date: Fri, 1 Dec 2023 17:44:30 +0000 Subject: [PATCH 2/9] Bootstrap for CHPC lab --- a-seed-from-nothing.sh | 15 ++++++++++++--- pull-retag-push-images.sh | 4 ++-- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/a-seed-from-nothing.sh b/a-seed-from-nothing.sh index f786a88..3b748d8 100644 --- a/a-seed-from-nothing.sh +++ b/a-seed-from-nothing.sh @@ -4,7 +4,7 @@ SECONDS=0 # Cloud User: cloud-user (CentOS) or ubuntu? -CLOUD_USER=cloud-user +CLOUD_USER=ubuntu ENABLE_OVN=true @@ -16,6 +16,7 @@ echo "[INFO] Given docker registry IP: $registry_ip" # Disable the firewall. if [[ "${CLOUD_USER}" = "ubuntu" ]] then + grep -q $HOSTNAME /etc/hosts || (echo "$(ip r | grep -o '^default via.*src [0-9.]*' | awk '{print $NF}') $HOSTNAME" | sudo tee -a /etc/hosts) dpkg -l ufw && sudo systemctl is-enabled ufw && sudo systemctl stop ufw && sudo systemctl disable ufw else rpm -q firewalld && sudo systemctl is-enabled firewalld && sudo systemctl stop firewalld && sudo systemctl disable firewalld @@ -88,7 +89,8 @@ fi # Clone Kayobe. cd $HOME -[[ -d kayobe ]] || git clone https://opendev.org/openstack/kayobe.git -b stable/yoga +#[[ -d kayobe ]] || git clone https://opendev.org/openstack/kayobe.git -b stable/yoga +[[ -d kayobe ]] || git clone https://github.com/oneswig/kayobe -b oneswig/yoga cd kayobe # Bump the provisioning time - it can be lengthy on virtualised storage @@ -100,7 +102,8 @@ sed -i.bak 's%^[# ]*wait_active_timeout:.*% wait_active_timeout: 5000%' ~/kay # Clone this Kayobe configuration. mkdir -p config/src cd config/src/ -[[ -d kayobe-config ]] || git clone https://github.com/stackhpc/a-universe-from-nothing.git -b stable/yoga kayobe-config +#[[ -d kayobe-config ]] || git clone https://github.com/stackhpc/a-universe-from-nothing.git -b stable/yoga kayobe-config +[[ -d kayobe-config ]] || git clone https://github.com/stackhpc/a-universe-from-nothing.git -b yoga-XL kayobe-config # Set default registry name to the one we just created sed -i.bak 's/^docker_registry.*/docker_registry: '$registry_ip':4000/' kayobe-config/etc/kayobe/docker.yml @@ -145,6 +148,12 @@ if ! ./dev/seed-deploy.sh; then ./dev/seed-deploy.sh fi +# Run TENKS +cd ~/kayobe +source dev/environment-setup.sh +export TENKS_CONFIG_PATH=config/src/kayobe-config/tenks.yml +./dev/tenks-deploy-overcloud.sh ./tenks + # Duration duration=$SECONDS echo "[INFO] $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed." diff --git a/pull-retag-push-images.sh b/pull-retag-push-images.sh index cf0f3b5..0577692 100755 --- a/pull-retag-push-images.sh +++ b/pull-retag-push-images.sh @@ -6,7 +6,7 @@ set -e SECONDS=0 # DISTRO: CentOS or Ubuntu? -DISTRO=centos +DISTRO=ubuntu if [[ "${DISTRO}" = "ubuntu" ]] then @@ -25,7 +25,7 @@ else cat << "EOF" | sudo tee /etc/yum.repos.d/docker-ce.repo [docker-ce-stable] name=Docker CE Stable - $basearch -baseurl=https://download.docker.com/linux/centos/8/$basearch/stable +baseurl=https://download.docker.com/linux/centos/9/$basearch/stable enabled=1 gpgcheck=1 gpgkey=https://download.docker.com/linux/centos/gpg From 2d1c11e4149f85d53cde1f0b2068ae4bd170f14f Mon Sep 17 00:00:00 2001 From: Stig Telfer Date: Tue, 13 Feb 2024 12:28:40 +0000 Subject: [PATCH 3/9] Fixes for deploying Antelope (2023.1) Ubuntu by default Add initial TENKS provision to a-seed-from-nothing Migrate to quay.io and new tag naming scheme Fix for loss of DHCP on Ubuntu/Netplan instances Give