From daf13c3ceb0349370d8a2f0b1f04deed1db04439 Mon Sep 17 00:00:00 2001 From: Sulochan Acharya Date: Sat, 22 Jun 2024 05:29:14 +0100 Subject: [PATCH 01/20] Switch glance store backend to swift This provides the options to move the glance store to swift. We leave the default value to pvc so as not to break existing deployments accidently. Howerver, providing a override on the helm command to --storage=swift will deploy a glance with swift backend. These values should be overwritten in your region specific secrets file to ensure no mistake. --- helm-configs/glance/glance-helm-overrides.yaml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/helm-configs/glance/glance-helm-overrides.yaml b/helm-configs/glance/glance-helm-overrides.yaml index fd643429..3262f060 100644 --- a/helm-configs/glance/glance-helm-overrides.yaml +++ b/helm-configs/glance/glance-helm-overrides.yaml @@ -1,5 +1,5 @@ # radosgw, rbd, swift or pvc -storage: pvc # This should likely be set to swift or rbd in production +storage: swift # Use override to switch to pvc or rbd labels: api: @@ -251,6 +251,10 @@ conf: rbd_store_ceph_conf: /etc/ceph/ceph.conf filesystem_store_datadir: /var/lib/glance/images default_swift_reference: ref1 + swift_auth_address: https://swift.cluster.local + swift_auth_version: 3 + swift_user: glance:glance-store + swift_password: override_from_your_secrets_files swift_store_container: glance swift_store_create_container_on_put: true swift_store_config_file: /etc/glance/swift-store.conf @@ -367,6 +371,11 @@ conf: auth_address = {{ tuple "ceph_object_store" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} user = {{ .Values.endpoints.ceph_object_store.auth.glance.username }}:swift key = {{ .Values.endpoints.ceph_object_store.auth.glance.password }} + {{- else if eq .Values.storage "swift" }} + auth_version = {{ .Values.conf.glance.glance_store.swift_auth_version }} + auth_address = {{ .Values.conf.glance.glance_store.swift_auth_address }} + user = {{ .Values.conf.glance.glance_store.swift_user }} + key = {{ .Values.conf.glance.glance_store.swift_password }} {{- else }} user = {{ .Values.endpoints.identity.auth.glance.project_name }}:{{ .Values.endpoints.identity.auth.glance.username }} key = {{ .Values.endpoints.identity.auth.glance.password }} From 92b6debe31cadacf8c4fab6c63d5b7e05e514071 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Fri, 21 Jun 2024 23:26:50 -0500 Subject: [PATCH 02/20] feat: add pci-passthrough docs to tree (#328) Signed-off-by: cloudnull --- mkdocs.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/mkdocs.yml b/mkdocs.yml index e552003e..3f6b4984 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -220,6 +220,7 @@ nav: - Keystone Readonly Users: openstack-keystone-readonly.md - Nova Flavor Creation: openstack-flavors.md - Nova CPU Allocation Ratio: openstack-cpu-allocation-ratio.md + - Nova PCI Passthrough: openstack-pci-passthrough.md - Service Overrides: openstack-service-overrides.md - Creating Networks: openstack-neutron-networks.md - Glance Images Creation: openstack-glance-images.md From 022a24cf4c9e7af8abdef252f6b6b9e0b7601ae7 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Fri, 21 Jun 2024 23:30:46 -0500 Subject: [PATCH 03/20] fix: shell formating in pci passthrough (#329) Signed-off-by: cloudnull --- docs/openstack-pci-passthrough.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/openstack-pci-passthrough.md b/docs/openstack-pci-passthrough.md index a6fdd8af..e128ea67 100644 --- a/docs/openstack-pci-passthrough.md +++ b/docs/openstack-pci-passthrough.md @@ -145,7 +145,7 @@ lspci | grep -i nvidia Assuming this is running an NVIDIA GPU, you can run install the relevant drivers and run the `nvidia-smi` command to validate everything is running normally. -``` shell "Example nvidia GPU running in a VM" +``` shell title="Example nvidia GPU running in a VM" +-----------------------------------------------------------------------------+ | NVIDIA-SMI 525.147.05 Driver Version: 525.147.05 CUDA Version: 12.0 | |-------------------------------+----------------------+----------------------+ From 48920c7389e3cd4ac38b3a0ee8b55a7ef7584bab Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Sat, 22 Jun 2024 09:31:37 -0500 Subject: [PATCH 04/20] fix: add more scheduler docs (#331) Signed-off-by: cloudnull --- docs/openstack-pci-passthrough.md | 44 +++++++++++++++-------------- docs/openstack-service-overrides.md | 22 +++++++++------ 2 files changed, 37 insertions(+), 29 deletions(-) diff --git a/docs/openstack-pci-passthrough.md b/docs/openstack-pci-passthrough.md index e128ea67..3a7ed7ea 100644 --- a/docs/openstack-pci-passthrough.md +++ b/docs/openstack-pci-passthrough.md @@ -145,27 +145,29 @@ lspci | grep -i nvidia Assuming this is running an NVIDIA GPU, you can run install the relevant drivers and run the `nvidia-smi` command to validate everything is running normally. -``` shell title="Example nvidia GPU running in a VM" -+-----------------------------------------------------------------------------+ -| NVIDIA-SMI 525.147.05 Driver Version: 525.147.05 CUDA Version: 12.0 | -|-------------------------------+----------------------+----------------------+ -| GPU Name Persistence-M| Bus-Id Disp.A | Volatile Uncorr. ECC | -| Fan Temp Perf Pwr:Usage/Cap| Memory-Usage | GPU-Util Compute M. | -| | | MIG M. | -|===============================+======================+======================| -| 0 Quadro P2000 On | 00000000:06:00.0 Off | N/A | -| 50% 40C P8 6W / 75W | 1MiB / 5120MiB | 0% Default | -| | | N/A | -+-------------------------------+----------------------+----------------------+ - -+-----------------------------------------------------------------------------+ -| Processes: | -| GPU GI CI PID Type Process name GPU Memory | -| ID ID Usage | -|=============================================================================| -| No running processes found | -+-----------------------------------------------------------------------------+ -``` +!!! example "Example nvidia GPU running in a VM" + + ``` shell + +-----------------------------------------------------------------------------+ + | NVIDIA-SMI 525.147.05 Driver Version: 525.147.05 CUDA Version: 12.0 | + |-------------------------------+----------------------+----------------------+ + | GPU Name Persistence-M| Bus-Id Disp.A | Volatile Uncorr. ECC | + | Fan Temp Perf Pwr:Usage/Cap| Memory-Usage | GPU-Util Compute M. | + | | | MIG M. | + |===============================+======================+======================| + | 0 Quadro P2000 On | 00000000:06:00.0 Off | N/A | + | 50% 40C P8 6W / 75W | 1MiB / 5120MiB | 0% Default | + | | | N/A | + +-------------------------------+----------------------+----------------------+ + + +-----------------------------------------------------------------------------+ + | Processes: | + | GPU GI CI PID Type Process name GPU Memory | + | ID ID Usage | + |=============================================================================| + | No running processes found | + +-----------------------------------------------------------------------------+ + ``` ## Common Issues diff --git a/docs/openstack-service-overrides.md b/docs/openstack-service-overrides.md index b7fb73d4..271b10e3 100644 --- a/docs/openstack-service-overrides.md +++ b/docs/openstack-service-overrides.md @@ -8,11 +8,22 @@ Label-based overrides allow you to configure service-specific settings for an en ### Example: Helm Label Overrides YAML -The following YAML example demonstrates how to set label-based overrides: +The following YAML example demonstrates how to set label-based overrides for a cloud deployment that will have two different cpu types, enables some additional scheduler filters by default, and defines a set of shared CPUs that can be used on a given compute host for heterogeneous computing. + +| cpu-types | config overrides | +| ----------- | ---------- | +| default | Sets an alias for the p2000 GPU for passthrough. Enables additional scheduler filters | +| amd-3900 | Sets a single reserved core for the host. Sets a PCI device specification in support of the p2000 GPU for passthrough. | +| intel-12700 | Sets a set of shared CPUs (used to ensure nova only schedules to P-Cores). | ``` yaml title="Configuration Overrides using Labels" conf: nova: + filter_scheduler: + enabled_filters: >- + ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter, + ServerGroupAffinityFilter,PciPassthroughFilter + available_filters: nova.scheduler.filters.all_filters pci: alias: >- {"vendor_id": "10de", "product_id": "1c30", "device_type": "type-PCI", "name": "p2000"} @@ -30,24 +41,19 @@ conf: pci: device_spec: >- {"vendor_id": "10de", "product_id": "1c30"} - filter_scheduler: - enabled_filters: >- - ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter, - ServerGroupAffinityFilter,PciPassthroughFilter - available_filters: nova.scheduler.filters.all_filters - label: key: openstack-compute-cpu-type # Defines a KEY values: - "intel-12700" # Defines a VALUE conf: nova: - DEFAULT: + compute: cpu_shared_set: "0-15" ``` !!! note "PCI-Passthrough and Filters Notice" - The above overrides are used to [passthrough a PCI](https://docs.openstack.org/nova/latest/admin/pci-passthrough.html) device in support of a GPU type. For more information on GPU passthrough, and how to interact with some of the [advanced scheduling](https://docs.openstack.org/nova/latest/admin/scheduling.html) filter capabilities found in OpenStack, have a look at the official upstream documentation. + The above overrides are used to [passthrough a PCI](openstack-pci-passthrough.md) device in support of a GPU type. For more information on GPU passthrough, and how to interact with some of the [advanced scheduling](https://docs.openstack.org/nova/latest/admin/scheduling.html) filter capabilities found in OpenStack, have a look at the official upstream documentation. #### Label Overrides Explanation From 8f4fd3c70d6196cf84d51dc5e5b6ea7f872e4e36 Mon Sep 17 00:00:00 2001 From: Adam Fabian Date: Tue, 25 Jun 2024 14:54:46 -0500 Subject: [PATCH 05/20] Add playbook to set uniform service types for all subnets of a network. (#326) * Add playbook to set uniform service types for all subnets of a network. In particular, we want to set some service types for all subnets of PUBLICNET to disallow instances from creating a server with a port on the PUBLICNET, so that they have to use floating IPs, and the playbook run defaults to that network and the service types to enforce that. JIRA:OSPC-474 * Minor improvements to ansible/playbooks/network-service-types.yaml JIRA:OSPC-474 --- ansible/playbooks/network-service-types.yaml | 130 +++++++++++++++++++ justfile | 23 ++++ 2 files changed, 153 insertions(+) create mode 100644 ansible/playbooks/network-service-types.yaml create mode 100644 justfile diff --git a/ansible/playbooks/network-service-types.yaml b/ansible/playbooks/network-service-types.yaml new file mode 100644 index 00000000..777b0657 --- /dev/null +++ b/ansible/playbooks/network-service-types.yaml @@ -0,0 +1,130 @@ +# This playbook ensures all subnets of a given network have the specified +# service types, but has defaults to prevent nova instances from connecting +# directly to a network named PUBLICNET (so that they have to use floating IPs.) +# +# This works by setting service types network:floatingip, +# network:router_gateway, and network:distributed on all subnets of PUBLICNET +# (or the specified network.) +# +# Usage: +# +# ansible-playbook publicnet.yaml +# +# Optionally, -e network_name=, and/or -e revert=true to remove +# the above-listed service types from the subnets of the network. +# +# It saves a copy of the subnets every time you run the playbook (unless you +# use something like -e save_copy=false) +# +# Dependencies: +# +# - You will need a working clouds.yaml. You can see how to generate one in: +# $GENESTACK/docs/openstack-clouds.md +# - a working `openstack` command +# - unfortunately, the Ansible collection openstack.cloud can only create +# and delete subnets, not modify them +# - Ansible collection openstack.cloud +# - however, you probably will not need to install this because you will +# typically find this already available in the venv the genestack creates +# for the 'root' user on the bastion by default +# +# See comments at the end of the playbook for an example of creating network(s) +# to test on, since you can use -e network_name and specify a test network. + +- name: Set service types on subnets to prevent instances from connecting directly to PUBLICNET + hosts: localhost + gather_facts: false + + vars: + cloud: default + network_name: PUBLICNET + revert: false + save_copy: true + service_types: + - 'network:floatingip' + - 'network:router_gateway' + - 'network:distributed' + + tasks: + + - name: List cloud networks + openstack.cloud.networks_info: + cloud: "{{ cloud }}" + name: "{{ network_name }}" + register: networks_result + + - name: Fail unless matching one network. + fail: + msg: "Failed to match exactly one network. Try -e network_name=" + when: + - networks_result.networks | length != 1 + + - name: Get subnet info + openstack.cloud.subnets_info: + cloud: "{{ cloud }}" + name: "{{ item }}" + register: subnets_result + loop: "{{ networks_result.networks[0].subnet_ids }}" + + - name: Gather timestamp for subnet backup info + ansible.builtin.setup: + filter: "ansible_date_time" + when: save_copy | bool + + # If we operated on the wrong subnet or it has some complicated set of + # service types, we have a full copy of what everything looked like before + # the playbook changed anything and can manually fix it. + - name: Save a copy of pre-change subnet info + # While saving a file should technically result in an Ansible 'changed', + # I only wanted to see 'changed' when Ansible changes service types on + # subnets. + # + # While the task never reports 'changed', it can still fail the playbook + # run, which seems like desirable behavior if we couldn't save a copy. + changed_when: false + copy: + content: > + {{ item.subnets[0] }} + dest: "{{ item.subnets[0].id }}_{{ ansible_date_time.year }}-{{ ansible_date_time.month }}-{{ ansible_date_time.day }}-{{ ansible_date_time.hour }}-{{ ansible_date_time.minute }}-{{ ansible_date_time.second }}.json" + when: save_copy | bool + loop: "{{ subnets_result.results }}" + + # Unfortunately, openstack.cloud.subnet cannot modify subnets. It can only + # create and delete them: https://docs.ansible.com/ansible/latest/collections/openstack/cloud/subnet_module.html#ansible-collections-openstack-cloud-subnet-module + # We have to use the CLI tool here (or the raw Neutron API; we just can't + # use the module.) + # + # If you try to set a service type that already exists on a subnet, Neutron + # will take a very long time and then give you a http 409, so in addition + # to generating one Ansible 'change' per service type and subnet changed + # (which seems good), we definitely have to set only the ones the subnet + # doesn't already have anyway, so we loop through the full cross-product + # of subnets and service types here. + - name: Set service types on subnets. + shell: > + openstack subnet set {{ item.0.subnets[0].id }} --service-type {{ item.1 }} + loop: "{{ subnets_result.results | product(service_types) | list }}" + when: + - item.1 not in item.0.subnets[0].service_types + - not revert | bool + + # Unsetting only happens on 'revert'. + - name: Unset service types on subnets. + shell: > + openstack subnet unset {{ item.0.subnets[0].id }} --service-type {{ item.1 }} + loop: "{{ subnets_result.results | product(service_types) | list }}" + when: + - item.1 in item.0.subnets[0].service_types + - revert | bool + +# Test network +# +# You can easily create a test network with a few subnets to see how this works, +# if desired: +# +# openstack network create testnet +# openstack subnet create testsubnet \ +# --network testnet --subnet-range 192.168.8.0/24 +# openstack subnet create testsubnet2 \ +# --network testnet --subnet-range 192.168.9.0/24 +# ansible-playbook -e network_name=testnet diff --git a/justfile b/justfile new file mode 100644 index 00000000..30784191 --- /dev/null +++ b/justfile @@ -0,0 +1,23 @@ +justfile-checkout: + cd {{ justfile_directory() }}; \ + git checkout justfile -- justfile + +_sync USERHOST: + dir=$(basename $(pwd)); \ + cd {{ justfile_directory() }}; \ + rsync -avz --delete --exclude .git -e ssh . {{ USERHOST }}:$dir + +sync ENV: + case {{ ENV }} in \ + lab) \ + userhost=ubuntu@63.131.145.238 ;; \ + sjc) \ + userhost="gu=adam5637@adam5637@66.70.54.105@support.dfw1.gateway.rackspace.com" ;; \ + sjc-ubuntu) \ + userhost="gu=adam5637@ubuntu@66.70.54.105@support.dfw1.gateway.rackspace.com" ;; \ + dfw) \ + userhost="gu=adam5637@adam5637@10.5.83.147@support.dfw1.gateway.rackspace.com" ;; \ + dfw-ubuntu) \ + userhost="gu=adam5637@ubuntu@10.5.83.147@support.dfw1.gateway.rackspace.com" ;; \ + esac ; \ + just _sync $userhost From 1b4f717032b23b31c3e6939034f89533a44e8d4d Mon Sep 17 00:00:00 2001 From: Sowmya Nethi Date: Wed, 26 Jun 2024 20:04:13 +0530 Subject: [PATCH 06/20] Corrected image reference in Skyline deployment YAML. (#332) * Updated Skyline Image with correct keystoneAuth URL in downloaded openrc * Corrected image reference in Skyline deployment YAML. --- kustomize/skyline/base/deployment-apiserver.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kustomize/skyline/base/deployment-apiserver.yaml b/kustomize/skyline/base/deployment-apiserver.yaml index 3a923f06..79de0cb0 100644 --- a/kustomize/skyline/base/deployment-apiserver.yaml +++ b/kustomize/skyline/base/deployment-apiserver.yaml @@ -317,7 +317,7 @@ spec: key: prometheus_endpoint optional: true - name: skyline-apiserver-db-migrate - image: "ghcr.io/rackerlabs/skyline-rxt:master-ubuntu_jammy-1718885915" + image: "ghcr.io/rackerlabs/skyline-rxt:master-ubuntu_jammy-1719410798" imagePullPolicy: IfNotPresent resources: requests: @@ -340,7 +340,7 @@ spec: readOnly: true containers: - name: skyline-apiserver - image: "ghcr.io/rackerlabs/skyline-rxt:master-ubuntu_jammy-1718885915" + image: "ghcr.io/rackerlabs/skyline-rxt:master-ubuntu_jammy-1719410798" imagePullPolicy: IfNotPresent resources: limits: From 98c898ec2e42f25c5f05c5bc2df81b1db65618bc Mon Sep 17 00:00:00 2001 From: Chris Blumentritt Date: Thu, 27 Jun 2024 10:22:50 -0500 Subject: [PATCH 07/20] Update kubernetes.core ansible collection to 3.2.0 (#334) The kubernetes.core ansible collection needs to updated to 3.2.0 to utilize the enable_helm attribute of the kubernetes.core.kustomize.lookup which was added in 3.1.0 See: - https://github.com/ansible-collections/kubernetes.core/blob/main/CHANGELOG.rst#v3-1-0 - https://github.com/ansible-collections/kubernetes.core/issues/568 Ansible task example: - name: Deply mariadb operator kubernetes.core.k8s: definition: "{{ lookup('kubernetes.core.kustomize', binary_path='/usr/local/bin/kubectl', dir='/opt/genestack/kustomize/mariadb-operator', enable_helm=True) }}" namespace: mariadb-system apply: true server_side_apply: field_manager: ansible force_conflicts: true state: present When the play is run with kubernetes .core 3.0.0 ``` (genestack) ubuntu@openstack-flex-launcher-cluster-local:/opt/genestack$ ansible-galaxy collection list| grep kub kubernetes.core 3.0.0 kubernetes.core 2.4.0 (genestack) ubuntu@openstack-flex-launcher-cluster-local:/opt/genestack$ export SSH_AUTH_SOCK=/tmp/ssh-XXXXEaumni/agent.109689 (genestack) ubuntu@openstack-flex-launcher-cluster-local:/opt/genestack$ ansible-playbook ~/genestack_post_deploy.yaml --tag mariadb [WARNING]: * Failed to parse /etc/genestack/inventory/inventory.yaml.example with ini plugin: Invalid host pattern 'all:' supplied, ending in ':' is not allowed, this character is reserved to provide a port. [WARNING]: Unable to parse /etc/genestack/inventory/inventory.yaml.example as an inventory source [WARNING]: Skipping 'apiVersion' as this is not a valid group definition [WARNING]: Skipping 'kind' as this is not a valid group definition [WARNING]: Skipping key (name) in group (metadata) as it is not a mapping, it is a [WARNING]: Skipping unexpected key (annotations) in group (metadata), only "vars", "children" and "hosts" are valid PLAY [Label stoage nodes] ****************************************************************************************************************************************************** PLAY [Label control plane nodes] *********************************************************************************************************************************************** PLAY [Label nova compute nodes] ************************************************************************************************************************************************ PLAY [Label openstack network nodes] ******************************************************************************************************************************************* [WARNING]: Could not match supplied host pattern, ignoring: openstack_worker_nodes PLAY [Label worker nodes] ****************************************************************************************************************************************************** PLAY [Remove taint from controllers] ******************************************************************************************************************************************* PLAY [Deploy k8s dashboard] **************************************************************************************************************************************************** PLAY [Deploy prometheus] ******************************************************************************************************************************************************* PLAY [Make helm charts] ******************************************************************************************************************************************************** PLAY [Ceph internal] *********************************************************************************************************************************************************** PLAY [OpenStack namespace] ***************************************************************************************************************************************************** PLAY [MariaDB] ***************************************************************************************************************************************************************** TASK [Gathering Facts] ********************************************************************************************************************************************************* ok: [localhost] TASK [Get secret if exists] **************************************************************************************************************************************************** ok: [localhost] TASK [Create secret if it does not exist] ************************************************************************************************************************************** skipping: [localhost] TASK [Set cluster name in kustomize file] ************************************************************************************************************************************** ok: [localhost] TASK [Deply mariadb operator] ************************************************************************************************************************************************** fatal: [localhost]: FAILED! => {"msg": "kustomize command failed with: error: trouble configuring builtin HelmChartInflationGenerator with config: `\nincludeCRDs: true\nname: m ariadb-operator\nnamespace: mariadb-system\nreleaseName: mariadb-operator\nrepo: https://mariadb-operator.github.io/mariadb-operator\nvaluesInline:\n affinity:\n nodeAffini ty:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: node-role.kubernetes.io/worker\n operator: In\n values:\n - worker\n clusterName: cluster.local\n metrics:\n enabled: true\n webhook:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: node-role.kubernetes.io/worker\n o perator: In\n values:\n - worker\n cert:\n certManager:\n enabled: true\nversion: 0.28.1\n`: must specify --enable-helm\n"} PLAY RECAP ********************************************************************************************************************************************************************* localhost : ok=3 changed=0 unreachable=0 failed=1 skipped=1 rescued=0 ignored=0 (genestack) ubuntu@openstack-flex-launcher-cluster-local:/opt/genestack$ ``` When the play is run with kubernetes.core 3.2.0 ``` (genestack) ubuntu@openstack-flex-launcher-cluster-local:/opt/genestack$ ansible-galaxy collection list| grep kub kubernetes.core 3.2.0 kubernetes.core 2.4.0 (genestack) ubuntu@openstack-flex-launcher-cluster-local:/opt/genestack$ ansible-playbook ~/genestack_post_deploy.yaml --tag mariadb [WARNING]: * Failed to parse /etc/genestack/inventory/inventory.yaml.example with ini plugin: Invalid host pattern 'all:' supplied, ending