diff --git a/.github/workflows/master.yaml b/.github/workflows/master.yaml index b65a9e35..219ca11a 100644 --- a/.github/workflows/master.yaml +++ b/.github/workflows/master.yaml @@ -10,8 +10,24 @@ jobs: name: Integration tests runs-on: self-hosted steps: + - name: Gain back workspace permissions # https://github.com/actions/checkout/issues/211 + run: sudo chown -R $USER:$USER $GITHUB_WORKSPACE + - name: Checkout uses: actions/checkout@v2 + + - name: Docker Login + uses: docker/login-action@v1 + with: + registry: ${{ secrets.DOCKER_REGISTRY }} + username: ${{ secrets.DOCKER_REGISTRY_USER }} + password: ${{ secrets.DOCKER_REGISTRY_TOKEN }} + + - name: Build Docker image + run: | + make build-vms-image + docker push ghcr.io/metal-stack/mini-lab-vms:latest + - name: Run integration tests shell: bash run: | diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index dce76940..5af9449c 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -10,12 +10,32 @@ jobs: name: Integration tests for PR runs-on: self-hosted steps: + - name: Gain back workspace permissions # https://github.com/actions/checkout/issues/211 + run: sudo chown -R $USER:$USER $GITHUB_WORKSPACE + - name: Checkout uses: actions/checkout@v2 + + - name: Docker Login + uses: docker/login-action@v1 + with: + registry: ${{ secrets.DOCKER_REGISTRY }} + username: ${{ secrets.DOCKER_REGISTRY_USER }} + password: ${{ secrets.DOCKER_REGISTRY_TOKEN }} + + - name: Set image name + run: echo "MINI_LAB_VM_IMAGE=ghcr.io/metal-stack/mini-lab-vms:pr-${GITHUB_HEAD_REF##*/}" >> $GITHUB_ENV + + - name: Build Docker image + run: | + make build-vms-image + docker push ${MINI_LAB_VM_IMAGE} + - name: Run integration tests shell: bash run: | export TMPDIR=/var/tmp/ + export MINI_LAB_VM_IMAGE=ghcr.io/metal-stack/mini-lab-vms:pr-${GITHUB_HEAD_REF##*/} ./test/ci-cleanup.sh ./test/integration.sh env: diff --git a/.gitignore b/.gitignore index ffcd3e7e..a63a8c5d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,11 +1,8 @@ -.ansible_vagrant_cache -.vagrant_version_host_system .env .idea .kubeconfig -.vagrant **/*.pyc +mini-lab ansible-common metal-hammer* -partition/dynamic_inventory.yaml requirements.yaml diff --git a/DEV_INSTRUCTIONS.md b/DEV_INSTRUCTIONS.md deleted file mode 100644 index 144b44dd..00000000 --- a/DEV_INSTRUCTIONS.md +++ /dev/null @@ -1,57 +0,0 @@ -# Dev Instructions - -To simplify developing changes for the `metal-api`, `metal-hammer` and `metal-core`, it is possible to use development artifacts from within the mini-lab. - -Also start the mini-lab with a kind cluster, a metal-api instance -as well as some vagrant VMs with two leaf switches and two machine skeletons. -Additionally a Caddy and a Docker registry container is started. -The former serves a prebuilt `metal-hammer-initrd` image, the latter holds -prebuilt `metalstack/metal-api` and `metalstack/metal-core` images, -which will be used as replacements for the official ones. - -Thus you have to clone the following **metal-stack** repositories: - -## Prerequisites: - -```bash -git clone https://github.com/metal-stack/metal-hammer ../metal-hammer -git clone https://github.com/metal-stack/metal-api ../metal-api -git clone https://github.com/metal-stack/metal-core ../metal-core -``` - -## Start/Stop: - -Build `metal-hammer-initrd`, `metalstack/metal-api` and `metalstack/metal-core` images and (re)start -a minimal metal-stack system as well as a Caddy container that servers the former one -and a Docker registry that holds the latter ones: - -```bash -make dev -``` - -Stop and cleanup a potentially running metal-stack development system -as well as the local Caddy and Docker registry containers: - -```bash -make down -``` - -## Exchange images at run-time: - -Reload metal-hammer-initrd: - -```bash -make build-hammer-initrd -``` - -Reload metal-api: - -```bash -make reload-api -``` - -Reload metal-core: - -```bash -make reload-core -``` diff --git a/Makefile b/Makefile index f427c7b4..1c81b951 100644 --- a/Makefile +++ b/Makefile @@ -1,25 +1,38 @@ .DEFAULT_GOAL := up .EXPORT_ALL_VARIABLES: +# Commands +YQ=docker run --rm -i -v $(shell pwd):/workdir mikefarah/yq:3 /bin/sh -c + KUBECONFIG := $(shell pwd)/.kubeconfig -MINI_LAB_FLAVOR := $(or $(MINI_LAB_FLAVOR),default) # Default values -VAGRANT_VAGRANTFILE=Vagrantfile DOCKER_COMPOSE_OVERRIDE= +MINI_LAB_FLAVOR := $(or $(MINI_LAB_FLAVOR),default) +MINI_LAB_VM_IMAGE := $(or $(MINI_LAB_VM_IMAGE),ghcr.io/metal-stack/mini-lab-vms:latest) + MACHINE_OS=ubuntu-20.04 + +# Machine flavors ifeq ($(MINI_LAB_FLAVOR),default) -VAGRANT_MACHINES=machine01 machine02 +LAB_MACHINES=machine01,machine02 else ifeq ($(MINI_LAB_FLAVOR),cluster-api) -VAGRANT_MACHINES=machine01 machine02 machine03 +LAB_MACHINES=machine01,machine02,machine03 else $(error Unknown flavor $(MINI_LAB_FLAVOR)) endif .PHONY: up -up: bake env - docker-compose up --remove-orphans --force-recreate control-plane partition && vagrant up $(VAGRANT_MACHINES) +up: env control-plane-bake partition-bake + @chmod 600 files/ssh/id_rsa + docker-compose up --remove-orphans --force-recreate control-plane partition + @$(MAKE) --no-print-directory start-machines +# for some reason an allocated machine will not be able to phone home +# without restarting the metal-core +# TODO: should be investigated and fixed if possible + ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root@mini-lab-leaf01 -i files/ssh/id_rsa 'systemctl restart metal-core' + ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root@mini-lab-leaf02 -i files/ssh/id_rsa 'systemctl restart metal-core' .PHONY: restart restart: down up @@ -27,8 +40,9 @@ restart: down up .PHONY: down down: cleanup -.PHONY: bake -bake: control-plane-bake partition-bake +.PHONY: control-plane +control-plane: control-plane-bake env + docker-compose up --remove-orphans --force-recreate control-plane .PHONY: control-plane-bake control-plane-bake: @@ -39,18 +53,26 @@ control-plane-bake: --config control-plane/kind.yaml \ --kubeconfig $(KUBECONFIG); fi -.PHONY: control-plane -control-plane: control-plane-bake env - docker-compose up --remove-orphans --force-recreate control-plane +.PHONY: partition +partition: partition-bake + docker-compose -f docker-compose.yml $(DOCKER_COMPOSE_OVERRIDE) up --remove-orphans --force-recreate partition .PHONY: partition-bake partition-bake: - @vagrant version | grep "Installed Version" | cut -d: -f 2 | tr -d '[:space:]' > .vagrant_version_host_system - vagrant up + # docker pull $(MINI_LAB_VM_IMAGE) + @if ! sudo containerlab --topo mini-lab.clab.yaml inspect | grep -i running > /dev/null; then \ + sudo --preserve-env containerlab deploy --topo mini-lab.clab.yaml --reconfigure && \ + ./scripts/deactivate_offloading.sh; fi -.PHONY: partition -partition: partition-bake - docker-compose -f docker-compose.yml $(DOCKER_COMPOSE_OVERRIDE) up --remove-orphans --force-recreate partition && vagrant up $(VAGRANT_MACHINES) +.PHONY: env +env: + @./env.sh + +.PHONY: _ips +_ips: + $(eval ipL1 = $(shell ${YQ} "yq r mini-lab/ansible-inventory.yml 'all.children.cvx.hosts.mini-lab-leaf01.ansible_host'")) + $(eval ipL2 = $(shell ${YQ} "yq r mini-lab/ansible-inventory.yml 'all.children.cvx.hosts.mini-lab-leaf02.ansible_host'")) + $(eval staticR = "100.255.254.0/24 nexthop via $(ipL1) dev docker0 nexthop via $(ipL2) dev docker0") .PHONY: route route: _ips @@ -58,180 +80,133 @@ route: _ips .PHONY: fwrules fwrules: _ips - eval "sudo -- iptables -I LIBVIRT_FWO -s 100.255.254.0/24 -i $(dev) -j ACCEPT;" - eval "sudo -- iptables -I LIBVIRT_FWO -s 10.0.1.0/24 -i $(dev) -j ACCEPT;" - eval "sudo -- iptables -I LIBVIRT_FWI -d 100.255.254.0/24 -o $(dev) -j ACCEPT;" - eval "sudo -- iptables -I LIBVIRT_FWI -d 10.0.1.0/24 -o $(dev) -j ACCEPT;" + eval "sudo -- iptables -I LIBVIRT_FWO -s 100.255.254.0/24 -i docker0 -j ACCEPT;" + eval "sudo -- iptables -I LIBVIRT_FWO -s 10.0.1.0/24 -i docker0 -j ACCEPT;" + eval "sudo -- iptables -I LIBVIRT_FWI -d 100.255.254.0/24 -o docker0 -j ACCEPT;" + eval "sudo -- iptables -I LIBVIRT_FWI -d 10.0.1.0/24 -o docker0 -j ACCEPT;" eval "sudo -- iptables -t nat -I LIBVIRT_PRT -s 100.255.254.0/24 ! -d 100.255.254.0/24 -j MASQUERADE" eval "sudo -- iptables -t nat -I LIBVIRT_PRT -s 10.0.1.0/24 ! -d 10.0.1.0/24 -j MASQUERADE" .PHONY: cleanup -cleanup: caddy-down registry-down - vagrant destroy -f --parallel || true +cleanup: cleanup-control-plane cleanup-partition + +.PHONY: cleanup-control-plane +cleanup-control-plane: kind delete cluster --name metal-control-plane docker-compose down rm -f $(KUBECONFIG) - rm -f .vagrant_version_host_system - rm -f .ansible_vagrant_cache - -.PHONY: dev-env -dev-env: - @echo "export METALCTL_URL=http://api.0.0.0.0.nip.io:8080/metal" - @echo "export METALCTL_HMAC=metal-admin" - @echo "export KUBECONFIG=$(KUBECONFIG)" - -.PHONY: reboot-machine01 -reboot-machine01: - vagrant destroy -f machine01 - vagrant up machine01 - -.PHONY: reboot-machine02 -reboot-machine02: - vagrant destroy -f machine02 - vagrant up machine02 - -.PHONY: reboot-machine03 -reboot-machine03: - vagrant destroy -f machine03 - vagrant up machine03 - -.PHONY: password01 -password01: env - docker-compose run metalctl machine consolepassword e0ab02d2-27cd-5a5e-8efc-080ba80cf258 - -.PHONY: password02 -password02: env - docker-compose run metalctl machine consolepassword 2294c949-88f6-5390-8154-fa53d93a3313 -.PHONY: password03 -password03: env - docker-compose run metalctl machine consolepassword 2294c949-88f6-5390-8154-fa53d93a3314 +.PHONY: cleanup-partition +cleanup-partition: + sudo containerlab destroy --topo mini-lab.clab.yaml .PHONY: _privatenet _privatenet: env - docker-compose run metalctl network list --name user-private-network | grep user-private-network || docker-compose run metalctl network allocate --partition vagrant --project 00000000-0000-0000-0000-000000000000 --name user-private-network + docker-compose run metalctl network list --name user-private-network | grep user-private-network || docker-compose run metalctl network allocate --partition mini-lab --project 00000000-0000-0000-0000-000000000000 --name user-private-network .PHONY: machine machine: _privatenet - docker-compose run metalctl machine create --description test --name test --hostname test --project 00000000-0000-0000-0000-000000000000 --partition vagrant --image $(MACHINE_OS) --size v1-small-x86 --networks $(shell docker-compose run metalctl network list --name user-private-network -o template --template '{{ .id }}') + docker-compose run metalctl machine create --description test --name test --hostname test --project 00000000-0000-0000-0000-000000000000 --partition mini-lab --image $(MACHINE_OS) --size v1-small-x86 --networks $(shell docker-compose run metalctl network list --name user-private-network -o template --template '{{ .id }}') .PHONY: firewall firewall: _ips _privatenet - docker-compose run metalctl firewall create --description fw --name fw --hostname fw --project 00000000-0000-0000-0000-000000000000 --partition vagrant --image firewall-ubuntu-2.0 --size v1-small-x86 --networks internet-vagrant-lab,$(shell docker-compose run metalctl network list --name user-private-network -o template --template '{{ .id }}') + docker-compose run metalctl firewall create --description fw --name fw --hostname fw --project 00000000-0000-0000-0000-000000000000 --partition mini-lab --image firewall-ubuntu-2.0 --size v1-small-x86 --networks internet-mini-lab,$(shell docker-compose run metalctl network list --name user-private-network -o template --template '{{ .id }}') -.PHONY: reinstall-machine01 -reinstall-machine01: env - docker-compose run metalctl machine reinstall --image ubuntu-20.04 e0ab02d2-27cd-5a5e-8efc-080ba80cf258 - @$(MAKE) --no-print-directory reboot-machine01 +.PHONY: ls +ls: env + docker-compose run metalctl machine ls -.PHONY: reinstall-machine02 -reinstall-machine02: env - docker-compose run metalctl machine reinstall --image ubuntu-20.04 2294c949-88f6-5390-8154-fa53d93a3313 - @$(MAKE) --no-print-directory reboot-machine02 +## SWITCH MANAGEMENT ## -.PHONY: delete-machine01 -delete-machine01: env - docker-compose run metalctl machine rm e0ab02d2-27cd-5a5e-8efc-080ba80cf258 - @$(MAKE) --no-print-directory reboot-machine01 +.PHONY: ssh-leaf01 +ssh-leaf01: + ssh -o StrictHostKeyChecking=no -i files/ssh/id_rsa root@mini-lab-leaf01 -.PHONY: delete-machine02 -delete-machine02: env - docker-compose run metalctl machine rm 2294c949-88f6-5390-8154-fa53d93a3313 - @$(MAKE) --no-print-directory reboot-machine02 +.PHONY: ssh-leaf02 +ssh-leaf02: + ssh -o StrictHostKeyChecking=no -i files/ssh/id_rsa root@mini-lab-leaf02 -.PHONY: delete-machine03 -delete-machine03: env - docker-compose run metalctl machine rm 2294c949-88f6-5390-8154-fa53d93a3314 - @$(MAKE) --no-print-directory reboot-machine03 +## MACHINE MANAGEMENT ## -.PHONY: console-machine01 -console-machine01: - @echo "exit console with CTRL+5" - virsh console metalmachine01 +.PHONY: start-machines +start-machines: + docker exec mini-lab-vms /mini-lab/manage_vms.py --names $(LAB_MACHINES) create -.PHONY: console-machine02 -console-machine02: - @echo "exit console with CTRL+5" - virsh console metalmachine02 +.PHONY: _reboot-machine +_reboot-machine: + docker exec mini-lab-vms /mini-lab/manage_vms.py --names $(MACHINE_NAME) kill + docker exec mini-lab-vms /mini-lab/manage_vms.py --names $(MACHINE_NAME) create -.PHONY: ls -ls: env - docker-compose run metalctl machine ls +.PHONY: reboot-machine01 +reboot-machine01: + @$(MAKE) --no-print-directory _reboot-machine MACHINE_NAME=machine01 -.PHONY: env -env: - ./env.sh +.PHONY: reboot-machine02 +reboot-machine02: + @$(MAKE) --no-print-directory _reboot-machine MACHINE_NAME=machine02 + +.PHONY: reboot-machine03 +reboot-machine03: + @$(MAKE) --no-print-directory _reboot-machine MACHINE_NAME=machine03 -# ---- development targets ------------------------------------------------------------- +.PHONY: _password +_password: env + docker-compose run metalctl machine consolepassword $(MACHINE_UUID) -.PHONY: dev -dev: caddy registry build-hammer-initrd build-api-image build-core-image push-core-image control-plane-bake load-api-image partition-bake - docker-compose -f docker-compose.yml -f docker-compose.dev.yml up - vagrant up $(VAGRANT_MACHINES) +.PHONY: password-machine01 +password-machine01: + @$(MAKE) --no-print-directory _password MACHINE_UUID=e0ab02d2-27cd-5a5e-8efc-080ba80cf258 -.PHONY: load-api-image -load-api-image: - kind --name metal-control-plane load docker-image ghcr.io/metal-stack/metal-api:dev +.PHONY: password-machine02 +password-machine02: + @$(MAKE) --no-print-directory _password MACHINE_UUID=2294c949-88f6-5390-8154-fa53d93a3313 -.PHONY: registry-down -registry-down: - @docker rm -f registry > /dev/null 2>&1 || true +.PHONY: password-machine03 +password-machine03: + @$(MAKE) --no-print-directory _password MACHINE_UUID=2a92f14d-d3b1-4d46-b813-5d058103743e -.PHONY: registry -registry: registry-down - docker run -p 5000:443 -v $(shell pwd)/files/certs/registry:/certs -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/ca.pem -e REGISTRY_HTTP_TLS_KEY=/certs/ca-key.pem --name registry -d registry:2 +.PHONY: _free-machine +_free-machine: env + docker-compose run metalctl machine rm $(MACHINE_UUID) + @$(MAKE) --no-print-directory reboot-machine MACHINE_NAME=$(MACHINE_NAME) -.PHONY: reload-api -reload-api: build-api-image load-api-image - kubectl --kubeconfig=$(KUBECONFIG) --namespace metal-control-plane delete pod -l app=metal-api +.PHONY: free-machine01 +free-machine01: + @$(MAKE) --no-print-directory _free-machine MACHINE_NAME=machine01 -.PHONY: build-api-image -build-api-image: - docker build -t ghcr.io/metal-stack/metal-api:dev ../metal-api +.PHONY: free-machine02 +free-machine02: + @$(MAKE) --no-print-directory _free-machine MACHINE_NAME=machine02 -.PHONY: _ips -_ips: - $(eval dev = $(shell virsh net-info vagrant-libvirt | grep Bridge | cut -d' ' -f10 2>/dev/null)) - $(eval ipL1 = $(shell python3 -c 'import pickle; print(pickle.load(open(".ansible_vagrant_cache", "rb"))["meta_vars"]["leaf01"]["ansible_host"])')) - $(eval ipL2 = $(shell python3 -c 'import pickle; print(pickle.load(open(".ansible_vagrant_cache", "rb"))["meta_vars"]["leaf02"]["ansible_host"])')) - $(eval staticR = "100.255.254.0/24 nexthop via $(ipL1) dev $(dev) nexthop via $(ipL2) dev $(dev)") +.PHONY: free-machine03 +free-machine03: + @$(MAKE) --no-print-directory _free-machine MACHINE_NAME=machine03 -.PHONY: reload-core -reload-core: build-core-image push-core-image _ips - ssh -i .vagrant/machines/leaf01/libvirt/private_key vagrant@${ipL1} "sudo docker pull 192.168.121.1:5000/metalstack/metal-core:dev; sudo systemctl restart metal-core" - ssh -i .vagrant/machines/leaf02/libvirt/private_key vagrant@${ipL2} "sudo docker pull 192.168.121.1:5000/metalstack/metal-core:dev; sudo systemctl restart metal-core" +.PHONY: _console-machine +_console-machine: + @echo "exit console with CTRL+5 and then quit telnet through q + ENTER" + @docker exec -it mini-lab-vms telnet 127.0.0.1 $(CONSOLE_PORT) -.PHONY: ssh-leaf01 -ssh-leaf01: _ips - ssh -i .vagrant/machines/leaf01/libvirt/private_key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null vagrant@${ipL1} -t "sudo -i" +.PHONY: console-machine01 +console-machine01: + @$(MAKE) --no-print-directory _console-machine CONSOLE_PORT=4000 -.PHONY: ssh-leaf02 -ssh-leaf02: _ips - ssh -i .vagrant/machines/leaf02/libvirt/private_key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null vagrant@${ipL2} -t "sudo -i" - -.PHONY: build-core-image -build-core-image: - docker build -t localhost:5000/metalstack/metal-core:dev ../metal-core - -.PHONY: push-core-image -push-core-image: - docker push localhost:5000/metalstack/metal-core:dev - -.PHONY: caddy-down -caddy-down: - @docker rm -f caddy > /dev/null 2>&1 || true - -.PHONY: caddy -caddy: caddy-down - docker run -v $(shell pwd):/srv -p 20015:2015 --name caddy -d abiosoft/caddy - -.PHONY: build-hammer-image -build-hammer-image: - docker build -t metalstack/metal-hammer:dev ../metal-hammer - -.PHONY: build-hammer-initrd -build-hammer-initrd: build-hammer-image - docker export $(shell docker create metalstack/metal-hammer:dev /dev/null) > metal-hammer.tar - tar -xf metal-hammer.tar metal-hammer-initrd.img.lz4 - @rm -f metal-hammer.tar - md5sum metal-hammer-initrd.img.lz4 > metal-hammer-initrd.img.lz4.md5 +.PHONY: console-machine02 +console-machine02: + @$(MAKE) --no-print-directory _console-machine CONSOLE_PORT=4001 + +.PHONY: console-machine03 +console-machine03: + @$(MAKE) --no-print-directory _console-machine CONSOLE_PORT=4002 + +## DEV TARGETS ## + +.PHONY: dev-env +dev-env: + @echo "export METALCTL_URL=http://api.0.0.0.0.nip.io:8080/metal" + @echo "export METALCTL_HMAC=metal-admin" + @echo "export KUBECONFIG=$(KUBECONFIG)" + +.PHONY: build-vms-image +build-vms-image: + cd images && docker build -f Dockerfile.vms -t $(MINI_LAB_VM_IMAGE) . && cd - diff --git a/README.md b/README.md index d4e7ef6e..df02e1f5 100644 --- a/README.md +++ b/README.md @@ -227,3 +227,12 @@ make To simplify developing changes for the `metal-api`, `metal-hammer` and `metal-core`, it is possible to use development artifacts from within the mini-lab. See the [dev instructions](DEV_INSTRUCTIONS.md) for more details. + +FROM ubuntu:20.04 + +RUN apt update -y && \ +DEBIAN_FRONTEND=noninteractive apt install -y virt-manager ovmf net-tools haveged \ +qemu qemu-kvm bridge-utils virtinst libvirt-dev libvirt-daemon-system build-essential libvirt-clients + +CMD ["/usr/sbin/init"] + diff --git a/Vagrantfile b/Vagrantfile deleted file mode 100644 index 48051cc8..00000000 --- a/Vagrantfile +++ /dev/null @@ -1,59 +0,0 @@ -# Libvirt Start Port: 8000 -# Libvirt Port Gap: 1000 -Vagrant.require_version ">= 2.2.2" -ENV['VAGRANT_DEFAULT_PROVIDER'] = 'libvirt' -# Check required plugins -REQUIRED_PLUGINS_LIBVIRT = %w(vagrant-libvirt) -exit unless REQUIRED_PLUGINS_LIBVIRT.all? do |plugin| - Vagrant.has_plugin?(plugin) || ( - puts "The #{plugin} plugin is required. Please install it with:" - puts "$ vagrant plugin install #{plugin}" - false - ) -end -load File.expand_path('./vagrant/Vagrantfile.helpers.rb') -Vagrant.configure("2") do |config| - config.vm.synced_folder ".", "/vagrant", type: "rsync", disabled: true - config.vm.provider :libvirt do |libvirt| - libvirt.keymap = 'de' - libvirt.cpus = 1 - libvirt.memory = 1024 - libvirt.random :model => 'random' - libvirt.default_prefix = 'metal' - libvirt.management_network_address = "192.168.121.0/24" - libvirt.nic_adapter_count = 130 - end - config.vm.define "leaf02" do |device| - box device: device, hostname: "leaf02", box: "CumulusCommunity/cumulus-vx", box_version: "3.7.13", memory: 512 - cable device: device, iface: "swp1", mac: "44:38:39:00:00:04", port: "9003", remote_port: "8003" # -> lan1@machine01 - cable device: device, iface: "swp2", mac: "44:38:39:00:00:19", port: "9017", remote_port: "8017" # -> lan1@machine02 - cable device: device, iface: "swp3", mac: "44:38:39:00:00:21", port: "9019", remote_port: "8019" # -> lan1@machine03 - device.vm.provision :shell , path: "./vagrant/provision/config_switch.sh" - device.vm.provision :shell , path: "./vagrant/provision/udev_leaf02.sh" - device.vm.provision :shell , path: "./vagrant/provision/common.sh" - end - config.vm.define "leaf01" do |device| - box device: device, hostname: "leaf01", box: "CumulusCommunity/cumulus-vx", box_version: "3.7.13", memory: 512 - cable device: device, iface: "swp1", mac: "44:38:39:00:00:1a", port: "9018", remote_port: "8018" # -> lan0@machine01 - cable device: device, iface: "swp2", mac: "44:38:39:00:00:18", port: "9016", remote_port: "8016" # -> lan0@machine02 - cable device: device, iface: "swp3", mac: "44:38:39:00:00:20", port: "9015", remote_port: "8015" # -> lan0@machine03 - device.vm.provision :shell , path: "./vagrant/provision/config_switch.sh" - device.vm.provision :shell , path: "./vagrant/provision/udev_leaf01.sh" - device.vm.provision :shell , path: "./vagrant/provision/common.sh" - end - config.vm.define "machine01", autostart: false do |device| - pxe device: device, hostname: "machine01", memory: 2000, uuid: "e0ab02d2-27cd-5a5e-8efc-080ba80cf258" - cable device: device, iface: "lan0", mac: "00:04:00:11:11:01", port: "8018", remote_port: "9018" # -> swp1@leaf01 - cable device: device, iface: "lan1", mac: "00:04:00:11:12:01", port: "8003", remote_port: "9003" # -> swp1@leaf02 - end - config.vm.define "machine02", autostart: false do |device| - pxe device: device, hostname: "machine02", memory: 2000, uuid: "2294c949-88f6-5390-8154-fa53d93a3313" - cable device: device, iface: "lan0", mac: "00:04:00:22:21:02", port: "8016", remote_port: "9016" # -> swp2@leaf01 - cable device: device, iface: "lan1", mac: "00:04:00:22:22:02", port: "8017", remote_port: "9017" # -> swp2@leaf02 - end - config.vm.define "machine03", autostart: false do |device| - pxe device: device, hostname: "machine03", memory: 2000, uuid: "2294c949-88f6-5390-8154-fa53d93a3314" - cable device: device, iface: "lan0", mac: "00:04:00:23:21:02", port: "8015", remote_port: "9015" # -> swp3@leaf01 - cable device: device, iface: "lan1", mac: "00:04:00:23:22:02", port: "8019", remote_port: "9019" # -> swp3@leaf02 - end -end diff --git a/ansible.cfg b/ansible.cfg index 6081cb35..7d799d2a 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -11,4 +11,5 @@ force_valid_group_names = ignore [ssh_connection] retries=3 ssh_executable = /usr/bin/ssh +ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no pipelining = True diff --git a/deploy_partition.yaml b/deploy_partition.yaml index b412c33f..72d0058a 100644 --- a/deploy_partition.yaml +++ b/deploy_partition.yaml @@ -1,45 +1,19 @@ --- -- name: pre-deployment checks - hosts: localhost - connection: local - gather_facts: no - tasks: - - name: get vagrant version - command: vagrant --version - register: result - - - name: check vagrant version - fail: - msg: "Vagrant version of the host system ({{ lookup('file', playbook_dir + '/.vagrant_version_host_system') }}) does not match vagrant version in the deployment image ({{ result.stdout.split(' ')[1] }})" - when: - - result.stdout.split(' ')[1] != lookup('file', playbook_dir + '/.vagrant_version_host_system') - - name: deploy leaves and docker hosts: leaves - gather_facts: true pre_tasks: - - name: check if vm was rebooted after initial provisioning - stat: - path: /.ansible_vagrant_vm_rebooted - register: result - - - name: reboot the switches in order to remap interfaces - reboot: - when: not result.stat.exists | bool - - - name: put marker file that vm was rebooted + - name: create docker directory # TODO: move to docker-on-cumulus role file: - path: /.ansible_vagrant_vm_rebooted - state: touch + path: /etc/docker + state: directory roles: - name: metal-roles/partition/roles/leaf tags: leaf - - name: registry-certs - name: metal-roles/partition/roles/docker-on-cumulus tags: docker-on-cumulus - name: deploy dhcp server - hosts: leaf01 + hosts: mini-lab-leaf01 roles: - name: metal-roles/partition/roles/dhcp tags: dhcp @@ -78,3 +52,31 @@ tags: metal-core - name: metal-roles/partition/roles/pixiecore tags: pixiecore + +- name: wait for switches + hosts: localhost + connection: local + gather_facts: no + vars: + setup_yaml: + - url: https://raw.githubusercontent.com/metal-stack/releases/{{ metal_stack_release_version }}/release.yaml + meta_var: metal_stack_release + roles: + - name: ansible-common + tags: always + - name: metal-roles + tags: always + - name: metal-ansible-modules + tags: always + - name: metal-python + tags: metal-python + post_tasks: + - name: Wait for switches to register + command: echo + changed_when: false + retries: 60 + delay: 3 + until: + - lookup('metal', 'search', 'switch', api_url=metal_partition_metal_api_protocol+'://'+metal_partition_metal_api_addr+':'+metal_partition_metal_api_port|string+metal_partition_metal_api_basepath, api_hmac=metal_partition_metal_api_hmac_edit_key) | length == 2 + - lookup('metal', 'search', 'switch', api_url=metal_partition_metal_api_protocol+'://'+metal_partition_metal_api_addr+':'+metal_partition_metal_api_port|string+metal_partition_metal_api_basepath, api_hmac=metal_partition_metal_api_hmac_edit_key)[0]["last_sync"] != None + - lookup('metal', 'search', 'switch', api_url=metal_partition_metal_api_protocol+'://'+metal_partition_metal_api_addr+':'+metal_partition_metal_api_port|string+metal_partition_metal_api_basepath, api_hmac=metal_partition_metal_api_hmac_edit_key)[1]["last_sync"] != None diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml deleted file mode 100644 index f8e08cc7..00000000 --- a/docker-compose.dev.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -version: '3.7' - -services: - control-plane: - entrypoint: - - /bin/bash - - -ce - - | - ansible-playbook \ - -i inventories/control-plane.yaml \ - obtain_role_requirements.yaml - ansible-galaxy install --ignore-errors -r requirements.yaml - ansible-playbook \ - -i inventories/control-plane.yaml \ - -e @files/dev_images.yaml \ - deploy_control_plane.yaml - - partition: - entrypoint: - - /bin/bash - - -ce - - | - ansible-playbook \ - -i inventories/control-plane.yaml \ - obtain_role_requirements.yaml - ansible-galaxy install --ignore-errors -r requirements.yaml - ansible-playbook \ - -i inventories/partition-static.yaml \ - -i ~/.ansible/roles/ansible-common/inventory/vagrant \ - -e @files/dev_images.yaml \ - deploy_partition.yaml diff --git a/docker-compose.yml b/docker-compose.yml index 8ff11d91..f5ee9694 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -25,7 +25,7 @@ services: network_mode: host working_dir: /mini-lab dns: - - 192.168.121.1 + - 172.17.0.1 - 1.1.1.1 - 1.0.0.1 entrypoint: @@ -44,8 +44,6 @@ services: image: ghcr.io/metal-stack/metal-deployment-base:${DEPLOYMENT_BASE_IMAGE_TAG} container_name: deploy-partition volumes: - - ${VAGRANT_HOME:-~/.vagrant.d}:/root/.vagrant.d - - /var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock - /var/run/docker.sock:/var/run/docker.sock - .:/mini-lab # for developing role dependencies @@ -55,16 +53,13 @@ services: # - ${HOME}/.ansible/roles/metal-ansible-modules:/root/.ansible/roles/metal-ansible-modules:ro environment: - ANSIBLE_CONFIG=/mini-lab/ansible.cfg - - ANSIBLE_VAGRANT_USE_CACHE=1 - - ANSIBLE_VAGRANT_CACHE_FILE=/mini-lab/.ansible_vagrant_cache - - ANSIBLE_VAGRANT_CACHE_MAX_AGE=0 - CI=${CI} - DOCKER_HUB_USER=${DOCKER_HUB_USER} - DOCKER_HUB_TOKEN=${DOCKER_HUB_TOKEN} network_mode: host working_dir: /mini-lab dns: - - 192.168.121.1 + - 172.17.0.1 - 1.1.1.1 - 1.0.0.1 entrypoint: @@ -76,8 +71,8 @@ services: obtain_role_requirements.yaml ansible-galaxy install --ignore-errors -r requirements.yaml ansible-playbook \ - -i inventories/partition-static.yaml \ - -i ~/.ansible/roles/ansible-common/inventory/vagrant \ + -i inventories/partition.yaml \ + -i mini-lab/ansible-inventory.yml \ deploy_partition.yaml metalctl: @@ -89,7 +84,7 @@ services: - ${HOME}/.ssh:/root/.ssh:ro network_mode: host dns: - - 192.168.121.1 + - 172.17.0.1 - 1.1.1.1 - 1.0.0.1 command: --version diff --git a/env.sh b/env.sh index 9a052247..b886c81f 100755 --- a/env.sh +++ b/env.sh @@ -2,6 +2,8 @@ set -e +echo "Obtaining release vector variables..." + yq_shell() { docker run --rm -i -v ${PWD}:/workdir mikefarah/yq:3 /bin/sh -c "$@" } @@ -9,7 +11,7 @@ yq_shell() { METAL_STACK_RELEASE_VERSION=$(yq_shell "yq r inventories/group_vars/all/images.yaml 'metal_stack_release_version'") RELEASE_YAML=$(curl -s https://raw.githubusercontent.com/metal-stack/releases/${METAL_STACK_RELEASE_VERSION}/release.yaml) METALCTL_IMAGE_TAG=$(yq_shell "echo \"${RELEASE_YAML}\" | yq r - docker-images.metal-stack.control-plane.metalctl.tag") -DEPLOYMENT_BASE_IMAGE_TAG=$(yq_shell "echo \"${RELEASE_YAML}\" | yq r - docker-images.metal-stack.generic.deployment-base.tag")-vagrant +DEPLOYMENT_BASE_IMAGE_TAG=$(yq_shell "echo \"${RELEASE_YAML}\" | yq r - docker-images.metal-stack.generic.deployment-base.tag") cat << EOF > .env METALCTL_IMAGE_TAG=${METALCTL_IMAGE_TAG} diff --git a/files/certs/grpc/client-key.pem b/files/certs/grpc/client-key.pem index c8685f3d..1f104857 100644 --- a/files/certs/grpc/client-key.pem +++ b/files/certs/grpc/client-key.pem @@ -1,51 +1,51 @@ -----BEGIN RSA PRIVATE KEY----- -MIIJKQIBAAKCAgEA+gikuelAuzyChinjKDGBPiX0ofyNc+S7anMW4hHlNpdxt+io -Kf6cxtYQwFMPBYVY0h64nUJNowrA2IDwBCgfgNIXZjn7KjNHX2eVuNEWTtNCxaLW -ldTM7rpcGqMhOyUicYQACDCd9eyl232Whdx4J+mNRFiFcgeKFeZ/3DeGi3s2OmWg -f+Sn/m7jvz3Vy/7Ze5oNDZd0XtAMbVEyrinJ2imEMWnXemyhV+fapf7bND1/py9r -RCssAIivOAWJGIfyzu+V+6zY/f6NctRiEuNGyKUlZUfh9tmyJeChZnhH1HMXzbzW -Mh7HjyWPaMP22snFeG+yLwKUKJ+eWNY3RSfVK/U0t4Rf6v5+6WJS1uI4BuiuIiPo -upDXmb2bm3edFVcfT0fh6kHM3+SSqpcUuU2Y0ayI7kQuZ5ah+d/7d8AcrTKCRqTN -V+l0YlwW6g7AUFBQy/yUZcz9bjqZ0Cti274dDq3T9Kt4JEw3RSx+1sD+x0Trm0jL -H/GIkZNdS9pNY6k6letl779QZp1I3IAgg8ebNRNotIPbKTNIDdusgznIV8zWLEdK -k0qbkdGXryeexbu2Bjjg64JAA4XxWw/e92Px5QjkuyLj4KOm4R3T9wicB2PlUZBi -PinExEXNeIBfzyFeI5ecOW43F6077aDInHM4mwj/Nf5l6K/gE+icKtC2HcMCAwEA -AQKCAgAMXWsQCpn56Hcn/WBPd4tFsIjVjfDM323pSMHD8lCcj4a/KpFOaloEd0ei -yzi99Cc9VOmaVVITkw+QZWf5PKa6LymbE5j5MEoCTNQZrLVmtonhzjjAdiKgV7UA -WDrneuGmLXn27biSFd7p6N8NxaZniuRCkgIfboIErT57fH953GEFKEt0p7ErIv6+ -UWeGTBcjRq4IkwndOnqy2UYhWM2zrUPtUaenVUHxX/TvKphakAQFF5I9b8kgSaIo -qhVqkiaO10hahuTAQttp51jmSDkS6R/dT128YG2v89jngWFD/2EY+pK5Lc5+pMPf -0XkevsW2PAfazUzYaXRiPk3DbMHc7qA5bpX5jdFBrB5SZYYjHOW9deFZrThzS985 -I9Krd9lyOr09pZbw2AduAbI+1bXogY5qSaLzAiShTvG4rHk7AYxtL6Ph/+Ir3bEE -Vs8/h/zZu044t0X8NjFuatlxtpPd9rBF4w9PpSR0Tps5/hrdKpsUsaG+uq1OF2IM -Q8EZ8eFyp4E1cRy5YNZLcaxba/K9sFLjjWUwufOa/z7N36NLGI7ls9w6hr+tQFSV -5T3m6uK98h3XTeQEf4xykltZceVdKfYtCGwH1YgR87Rk036sr1rNDMQuK4Tp7/Wy -e92IBqstZS6Hw1F730j+iSib9dngf0lmxlTrE3Bw2SKxgmiXyQKCAQEA/tYRObO/ -JYZ23oUYBXqUoAVegcb8YkaOSlXk80HkFdnD4SAU+MlmhapONOGoMz0JYoLM8YoB -59L9p16gLvCu0ZVIk3CKdWFUlFwta/cdrNmDbOGTbCG601V2Y/ozCu/rgktfrI5g -kvdfeS0ZvjObiqPPKZzhum0C/W5NJ4kFJ9dcvRo1M7B9+OgnZDy0DeO9iTRyWcmG -A6CE00AJ83RRfJmebe5QnxYaSIQUAN1HtTwlEDHjTUuR6JpBEjzHAQPdo3dh7/8c -rvErlwwbFz9slJ6+yZxKg49ZzPd03JY4XofnJ8xumx7AXTyXPQwlYBB8vYhWf+Uo -EJHmQH9mh3/lvQKCAQEA+yz2KdxDj3KaX8kfonvWCvszCU4XE8eVp10DcplVO4Mm -H8nwO8ayt+fOHcanQzcxn1ZQtiX3K+ACz45q3T6tCdjK4NvDwaCKg1XJrr7nB0bO -l3FrBeM+zZWo+1CaKhYb8DHjAnOzapHZ7Szh83s2q318SaQ49/5Zh8iidLuL2I8t -alZlczRJ1PsvivZx8U+0l6pa8bEaw0G5Tmw6NRh9H4BiWIlU/zuIwReJoTQDIwSE -R74qHSdwdsxjn3xyy8MOAWbK+SX9QbsKxbTwaNS7MULobv/a3upXXe4SDNcau/Ln -Vp7S+OkrkkdjfVEccHRQcHBP6kRLYDtvfLSH2iWJfwKCAQAEymFohEiDnBN/+2CI -OdWxbGhqaCM2db0XCKZVLFftUTqtcLz0MFUNDjaKJ/PRgsQ6ZdsUb1O51+2Mx+qa -90tSBUxn+SWhL0M3xsPT08FrDmu6EEOFNN0eO+0N1BZBjmEPAfu6crK+EIhq7r4d -JTs3T/0E+z4DEymLOheZNqoyJYpIw8VcQ2Ua2MJkz/9Sg4V8ns/HgFJUnx/gGMQX -H4ionvqrdl9tnizAUDtQCNjgP1EzDL0JJvKHPN8cSKg1DK2N9SCSMmmHoGEBZejc -dwTDhnhvsdB0yK0XfU9lFi3ZGRTvWph5sgpLtmfhbekF9UljBr0ZimVGane5nqt+ -wJjBAoIBAQD5vQi9Ml6SYHaRyp4DpnF51a43EEftyMJJ+DeXWFHgrFPZw6VzKetE -49ySypRARr62GNKDaVhLbZ4d1RL4DHtskPuXe6s1+HQAhenUL8fx+jsrZP/uiLZH -Hwk3aDsAoZ8Bwfhe1b+MtJwkMD4xI0+GT2ymo/xox6MpWRn+SwOPPT0AwAp684B9 -nYr19nfwYTnEmwN10Iw1nEGtcfqmFEVEbxhZw6KZbA5bPxX/DIIZ7UHBO5kQB8jQ -tgRP7SMO6lAgoJ4r/9PB6UGatn9bHDlLj6UfyJFMl2Bq6m1UCwRv3+KYw64tA1np -RcXsMhu+zEe2pFUxLtprQm1lZvK0uiHtAoIBAQC9DInh9UZrI0b8mJ1lvenRS+bu -BqaHUoYWJb4+IKuxSDRmYM73WuFpsDPZztA5JDa28CcbQiGkG4kiF8NiPWfolXwr -cjyU17roxbL9/ywfm9okCqu3W6dDLYvqvtZfzrP4Mk9zW6fnX/nIopwojiBKrrsv -fm9bC5yQlNmlB5u+8HlDiwCEyxS22aH9vHfb8j3ZbaJd0UwrYUF5F+9lYyl77UDq -A/P+jQWBBN0Kpmglm9e2NN4U/tOxzxa2K+rPstMSAsS22RbwfZUBK3ovjUKxGqtS -YA0f1TM2P5dTDW/T+VbXJJqWYijPiWAHcHl44/H7QBey/UivARsnKpCLWXLS +MIIJKgIBAAKCAgEAobT+zRw1CAqc4nc9ZhtbZhRbOQa/kvPCzYL9JLmLQl/GrFh+ +M+F9pHwKH7UnF5aNTchc9073/ZxwWg/OsWsFB6br0RqmqZ2L6txj90BNs+5oLJEP +pG7omb6pLRsQCZrMXlNuIvKbZ0pzke+txP8i0nHZFSC/o7bXqBU6c90FZBEvYo7B +VhzoxCPD1oKIZ712gQ5ojKqDwL93sg56gMpC8/PI6QIheV/K5Xgk5m8Rra67ihyl +/NucMUBiasKCH8SLhAUhwQ7zJGcbf5yVX6yc06nng2RMZaDh9+y3zdoyqicBNyYT +osKxP2uMMNlQ4F3AicAXkPkGJIDFc+cpDLhgI//HQYaeFCR+xgKnsg3UVjaiayai +YOg8nQgWNSzya7Kx/yd1mAEk1RuBYCuOiZElKF/FUXnv4nwM0MvYdyFvCp2LdYlC +pJgB59XnZlHw4O8cxBYzr8oX/yYwuYXk2ceD22mn7+iy8Ii5T0wCFSGGFcAcPelJ +QRRFyrCWL8ZnGBVJLpqGjLq4mr65ubuWdVbCTbU/auGbTQBKcUT5msf73PDggjix +woFb40t7QPMnoerwcXcITmKCxpzbtegDyLtpUzWc2W8q8z813Kz4lk/AIf0b9r+u +NVGRToLjylFg5rYSx3L8ikDov5mf25+0i4lmm78Xyd/LbZ5ueE7Hhr4DrU8CAwEA +AQKCAgEAgmK5TNMgo4JDK4tvs2P9l1p0j4+0ap4oBaNH0BPXiMZHIHIeGGEJ+NWX +KCfeBHP9LamP5E0FQrWgFc5HH+El5hyeajVuCreguNfJtvRfcuSZlM3GahSPcmA8 +csUuckAh5zCoTn+F9IwgkZxLZds+zabEnfeQ7kWgr8OmJQQis6PzrCllFLUsrfIU +l2Ma72LiKX9fp4RZxdHchnKMLkpoH+ICrnZsXTxzEgGE51TJUVzhlKQy5qaA02mR +sXlyiIDm6aVlqRAP1ttYXdX4z3MT5MtLhDMcMpm9ejWhotb8IRxgK4KFNKh9WKC0 +IjMntjGB7NA5cEiKvmYiT6kk/T+xLC0pBsF8qmZ4yA+reZMFh4YWqYPxflK6Ln8N +nEHo1WPxPAbePm+rwTEApaeL24hkR+Mqu/R4gP0sjwFaThCGHiA7K9BZzbQqZX1e +p2nT7DUUrvklDGt+ytW8E6hIKDXOgmYZZutfxUr5aNbeQccKj22iY727JzvVKj+7 +zWVLKEiptejcYURr81MFZJ0AEPdJKKUfD1Minn7XlMb5k0ywwGtLH47qRH8OWD+u +qJWQfJOk9sgqMnkBb0tSniH64Hhwx+v7YXS/WoWM/4pJ8Mlj++mDgk7nBHiBuKO3 +qdELeC82PHLnixfNBCj8LQ4u5sIJDb4YlJKVtYUur6xfXmnQJkECggEBANYQve6W +ZTgoqhEAX5q7gkPd2EZg6DxogBYDtbdzkFWlWtKj8Dw9Ib9WzAhXA7E1kgAiyE8b +ImwAwPJ2PA3mw7CpGkN0Qn4TvxydN5K0KgTS/uEVX/AdLStqfJBPPtM5m0OHgE99 +aYagpHdEntmtG1RBWicq/k4ZIg2bqiaBTmNJEuEGshLwm2neC8w2ZJmRJDUvKT2T +TYOtBIUiTS/BJn84mBT0va50Rdq1V1ypv1Ih3RlWPF4IyBA1NzNINgtOxA4YlBl9 +UpkiARlerqr5t6VgEh3E0d9UFykdDgPk9eCjmZnFhSgclJRwhJoq4VL1JP2pIW5V +CR+fThBfOuVEKO8CggEBAMFigpfpZVHGecVUDFATRz2STco5BW2giDyJgx5xjWWD +vX+KqXhSWVcIKirLzeH9qg4FUfoxytB0fWxiie6Dqq/vAWJy7r0JKMwuyunLeSW0 +/A2o1rsDL2YtoN3T4mHf+FcYpVSRfPAIUp7LsTGTWaeBuV9wtw7DWkMdVsv8Lm78 +ZkKKVQ27x9tWzOKJ7V4KMqP6PZvw7hoyn7nMVW/JcSSCQ3kEgzdgXRmdjSIyvuMd +XnwCCnu19qOzfFz5TMjVeqnBfTm7Iz0VjYjUVt4qIkmXOIX7OCrdFJlDNWSyom5m +CgIGff7awBO4xQZcjYYLdVXeDNI+zQu+3mICfUPTAaECggEBAK27lrp9exbSAfyc +ZftJtVZpRS8RVUo5scKsLh3+f6TS99w+yynIn4wP4LXgERIQnTbZA+MX7Z7kGbRu +exz5LddB1xvpzlFOq2uIuWKqL/QMXmnFFEDnHRLAcOoaNq3tcfKjlWJuMWffFrvp +iFa4JJcEFyv0u8IcqcOLk9N+XGU+GEFjUsEGX8vTN5X8izcLUeyMIxdjZqS4lhOL +HEPmqdzUzLEtVIiyu0LerFF7PthkvXHjyEi1LdHhrrRDJgGVYo7iKchqKtA3hdbW +PkJrOz3Ps8RPSdnMAKQQfaBxgZBYlr/zS7ebQocarrQEmyzd4rCwRH6sKyRsAUpO +T5lk8ScCggEBAIb3JKO3HaJr/dKNbSZ5ve+n6yimkTZIoqx1YJBfucpOnnOkJ9C0 +0GtgZGWH5cHCkuvEJMmT9LN1iY+aWh+fvwGYsgOuqRY/jTyrr6xp+LwrSvqRioPs +nikW0T3gQhADC0RmDAUwoNy5QkhXauxppVm1vNVySiBAkP9kO46UCygkeY4ZE3FJ +TBu1wbqdfo9yWJN+836hMNwR1s4KYNpq4c8UJtkQIDAGzhMxlS138yd4+NddaUmb +3m2zt6j/yOolq71MMASZqedY4nXLlHDrQRDRPH6trS6lK1onwNztm1WnW3a8ZzT2 +ILXi74cYEyGpX5O1LIeTkvGOnZAToq8yVeECggEAbuihm/fm9ai7kSTozX9kDe5V +V4hztj0bOWkpJg+L2aiDAJO0HIKvQmStK6vuwK7tU8DgoNE8TpQua6WnhRMGcwg2 +XKuEGgSBU63iTqqA+yqjAxVKoHSqaLhRpJdE8Tf1SxjODoMn4XHqq+bUZMmT6OeM +7TqQQpYTucyWeyU/OzWknr3kYl+tAHDEhv6Hlc1XtFYgBHwyy6Sgzn8p4YuA9Htl +l9K70k/nj3DTKbUzcpMg0FfVZNwLBXdSy4zW3arobLcFFefFtDCJ6vGityASJD5m +W+B9y/QIDxIqN4NBR9SoJy4DNFFcSpGNN/VKSrgsuShcStDPsP5UTjzT6/orKg== -----END RSA PRIVATE KEY----- diff --git a/files/certs/grpc/client.pem b/files/certs/grpc/client.pem index 41c3ad37..8cac369f 100644 --- a/files/certs/grpc/client.pem +++ b/files/certs/grpc/client.pem @@ -1,34 +1,34 @@ -----BEGIN CERTIFICATE----- -MIIF6TCCA9GgAwIBAgIUSJy+tSDZzxNuanlok/vfaK/bfccwDQYJKoZIhvcNAQEN +MIIF6TCCA9GgAwIBAgIUKiu/iXdkkbH+Sf7xHZ39ENVpXhwwDQYJKoZIhvcNAQEN BQAwajELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0JhdmFyaWExDzANBgNVBAcTBk11 bmljaDEUMBIGA1UEChMLTWV0YWwtU3RhY2sxDzANBgNVBAsTBkRldk9wczERMA8G -A1UEAxMIbWluaS1sYWIwHhcNMjAwNzIyMTA0OTAwWhcNMjUwNzIxMTA0OTAwWjBt +A1UEAxMIbWluaS1sYWIwHhcNMjExMDExMDgwOTAwWhcNMjYxMDEwMDgwOTAwWjBt MQswCQYDVQQGEwJERTEQMA4GA1UECBMHQmF2YXJpYTEPMA0GA1UEBxMGTXVuaWNo MRQwEgYDVQQKEwtNZXRhbC1TdGFjazEPMA0GA1UECxMGRGV2T3BzMRQwEgYDVQQD -EwtncnBjLWNsaWVudDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPoI -pLnpQLs8goYp4ygxgT4l9KH8jXPku2pzFuIR5TaXcbfoqCn+nMbWEMBTDwWFWNIe -uJ1CTaMKwNiA8AQoH4DSF2Y5+yozR19nlbjRFk7TQsWi1pXUzO66XBqjITslInGE -AAgwnfXspdt9loXceCfpjURYhXIHihXmf9w3hot7NjploH/kp/5u47891cv+2Xua -DQ2XdF7QDG1RMq4pydophDFp13psoVfn2qX+2zQ9f6cva0QrLACIrzgFiRiH8s7v -lfus2P3+jXLUYhLjRsilJWVH4fbZsiXgoWZ4R9RzF8281jIex48lj2jD9trJxXhv -si8ClCifnljWN0Un1Sv1NLeEX+r+fuliUtbiOAboriIj6LqQ15m9m5t3nRVXH09H -4epBzN/kkqqXFLlNmNGsiO5ELmeWofnf+3fAHK0ygkakzVfpdGJcFuoOwFBQUMv8 -lGXM/W46mdArYtu+HQ6t0/SreCRMN0UsftbA/sdE65tIyx/xiJGTXUvaTWOpOpXr -Ze+/UGadSNyAIIPHmzUTaLSD2ykzSA3brIM5yFfM1ixHSpNKm5HRl68nnsW7tgY4 -4OuCQAOF8VsP3vdj8eUI5Lsi4+CjpuEd0/cInAdj5VGQYj4pxMRFzXiAX88hXiOX -nDluNxetO+2gyJxzOJsI/zX+Zeiv4BPonCrQth3DAgMBAAGjgYMwgYAwDgYDVR0P +EwtncnBjLWNsaWVudDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKG0 +/s0cNQgKnOJ3PWYbW2YUWzkGv5Lzws2C/SS5i0JfxqxYfjPhfaR8Ch+1JxeWjU3I +XPdO9/2ccFoPzrFrBQem69Eapqmdi+rcY/dATbPuaCyRD6Ru6Jm+qS0bEAmazF5T +biLym2dKc5HvrcT/ItJx2RUgv6O216gVOnPdBWQRL2KOwVYc6MQjw9aCiGe9doEO +aIyqg8C/d7IOeoDKQvPzyOkCIXlfyuV4JOZvEa2uu4ocpfzbnDFAYmrCgh/Ei4QF +IcEO8yRnG3+clV+snNOp54NkTGWg4ffst83aMqonATcmE6LCsT9rjDDZUOBdwInA +F5D5BiSAxXPnKQy4YCP/x0GGnhQkfsYCp7IN1FY2omsmomDoPJ0IFjUs8muysf8n +dZgBJNUbgWArjomRJShfxVF57+J8DNDL2Hchbwqdi3WJQqSYAefV52ZR8ODvHMQW +M6/KF/8mMLmF5NnHg9tpp+/osvCIuU9MAhUhhhXAHD3pSUEURcqwli/GZxgVSS6a +hoy6uJq+ubm7lnVWwk21P2rhm00ASnFE+ZrH+9zw4II4scKBW+NLe0DzJ6Hq8HF3 +CE5igsac27XoA8i7aVM1nNlvKvM/Ndys+JZPwCH9G/a/rjVRkU6C48pRYOa2Esdy +/IpA6L+Zn9uftIuJZpu/F8nfy22ebnhOx4a+A61PAgMBAAGjgYMwgYAwDgYDVR0P AQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYD -VR0OBBYEFA8SVVO2uAirCqA3x9IDrhJpLNuAMB8GA1UdIwQYMBaAFNb/mp5U7O6Y -oPKQjmY0tMAP+kHWMAsGA1UdEQQEMAKCADANBgkqhkiG9w0BAQ0FAAOCAgEAeidm -F5c+lPLtom+9VROqQTfgq4NG0gSAfvWNNxyRqC15OaI8VqcS5QZWp2dZNTkkfESq -JWamKOpnao+Z50RCf48UKFZdWabwDnRxQ+qM5mQ5gUf7AQEKhQy5Bnq/ivspWbmR -abBMBwtOHKVv0WDuVuwdVRuWEETv8f1MauimTp6yT9YMy+YscZby6jOB15OtVS9o -FmNXci6dsSR+OrCtqjWG8b9vLWcJ8RBE3j89QlUScW7Gfz63M4OvFlThdy8aoZBR -MaYxjPl5iuIIrVfk8NjRKrwYqX8iTtI3cMHjZCT8cNQsNi/m410zjPVow7Vav1hn -RWWHJ70luy43GIJ1AGZ97HrFL730/RREqd9AM6f5uYe0ruZk74Zkmq7tRw9JkF+M -KthZNv3L4vSbGPuXoIBHzS/Vz87xIc+ch2Z+docF9phtQsLMghXzFuaMyhfzmVZe -xbr2aoJ4MaL64GKng36Df+fgDfLh+o+FKW5CUXYoIuA4irwF2ZTvTeeAfDFDf4AG -arSTcA5SEN+LtmbVFIXvBNPppM3uk6z16+dI9CsLAhsvbQfI2MPO0nhBzrRP+ZmO -N+RLmuaGML+JnsJhQ6CnR/jBzFuHLg+JO/SqsZPKrNrnVIdkrTTeU6SIxLJrwqrK -eGCfj+/qrZU8S9+ETHDacboVc/a517a5FICEomw= +VR0OBBYEFNJ8OeOk4zc6llRfaGlPRruwDds8MB8GA1UdIwQYMBaAFNb/mp5U7O6Y +oPKQjmY0tMAP+kHWMAsGA1UdEQQEMAKCADANBgkqhkiG9w0BAQ0FAAOCAgEAIVnX +6Dz/2VZcnpcHS789/WqVdOzx9H+Iu9zVlPpzhFfoy2lJVQ8oYQ/58o8EtJ2ENW/X +Qt3Cr1CF3Hi+C9LUKIQcovaIjLf4bnqaV5qKpHOloPeAygn2LpactHMiLyd4eDvy +Us9zueyEhAmOfbyI9BDKZ+E67Sd62DJdhtuHcNA1PjrxZQSVoFnsY5d5OeEg9/4f +DUDoQjOao8WNnZ3KOfBUT+zJpfvE8NCdEL/ANDInoErXKQ2/WP7Pqf7pdKd4dkGN +354rlsDe3ODRvjQoHXE9SS4hIE0XRsaac9cP3pzf0wGaWCTZ11MZ5sWXCnmKBPgO +HKxLFRzMHvOKLs3wL3zvKQdv0M5cY53MAJnWy+oDoTwloV4/Dyjr+qN2Qk30PyDJ +TpENLnvbXtAVBJTid9zhNDKGAaYCfU8ppwc9WjRJK6PqtT7j2UPVu+Qro+AMTCZm +bgq4oGEtpOnn28ckU4CT2w3dhiCBUilJbzp4MK0CUuihXY6eCDYcZnXRvF58lHIi +Ht0phOgMf+GGA3meggb2BmC+U7cyu+uloyQUbrydWNdUzyuZOmtf1XzyhhttC4M0 +8uEfedy45XfiFxg2ssT2HnY5Yibt2EJWUPsEBVdfuj5qG7/4nF+I5dcqmlZGGxyt +G+prmMT1oUDOs4fPJUENPNu4b4/8PTciQKSla8Y= -----END CERTIFICATE----- diff --git a/files/certs/grpc/server-key.pem b/files/certs/grpc/server-key.pem index c12571f5..64131008 100644 --- a/files/certs/grpc/server-key.pem +++ b/files/certs/grpc/server-key.pem @@ -1,51 +1,51 @@ -----BEGIN RSA PRIVATE KEY----- -MIIJKQIBAAKCAgEArLEGk/E2Rq9MBXmyqxRpFUxeqsqV4IBXS3IHPcz4LrSDZOco -ouaLnZlF0c86YFJdCpRFtJlzWpsimnCREW4Lh6zzbrFJ/HKYl9fMQpXt58SwpEyS -30p/1U33joEoNb4EU+1J2c0HqN6yDxC9dlPdizZA74wfcE+KXHJzIu2N+LxMS/xg -5CYQhG7v7AbBrFlLJMwCOSUd6/Ewqw2nr5mVj1FEeD0c6neBEV3J9v50GE+0mdou -kEJpvV4NSYbBxSceMmBukapnH3Recu0fz+B84S9oYUf6sFkRF5R/ko3GolE+oXyW -YgAXHo/tcuJdVwHE0vzlDZgZJnj90bb1Zx8Gx3BX2ufO9SWXdRvBXQT74SNHHXx5 -9iM9IzrTRzDa1xn0rRAmG8Luj7VoVMtpc3UCAOsgwxPWubRmbxgUTdpA3u7IPD3n -FrjmK4STCc/3KO5mAFIcp/P3KzZ9zmcoTBXhu4XvdKpPwtCl5Jx6u9rO/3ZH525L -6hBtj0vUBvFmFZlaNv8uHu+BAa6IxJjyobMvdTqsiRAXyYli6xjVS57IPmBYYmM5 -YwYvhf46pcSsosm6JnNSl6pokMYcQk8VSXaKtFAda4KEXYEHuQejftqPLDD5CRmY -wSalYykhqUQaDmABFne2DfYSfydrBaO0WiYWXuuAg/ov9RC/bAmyZReATzcCAwEA -AQKCAgAPRcizJM4MCkzK3yxx/OgePhbRPAFtTWxq+7awPIRmfQhx0A/D+Ge4lGmc -WJttEVuxJ9PSWQ/en4G77uCljfnvEdilnYBRl0DvjOI/sUrNCJQms675mHkdwDt4 -muuXdSqk0YOKg5t9z9QniO94m4ooWa/8f4P4RtCRxH1yRVgc+2oz/ioDg2pKjBUj -5qUSPQNsSa6YpzOyPi5zsk12NjsH5cQMbjs0cUU05/qIoZBa5hGu2aDsmTMI0FyU -eBqC+SauheDBeTSNj5kayOXbWJsyvyKYF+mP1xCv6S4vI+LBUDYdygryt9dTmJ8D -XgmrPDjQABWx0hXHVUP9XBTv/cp3i7md4tnGw96h17w4iMHqFK/f3gHfJ8xfXLXb -WUnsVzWeniPZchJeCu15ONslfSTTajVwiKedtoRzMnc3ty9QwH8XBUeflsdPJ5Ou -3pe5W+U2NEaFxp0aUwdLWz5figuQwRS/B8oOP9n7PH9GhUjXJGTor0B7wJVJDKuq -uhW6BtFpVJ2EMWZM6VK1hAoJY+87lVv3De7B1f2M1tiZ7KXBa4ulWgF9nT/7cnto -GDMt5rNWnU0k0iKBGBuWho5FJcNKyULyf68lZTnh6+v8FzhPwBrBsK28/Vjhx6Xx -xnSNez5pSl3xu6Tx+QgIgxKC+c/TISw7n1ORXF8P6jqME096QQKCAQEAyQ0woQ+9 -yKB3nd8trxlWhp4NI+4eJX5jfAOvIfubIaaN4FvWl7yFrlokua1Qrs0RBR+Qo4KG -nAoV0FP1vTt9AWp4GUHxc0eBT6wgbc/aSt1BHR0pXN2PVK/9HUx71mi4kwM6MuJp -i96X5yYvXBbd/bX4vrk6bghc4UoLKVsxjNjW2m4vFN/j1x6GNww4sfMO0gVt2zsD -/mF0Jc8oxgBWqP2ADWeoGSFOrp78GJ7YEfBvQcYA38397up7eF857NYRUcaWY4wV -wF/NxzCRPpXgq9B0KdxYfpsu3VCERodosMuuOjLVaxHiv2P773IQvqFkbTU/f41Z -LavC97G9zdQK7wKCAQEA2+OX4bReKJuTB5kHt6doOO4eZYsV7grBdtnWo2X21y49 -aJHt+9rvHbDlw3PF1MS5hpAudZ9bosb73iuqVk5Z/Da+HrK2CcavM+Su+wnOCYm2 -1nIQpiq0bxJC9EWx13OWcVrSNJi4aVb5vSttYC7WJ0xGfEk73bY3zoEtLDJIuo28 -dE3FJZsB8ZRX4PK21K/KBsuo0JvEGLmcNb4yKYjrA/v4hez0ZolTpYWkNmvdtzQD -13TSL4Oj3NFfkREPiVU1bnNJm/tpqE6PTUMMj/E2p3/HfXQTXQwvreIK0z665OwQ -Zi5pw8XiSCM8zWPDpeAtgghF6XH+TACRKZFsjNQgOQKCAQA1505pcFH+z18iuaqC -7rUvJIL7ZiU5AjjkEAzNfKrsC76wL49KYWYqB8se6SPfqeVtTTg3TpCOl3mfwFL7 -aE6sqYIHq5FzyfEWjlyndHnfZpDFoILtfg2mtASV7WKqaqtJ5yycZe3MbWKmu6so -8oyUMEy/veO3ipB0aqixbtzLGXwJVk9TNm/cxjdP3Pv6YeNQVdpNU/ZPJovAc1lI -NOEHL+g8L9V232I8GS4X38aokKETrmWfm5gAjWeLL2TVZdOA7FB34iAW0tjWFeRr -Nj3lct8iNgyX7T1UYvkD+9wKwqE0w1pK+aGklMcAPMHWimjlisg6h4goYYvFYycz -Xy2LAoIBAQCxKf+eX5eZujdNYNPh+eS0Mc6V2+kwYMQdgUg5YJbwKpZZoXIQgQY1 -cui8gJP9aP9d1t9H77yCOzaFe8MDRJ+l4WlvDGg1GjrhYbhGFVFHSAjjYQXfC/tS -nnEJpPmz8LJe5GEG9aFnZidTbiDy5OmwwfjsfIjais0N+fAuctk8TaRwRJS6Rtjb -Dr17RbNfS79HmGGMqmPl0+5zMqnx4xoPnL1REmicELsvWqzDGEeMK0GJH9uVYsfs -y1jnZcqRyPCC7Cp7naY0cA9vnb0KYLu7Wu2dO5+6UW48+Cnmp90nQre3zF902AQI -QTPk/COPiz6/TPEfNLRCAhbzWfMOyH6pAoIBAQClraSpBx4huIYBo3PZ0vvCQljY -KmFHJfFF0eECuAKFm11MConog89b9zBBmbpCO0GFvfG4kdCqhEb/od+rURtGpPBr -j/PK85CAUgkyIRtNgq1l15cetqH5C8N8lM/RKGEBF01fZybKNlrtEZFWxaXIm3u1 -GhXBqX0QLiNLPbmssgYIpWw6e+DsFk+t/tKUET1M8iHBZL3EF2IewU+1EgDwnNVH -1t4CUCr7hs0b6WCCYIek1zk0xWAnSLKX+8H5AbdzqGFZjL5rbO3pTOAPJrO/DojE -1XOcY7PXNZjyyCsAkXApYfw1LbMsW9vOC4FHJmyRKd20XTyv7Q89OD6ETodz +MIIJKQIBAAKCAgEA39yEZD1YHw+TpGUN26rj5Ra2BoA4MHm8ZsOVhv2m+sqBTfP9 +KiI/1qfsB6ghc45pL9WLdQX9wN2+D6J8DRrmU6L74IKrNsukkr/f76BSv3VWCMbN +QlOa1sB03vlvoRPRFNIfuD7OivBu8Xwx/Wlv86iqGVicLCPQ7aGOQ5yFVa4X8VWP +dfHafQIMc+CuY44s0u71Qiv0E6JZ1/IhRCHGYP850GR90kXlfmd9Teu8+p7IQpjt +M8dgwT6NR+uK1WlP0iD5lyULjaiD6AEOi8TKi4+fV1feTr2g8i5kUrJyyU2i+o92 +EDXYMbsBlMh8IS0kbXKZkpnCzo8p7EdRED0FgNIv1vmyNPBdhGEvtNas4VRK97zB +ZWxQYOiFcmmLGufIgRnuKN50gJ7zxXgGcKyDZlCgc5usH+JaX19JvToVNrHcME17 +PF1yZ8NAFO9vKvkNM0/8FbKPeZWEu6/WCUX7ay+xemFPEq9zlJ5d/5FUg5YmbGLS +78SaQQvRTLiGOjMYGRYYGuF+PBM97KcgQ29GWf6ebrVDI0rAojuUjKiR2/Ac55E5 +iqUPvG0QbQ6R0AJUW6yPQJwdoUC4uRtuATkajKo3Q5KCGNLsxsYtHZiEF8YtWfEa +vzlMVxETxejw8Oxiz3aAVkCcwVfit1XoPbpRffJcJL1GrkqIWG0mVLnIb/kCAwEA +AQKCAgEAuu4D60RCQmWabssngEe510FYrCMDSI9O4CzvvnIurfrNcI+N1lIVJqS/ +9kDR9hF0CkpyEjz3gMZo/9s5ZSQSMsLFOttCJxZzjUsFrq4cit1rAxcmrPztLeg1 +bz+wlDvc+lrfu9VOWTyeF64SfD5ACqHLsDCK8FzUCKpABns756jhO1er3NwhCwPb +7CMw29cL3PNG/4N+Y6rNBQKd/quJYNOerkJLwns1QJEgVCHGgyx1ow7Z+8PAKn2W +MfkgzEYNLjT01d5MQHT3+JJxWAry6wj6EFBCRVQZgkF06o0yRqA6uKl09+JObnBu +yJOE+5sbcP0h+gXFYwCvDCsdKMcbwL88FDQ5KSmm1TPAGGcWBPtJKxIQBqO7wT8Z +7gTFFrDzBnUb0FfsGLwFCoyvzo9PYgM9VbixoDGbnysJzRTeS1OUUBwTC6tzHycu +KrdLY+LqE11gdKZbvV/Am8i3TtBqPQC/TpEfFt1/O5qrA5daNvU27cxn0uGdj+3b +SGZy2YonSm8PZfhwzn3+3q3sk0j+58FOzwyEHTke6OwdRFYrMEb89E1TzpVnQr3k +H6b/CqYzj6a/T9vo4yFZaeq06V+0Mrb47TY4w514qhzU1gQxvA4Lyw+pNWMDH/wU +/mkIqZKE/vcSWzcrArNI8bWDB7oeGgoKOS7wt+YFRddJw9JpuAECggEBAOeDnwlY +9c8TAuD17KLTazYJftq+uJ2U/yHrLrLJjDQUl0IIP7SXA2o6mvmL2oy+hSuADnAy +eJCJgREx7hrfeXELIauqPxVKwdP6GV3fbfqCV9d80LxJuiMeyBK568u/3EgBymAo +JW4DrP5yH64okvJ/hQ4jufP1YphFZEDUkT2uBkkulqDeebTT33yj8+i1gO7bMzlI +1uu5SNWVA9CtgBK3bRVVjyfdw9Sd00Bfazm6sSfq/8Oz4iC7ErkbLYxG0zwrsTM/ +Q2W9+Y6f0zz1pTjPcI/sZp36hddXTytg9DXg3d8bQyMffVxMO0fbJtsldnUVHvkf +DTWw3NBeYKr5ovkCggEBAPeJsXv27brsfnxN4LM1fXc+UBvgRSx3ccLO1tmzI0vg +mZCO7Vn9Xu4ICbn1Bon8jNFR2IhBeNynN5NflQJswWv8fkTqoV4SbR6mZmys6xpx +GWsg4e+HnBfpvGOgfll1c0zz6LfAj0EjJOH5wejS0ITAA8Vld0V0ZMWJIzWrHsu6 +5WPcTlSkWT9Gt0CA4UhixEf77WFFSDwcqpar1IQowe1ccaorOk2p1nqGBpXp0mVV +X6RDvqJN+Tbmmu1gP1qGhIpTMw75SbgHSf+kN71EAGvFR4tYwFpZnFmQoRgo4MG4 +/cu5snnYQIPZL/KKmhZPxcqyLwGSZi/7eIqD/LOrdQECggEAPKzqSXDfO14oKv1I +/4OZXZgvfvTtPZ+HHkSdAI6CCEQ9QDkZOSM66eRiKXTV2n00OapeHlmb74WaJf+H +/9MB6PaZ5HvB/LqTAhNSAqBEGpt+miNEMZTBC+NNXFsNyWCHQvf1Ki5bYPHlrOoM +E4Dewl9ZZ9NFMQLmzDGjjLopNpkdXKCxKYglLZc5w1jU2/B10iPw0NqeOTleNVvQ +nChcoIsiM60wz6n3YQncC8r2NzMOqv+T+J50bU+aIJlW3qTRR7vLvTqfV1LqzM5m +dluK6dC0F4RFgLHf0gg3346Rcm10uLxUZCgkmsP/5V0yWcz/tr/KVlAlDiVEOfgC +Lc0vQQKCAQEAghzOPeq9atOEaLJGuewT1unaEc0Ajy75jPxL0oJmuyuDjIiUGgkk +LNnswuIYXc9x9VSgDH7dmJ4MiFplaLDhunEtrevmhhwJX2L304fQzEVGpxjRqaYO +VkN10qg5wawKvxg16uA8bHCcoms1kbu9/wku8kMzPj6/+VTsPPmFZnEGwka6paL9 +hlUVXcJgqDvCEFRLoiVYosAuqqQHQLBrvugoltnB+7CaHCz2qTYOcVU+wIkbWxTB +OipcpQlCQ8MRR+QTontGVIUAUG9xHPrxfbRktsof0V3o4Os0wg46lZk3Ti59sa4J +u0Qd/876z19/B9xA+QKK1A3KfoSB/67QAQKCAQAjT+hMuT9ZLrXOEfa4UC0w4pyL +MEn7pWy27EOsBAonTHQCz4+FgBWdVYkSMxTnma6EsjmU7qp19SjmBFaGtnZeabt1 +3mzbNZiEB68rp7xzjUss5wxLBY8mODpWlIGDMsD1U3msQOqoL4Is+hv6ZlPFTizQ +zGwkPt7XW9QlWO8g0Ruw+Vs6ScAiZlifwm0A7cTC4SeXgF5Blop4ZqNBTwAULxLa +DhBTkM0pIE3kweS4VrTVFicZ0xwifGt+xH6Fn6fDA5ck3PchcsJ0Lh+gkuQF13I/ +t0wCkI2eggbmlguhT7QAEwv2UflyUDu3rweboET/kXCQYW9ijfDyxCgnIRV1 -----END RSA PRIVATE KEY----- diff --git a/files/certs/grpc/server.json b/files/certs/grpc/server.json index e779cdcf..95cc5383 100644 --- a/files/certs/grpc/server.json +++ b/files/certs/grpc/server.json @@ -1,7 +1,7 @@ { "CN": "metal-api", "hosts": [ - "192.168.121.1" + "172.17.0.1" ], "key": { "algo": "rsa", diff --git a/files/certs/grpc/server.pem b/files/certs/grpc/server.pem index f7b8f810..2f7be8b9 100644 --- a/files/certs/grpc/server.pem +++ b/files/certs/grpc/server.pem @@ -1,34 +1,34 @@ -----BEGIN CERTIFICATE----- -MIIF6zCCA9OgAwIBAgIUD2yoyGAQD7FxwymhFkV3X2E+rCMwDQYJKoZIhvcNAQEN +MIIF6zCCA9OgAwIBAgIUGTCehPPLgM5T2Mrqp+s9WSJgivEwDQYJKoZIhvcNAQEN BQAwajELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0JhdmFyaWExDzANBgNVBAcTBk11 bmljaDEUMBIGA1UEChMLTWV0YWwtU3RhY2sxDzANBgNVBAsTBkRldk9wczERMA8G -A1UEAxMIbWluaS1sYWIwHhcNMjAwNzIyMTA0OTAwWhcNMjUwNzIxMTA0OTAwWjBr +A1UEAxMIbWluaS1sYWIwHhcNMjExMDExMDgwOTAwWhcNMjYxMDEwMDgwOTAwWjBr MQswCQYDVQQGEwJERTEQMA4GA1UECBMHQmF2YXJpYTEPMA0GA1UEBxMGTXVuaWNo MRQwEgYDVQQKEwtNZXRhbC1TdGFjazEPMA0GA1UECxMGRGV2T3BzMRIwEAYDVQQD -EwltZXRhbC1hcGkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCssQaT -8TZGr0wFebKrFGkVTF6qypXggFdLcgc9zPgutINk5yii5oudmUXRzzpgUl0KlEW0 -mXNamyKacJERbguHrPNusUn8cpiX18xCle3nxLCkTJLfSn/VTfeOgSg1vgRT7UnZ -zQeo3rIPEL12U92LNkDvjB9wT4pccnMi7Y34vExL/GDkJhCEbu/sBsGsWUskzAI5 -JR3r8TCrDaevmZWPUUR4PRzqd4ERXcn2/nQYT7SZ2i6QQmm9Xg1JhsHFJx4yYG6R -qmcfdF5y7R/P4HzhL2hhR/qwWREXlH+SjcaiUT6hfJZiABcej+1y4l1XAcTS/OUN -mBkmeP3RtvVnHwbHcFfa5871JZd1G8FdBPvhI0cdfHn2Iz0jOtNHMNrXGfStECYb -wu6PtWhUy2lzdQIA6yDDE9a5tGZvGBRN2kDe7sg8PecWuOYrhJMJz/co7mYAUhyn -8/crNn3OZyhMFeG7he90qk/C0KXknHq72s7/dkfnbkvqEG2PS9QG8WYVmVo2/y4e -74EBrojEmPKhsy91OqyJEBfJiWLrGNVLnsg+YFhiYzljBi+F/jqlxKyiybomc1KX -qmiQxhxCTxVJdoq0UB1rgoRdgQe5B6N+2o8sMPkJGZjBJqVjKSGpRBoOYAEWd7YN -9hJ/J2sFo7RaJhZe64CD+i/1EL9sCbJlF4BPNwIDAQABo4GHMIGEMA4GA1UdDwEB +EwltZXRhbC1hcGkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDf3IRk +PVgfD5OkZQ3bquPlFrYGgDgwebxmw5WG/ab6yoFN8/0qIj/Wp+wHqCFzjmkv1Yt1 +Bf3A3b4PonwNGuZTovvggqs2y6SSv9/voFK/dVYIxs1CU5rWwHTe+W+hE9EU0h+4 +Ps6K8G7xfDH9aW/zqKoZWJwsI9DtoY5DnIVVrhfxVY918dp9Agxz4K5jjizS7vVC +K/QTolnX8iFEIcZg/znQZH3SReV+Z31N67z6nshCmO0zx2DBPo1H64rVaU/SIPmX +JQuNqIPoAQ6LxMqLj59XV95OvaDyLmRSsnLJTaL6j3YQNdgxuwGUyHwhLSRtcpmS +mcLOjynsR1EQPQWA0i/W+bI08F2EYS+01qzhVEr3vMFlbFBg6IVyaYsa58iBGe4o +3nSAnvPFeAZwrINmUKBzm6wf4lpfX0m9OhU2sdwwTXs8XXJnw0AU728q+Q0zT/wV +so95lYS7r9YJRftrL7F6YU8Sr3OUnl3/kVSDliZsYtLvxJpBC9FMuIY6MxgZFhga +4X48Ez3spyBDb0ZZ/p5utUMjSsCiO5SMqJHb8BznkTmKpQ+8bRBtDpHQAlRbrI9A +nB2hQLi5G24BORqMqjdDkoIY0uzGxi0dmIQXxi1Z8Rq/OUxXERPF6PDw7GLPdoBW +QJzBV+K3Veg9ulF98lwkvUauSohYbSZUuchv+QIDAQABo4GHMIGEMA4GA1UdDwEB /wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1Ud -DgQWBBQEB5YskPMNz2NXSEF+/0pgPRZjjjAfBgNVHSMEGDAWgBTW/5qeVOzumKDy -kI5mNLTAD/pB1jAPBgNVHREECDAGhwTAqHkBMA0GCSqGSIb3DQEBDQUAA4ICAQBD -TwKcYQcfS8p2J3ANM7eIV/cGfS2JlzMx+kRpwzurMrvkRuPDI1lk1WXHHkVEOwRv -q71D+8EVPtwxLPkQmZykYX1mU2nkQk2sbT8P4xy53F/uOx7PoXYF3YrBV4nab6EE -AXOK37PpVZygJ4y5T7MFBmTdQkovCXspOEtD65CMUQQZqoma/viN9H0l22AKswMA -/37wNRB2l0814A5qJh/FgH9uLJvrj9YoPo+4Y0bs7czxGgCOYDCt8bAqnR3y9C+e -211BMgHzAtEjERLxlZMIf/rNmpadyhMSa6VUfAkc2BlfCUYsJQJqwv9WDDP8P1K+ -uEaYnAkUs0BxlNNGjIZCYyqbRe6CQ44bcOF4ShNZ2pMdU0qzK+BvQcSpudS2xxXX -HHAGG7B2mGRXOFzaRUco2ufJql85B1ytY9BvSMFuvbaDqs7L6WxcHtj0fx3IcLhL -3r5zayIQGF6q5yfXqDN+f8Y+pZqIo99wJ+VqNuSvNGM/0J5mPOiJ4UgkwSPwH8gC -3VKfbOnY9ojRT2loud3fXFma0808DO71kdiTM7amwLFMM6l3F32jEJ3PB6tmkC8C -2rG1E+qTWWuWwWT0NZPRuBT/aAfcPXaRn8b040tiI6N7dgTMI7yXC8LJWcJmQ0Jp -GWjzg37/GjBJ13djJP4Mq1LbFA1n1VX2zZeSdjcSWw== +DgQWBBTM1dsZRWFBxO1In3dOn4+sNdgDbTAfBgNVHSMEGDAWgBTW/5qeVOzumKDy +kI5mNLTAD/pB1jAPBgNVHREECDAGhwSsEQABMA0GCSqGSIb3DQEBDQUAA4ICAQAP +04SsbGZrw9JKwdb1d6hL/8SfsH/qWfRpWgTkhIxORLgBJD0TE5/AlYfVLs3yKSzI +MZT1b9BuGI4JNjUU2kajMQVm45nUV/I7mfvuMCZnyEQ58m9tYEET7vLtRulv/LwN +/AvWAoNZXaOIkDkCZweKfJIngd6lu11xlNwZ6hAjos+D4tPPgrapBXWR2nArzV5g +ALWGqcXtLDBNFYTrmAGxCbXecvWrRqQZR9CgzMCjIFqd/o1vUOTvtglbR+B7P/We +Glr8ubBkzypbA7j9lUJ9h5Mbkh9789x2Sz9YiPUDTXEiZQsL9tKamMTywCxg47sR +6mSPHZQAyY0X6wF4Cw0G/q91CaAuGzzZXXR4AS61QmrRuflIIFvpRhkOpp+6rI3p ++tnRbHM6Eif2QVVGXYh0ML7SL9eKnZc6MfbfEvFXISu7FgeI8u4/2l7KE4iW+ucg +LKeADjgHmBNjKA2gir3YUivLl8Ef0n950KWKarLdPsQw1hJfcWzs+4bbjbeaU44P +EKqQtmpqUqVcHe8khcUvU6/fIBUSLkruGI+23PD0LTAPHrN77tmOtPt5QXCPOwwa +tm6v+2sQSgDwjtYxMKSepFqfEsWtgbGh74J5CUTSq5a9PbIrMHAInHVbxbV4wDf5 +ydDGPLevOthg8r1E7TbHnBRvaniCySbOVS+ooM4gCw== -----END CERTIFICATE----- diff --git a/files/certs/registry/ca-key.pem b/files/certs/registry/ca-key.pem deleted file mode 100644 index fc357190..00000000 --- a/files/certs/registry/ca-key.pem +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKQIBAAKCAgEA0Y8ZLIrNZmguE4yZJj0mPNZAkCrAad4h5AUawYOQf2VAwOqF -Vo3HkrjyBdYuKsiQFbHU0a7A1ZQdGlvHR+3Fl7O78r5PWIWuUZ1mopHv2TIt47sx -+AtDiZpjL32s7wdfI2QtHnh5sgZ0d8hko1nubLpvOyCBZONEaPZ1AdqAVJP4OWoK -+A+HQM4W23GCVxAPn1kSgJxP2JrXZLgA/GGhg7On0shGfbCDK8z1TtBk1617lqU2 -heqwrOLuI7Wxi91oSyTp/yD7tXbYoW+LsAjRh/TV/BpxvKqfzk/LmSG6JJKhqyAB -h8hKzVnAZ7wccDoOsDt6diD/16xQDbXoiJtgqA0FE5yoV0WrtL/261b/NcXn4Dh1 -eU+BT2h9LDxhOwS8n7kVUIIxn2+IhVEkpVKgR/sQA37OBz8udKivZ5e56gAqKnuj -ckvw5fP1r+W4PNAzLaq4Zq1OXzy2zo9MWu91Fto/aSdbgFUK8dyDVMWC64EP89jD -zGCsfN0h6FQ+YgFy3q6kYYw2LtSnjsaTXUsRa2FgsZsc3xtCgjPosTc5SS/Y8frS -l7yCBJ1YsCIUrB4zzSPmcZVWjYYNMtRrX/PgYgMRra4Ho3BBBQTdbVTLwKlW+pDM -/cfkc1MrWksDO8zsO8BeVgA+Pf+ptu9TS6A+Nh8pGuIbU/pNxjSJJ3lwNx0CAwEA -AQKCAgAsifZ2whV/w3qviv1t5CdBXOQiAAQfPCgF15PlNzo56WJG3lFyoPWe2JIP -7YKoczI0ejRaUIMJoc5BsOn8/qs1X+z9XbdtgBQZopOSz+OjTQf10+594p77GwYj -rNlZgD6XPg5c4Iw06yxL3RqOoWmMUF+duH3n3GnIyUD7IN6Pm1dxlHk6WcqMWoD/ -KPPj3zUC0CKflRlfVyGadYU4HuP+IuvzX7+jrSVj5M7qbl5QfL28ueaJteTRCfZF -PrO6n1cwSWs2X2NAIT9PqG6O/oDSHZZxW4l66OTIK6uBI2r1pPiZb1cD7e0AEihT -o+aDb8N5b1rKyp61zxjAoT4H8sYq7sTmVbDWBGfBq+Dc/g2QKokcuxGIFbVMD9YK -wlKzqBTUtMl9YBfsTWuhffJu9+xu+8XceyZ9ZjkJiplyROB2igP1W2QVkB0s9P2J -wg57b7/Mm/F0axtMxuK00KlE/t1o3ZwxhDB0pcvpyGEFopr/o97PYix7xfZFY7DR -aD9Av7C8tJA53cdXuK5saZiEktFerQ1qOgh4iVczkv7ljfVRAWF36gOk5SC4kGgk -mlrCMU6Hyj1syoyOIlT2layTfN24147m7Me85kwUFENGmacgdisOornHo2Pq/Sw1 -bri9LvNwuJIKPqWWr1ZpfiUxvnqfl6RoFzNz4d301VzLXdlGnQKCAQEA+cWZAXS9 -XUYPkuAEN+7aWZ+pcW8nD1OeTptlYyFC0KpECzCUzRh8dIOX6Ue5bkZPgNcM1fm6 -hZNYkyekkfLta9tAxbpm3/FUJhhzJQxGmm9auasjRGdtNdaBCwCq0JU6VwD+quBF -jVP8K9xEwTgJPwbb2Thv2JpKJWC5seEpZLl6sDVTTOyWfF5qqSXYqHbfobn2/FfN -SAxTiy//6zxJ3CfpX91sztTBsalNhrOAGHGE8HLOStvKgm+q7tDPqI3zCFJdkNEw -3+XbDTgCj6MPhLqLVrKUWtbUJY6P8PCNz9H7z+gt3ef0AKfRQfb/oF+5GLm5ugDS -11FUHwpPZwql/wKCAQEA1sjN6DTDsnDRdSlpqxnflYA6YFrvXiENI+o4WaL1c1dk -rHAdsW9v0QZOsW9nK9aLbnZ90V+s44nf5loTAG8XSyHzhL0VRPKqjrk4IOrv8EUY -QNVifyCe4JDNE/+3P8id81FAhSgfhQHcj4mQazPsjXRPzAMn/xLj2sM9Ik5aSI7k -KbepsjBL6A+0iUIano+2LYTQkyQ5p9ebHAWr+DgyUMweZNJN9nzD3WRFNbzMmRIx -GleXTvBypSoOv+yMjiAiwccBPNSkCg/NrjdBnv2u5TZvYMPJB67ogibg53DDWcam -a4NIYGMqpJ47PTyKRfWk/pGkin6KFNGligGdcxz64wKCAQAdp5U79AVLnrbYpFo7 -3dL00x0GB8Fmc3IXOSH3fAp3xc9gWLtCAoc8Oid+HfLpIdXsoRu4B/daRp08k3dZ -kLMZnCV7lF8EdZ2dDEgXfPag/VmTM7tzMqhnvPkDOmgNbbpIfCjAVvJLDk6hUnyj -SCjo38KYbrfwypjFCU/iy63jdJYZd6tVNb3ENF2LiZ/ImJyCkha97RrFVBlTLDbB -Uh4e0mpF5H83q1D36/b1aDhsLoYvGiJeBuxrQiDUS9xr0baqJUVQnVWlL6ArWJwN -O7nq80750ygEBP+ZGe0DGTxtESxJifJwJ0r0DPiuUUoWW2cZhWuEpvZhdBl9ufal -cEE3AoIBAQCar23T4URbm/LN/XBTwMOMqRfh0zv3P7h1+DZzH/DEC9m+ctR/uHEA -Shmcok3cfZxXhtDgXJZoHSD6hj6PHnLZMm9uVrsdt+Lr/SsWUf1RvoFUGBni0rx5 -oO+BirYQIszWstrTy2y/3vJZEcrH2lJwIadil5dTlegx4lCCB4nwHbDm9pYpda0F -SWJNRCVlsrySlcedYQaBAb988/zBPL/H/umY1Pk/HuX06UULCZkUWMyyWwjm2jbH -Cr4qrRMhPLWrd0ZF6CLn+C+6W6NP/QXboFOgjgCXHvnm2lc5d7XJT08FuTwD5weM -HUUuug4fimU0zfGBqNaLXd1pwfYCNInfAoIBAQC/Uqi+JDjUz1czFbKeprAK3Ocy -SumF5bUfrmU1B9LJtlg/8fTTO7D9WyP7HfwRNNSdpiSWLm1CuTHAgiy4VeKEKMmk -kqDPnJ/Yg+UWLgj2Zo+Fkj1q4sGCNHJqLIpNSuQh4ctPI4kVBkTfBvzjM8ubOO6D -JLYYnUxFZ8HJdGtDrUR8eJ/R0DneM29lAYB27LkV3DN4/Cmtl85SnoTtlFXSnotB -JMoEjykkMSYAMYcROF29Vzdmzp1BxOmcrIR0k/qEqNt8PJMloS2U95O4yzCEKLme -9lnlehex4HUunefK1hSrRNtS++b+V7pJq0Fayw4hEjNWSqkGgkSO2Z4Osxpc ------END RSA PRIVATE