lab-specific names to security group and ssh key Disable interactive dialog for service restart on Jammy package update --- a-seed-from-nothing.sh | 30 +++++-- openstack-device.tf | 2 +- pull-retag-push-images.sh | 167 ++++++++++++++++++++------------------ 3 files changed, 109 insertions(+), 90 deletions(-) diff --git a/a-seed-from-nothing.sh b/a-seed-from-nothing.sh index 3b748d8..fe43806 100644 --- a/a-seed-from-nothing.sh +++ b/a-seed-from-nothing.sh @@ -20,14 +20,16 @@ then dpkg -l ufw && sudo systemctl is-enabled ufw && sudo systemctl stop ufw && sudo systemctl disable ufw else rpm -q firewalld && sudo systemctl is-enabled firewalld && sudo systemctl stop firewalld && sudo systemctl disable firewalld -fi -# Disable SELinux. -sudo setenforce 0 + # Disable SELinux. + sudo setenforce 0 +fi # Useful packages if [[ "${CLOUD_USER}" = "ubuntu" ]] then + # Avoid the interactive dialog prompting for service restart: set policy to leave services unchanged + echo "\$nrconf{restart} = 'l';" | sudo tee /etc/needrestart/conf.d/90-aufn.conf sudo apt update sudo apt install -y git tmux lvm2 iptables else @@ -61,6 +63,19 @@ then exit -1 ;; esac +elif [[ "${CLOUD_USER}" = "ubuntu" ]] +then + # Prepare for disabling of Netplan and enabling of systemd-networkd. + # Netplan has an interaction with systemd and cloud-init to populate + # systemd-networkd files, but ephemerally. If /etc/systemd/network is + # empty and netplan config files are present in /run, copy them over. + persistent_netcfg=$(ls /etc/systemd/network) + ephemeral_netcfg=$(ls /run/systemd/network) + if [[ -z "$persistent_netcfg" && ! -z "$ephemeral_netcfg" ]] + then + echo "Creating persistent versions of Netplan ephemeral config" + sudo cp /run/systemd/network/* /etc/systemd/network + fi fi # Exit on error @@ -89,8 +104,7 @@ fi # Clone Kayobe. cd $HOME -#[[ -d kayobe ]] || git clone https://opendev.org/openstack/kayobe.git -b stable/yoga -[[ -d kayobe ]] || git clone https://github.com/oneswig/kayobe -b oneswig/yoga +[[ -d kayobe ]] || git clone https://opendev.org/openstack/kayobe.git -b stable/2023.1 cd kayobe # Bump the provisioning time - it can be lengthy on virtualised storage @@ -102,11 +116,10 @@ sed -i.bak 's%^[# ]*wait_active_timeout:.*% wait_active_timeout: 5000%' ~/kay # Clone this Kayobe configuration. mkdir -p config/src cd config/src/ -#[[ -d kayobe-config ]] || git clone https://github.com/stackhpc/a-universe-from-nothing.git -b stable/yoga kayobe-config -[[ -d kayobe-config ]] || git clone https://github.com/stackhpc/a-universe-from-nothing.git -b yoga-XL kayobe-config +[[ -d kayobe-config ]] || git clone https://github.com/stackhpc/a-universe-from-nothing.git -b stable/2023.1 kayobe-config # Set default registry name to the one we just created -sed -i.bak 's/^docker_registry.*/docker_registry: '$registry_ip':4000/' kayobe-config/etc/kayobe/docker.yml +sed -i.bak 's/^docker_registry:.