in ':' is not allowed, this character is reserved to provide a port. [WARNING]: Unable to parse /etc/genestack/inventory/inventory.yaml.example as an inventory source [WARNING]: Skipping 'apiVersion' as this is not a valid group definition [WARNING]: Skipping 'kind' as this is not a valid group definition [WARNING]: Skipping key (name) in group (metadata) as it is not a mapping, it is a [WARNING]: Skipping unexpected key (annotations) in group (metadata), only "vars", "children" and "hosts" are valid PLAY [Label stoage nodes] ****************************************************************************************************************************************************** PLAY [Label control plane nodes] *********************************************************************************************************************************************** PLAY [Label nova compute nodes] ************************************************************************************************************************************************ PLAY [Label openstack network nodes] ******************************************************************************************************************************************* [WARNING]: Could not match supplied host pattern, ignoring: openstack_worker_nodes PLAY [Label worker nodes] ****************************************************************************************************************************************************** PLAY [Remove taint from controllers] ******************************************************************************************************************************************* PLAY [Deploy k8s dashboard] **************************************************************************************************************************************************** PLAY [Deploy prometheus] ******************************************************************************************************************************************************* PLAY [Make helm charts] ******************************************************************************************************************************************************** PLAY [Ceph internal] *********************************************************************************************************************************************************** PLAY [OpenStack namespace] ***************************************************************************************************************************************************** PLAY [MariaDB] ***************************************************************************************************************************************************************** TASK [Gathering Facts] ********************************************************************************************************************************************************* ok: [localhost] TASK [Get secret if exists] **************************************************************************************************************************************************** ok: [localhost] TASK [Create secret if it does not exist] ************************************************************************************************************************************** skipping: [localhost] TASK [Set cluster name in kustomize file] ************************************************************************************************************************************** ok: [localhost] TASK [Deply mariadb operator] ************************************************************************************************************************************************** changed: [localhost] TASK [Wait for mariadb operator webhook pod conditions] ************************************************************************************************************************ ok: [localhost] => (item=Ready) ok: [localhost] => (item=ContainersReady) PLAY RECAP ********************************************************************************************************************************************************************* localhost : ok=5 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 (genestack) ubuntu@openstack-flex-launcher-cluster-local:/opt/genestack$ ``` And the playbook completes without error. Signed-off-by: Chris Blumentritt --- ansible-collection-requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible-collection-requirements.yml b/ansible-collection-requirements.yml index 0ab07c43..9d9836f2 100644 --- a/ansible-collection-requirements.yml +++ b/ansible-collection-requirements.yml @@ -12,5 +12,5 @@ collections: version: 2.1.0 type: git - name: https://github.com/ansible-collections/kubernetes.core - version: 3.0.0 + version: 3.2.0 type: git From f3df157175303c8c0f1f673ebc9978cdc58ca3fb Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Thu, 27 Jun 2024 10:23:09 -0500 Subject: [PATCH 08/20] feat: update the service-user docs (#333) Signed-off-by: Kevin Carter --- docs/openstack-keystone-readonly.md | 118 ++++++++++++++++++++++++---- 1 file changed, 104 insertions(+), 14 deletions(-) diff --git a/docs/openstack-keystone-readonly.md b/docs/openstack-keystone-readonly.md index 93d0b115..80ba713b 100644 --- a/docs/openstack-keystone-readonly.md +++ b/docs/openstack-keystone-readonly.md @@ -1,18 +1,18 @@ -# Create a Readonly User +# Create a Platform Services Project The following commands will setup a readonly user which is able to read data across domains. -## Create the VMM user and project +## Create the platform-services user and project -After running the following commands, a readonly user (example: `vmm`) will have read only access to everything under the `default` and `rackspace_cloud_domain` domains. +After running the following commands, a readonly user (example: `platform-services`) will have read only access to everything under the `default` and `rackspace_cloud_domain` domains. ### Create a project ``` shell -openstack --os-cloud default project create --description 'vmm enablement' vmm --domain default +openstack --os-cloud default project create --description 'platform-services enablement' platform-services --domain default ``` -### Create a new user +#### Create a new zamboni user !!! tip "Make sure to set the password accordingly" @@ -21,29 +21,119 @@ openstack --os-cloud default project create --description 'vmm enablement' vmm - ``` ``` shell -openstack --os-cloud default user create --project vmm --password ${PASSWORD} vmm --domain default +openstack --os-cloud default user create --project zamboni --password ${PASSWORD} platform-services --domain default ``` -### Add the member role to the new user +##### Add the member role to the new user ``` shell -openstack --os-cloud default role add --user vmm --project vmm member --inherited +openstack --os-cloud default role add --user zamboni --project platform-services member --inherited ``` -### Add the reader roles for user `vmm` to the `default` domain +##### Add the reader roles for user `zamboni` to the `default` domain ``` shell -openstack --os-cloud default role add --user vmm --domain default reader --inherited +openstack --os-cloud default role add --user zamboni --domain default reader --inherited ``` -### Add the reader role for user `vmm` to the `rackspace_cloud_domain` domain +##### Add the reader role for user `zamboni` to the `rackspace_cloud_domain` domain ``` shell -openstack --os-cloud default role add --user vmm --domain rackspace_cloud_domain reader --inherited +openstack --os-cloud default role add --user zamboni --domain rackspace_cloud_domain reader --inherited ``` -### Add the reader role for user `vmm` to the system +##### Add the reader role for user `zamboni` to the system ``` shell -openstack --os-cloud default role add --user vmm --system all reader +openstack --os-cloud default role add --user zamboni --system all reader +``` + +#### Create a new member user + +!!! tip "Make sure to set the password accordingly" + + ``` shell + PASSWORD=SuperSecrete + ``` + +``` shell +openstack --os-cloud default user create --project platform-services --password ${PASSWORD} platform-services --domain default +``` + +##### Add the member role to the new platform-services user + +``` shell +openstack --os-cloud default role add --user platform-services --project platform-services member --inherited +``` + +#### Create a new core user + +!!! tip "Make sure to set the password accordingly" + + ``` shell + PASSWORD=SuperSecrete + ``` + +``` shell +openstack --os-cloud default user create --project platform-services-core --password ${PASSWORD} platform-services --domain default +``` + +##### Add the member role to the new core user + +``` shell +openstack --os-cloud default role add --user platform-services-core --project platform-services member --inherited +``` + +##### Add the reader roles for user `platform-services-core` to the `default` domain + +``` shell +openstack --os-cloud default role add --user platform-services-core --domain default reader --inherited +``` + +##### Add the reader role for user `platform-services-core` to the `rackspace_cloud_domain` domain + +``` shell +openstack --os-cloud default role add --user platform-services-core --domain rackspace_cloud_domain reader --inherited +``` + +##### Add the reader role for user `platform-services-core` to the system + +``` shell +openstack --os-cloud default role add --user platform-services-core --system all reader +``` + +#### Create a new alt user + +!!! tip "Make sure to set the password accordingly" + + ``` shell + PASSWORD=SuperSecrete + ``` + +``` shell +openstack --os-cloud default user create --project platform-services-core-alt --password ${PASSWORD} platform-services --domain default +``` + +##### Add the member role to the new core-alt user + +``` shell +openstack --os-cloud default role add --user platform-services-core-alt --project platform-services member --inherited +``` + +##### Add the reader roles for user `platform-services-core-alt` to the `default` domain + +``` shell +openstack --os-cloud default role add --user platform-services-core-alt --domain default reader --inherited +``` + +##### Add the reader role for user `platform-services-core-alt` to the `rackspace_cloud_domain` domain + +``` shell +openstack --os-cloud default role add --user platform-services-core-alt --domain rackspace_cloud_domain reader --inherited +``` + +##### Add the reader role for user `platform-services-core-alt` to the system + +``` shell +openstack --os-cloud default role add --user platform-services-core-alt --system all reader ``` From e2f078842143e3241b5de9986224c0934ace17fd Mon Sep 17 00:00:00 2001 From: aedan Date: Thu, 27 Jun 2024 15:43:09 -0500 Subject: [PATCH 09/20] onfig and Secrets change --- bootstrap.sh => bin/bootstrap.sh | 6 + bin/create-secrets.sh | 495 ++++++++++++++++++ bin/install-ceilometer.sh | 23 + bin/install-cinder.sh | 18 + bin/install-glance.sh | 17 + bin/install-gnocchi.sh | 16 + bin/install-heat.sh | 14 + bin/install-keystone.sh | 18 + bin/install-neutron.sh | 26 + bin/install-nova.sh | 29 + bin/install-octavia.sh | 20 + bin/install-placement.sh | 15 + bin/install-postgresql.sh | 12 + bin/install-skyline.sh | 2 + bin/label-nodes.sh | 57 ++ bin/setup-hosts.sh | 8 + bin/setup-openstack.sh | 27 + docs/genestack-getting-started.md | 2 +- docs/infrastructure-postgresql.md | 5 +- docs/openstack-ceilometer.md | 5 +- docs/openstack-cinder.md | 14 +- docs/openstack-compute-kit.md | 15 +- docs/openstack-glance.md | 7 +- docs/openstack-gnocchi.md | 7 +- docs/openstack-heat.md | 7 +- docs/openstack-horizon.md | 7 +- docs/openstack-keystone.md | 7 +- docs/openstack-octavia.md | 7 +- docs/openstack-skyline.md | 7 +- .../aio-example-openstack-overrides.yaml | 0 .../ceilometer/ceilometer-helm-overrides.yaml | 0 .../cinder/cinder-helm-overrides.yaml | 0 .../designate/designate-helm-overrides.yaml | 0 .../fluentbit/README.md | 0 .../fluentbit/fluentbit-helm-overrides.yaml | 0 .../glance/glance-helm-overrides.yaml | 0 .../gnocchi/gnocchi-helm-overrides.yaml | 0 .../grafana/README.md | 0 .../grafana/datasources.yaml | 0 .../grafana/overrides.yaml | 0 .../heat/heat-helm-overrides.yaml | 0 .../horizon/horizon-helm-overrides.yaml | 0 .../keystone/keystone-helm-overrides.yaml | 0 .../loki-helm-minio-overrides-example.yaml | 0 .../loki/loki-helm-s3-overrides-example.yaml | 0 .../loki-helm-swift-overrides-example.yaml | 0 .../openstack-metrics-exporter/clouds-yaml | 0 ...stack-metrics-exporter-helm-overrides.yaml | 0 .../neutron/neutron-helm-overrides.yaml | 0 .../nginx-gateway-fabric/helm-overrides.yaml | 0 .../nova/nova-helm-overrides.yaml | 0 .../octavia/octavia-helm-overrides.yaml | 0 .../osie/osie-helm-overrides.yaml | 0 .../placement/placement-helm-overrides.yaml | 0 .../postgresql/postgresql-helm-overrides.yaml | 0 .../prod-example-openstack-overrides.yaml | 0 .../argocd/base/kustomization.yaml | 0 .../argocd/base/namespace.yaml | 0 .../argocd/base/values.yaml | 0 .../backups/etcd/etcd-backup.yaml | 0 .../backups/etcd/kustomization.yaml | 0 .../cinder/aio/kustomization.yaml | 0 .../cinder/base/cinder-mariadb-database.yaml | 0 .../cinder/base/cinder-rabbitmq-queue.yaml | 0 .../cinder/base/hpa-cinder-api.yaml | 0 .../cinder/base/hpa-cinder-scheduler.yaml | 0 .../cinder/base/kustomization.yaml | 0 .../cinder/letsencrypt/kustomization.yaml | 0 .../designate/aio/kustomization.yaml | 0 .../base/designate-mariadb-database.yaml | 0 .../base/designate-rabbitmq-queue.yaml | 0 .../designate/base/hpa-designate-api.yaml | 0 .../designate/base/kustomization.yaml | 0 .../designate/letsencrypt/kustomization.yaml | 0 .../gateway/alertmanager-routes.yaml | 0 .../gateway/internal-gateway-api.yaml | 0 .../gateway/kustomization.yaml | 0 .../gateway/prometheus-routes.yaml | 0 .../glance/aio/kustomization.yaml | 0 .../glance/base/glance-mariadb-database.yaml | 0 .../glance/base/glance-rabbitmq-queue.yaml | 0 .../glance/base/hpa-glance-api.yaml | 0 .../glance/base/kustomization.yaml | 0 .../glance/letsencrypt/kustomization.yaml | 0 .../gnocchi/base/configmap-bin.yaml | 0 .../gnocchi/base/gnocchi-temp-keyring.yaml | 0 .../gnocchi/base/kustomization.yaml | 0 .../grafana/base/azure-client-secret.yaml | 0 .../grafana/base/datasources.yaml | 0 .../grafana/base/example-cert.pem | 0 .../grafana/base/example-key.pem | 0 .../grafana/base/grafana-database.yaml | 0 .../grafana/base/grafana-values.yaml | 0 .../grafana/base/kustomization.yaml | 0 .../grafana/base/ns-grafana.yaml | 0 .../heat/aio/kustomization.yaml | 0 .../heat/base/heat-mariadb-database.yaml | 0 .../heat/base/heat-rabbitmq-queue.yaml | 0 .../heat/base/hpa-heat-api.yaml | 0 .../heat/base/hpa-heat-cfn.yaml | 0 .../heat/base/hpa-heat-engine.yaml | 0 .../heat/base/kustomization.yaml | 0 .../heat/letsencrypt/kustomization.yaml | 0 .../horizon/aio/kustomization.yaml | 0 .../base/horizon-mariadb-database.yaml | 0 .../horizon/base/hpa-horizon-api.yaml | 0 .../horizon/base/kustomization.yaml | 0 .../horizon/letsencrypt/kustomization.yaml | 0 .../external/helm/ingress-helm-overrides.yaml | 0 .../ingress/external/kustomization.yaml | 0 .../ingress/external/ns-ingress-nginx.yaml | 0 .../internal/helm/ingress-helm-overrides.yaml | 0 .../ingress/internal/kustomization.yaml | 0 .../k8s-dashboard/dashboard-rbac-default.yaml | 0 .../k8s-dashboard/kustomization.yaml | 0 .../keystone/aio/kustomization.yaml | 0 .../keystone/base/hpa-keystone-api.yaml | 0 .../base/keystone-mariadb-database.yaml | 0 .../base/keystone-rabbitmq-queue.yaml | 0 .../keystone/base/kustomization.yaml | 0 .../keystone/letsencrypt/kustomization.yaml | 0 {kustomize => kustomize.example}/kustomize.sh | 0 .../libvirt/helm/libvirt-helm-overrides.yaml | 0 .../libvirt/kustomization.yaml | 0 .../mariadb-cluster/aio/kustomization.yaml | 0 .../mariadb-cluster/base/kustomization.yaml | 0 .../mariadb-cluster/base/mariadb-backup.yaml | 0 .../base/mariadb-configmap.yaml | 0 .../base/mariadb-replication.yaml | 0 .../mariadb-operator/kustomization.yaml | 0 .../mariadb-operator/ns-mariadb.yaml | 0 .../memcached/aio/kustomization.yaml | 0 .../base-monitoring/kustomization.yaml | 0 .../memcached/base/kustomization.yaml | 0 .../neutron/aio/kustomization.yaml | 0 .../neutron/base/hpa-neutron-server.yaml | 0 .../neutron/base/kustomization.yaml | 0 .../base/neutron-mariadb-database.yaml | 0 .../neutron/base/neutron-rabbitmq-queue.yaml | 0 .../neutron/letsencrypt/kustomization.yaml | 0 .../nova/aio/kustomization.yaml | 0 .../nova/base/hpa-nova-api-metadata.yaml | 0 .../nova/base/hpa-nova-api-osapi.yaml | 0 .../nova/base/hpa-nova-conductor.yaml | 0 .../nova/base/hpa-nova-novncproxy.yaml | 0 .../nova/base/hpa-nova-scheduler.yaml | 0 .../nova/base/kustomization.yaml | 0 .../nova/base/nova-mariadb-database.yaml | 0 .../nova/base/nova-rabbitmq-queue.yaml | 0 .../nova/letsencrypt/kustomization.yaml | 0 .../octavia/aio/kustomization.yaml | 0 .../octavia/base/hpa-octavia-api.yaml | 0 .../octavia/base/hpa-octavia-worker.yaml | 0 .../octavia/base/kustomization.yaml | 0 .../octavia/base/octavia-agent.yaml | 0 .../base/octavia-mariadb-database.yaml | 0 .../octavia/base/octavia-rabbitmq-queue.yaml | 0 .../octavia/letsencrypt/kustomization.yaml | 0 .../issuer-kube-system-selfsigned.yaml | 0 .../openstack/kustomization.yaml | 0 .../openstack/ns-openstack.yaml | 0 .../ovn/kustomization.yaml | 0 .../ovn/ovn-backup/kustomization.yaml | 0 .../ovn/ovn-backup/ovn-backup.config | 0 .../ovn/ovn-backup/ovn-backup.sh | 0 .../ovn/ovn-backup/ovn-backup.yaml | 0 .../ovn/ovn-backup/swift-tempauth.env | 0 .../ovn/ovn-setup.yaml | 0 .../placement/aio/kustomization.yaml | 0 .../placement/base/hpa-placement-api.yaml | 0 .../placement/base/kustomization.yaml | 0 .../base/placement-mariadb-database.yaml | 0 .../placement/letsencrypt/kustomization.yaml | 0 .../kustomization.yaml | 0 .../probe_targets.yaml | 0 .../prometheus-blackbox-exporter/values.yaml | 0 .../kustomization.yaml | 0 .../monitoring_user_create.yaml | 0 .../monitoring_user_grant.yaml | 0 .../prometheus-mysql-exporter/values.yaml | 0 .../prometheus-ovn/cni-monitor.yaml | 0 .../prometheus-ovn/controller-monitor.yaml | 0 .../prometheus-ovn/ovn-monitor.yaml | 0 .../prometheus-ovn/pinger-monitor.yaml | 0 .../kustomization.yaml | 0 .../prometheus-postgres-exporter/values.yaml | 0 .../kustomization.yaml | 0 .../prometheus-rabbitmq-exporter/values.yaml | 0 .../prometheus/alerting_rules.yaml | 0 .../prometheus/alertmanager_config.yaml | 0 .../prometheus/kustomization.yaml | 0 .../prometheus/ns-prometheus.yaml | 0 .../prometheus/values.yaml | 0 .../rabbitmq-cluster/aio/kustomization.yaml | 0 .../rabbitmq-cluster/base/kustomization.yaml | 0 .../base/rabbitmq-cluster.yaml | 0 .../rabbitmq-operator/cluster-operator.yaml | 0 .../rabbitmq-operator/kustomization.yaml | 0 .../kustomization.yaml | 0 ...ng-topology-operator-with-certmanager.yaml | 0 .../cluster-on-pvc.yaml | 0 .../kustomization.yaml | 0 .../rook-cluster-external-pvc/toolbox.yaml | 0 .../rook-cluster/kustomization.yaml | 0 .../rook-cluster/rook-cluster.yaml | 0 .../rook-cluster/toolbox.yaml | 0 .../filesystem.yaml | 0 .../kustomization.yaml | 0 .../storageclass-cephfs.yaml | 0 .../rook-defaults/filesystem.yaml | 0 .../rook-defaults/kustomization.yaml | 0 .../rook-defaults/storageclass-cephfs.yaml | 0 .../rook-defaults/storageclass-general.yaml | 0 .../rook-defaults/storageclass-rbd.yaml | 0 .../rook-operator/common.yaml | 0 .../rook-operator/crds.yaml | 0 .../rook-operator/kustomization.yaml | 0 .../rook-operator/operator.yaml | 0 .../sealed-secrets/base/kustomization.yaml | 0 .../sealed-secrets/base/namespace.yaml | 0 .../sealed-secrets/base/values.yaml | 0 .../skyline/aio/kustomization.yaml | 0 .../skyline/base/configmap-bin.yaml | 0 .../skyline/base/deployment-apiserver.yaml | 0 .../skyline/base/hpa-skyline-apiserver.yaml | 0 .../skyline/base/ingress-apiserver.yaml | 0 .../skyline/base/kustomization.yaml | 0 .../skyline/base/pdb-apiserver.yaml | 0 .../skyline/base/services.yaml | 0 .../base/skyline-mariadb-database.yaml | 0 .../skyline/fqdn/kustomization.yaml | 0 .../skyline/letsencrypt/kustomization.yaml | 0 .../topolvm/general/kustomization.yaml | 0 .../topolvm/general/ns-topolvm.yaml | 0 .../base/kustomization.yaml | 0 .../base/namespace.yaml | 0 .../vault-secrets-operator/base/values.yaml | 0 .../vault/base/kustomization.yaml | 0 .../base/local_storage/kustomization.yaml | 0 .../vault/base/local_storage/local_sc.yaml | 0 .../vault/base/local_storage/vault-dwpp.yaml | 0 .../vault/base/local_storage/vault-fezz.yaml | 0 .../vault/base/local_storage/vault-hprr.yaml | 0 .../vault/base/local_storage/vault-jyff.yaml | 0 .../vault/base/local_storage/vault-ktpw.yaml | 0 .../vault/base/local_storage/vault-uqhy.yaml | 0 .../vault/base/namespace.yaml | 0 .../vault/base/ssl/kustomization.yaml | 0 .../vault/base/ssl/vault-ca-issuer.yaml | 0 .../vault/base/ssl/vault-cert.yaml | 0 .../vault/base/ssl/vault-selfsigned-ca.yaml | 0 .../base/ssl/vault-selfsigned-issuer.yaml | 0 .../vault/base/values.yaml | 0 253 files changed, 865 insertions(+), 28 deletions(-) rename bootstrap.sh => bin/bootstrap.sh (92%) create mode 100755 bin/create-secrets.sh create mode 100755 bin/install-ceilometer.sh create mode 100755 bin/install-cinder.sh create mode 100755 bin/install-glance.sh create mode 100755 bin/install-gnocchi.sh create mode 100755 bin/install-heat.sh create mode 100755 bin/install-keystone.sh create mode 100755 bin/install-neutron.sh create mode 100755 bin/install-nova.sh create mode 100755 bin/install-octavia.sh create mode 100755 bin/install-placement.sh create mode 100755 bin/install-postgresql.sh create mode 100755 bin/install-skyline.sh create mode 100755 bin/label-nodes.sh create mode 100755 bin/setup-hosts.sh create mode 100755 bin/setup-openstack.sh rename {helm-configs => helm-configs.example}/aio-example-openstack-overrides.yaml (100%) rename {helm-configs => helm-configs.example}/ceilometer/ceilometer-helm-overrides.yaml (100%) rename {helm-configs => helm-configs.example}/cinder/cinder-helm-overrides.yaml (100%) rename {helm-configs => helm-configs.example}/designate/designate-helm-overrides.yaml (100%) rename {helm-configs => helm-configs.example}/fluentbit/README.md (100%) rename {helm-configs => helm-configs.example}/fluentbit/fluentbit-helm-overrides.yaml (100%) rename {helm-configs => helm-configs.example}/glance/glance-helm-overrides.yaml (100%) rename {helm-configs => helm-configs.example}/gnocchi/gnocchi-helm-overrides.yaml (100%) rename {helm-configs => helm-configs.example}/grafana/README.md (100%) rename {helm-configs => helm-configs.example}/grafana/datasources.yaml (100%) rename {helm-configs => helm-configs.example}/grafana/overrides.yaml (100%) rename {helm-configs => helm-configs.example}/heat/heat-helm-overrides.yaml (100%) rename {helm-configs => helm-configs.example}/horizon/horizon-helm-overrides.yaml (100%) rename {helm-configs => helm-configs.example}/keystone/keystone-helm-overrides.yaml (100%) rename {helm-configs => helm-configs.example}/loki/loki-helm-minio-overrides-example.yaml (100%) rename {helm-configs => helm-configs.example}/loki/loki-helm-s3-overrides-example.yaml (100%) rename {helm-configs => helm-configs.example}/loki/loki-helm-swift-overrides-example.yaml (100%) rename {helm-configs => helm-configs.example}/monitoring/openstack-metrics-exporter/clouds-yaml (100%) rename {helm-configs => helm-configs.example}/monitoring/openstack-metrics-exporter/openstack-metrics-exporter-helm-overrides.yaml (100%) rename {helm-configs => helm-configs.example}/neutron/neutron-helm-overrides.yaml (100%) rename {helm-configs => helm-configs.example}/nginx-gateway-fabric/helm-overrides.yaml (100%) rename {helm-configs => helm-configs.example}/nova/nova-helm-overrides.yaml (100%) rename {helm-configs => helm-configs.example}/octavia/octavia-helm-overrides.yaml (100%) rename {helm-configs => helm-configs.example}/osie/osie-helm-overrides.yaml (100%) rename {helm-configs => helm-configs.example}/placement/placement-helm-overrides.yaml (100%) rename {helm-configs => helm-configs.example}/postgresql/postgresql-helm-overrides.yaml (100%) rename {helm-configs => helm-configs.example}/prod-example-openstack-overrides.yaml (100%) rename {kustomize => kustomize.example}/argocd/base/kustomization.yaml (100%) rename {kustomize => kustomize.example}/argocd/base/namespace.yaml (100%) rename {kustomize => kustomize.example}/argocd/base/values.yaml (100%) rename {kustomize => kustomize.example}/backups/etcd/etcd-backup.yaml (100%) rename {kustomize => kustomize.example}/backups/etcd/kustomization.yaml (100%) rename {kustomize => kustomize.example}/cinder/aio/kustomization.yaml (100%) rename {kustomize => kustomize.example}/cinder/base/cinder-mariadb-database.yaml (100%) rename {kustomize => kustomize.example}/cinder/base/cinder-rabbitmq-queue.yaml (100%) rename {kustomize => kustomize.example}/cinder/base/hpa-cinder-api.yaml (100%) rename {kustomize => kustomize.example}/cinder/base/hpa-cinder-scheduler.yaml (100%) rename {kustomize => kustomize.example}/cinder/base/kustomization.yaml (100%) rename {kustomize => kustomize.example}/cinder/letsencrypt/kustomization.yaml (100%) rename {kustomize => kustomize.example}/designate/aio/kustomization.yaml (100%) rename {kustomize => kustomize.example}/designate/base/designate-mariadb-database.yaml (100%) rename {kustomize => kustomize.example}/designate/base/designate-rabbitmq-queue.yaml (100%) rename {kustomize => kustomize.example}/designate/base/hpa-designate-api.yaml (100%) rename {kustomize => kustomize.example}/designate/base/kustomization.yaml (100%) rename {kustomize => kustomize.example}/designate/letsencrypt/kustomization.yaml (100%) rename {kustomize => kustomize.example}/gateway/alertmanager-routes.yaml (100%) rename {kustomize => kustomize.example}/gateway/internal-gateway-api.yaml (100%) rename {kustomize => kustomize.example}/gateway/kustomization.yaml (100%) rename {kustomize => kustomize.example}/gateway/prometheus-routes.yaml (100%) rename {kustomize => kustomize.example}/glance/aio/kustomization.yaml (100%) rename {kustomize => kustomize.example}/glance/base/glance-mariadb-database.yaml (100%) rename {kustomize => kustomize.example}/glance/base/glance-rabbitmq-queue.yaml (100%) rename {kustomize => kustomize.example}/glance/base/hpa-glance-api.yaml (100%) rename {kustomize => kustomize.example}/glance/base/kustomization.yaml (100%) rename {kustomize => kustomize.example}/glance/letsencrypt/kustomization.yaml (100%) rename {kustomize => kustomize.example}/gnocchi/base/configmap-bin.yaml (100%) rename {kustomize => kustomize.example}/gnocchi/base/gnocchi-temp-keyring.yaml (100%) rename {kustomize => kustomize.example}/gnocchi/base/kustomization.yaml (100%) rename {kustomize => kustomize.example}/grafana/base/azure-client-secret.yaml (100%) rename {kustomize => kustomize.example}/grafana/base/datasources.yaml (100%) rename {kustomize => kustomize.example}/grafana/base/example-cert.pem (100%) rename {kustomize => kustomize.example}/grafana/base/example-key.pem (100%) rename {kustomize => kustomize.example}/grafana/base/grafana-database.yaml (100%) rename {kustomize => kustomize.example}/grafana/base/grafana-values.yaml (100%) rename {kustomize => kustomize.example}/grafana/base/kustomization.yaml (100%) rename {kustomize => kustomize.example}/grafana/base/ns-grafana.yaml (100%) rename {kustomize => kustomize.example}/heat/aio/kustomization.yaml (100%) rename {kustomize => kustomize.example}/heat/base/heat-mariadb-database.yaml (100%) rename {kustomize => kustomize.example}/heat/base/heat-rabbitmq-queue.yaml (100%) rename {kustomize => kustomize.example}/heat/base/hpa-heat-api.yaml (100%) rename {kustomize => kustomize.example}/heat/base/hpa-heat-cfn.yaml (100%) rename {kustomize => kustomize.example}/heat/base/hpa-heat-engine.yaml (100%) rename {kustomize => kustomize.example}/heat/base/kustomization.yaml (100%) rename {kustomize => kustomize.example}/heat/letsencrypt/kustomization.yaml (100%) rename {kustomize => kustomize.example}/horizon/aio/kustomization.yaml (100%) rename {kustomize => kustomize.example}/horizon/base/horizon-mariadb-database.yaml (100%) rename {kustomize => kustomize.example}/horizon/base/hpa-horizon-api.yaml (100%) rename {kustomize => kustomize.example}/horizon/base/kustomization.yaml (100%) rename {kustomize => kustomize.example}/horizon/letsencrypt/kustomization.yaml (100%) rename {kustomize => kustomize.example}/ingress/external/helm/ingress-helm-overrides.yaml (100%) rename {kustomize => kustomize.example}/ingress/external/kustomization.yaml (100%) rename {kustomize => kustomize.example}/ingress/external/ns-ingress-nginx.yaml (100%) rename {kustomize => kustomize.example}/ingress/internal/helm/ingress-helm-overrides.yaml (100%) rename {kustomize => kustomize.example}/ingress/internal/kustomization.yaml (100%) rename {kustomize => kustomize.example}/k8s-dashboard/dashboard-rbac-default.yaml (100%) rename {kustomize => kustomize.example}/k8s-dashboard/kustomization.yaml (100%) rename {kustomize => kustomize.example}/keystone/aio/kustomization.yaml (100%) rename {kustomize => kustomize.example}/keystone/base/hpa-keystone-api.yaml (100%) rename {kustomize => kustomize.example}/keystone/base/keystone-mariadb-database.yaml (100%) rename {kustomize => kustomize.example}/keystone/base/keystone-rabbitmq-queue.yaml (100%) rename {kustomize => kustomize.example}/keystone/base/kustomization.yaml (100%) rename {kustomize => kustomize.example}/keystone/letsencrypt/kustomization.yaml (100%) rename {kustomize => kustomize.example}/kustomize.sh (100%) rename {kustomize => kustomize.example}/libvirt/helm/libvirt-helm-overrides.yaml (100%) rename {kustomize => kustomize.example}/libvirt/kustomization.yaml (100%) rename {kustomize => kustomize.example}/mariadb-cluster/aio/kustomization.yaml (100%) rename {kustomize => kustomize.example}/mariadb-cluster/base/kustomization.yaml (100%) rename {kustomize => kustomize.example}/mariadb-cluster/base/mariadb-backup.yaml (100%) rename {kustomize => kustomize.example}/mariadb-cluster/base/mariadb-configmap.yaml (100%) rename {kustomize => kustomize.example}/mariadb-cluster/base/mariadb-replication.yaml (100%) rename {kustomize => kustomize.example}/mariadb-operator/kustomization.yaml (100%) rename {kustomize => kustomize.example}/mariadb-operator/ns-mariadb.yaml (100%) rename {kustomize => kustomize.example}/memcached/aio/kustomization.yaml (100%) rename {kustomize => kustomize.example}/memcached/base-monitoring/kustomization.yaml (100%) rename {kustomize => kustomize.example}/memcached/base/kustomization.yaml (100%) rename {kustomize => kustomize.example}/neutron/aio/kustomization.yaml (100%) rename {kustomize => kustomize.example}/neutron/base/hpa-neutron-server.yaml (100%) rename {kustomize => kustomize.example}/neutron/base/kustomization.yaml (100%) rename {kustomize => kustomize.example}/neutron/base/neutron-mariadb-database.yaml (100%) rename {kustomize => kustomize.example}/neutron/base/neutron-rabbitmq-queue.yaml (100%) rename {kustomize => kustomize.example}/neutron/letsencrypt/kustomization.yaml (100%) rename {kustomize => kustomize.example}/nova/aio/kustomization.yaml (100%) rename {kustomize => kustomize.example}/nova/base/hpa-nova-api-metadata.yaml (100%) rename {kustomize => kustomize.example}/nova/base/hpa-nova-api-osapi.yaml (100%) rename {kustomize => kustomize.example}/nova/base/hpa-nova-conductor.yaml (100%) rename {kustomize => kustomize.example}/nova/base/hpa-nova-novncproxy.yaml (100%) rename {kustomize => kustomize.example}/nova/base/hpa-nova-scheduler.yaml (100%) rename {kustomize => kustomize.example}/nova/base/kustomization.yaml (100%) rename {kustomize => kustomize.example}/nova/base/nova-mariadb-database.yaml (100%) rename {kustomize => kustomize.example}/nova/base/nova-rabbitmq-queue.yaml (100%) rename {kustomize => kustomize.example}/nova/letsencrypt/kustomization.yaml (100%) rename {kustomize => kustomize.example}/octavia/aio/kustomization.yaml (100%) rename {kustomize => kustomize.example}/octavia/base/hpa-octavia-api.yaml (100%) rename {kustomize => kustomize.example}/octavia/base/hpa-octavia-worker.yaml (100%) rename {kustomize => kustomize.example}/octavia/base/kustomization.yaml (100%) rename {kustomize => kustomize.example}/octavia/base/octavia-agent.yaml (100%) rename {kustomize => kustomize.example}/octavia/base/octavia-mariadb-database.yaml (100%) rename {kustomize => kustomize.example}/octavia/base/octavia-rabbitmq-queue.yaml (100%) rename {kustomize => kustomize.example}/octavia/letsencrypt/kustomization.yaml (100%) rename {kustomize => kustomize.example}/openstack/issuer-kube-system-selfsigned.yaml (100%) rename {kustomize => kustomize.example}/openstack/kustomization.yaml (100%) rename {kustomize => kustomize.example}/openstack/ns-openstack.yaml (100%) rename {kustomize => kustomize.example}/ovn/kustomization.yaml (100%) rename {kustomize => kustomize.example}/ovn/ovn-backup/kustomization.yaml (100%) rename {kustomize => kustomize.example}/ovn/ovn-backup/ovn-backup.config (100%) rename {kustomize => kustomize.example}/ovn/ovn-backup/ovn-backup.sh (100%) rename {kustomize => kustomize.example}/ovn/ovn-backup/ovn-backup.yaml (100%) rename {kustomize => kustomize.example}/ovn/ovn-backup/swift-tempauth.env (100%) rename {kustomize => kustomize.example}/ovn/ovn-setup.yaml (100%) rename {kustomize => kustomize.example}/placement/aio/kustomization.yaml (100%) rename {kustomize => kustomize.example}/placement/base/hpa-placement-api.yaml (100%) rename {kustomize => kustomize.example}/placement/base/kustomization.yaml (100%) rename {kustomize => kustomize.example}/placement/base/placement-mariadb-database.yaml (100%) rename {kustomize => kustomize.example}/placement/letsencrypt/kustomization.yaml (100%) rename {kustomize => kustomize.example}/prometheus-blackbox-exporter/kustomization.yaml (100%) rename {kustomize => kustomize.example}/prometheus-blackbox-exporter/probe_targets.yaml (100%) rename {kustomize => kustomize.example}/prometheus-blackbox-exporter/values.yaml (100%) rename {kustomize => kustomize.example}/prometheus-mysql-exporter/kustomization.yaml (100%) rename {kustomize => kustomize.example}/prometheus-mysql-exporter/monitoring_user_create.yaml (100%) rename {kustomize => kustomize.example}/prometheus-mysql-exporter/monitoring_user_grant.yaml (100%) rename {kustomize => kustomize.example}/prometheus-mysql-exporter/values.yaml (100%) rename {kustomize => kustomize.example}/prometheus-ovn/cni-monitor.yaml (100%) rename {kustomize => kustomize.example}/prometheus-ovn/controller-monitor.yaml (100%) rename {kustomize => kustomize.example}/prometheus-ovn/ovn-monitor.yaml (100%) rename {kustomize => kustomize.example}/prometheus-ovn/pinger-monitor.yaml (100%) rename {kustomize => kustomize.example}/prometheus-postgres-exporter/kustomization.yaml (100%) rename {kustomize => kustomize.example}/prometheus-postgres-exporter/values.yaml (100%) rename {kustomize => kustomize.example}/prometheus-rabbitmq-exporter/kustomization.yaml (100%) rename {kustomize => kustomize.example}/prometheus-rabbitmq-exporter/values.yaml (100%) rename {kustomize => kustomize.example}/prometheus/alerting_rules.yaml (100%) rename {kustomize => kustomize.example}/prometheus/alertmanager_config.yaml (100%) rename {kustomize => kustomize.example}/prometheus/kustomization.yaml (100%) rename {kustomize => kustomize.example}/prometheus/ns-prometheus.yaml (100%) rename {kustomize => kustomize.example}/prometheus/values.yaml (100%) rename {kustomize => kustomize.example}/rabbitmq-cluster/aio/kustomization.yaml (100%) rename {kustomize => kustomize.example}/rabbitmq-cluster/base/kustomization.yaml (100%) rename {kustomize => kustomize.example}/rabbitmq-cluster/base/rabbitmq-cluster.yaml (100%) rename {kustomize => kustomize.example}/rabbitmq-operator/cluster-operator.yaml (100%) rename {kustomize => kustomize.example}/rabbitmq-operator/kustomization.yaml (100%) rename {kustomize => kustomize.example}/rabbitmq-topology-operator/kustomization.yaml (100%) rename {kustomize => kustomize.example}/rabbitmq-topology-operator/messaging-topology-operator-with-certmanager.yaml (100%) rename {kustomize => kustomize.example}/rook-cluster-external-pvc/cluster-on-pvc.yaml (100%) rename {kustomize => kustomize.example}/rook-cluster-external-pvc/kustomization.yaml (100%) rename {kustomize => kustomize.example}/rook-cluster-external-pvc/toolbox.yaml (100%) rename {kustomize => kustomize.example}/rook-cluster/kustomization.yaml (100%) rename {kustomize => kustomize.example}/rook-cluster/rook-cluster.yaml (100%) rename {kustomize => kustomize.example}/rook-cluster/toolbox.yaml (100%) rename {kustomize => kustomize.example}/rook-defaults-external-pvc/filesystem.yaml (100%) rename {kustomize => kustomize.example}/rook-defaults-external-pvc/kustomization.yaml (100%) rename {kustomize => kustomize.example}/rook-defaults-external-pvc/storageclass-cephfs.yaml (100%) rename {kustomize => kustomize.example}/rook-defaults/filesystem.yaml (100%) rename {kustomize => kustomize.example}/rook-defaults/kustomization.yaml (100%) rename {kustomize => kustomize.example}/rook-defaults/storageclass-cephfs.yaml (100%) rename {kustomize => kustomize.example}/rook-defaults/storageclass-general.yaml (100%) rename {kustomize => kustomize.example}/rook-defaults/storageclass-rbd.yaml (100%) rename {kustomize => kustomize.example}/rook-operator/common.yaml (100%) rename {kustomize => kustomize.example}/rook-operator/crds.yaml (100%) rename {kustomize => kustomize.example}/rook-operator/kustomization.yaml (100%) rename {kustomize => kustomize.example}/rook-operator/operator.yaml (100%) rename {kustomize => kustomize.example}/sealed-secrets/base/kustomization.yaml (100%) rename {kustomize => kustomize.example}/sealed-secrets/base/namespace.yaml (100%) rename {kustomize => kustomize.example}/sealed-secrets/base/values.yaml (100%) rename {kustomize => kustomize.example}/skyline/aio/kustomization.yaml (100%) rename {kustomize => kustomize.example}/skyline/base/configmap-bin.yaml (100%) rename {kustomize => kustomize.example}/skyline/base/deployment-apiserver.yaml (100%) rename {kustomize => kustomize.example}/skyline/base/hpa-skyline-apiserver.yaml (100%) rename {kustomize => kustomize.example}/skyline/base/ingress-apiserver.yaml (100%) rename {kustomize => kustomize.example}/skyline/base/kustomization.yaml (100%) rename {kustomize => kustomize.example}/skyline/base/pdb-apiserver.yaml (100%) rename {kustomize => kustomize.example}/skyline/base/services.yaml (100%) rename {kustomize => kustomize.example}/skyline/base/skyline-mariadb-database.yaml (100%) rename {kustomize => kustomize.example}/skyline/fqdn/kustomization.yaml (100%) rename {kustomize => kustomize.example}/skyline/letsencrypt/kustomization.yaml (100%) rename {kustomize => kustomize.example}/topolvm/general/kustomization.yaml (100%) rename {kustomize => kustomize.example}/topolvm/general/ns-topolvm.yaml (100%) rename {kustomize => kustomize.example}/vault-secrets-operator/base/kustomization.yaml (100%) rename {kustomize => kustomize.example}/vault-secrets-operator/base/namespace.yaml (100%) rename {kustomize => kustomize.example}/vault-secrets-operator/base/values.yaml (100%) rename {kustomize => kustomize.example}/vault/base/kustomization.yaml (100%) rename {kustomize => kustomize.example}/vault/base/local_storage/kustomization.yaml (100%) rename {kustomize => kustomize.example}/vault/base/local_storage/local_sc.yaml (100%) rename {kustomize => kustomize.example}/vault/base/local_storage/vault-dwpp.yaml (100%) rename {kustomize => kustomize.example}/vault/base/local_storage/vault-fezz.yaml (100%) rename {kustomize => kustomize.example}/vault/base/local_storage/vault-hprr.yaml (100%) rename {kustomize => kustomize.example}/vault/base/local_storage/vault-jyff.yaml (100%) rename {kustomize => kustomize.example}/vault/base/local_storage/vault-ktpw.yaml (100%) rename {kustomize => kustomize.example}/vault/base/local_storage/vault-uqhy.yaml (100%) rename {kustomize => kustomize.example}/vault/base/namespace.yaml (100%) rename {kustomize => kustomize.example}/vault/base/ssl/kustomization.yaml (100%) rename {kustomize => kustomize.example}/vault/base/ssl/vault-ca-issuer.yaml (100%) rename {kustomize => kustomize.example}/vault/base/ssl/vault-cert.yaml (100%) rename {kustomize => kustomize.example}/vault/base/ssl/vault-selfsigned-ca.yaml (100%) rename {kustomize => kustomize.example}/vault/base/ssl/vault-selfsigned-issuer.yaml (100%) rename {kustomize => kustomize.example}/vault/base/values.yaml (100%) diff --git a/bootstrap.sh b/bin/bootstrap.sh similarity index 92% rename from bootstrap.sh rename to bin/bootstrap.sh index bbf34e22..30649014 100755 --- a/bootstrap.sh +++ b/bin/bootstrap.sh @@ -56,6 +56,12 @@ test -L $GENESTACK_CONFIG 2>&1 || mkdir -p ${GENESTACK_CONFIG} test -f $GENESTACK_CONFIG/provider || echo ${K8S_PROVIDER} > ${GENESTACK_CONFIG}/provider test -f $GENESTACK_CONFIG/product || echo ${GENESTACK_PRODUCT} > ${GENESTACK_CONFIG}/product mkdir -p $GENESTACK_CONFIG/inventory/group_vars ${GENESTACK_CONFIG}/inventory/credentials +if [ ! -d "/etc/genestack/helm-configs" ]; then + cp -r /opt/genestack/helm-configs.example /etc/genestack/helm-configs +fi +if [ ! -d "/etc/genestack/kustomize" ]; then + cp -r /opt/genestack/kustomize.example /etc/genestack/kustomize +fi # Copy default k8s config test -d "ansible/inventory/${GENESTACK_PRODUCT}" || error "Product Config ${GENESTACK_PRODUCT} does not exist here" diff --git a/bin/create-secrets.sh b/bin/create-secrets.sh new file mode 100755 index 00000000..a0c38c6a --- /dev/null +++ b/bin/create-secrets.sh @@ -0,0 +1,495 @@ +#!/bin/bash + +generate_password() { + < /dev/urandom tr -dc _A-Za-z0-9 | head -c${1:-32} +} + +mariadb_root_password=$(generate_password 32) +mariadb_password=$(generate_password 32) +keystone_rabbitmq_password=$(generate_password 64) +keystone_db_password=$(generate_password 32) +keystone_admin_password=$(generate_password 32) +keystone_credential_keys_password=$(generate_password 32) +glance_rabbitmq_password=$(generate_password 64) +glance_db_password=$(generate_password 32) +glance_admin_password=$(generate_password 32) +heat_rabbitmq_password=$(generate_password 64) +heat_db_password=$(generate_password 32) +heat_admin_password=$(generate_password 32) +heat_trustee_password=$(generate_password 32) +heat_stack_user_password=$(generate_password 32) +cinder_rabbitmq_password=$(generate_password 64) +cinder_db_password=$(generate_password 32) +cinder_admin_password=$(generate_password 32) +metadata_shared_secret_password=$(generate_password 32) +placement_db_password=$(generate_password 32) +placement_admin_password=$(generate_password 32) +nova_db_password=$(generate_password 32) +nova_admin_password=$(generate_password 32) +nova_rabbitmq_password=$(generate_password 64) +nova_ssh_public_key=$(ssh-keygen -qt ed25519 -N '' -C "nova_ssh" -f nova_ssh_key && cat nova_ssh_key.pub) +nova_ssh_private_key=$(cat nova_ssh_key) +ironic_admin_password=$(generate_password 32) +designate_admin_password=$(generate_password 32) +neutron_rabbitmq_password=$(generate_password 64) +neutron_db_password=$(generate_password 32) +neutron_admin_password=$(generate_password 32) +horizon_secret_key_password=$(generate_password 64) +horizon_db_password=$(generate_password 32) +skyline_service_password=$(generate_password 32) +skyline_db_password=$(generate_password 32) +skyline_secret_key_password=$(generate_password 32) +octavia_rabbitmq_password=$(generate_password 64) +octavia_db_password=$(generate_password 32) +octavia_admin_password=$(generate_password 32) +octavia_certificates_password=$(generate_password 32) +postgresql_identity_admin_password=$(generate_password 32) +postgresql_db_admin_password=$(generate_password 32) +postgresql_db_exporter_password=$(generate_password 32) +postgresql_db_audit_password=$(generate_password 32) +gnocchi_admin_password=$(generate_password 32) +gnocchi_db_password=$(generate_password 32) +gnocchi_pgsql_password=$(generate_password 32) +ceilometer_keystone_admin_password=$(generate_password 32) +ceilometer_keystone_test_password=$(generate_password 32) +ceilometer_rabbitmq_password=$(generate_password 32) + +OUTPUT_FILE="/etc/genestack/secrets.yaml" + +cat < $OUTPUT_FILE +apiVersion: v1 +kind: Secret +metadata: + name: mariadb + namespace: openstack +type: Opaque +data: + root-password: $(echo -n $mariadb_root_password | base64) + password: $(echo -n $mariadb_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: keystone-rabbitmq-password + namespace: openstack +type: Opaque +data: + username: $(echo -n "keystone" | base64) + password: $(echo -n $keystone_rabbitmq_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: keystone-db-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $keystone_db_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: keystone-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $keystone_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: keystone-credential-keys + namespace: openstack +type: Opaque +data: + password: $(echo -n $keystone_credential_keys_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: glance-rabbitmq-password + namespace: openstack +type: Opaque +data: + username: $(echo -n "glance" | base64) + password: $(echo -n $glance_rabbitmq_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: glance-db-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $glance_db_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: glance-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $glance_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: heat-rabbitmq-password + namespace: openstack +type: Opaque +data: + username: $(echo -n "heat" | base64) + password: $(echo -n $heat_rabbitmq_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: heat-db-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $heat_db_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: heat-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $heat_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: heat-trustee + namespace: openstack +type: Opaque +data: + password: $(echo -n $heat_trustee_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: heat-stack-user + namespace: openstack +type: Opaque +data: + password: $(echo -n $heat_stack_user_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: cinder-rabbitmq-password + namespace: openstack +type: Opaque +data: + username: $(echo -n "cinder" | base64) + password: $(echo -n $cinder_rabbitmq_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: cinder-db-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $cinder_db_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: cinder-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $cinder_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: metadata-shared-secret + namespace: openstack +type: Opaque +data: + password: $(echo -n $metadata_shared_secret_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: placement-db-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $placement_db_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: placement-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $placement_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: nova-db-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $nova_db_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: nova-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $nova_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: nova-rabbitmq-password + namespace: openstack +type: Opaque +data: + username: $(echo -n "nova" | base64) + password: $(echo -n $nova_rabbitmq_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: nova-ssh-keypair + namespace: openstack +type: Opaque +data: + public_key: $(echo -n $nova_ssh_public_key | base64) + private_key: $(echo -n $nova_ssh_private_key | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: ironic-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $ironic_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: designate-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $designate_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: neutron-rabbitmq-password + namespace: openstack +type: Opaque +data: + username: $(echo -n "neutron" | base64) + password: $(echo -n $neutron_rabbitmq_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: neutron-db-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $neutron_db_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: neutron-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $neutron_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: horizon-secrete-key + namespace: openstack +type: Opaque +data: + username: $(echo -n "horizon" | base64) + password: $(echo -n $horizon_secret_key_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: horizon-db-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $horizon_db_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: skyline-apiserver-secrets + namespace: openstack +type: Opaque +data: + service-username: $(echo -n "skyline" | base64) + service-password: $(echo -n $skyline_service_password | base64) + service-domain: $(echo -n "service" | base64) + service-project: $(echo -n "service" | base64) + service-project-domain: $(echo -n "service" | base64) + db-endpoint: $(echo -n "mariadb-cluster-primary.openstack.svc.cluster.local" | base64) + db-name: $(echo -n "skyline" | base64) + db-username: $(echo -n "skyline" | base64) + db-password: $(echo -n $skyline_db_password | base64) + secret-key: $(echo -n $skyline_secret_key_password | base64) + keystone-endpoint: $(echo -n $keystone_admin_password | base64) # Using the generated keystone-keystone-admin password + keystone-username: $(echo -n "skyline" | base64) + default-region: $(echo -n "RegionOne" | base64) + prometheus_basic_auth_password: $(echo -n "" | base64) + prometheus_basic_auth_user: $(echo -n "" | base64) + prometheus_enable_basic_auth: $(echo -n "false" | base64) + prometheus_endpoint: $(echo -n "http://kube-prometheus-stack-prometheus.prometheus.svc.cluster.local:9090" | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: octavia-rabbitmq-password + namespace: openstack +type: Opaque +data: + username: $(echo -n "octavia" | base64) + password: $(echo -n $octavia_rabbitmq_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: octavia-db-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $octavia_db_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: octavia-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $octavia_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: octavia-certificates + namespace: openstack +type: Opaque +data: + password: $(echo -n $octavia_certificates_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: postgresql-identity-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $postgresql_identity_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: postgresql-db-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $postgresql_db_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: postgresql-db-exporter + namespace: openstack +type: Opaque +data: + password: $(echo -n $postgresql_db_exporter_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: postgresql-db-audit + namespace: openstack +type: Opaque +data: + password: $(echo -n $postgresql_db_audit_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: gnocchi-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $gnocchi_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: gnocchi-db-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $gnocchi_db_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: gnocchi-pgsql-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $gnocchi_pgsql_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: ceilometer-keystone-admin-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $ceilometer_keystone_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: ceilometer-keystone-test-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $ceilometer_keystone_test_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: ceilometer-rabbitmq-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $ceilometer_rabbitmq_password | base64) +EOF + +rm nova_ssh_key nova_ssh_key.pub + +echo "Secrets YAML file created as ${OUTPUT_FILE}" + diff --git a/bin/install-ceilometer.sh b/bin/install-ceilometer.sh new file mode 100755 index 00000000..af432a7c --- /dev/null +++ b/bin/install-ceilometer.sh @@ -0,0 +1,23 @@ +#!