KEY----- diff --git a/files/certs/registry/ca.csr b/files/certs/registry/ca.csr deleted file mode 100644 index c4c761d1..00000000 --- a/files/certs/registry/ca.csr +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIEzDCCArQCAQAwZTELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJheWVybjERMA8G -A1UEBxMITXVlbmNoZW4xDjAMBgNVBAoTBUZJLVRTMQ8wDQYDVQQLEwZEZXZPcHMx -ETAPBgNVBAMTCHJlZ2lzdHJ5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC -AgEA0Y8ZLIrNZmguE4yZJj0mPNZAkCrAad4h5AUawYOQf2VAwOqFVo3HkrjyBdYu -KsiQFbHU0a7A1ZQdGlvHR+3Fl7O78r5PWIWuUZ1mopHv2TIt47sx+AtDiZpjL32s -7wdfI2QtHnh5sgZ0d8hko1nubLpvOyCBZONEaPZ1AdqAVJP4OWoK+A+HQM4W23GC -VxAPn1kSgJxP2JrXZLgA/GGhg7On0shGfbCDK8z1TtBk1617lqU2heqwrOLuI7Wx -i91oSyTp/yD7tXbYoW+LsAjRh/TV/BpxvKqfzk/LmSG6JJKhqyABh8hKzVnAZ7wc -cDoOsDt6diD/16xQDbXoiJtgqA0FE5yoV0WrtL/261b/NcXn4Dh1eU+BT2h9LDxh -OwS8n7kVUIIxn2+IhVEkpVKgR/sQA37OBz8udKivZ5e56gAqKnujckvw5fP1r+W4 -PNAzLaq4Zq1OXzy2zo9MWu91Fto/aSdbgFUK8dyDVMWC64EP89jDzGCsfN0h6FQ+ -YgFy3q6kYYw2LtSnjsaTXUsRa2FgsZsc3xtCgjPosTc5SS/Y8frSl7yCBJ1YsCIU -rB4zzSPmcZVWjYYNMtRrX/PgYgMRra4Ho3BBBQTdbVTLwKlW+pDM/cfkc1MrWksD -O8zsO8BeVgA+Pf+ptu9TS6A+Nh8pGuIbU/pNxjSJJ3lwNx0CAwEAAaAiMCAGCSqG -SIb3DQEJDjETMBEwDwYDVR0RBAgwBocEwKh5ATANBgkqhkiG9w0BAQ0FAAOCAgEA -dSFXqArjPllmf8oKPXt9F8aPDVgkUy3di/e/9ac/IjmXem/otbLaPe79XpyflzyJ -FCqko6j246pZM25DgVQ1WYC1K6+UtjSIBFs9MXF4zbLOSaCc5AySJ6C1h/gP9oTP -fqoCqIRZR81ORSH1/SGOA3SMhDaU1O4r0sH2J/MCH8czmNXxiQSD2Gjmb03YTKep -/gLtCFC1pyJ4UUf3HUP/KW40hyj3vMgkd0Q9ELeKqVfx48N9DeISnHA3yIslsRU9 -bRqTYD3gaLQVnukdpmCrX3xNSe4rpTKmECKD8YZWpxCz9T+0unKK8UBU5n8DtBGm -8SvSguQLR+Hll9XjQPcGh+/0Yg1eafnN/bHg6PrfH29qdGMkCMEy16tavpyPt5sm -OFi3jdo7eKeXvAaq7YHS4vgfK3fOgovirwFG50JKSDopaL1ckmxLC4fcUcEdn85Z -OcUOHe9azO3/d+wX4QWr0VgRzyCdz78zUalGWa/fpiB9FXhg4qPR8X+hIKo+z8hG -u7dqCQ60klkDPpUKejrmTZe4YUr2G6QmmeW8tABVGKliCH74Ceo6d4/S4MDhhxNj -Hl2ziFY0XV1nPXJUhS/U00bBoygqP0L4k2yX/Y5CJKPKedjAcCc0LqZPqnpoE6pk -uVO6r8tMd7QRqBycMNVFJViI3Kja34o7Gjb+KTPhc4M= ------END CERTIFICATE REQUEST----- diff --git a/files/certs/registry/ca.pem b/files/certs/registry/ca.pem deleted file mode 100644 index 9f0755e7..00000000 --- a/files/certs/registry/ca.pem +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFqzCCA5OgAwIBAgIUGT6hn3kUG7ZrC5vW0UyU++i/s/QwDQYJKoZIhvcNAQEN -BQAwZTELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJheWVybjERMA8GA1UEBxMITXVl -bmNoZW4xDjAMBgNVBAoTBUZJLVRTMQ8wDQYDVQQLEwZEZXZPcHMxETAPBgNVBAMT -CHJlZ2lzdHJ5MB4XDTIwMDIyNTEzMzkwMFoXDTI1MDIyMzEzMzkwMFowZTELMAkG -A1UEBhMCREUxDzANBgNVBAgTBkJheWVybjERMA8GA1UEBxMITXVlbmNoZW4xDjAM -BgNVBAoTBUZJLVRTMQ8wDQYDVQQLEwZEZXZPcHMxETAPBgNVBAMTCHJlZ2lzdHJ5 -MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0Y8ZLIrNZmguE4yZJj0m -PNZAkCrAad4h5AUawYOQf2VAwOqFVo3HkrjyBdYuKsiQFbHU0a7A1ZQdGlvHR+3F -l7O78r5PWIWuUZ1mopHv2TIt47sx+AtDiZpjL32s7wdfI2QtHnh5sgZ0d8hko1nu -bLpvOyCBZONEaPZ1AdqAVJP4OWoK+A+HQM4W23GCVxAPn1kSgJxP2JrXZLgA/GGh -g7On0shGfbCDK8z1TtBk1617lqU2heqwrOLuI7Wxi91oSyTp/yD7tXbYoW+LsAjR -h/TV/BpxvKqfzk/LmSG6JJKhqyABh8hKzVnAZ7wccDoOsDt6diD/16xQDbXoiJtg -qA0FE5yoV0WrtL/261b/NcXn4Dh1eU+BT2h9LDxhOwS8n7kVUIIxn2+IhVEkpVKg -R/sQA37OBz8udKivZ5e56gAqKnujckvw5fP1r+W4PNAzLaq4Zq1OXzy2zo9MWu91 -Fto/aSdbgFUK8dyDVMWC64EP89jDzGCsfN0h6FQ+YgFy3q6kYYw2LtSnjsaTXUsR -a2FgsZsc3xtCgjPosTc5SS/Y8frSl7yCBJ1YsCIUrB4zzSPmcZVWjYYNMtRrX/Pg -YgMRra4Ho3BBBQTdbVTLwKlW+pDM/cfkc1MrWksDO8zsO8BeVgA+Pf+ptu9TS6A+ -Nh8pGuIbU/pNxjSJJ3lwNx0CAwEAAaNTMFEwDgYDVR0PAQH/BAQDAgEGMA8GA1Ud -EwEB/wQFMAMBAf8wHQYDVR0OBBYEFHRnwpsJfZN4lrW8Vfmy+xqHthMxMA8GA1Ud -EQQIMAaHBMCoeQEwDQYJKoZIhvcNAQENBQADggIBAJQDbEjVDxakHOdHHMF9ELFD -KKX/yvXfzkd+YFPZQzAeIfnwxHLokzSVnlCtfqBp5H8bp4KozF3MqUwXPshFNyoa -snd+JPziCziTi4aslv5/FdhYFzzP/ayEin11gamo+rdBwQ0UvfFyQExiiurIepfj -EpVjBRDWbaSP0LHhZgo0bKd90DJRGRPJ7ero/r8mLZeiHpodk8gtbVEWCbixctjR -vYsG/PhoStnYXbVxHHCWap/5hDUZMKc52JZdZuem77LhCljrMJH+phamIGBtB55i -uerVg4FxaQONIBv9F8l4K2Ao+M3RnazKZvt2waipK4gIT7ttPKm1/jG5jVlDl636 -DdIZqWfqwq20gVI6R7MApdTFPkx1w97JNm4Wq6QHwHVYHHGdnuh5gRNYm2J6LKsk -fV/9oiTjfnVSWihcjxHhRtMr8nO125xtL01axo531kukmHLAIBMWABQJsIo9cfbI -6EbjRSrcJHDeNmckRgzy+yXKjJ56gEDiofY+MdOjZDyqf3I+Q5TpQQb+9hCGnpwH -ireQYG1rWhXzgExDAekwvM3blxcuMSYZZxXRGg4qwOAITUth8dy7gbHxjZvVrH8W -BKEaG9O4UQuHVuP55ZGDgQ1BfI2vIprB8q+aEU72hN12j8opi2fRqzI1oI5nDSTX -68G5h3HQbmAJi83Mq5Vb ------END CERTIFICATE----- diff --git a/files/certs/registry/csr.json b/files/certs/registry/csr.json deleted file mode 100644 index 26dfa951..00000000 --- a/files/certs/registry/csr.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "CN": "registry", - "hosts": [ - "192.168.121.1" - ], - "key": { - "algo": "rsa", - "size": 4096 - }, - "names": [ - { - "C": "DE", - "L": "Muenchen", - "O": "FI-TS", - "OU": "DevOps", - "ST": "Bayern" - } - ] -} diff --git a/files/dev_images.yaml b/files/dev_images.yaml index 1dd715eb..e0699518 100644 --- a/files/dev_images.yaml +++ b/files/dev_images.yaml @@ -1,6 +1,6 @@ --- # Do not change these values metal_api_image_tag: dev -metal_core_image_name: 192.168.121.1:5000/metalstack/metal-core +metal_core_image_name: 172.17.0.1:5000/metalstack/metal-core metal_core_image_tag: dev -metal_hammer_image_url: http://192.168.121.1:20015/metal-hammer-initrd.img.lz4 +metal_hammer_image_url: http://172.17.0.1:20015/metal-hammer-initrd.img.lz4 diff --git a/files/ssh/id_rsa b/files/ssh/id_rsa new file mode 100644 index 00000000..3f1fdce8 --- /dev/null +++ b/files/ssh/id_rsa @@ -0,0 +1,49 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn +NhAAAAAwEAAQAAAgEAz0X5WRBCxg76OPXWdL/X1ozLl8doQA80937FM7hiZs6OlgyPPzLx +tmTy9NovDriNR2wdtNIiEXgle8LI1SdoKG6J0ccWIekaPtxkXgS92W7WMAbEUlGZKdrDqj +n8t4jkGX5kC9JhxE0zJ8L8KtD3RTwLujx6NneMjtB1+rDXSQ9htnSulVzCs9wpiNRUc1UM +dfOen7vs+KqanRIga122DLPLHwrggS+/yXHMErZYUurwoYhdK6HSzsSzE8MXQvxIn7ef5H +zJbey7WflG2fWQYaBuFrz46iOhPasBFHAn0QHfP16Cz8qrOCNVUd2SNs3deXspsWpQPuoE ++JB2iwzWpG/KdHysnnDjlE7pCMVqcPWCeGL5T+zHRfcVTqcA+nKqQ4kqtO+qn5ATjRZe4N +Et7/rdPOcLrlPVNBE5MLZ5+NHEW5I2pfOfT0asLMWpBYCFCAdcyIAr1XrNPMnN71Wgk5/z +Y+NXfaq8JVFN/2Uivu4ByvYQhEXvuiMlyfXdB9vpFnNpwEUXlWFCi0CC6COL5uuE/IL1t1 +IXJMYQCiGATE2BrcA86lkbi2f47d8c/eplG6uMRh5xfAYo6wSfv/H1dhc+faJBMOX/+l80 +a9b4zhPNuqksGk3TKTEKJ5WaGgBvG4dXng9DoGnB9g1Lacl3VM9fJS4PnNIXKe869TvHNR +MAAAdA0hezLdIXsy0AAAAHc3NoLXJzYQAAAgEAz0X5WRBCxg76OPXWdL/X1ozLl8doQA80 +937FM7hiZs6OlgyPPzLxtmTy9NovDriNR2wdtNIiEXgle8LI1SdoKG6J0ccWIekaPtxkXg +S92W7WMAbEUlGZKdrDqjn8t4jkGX5kC9JhxE0zJ8L8KtD3RTwLujx6NneMjtB1+rDXSQ9h +tnSulVzCs9wpiNRUc1UMdfOen7vs+KqanRIga122DLPLHwrggS+/yXHMErZYUurwoYhdK6 +HSzsSzE8MXQvxIn7ef5HzJbey7WflG2fWQYaBuFrz46iOhPasBFHAn0QHfP16Cz8qrOCNV +Ud2SNs3deXspsWpQPuoE+JB2iwzWpG/KdHysnnDjlE7pCMVqcPWCeGL5T+zHRfcVTqcA+n +KqQ4kqtO+qn5ATjRZe4NEt7/rdPOcLrlPVNBE5MLZ5+NHEW5I2pfOfT0asLMWpBYCFCAdc +yIAr1XrNPMnN71Wgk5/zY+NXfaq8JVFN/2Uivu4ByvYQhEXvuiMlyfXdB9vpFnNpwEUXlW +FCi0CC6COL5uuE/IL1t1IXJMYQCiGATE2BrcA86lkbi2f47d8c/eplG6uMRh5xfAYo6wSf +v/H1dhc+faJBMOX/+l80a9b4zhPNuqksGk3TKTEKJ5WaGgBvG4dXng9DoGnB9g1Lacl3VM +9fJS4PnNIXKe869TvHNRMAAAADAQABAAACACebPGFbbRcBh6jYuQkIG4tAziqLjQ0omrts +Oux+IDd64t4jOkAeUPfEZHSLOJC8jSqHq0mBGcdyyN7UQqIQbKPFM4qlW0JRk5VNcdRRXa +GtvzngISWFuBm6VscxW2wKuWNxtlZX9hyXj93aMWtREN7m8Wq94bCEuZQUm2ay4gBw8v/1 +XeLmncHWoQ0nXZfIOaBUVAw70bVWjELVUuKRPpdAx+B/qJSm9iPdHdy5gTke8ao8L2mF+4 +1NItb04X4ITSxP3zq+6ZKauNYhfvtpJBSznjW0GHBNLKNnCMbKA6G5lNo8Cg0AsiUBA22o +RCc6wUZUVYw0P282Mor4t94sLttWnpKoQ2a7oYByjUfT5DnWj78OcLJSqeqCgll60Neb1c +drgoMsn68eF1UMBSKlDjs1Z6b/H+qA6ATZQBYwAYTNuW0ZiPixLWVDlzsi8+TEt5Bb3qZU +YlwtndpEifMSddiUUr88DB1iQxscjWisD1sSUYbqYwSrz9lBKH4PBD4HaBSAJ+fKsseMfd +IlquNqqGSpznQMlF/Zjw749N19gHrJ4gqnOrMMSDokZ8mHZu2jwxNvlRVe8WO7K/LjyPLi +qCVcm4Ezj6M5TfpZcAlKpqwQZArmjOM4hWLMaAUqFhjjwR3GZqYxmqQkxmdPskAbejtSVf +E+0U1Hx4H4xi1s1byBAAABAGh8vxxO75zF0vZ71ubYqh4IKruTMn7L+gMggpGC2eAhrDFi +sPxIPBRrfKq6fHUKVK/ITKYG0bwcnvr7CumSopCB9tn47xwHgFXUuo3KjZgzy3+YrM9qXE +cKljQqTnw1+yO8z7JJbRTwWLnStE6ijhl6Q9BD+5H9KnIUDUOfo8w0Ejs7rZX2E5hDOUMD +RVCPw5W+FqzyhxqgyJO8JA3K+g3DGrHzJ9Y8pe70wU1fn9Rh+dEuDmtGU/zjgAbHiOxsD1 +7ySQ5CTZosJFyB/zeghJBNDcd0YpkheIaPqyzPBMNdhfK7/QxpwIfef/Zr0yquUjEUH8i9 +dp/fEBkPLDJ9iEcAAAEBAP1VOjhIkHIjj3FvzATAtFefVfJF70sQaaru6jFHTqgut29Ttd +0/fOZemDcBzWpcc6HdYoI7gcijXZJTiHod9aqCDglJ173koceFuhELp7Gtw/leKzP2Te2g +pzEKFRd+LjozCmLgaOq/2GlAxNFPMra1JpLjHWGDZPuWTlR5x+HQPtWIlq3phBFnhuUT80 +U3iK+KUMqzZGA8xqEQ0xMsaLG6ntkjwscLzM+dBuPWLeFKVnhj4kFC6AiXF0mv+FJR2CTm +ZgubewtdxR09G2bqQvoO3oDoWNKiajMp1q+lylDNVBsILqQnAJ7rcaZT/KerbmdPyRJPwg +fmVui165OQHMEAAAEBANF0m9JSNWMOWkW3AaZvMgBTaXQJsKgBc4WDoV/ykvCJ1M8Aa0qJ +Jm3NLY1TFhibt4PuaFRwzCQdDY/dmAsj4aSwU8+8aeqfQWXKoF68Umi5cFguCWV2N9jZ6u ++J3YvGtg9F/ZOczxMYIqN6LqEne0Fn+ATbh2tqADdeHDHowhmTel/Jp6A+pC9YNq0kEwe/ +7et0SRWm1Jd6pUihnuVSJUMU3xUbW0+EEs4Kyck0MFNWMTlxg3JqkA3ZK3Q1k6rHkyM+uh +/hXZr+CtTLvJBbRPtdsP3E75dEDr3f9PI8IDjM3Fhzuo83aKvQz9+bIghBy52IKZRo3st7 +oMrykF9GAtMAAAAIbWluaS1sYWIBAgM= +-----END OPENSSH PRIVATE KEY----- diff --git a/files/ssh/id_rsa.pub b/files/ssh/id_rsa.pub new file mode 100644 index 00000000..d4424957 --- /dev/null +++ b/files/ssh/id_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPRflZEELGDvo49dZ0v9fWjMuXx2hADzT3fsUzuGJmzo6WDI8/MvG2ZPL02i8OuI1HbB200iIReCV7wsjVJ2gobonRxxYh6Ro+3GReBL3ZbtYwBsRSUZkp2sOqOfy3iOQZfmQL0mHETTMnwvwq0PdFPAu6PHo2d4yO0HX6sNdJD2G2dK6VXMKz3CmI1FRzVQx1856fu+z4qpqdEiBrXbYMs8sfCuCBL7/JccwStlhS6vChiF0rodLOxLMTwxdC/Eift5/kfMlt7LtZ+UbZ9ZBhoG4WvPjqI6E9qwEUcCfRAd8/XoLPyqs4I1VR3ZI2zd15eymxalA+6gT4kHaLDNakb8p0fKyecOOUTukIxWpw9YJ4YvlP7MdF9xVOpwD6cqpDiSq076qfkBONFl7g0S3v+t085wuuU9U0ETkwtnn40cRbkjal859PRqwsxakFgIUIB1zIgCvVes08yc3vVaCTn/Nj41d9qrwlUU3/ZSK+7gHK9hCERe+6IyXJ9d0H2+kWc2nARReVYUKLQILoI4vm64T8gvW3UhckxhAKIYBMTYGtwDzqWRuLZ/jt3xz96mUbq4xGHnF8BijrBJ+/8fV2Fz59okEw5f/6XzRr1vjOE826qSwaTdMpMQonlZoaAG8bh1eeD0OgacH2DUtpyXdUz18lLg+c0hcp7zr1O8c1Ew== mini-lab diff --git a/images/Dockerfile.sandbox b/images/Dockerfile.sandbox new file mode 100644 index 00000000..9b008ec6 --- /dev/null +++ b/images/Dockerfile.sandbox @@ -0,0 +1,3 @@ +FROM networkop/ignite:dev + +RUN apk add ethtool diff --git a/images/Dockerfile.vms b/images/Dockerfile.vms new file mode 100644 index 00000000..bcee093d --- /dev/null +++ b/images/Dockerfile.vms @@ -0,0 +1,6 @@ +FROM ubuntu:20.04 + +RUN apt update -y && \ + apt install -y qemu-system-x86 ovmf ifupdown net-tools telnet + +CMD ["/mini-lab/vms_entrypoint.sh"] diff --git a/inventories/group_vars/all/images.yaml b/inventories/group_vars/all/images.yaml index 17a75eef..1b162a58 100644 --- a/inventories/group_vars/all/images.yaml +++ b/inventories/group_vars/all/images.yaml @@ -1,2 +1,3 @@ --- -metal_stack_release_version: v0.7.0 +metal_stack_release_version: v0.8.4 +metal_core_image_tag: pr-dont-turn-off-chassis-led-on-registration diff --git a/inventories/group_vars/control-plane/metal.yml b/inventories/group_vars/control-plane/metal.yml index bc9d7076..47a6e947 100644 --- a/inventories/group_vars/control-plane/metal.yml +++ b/inventories/group_vars/control-plane/metal.yml @@ -41,9 +41,9 @@ metal_api_sizes: max: "{{ '10GB' | humanfriendly }}" metal_api_partitions: - - id: vagrant - name: Vagrant Lab - description: The vagrant lab + - id: mini-lab + name: mini-lab + description: The mini-lab example partition bootconfig: kernelurl: "{{ metal_kernel_url }}" imageurl: "{{ metal_hammer_image_url }}" @@ -51,36 +51,36 @@ metal_api_partitions: privatenetworkprefixlength: 22 metal_api_networks: -- id: tenant-super-network-vagrant +- id: tenant-super-network-mini-lab name: "Project Super Network" description: "Super network of all project networks" nat: false privatesuper: true underlay: false destinationprefixes: [] - partitionid: "vagrant" + partitionid: mini-lab prefixes: - 10.0.0.0/16 -- id: internet-vagrant-lab +- id: internet-mini-lab name: "Virtual Internet Network" - description: "Virtual Internet Network for vagrant-lab" + description: "Virtual Internet Network for mini-lab" nat: true privatesuper: false underlay: false destinationprefixes: - 0.0.0.0/0 - partitionid: "vagrant" + partitionid: "mini-lab" vrf: 104009 prefixes: - 100.255.254.0/24 -- id: underlay-vagrant-lab +- id: underlay-mini-lab name: "Underlay Network" - description: "Underlay Network for vagrant-lab" + description: "Underlay Network for mini-lab" nat: false privatesuper: false underlay: true destinationprefixes: [] - partitionid: "vagrant" + partitionid: "mini-lab" prefixes: - 10.1.0.0/24 diff --git a/inventories/group_vars/control-plane/metal_fsl.yaml b/inventories/group_vars/control-plane/metal_fsl.yaml index de7a424f..c2133123 100644 --- a/inventories/group_vars/control-plane/metal_fsl.yaml +++ b/inventories/group_vars/control-plane/metal_fsl.yaml @@ -11,17 +11,17 @@ metal_api_filesystemlayouts: firewall-ubuntu: "*" filesystems: - path: "/boot/efi" - device: "/dev/sda1" + device: "/dev/vda1" format: "vfat" createoptions: - "-F 32" label: "efi" - path: "/" - device: "/dev/sda2" + device: "/dev/vda2" format: "ext4" label: "root" - path: "/var/lib" - device: "/dev/sda3" + device: "/dev/vda3" format: "ext4" label: "varlib" - path: "/tmp" @@ -29,7 +29,7 @@ metal_api_filesystemlayouts: format: "tmpfs" mountoptions: ["defaults","noatime","nosuid","nodev","noexec","mode=1777","size=512M"] disks: - - device: "/dev/sda" + - device: "/dev/vda" wipeonreinstall: true partitions: - number: 1 @@ -52,13 +52,13 @@ metal_api_filesystemlayouts: images: {} filesystems: - path: "/boot/efi" - device: "/dev/sda1" + device: "/dev/vda1" format: "vfat" createoptions: - "-F 32" label: "efi" - path: "/" - device: "/dev/sda2" + device: "/dev/vda2" format: "ext4" label: "root" - path: "/var/lib" @@ -73,11 +73,11 @@ metal_api_filesystemlayouts: - arrayname: "/dev/md1" level: 1 devices: - - "/dev/sda3" - - "/dev/sda4" + - "/dev/vda3" + - "/dev/vda4" createoptions: ["--metadata", "1.0"] disks: - - device: "/dev/sda" + - device: "/dev/vda" wipeonreinstall: true partitions: - number: 1 @@ -104,13 +104,13 @@ metal_api_filesystemlayouts: images: {} filesystems: - path: "/boot/efi" - device: "/dev/sda1" + device: "/dev/vda1" format: "vfat" createoptions: - "-F 32" label: "efi" - path: "/" - device: "/dev/sda2" + device: "/dev/vda2" format: "ext4" label: "root" - path: "/var/lib" @@ -124,15 +124,15 @@ metal_api_filesystemlayouts: volumegroups: - name: "vg00" devices: - - "/dev/sda3" - - "/dev/sda4" + - "/dev/vda3" + - "/dev/vda4" logicalvolumes: - name: "varlib" volumegroup: "vg00" size: 200 lvmtype: "striped" disks: - - device: "/dev/sda" + - device: "/dev/vda" wipeonreinstall: true partitions: - number: 1 diff --git a/inventories/group_vars/partition/common.yaml b/inventories/group_vars/partition/common.yaml index 7b2509bc..2e2057ff 100644 --- a/inventories/group_vars/partition/common.yaml +++ b/inventories/group_vars/partition/common.yaml @@ -1,6 +1,6 @@ --- metal_partition_timezone: Europe/Berlin -metal_partition_id: vagrant +metal_partition_id: mini-lab metal_partition_metal_api_protocol: http metal_partition_metal_api_addr: api.0.0.0.0.nip.io @@ -8,4 +8,4 @@ metal_partition_metal_api_port: 8080 metal_partition_metal_api_basepath: /metal/ metal_partition_metal_api_hmac_edit_key: metal-edit -metal_partition_mgmt_gateway: 192.168.121.1 +metal_partition_mgmt_gateway: 172.17.0.1 diff --git a/inventories/group_vars/partition/router.yaml b/inventories/group_vars/partition/router.yaml index 594b2386..bdcbc460 100644 --- a/inventories/group_vars/partition/router.yaml +++ b/inventories/group_vars/partition/router.yaml @@ -1,5 +1,5 @@ --- router_nameservers: - - 192.168.121.1 + - 172.17.0.1 - 1.1.1.1 - 1.0.0.1 diff --git a/inventories/partition-static.yaml b/inventories/partition.yaml similarity index 79% rename from inventories/partition-static.yaml rename to inventories/partition.yaml index 79c229c5..0865d511 100644 --- a/inventories/partition-static.yaml +++ b/inventories/partition.yaml @@ -1,7 +1,7 @@ --- # this is the static part of the partition inventory -# the connection details for leaf vms are provided dynamically -# by the vagrant inventory plugin +# the connection details for leaf vms are generated +# by container lab to the mini-lab directory partition: hosts: localhost: @@ -11,31 +11,30 @@ partition: leaves: hosts: - leaf01: + mini-lab-leaf01: lo: 10.0.0.11 asn: 4200000011 metal_core_cidr: 10.0.1.1/24 + dhcp_net: 10.0.1.0 dhcp_netmask: 255.255.255.0 dhcp_range_min: 10.0.1.2 dhcp_range_max: 10.0.1.255 - leaf02: + mini-lab-leaf02: lo: 10.0.0.12 asn: 4200000012 metal_core_cidr: 10.0.1.128/24 vars: ports: 1: 100G - 2: 100G - 3: 100G interfaces: - name: swp1 - - name: swp2 - - name: swp3 uplinks: [] dhcp_server_ip: 10.0.1.1 ansible_python_interpreter: /usr/bin/python + ansible_user: root + ansible_ssh_private_key_file: "{{ playbook_dir }}/files/ssh/id_rsa" # The best practice recommendation is to set an MTU of 9,216 for the inter-switch links, # and an MTU of 9,000 for the server-facing ports, which don’t carry the VXLAN header. @@ -43,7 +42,3 @@ leaves: mtu: vxlan: 9216 default: 9000 - -vagrant: - vars: - ansible_become: yes diff --git a/mini-lab.clab.yaml b/mini-lab.clab.yaml new file mode 100644 index 00000000..d98dde74 --- /dev/null +++ b/mini-lab.clab.yaml @@ -0,0 +1,35 @@ +name: mini-lab +prefix: "" + +mgmt: + network: bridge + +topology: + kinds: + cvx: + image: networkop/cx:3.7.0 + kernel: docker.io/grigoriymikh/kernel:4.1.0 + sandbox: grigoriymikh/sandbox:latest + binds: + - files/ssh/id_rsa.pub:/root/.ssh/authorized_keys + linux: + image: ${MINI_LAB_VM_IMAGE} + + nodes: + leaf01: + kind: cvx + leaf02: + kind: cvx + vms: + kind: linux + binds: + - /dev:/dev + - scripts:/mini-lab + + links: + - endpoints: ["leaf01:swp1", "vms:lan0"] + - endpoints: ["leaf02:swp1", "vms:lan1"] + - endpoints: ["leaf01:swp2", "vms:lan2"] + - endpoints: ["leaf02:swp2", "vms:lan3"] + - endpoints: ["leaf01:swp3", "vms:lan4"] + - endpoints: ["leaf02:swp3", "vms:lan5"] diff --git a/roles/internet/files/frr.tpl b/roles/internet/files/frr.tpl index f733519d..1dfef936 100644 --- a/roles/internet/files/frr.tpl +++ b/roles/internet/files/frr.tpl @@ -12,7 +12,7 @@ debug bgp zebra ! vrf vrfInternet vni 104009 - ip route 0.0.0.0/0 192.168.121.1 nexthop-vrf mgmt + ip route 0.0.0.0/0 172.17.0.1 nexthop-vrf mgmt exit-vrf {{- range $vrf, $t := .Ports.Vrfs }} ! diff --git a/roles/internet/tasks/main.yaml b/roles/internet/tasks/main.yaml index 6df8dc37..9503f15c 100644 --- a/roles/internet/tasks/main.yaml +++ b/roles/internet/tasks/main.yaml @@ -31,14 +31,5 @@ metal_core_additional_bridge_vids: - 4009 -# This removes firewall/SNAT state on both leaves(!) for the virtual internet network -# Otherwise this could happen: -# - local machine uses route to leaf01 for a request -# - the answer from a machine may be send over leaf02 (because of asymmetric routing) -# - leaf02 does not have a state for this connection => drops the response - -- name: delete common masquerade rule - command: iptables -t nat -D POSTROUTING 2 - - name: add masquerade rule that skips virtual internet network command: iptables -t nat -A POSTROUTING ! -s 100.255.254.0/24 -o eth0 -j MASQUERADE diff --git a/roles/metal-python/tasks/main.yaml b/roles/metal-python/tasks/main.yaml new file mode 100644 index 00000000..18cf614f --- /dev/null +++ b/roles/metal-python/tasks/main.yaml @@ -0,0 +1,17 @@ +--- +- name: Gather releases + setup_yaml: + +- name: Install metal-python + block: + - name: Install metal-python {{ metal_api_image_tag }} + pip: + name: + - metal_python=={{ metal_api_image_tag }} + + rescue: + # attempt with latest available client when fitting client is not available + - name: Install latest metal-python (fallback) + pip: + name: + - metal_python \ No newline at end of file diff --git a/roles/registry-certs/tasks/main.yaml b/roles/registry-certs/tasks/main.yaml deleted file mode 100644 index 90bed7ea..00000000 --- a/roles/registry-certs/tasks/main.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: create registry cert directory - file: - path: /etc/docker/certs.d/192.168.121.1:5000 - state: directory - -- name: copy registry certificate - copy: - dest: /etc/docker/certs.d/192.168.121.1:5000/ca.crt - content: "{{ lookup('file', 'certs/registry/ca.pem') }}" - mode: 0640 - no_log: yes diff --git a/scripts/deactivate_offloading.sh b/scripts/deactivate_offloading.sh new file mode 100755 index 00000000..b6d2c47e --- /dev/null +++ b/scripts/deactivate_offloading.sh @@ -0,0 +1,6 @@ +#!/bin/bash +for docker_container_id in $(docker ps | grep ignite | awk '{ print $1 }'); +do + echo "deactivate offloading at veth of leaf switch in docker container ${docker_container_id}" + docker exec "${docker_container_id}" ethtool --offload vm_eth0 tx off +done; diff --git a/scripts/manage_vms.py b/scripts/manage_vms.py new file mode 100755 index 00000000..7d65b767 --- /dev/null +++ b/scripts/manage_vms.py @@ -0,0 +1,162 @@ +#!