*/docker_registry: '$registry_ip':4000/' kayobe-config/etc/kayobe/docker.yml # Configure host networking (bridge, routes & firewall) ./kayobe-config/configure-local-networking.sh @@ -150,7 +163,6 @@ fi # Run TENKS cd ~/kayobe -source dev/environment-setup.sh export TENKS_CONFIG_PATH=config/src/kayobe-config/tenks.yml ./dev/tenks-deploy-overcloud.sh ./tenks diff --git a/openstack-device.tf b/openstack-device.tf index 01137b7..e58df32 100644 --- a/openstack-device.tf +++ b/openstack-device.tf @@ -1,5 +1,5 @@ resource "openstack_compute_keypair_v2" "ufn_lab_key" { - name = "ufn_lab_key" + name = "${var.lab_prefix}_lab_key" public_key = tls_private_key.default.public_key_openssh } diff --git a/pull-retag-push-images.sh b/pull-retag-push-images.sh index 0577692..a9abdf0 100755 --- a/pull-retag-push-images.sh +++ b/pull-retag-push-images.sh @@ -41,88 +41,95 @@ if [ ! "$(sudo docker ps -q -f name=registry)" ]; then sudo docker run -d -p 4000:5000 --restart=always --name registry registry fi -tag=${1:-yoga} -images="kolla/${DISTRO}-source-bifrost-deploy -kolla/${DISTRO}-source-kolla-toolbox -kolla/${DISTRO}-source-haproxy -kolla/${DISTRO}-source-mariadb-server -kolla/${DISTRO}-source-mariadb-clustercheck -kolla/${DISTRO}-source-fluentd -kolla/${DISTRO}-source-cron -kolla/${DISTRO}-source-keepalived -kolla/${DISTRO}-source-neutron-server -kolla/${DISTRO}-source-neutron-l3-agent -kolla/${DISTRO}-source-neutron-metadata-agent -kolla/${DISTRO}-source-neutron-openvswitch-agent -kolla/${DISTRO}-source-neutron-dhcp-agent -kolla/${DISTRO}-source-glance-api -kolla/${DISTRO}-source-nova-compute -kolla/${DISTRO}-source-keystone-fernet -kolla/${DISTRO}-source-keystone-ssh -kolla/${DISTRO}-source-keystone -kolla/${DISTRO}-source-nova-api -kolla/${DISTRO}-source-nova-conductor -kolla/${DISTRO}-source-nova-ssh -kolla/${DISTRO}-source-nova-novncproxy -kolla/${DISTRO}-source-nova-scheduler -kolla/${DISTRO}-source-placement-api -kolla/${DISTRO}-source-openvswitch-vswitchd -kolla/${DISTRO}-source-openvswitch-db-server -kolla/${DISTRO}-source-nova-libvirt -kolla/${DISTRO}-source-memcached -kolla/${DISTRO}-source-rabbitmq -kolla/${DISTRO}-source-heat-api -kolla/${DISTRO}-source-heat-api-cfn -kolla/${DISTRO}-source-heat-engine -kolla/${DISTRO}-source-horizon -kolla/${DISTRO}-source-kibana -kolla/${DISTRO}-source-elasticsearch -kolla/${DISTRO}-source-elasticsearch-curator -kolla/${DISTRO}-source-barbican-base -kolla/${DISTRO}-source-barbican-api -kolla/${DISTRO}-source-barbican-worker -kolla/${DISTRO}-source-barbican-keystone-listener -kolla/${DISTRO}-source-magnum-base -kolla/${DISTRO}-source-magnum-api -kolla/${DISTRO}-source-magnum-conductor -kolla/${DISTRO}-source-prometheus-alertmanager -kolla/${DISTRO}-source-prometheus-v2-server -kolla/${DISTRO}-source-prometheus-cadvisor -kolla/${DISTRO}-source-prometheus-haproxy-exporter -kolla/${DISTRO}-source-prometheus-mtail -kolla/${DISTRO}-source-prometheus-memcached-exporter -kolla/${DISTRO}-source-prometheus-blackbox-exporter -kolla/${DISTRO}-source-prometheus-node-exporter -kolla/${DISTRO}-source-prometheus-elasticsearch-exporter -kolla/${DISTRO}-source-prometheus-mysqld-exporter -kolla/${DISTRO}-source-prometheus-openstack-exporter -kolla/${DISTRO}-source-prometheus-libvirt-exporter -kolla/${DISTRO}-source-grafana -kolla/${DISTRO}-source-cinder-scheduler -kolla/${DISTRO}-source-cinder-volume -kolla/${DISTRO}-source-cinder-backup -kolla/${DISTRO}-source-cinder-api -kolla/${DISTRO}-source-ovn-controller -kolla/${DISTRO}-source-ovn-northd -kolla/${DISTRO}-source-ovn-nb-db-server -kolla/${DISTRO}-source-ovn-sb-db-server -kolla/${DISTRO}-source-dnsmasq -kolla/${DISTRO}-source-ironic-api -kolla/${DISTRO}-source-ironic-conductor -kolla/${DISTRO}-source-ironic-inspector -kolla/${DISTRO}-source-ironic-neutron-agent -kolla/${DISTRO}-source-ironic-pxe -kolla/${DISTRO}-source-nova-compute-ironic -kolla/${DISTRO}-source-manila-api -kolla/${DISTRO}-source-manila-share -kolla/${DISTRO}-source-manila-data -kolla/${DISTRO}-source-manila-scheduler" +registry=quay.io +acct=openstack.kolla +if [[ "${DISTRO}" = "ubuntu" ]] +then + tag=${1:-2023.1-ubuntu-jammy} +else + tag=${1:-2023.1-rocky-9} +fi +images="bifrost-deploy +kolla-toolbox +haproxy +mariadb-server +mariadb-clustercheck +fluentd +cron +keepalived +neutron-server +neutron-l3-agent +neutron-metadata-agent +neutron-openvswitch-agent +neutron-dhcp-agent +glance-api +nova-compute +keystone-fernet +keystone-ssh +keystone +nova-api +nova-conductor +nova-ssh +nova-novncproxy +nova-scheduler +placement-api +openvswitch-vswitchd +openvswitch-db-server +nova-libvirt +memcached +rabbitmq +heat-api +heat-api-cfn +heat-engine +horizon +opensearch +opensearch-dashboards +barbican-base +barbican-api +barbican-worker +barbican-keystone-listener +magnum-base +magnum-api +magnum-conductor +prometheus-alertmanager +prometheus-v2-server +prometheus-cadvisor +prometheus-haproxy-exporter +prometheus-mtail +prometheus-memcached-exporter +prometheus-blackbox-exporter +prometheus-node-exporter +prometheus-elasticsearch-exporter +prometheus-mysqld-exporter +prometheus-openstack-exporter +prometheus-libvirt-exporter +grafana +cinder-scheduler +cinder-volume +cinder-backup +cinder-api +ovn-controller +ovn-northd +ovn-nb-db-server +ovn-sb-db-server +dnsmasq +ironic-api +ironic-conductor +ironic-inspector +ironic-neutron-agent +ironic-pxe +nova-compute-ironic +manila-api +manila-share +manila-data +manila-scheduler" for image in $images; do - sudo docker pull $image:$tag - sudo docker tag docker.io/$image:$tag localhost:4000/openstack.$image:$tag - sudo docker push localhost:4000/openstack.$image:$tag - sudo docker image remove docker.io/$image:$tag + echo "Processing $acct/$image:$tag..." + sudo docker pull $registry/$acct/$image:$tag + sudo docker tag $registry/$acct/$image:$tag localhost:4000/$acct/$image:$tag + sudo docker push localhost:4000/$acct/$image:$tag + sudo docker image remove $registry/$acct/$image:$tag done # Duration From 82f9d17a7d43c0dbbe6b184a9b3235479e21b375 Mon Sep 17 00:00:00 2001 From: Alex-Welsh Date: Fri, 31 May 2024 08:58:34 +0100 Subject: [PATCH 4/9] Update README --- README.md | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 4c3bd3d..d929535 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,8 @@ Terraform for the following configuration: -* OpenStack virtualised instances +* OpenStack virtualised lab instances +* An OpenStack virtualised container registry instance * Cinder volumes for instance storage * Floating IPs for networking @@ -12,24 +13,26 @@ OpenStack infrastructure. ## Prerequisites -* A Neutron network the instances can attach to, with router +* A Neutron network the instances can attach to, with a router * Plenty of resource quota +* Terraform installed (see instructions + [here](https://developer.hashicorp.com/terraform/install)) ## Software Components -[Kayobe](https://docs.openstack.org/kayobe/latest/) enables deployment of +[Kayobe](https://docs.openstack.org/kayobe/latest/) enables the deployment of containerised OpenStack to bare metal. # Instructions for deployment -After cloning this repo, source the regular OpenStack rc file with necessary -vars for accessing the *A Universe From Nothing* lab project. +After cloning this repo, source the regular OpenStack rc file with