/bin/bash +cd /opt/genestack/submodules/openstack-helm +helm upgrade --install ceilometer ./ceilometer \ + --namespace=openstack \ + --wait \ + --timeout 10m \ + -f /etc/genestack/helm-configs/ceilometer/ceilometer-helm-overrides.yaml \ + --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.ceilometer.password="$(kubectl --namespace openstack get secret ceilometer-keystone-admin-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.test.password="$(kubectl --namespace openstack get secret ceilometer-keystone-test-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_messaging.auth.admin.username="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.username}' | base64 -d)" \ + --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_messaging.auth.ceilometer.password="$(kubectl --namespace openstack get secret ceilometer-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.ceilometer.oslo_messaging_notifications.transport_url="\ +rabbit://ceilometer:$(kubectl --namespace openstack get secret ceilometer-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/ceilometer"\ + --set conf.ceilometer.notification.messaging_urls.values="{\ +rabbit://ceilometer:$(kubectl --namespace openstack get secret ceilometer-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/ceilometer,\ +rabbit://cinder:$(kubectl --namespace openstack get secret cinder-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/cinder,\ +rabbit://glance:$(kubectl --namespace openstack get secret glance-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/glance,\ +rabbit://heat:$(kubectl --namespace openstack get secret heat-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/heat,\ +rabbit://keystone:$(kubectl --namespace openstack get secret keystone-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/keystone,\ +rabbit://neutron:$(kubectl --namespace openstack get secret neutron-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/neutron,\ +rabbit://nova:$(kubectl --namespace openstack get secret nova-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/nova}" diff --git a/bin/install-cinder.sh b/bin/install-cinder.sh new file mode 100755 index 00000000..8de6aa4e --- /dev/null +++ b/bin/install-cinder.sh @@ -0,0 +1,18 @@ +#!/bin/bash +cd /opt/genestack/submodules/openstack-helm + +helm upgrade --install heat ./heat \ + --namespace=openstack \ + --timeout 120m \ + -f /etc/genestack/helm-configs/heat/heat-helm-overrides.yaml \ + --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.heat.password="$(kubectl --namespace openstack get secret heat-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.heat_trustee.password="$(kubectl --namespace openstack get secret heat-trustee -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.heat_stack_user.password="$(kubectl --namespace openstack get secret heat-stack-user -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.heat.password="$(kubectl --namespace openstack get secret heat-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.heat.database.slave_connection="mysql+pymysql://heat:$(kubectl --namespace openstack get secret heat-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/heat" \ + --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_messaging.auth.heat.password="$(kubectl --namespace openstack get secret heat-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ + --post-renderer-args heat/base diff --git a/bin/install-glance.sh b/bin/install-glance.sh new file mode 100755 index 00000000..8421090c --- /dev/null +++ b/bin/install-glance.sh @@ -0,0 +1,17 @@ +#!/bin/bash +cd /opt/genestack/submodules/openstack-helm + +helm upgrade --install glance ./glance \ + --namespace=openstack \ + --wait \ + --timeout 120m \ + -f /etc/genestack/helm-configs/glance/glance-helm-overrides.yaml \ + --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.glance.password="$(kubectl --namespace openstack get secret glance-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.glance.password="$(kubectl --namespace openstack get secret glance-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.glance.database.slave_connection="mysql+pymysql://glance:$(kubectl --namespace openstack get secret glance-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/glance" \ + --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_messaging.auth.glance.password="$(kubectl --namespace openstack get secret glance-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ + --post-renderer-args glance/base diff --git a/bin/install-gnocchi.sh b/bin/install-gnocchi.sh new file mode 100755 index 00000000..01c1d15f --- /dev/null +++ b/bin/install-gnocchi.sh @@ -0,0 +1,16 @@ +#!/bin/bash +cd /opt/genestack/submodules/openstack-helm-infra +helm upgrade --install gnocchi ./gnocchi \ + --namespace=openstack \ + --wait \ + --timeout 10m \ + -f /etc/genestack/helm-configs/gnocchi/gnocchi-helm-overrides.yaml \ + --set conf.ceph.admin_keyring="$(kubectl get secret --namespace rook-ceph rook-ceph-admin-keyring -o jsonpath='{.data.keyring}' | base64 -d)" \ + --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.gnocchi.password="$(kubectl --namespace openstack get secret gnocchi-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.gnocchi.password="$(kubectl --namespace openstack get secret gnocchi-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db_postgresql.auth.admin.password="$(kubectl --namespace openstack get secret postgresql-db-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db_postgresql.auth.gnocchi.password="$(kubectl --namespace openstack get secret gnocchi-pgsql-password -o jsonpath='{.data.password}' | base64 -d)" \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ + --post-renderer-args gnocchi/base diff --git a/bin/install-heat.sh b/bin/install-heat.sh new file mode 100755 index 00000000..b4db1cd7 --- /dev/null +++ b/bin/install-heat.sh @@ -0,0 +1,14 @@ +#!/bin/bash +cd /opt/genestack/submodules/openstack-helm + +helm upgrade --install horizon ./horizon \ + --namespace=openstack \ + --wait \ + --timeout 120m \ + -f /etc/genestack/helm-configs/horizon/horizon-helm-overrides.yaml \ + --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.horizon.local_settings.config.horizon_secret_key="$(kubectl --namespace openstack get secret horizon-secrete-key -o jsonpath='{.data.root-password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.horizon.password="$(kubectl --namespace openstack get secret horizon-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ + --post-renderer-args horizon/base diff --git a/bin/install-keystone.sh b/bin/install-keystone.sh new file mode 100755 index 00000000..13e4ca78 --- /dev/null +++ b/bin/install-keystone.sh @@ -0,0 +1,18 @@ +#!/bin/bash +cd /opt/genestack/submodules/openstack-helm + +helm upgrade --install keystone ./keystone \ + --namespace=openstack \ + --wait \ + --timeout 120m \ + -f /etc/genestack/helm-configs/keystone/keystone-helm-overrides.yaml \ + --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.keystone.password="$(kubectl --namespace openstack get secret keystone-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.keystone.database.slave_connection="mysql+pymysql://keystone:$(kubectl --namespace openstack get secret keystone-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/keystone" \ + --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_messaging.auth.keystone.password="$(kubectl --namespace openstack get secret keystone-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ + --post-renderer-args keystone/base + +kubectl --namespace openstack apply -f /opt/genestack/manifests/utils/utils-openstack-client-admin.yaml diff --git a/bin/install-neutron.sh b/bin/install-neutron.sh new file mode 100755 index 00000000..66b09f71 --- /dev/null +++ b/bin/install-neutron.sh @@ -0,0 +1,26 @@ +#!/bin/bash +cd /opt/genestack/submodules/openstack-helm + +helm upgrade --install neutron ./neutron \ + --namespace=openstack \ + --timeout 120m \ + -f /etc/genestack/helm-configs/neutron/neutron-helm-overrides.yaml \ + --set conf.metadata_agent.DEFAULT.metadata_proxy_shared_secret="$(kubectl --namespace openstack get secret metadata-shared-secret -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.ovn_metadata_agent.DEFAULT.metadata_proxy_shared_secret="$(kubectl --namespace openstack get secret metadata-shared-secret -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.neutron.password="$(kubectl --namespace openstack get secret neutron-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.nova.password="$(kubectl --namespace openstack get secret nova-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.placement.password="$(kubectl --namespace openstack get secret placement-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.designate.password="$(kubectl --namespace openstack get secret designate-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.ironic.password="$(kubectl --namespace openstack get secret ironic-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.neutron.password="$(kubectl --namespace openstack get secret neutron-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.neutron.database.slave_connection="mysql+pymysql://neutron:$(kubectl --namespace openstack get secret neutron-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/neutron" \ + --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_messaging.auth.neutron.password="$(kubectl --namespace openstack get secret neutron-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.neutron.ovn.ovn_nb_connection="tcp:$(kubectl --namespace kube-system get service ovn-nb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ + --set conf.neutron.ovn.ovn_sb_connection="tcp:$(kubectl --namespace kube-system get service ovn-sb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ + --set conf.plugins.ml2_conf.ovn.ovn_nb_connection="tcp:$(kubectl --namespace kube-system get service ovn-nb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ + --set conf.plugins.ml2_conf.ovn.ovn_sb_connection="tcp:$(kubectl --namespace kube-system get service ovn-sb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ + --post-renderer-args neutron/base diff --git a/bin/install-nova.sh b/bin/install-nova.sh new file mode 100755 index 00000000..5f759456 --- /dev/null +++ b/bin/install-nova.sh @@ -0,0 +1,29 @@ +#!/bin/bash +cd /opt/genestack/submodules/openstack-helm + +helm upgrade --install nova ./nova \ + --namespace=openstack \ + --timeout 120m \ + -f /etc/genestack/helm-configs/nova/nova-helm-overrides.yaml \ + --set conf.nova.neutron.metadata_proxy_shared_secret="$(kubectl --namespace openstack get secret metadata-shared-secret -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.nova.password="$(kubectl --namespace openstack get secret nova-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.neutron.password="$(kubectl --namespace openstack get secret neutron-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.ironic.password="$(kubectl --namespace openstack get secret ironic-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.placement.password="$(kubectl --namespace openstack get secret placement-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.cinder.password="$(kubectl --namespace openstack get secret cinder-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.nova.password="$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db_api.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ + --set endpoints.oslo_db_api.auth.nova.password="$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db_cell0.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ + --set endpoints.oslo_db_cell0.auth.nova.password="$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.nova.database.slave_connection="mysql+pymysql://nova:$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/nova" \ + --set conf.nova.api_database.slave_connection="mysql+pymysql://nova:$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/nova_api" \ + --set conf.nova.cell0_database.slave_connection="mysql+pymysql://nova:$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/nova_cell0" \ + --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_messaging.auth.nova.password="$(kubectl --namespace openstack get secret nova-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set network.ssh.public_key="$(kubectl -n openstack get secret nova-ssh-keypair -o jsonpath='{.data.public_key}' | base64 -d)"$'\n' \ + --set network.ssh.private_key="$(kubectl -n openstack get secret nova-ssh-keypair -o jsonpath='{.data.private_key}' | base64 -d)"$'\n' \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ + --post-renderer-args nova/base diff --git a/bin/install-octavia.sh b/bin/install-octavia.sh new file mode 100755 index 00000000..fb112362 --- /dev/null +++ b/bin/install-octavia.sh @@ -0,0 +1,20 @@ +#!/bin/bash +cd /opt/genestack/submodules/openstack-helm + +helm upgrade --install octavia ./octavia \ + --namespace=openstack \ + --wait \ + --timeout 120m \ + -f /etc/genestack/helm-configs/octavia/octavia-helm-overrides.yaml \ + --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.octavia.password="$(kubectl --namespace openstack get secret octavia-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.octavia.password="$(kubectl --namespace openstack get secret octavia-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.octavia.database.slave_connection="mysql+pymysql://octavia:$(kubectl --namespace openstack get secret octavia-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/octavia" \ + --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_messaging.auth.octavia.password="$(kubectl --namespace openstack get secret octavia-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.octavia.certificates.ca_private_key_passphrase="$(kubectl --namespace openstack get secret octavia-certificates -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.octavia.ovn.ovn_nb_connection="tcp:$(kubectl --namespace kube-system get service ovn-nb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ + --set conf.octavia.ovn.ovn_sb_connection="tcp:$(kubectl --namespace kube-system get service ovn-sb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ + --post-renderer-args octavia/base diff --git a/bin/install-placement.sh b/bin/install-placement.sh new file mode 100755 index 00000000..53a8ead2 --- /dev/null +++ b/bin/install-placement.sh @@ -0,0 +1,15 @@ +#!/bin/bash +cd /opt/genestack/submodules/openstack-helm + +helm upgrade --install placement ./placement --namespace=openstack \ + --namespace=openstack \ + --timeout 120m \ + -f /etc/genestack/helm-configs/placement/placement-helm-overrides.yaml \ + --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.placement.password="$(kubectl --namespace openstack get secret placement-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.placement.password="$(kubectl --namespace openstack get secret placement-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.placement.placement_database.slave_connection="mysql+pymysql://placement:$(kubectl --namespace openstack get secret placement-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/placement" \ + --set endpoints.oslo_db.auth.nova_api.password="$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ + --post-renderer-args placement/base diff --git a/bin/install-postgresql.sh b/bin/install-postgresql.sh new file mode 100755 index 00000000..c4a98482 --- /dev/null +++ b/bin/install-postgresql.sh @@ -0,0 +1,12 @@ +#!/bin/bash +cd /opt/genestack/submodules/openstack-helm-infra +helm upgrade --install postgresql ./postgresql \ + --namespace=openstack \ + --wait \ + --timeout 10m \ + -f /etc/genestack/helm-configs/postgresql/postgresql-helm-overrides.yaml \ + --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.postgresql.password="$(kubectl --namespace openstack get secret postgresql-identity-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.postgresql.auth.admin.password="$(kubectl --namespace openstack get secret postgresql-db-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.postgresql.auth.exporter.password="$(kubectl --namespace openstack get secret postgresql-db-exporter -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.postgresql.auth.audit.password="$(kubectl --namespace openstack get secret postgresql-db-audit -o jsonpath='{.data.password}' | base64 -d)" diff --git a/bin/install-skyline.sh b/bin/install-skyline.sh new file mode 100755 index 00000000..c08d1af7 --- /dev/null +++ b/bin/install-skyline.sh @@ -0,0 +1,2 @@ +#!/bin/bash +kubectl --namespace openstack apply -k /etc/genestack/kustomize/skyline/base diff --git a/bin/label-nodes.sh b/bin/label-nodes.sh new file mode 100755 index 00000000..91e7c751 --- /dev/null +++ b/bin/label-nodes.sh @@ -0,0 +1,57 @@ +#!/bin/bash + +if [ -z "$1" ]; then + echo "Usage: $0 " + exit 1 +fi +INVENTORY_FILE="$1" + +# Define the function to label nodes +label_nodes() { + local group=$1 + local label=$2 + + if grep -q "$group:" $INVENTORY_FILE; then + local nodes=($(grep -A 1 "children:" $INVENTORY_FILE | grep -A 1 " $group:" | grep -Eo "^\s+\S+" | tr -d ' ')) + for node in "${nodes[@]}"; do + if [[ $node != "|" ]]; then + kubectl label node $node $label --overwrite + echo "Labeled node $node with $label" + fi + done + else + echo "Group $group does not exist in the inventory file." + fi +} + +# Label the storage nodes identified by ceph_storage_nodes +label_nodes "ceph_storage_nodes" "role=storage-node" + +# Label the openstack controllers identified by openstack_control_plane +label_nodes "openstack_control_plane" "openstack-control-plane=enabled" + +# Label the openstack compute nodes identified by openstack_compute_nodes +label_nodes "openstack_compute_nodes" "openstack-compute-node=enabled" + +# Label the openstack storage nodes identified by cinder_storage_nodes +label_nodes "cinder_storage_nodes" "openstack-storage-node=enabled" + +# Label network nodes identified by ovn_network_nodes +label_nodes "ovn_network_nodes" "openstack-network-node=enabled" + +# Label all workers - Identified by kube_node excluding kube_control_plane +if grep -q "kube_node:" $INVENTORY_FILE; then + kube_control_plane_nodes=($(grep -A 1 "children:" $INVENTORY_FILE | grep -A 1 " kube_control_plane:" | grep -Eo "^\s+\S+" | tr -d ' ')) + all_kube_nodes=($(grep -A 1 "children:" $INVENTORY_FILE | grep -A 1 " kube_node:" | grep -Eo "^\s+\S+" | tr -d ' ')) + + for node in "${all_kube_nodes[@]}"; do + if [[ ! " ${kube_control_plane_nodes[@]} " =~ " ${node} " ]]; then + kubectl label node $node node-role.kubernetes.io/worker=worker --overwrite + echo "Labeled node $node with node-role.kubernetes.io/worker=worker" + fi + done +else + echo "Group kube_node does not exist in the inventory file." +fi + +kubectl get nodes -o json | jq '[.items[] | {"NAME": .metadata.name, "LABELS": .metadata.labels}]' diff --git a/bin/setup-hosts.sh b/bin/setup-hosts.sh new file mode 100755 index 00000000..e4b06856 --- /dev/null +++ b/bin/setup-hosts.sh @@ -0,0 +1,8 @@ +#!/bin/bash +source /opt/genestack/scripts/genestack.rc +cd /opt/genestack/ansible/playbooks +ansible-playbook /root/genestack-scripts/prep-nodes.yaml +# Start kube install +ansible-playbook host-setup.yml +cd /opt/genestack/submodules/kubespray +ansible-playbook cluster.yml diff --git a/bin/setup-openstack.sh b/bin/setup-openstack.sh new file mode 100755 index 00000000..4276dfa9 --- /dev/null +++ b/bin/setup-openstack.sh @@ -0,0 +1,27 @@ +#!