/usr/bin/env python3 + +import argparse +import os +import signal +import subprocess +import sys + +VMS = { + "machine01": { + "name": "machine01", + "uuid": "e0ab02d2-27cd-5a5e-8efc-080ba80cf258", + "disk-path": "/machine01.img", + "disk-size": "5G", + "memory": "2G", + "tap-index-fd": [(0, 30), (1, 40)], + "serial-port": 4000, + }, + "machine02": { + "name": "machine02", + "uuid": "2294c949-88f6-5390-8154-fa53d93a3313", + "disk-path": "/machine02.img", + "disk-size": "5G", + "memory": "2G", + "tap-index-fd": [(2, 50), (3, 60)], + "serial-port": 4001, + }, + "machine03": { + "name": "machine03", + "uuid": "2a92f14d-d3b1-4d46-b813-5d058103743e", + "disk-path": "/machine03.img", + "disk-size": "5G", + "memory": "2G", + "tap-index-fd": [(4, 70), (5, 80)], + "serial-port": 4002, + }, +} + + +def parse_args(): + parser = argparse.ArgumentParser(description="manages vms in the mini-lab") + parser.add_argument("--names", type=str, help="the machine names to manage", required=True) + + subparsers = parser.add_subparsers(help='sub-command help') + + create = subparsers.add_parser('create', help='creates vms') + create.set_defaults(entry_function="create") + + kill = subparsers.add_parser('kill', help='kills vm processes') + kill.set_defaults(entry_function="kill") + + return parser.parse_args() + + +class Manager: + def __init__(self, args): + self.subcommand = args.entry_function if 'entry_function' in args else None + self.names = [] + if args.names: + self.names = args.names.split(",") + + def run(self): + subcommands = { + "create": self._create, + "kill": self._kill, + } + + command = subcommands.get(self.subcommand) + if not command: + sys.exit("requires valid subcommand: {commands}".format( + commands=list(subcommands.keys()))) + + command() + + + def _machines_from_cmdline(self): + machines = [] + for name in self.names: + if name not in VMS: + sys.exit("machine not found: {name}".format(name=name)) + machines.append(VMS[name]) + return machines + + + def _create(self): + for machine in self._machines_from_cmdline(): + Manager._create_vm_disk(machine.get( + "disk-path"), machine.get("disk-size")) + Manager._start_vm(machine) + + + def _kill(self): + for machine in self._machines_from_cmdline(): + Manager._kill_vm_process(machine.get("uuid")) + + + @staticmethod + def _kill_vm_process(machine_uuid): + for line in os.popen("ps ax | grep qemu-system | grep " + machine_uuid + " | grep -v grep"): + fields = line.split() + if len(fields) == 0: + print("vm process not found") + return + + pid = fields[0] + os.kill(int(pid), signal.SIGKILL) + + + @staticmethod + def _create_vm_disk(path, size): + if os.path.isfile(path): + print("disk already exists") + return + subprocess.run(['qemu-img', 'create', '-f', 'qcow2', path, size]) + + @staticmethod + def _start_vm(machine): + nics = [] + netdevices = [] + for tap in machine.get("tap-index-fd", []): + ifindex = tap[0] + fd = tap[1] + + mac = subprocess.check_output(["cat", "/sys/class/net/macvtap{ifindex}/address".format(ifindex=ifindex)]).decode("utf-8").strip() + tapindex = subprocess.check_output(["cat", "/sys/class/net/macvtap{ifindex}/ifindex".format(ifindex=ifindex)]).decode("utf-8").strip() + + nics.append("nic,model=virtio,macaddr={mac}".format(ifindex=ifindex, mac=mac)) + netdevices.append("tap,fd={fd} {fd}<>/dev/tap{tapindex}".format(fd=fd, tapindex=tapindex)) + + cmd = [ + "qemu-system-x86_64", + "-name", machine.get("name"), + "-uuid", machine.get("uuid"), + "-m", machine.get("memory"), + "-boot", "n", + "-drive", "if=virtio,format=qcow2,file={disk}".format(disk=machine.get("disk-path")), + "-drive", "if=pflash,format=raw,readonly,file=/usr/share/OVMF/OVMF_CODE.fd", + "-drive", "if=pflash,format=raw,file=/usr/share/OVMF/OVMF_VARS.fd", + "-serial", "telnet:127.0.0.1:{port},server,nowait".format(port=machine.get("serial-port")), + "-enable-kvm", + "-nographic", + ] + + for nic in nics: + cmd.append("-net") + cmd.append(nic) + + for device in netdevices: + cmd.append("-net") + cmd.append(device) + + cmd.append("&") + + cmd = " ".join(cmd) + print(cmd) + + subprocess.Popen(cmd, shell=True, executable="/bin/bash") + +if __name__ == '__main__': + args = parse_args() + m = Manager(args) + m.run() diff --git a/scripts/vms_entrypoint.sh b/scripts/vms_entrypoint.sh new file mode 100755 index 00000000..a6814485 --- /dev/null +++ b/scripts/vms_entrypoint.sh @@ -0,0 +1,39 @@ +#!/bin/bash +set -eo pipefail + +# first check if CLAB_INTFS is configured (containerlab's metadata var), defaulting to 0 +INTFS=${CLAB_INTFS:-0} + +# next check if the argument was provided which can override the above +INTFS=${1:-$INTFS} + +echo "Waiting for $INTFS interfaces to be connected" +int_calc () +{ + index=0 + for i in $(ls -1v /sys/class/net/ | grep 'eth\|ens\|eno\|lan' | grep -v eth0); do + let index=index+1 + done + MYINT=$index +} + +int_calc + +while [ "$MYINT" -lt "$INTFS" ]; do + echo "Connected $MYINT interfaces out of $INTFS" + sleep 1 + int_calc +done + +# creating macvtap interfaces for the qemu vms +for i in $(seq 0 5); do + ip link add link lan${i} name macvtap${i} type macvtap mode passthru + ip link set macvtap${i} up + ip link set macvtap${i} promisc on +done + +echo "Connected all interfaces" +ifdown -a || true +ifup -a || true + +tail -f /dev/null diff --git a/vagrant/Vagrantfile.helpers.rb b/vagrant/Vagrantfile.helpers.rb deleted file mode 100644 index 351f1731..00000000 --- a/vagrant/Vagrantfile.helpers.rb +++ /dev/null @@ -1,35 +0,0 @@ -# Helper-Function to create Libvirt Point-to-Point connections to simulate cables btw. VMs -def cable(device:, iface:, mac:, port:, remote_port:) -device.vm.network "private_network", - mac: mac, - libvirt__tunnel_type: 'udp', - libvirt__tunnel_local_port: port, - libvirt__tunnel_port: remote_port, - libvirt__iface_name: iface, - auto_config: false -end - -# Helper-Function to define a Vagrant VM as PXE-Device -def pxe(device:, hostname:, memory:, uuid:) - device.vm.hostname = hostname - device.vm.provider :libvirt do |v| - v.storage :file, size: '6000M', type: 'qcow2', bus: 'sata', device: 'sda' - v.boot 'network' - v.boot 'hd' - v.loader = "/usr/share/OVMF/OVMF_CODE.fd" - v.mgmt_attach = false - v.memory = memory - v.uuid = uuid - end - device.ssh.insert_key = false -end - -# Helper-Function to define a Vagrant VM with a specific box, version and memory -def box(device:, hostname:, box:, box_version:, memory:) - device.vm.hostname = hostname - device.vm.box = box - device.vm.box_version = box_version - device.vm.provider :libvirt do |v| - v.memory = memory - end -end diff --git a/vagrant/provision/common.sh b/vagrant/provision/common.sh deleted file mode 100644 index e62910a0..00000000 --- a/vagrant/provision/common.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/bash - -if grep -q -i 'cumulus' /etc/lsb-release &> /dev/null; then - echo "### RUNNING CUMULUS EXTRA CONFIG ###" - source /etc/lsb-release - if [ -z /etc/app-release ]; then - echo " INFO: Detected NetQ TS Server" - source /etc/app-release - echo " INFO: Running NetQ TS Appliance Version $APPLIANCE_VERSION" - else - if [[ $DISTRIB_RELEASE =~ ^2.* ]]; then - echo " INFO: Detected a 2.5.x Based Release" - echo " adding fake cl-acltool..." - echo -e "#!/bin/bash\nexit 0" > /usr/bin/cl-acltool - chmod 755 /usr/bin/cl-acltool - echo " adding fake cl-license..." - echo -e "#!/bin/bash\nexit 0" > /usr/bin/cl-license - chmod 755 /usr/bin/cl-license - echo " Disabling default remap on Cumulus VX..." - mv -v /etc/init.d/rename_eth_swp /etc/init.d/rename_eth_swp.backup - echo "### Rebooting to Apply Remap..." - elif [[ $DISTRIB_RELEASE =~ ^3.* ]]; then - echo " INFO: Detected a 3.x Based Release ($DISTRIB_RELEASE)" - echo "### Disabling default remap on Cumulus VX..." - mv -v /etc/hw_init.d/S10rename_eth_swp.sh /etc/S10rename_eth_swp.sh.backup &> /dev/null - echo " INFO: Detected Cumulus Linux v$DISTRIB_RELEASE Release" - if [[ $DISTRIB_RELEASE =~ ^3.[1-9].* ]]; then - echo "### Fixing ONIE DHCP to avoid Vagrant Interface ###" - echo " Note: Installing from ONIE will undo these changes." - mkdir /tmp/foo - mount LABEL=ONIE-BOOT /tmp/foo - sed -i 's/eth0/eth1/g' /tmp/foo/grub/grub.cfg - sed -i 's/eth0/eth1/g' /tmp/foo/onie/grub/grub-extra.cfg - umount /tmp/foo - fi - if [[ $DISTRIB_RELEASE =~ ^3.2.* ]]; then - if [[ $(grep "vagrant" /etc/netd.conf | wc -l ) == 0 ]]; then - echo "### Giving Vagrant User Ability to Run NCLU Commands ###" - sed -i 's/users_with_edit = root, cumulus/users_with_edit = root, cumulus, vagrant/g' /etc/netd.conf - sed -i 's/users_with_show = root, cumulus/users_with_show = root, cumulus, vagrant/g' /etc/netd.conf - fi - elif [[ $DISTRIB_RELEASE =~ ^3.[3-9].* ]]; then - echo "### Giving Vagrant User Ability to Run NCLU Commands ###" - adduser vagrant netedit - adduser vagrant netshow - fi - echo "### Disabling ZTP service..." - systemctl stop ztp.service - ztp -d 2>&1 - echo "### Resetting ZTP to work next boot..." - ztp -R 2>&1 - ztp -i 2>&1 - fi - fi -fi -echo "### DONE ###" -# we do the restart from this script via Ansible to make deployment easier to implement and also a bit faster -# echo "### Rebooting Device to Apply Remap..." -# nohup bash -c 'sleep 10; shutdown now -r "Rebooting to Remap Interfaces"' & diff --git a/vagrant/provision/config_switch.sh b/vagrant/provision/config_switch.sh deleted file mode 100755 index eff57f17..00000000 --- a/vagrant/provision/config_switch.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -echo "#################################" -echo " Running Switch Post Config (config_switch.sh)" -echo "#################################" -sudo su - - -## Convenience code. This is normally done in ZTP. - -# Make DHCP occur without delays -echo "retry 1;" >> /etc/dhcp/dhclient.conf - - -echo "#################################" -echo " Finished" -echo "#################################" diff --git a/vagrant/provision/udev_leaf01.sh b/vagrant/provision/udev_leaf01.sh deleted file mode 100644 index 750aa7a7..00000000 --- a/vagrant/provision/udev_leaf01.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -if [ -d "/etc/udev/rules.d/70-persistent-net.rules" ]; then - rm -rfv /etc/udev/rules.d/70-persistent-net.rules &> /dev/null -fi -rm -rfv /etc/udev/rules.d/70-persistent-net.rules &> /dev/null - -echo "#### UDEV Rules (/etc/udev/rules.d/70-persistent-net.rules) ####" -echo " INFO: Adding UDEV Rule: Vagrant interface = eth0" -echo 'ACTION=="add", SUBSYSTEM=="net", ATTR{ifindex}=="2", NAME="eth0", SUBSYSTEMS=="pci"' >> /etc/udev/rules.d/70-persistent-net.rules -echo " INFO: Adding UDEV Rule: 44:38:39:00:00:1a --> swp1" -echo 'ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="44:38:39:00:00:1a", NAME="swp1", SUBSYSTEMS=="pci"' >> /etc/udev/rules.d/70-persistent-net.rules -echo " INFO: Adding UDEV Rule: 44:38:39:00:00:18 --> swp2" -echo 'ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="44:38:39:00:00:18", NAME="swp2", SUBSYSTEMS=="pci"' >> /etc/udev/rules.d/70-persistent-net.rules -echo " INFO: Adding UDEV Rule: 44:38:39:00:00:20 --> swp3" -echo 'ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="44:38:39:00:00:20", NAME="swp3", SUBSYSTEMS=="pci"' >> /etc/udev/rules.d/70-persistent-net.rules - -cat /etc/udev/rules.d/70-persistent-net.rules \ No newline at end of file diff --git a/vagrant/provision/udev_leaf02.sh b/vagrant/provision/udev_leaf02.sh deleted file mode 100644 index 9d6a1d2d..00000000 --- a/vagrant/provision/udev_leaf02.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -if [ -d "/etc/udev/rules.d/70-persistent-net.rules" ]; then - rm -rfv /etc/udev/rules.d/70-persistent-net.rules &> /dev/null -fi -rm -rfv /etc/udev/rules.d/70-persistent-net.rules &> /dev/null - -echo "#### UDEV Rules (/etc/udev/rules.d/70-persistent-net.rules) ####" -echo " INFO: Adding UDEV Rule: Vagrant interface = eth0" -echo 'ACTION=="add", SUBSYSTEM=="net", ATTR{ifindex}=="2", NAME="eth0", SUBSYSTEMS=="pci"' >> /etc/udev/rules.d/70-persistent-net.rules -echo " INFO: Adding UDEV Rule: 44:38:39:00:00:04 --> swp1" -echo 'ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="44:38:39:00:00:04", NAME="swp1", SUBSYSTEMS=="pci"' >> /etc/udev/rules.d/70-persistent-net.rules -echo " INFO: Adding UDEV Rule: 44:38:39:00:00:19 --> swp2" -echo 'ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="44:38:39:00:00:19", NAME="swp2", SUBSYSTEMS=="pci"' >> /etc/udev/rules.d/70-persistent-net.rules -echo " INFO: Adding UDEV Rule: 44:38:39:00:00:21 --> swp3" -echo 'ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="44:38:39:00:00:21", NAME="swp3", SUBSYSTEMS=="pci"' >> /etc/udev/rules.d/70-persistent-net.rules - -cat /etc/udev/rules.d/70-persistent-net.rules \ No newline at end of file