the +necessary vars for accessing the *A Universe From Nothing* lab project. -There are a various variables available for configuration. These can be seen +There are various variables available for configuration. These can be seen in `vars.tf`, and can be set in `terraform.tfvars` (see sample file `terraform.tfvars.sample`). -Next up is the `terraform` bit assuming it is already installed: +Create the resources using Terraform: terraform init terraform plan @@ -37,7 +40,7 @@ Next up is the `terraform` bit assuming it is already installed: To reprovision a lab machine: - terraform taint openstack_compute_instance_v2.# + terraform taint openstack_compute_instance_v2.lab[#] terraform apply -auto-approve where `#` is the lab index which can be obtained from the web UI. @@ -54,7 +57,7 @@ SSH in to your lab instance by running and entering the provided password: ssh lab@ -o PreferredAuthentications=password -The default password is the id of the lab instance. As such, it is recommeded +The default password is the id of the lab instance. As such, it is recommended that you run `passwd` immediately to change the default password. ## Nested virtualisation @@ -75,7 +78,7 @@ When complete, it should report an elapsed time as follows: [INFO] 22 minutes and 3 seconds elapsed. -## Inspect the bifrost container inside your seed VM: +## Inspect the Bifrost container inside your seed VM: ssh stack@192.138.33.5 docker ps @@ -85,7 +88,7 @@ When complete, it should report an elapsed time as follows: Look at the steps involved in deploying Kayobe control plane: - < a-universe-from-seed.sh + less a-universe-from-seed.sh # Wrapping up From c312b12772e05508425bb0f69bd0412538f13b5a Mon Sep 17 00:00:00 2001 From: Alex-Welsh Date: Thu, 30 May 2024 16:57:34 +0100 Subject: [PATCH 5/9] Automate default user selection and OS evaluation --- a-seed-from-nothing.sh | 16 +++++----------- pull-retag-push-images.sh | 9 ++------- 2 files changed, 7 insertions(+), 18 deletions(-) diff --git a/a-seed-from-nothing.sh b/a-seed-from-nothing.sh index fe43806..b686762 100644 --- a/a-seed-from-nothing.sh +++ b/a-seed-from-nothing.sh @@ -3,9 +3,6 @@ # Reset SECONDS SECONDS=0 -# Cloud User: cloud-user (CentOS) or ubuntu? -CLOUD_USER=ubuntu - ENABLE_OVN=true # Registry IP @@ -14,8 +11,7 @@ registry_ip=$1 echo "[INFO] Given docker registry IP: $registry_ip" # Disable the firewall. -if [[ "${CLOUD_USER}" = "ubuntu" ]] -then +if type apt; then grep -q $HOSTNAME /etc/hosts || (echo "$(ip r | grep -o '^default via.*src [0-9.]*' | awk '{print $NF}') $HOSTNAME" | sudo tee -a /etc/hosts) dpkg -l ufw && sudo systemctl is-enabled ufw && sudo systemctl stop ufw && sudo systemctl disable ufw else @@ -26,8 +22,7 @@ else fi # Useful packages -if [[ "${CLOUD_USER}" = "ubuntu" ]] -then +if type apt; then # Avoid the interactive dialog prompting for service restart: set policy to leave services unchanged echo "\$nrconf{restart} = 'l';" | sudo tee /etc/needrestart/conf.d/90-aufn.conf sudo apt update @@ -45,8 +40,7 @@ EOF sudo sysctl --load /etc/sysctl.d/70-ipv6.conf # CentOS Stream 8 requires network-scripts. Rocky Linux 9 and onwards use NetworkManager. -if [[ "${CLOUD_USER}" = "cloud-user" ]] -then +if type dnf; then case $(grep -o "[89]\.[0-9]" /etc/redhat-release) in "8.