/bin/bash +#Deploy Keystone +/opt/genestack/bin/install-keystone.sh + +# Deploy Glance +/opt/genestack/bin/install-glance.sh + +# Deploy Heat +/opt/genestack/bin/install-heat.sh + +# Deploy Cinder +/opt/genestack/bin/install-cinder.sh + +# Deploy placement +/opt/genestack/bin/install-placement.sh + +# Deploy Nova +/opt/genestack/bin/install-nova.sh + +# Deploy Neutron +/opt/genestack/bin/install-neutron.sh + +# Deploy Octavia +/opt/genestack/bin/install-octavia.sh + +# Deploy SkyLine +/opt/genestack/bin/install-skyline.sh diff --git a/docs/genestack-getting-started.md b/docs/genestack-getting-started.md index 24abef62..8b4fc640 100644 --- a/docs/genestack-getting-started.md +++ b/docs/genestack-getting-started.md @@ -19,7 +19,7 @@ It is persisted at /etc/genestack/product` for subsequent executions, it only ha ``` shell export GENESTACK_PRODUCT=openstack-flex -/opt/genestack/bootstrap.sh +/opt/genestack/bin/bootstrap.sh ``` !!! tip diff --git a/docs/infrastructure-postgresql.md b/docs/infrastructure-postgresql.md index 23536cf9..189e65a0 100644 --- a/docs/infrastructure-postgresql.md +++ b/docs/infrastructure-postgresql.md @@ -1,6 +1,9 @@ # Deploy PostgreSQL ## Create Secrets +!!! info + +This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ``` shell kubectl --namespace openstack create secret generic postgresql-identity-admin \ @@ -29,7 +32,7 @@ helm upgrade --install postgresql ./postgresql \ --namespace=openstack \ --wait \ --timeout 10m \ - -f /opt/genestack/helm-configs/postgresql/postgresql-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/postgresql/postgresql-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.postgresql.password="$(kubectl --namespace openstack get secret postgresql-identity-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.postgresql.auth.admin.password="$(kubectl --namespace openstack get secret postgresql-db-admin -o jsonpath='{.data.password}' | base64 -d)" \ diff --git a/docs/openstack-ceilometer.md b/docs/openstack-ceilometer.md index 9d67fb4f..c1aa90e1 100644 --- a/docs/openstack-ceilometer.md +++ b/docs/openstack-ceilometer.md @@ -1,6 +1,9 @@ # Deploy Ceilometer ## Create Secrets +!!! info + +This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ``` shell kubectl --namespace openstack create secret generic ceilometer-keystone-admin-password \ @@ -22,7 +25,7 @@ helm upgrade --install ceilometer ./ceilometer \ --namespace=openstack \ --wait \ --timeout 10m \ - -f /opt/genestack/helm-configs/ceilometer/ceilometer-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/ceilometer/ceilometer-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.ceilometer.password="$(kubectl --namespace openstack get secret ceilometer-keystone-admin-password -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.test.password="$(kubectl --namespace openstack get secret ceilometer-keystone-test-password -o jsonpath='{.data.password}' | base64 -d)" \ diff --git a/docs/openstack-cinder.md b/docs/openstack-cinder.md index 0ed16f2b..70f7032e 100644 --- a/docs/openstack-cinder.md +++ b/docs/openstack-cinder.md @@ -3,6 +3,10 @@ [![asciicast](https://asciinema.org/a/629808.svg)](https://asciinema.org/a/629808) ## Create secrets +!!! info + +This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin + ``` shell kubectl --namespace openstack \ @@ -29,7 +33,7 @@ helm upgrade --install cinder ./cinder \ --namespace=openstack \ --wait \ --timeout 120m \ - -f /opt/genestack/helm-configs/cinder/cinder-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/cinder/cinder-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.cinder.password="$(kubectl --namespace openstack get secret cinder-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ @@ -37,7 +41,7 @@ helm upgrade --install cinder ./cinder \ --set conf.cinder.database.slave_connection="mysql+pymysql://cinder:$(kubectl --namespace openstack get secret cinder-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/cinder" \ --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.cinder.password="$(kubectl --namespace openstack get secret cinder-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args cinder/base ``` @@ -215,12 +219,12 @@ root@openstack-flex-node-4:~# lvs ## Enable multipath in Nova Compute: -Toggle volume_use_multipath to true in /opt/genestack/helm-configs/nova/nova-helm-overrides.yaml +Toggle volume_use_multipath to true in /etc/genestack/helm-configs/nova/nova-helm-overrides.yaml ``` shell -sed -i 's/volume_use_multipath: false/volume_use_multipath: true/' /opt/genestack/helm-configs/nova/nova-helm-overrides.yaml -sed -i 's/enable_iscsi: false/enable_iscsi: true/' /opt/genestack/helm-configs/nova/nova-helm-overrides.yaml +sed -i 's/volume_use_multipath: false/volume_use_multipath: true/' /etc/genestack/helm-configs/nova/nova-helm-overrides.yaml +sed -i 's/enable_iscsi: false/enable_iscsi: true/' /etc/genestack/helm-configs/nova/nova-helm-overrides.yaml ``` diff --git a/docs/openstack-compute-kit.md b/docs/openstack-compute-kit.md index e70c5c3e..5edfe238 100644 --- a/docs/openstack-compute-kit.md +++ b/docs/openstack-compute-kit.md @@ -5,6 +5,9 @@ ## Creating the Compute Kit Secrets Part of running Nova is also running placement. Setup all credentials now so we can use them across the nova and placement services. +!!! info + +This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ### Shared @@ -97,14 +100,14 @@ cd /opt/genestack/submodules/openstack-helm helm upgrade --install placement ./placement --namespace=openstack \ --namespace=openstack \ --timeout 120m \ - -f /opt/genestack/helm-configs/placement/placement-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/placement/placement-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.placement.password="$(kubectl --namespace openstack get secret placement-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ --set endpoints.oslo_db.auth.placement.password="$(kubectl --namespace openstack get secret placement-db-password -o jsonpath='{.data.password}' | base64 -d)" \ --set conf.placement.placement_database.slave_connection="mysql+pymysql://placement:$(kubectl --namespace openstack get secret placement-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/placement" \ --set endpoints.oslo_db.auth.nova_api.password="$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args placement/base ``` @@ -116,7 +119,7 @@ cd /opt/genestack/submodules/openstack-helm helm upgrade --install nova ./nova \ --namespace=openstack \ --timeout 120m \ - -f /opt/genestack/helm-configs/nova/nova-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/nova/nova-helm-overrides.yaml \ --set conf.nova.neutron.metadata_proxy_shared_secret="$(kubectl --namespace openstack get secret metadata-shared-secret -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.nova.password="$(kubectl --namespace openstack get secret nova-admin -o jsonpath='{.data.password}' | base64 -d)" \ @@ -137,7 +140,7 @@ helm upgrade --install nova ./nova \ --set endpoints.oslo_messaging.auth.nova.password="$(kubectl --namespace openstack get secret nova-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ --set network.ssh.public_key="$(kubectl -n openstack get secret nova-ssh-keypair -o jsonpath='{.data.public_key}' | base64 -d)"$'\n' \ --set network.ssh.private_key="$(kubectl -n openstack get secret nova-ssh-keypair -o jsonpath='{.data.private_key}' | base64 -d)"$'\n' \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args nova/base ``` @@ -167,7 +170,7 @@ cd /opt/genestack/submodules/openstack-helm helm upgrade --install neutron ./neutron \ --namespace=openstack \ --timeout 120m \ - -f /opt/genestack/helm-configs/neutron/neutron-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/neutron/neutron-helm-overrides.yaml \ --set conf.metadata_agent.DEFAULT.metadata_proxy_shared_secret="$(kubectl --namespace openstack get secret metadata-shared-secret -o jsonpath='{.data.password}' | base64 -d)" \ --set conf.ovn_metadata_agent.DEFAULT.metadata_proxy_shared_secret="$(kubectl --namespace openstack get secret metadata-shared-secret -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ @@ -185,7 +188,7 @@ helm upgrade --install neutron ./neutron \ --set conf.neutron.ovn.ovn_sb_connection="tcp:$(kubectl --namespace kube-system get service ovn-sb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ --set conf.plugins.ml2_conf.ovn.ovn_nb_connection="tcp:$(kubectl --namespace kube-system get service ovn-nb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ --set conf.plugins.ml2_conf.ovn.ovn_sb_connection="tcp:$(kubectl --namespace kube-system get service ovn-sb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args neutron/base ``` diff --git a/docs/openstack-glance.md b/docs/openstack-glance.md index 9a3b2ce8..cb494b69 100644 --- a/docs/openstack-glance.md +++ b/docs/openstack-glance.md @@ -3,6 +3,9 @@ [![asciicast](https://asciinema.org/a/629806.svg)](https://asciinema.org/a/629806) ## Create secrets. +!!! info + +This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ``` shell kubectl --namespace openstack \ @@ -33,7 +36,7 @@ helm upgrade --install glance ./glance \ --namespace=openstack \ --wait \ --timeout 120m \ - -f /opt/genestack/helm-configs/glance/glance-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/glance/glance-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.glance.password="$(kubectl --namespace openstack get secret glance-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ @@ -41,7 +44,7 @@ helm upgrade --install glance ./glance \ --set conf.glance.database.slave_connection="mysql+pymysql://glance:$(kubectl --namespace openstack get secret glance-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/glance" \ --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.glance.password="$(kubectl --namespace openstack get secret glance-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args glance/base ``` diff --git a/docs/openstack-gnocchi.md b/docs/openstack-gnocchi.md index 3961d0ee..8bda8a2e 100644 --- a/docs/openstack-gnocchi.md +++ b/docs/openstack-gnocchi.md @@ -1,6 +1,9 @@ # Deploy Gnocchi ## Create Secrets +!!! info + +This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ``` shell kubectl --namespace openstack create secret generic gnocchi-admin \ @@ -58,7 +61,7 @@ helm upgrade --install gnocchi ./gnocchi \ --namespace=openstack \ --wait \ --timeout 10m \ - -f /opt/genestack/helm-configs/gnocchi/gnocchi-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/gnocchi/gnocchi-helm-overrides.yaml \ --set conf.ceph.admin_keyring="$(kubectl get secret --namespace rook-ceph rook-ceph-admin-keyring -o jsonpath='{.data.keyring}' | base64 -d)" \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.gnocchi.password="$(kubectl --namespace openstack get secret gnocchi-admin -o jsonpath='{.data.password}' | base64 -d)" \ @@ -66,7 +69,7 @@ helm upgrade --install gnocchi ./gnocchi \ --set endpoints.oslo_db.auth.gnocchi.password="$(kubectl --namespace openstack get secret gnocchi-db-password -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db_postgresql.auth.admin.password="$(kubectl --namespace openstack get secret postgresql-db-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db_postgresql.auth.gnocchi.password="$(kubectl --namespace openstack get secret gnocchi-pgsql-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args gnocchi/base ``` diff --git a/docs/openstack-heat.md b/docs/openstack-heat.md index 1c00f2db..2fc10d06 100644 --- a/docs/openstack-heat.md +++ b/docs/openstack-heat.md @@ -3,6 +3,9 @@ [![asciicast](https://asciinema.org/a/629807.svg)](https://asciinema.org/a/629807) ## Create secrets +!!! info + +This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ``` shell kubectl --namespace openstack \ @@ -36,7 +39,7 @@ cd /opt/genestack/submodules/openstack-helm helm upgrade --install heat ./heat \ --namespace=openstack \ --timeout 120m \ - -f /opt/genestack/helm-configs/heat/heat-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/heat/heat-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.heat.password="$(kubectl --namespace openstack get secret heat-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.heat_trustee.password="$(kubectl --namespace openstack get secret heat-trustee -o jsonpath='{.data.password}' | base64 -d)" \ @@ -46,7 +49,7 @@ helm upgrade --install heat ./heat \ --set conf.heat.database.slave_connection="mysql+pymysql://heat:$(kubectl --namespace openstack get secret heat-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/heat" \ --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.heat.password="$(kubectl --namespace openstack get secret heat-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args heat/base ``` diff --git a/docs/openstack-horizon.md b/docs/openstack-horizon.md index 6672744c..d5fe5a42 100644 --- a/docs/openstack-horizon.md +++ b/docs/openstack-horizon.md @@ -3,6 +3,9 @@ [![asciicast](https://asciinema.org/a/629815.svg)](https://asciinema.org/a/629815) ## Create secrets +!!! info + +This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ``` shell kubectl --namespace openstack \ @@ -25,12 +28,12 @@ helm upgrade --install horizon ./horizon \ --namespace=openstack \ --wait \ --timeout 120m \ - -f /opt/genestack/helm-configs/horizon/horizon-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/horizon/horizon-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set conf.horizon.local_settings.config.horizon_secret_key="$(kubectl --namespace openstack get secret horizon-secrete-key -o jsonpath='{.data.root-password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ --set endpoints.oslo_db.auth.horizon.password="$(kubectl --namespace openstack get secret horizon-db-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args horizon/base ``` diff --git a/docs/openstack-keystone.md b/docs/openstack-keystone.md index 09d8aeff..17792718 100644 --- a/docs/openstack-keystone.md +++ b/docs/openstack-keystone.md @@ -3,6 +3,9 @@ [![asciicast](https://asciinema.org/a/629802.svg)](https://asciinema.org/a/629802) ## Create secrets. +!!! info + +This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ``` shell kubectl --namespace openstack \ @@ -33,14 +36,14 @@ helm upgrade --install keystone ./keystone \ --namespace=openstack \ --wait \ --timeout 120m \ - -f /opt/genestack/helm-configs/keystone/keystone-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/keystone/keystone-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ --set endpoints.oslo_db.auth.keystone.password="$(kubectl --namespace openstack get secret keystone-db-password -o jsonpath='{.data.password}' | base64 -d)" \ --set conf.keystone.database.slave_connection="mysql+pymysql://keystone:$(kubectl --namespace openstack get secret keystone-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/keystone" \ --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.keystone.password="$(kubectl --namespace openstack get secret keystone-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args keystone/base ``` diff --git a/docs/openstack-octavia.md b/docs/openstack-octavia.md index c09e75b6..ae554c05 100644 --- a/docs/openstack-octavia.md +++ b/docs/openstack-octavia.md @@ -3,6 +3,9 @@ [![asciicast](https://asciinema.org/a/629814.svg)](https://asciinema.org/a/629814) ### Create secrets +!!! info + +This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ``` shell kubectl --namespace openstack \ @@ -33,7 +36,7 @@ helm upgrade --install octavia ./octavia \ --namespace=openstack \ --wait \ --timeout 120m \ - -f /opt/genestack/helm-configs/octavia/octavia-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/octavia/octavia-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.octavia.password="$(kubectl --namespace openstack get secret octavia-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ @@ -44,7 +47,7 @@ helm upgrade --install octavia ./octavia \ --set conf.octavia.certificates.ca_private_key_passphrase="$(kubectl --namespace openstack get secret octavia-certificates -o jsonpath='{.data.password}' | base64 -d)" \ --set conf.octavia.ovn.ovn_nb_connection="tcp:$(kubectl --namespace kube-system get service ovn-nb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ --set conf.octavia.ovn.ovn_sb_connection="tcp:$(kubectl --namespace kube-system get service ovn-sb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args octavia/base ``` diff --git a/docs/openstack-skyline.md b/docs/openstack-skyline.md index 9e748ee1..619c32e2 100644 --- a/docs/openstack-skyline.md +++ b/docs/openstack-skyline.md @@ -5,6 +5,9 @@ Skyline is an alternative Web UI for OpenStack. If you deploy horizon there's no need for Skyline. ## Create secrets +!!! info + +This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin Skyline is a little different because there's no helm integration. Given this difference the deployment is far simpler, and all secrets can be managed in one object. @@ -39,8 +42,8 @@ kubectl --namespace openstack \ !!! tip - Pause for a moment to consider if you will be wanting to access Skyline via your ingress controller over a specific FQDN. If so, modify `/opt/genestack/kustomize/skyline/fqdn/kustomization.yaml` to suit your needs then use `fqdn` below in lieu of `base`... + Pause for a moment to consider if you will be wanting to access Skyline via your ingress controller over a specific FQDN. If so, modify `/etc/genestack/kustomize/skyline/fqdn/kustomization.yaml` to suit your needs then use `fqdn` below in lieu of `base`... ``` shell -kubectl --namespace openstack apply -k /opt/genestack/kustomize/skyline/base +kubectl --namespace openstack apply -k /etc/genestack/kustomize/skyline/base ``` diff --git a/helm-configs/aio-example-openstack-overrides.yaml b/helm-configs.example/aio-example-openstack-overrides.yaml similarity index 100% rename from helm-configs/aio-example-openstack-overrides.yaml rename to helm-configs.example/aio-example-openstack-overrides.yaml diff --git a/helm-configs/ceilometer/ceilometer-helm-overrides.yaml b/helm-configs.example/ceilometer/ceilometer-helm-overrides.yaml similarity index 100% rename from helm-configs/ceilometer/ceilometer-helm-overrides.yaml rename to helm-configs.example/ceilometer/ceilometer-helm-overrides.yaml diff --git a/helm-configs/cinder/cinder-helm-overrides.yaml b/helm-configs.example/cinder/cinder-helm-overrides.yaml similarity index 100% rename from helm-configs/cinder/cinder-helm-overrides.yaml rename to helm-configs.example/cinder/cinder-helm-overrides.yaml diff --git a/helm-configs/designate/designate-helm-overrides.yaml b/helm-configs.example/designate/designate-helm-overrides.yaml similarity index 100% rename from helm-configs/designate/designate-helm-overrides.yaml rename to helm-configs.example/designate/designate-helm-overrides.yaml diff --git a/helm-configs/fluentbit/README.md b/helm-configs.example/fluentbit/README.md similarity index 100% rename from helm-configs/fluentbit/README.md rename to helm-configs.example/fluentbit/README.md diff --git a/helm-configs/fluentbit/fluentbit-helm-overrides.yaml b/helm-configs.example/fluentbit/fluentbit-helm-overrides.yaml similarity index 100% rename from helm-configs/fluentbit/fluentbit-helm-overrides.yaml rename to helm-configs.example/fluentbit/fluentbit-helm-overrides.yaml diff --git a/helm-configs/glance/glance-helm-overrides.yaml b/helm-configs.example/glance/glance-helm-overrides.yaml similarity index 100% rename from helm-configs/glance/glance-helm-overrides.yaml rename to helm-configs.example/glance/glance-helm-overrides.yaml diff --git a/helm-configs/gnocchi/gnocchi-helm-overrides.yaml b/helm-configs.example/gnocchi/gnocchi-helm-overrides.yaml similarity index 100% rename from helm-configs/gnocchi/gnocchi-helm-overrides.yaml rename to helm-configs.example/gnocchi/gnocchi-helm-overrides.yaml diff --git a/helm-configs/grafana/README.md b/helm-configs.example/grafana/README.md similarity index 100% rename from helm-configs/grafana/README.md rename to helm-configs.example/grafana/README.md diff --git a/helm-configs/grafana/datasources.yaml b/helm-configs.example/grafana/datasources.yaml similarity index 100% rename from helm-configs/grafana/datasources.yaml rename to helm-configs.example/grafana/datasources.yaml diff --git a/helm-configs/grafana/overrides.yaml b/helm-configs.example/grafana/overrides.yaml similarity index 100% rename from helm-configs/grafana/overrides.yaml rename to helm-configs.example/grafana/overrides.yaml diff --git a/helm-configs/heat/heat-helm-overrides.yaml b/helm-configs.example/heat/heat-helm-overrides.yaml similarity index 100% rename from helm-configs/heat/heat-helm-overrides.yaml rename to helm-configs.example/heat/heat-helm-overrides.yaml diff --git a/helm-configs/horizon/horizon-helm-overrides.yaml b/helm-configs.example/horizon/horizon-helm-overrides.yaml similarity index 100% rename from helm-configs/horizon/horizon-helm-overrides.yaml rename to helm-configs.example/horizon/horizon-helm-overrides.yaml diff --git a/helm-configs/keystone/keystone-helm-overrides.yaml b/helm-configs.example/keystone/keystone-helm-overrides.yaml similarity index 100% rename from helm-configs/keystone/keystone-helm-overrides.yaml rename to helm-configs.example/keystone/keystone-helm-overrides.yaml diff --git a/helm-configs/loki/loki-helm-minio-overrides-example.yaml b/helm-configs.example/loki/loki-helm-minio-overrides-example.yaml similarity index 100% rename from helm-configs/loki/loki-helm-minio-overrides-example.yaml rename to helm-configs.example/loki/loki-helm-minio-overrides-example.yaml diff --git a/helm-configs/loki/loki-helm-s3-overrides-example.yaml b/helm-configs.example/loki/loki-helm-s3-overrides-example.yaml similarity index 100% rename from helm-configs/loki/loki-helm-s3-overrides-example.yaml rename to helm-configs.example/loki/loki-helm-s3-overrides-example.yaml diff --git a/helm-configs/loki/loki-helm-swift-overrides-example.yaml b/helm-configs.example/loki/loki-helm-swift-overrides-example.yaml similarity index 100% rename from helm-configs/loki/loki-helm-swift-overrides-example.yaml rename to helm-configs.example/loki/loki-helm-swift-overrides-example.yaml diff --git a/helm-configs/monitoring/openstack-metrics-exporter/clouds-yaml b/helm-configs.example/monitoring/openstack-metrics-exporter/clouds-yaml similarity index 100% rename from helm-configs/monitoring/openstack-metrics-exporter/clouds-yaml rename to helm-configs.example/monitoring/openstack-metrics-exporter/clouds-yaml diff --git a/helm-configs/monitoring/openstack-metrics-exporter/openstack-metrics-exporter-helm-overrides.yaml b/helm-configs.example/monitoring/openstack-metrics-exporter/openstack-metrics-exporter-helm-overrides.yaml similarity index 100% rename from helm-configs/monitoring/openstack-metrics-exporter/openstack-metrics-exporter-helm-overrides.yaml rename to helm-configs.example/monitoring/openstack-metrics-exporter/openstack-metrics-exporter-helm-overrides.yaml diff --git a/helm-configs/neutron/neutron-helm-overrides.yaml b/helm-configs.example/neutron/neutron-helm-overrides.yaml similarity index 100% rename from helm-configs/neutron/neutron-helm-overrides.yaml rename to helm-configs.example/neutron/neutron-helm-overrides.yaml diff --git a/helm-configs/nginx-gateway-fabric/helm-overrides.yaml b/helm-configs.example/nginx-gateway-fabric/helm-overrides.yaml similarity index 100% rename from helm-configs/nginx-gateway-fabric/helm-overrides.yaml rename to helm-configs.example/nginx-gateway-fabric/helm-overrides.yaml diff --git a/helm-configs/nova/nova-helm-overrides.yaml b/helm-configs.example/nova/nova-helm-overrides.yaml similarity index 100% rename from helm-configs/nova/nova-helm-overrides.yaml rename to helm-configs.example/nova/nova-helm-overrides.yaml diff --git a/helm-configs/octavia/octavia-helm-overrides.yaml b/helm-configs.example/octavia/octavia-helm-overrides.yaml similarity index 100% rename from helm-configs/octavia/octavia-helm-overrides.yaml rename to helm-configs.example/octavia/octavia-helm-overrides.yaml diff --git a/helm-configs/osie/osie-helm-overrides.yaml b/helm-configs.example/osie/osie-helm-overrides.yaml similarity index 100% rename from helm-configs/osie/osie-helm-overrides.yaml rename to helm-configs.example/osie/osie-helm-overrides.yaml diff --git a/helm-configs/placement/placement-helm-overrides.yaml b/helm-configs.example/placement/placement-helm-overrides.yaml similarity index 100% rename from helm-configs/placement/placement-helm-overrides.yaml rename to helm-configs.example/placement/placement-helm-overrides.yaml diff --git a/helm-configs/postgresql/postgresql-helm-overrides.yaml b/helm-configs.example/postgresql/postgresql-helm-overrides.yaml similarity index 100% rename from helm-configs/postgresql/postgresql-helm-overrides.yaml rename to helm-configs.example/postgresql/postgresql-helm-overrides.yaml diff --git a/helm-configs/prod-example-openstack-overrides.yaml b/helm-configs.example/prod-example-openstack-overrides.yaml similarity index 100% rename from helm-configs/prod-example-openstack-overrides.yaml rename to helm-configs.example/prod-example-openstack-overrides.yaml diff --git a/kustomize/argocd/base/kustomization.yaml b/kustomize.example/argocd/base/kustomization.yaml similarity index 100% rename from kustomize/argocd/base/kustomization.yaml rename to kustomize.example/argocd/base/kustomization.yaml diff --git a/kustomize/argocd/base/namespace.yaml b/kustomize.example/argocd/base/namespace.yaml similarity index 100% rename from kustomize/argocd/base/namespace.yaml rename to kustomize.example/argocd/base/namespace.yaml diff --git a/kustomize/argocd/base/values.yaml b/kustomize.example/argocd/base/values.yaml similarity index 100% rename from kustomize/argocd/base/values.yaml rename to kustomize.example/argocd/base/values.yaml diff --git a/kustomize/backups/etcd/etcd-backup.yaml b/kustomize.example/backups/etcd/etcd-backup.yaml similarity index 100% rename from kustomize/backups/etcd/etcd-backup.yaml rename to kustomize.example/backups/etcd/etcd-backup.yaml diff --git a/kustomize/backups/etcd/kustomization.yaml b/kustomize.example/backups/etcd/kustomization.yaml similarity index 100% rename from kustomize/backups/etcd/kustomization.yaml rename to kustomize.example/backups/etcd/kustomization.yaml diff --git a/kustomize/cinder/aio/kustomization.yaml b/kustomize.example/cinder/aio/kustomization.yaml similarity index 100% rename from kustomize/cinder/aio/kustomization.yaml rename to kustomize.example/cinder/aio/kustomization.yaml diff --git a/kustomize/cinder/base/cinder-mariadb-database.yaml b/kustomize.example/cinder/base/cinder-mariadb-database.yaml similarity index 100% rename from kustomize/cinder/base/cinder-mariadb-database.yaml rename to kustomize.example/cinder/base/cinder-mariadb-database.yaml diff --git a/kustomize/cinder/base/cinder-rabbitmq-queue.yaml b/kustomize.example/cinder/base/cinder-rabbitmq-queue.yaml similarity index 100% rename from kustomize/cinder/base/cinder-rabbitmq-queue.yaml rename to kustomize.example/cinder/base/cinder-rabbitmq-queue.yaml diff --git a/kustomize/cinder/base/hpa-cinder-api.yaml b/kustomize.example/cinder/base/hpa-cinder-api.yaml similarity index 100% rename from kustomize/cinder/base/hpa-cinder-api.yaml rename to kustomize.example/cinder/base/hpa-cinder-api.yaml diff --git a/kustomize/cinder/base/hpa-cinder-scheduler.yaml b/kustomize.example/cinder/base/hpa-cinder-scheduler.yaml similarity index 100% rename from kustomize/cinder/base/hpa-cinder-scheduler.yaml rename to kustomize.example/cinder/base/hpa-cinder-scheduler.yaml diff --git a/kustomize/cinder/base/kustomization.yaml b/kustomize.example/cinder/base/kustomization.yaml similarity index 100% rename from