*") sudo dnf install -y network-scripts @@ -63,8 +57,7 @@ then exit -1 ;; esac -elif [[ "${CLOUD_USER}" = "ubuntu" ]] -then +elif type apt; then # Prepare for disabling of Netplan and enabling of systemd-networkd. # Netplan has an interaction with systemd and cloud-init to populate # systemd-networkd files, but ephemerally. If /etc/systemd/network is @@ -84,6 +77,7 @@ fi set -e # Ensure an ssh key is generated +CLOUD_USER=$(ls /home | grep -v lab | grep -v stack | head -1) # NOTE: you might think ~${CLOUD_USER} would work but apparently not CLOUD_USER_DIR=/home/${CLOUD_USER} keyfile="$HOME/.ssh/id_rsa" diff --git a/pull-retag-push-images.sh b/pull-retag-push-images.sh index a9abdf0..eb8dfcb 100755 --- a/pull-retag-push-images.sh +++ b/pull-retag-push-images.sh @@ -5,11 +5,7 @@ set -e # Reset SECONDS SECONDS=0 -# DISTRO: CentOS or Ubuntu? -DISTRO=ubuntu - -if [[ "${DISTRO}" = "ubuntu" ]] -then +if type apt; then # Install and start docker [[ -f /usr/share/keyrings/docker-archive-keyring.gpg ]] || (curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg) echo \ @@ -43,8 +39,7 @@ fi registry=quay.io acct=openstack.kolla -if [[ "${DISTRO}" = "ubuntu" ]] -then +if type apt; then tag=${1:-2023.1-ubuntu-jammy} else tag=${1:-2023.1-rocky-9} From 27bf659fa86cad986c530a736efb651ff18eb912 Mon Sep 17 00:00:00 2001 From: Jack Hodgkiss Date: Fri, 16 Aug 2024 22:23:24 +0100 Subject: [PATCH 6/9] feat: optionally create A records for labs Lab instances may have their fixed IPv4 address used for DNS A record within Designate. Minor change that improves accessing and managing lab instances. --- openstack-device.tf | 16 ++++++++++++++++ vars.tf | 7 +++++++ 2 files changed, 23 insertions(+) diff --git a/openstack-device.tf b/openstack-device.tf index e58df32..b0215ea 100644 --- a/openstack-device.tf +++ b/openstack-device.tf @@ -157,6 +157,22 @@ resource "openstack_compute_secgroup_v2" "AUFN" { } } +data "openstack_dns_zone_v2" "lab_zone" { + count = var.dns_zone_name != null ? 1 : 0 + name = var.dns_zone_name +} + +resource "openstack_dns_recordset_v2" "lab_dns" { + count = var.dns_zone_name != null ? var.lab_count : 0 + zone_id = data.openstack_dns_zone_v2.lab_zone[0].id + name = format("%s-lab-%02d.%s", var.lab_prefix, count.index, var.dns_zone_name) + type = "A" + ttl = 300 + records = [openstack_compute_instance_v2.lab[count.index].network[0].fixed_ip_v4] + + depends_on = [openstack_compute_instance_v2.lab] +} + resource "openstack_compute_instance_v2" "lab" { count = var.lab_count diff --git a/vars.tf b/vars.tf index 77265ee..a1d45a8 100644 --- a/vars.tf +++ b/vars.tf @@ -79,3 +79,10 @@ variable "bastion_floating_ip" { description = "Bastion floating IP" default = "0.0.0.0" } + +variable "dns_zone_name" { + description = "The name of the DNS zone to use for creating DNS records. Leave empty or null to skip DNS record creation." + type = string + nullable = true + default = null +} From 660510e1349a643b9df49eb88cc660fe26536d42 Mon Sep 17 00:00:00 2001 From: Jack Hodgkiss Date: Mon, 19 Aug 2024 09:56:24 +0100 Subject: [PATCH 7/9] Update vars.tf Co-authored-by: Mark Goddard --- vars.