kustomize/cinder/base/kustomization.yaml rename to kustomize.example/cinder/base/kustomization.yaml diff --git a/kustomize/cinder/letsencrypt/kustomization.yaml b/kustomize.example/cinder/letsencrypt/kustomization.yaml similarity index 100% rename from kustomize/cinder/letsencrypt/kustomization.yaml rename to kustomize.example/cinder/letsencrypt/kustomization.yaml diff --git a/kustomize/designate/aio/kustomization.yaml b/kustomize.example/designate/aio/kustomization.yaml similarity index 100% rename from kustomize/designate/aio/kustomization.yaml rename to kustomize.example/designate/aio/kustomization.yaml diff --git a/kustomize/designate/base/designate-mariadb-database.yaml b/kustomize.example/designate/base/designate-mariadb-database.yaml similarity index 100% rename from kustomize/designate/base/designate-mariadb-database.yaml rename to kustomize.example/designate/base/designate-mariadb-database.yaml diff --git a/kustomize/designate/base/designate-rabbitmq-queue.yaml b/kustomize.example/designate/base/designate-rabbitmq-queue.yaml similarity index 100% rename from kustomize/designate/base/designate-rabbitmq-queue.yaml rename to kustomize.example/designate/base/designate-rabbitmq-queue.yaml diff --git a/kustomize/designate/base/hpa-designate-api.yaml b/kustomize.example/designate/base/hpa-designate-api.yaml similarity index 100% rename from kustomize/designate/base/hpa-designate-api.yaml rename to kustomize.example/designate/base/hpa-designate-api.yaml diff --git a/kustomize/designate/base/kustomization.yaml b/kustomize.example/designate/base/kustomization.yaml similarity index 100% rename from kustomize/designate/base/kustomization.yaml rename to kustomize.example/designate/base/kustomization.yaml diff --git a/kustomize/designate/letsencrypt/kustomization.yaml b/kustomize.example/designate/letsencrypt/kustomization.yaml similarity index 100% rename from kustomize/designate/letsencrypt/kustomization.yaml rename to kustomize.example/designate/letsencrypt/kustomization.yaml diff --git a/kustomize/gateway/alertmanager-routes.yaml b/kustomize.example/gateway/alertmanager-routes.yaml similarity index 100% rename from kustomize/gateway/alertmanager-routes.yaml rename to kustomize.example/gateway/alertmanager-routes.yaml diff --git a/kustomize/gateway/internal-gateway-api.yaml b/kustomize.example/gateway/internal-gateway-api.yaml similarity index 100% rename from kustomize/gateway/internal-gateway-api.yaml rename to kustomize.example/gateway/internal-gateway-api.yaml diff --git a/kustomize/gateway/kustomization.yaml b/kustomize.example/gateway/kustomization.yaml similarity index 100% rename from kustomize/gateway/kustomization.yaml rename to kustomize.example/gateway/kustomization.yaml diff --git a/kustomize/gateway/prometheus-routes.yaml b/kustomize.example/gateway/prometheus-routes.yaml similarity index 100% rename from kustomize/gateway/prometheus-routes.yaml rename to kustomize.example/gateway/prometheus-routes.yaml diff --git a/kustomize/glance/aio/kustomization.yaml b/kustomize.example/glance/aio/kustomization.yaml similarity index 100% rename from kustomize/glance/aio/kustomization.yaml rename to kustomize.example/glance/aio/kustomization.yaml diff --git a/kustomize/glance/base/glance-mariadb-database.yaml b/kustomize.example/glance/base/glance-mariadb-database.yaml similarity index 100% rename from kustomize/glance/base/glance-mariadb-database.yaml rename to kustomize.example/glance/base/glance-mariadb-database.yaml diff --git a/kustomize/glance/base/glance-rabbitmq-queue.yaml b/kustomize.example/glance/base/glance-rabbitmq-queue.yaml similarity index 100% rename from kustomize/glance/base/glance-rabbitmq-queue.yaml rename to kustomize.example/glance/base/glance-rabbitmq-queue.yaml diff --git a/kustomize/glance/base/hpa-glance-api.yaml b/kustomize.example/glance/base/hpa-glance-api.yaml similarity index 100% rename from kustomize/glance/base/hpa-glance-api.yaml rename to kustomize.example/glance/base/hpa-glance-api.yaml diff --git a/kustomize/glance/base/kustomization.yaml b/kustomize.example/glance/base/kustomization.yaml similarity index 100% rename from kustomize/glance/base/kustomization.yaml rename to kustomize.example/glance/base/kustomization.yaml diff --git a/kustomize/glance/letsencrypt/kustomization.yaml b/kustomize.example/glance/letsencrypt/kustomization.yaml similarity index 100% rename from kustomize/glance/letsencrypt/kustomization.yaml rename to kustomize.example/glance/letsencrypt/kustomization.yaml diff --git a/kustomize/gnocchi/base/configmap-bin.yaml b/kustomize.example/gnocchi/base/configmap-bin.yaml similarity index 100% rename from kustomize/gnocchi/base/configmap-bin.yaml rename to kustomize.example/gnocchi/base/configmap-bin.yaml diff --git a/kustomize/gnocchi/base/gnocchi-temp-keyring.yaml b/kustomize.example/gnocchi/base/gnocchi-temp-keyring.yaml similarity index 100% rename from kustomize/gnocchi/base/gnocchi-temp-keyring.yaml rename to kustomize.example/gnocchi/base/gnocchi-temp-keyring.yaml diff --git a/kustomize/gnocchi/base/kustomization.yaml b/kustomize.example/gnocchi/base/kustomization.yaml similarity index 100% rename from kustomize/gnocchi/base/kustomization.yaml rename to kustomize.example/gnocchi/base/kustomization.yaml diff --git a/kustomize/grafana/base/azure-client-secret.yaml b/kustomize.example/grafana/base/azure-client-secret.yaml similarity index 100% rename from kustomize/grafana/base/azure-client-secret.yaml rename to kustomize.example/grafana/base/azure-client-secret.yaml diff --git a/kustomize/grafana/base/datasources.yaml b/kustomize.example/grafana/base/datasources.yaml similarity index 100% rename from kustomize/grafana/base/datasources.yaml rename to kustomize.example/grafana/base/datasources.yaml diff --git a/kustomize/grafana/base/example-cert.pem b/kustomize.example/grafana/base/example-cert.pem similarity index 100% rename from kustomize/grafana/base/example-cert.pem rename to kustomize.example/grafana/base/example-cert.pem diff --git a/kustomize/grafana/base/example-key.pem b/kustomize.example/grafana/base/example-key.pem similarity index 100% rename from kustomize/grafana/base/example-key.pem rename to kustomize.example/grafana/base/example-key.pem diff --git a/kustomize/grafana/base/grafana-database.yaml b/kustomize.example/grafana/base/grafana-database.yaml similarity index 100% rename from kustomize/grafana/base/grafana-database.yaml rename to kustomize.example/grafana/base/grafana-database.yaml diff --git a/kustomize/grafana/base/grafana-values.yaml b/kustomize.example/grafana/base/grafana-values.yaml similarity index 100% rename from kustomize/grafana/base/grafana-values.yaml rename to kustomize.example/grafana/base/grafana-values.yaml diff --git a/kustomize/grafana/base/kustomization.yaml b/kustomize.example/grafana/base/kustomization.yaml similarity index 100% rename from kustomize/grafana/base/kustomization.yaml rename to kustomize.example/grafana/base/kustomization.yaml diff --git a/kustomize/grafana/base/ns-grafana.yaml b/kustomize.example/grafana/base/ns-grafana.yaml similarity index 100% rename from kustomize/grafana/base/ns-grafana.yaml rename to kustomize.example/grafana/base/ns-grafana.yaml diff --git a/kustomize/heat/aio/kustomization.yaml b/kustomize.example/heat/aio/kustomization.yaml similarity index 100% rename from kustomize/heat/aio/kustomization.yaml rename to kustomize.example/heat/aio/kustomization.yaml diff --git a/kustomize/heat/base/heat-mariadb-database.yaml b/kustomize.example/heat/base/heat-mariadb-database.yaml similarity index 100% rename from kustomize/heat/base/heat-mariadb-database.yaml rename to kustomize.example/heat/base/heat-mariadb-database.yaml diff --git a/kustomize/heat/base/heat-rabbitmq-queue.yaml b/kustomize.example/heat/base/heat-rabbitmq-queue.yaml similarity index 100% rename from kustomize/heat/base/heat-rabbitmq-queue.yaml rename to kustomize.example/heat/base/heat-rabbitmq-queue.yaml diff --git a/kustomize/heat/base/hpa-heat-api.yaml b/kustomize.example/heat/base/hpa-heat-api.yaml similarity index 100% rename from kustomize/heat/base/hpa-heat-api.yaml rename to kustomize.example/heat/base/hpa-heat-api.yaml diff --git a/kustomize/heat/base/hpa-heat-cfn.yaml b/kustomize.example/heat/base/hpa-heat-cfn.yaml similarity index 100% rename from kustomize/heat/base/hpa-heat-cfn.yaml rename to kustomize.example/heat/base/hpa-heat-cfn.yaml diff --git a/kustomize/heat/base/hpa-heat-engine.yaml b/kustomize.example/heat/base/hpa-heat-engine.yaml similarity index 100% rename from kustomize/heat/base/hpa-heat-engine.yaml rename to kustomize.example/heat/base/hpa-heat-engine.yaml diff --git a/kustomize/heat/base/kustomization.yaml b/kustomize.example/heat/base/kustomization.yaml similarity index 100% rename from kustomize/heat/base/kustomization.yaml rename to kustomize.example/heat/base/kustomization.yaml diff --git a/kustomize/heat/letsencrypt/kustomization.yaml b/kustomize.example/heat/letsencrypt/kustomization.yaml similarity index 100% rename from kustomize/heat/letsencrypt/kustomization.yaml rename to kustomize.example/heat/letsencrypt/kustomization.yaml diff --git a/kustomize/horizon/aio/kustomization.yaml b/kustomize.example/horizon/aio/kustomization.yaml similarity index 100% rename from kustomize/horizon/aio/kustomization.yaml rename to kustomize.example/horizon/aio/kustomization.yaml diff --git a/kustomize/horizon/base/horizon-mariadb-database.yaml b/kustomize.example/horizon/base/horizon-mariadb-database.yaml similarity index 100% rename from kustomize/horizon/base/horizon-mariadb-database.yaml rename to kustomize.example/horizon/base/horizon-mariadb-database.yaml diff --git a/kustomize/horizon/base/hpa-horizon-api.yaml b/kustomize.example/horizon/base/hpa-horizon-api.yaml similarity index 100% rename from kustomize/horizon/base/hpa-horizon-api.yaml rename to kustomize.example/horizon/base/hpa-horizon-api.yaml diff --git a/kustomize/horizon/base/kustomization.yaml b/kustomize.example/horizon/base/kustomization.yaml similarity index 100% rename from kustomize/horizon/base/kustomization.yaml rename to kustomize.example/horizon/base/kustomization.yaml diff --git a/kustomize/horizon/letsencrypt/kustomization.yaml b/kustomize.example/horizon/letsencrypt/kustomization.yaml similarity index 100% rename from kustomize/horizon/letsencrypt/kustomization.yaml rename to kustomize.example/horizon/letsencrypt/kustomization.yaml diff --git a/kustomize/ingress/external/helm/ingress-helm-overrides.yaml b/kustomize.example/ingress/external/helm/ingress-helm-overrides.yaml similarity index 100% rename from kustomize/ingress/external/helm/ingress-helm-overrides.yaml rename to kustomize.example/ingress/external/helm/ingress-helm-overrides.yaml diff --git a/kustomize/ingress/external/kustomization.yaml b/kustomize.example/ingress/external/kustomization.yaml similarity index 100% rename from kustomize/ingress/external/kustomization.yaml rename to kustomize.example/ingress/external/kustomization.yaml diff --git a/kustomize/ingress/external/ns-ingress-nginx.yaml b/kustomize.example/ingress/external/ns-ingress-nginx.yaml similarity index 100% rename from kustomize/ingress/external/ns-ingress-nginx.yaml rename to kustomize.example/ingress/external/ns-ingress-nginx.yaml diff --git a/kustomize/ingress/internal/helm/ingress-helm-overrides.yaml b/kustomize.example/ingress/internal/helm/ingress-helm-overrides.yaml similarity index 100% rename from kustomize/ingress/internal/helm/ingress-helm-overrides.yaml rename to kustomize.example/ingress/internal/helm/ingress-helm-overrides.yaml diff --git a/kustomize/ingress/internal/kustomization.yaml b/kustomize.example/ingress/internal/kustomization.yaml similarity index 100% rename from kustomize/ingress/internal/kustomization.yaml rename to kustomize.example/ingress/internal/kustomization.yaml diff --git a/kustomize/k8s-dashboard/dashboard-rbac-default.yaml b/kustomize.example/k8s-dashboard/dashboard-rbac-default.yaml similarity index 100% rename from kustomize/k8s-dashboard/dashboard-rbac-default.yaml rename to kustomize.example/k8s-dashboard/dashboard-rbac-default.yaml diff --git a/kustomize/k8s-dashboard/kustomization.yaml b/kustomize.example/k8s-dashboard/kustomization.yaml similarity index 100% rename from kustomize/k8s-dashboard/kustomization.yaml rename to kustomize.example/k8s-dashboard/kustomization.yaml diff --git a/kustomize/keystone/aio/kustomization.yaml b/kustomize.example/keystone/aio/kustomization.yaml similarity index 100% rename from kustomize/keystone/aio/kustomization.yaml rename to kustomize.example/keystone/aio/kustomization.yaml diff --git a/kustomize/keystone/base/hpa-keystone-api.yaml b/kustomize.example/keystone/base/hpa-keystone-api.yaml similarity index 100% rename from kustomize/keystone/base/hpa-keystone-api.yaml rename to kustomize.example/keystone/base/hpa-keystone-api.yaml diff --git a/kustomize/keystone/base/keystone-mariadb-database.yaml b/kustomize.example/keystone/base/keystone-mariadb-database.yaml similarity index 100% rename from kustomize/keystone/base/keystone-mariadb-database.yaml rename to kustomize.example/keystone/base/keystone-mariadb-database.yaml diff --git a/kustomize/keystone/base/keystone-rabbitmq-queue.yaml b/kustomize.example/keystone/base/keystone-rabbitmq-queue.yaml similarity index 100% rename from kustomize/keystone/base/keystone-rabbitmq-queue.yaml rename to kustomize.example/keystone/base/keystone-rabbitmq-queue.yaml diff --git a/kustomize/keystone/base/kustomization.yaml b/kustomize.example/keystone/base/kustomization.yaml similarity index 100% rename from kustomize/keystone/base/kustomization.yaml rename to kustomize.example/keystone/base/kustomization.yaml diff --git a/kustomize/keystone/letsencrypt/kustomization.yaml b/kustomize.example/keystone/letsencrypt/kustomization.yaml similarity index 100% rename from kustomize/keystone/letsencrypt/kustomization.yaml rename to kustomize.example/keystone/letsencrypt/kustomization.yaml diff --git a/kustomize/kustomize.sh b/kustomize.example/kustomize.sh similarity index 100% rename from kustomize/kustomize.sh rename to kustomize.example/kustomize.sh diff --git a/kustomize/libvirt/helm/libvirt-helm-overrides.yaml b/kustomize.example/libvirt/helm/libvirt-helm-overrides.yaml similarity index 100% rename from kustomize/libvirt/helm/libvirt-helm-overrides.yaml rename to kustomize.example/libvirt/helm/libvirt-helm-overrides.yaml diff --git a/kustomize/libvirt/kustomization.yaml b/kustomize.example/libvirt/kustomization.yaml similarity index 100% rename from kustomize/libvirt/kustomization.yaml rename to kustomize.example/libvirt/kustomization.yaml diff --git a/kustomize/mariadb-cluster/aio/kustomization.yaml b/kustomize.example/mariadb-cluster/aio/kustomization.yaml similarity index 100% rename from kustomize/mariadb-cluster/aio/kustomization.yaml rename to kustomize.example/mariadb-cluster/aio/kustomization.yaml diff --git a/kustomize/mariadb-cluster/base/kustomization.yaml b/kustomize.example/mariadb-cluster/base/kustomization.yaml similarity index 100% rename from kustomize/mariadb-cluster/base/kustomization.yaml rename to kustomize.example/mariadb-cluster/base/kustomization.yaml diff --git a/kustomize/mariadb-cluster/base/mariadb-backup.yaml b/kustomize.example/mariadb-cluster/base/mariadb-backup.yaml similarity index 100% rename from kustomize/mariadb-cluster/base/mariadb-backup.yaml rename to kustomize.example/mariadb-cluster/base/mariadb-backup.yaml diff --git a/kustomize/mariadb-cluster/base/mariadb-configmap.yaml b/kustomize.example/mariadb-cluster/base/mariadb-configmap.yaml similarity index 100% rename from kustomize/mariadb-cluster/base/mariadb-configmap.yaml rename to kustomize.example/mariadb-cluster/base/mariadb-configmap.yaml diff --git a/kustomize/mariadb-cluster/base/mariadb-replication.yaml b/kustomize.example/mariadb-cluster/base/mariadb-replication.yaml similarity index 100% rename from kustomize/mariadb-cluster/base/mariadb-replication.yaml rename to kustomize.example/mariadb-cluster/base/mariadb-replication.yaml diff --git a/kustomize/mariadb-operator/kustomization.yaml b/kustomize.example/mariadb-operator/kustomization.yaml similarity index 100% rename from kustomize/mariadb-operator/kustomization.yaml rename to kustomize.example/mariadb-operator/kustomization.yaml diff --git a/kustomize/mariadb-operator/ns-mariadb.yaml b/kustomize.example/mariadb-operator/ns-mariadb.yaml similarity index 100% rename from kustomize/mariadb-operator/ns-mariadb.yaml rename to kustomize.example/mariadb-operator/ns-mariadb.yaml diff --git a/kustomize/memcached/aio/kustomization.yaml b/kustomize.example/memcached/aio/kustomization.yaml similarity index 100% rename from kustomize/memcached/aio/kustomization.yaml rename to kustomize.example/memcached/aio/kustomization.yaml diff --git a/kustomize/memcached/base-monitoring/kustomization.yaml b/kustomize.example/memcached/base-monitoring/kustomization.yaml similarity index 100% rename from kustomize/memcached/base-monitoring/kustomization.yaml rename to kustomize.example/memcached/base-monitoring/kustomization.yaml diff --git a/kustomize/memcached/base/kustomization.yaml b/kustomize.example/memcached/base/kustomization.yaml similarity index 100% rename from kustomize/memcached/base/kustomization.yaml rename to kustomize.example/memcached/base/kustomization.yaml diff --git a/kustomize/neutron/aio/kustomization.yaml b/kustomize.example/neutron/aio/kustomization.yaml similarity index 100% rename from kustomize/neutron/aio/kustomization.yaml rename to kustomize.example/neutron/aio/kustomization.yaml diff --git a/kustomize/neutron/base/hpa-neutron-server.yaml b/kustomize.example/neutron/base/hpa-neutron-server.yaml similarity index 100% rename from kustomize/neutron/base/hpa-neutron-server.yaml rename to kustomize.example/neutron/base/hpa-neutron-server.yaml diff --git a/kustomize/neutron/base/kustomization.yaml b/kustomize.example/neutron/base/kustomization.yaml similarity index 100% rename from kustomize/neutron/base/kustomization.yaml rename to kustomize.example/neutron/base/kustomization.yaml diff --git a/kustomize/neutron/base/neutron-mariadb-database.yaml b/kustomize.example/neutron/base/neutron-mariadb-database.yaml similarity index 100% rename from kustomize/neutron/base/neutron-mariadb-database.yaml rename to kustomize.example/neutron/base/neutron-mariadb-database.yaml diff --git a/kustomize/neutron/base/neutron-rabbitmq-queue.yaml b/kustomize.example/neutron/base/neutron-rabbitmq-queue.yaml similarity index 100% rename from kustomize/neutron/base/neutron-rabbitmq-queue.yaml rename to kustomize.example/neutron/base/neutron-rabbitmq-queue.yaml diff --git a/kustomize/neutron/letsencrypt/kustomization.yaml b/kustomize.example/neutron/letsencrypt/kustomization.yaml similarity index 100% rename from kustomize/neutron/letsencrypt/kustomization.yaml rename to kustomize.example/neutron/letsencrypt/kustomization.yaml diff --git a/kustomize/nova/aio/kustomization.yaml b/kustomize.example/nova/aio/kustomization.yaml similarity index 100% rename from kustomize/nova/aio/kustomization.yaml rename to kustomize.example/nova/aio/kustomization.yaml diff --git a/kustomize/nova/base/hpa-nova-api-metadata.yaml b/kustomize.example/nova/base/hpa-nova-api-metadata.yaml similarity index 100% rename from kustomize/nova/base/hpa-nova-api-metadata.yaml rename to kustomize.example/nova/base/hpa-nova-api-metadata.yaml diff --git a/kustomize/nova/base/hpa-nova-api-osapi.yaml b/kustomize.example/nova/base/hpa-nova-api-osapi.yaml similarity index 100% rename from kustomize/nova/base/hpa-nova-api-osapi.yaml rename to kustomize.example/nova/base/hpa-nova-api-osapi.yaml diff --git a/kustomize/nova/base/hpa-nova-conductor.yaml b/kustomize.example/nova/base/hpa-nova-conductor.yaml similarity index 100% rename from kustomize/nova/base/hpa-nova-conductor.yaml rename to kustomize.example/nova/base/hpa-nova-conductor.yaml diff --git a/kustomize/nova/base/hpa-nova-novncproxy.yaml b/kustomize.example/nova/base/hpa-nova-novncproxy.yaml similarity index 100% rename from kustomize/nova/base/hpa-nova-novncproxy.yaml rename to kustomize.example/nova/base/hpa-nova-novncproxy.yaml diff --git a/kustomize/nova/base/hpa-nova-scheduler.yaml b/kustomize.example/nova/base/hpa-nova-scheduler.yaml similarity index 100% rename from kustomize/nova/base/hpa-nova-scheduler.yaml rename to kustomize.example/nova/base/hpa-nova-scheduler.yaml diff --git a/kustomize/nova/base/kustomization.yaml b/kustomize.example/nova/base/kustomization.yaml similarity index 100% rename from kustomize/nova/base/kustomization.yaml rename to kustomize.example/nova/base/kustomization.yaml diff --git a/kustomize/nova/base/nova-mariadb-database.yaml b/kustomize.example/nova/base/nova-mariadb-database.yaml similarity index 100% rename from kustomize/nova/base/nova-mariadb-database.yaml rename to kustomize.example/nova/base/nova-mariadb-database.yaml diff --git a/kustomize/nova/base/nova-rabbitmq-queue.yaml b/kustomize.example/nova/base/nova-rabbitmq-queue.yaml similarity index 100% rename from kustomize/nova/base/nova-rabbitmq-queue.yaml rename to kustomize.example/nova/base/nova-rabbitmq-queue.yaml diff --git a/kustomize/nova/letsencrypt/kustomization.yaml b/kustomize.example/nova/letsencrypt/kustomization.yaml similarity index 100% rename from kustomize/nova/letsencrypt/kustomization.yaml rename to kustomize.example/nova/letsencrypt/kustomization.yaml diff --git a/kustomize/octavia/aio/kustomization.yaml b/kustomize.example/octavia/aio/kustomization.yaml similarity index 100% rename from kustomize/octavia/aio/kustomization.yaml rename to kustomize.example/octavia/aio/kustomization.yaml diff --git a/kustomize/octavia/base/hpa-octavia-api.yaml b/kustomize.example/octavia/base/hpa-octavia-api.yaml similarity index 100% rename from kustomize/octavia/base/hpa-octavia-api.yaml rename to kustomize.example/octavia/base/hpa-octavia-api.yaml diff --git a/kustomize/octavia/base/hpa-octavia-worker.yaml b/kustomize.example/octavia/base/hpa-octavia-worker.yaml similarity index 100% rename from kustomize/octavia/base/hpa-octavia-worker.yaml rename to kustomize.example/octavia/base/hpa-octavia-worker.yaml diff --git a/kustomize/octavia/base/kustomization.yaml b/kustomize.example/octavia/base/kustomization.yaml similarity index 100% rename from kustomize/octavia/base/kustomization.yaml rename to kustomize.example/octavia/base/kustomization.yaml diff --git a/kustomize/octavia/base/octavia-agent.yaml b/kustomize.example/octavia/base/octavia-agent.yaml similarity index 100% rename from kustomize/octavia/base/octavia-agent.yaml rename to kustomize.example/octavia/base/octavia-agent.yaml diff --git a/kustomize/octavia/base/octavia-mariadb-database.yaml b/kustomize.example/octavia/base/octavia-mariadb-database.yaml similarity index 100% rename from kustomize/octavia/base/octavia-mariadb-database.yaml rename to kustomize.example/octavia/base/octavia-mariadb-database.yaml diff --git a/kustomize/octavia/base/octavia-rabbitmq-queue.yaml b/kustomize.example/octavia/base/octavia-rabbitmq-queue.yaml similarity index 100% rename from kustomize/octavia/base/octavia-rabbitmq-queue.yaml rename to kustomize.example/octavia/base/octavia-rabbitmq-queue.yaml diff --git a/kustomize/octavia/letsencrypt/kustomization.yaml b/kustomize.example/octavia/letsencrypt/kustomization.yaml similarity index 100% rename from kustomize/octavia/letsencrypt/kustomization.yaml rename to kustomize.example/octavia/letsencrypt/kustomization.yaml diff --git a/kustomize/openstack/issuer-kube-system-selfsigned.yaml b/kustomize.example/openstack/issuer-kube-system-selfsigned.yaml similarity index 100% rename from kustomize/openstack/issuer-kube-system-selfsigned.yaml rename to kustomize.example/openstack/issuer-kube-system-selfsigned.yaml diff --git a/kustomize/openstack/kustomization.yaml b/kustomize.example/openstack/kustomization.yaml similarity index 100% rename from kustomize/openstack/kustomization.yaml rename to kustomize.example/openstack/kustomization.yaml diff --git a/kustomize/openstack/ns-openstack.yaml b/kustomize.example/openstack/ns-openstack.yaml similarity index 100% rename from kustomize/openstack/ns-openstack.yaml rename to kustomize.example/openstack/ns-openstack.yaml diff --git a/kustomize/ovn/kustomization.yaml b/kustomize.example/ovn/kustomization.yaml similarity index 100% rename from kustomize/ovn/kustomization.yaml rename to kustomize.example/ovn/kustomization.yaml diff --git a/kustomize/ovn/ovn-backup/kustomization.yaml b/kustomize.example/ovn/ovn-backup/kustomization.yaml similarity index 100% rename from kustomize/ovn/ovn-backup/kustomization.yaml rename to kustomize.example/ovn/ovn-backup/kustomization.yaml diff --git a/kustomize/ovn/ovn-backup/ovn-backup.config b/kustomize.example/ovn/ovn-backup/ovn-backup.config similarity index 100% rename from kustomize/ovn/ovn-backup/ovn-backup.config rename to