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars.tf b/vars.tf index a1d45a8..8f49613 100644 --- a/vars.tf +++ b/vars.tf @@ -81,7 +81,7 @@ variable "bastion_floating_ip" { } variable "dns_zone_name" { - description = "The name of the DNS zone to use for creating DNS records. Leave empty or null to skip DNS record creation." + description = "The name of the DNS zone to use for creating DNS records. Leave null to skip DNS record creation." type = string nullable = true default = null From 6b8ce7001b51c6540cf559c2cead3ece2a585e4e Mon Sep 17 00:00:00 2001 From: Jack Hodgkiss Date: Mon, 19 Aug 2024 12:23:11 +0100 Subject: [PATCH 8/9] feat: remove `depends_on` from `lab_zone` --- openstack-device.tf | 2 -- 1 file changed, 2 deletions(-) diff --git a/openstack-device.tf b/openstack-device.tf index b0215ea..0d58716 100644 --- a/openstack-device.tf +++ b/openstack-device.tf @@ -169,8 +169,6 @@ resource "openstack_dns_recordset_v2" "lab_dns" { type = "A" ttl = 300 records = [openstack_compute_instance_v2.lab[count.index].network[0].fixed_ip_v4] - - depends_on = [openstack_compute_instance_v2.lab] } resource "openstack_compute_instance_v2" "lab" { From d01727f0202077037679da746798d136892779ba Mon Sep 17 00:00:00 2001 From: Alex-Welsh Date: Tue, 17 Sep 2024 11:22:34 +0100 Subject: [PATCH 9/9] Refactor to use Beokay Beokay is a tool for creating production kayobe environments. It provides a clear source tree with a simple python script. This change primarily moves the source code and python virtual environments into a new ~/deployment directory, and separates each source code directory (Kayobe, Kayobe-Config, Kolla-Ansible, Tenks). --- a-seed-from-nothing.sh | 46 ++++++++++++++++++++--------------------- a-universe-from-seed.sh | 22 +++++++------------- 2 files changed, 29 insertions(+), 39 deletions(-) diff --git a/a-seed-from-nothing.sh b/a-seed-from-nothing.sh index b686762..abdea88 100644 --- a/a-seed-from-nothing.sh +++ b/a-seed-from-nothing.sh @@ -96,43 +96,38 @@ then sudo chown ${CLOUD_USER}.${CLOUD_USER} ${CLOUD_USER_DIR}/.ssh/authorized_keys fi -# Clone Kayobe. +# Clone Beokay. cd $HOME -[[ -d kayobe ]] || git clone https://opendev.org/openstack/kayobe.git -b stable/2023.1 -cd kayobe +git clone https://github.com/stackhpc/beokay.git -b master + +# Use Beokay to bootstrap your control host. +[[ -d deployment ]] || beokay/beokay.py create --base-path ~/deployment --kayobe-repo https://opendev.org/openstack/kayobe.git --kayobe-branch stable/2023.1 --kayobe-config-repo https://github.com/stackhpc/a-universe-from-nothing.git --kayobe-config-branch stable/2023.1 # Bump the provisioning time - it can be lengthy on virtualised storage -sed -i.bak 's%^[# ]*wait_active_timeout:.*% wait_active_timeout: 5000%' ~/kayobe/ansible/overcloud-provision.yml +sed -i.bak 's%^[# ]*wait_active_timeout:.*% wait_active_timeout: 5000%' ~/deployment/src/kayobe/ansible/overcloud-provision.yml # Clone the Tenks repository. +cd ~/deployment/src/ [[ -d tenks ]] || git clone https://opendev.org/openstack/tenks.git - -# Clone this Kayobe configuration. -mkdir -p config/src -cd config/src/ -[[ -d kayobe-config ]] || git clone https://github.com/stackhpc/a-universe-from-nothing.git -b stable/2023.1 kayobe-config +cd # Set default registry name to the one we just created -sed -i.bak 's/^docker_registry:.*/docker_registry: '$registry_ip':4000/' kayobe-config/etc/kayobe/docker.yml +sed -i.bak 's/^docker_registry:.*/docker_registry: '$registry_ip':4000/' ~/deployment/src/kayobe-config/etc/kayobe/docker.yml # Configure host networking (bridge, routes & firewall) -./kayobe-config/configure-local-networking.sh - -# Install kayobe. -cd ~/kayobe -./dev/install-dev.sh +~/deployment/src/kayobe-config/configure-local-networking.sh # Enable OVN flags if $ENABLE_OVN then - cat <