kustomize.example/ovn/ovn-backup/ovn-backup.config diff --git a/kustomize/ovn/ovn-backup/ovn-backup.sh b/kustomize.example/ovn/ovn-backup/ovn-backup.sh similarity index 100% rename from kustomize/ovn/ovn-backup/ovn-backup.sh rename to kustomize.example/ovn/ovn-backup/ovn-backup.sh diff --git a/kustomize/ovn/ovn-backup/ovn-backup.yaml b/kustomize.example/ovn/ovn-backup/ovn-backup.yaml similarity index 100% rename from kustomize/ovn/ovn-backup/ovn-backup.yaml rename to kustomize.example/ovn/ovn-backup/ovn-backup.yaml diff --git a/kustomize/ovn/ovn-backup/swift-tempauth.env b/kustomize.example/ovn/ovn-backup/swift-tempauth.env similarity index 100% rename from kustomize/ovn/ovn-backup/swift-tempauth.env rename to kustomize.example/ovn/ovn-backup/swift-tempauth.env diff --git a/kustomize/ovn/ovn-setup.yaml b/kustomize.example/ovn/ovn-setup.yaml similarity index 100% rename from kustomize/ovn/ovn-setup.yaml rename to kustomize.example/ovn/ovn-setup.yaml diff --git a/kustomize/placement/aio/kustomization.yaml b/kustomize.example/placement/aio/kustomization.yaml similarity index 100% rename from kustomize/placement/aio/kustomization.yaml rename to kustomize.example/placement/aio/kustomization.yaml diff --git a/kustomize/placement/base/hpa-placement-api.yaml b/kustomize.example/placement/base/hpa-placement-api.yaml similarity index 100% rename from kustomize/placement/base/hpa-placement-api.yaml rename to kustomize.example/placement/base/hpa-placement-api.yaml diff --git a/kustomize/placement/base/kustomization.yaml b/kustomize.example/placement/base/kustomization.yaml similarity index 100% rename from kustomize/placement/base/kustomization.yaml rename to kustomize.example/placement/base/kustomization.yaml diff --git a/kustomize/placement/base/placement-mariadb-database.yaml b/kustomize.example/placement/base/placement-mariadb-database.yaml similarity index 100% rename from kustomize/placement/base/placement-mariadb-database.yaml rename to kustomize.example/placement/base/placement-mariadb-database.yaml diff --git a/kustomize/placement/letsencrypt/kustomization.yaml b/kustomize.example/placement/letsencrypt/kustomization.yaml similarity index 100% rename from kustomize/placement/letsencrypt/kustomization.yaml rename to kustomize.example/placement/letsencrypt/kustomization.yaml diff --git a/kustomize/prometheus-blackbox-exporter/kustomization.yaml b/kustomize.example/prometheus-blackbox-exporter/kustomization.yaml similarity index 100% rename from kustomize/prometheus-blackbox-exporter/kustomization.yaml rename to kustomize.example/prometheus-blackbox-exporter/kustomization.yaml diff --git a/kustomize/prometheus-blackbox-exporter/probe_targets.yaml b/kustomize.example/prometheus-blackbox-exporter/probe_targets.yaml similarity index 100% rename from kustomize/prometheus-blackbox-exporter/probe_targets.yaml rename to kustomize.example/prometheus-blackbox-exporter/probe_targets.yaml diff --git a/kustomize/prometheus-blackbox-exporter/values.yaml b/kustomize.example/prometheus-blackbox-exporter/values.yaml similarity index 100% rename from kustomize/prometheus-blackbox-exporter/values.yaml rename to kustomize.example/prometheus-blackbox-exporter/values.yaml diff --git a/kustomize/prometheus-mysql-exporter/kustomization.yaml b/kustomize.example/prometheus-mysql-exporter/kustomization.yaml similarity index 100% rename from kustomize/prometheus-mysql-exporter/kustomization.yaml rename to kustomize.example/prometheus-mysql-exporter/kustomization.yaml diff --git a/kustomize/prometheus-mysql-exporter/monitoring_user_create.yaml b/kustomize.example/prometheus-mysql-exporter/monitoring_user_create.yaml similarity index 100% rename from kustomize/prometheus-mysql-exporter/monitoring_user_create.yaml rename to kustomize.example/prometheus-mysql-exporter/monitoring_user_create.yaml diff --git a/kustomize/prometheus-mysql-exporter/monitoring_user_grant.yaml b/kustomize.example/prometheus-mysql-exporter/monitoring_user_grant.yaml similarity index 100% rename from kustomize/prometheus-mysql-exporter/monitoring_user_grant.yaml rename to kustomize.example/prometheus-mysql-exporter/monitoring_user_grant.yaml diff --git a/kustomize/prometheus-mysql-exporter/values.yaml b/kustomize.example/prometheus-mysql-exporter/values.yaml similarity index 100% rename from kustomize/prometheus-mysql-exporter/values.yaml rename to kustomize.example/prometheus-mysql-exporter/values.yaml diff --git a/kustomize/prometheus-ovn/cni-monitor.yaml b/kustomize.example/prometheus-ovn/cni-monitor.yaml similarity index 100% rename from kustomize/prometheus-ovn/cni-monitor.yaml rename to kustomize.example/prometheus-ovn/cni-monitor.yaml diff --git a/kustomize/prometheus-ovn/controller-monitor.yaml b/kustomize.example/prometheus-ovn/controller-monitor.yaml similarity index 100% rename from kustomize/prometheus-ovn/controller-monitor.yaml rename to kustomize.example/prometheus-ovn/controller-monitor.yaml diff --git a/kustomize/prometheus-ovn/ovn-monitor.yaml b/kustomize.example/prometheus-ovn/ovn-monitor.yaml similarity index 100% rename from kustomize/prometheus-ovn/ovn-monitor.yaml rename to kustomize.example/prometheus-ovn/ovn-monitor.yaml diff --git a/kustomize/prometheus-ovn/pinger-monitor.yaml b/kustomize.example/prometheus-ovn/pinger-monitor.yaml similarity index 100% rename from kustomize/prometheus-ovn/pinger-monitor.yaml rename to kustomize.example/prometheus-ovn/pinger-monitor.yaml diff --git a/kustomize/prometheus-postgres-exporter/kustomization.yaml b/kustomize.example/prometheus-postgres-exporter/kustomization.yaml similarity index 100% rename from kustomize/prometheus-postgres-exporter/kustomization.yaml rename to kustomize.example/prometheus-postgres-exporter/kustomization.yaml diff --git a/kustomize/prometheus-postgres-exporter/values.yaml b/kustomize.example/prometheus-postgres-exporter/values.yaml similarity index 100% rename from kustomize/prometheus-postgres-exporter/values.yaml rename to kustomize.example/prometheus-postgres-exporter/values.yaml diff --git a/kustomize/prometheus-rabbitmq-exporter/kustomization.yaml b/kustomize.example/prometheus-rabbitmq-exporter/kustomization.yaml similarity index 100% rename from kustomize/prometheus-rabbitmq-exporter/kustomization.yaml rename to kustomize.example/prometheus-rabbitmq-exporter/kustomization.yaml diff --git a/kustomize/prometheus-rabbitmq-exporter/values.yaml b/kustomize.example/prometheus-rabbitmq-exporter/values.yaml similarity index 100% rename from kustomize/prometheus-rabbitmq-exporter/values.yaml rename to kustomize.example/prometheus-rabbitmq-exporter/values.yaml diff --git a/kustomize/prometheus/alerting_rules.yaml b/kustomize.example/prometheus/alerting_rules.yaml similarity index 100% rename from kustomize/prometheus/alerting_rules.yaml rename to kustomize.example/prometheus/alerting_rules.yaml diff --git a/kustomize/prometheus/alertmanager_config.yaml b/kustomize.example/prometheus/alertmanager_config.yaml similarity index 100% rename from kustomize/prometheus/alertmanager_config.yaml rename to kustomize.example/prometheus/alertmanager_config.yaml diff --git a/kustomize/prometheus/kustomization.yaml b/kustomize.example/prometheus/kustomization.yaml similarity index 100% rename from kustomize/prometheus/kustomization.yaml rename to kustomize.example/prometheus/kustomization.yaml diff --git a/kustomize/prometheus/ns-prometheus.yaml b/kustomize.example/prometheus/ns-prometheus.yaml similarity index 100% rename from kustomize/prometheus/ns-prometheus.yaml rename to kustomize.example/prometheus/ns-prometheus.yaml diff --git a/kustomize/prometheus/values.yaml b/kustomize.example/prometheus/values.yaml similarity index 100% rename from kustomize/prometheus/values.yaml rename to kustomize.example/prometheus/values.yaml diff --git a/kustomize/rabbitmq-cluster/aio/kustomization.yaml b/kustomize.example/rabbitmq-cluster/aio/kustomization.yaml similarity index 100% rename from kustomize/rabbitmq-cluster/aio/kustomization.yaml rename to kustomize.example/rabbitmq-cluster/aio/kustomization.yaml diff --git a/kustomize/rabbitmq-cluster/base/kustomization.yaml b/kustomize.example/rabbitmq-cluster/base/kustomization.yaml similarity index 100% rename from kustomize/rabbitmq-cluster/base/kustomization.yaml rename to kustomize.example/rabbitmq-cluster/base/kustomization.yaml diff --git a/kustomize/rabbitmq-cluster/base/rabbitmq-cluster.yaml b/kustomize.example/rabbitmq-cluster/base/rabbitmq-cluster.yaml similarity index 100% rename from kustomize/rabbitmq-cluster/base/rabbitmq-cluster.yaml rename to kustomize.example/rabbitmq-cluster/base/rabbitmq-cluster.yaml diff --git a/kustomize/rabbitmq-operator/cluster-operator.yaml b/kustomize.example/rabbitmq-operator/cluster-operator.yaml similarity index 100% rename from kustomize/rabbitmq-operator/cluster-operator.yaml rename to kustomize.example/rabbitmq-operator/cluster-operator.yaml diff --git a/kustomize/rabbitmq-operator/kustomization.yaml b/kustomize.example/rabbitmq-operator/kustomization.yaml similarity index 100% rename from kustomize/rabbitmq-operator/kustomization.yaml rename to kustomize.example/rabbitmq-operator/kustomization.yaml diff --git a/kustomize/rabbitmq-topology-operator/kustomization.yaml b/kustomize.example/rabbitmq-topology-operator/kustomization.yaml similarity index 100% rename from kustomize/rabbitmq-topology-operator/kustomization.yaml rename to kustomize.example/rabbitmq-topology-operator/kustomization.yaml diff --git a/kustomize/rabbitmq-topology-operator/messaging-topology-operator-with-certmanager.yaml b/kustomize.example/rabbitmq-topology-operator/messaging-topology-operator-with-certmanager.yaml similarity index 100% rename from kustomize/rabbitmq-topology-operator/messaging-topology-operator-with-certmanager.yaml rename to kustomize.example/rabbitmq-topology-operator/messaging-topology-operator-with-certmanager.yaml diff --git a/kustomize/rook-cluster-external-pvc/cluster-on-pvc.yaml b/kustomize.example/rook-cluster-external-pvc/cluster-on-pvc.yaml similarity index 100% rename from kustomize/rook-cluster-external-pvc/cluster-on-pvc.yaml rename to kustomize.example/rook-cluster-external-pvc/cluster-on-pvc.yaml diff --git a/kustomize/rook-cluster-external-pvc/kustomization.yaml b/kustomize.example/rook-cluster-external-pvc/kustomization.yaml similarity index 100% rename from kustomize/rook-cluster-external-pvc/kustomization.yaml rename to kustomize.example/rook-cluster-external-pvc/kustomization.yaml diff --git a/kustomize/rook-cluster-external-pvc/toolbox.yaml b/kustomize.example/rook-cluster-external-pvc/toolbox.yaml similarity index 100% rename from kustomize/rook-cluster-external-pvc/toolbox.yaml rename to kustomize.example/rook-cluster-external-pvc/toolbox.yaml diff --git a/kustomize/rook-cluster/kustomization.yaml b/kustomize.example/rook-cluster/kustomization.yaml similarity index 100% rename from kustomize/rook-cluster/kustomization.yaml rename to kustomize.example/rook-cluster/kustomization.yaml diff --git a/kustomize/rook-cluster/rook-cluster.yaml b/kustomize.example/rook-cluster/rook-cluster.yaml similarity index 100% rename from kustomize/rook-cluster/rook-cluster.yaml rename to kustomize.example/rook-cluster/rook-cluster.yaml diff --git a/kustomize/rook-cluster/toolbox.yaml b/kustomize.example/rook-cluster/toolbox.yaml similarity index 100% rename from kustomize/rook-cluster/toolbox.yaml rename to kustomize.example/rook-cluster/toolbox.yaml diff --git a/kustomize/rook-defaults-external-pvc/filesystem.yaml b/kustomize.example/rook-defaults-external-pvc/filesystem.yaml similarity index 100% rename from kustomize/rook-defaults-external-pvc/filesystem.yaml rename to kustomize.example/rook-defaults-external-pvc/filesystem.yaml diff --git a/kustomize/rook-defaults-external-pvc/kustomization.yaml b/kustomize.example/rook-defaults-external-pvc/kustomization.yaml similarity index 100% rename from kustomize/rook-defaults-external-pvc/kustomization.yaml rename to kustomize.example/rook-defaults-external-pvc/kustomization.yaml diff --git a/kustomize/rook-defaults-external-pvc/storageclass-cephfs.yaml b/kustomize.example/rook-defaults-external-pvc/storageclass-cephfs.yaml similarity index 100% rename from kustomize/rook-defaults-external-pvc/storageclass-cephfs.yaml rename to kustomize.example/rook-defaults-external-pvc/storageclass-cephfs.yaml diff --git a/kustomize/rook-defaults/filesystem.yaml b/kustomize.example/rook-defaults/filesystem.yaml similarity index 100% rename from kustomize/rook-defaults/filesystem.yaml rename to kustomize.example/rook-defaults/filesystem.yaml diff --git a/kustomize/rook-defaults/kustomization.yaml b/kustomize.example/rook-defaults/kustomization.yaml similarity index 100% rename from kustomize/rook-defaults/kustomization.yaml rename to kustomize.example/rook-defaults/kustomization.yaml diff --git a/kustomize/rook-defaults/storageclass-cephfs.yaml b/kustomize.example/rook-defaults/storageclass-cephfs.yaml similarity index 100% rename from kustomize/rook-defaults/storageclass-cephfs.yaml rename to kustomize.example/rook-defaults/storageclass-cephfs.yaml diff --git a/kustomize/rook-defaults/storageclass-general.yaml b/kustomize.example/rook-defaults/storageclass-general.yaml similarity index 100% rename from kustomize/rook-defaults/storageclass-general.yaml rename to kustomize.example/rook-defaults/storageclass-general.yaml diff --git a/kustomize/rook-defaults/storageclass-rbd.yaml b/kustomize.example/rook-defaults/storageclass-rbd.yaml similarity index 100% rename from kustomize/rook-defaults/storageclass-rbd.yaml rename to kustomize.example/rook-defaults/storageclass-rbd.yaml diff --git a/kustomize/rook-operator/common.yaml b/kustomize.example/rook-operator/common.yaml similarity index 100% rename from kustomize/rook-operator/common.yaml rename to kustomize.example/rook-operator/common.yaml diff --git a/kustomize/rook-operator/crds.yaml b/kustomize.example/rook-operator/crds.yaml similarity index 100% rename from kustomize/rook-operator/crds.yaml rename to kustomize.example/rook-operator/crds.yaml diff --git a/kustomize/rook-operator/kustomization.yaml b/kustomize.example/rook-operator/kustomization.yaml similarity index 100% rename from kustomize/rook-operator/kustomization.yaml rename to kustomize.example/rook-operator/kustomization.yaml diff --git a/kustomize/rook-operator/operator.yaml b/kustomize.example/rook-operator/operator.yaml similarity index 100% rename from kustomize/rook-operator/operator.yaml rename to kustomize.example/rook-operator/operator.yaml diff --git a/kustomize/sealed-secrets/base/kustomization.yaml b/kustomize.example/sealed-secrets/base/kustomization.yaml similarity index 100% rename from kustomize/sealed-secrets/base/kustomization.yaml rename to kustomize.example/sealed-secrets/base/kustomization.yaml diff --git a/kustomize/sealed-secrets/base/namespace.yaml b/kustomize.example/sealed-secrets/base/namespace.yaml similarity index 100% rename from kustomize/sealed-secrets/base/namespace.yaml rename to kustomize.example/sealed-secrets/base/namespace.yaml diff --git a/kustomize/sealed-secrets/base/values.yaml b/kustomize.example/sealed-secrets/base/values.yaml similarity index 100% rename from kustomize/sealed-secrets/base/values.yaml rename to kustomize.example/sealed-secrets/base/values.yaml diff --git a/kustomize/skyline/aio/kustomization.yaml b/kustomize.example/skyline/aio/kustomization.yaml similarity index 100% rename from kustomize/skyline/aio/kustomization.yaml rename to kustomize.example/skyline/aio/kustomization.yaml diff --git a/kustomize/skyline/base/configmap-bin.yaml b/kustomize.example/skyline/base/configmap-bin.yaml similarity index 100% rename from kustomize/skyline/base/configmap-bin.yaml rename to kustomize.example/skyline/base/configmap-bin.yaml diff --git a/kustomize/skyline/base/deployment-apiserver.yaml b/kustomize.example/skyline/base/deployment-apiserver.yaml similarity index 100% rename from kustomize/skyline/base/deployment-apiserver.yaml rename to kustomize.example/skyline/base/deployment-apiserver.yaml diff --git a/kustomize/skyline/base/hpa-skyline-apiserver.yaml b/kustomize.example/skyline/base/hpa-skyline-apiserver.yaml similarity index 100% rename from kustomize/skyline/base/hpa-skyline-apiserver.yaml rename to kustomize.example/skyline/base/hpa-skyline-apiserver.yaml diff --git a/kustomize/skyline/base/ingress-apiserver.yaml b/kustomize.example/skyline/base/ingress-apiserver.yaml similarity index 100% rename from kustomize/skyline/base/ingress-apiserver.yaml rename to kustomize.example/skyline/base/ingress-apiserver.yaml diff --git a/kustomize/skyline/base/kustomization.yaml b/kustomize.example/skyline/base/kustomization.yaml similarity index 100% rename from kustomize/skyline/base/kustomization.yaml rename to kustomize.example/skyline/base/kustomization.yaml diff --git a/kustomize/skyline/base/pdb-apiserver.yaml b/kustomize.example/skyline/base/pdb-apiserver.yaml similarity index 100% rename from kustomize/skyline/base/pdb-apiserver.yaml rename to kustomize.example/skyline/base/pdb-apiserver.yaml diff --git a/kustomize/skyline/base/services.yaml b/kustomize.example/skyline/base/services.yaml similarity index 100% rename from kustomize/skyline/base/services.yaml rename to kustomize.example/skyline/base/services.yaml diff --git a/kustomize/skyline/base/skyline-mariadb-database.yaml b/kustomize.example/skyline/base/skyline-mariadb-database.yaml similarity index 100% rename from kustomize/skyline/base/skyline-mariadb-database.yaml rename to kustomize.example/skyline/base/skyline-mariadb-database.yaml diff --git a/kustomize/skyline/fqdn/kustomization.yaml b/kustomize.example/skyline/fqdn/kustomization.yaml similarity index 100% rename from kustomize/skyline/fqdn/kustomization.yaml rename to kustomize.example/skyline/fqdn/kustomization.yaml diff --git a/kustomize/skyline/letsencrypt/kustomization.yaml b/kustomize.example/skyline/letsencrypt/kustomization.yaml similarity index 100% rename from kustomize/skyline/letsencrypt/kustomization.yaml rename to kustomize.example/skyline/letsencrypt/kustomization.yaml diff --git a/kustomize/topolvm/general/kustomization.yaml b/kustomize.example/topolvm/general/kustomization.yaml similarity index 100% rename from kustomize/topolvm/general/kustomization.yaml rename to kustomize.example/topolvm/general/kustomization.yaml diff --git a/kustomize/topolvm/general/ns-topolvm.yaml b/kustomize.example/topolvm/general/ns-topolvm.yaml similarity index 100% rename from kustomize/topolvm/general/ns-topolvm.yaml rename to kustomize.example/topolvm/general/ns-topolvm.yaml diff --git a/kustomize/vault-secrets-operator/base/kustomization.yaml b/kustomize.example/vault-secrets-operator/base/kustomization.yaml similarity index 100% rename from kustomize/vault-secrets-operator/base/kustomization.yaml rename to kustomize.example/vault-secrets-operator/base/kustomization.yaml diff --git a/kustomize/vault-secrets-operator/base/namespace.yaml b/kustomize.example/vault-secrets-operator/base/namespace.yaml similarity index 100% rename from kustomize/vault-secrets-operator/base/namespace.yaml rename to kustomize.example/vault-secrets-operator/base/namespace.yaml diff --git a/kustomize/vault-secrets-operator/base/values.yaml b/kustomize.example/vault-secrets-operator/base/values.yaml similarity index 100% rename from kustomize/vault-secrets-operator/base/values.yaml rename to kustomize.example/vault-secrets-operator/base/values.yaml diff --git a/kustomize/vault/base/kustomization.yaml b/kustomize.example/vault/base/kustomization.yaml similarity index 100% rename from kustomize/vault/base/kustomization.yaml rename to kustomize.example/vault/base/kustomization.yaml diff --git a/kustomize/vault/base/local_storage/kustomization.yaml b/kustomize.example/vault/base/local_storage/kustomization.yaml similarity index 100% rename from kustomize/vault/base/local_storage/kustomization.yaml rename to kustomize.example/vault/base/local_storage/kustomization.yaml diff --git a/kustomize/vault/base/local_storage/local_sc.yaml b/kustomize.example/vault/base/local_storage/local_sc.yaml similarity index 100% rename from kustomize/vault/base/local_storage/local_sc.yaml rename to kustomize.example/vault/base/local_storage/local_sc.yaml diff --git a/kustomize/vault/base/local_storage/vault-dwpp.yaml b/kustomize.example/vault/base/local_storage/vault-dwpp.yaml similarity index 100% rename from kustomize/vault/base/local_storage/vault-dwpp.yaml rename to kustomize.example/vault/base/local_storage/vault-dwpp.yaml diff --git a/kustomize/vault/base/local_storage/vault-fezz.yaml b/kustomize.example/vault/base/local_storage/vault-fezz.yaml similarity index 100% rename from kustomize/vault/base/local_storage/vault-fezz.yaml rename to kustomize.example/vault/base/local_storage/vault-fezz.yaml diff --git a/kustomize/vault/base/local_storage/vault-hprr.yaml b/kustomize.example/vault/base/local_storage/vault-hprr.yaml similarity index 100% rename from kustomize/vault/base/local_storage/vault-hprr.yaml rename to kustomize.example/vault/base/local_storage/vault-hprr.yaml diff --git a/kustomize/vault/base/local_storage/vault-jyff.yaml b/kustomize.example/vault/base/local_storage/vault-jyff.yaml similarity index 100% rename from kustomize/vault/base/local_storage/vault-jyff.yaml rename to kustomize.example/vault/base/local_storage/vault-jyff.yaml diff --git a/kustomize/vault/base/local_storage/vault-ktpw.yaml b/kustomize.example/vault/base/local_storage/vault-ktpw.yaml similarity index 100% rename from kustomize/vault/base/local_storage/vault-ktpw.yaml rename to kustomize.example/vault/base/local_storage/vault-ktpw.yaml diff --git a/kustomize/vault/base/local_storage/vault-uqhy.yaml b/kustomize.example/vault/base/local_storage/vault-uqhy.yaml similarity index 100% rename from kustomize/vault/base/local_storage/vault-uqhy.yaml rename to kustomize.example/vault/base/local_storage/vault-uqhy.yaml diff --git a/kustomize/vault/base/namespace.yaml b/kustomize.example/vault/base/namespace.yaml similarity index 100% rename from kustomize/vault/base/namespace.yaml rename to kustomize.example/vault/base/namespace.yaml diff --git a/kustomize/vault/base/ssl/kustomization.yaml b/kustomize.example/vault/base/ssl/kustomization.yaml similarity index 100% rename from kustomize/vault/base/ssl/kustomization.yaml rename to kustomize.example/vault/base/ssl/kustomization.yaml diff --git a/kustomize/vault/base/ssl/vault-ca-issuer.yaml b/kustomize.example/vault/base/ssl/vault-ca-issuer.yaml similarity index 100% rename from kustomize/vault/base/ssl/vault-ca-issuer.yaml rename to kustomize.example/vault/base/ssl/vault-ca-issuer.yaml diff --git a/kustomize/vault/base/ssl/vault-cert.yaml b/kustomize.example/vault/base/ssl/vault-cert.yaml similarity index 100% rename from kustomize/vault/base/ssl/vault-cert.yaml rename to kustomize.example/vault/base/ssl/vault-cert.yaml diff --git a/kustomize/vault/base/ssl/vault-selfsigned-ca.yaml b/kustomize.example/vault/base/ssl/vault-selfsigned-ca.yaml similarity index 100% rename from kustomize/vault/base/ssl/vault-selfsigned-ca.yaml rename to kustomize.example/vault/base/ssl/vault-selfsigned-ca.yaml diff --git a/kustomize/vault/base/ssl/vault-selfsigned-issuer.yaml b/kustomize.example/vault/base/ssl/vault-selfsigned-issuer.yaml similarity index 100% rename from kustomize/vault/base/ssl/vault-selfsigned-issuer.yaml rename to kustomize.example/vault/base/ssl/vault-selfsigned-issuer.yaml diff --git a/kustomize/vault/base/values.yaml b/kustomize.example/vault/base/values.yaml similarity index 100% rename from kustomize/vault/base/values.yaml rename to kustomize.example/vault/base/values.yaml From ac18b6da0d3cb9c09f3818a9af6321614bd2bc32 Mon Sep 17 00:00:00 2001 From: aedan Date: Thu, 27 Jun 2024 16:17:18 -0500 Subject: [PATCH 10/20] Had to correct some of the docs --- docs/infrastructure-namespace.md | 14 ++++++++++++++ docs/infrastructure-postgresql.md | 2 +- docs/openstack-ceilometer.md | 2 +- docs/openstack-cinder.md | 2 +- docs/openstack-compute-kit.md | 2 +- docs/openstack-glance.md | 2 +- docs/openstack-gnocchi.md | 2 +- docs/openstack-heat.md | 2 +- docs/openstack-horizon.md | 2 +- docs/openstack-keystone.md | 2 +- docs/openstack-octavia.md | 2 +- docs/openstack-skyline.md | 2 +- 12 files changed, 25 insertions(+), 11 deletions(-) diff --git a/docs/infrastructure-namespace.md b/docs/infrastructure-namespace.md index 21b5eea4..9ae09554 100644 --- a/docs/infrastructure-namespace.md +++ b/docs/infrastructure-namespace.md @@ -5,3 +5,17 @@ The following command will generate our OpenStack namespace and ensure we have e ``` shell kubectl apply -k /opt/genestack/kustomize/openstack ``` + +Then you can create all needed secrets by running the create-secrets.sh command located in /opt/genestack/bin + +``` shell +/opt/genestack/bin/create-secrets.sh +``` + +That will create a secrets.yaml file located in /etc/genestack + +You can then apply them to kubernetes with the following command: + +``` shell +kubectl apply -f /etc/genestack/secrets.yaml -n openstack +``` diff --git a/docs/infrastructure-postgresql.md b/docs/infrastructure-postgresql.md index 189e65a0..d28d30fd 100644 --- a/docs/infrastructure-postgresql.md +++ b/docs/infrastructure-postgresql.md @@ -3,7 +3,7 @@ ## Create Secrets !!! info -This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin + This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ``` shell kubectl --namespace openstack create secret generic postgresql-identity-admin \ diff --git a/docs/openstack-ceilometer.md b/docs/openstack-ceilometer.md index c1aa90e1..1632a44a 100644 --- a/docs/openstack-ceilometer.md +++ b/docs/openstack-ceilometer.md @@ -3,7 +3,7 @@ ## Create Secrets !!! info -This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin + This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ``` shell kubectl --namespace openstack create secret generic ceilometer-keystone-admin-password \ diff --git a/docs/openstack-cinder.md b/docs/openstack-cinder.md index 70f7032e..131acf5c 100644 --- a/docs/openstack-cinder.md +++ b/docs/openstack-cinder.md @@ -5,7 +5,7 @@ ## Create secrets !!! info -This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin + This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ``` shell diff --git a/docs/openstack-compute-kit.md b/docs/openstack-compute-kit.md index 5edfe238..0941c554 100644 --- a/docs/openstack-compute-kit.md +++ b/docs/openstack-compute-kit.md @@ -7,7 +7,7 @@ Part of running Nova is also running placement. Setup all credentials now so we can use them across the nova and placement services. !!! info -This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin + This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ### Shared diff --git a/docs/openstack-glance.md b/docs/openstack-glance.md index cb494b69..f8f3dcf4 100644 --- a/docs/openstack-glance.md +++ b/docs/openstack-glance.md @@ -5,7 +5,7 @@ ## Create secrets. !!! info -This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin + This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ``` shell kubectl --namespace openstack \ diff --git a/docs/openstack-gnocchi.md b/docs/openstack-gnocchi.md index 8bda8a2e..151d4d8d 100644 --- a/docs/openstack-gnocchi.md +++ b/docs/openstack-gnocchi.md @@ -3,7 +3,7 @@ ## Create Secrets !!! info -This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin + This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ``` shell kubectl --namespace openstack create secret generic gnocchi-admin \ diff --git a/docs/openstack-heat.md b/docs/openstack-heat.md index 2fc10d06..be1d0b75 100644 --- a/docs/openstack-heat.md +++ b/docs/openstack-heat.md @@ -5,7 +5,7 @@ ## Create secrets !!! info -This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin + This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ``` shell kubectl --namespace openstack \ diff --git a/docs/openstack-horizon.md b/docs/openstack-horizon.md index d5fe5a42..21009b53 100644 --- a/docs/openstack-horizon.md +++ b/docs/openstack-horizon.md @@ -5,7 +5,7 @@ ## Create secrets !!! info -This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin + This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ``` shell kubectl --namespace openstack \ diff --git a/docs/openstack-keystone.md b/docs/openstack-keystone.md index 17792718..fa827693 100644 --- a/docs/openstack-keystone.md +++ b/docs/openstack-keystone.md @@ -5,7 +5,7 @@ ## Create secrets. !!! info -This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin + This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ``` shell kubectl --namespace openstack \ diff --git a/docs/openstack-octavia.md b/docs/openstack-octavia.md index ae554c05..78222da1 100644 --- a/docs/openstack-octavia.md +++ b/docs/openstack-octavia.md @@ -5,7 +5,7 @@ ### Create secrets !!! info -This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin + This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ``` shell kubectl --namespace openstack \ diff --git a/docs/openstack-skyline.md b/docs/openstack-skyline.md index 619c32e2..c830d19f 100644 --- a/docs/openstack-skyline.md +++ b/docs/openstack-skyline.md @@ -7,7 +7,7 @@ Skyline is an alternative Web UI for OpenStack. If you deploy horizon there's no ## Create secrets !!! info -This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin + This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin Skyline is a little different because there's no helm integration. Given this difference the deployment is far simpler, and all secrets can be managed in one object. From 5b21504096e509690b00ab3c74e0bebb987bb005 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Thu, 27 Jun 2024 20:51:40 -0500 Subject: [PATCH 11/20] fix: update remaining docs post config updates (#335) Signed-off-by: cloudnull --- bin/bootstrap.sh | 2 +- docs/etcd-backup.md | 2 +- docs/extra-osie.md | 2 +- docs/grafana.md | 2 +- docs/infrastructure-gateway-api.md | 2 +- docs/infrastructure-ingress.md | 4 ++-- docs/infrastructure-letsencrypt.md | 4 ++-- docs/infrastructure-libvirt.md | 2 +- docs/infrastructure-mariadb.md | 4 ++-- docs/infrastructure-memcached.md | 2 +- docs/infrastructure-namespace.md | 2 +- docs/infrastructure-ovn-setup.md | 4 ++-- docs/infrastructure-rabbitmq.md | 6 +++--- docs/k8s-dashboard.md | 2 +- docs/prometheus-blackbox-exporter.md | 2 +- docs/prometheus-kube-ovn.md | 2 +- docs/prometheus-memcached-exporter.md | 2 +- docs/prometheus-mysql-exporter.md | 2 +- docs/prometheus-openstack-metrics-exporter.md | 2 +- docs/prometheus-postgres-exporter.md | 2 +- docs/prometheus-rabbitmq-exporter.md | 2 +- docs/prometheus.md | 2 +- docs/storage-ceph-rook-external.md | 2 +- docs/storage-ceph-rook-internal.md | 6 +++--- docs/storage-external-block.md | 6 +++--- docs/storage-topolvm.md | 2 +- scripts/openstack-run-all.sh | 18 +++++++++--------- 27 files changed, 45 insertions(+), 45 deletions(-) diff --git a/bin/bootstrap.sh b/bin/bootstrap.sh index 30649014..f54b98ea 100755 --- a/bin/bootstrap.sh +++ b/bin/bootstrap.sh @@ -57,7 +57,7 @@ test -f $GENESTACK_CONFIG/provider || echo ${K8S_PROVIDER} > ${GENESTACK_CONFIG} test -f $GENESTACK_CONFIG/product || echo ${GENESTACK_PRODUCT} > ${GENESTACK_CONFIG}/product mkdir -p $GENESTACK_CONFIG/inventory/group_vars ${GENESTACK_CONFIG}/inventory/credentials if [ ! -d "/etc/genestack/helm-configs" ]; then - cp -r /opt/genestack/helm-configs.example /etc/genestack/helm-configs + cp -r /etc/genestack/helm-configs.example /etc/genestack/helm-configs fi if [ ! -d "/etc/genestack/kustomize" ]; then cp -r /opt/genestack/kustomize.example /etc/genestack/kustomize diff --git a/docs/etcd-backup.md b/docs/etcd-backup.md index 11f9b61c..cc5f49ae 100644 --- a/docs/etcd-backup.md +++ b/docs/etcd-backup.md @@ -43,5 +43,5 @@ kubectl --namespace openstack \ Next, Deploy the backup job: ``` -kubectl apply -k /opt/genestack/kustomize/backups/etcd/etcd-backup.yaml --namespace openstack +kubectl apply -k /etc/genestack/kustomize/backups/etcd/etcd-backup.yaml --namespace openstack ``` diff --git a/docs/extra-osie.md b/docs/extra-osie.md index 31eb2a17..9c26b5e7 100644 --- a/docs/extra-osie.md +++ b/docs/extra-osie.md @@ -6,5 +6,5 @@ helm upgrade --install osie osie/osie \ --create-namespace \ --wait \ --timeout 120m \ - -f /opt/genestack/helm-configs/osie/osie-helm-overrides.yaml + -f /etc/genestack/helm-configs/osie/osie-helm-overrides.yaml ``` diff --git a/docs/grafana.md b/docs/grafana.md index 2e140acf..508a4faf 100644 --- a/docs/grafana.md +++ b/docs/grafana.md @@ -148,6 +148,6 @@ You must edit this file to include your specific url and azure tenant id ``` shell kubectl -n grafana create secret tls grafana-tls-public --cert=/opt/genestack/kustomize/grafana/base/cert.pem --key=/opt/genestack/kustomize/grafana/base/key.pem -kubectl kustomize --enable-helm /opt/genestack/kustomize/grafana/base | \ +kubectl kustomize --enable-helm /etc/genestack/kustomize/grafana/base | \ kubectl -n grafana -f - ``` diff --git a/docs/infrastructure-gateway-api.md b/docs/infrastructure-gateway-api.md index 2faeac0c..fabaa8fa 100644 --- a/docs/infrastructure-gateway-api.md +++ b/docs/infrastructure-gateway-api.md @@ -41,7 +41,7 @@ Next, Install the NGINX Gateway Fabric controller ``` cd /opt/genestack/submodules/nginx-gateway-fabric/deploy/helm-chart -helm upgrade --install nginx-gateway-fabric . --namespace=nginx-gateway -f /opt/genestack/helm-configs/nginx-gateway-fabric/helm-overrides.yaml +helm upgrade --install nginx-gateway-fabric . --namespace=nginx-gateway -f /etc/genestack/helm-configs/nginx-gateway-fabric/helm-overrides.yaml ``` Helm install does not automatically upgrade the crds for this resource. To upgrade the crds you will have to manually install them. Follow the process from : [Upgrade CRDs](https://docs.nginx.com/nginx-gateway-fabric/installation/installing-ngf/helm/#upgrade-nginx-gateway-fabric-crds) diff --git a/docs/infrastructure-ingress.md b/docs/infrastructure-ingress.md index 0aa701a9..98d788e4 100644 --- a/docs/infrastructure-ingress.md +++ b/docs/infrastructure-ingress.md @@ -9,13 +9,13 @@ We need two different Ingress controllers, one in the `openstack` namespace, the ### Deploy our ingress controller within the ingress-nginx Namespace ``` shell -kubectl kustomize --enable-helm /opt/genestack/kustomize/ingress/external | kubectl apply --namespace ingress-nginx -f - +kubectl kustomize --enable-helm /etc/genestack/kustomize/ingress/external | kubectl apply --namespace ingress-nginx -f - ``` ### Deploy our ingress controller within the OpenStack Namespace ``` shell -kubectl kustomize --enable-helm /opt/genestack/kustomize/ingress/internal | kubectl apply --namespace openstack -f - +kubectl kustomize --enable-helm /etc/genestack/kustomize/ingress/internal | kubectl apply --namespace openstack -f - ``` The openstack ingress controller uses the class name `nginx-openstack`. diff --git a/docs/infrastructure-letsencrypt.md b/docs/infrastructure-letsencrypt.md index 3e1995aa..555e970f 100644 --- a/docs/infrastructure-letsencrypt.md +++ b/docs/infrastructure-letsencrypt.md @@ -67,8 +67,8 @@ kustomize overlay to use for that is aptly named, `letsencrypt`. --namespace=openstack \ --wait \ --timeout 120m \ - -f /opt/genestack/helm-configs/keystone/keystone-helm-overrides.yaml \ - -f /opt/genestack/helm-configs/prod-example-openstack-overrides.yaml \ + -f /etc/genestack/helm-configs/keystone/keystone-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/prod-example-openstack-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ --set endpoints.oslo_db.auth.keystone.password="$(kubectl --namespace openstack get secret keystone-db-password -o jsonpath='{.data.password}' | base64 -d)" \ diff --git a/docs/infrastructure-libvirt.md b/docs/infrastructure-libvirt.md index 7daf2b21..e47e66f0 100644 --- a/docs/infrastructure-libvirt.md +++ b/docs/infrastructure-libvirt.md @@ -3,7 +3,7 @@ The first part of the compute kit is Libvirt. ``` shell -kubectl kustomize --enable-helm /opt/genestack/kustomize/libvirt | kubectl apply --namespace openstack -f - +kubectl kustomize --enable-helm /etc/genestack/kustomize/libvirt | kubectl apply --namespace openstack -f - ``` Once deployed you can validate functionality on your compute hosts with `virsh` diff --git a/docs/infrastructure-mariadb.md b/docs/infrastructure-mariadb.md index f9fe2b57..98d0749b 100644 --- a/docs/infrastructure-mariadb.md +++ b/docs/infrastructure-mariadb.md @@ -17,7 +17,7 @@ kubectl --namespace openstack \ cluster_name=`kubectl config view --minify -o jsonpath='{.clusters[0].name}'` sed -i -e "s/cluster\.local/$cluster_name/" /opt/genestack/kustomize/mariadb-operator/kustomization.yaml -test -n "$cluster_name" && kubectl kustomize --enable-helm /opt/genestack/kustomize/mariadb-operator | \ +test -n "$cluster_name" && kubectl kustomize --enable-helm /etc/genestack/kustomize/mariadb-operator | \ kubectl --namespace mariadb-system apply --server-side --force-conflicts -f - ``` @@ -32,7 +32,7 @@ kubectl --namespace mariadb-system get pods -w ## Deploy the MariaDB Cluster ``` shell -kubectl --namespace openstack apply -k /opt/genestack/kustomize/mariadb-cluster/base +kubectl --namespace openstack apply -k /etc/genestack/kustomize/mariadb-cluster/base ``` !!! note diff --git a/docs/infrastructure-memcached.md b/docs/infrastructure-memcached.md index 9a7602fe..217c18e8 100644 --- a/docs/infrastructure-memcached.md +++ b/docs/infrastructure-memcached.md @@ -3,7 +3,7 @@ ## Deploy the Memcached Cluster ``` shell -kubectl kustomize --enable-helm /opt/genestack/kustomize/memcached/base | kubectl apply --namespace openstack -f - +kubectl kustomize --enable-helm /etc/genestack/kustomize/memcached/base | kubectl apply --namespace openstack -f - ``` !!! note diff --git a/docs/infrastructure-namespace.md b/docs/infrastructure-namespace.md index 9ae09554..7835dafc 100644 --- a/docs/infrastructure-namespace.md +++ b/docs/infrastructure-namespace.md @@ -3,7 +3,7 @@ The following command will generate our OpenStack namespace and ensure we have everything needed to proceed with the deployment. ``` shell -kubectl apply -k /opt/genestack/kustomize/openstack +kubectl apply -k /etc/genestack/kustomize/openstack ``` Then you can create all needed secrets by running the create-secrets.sh command located in /opt/genestack/bin diff --git a/docs/infrastructure-ovn-setup.md b/docs/infrastructure-ovn-setup.md index 5e097d89..e970abd7 100644 --- a/docs/infrastructure-ovn-setup.md +++ b/docs/infrastructure-ovn-setup.md @@ -115,7 +115,7 @@ kubectl annotate \ With all of the annotations defined, we can now apply the network policy with the following command. ``` shell -kubectl apply -k /opt/genestack/kustomize/ovn +kubectl apply -k /etc/genestack/kustomize/ovn ``` After running the setup, nodes will have the label `ovn.openstack.org/configured` with a date stamp when it was configured. @@ -130,7 +130,7 @@ If there's ever a need to reconfigure a node, simply remove the label and the Da ST_KEY as appropriate for the Swift CLI client in the `swift-tempauth.env` file and then run: - kubectl apply -k /opt/genestack/kustomize/ovn/ovn-backup \ + kubectl apply -k /etc/genestack/kustomize/ovn/ovn-backup \ --prune -l app=ovn-backup \ --prune-allowlist=core/v1/Secret \ --prune-allowlist=core/v1/ConfigMap diff --git a/docs/infrastructure-rabbitmq.md b/docs/infrastructure-rabbitmq.md index b59a485f..2bc3ce62 100644 --- a/docs/infrastructure-rabbitmq.md +++ b/docs/infrastructure-rabbitmq.md @@ -3,7 +3,7 @@ ## Deploy the RabbitMQ operator. ``` shell -kubectl apply -k /opt/genestack/kustomize/rabbitmq-operator +kubectl apply -k /etc/genestack/kustomize/rabbitmq-operator ``` !!! note @@ -13,13 +13,13 @@ kubectl apply -k /opt/genestack/kustomize/rabbitmq-operator ## Deploy the RabbitMQ topology operator. ``` shell -kubectl apply -k /opt/genestack/kustomize/rabbitmq-topology-operator +kubectl apply -k /etc/genestack/kustomize/rabbitmq-topology-operator ``` ## Deploy the RabbitMQ cluster. ``` shell -kubectl apply -k /opt/genestack/kustomize/rabbitmq-cluster/base +kubectl apply -k /etc/genestack/kustomize/rabbitmq-cluster/base ``` !!! note diff --git a/docs/k8s-dashboard.md b/docs/k8s-dashboard.md index b614791f..d555f9c1 100644 --- a/docs/k8s-dashboard.md +++ b/docs/k8s-dashboard.md @@ -3,7 +3,7 @@ While the dashboard is installed you will have no ability to access it until we setup some basic RBAC. ``` shell -kubectl apply -k /opt/genestack/kustomize/k8s-dashboard +kubectl apply -k /etc/genestack/kustomize/k8s-dashboard ``` You can now retrieve a permanent token. diff --git a/docs/prometheus-blackbox-exporter.md b/docs/prometheus-blackbox-exporter.md index 860dfde0..ce458a7f 100644 --- a/docs/prometheus-blackbox-exporter.md +++ b/docs/prometheus-blackbox-exporter.md @@ -8,7 +8,7 @@ The blackbox exporter ideally would be ran outside the cluster but can still pro ``` shell -kubectl kustomize --enable-helm /opt/genestack/kustomize/prometheus-blackbox-exporter | kubectl apply -f - +kubectl kustomize --enable-helm /etc/genestack/kustomize/prometheus-blackbox-exporter | kubectl apply -f - ``` !!! success diff --git a/docs/prometheus-kube-ovn.md b/docs/prometheus-kube-ovn.md index de7cffd4..0049545b 100644 --- a/docs/prometheus-kube-ovn.md +++ b/docs/prometheus-kube-ovn.md @@ -7,7 +7,7 @@ create a service monitor to pull these metrics into Prometheus. ## Installation ``` shell -kubectl apply -f /opt/genestack/kustomize/prometheus-ovn/ +kubectl apply -f /etc/genestack/kustomize/prometheus-ovn/ ``` !!! success diff --git a/docs/prometheus-memcached-exporter.md b/docs/prometheus-memcached-exporter.md index 5fa9f2db..7c3a8305 100644 --- a/docs/prometheus-memcached-exporter.md +++ b/docs/prometheus-memcached-exporter.md @@ -17,7 +17,7 @@ Install the Memcached Exporter ### Deploy the Memcached Cluster With Monitoring Enabled ``` shell -kubectl kustomize --enable-helm /opt/genestack/kustomize/memcached/base-monitoring | \ +kubectl kustomize --enable-helm /etc/genestack/kustomize/memcached/base-monitoring | \ kubectl apply --namespace openstack --server-side -f - ``` diff --git a/docs/prometheus-mysql-exporter.md b/docs/prometheus-mysql-exporter.md index 5bf43b7f..dec517cf 100644 --- a/docs/prometheus-mysql-exporter.md +++ b/docs/prometheus-mysql-exporter.md @@ -23,7 +23,7 @@ kubectl --namespace openstack \ Next, install the exporter ``` shell -kubectl kustomize --enable-helm /opt/genestack/kustomize/prometheus-mysql-exporter | \ +kubectl kustomize --enable-helm /etc/genestack/kustomize/prometheus-mysql-exporter | \ kubectl --namespace openstack apply --server-side -f - ``` diff --git a/docs/prometheus-openstack-metrics-exporter.md b/docs/prometheus-openstack-metrics-exporter.md index 0361221a..c5de634e 100644 --- a/docs/prometheus-openstack-metrics-exporter.md +++ b/docs/prometheus-openstack-metrics-exporter.md @@ -54,7 +54,7 @@ cd /opt/genestack/submodules/openstack-exporter/charts helm upgrade --install os-metrics ./prometheus-openstack-exporter \ --namespace=openstack \ --timeout 15m \ - -f /opt/genestack/helm-configs/monitoring/openstack-metrics-exporter/openstack-metrics-exporter-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/monitoring/openstack-metrics-exporter/openstack-metrics-exporter-helm-overrides.yaml \ --set clouds_yaml_config="$(kubectl --namespace openstack get secret clouds-yaml-secret -o jsonpath='{.data.gen-clouds-yaml}' | base64 -d)" ``` diff --git a/docs/prometheus-postgres-exporter.md b/docs/prometheus-postgres-exporter.md index c06125de..e11db1b6 100644 --- a/docs/prometheus-postgres-exporter.md +++ b/docs/prometheus-postgres-exporter.md @@ -11,7 +11,7 @@ PostgresSQL Exporter is used to expose metrics from a running PostgresSQL deploy Install the PostgresSQL Exporter ``` shell -kubectl kustomize --enable-helm /opt/genestack/kustomize/prometheus-postgres-exporter | \ +kubectl kustomize --enable-helm /etc/genestack/kustomize/prometheus-postgres-exporter | \ kubectl --namespace openstack apply --server-side -f - ``` diff --git a/docs/prometheus-rabbitmq-exporter.md b/docs/prometheus-rabbitmq-exporter.md index aa88a8a2..11a1d314 100644 --- a/docs/prometheus-rabbitmq-exporter.md +++ b/docs/prometheus-rabbitmq-exporter.md @@ -11,7 +11,7 @@ RabbitMQ Exporter is used to expose metrics from a running RabbitMQ deployment. Install the RabbitMQ Exporter ``` shell -kubectl kustomize --enable-helm /opt/genestack/kustomize/prometheus-rabbitmq-exporter | \ +kubectl kustomize --enable-helm /etc/genestack/kustomize/prometheus-rabbitmq-exporter | \ kubectl --namespace openstack apply --server-side -f - ``` diff --git a/docs/prometheus.md b/docs/prometheus.md index 5b4ab744..88dc95e9 100644 --- a/docs/prometheus.md +++ b/docs/prometheus.md @@ -20,7 +20,7 @@ sed -i -e "s#https://webhook_url.example#$webhook_url#" /opt/genestack/kustomize ## Install the prometheus stack ``` shell -kubectl kustomize --enable-helm /opt/genestack/kustomize/prometheus | kubectl apply --server-side -f - +kubectl kustomize --enable-helm /etc/genestack/kustomize/prometheus | kubectl apply --server-side -f - ``` !!! success diff --git a/docs/storage-ceph-rook-external.md b/docs/storage-ceph-rook-external.md index 2b708a95..8349db02 100644 --- a/docs/storage-ceph-rook-external.md +++ b/docs/storage-ceph-rook-external.md @@ -67,7 +67,7 @@ python3 create-external-cluster-resources.py --rbd-data-pool-name general --ceph Run the following commands to import the cluster after pasting in exports from external cluster ``` shell -kubectl apply -k /opt/genestack/kustomize/rook-operator/ +kubectl apply -k /etc/genestack/kustomize/rook-operator/ /opt/genestack/scripts/import-external-cluster.sh helm repo add rook-release https://charts.rook.io/release kubectl -n rook-ceph set image deploy/rook-ceph-operator rook-ceph-operator=rook/ceph:v1.13.7 diff --git a/docs/storage-ceph-rook-internal.md b/docs/storage-ceph-rook-internal.md index e986af94..258205c9 100644 --- a/docs/storage-ceph-rook-internal.md +++ b/docs/storage-ceph-rook-internal.md @@ -3,7 +3,7 @@ ## Deploy the Rook operator ``` shell -kubectl apply -k /opt/genestack/kustomize/rook-operator/ +kubectl apply -k /etc/genestack/kustomize/rook-operator/ kubectl -n rook-ceph set image deploy/rook-ceph-operator rook-ceph-operator=rook/ceph:v1.13.7 ``` @@ -14,7 +14,7 @@ kubectl -n rook-ceph set image deploy/rook-ceph-operator rook-ceph-operator=rook Rook will deploy against nodes labeled `role=storage-node`. Make sure to have a look at the `/opt/genestack/kustomize/rook-cluster/rook-cluster.yaml` file to ensure it's setup to your liking, pay special attention to your `deviceFilter` settings, especially if different devices have different device layouts. ``` shell -kubectl apply -k /opt/genestack/kustomize/rook-cluster/ +kubectl apply -k /etc/genestack/kustomize/rook-cluster/ ``` ## Validate the cluster is operational @@ -32,7 +32,7 @@ kubectl --namespace rook-ceph get cephclusters.ceph.rook.io Once the rook cluster is online with a HEALTH status of `HEALTH_OK`, deploy the filesystem, storage-class, and pool defaults. ``` shell -kubectl apply -k /opt/genestack/kustomize/rook-defaults +kubectl apply -k /etc/genestack/kustomize/rook-defaults ``` !!! note diff --git a/docs/storage-external-block.md b/docs/storage-external-block.md index c9cbe7fb..818b0718 100644 --- a/docs/storage-external-block.md +++ b/docs/storage-external-block.md @@ -19,14 +19,14 @@ general (default) org.democratic-csi.iscsi Delete Immediate Deploy Ceph operator ``` shell -kubectl apply -k /opt/genestack/kustomize/rook-operator/ +kubectl apply -k /etc/genestack/kustomize/rook-operator/ kubectl -n rook-ceph set image deploy/rook-ceph-operator rook-ceph-operator=rook/ceph:v1.13.7 ``` Deploy Ceph on PVC ``` shell -kubectl apply -k /opt/genestack/kustomize/rook-cluster-external-pvc/ +kubectl apply -k /etc/genestack/kustomize/rook-cluster-external-pvc/ ``` Monitor cluster state, once cluster HEALTH_OK proceed to the next step @@ -40,7 +40,7 @@ rook-ceph /var/lib/rook 3 129m Ready Cluster created successf Deploy cephfs filesystem named 'general-multi-attach' for Glance consumption ``` shell -kubectl apply -k /opt/genestack/kustomize/rook-defaults-external-pvc/ +kubectl apply -k /etc/genestack/kustomize/rook-defaults-external-pvc/ ``` You should now have two storage class providers configured for Genestack diff --git a/docs/storage-topolvm.md b/docs/storage-topolvm.md index f1a3d5db..fddf4bc7 100644 --- a/docs/storage-topolvm.md +++ b/docs/storage-topolvm.md @@ -23,5 +23,5 @@ Once the volume group is on your storage nodes, the node is ready for use. ### Deploy the TopoLVM Provisioner ``` shell -kubectl kustomize --enable-helm /opt/genestack/kustomize/topolvm/general | kubectl apply -f - +kubectl kustomize --enable-helm /etc/genestack/kustomize/topolvm/general | kubectl apply -f - ``` diff --git a/scripts/openstack-run-all.sh b/scripts/openstack-run-all.sh index ed8b27a9..69815671 100644 --- a/scripts/openstack-run-all.sh +++ b/scripts/openstack-run-all.sh @@ -4,7 +4,7 @@ helm upgrade --install keystone ./keystone \ --namespace=openstack \ --wait \ --timeout 120m \ - -f /opt/genestack/helm-configs/keystone/keystone-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/keystone/keystone-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ --set endpoints.oslo_db.auth.keystone.password="$(kubectl --namespace openstack get secret keystone-db-password -o jsonpath='{.data.password}' | base64 -d)" \ @@ -17,7 +17,7 @@ helm upgrade --install glance ./glance \ --namespace=openstack \ --wait \ --timeout 120m \ - -f /opt/genestack/helm-configs/glance/glance-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/glance/glance-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.glance.password="$(kubectl --namespace openstack get secret glance-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ @@ -30,7 +30,7 @@ helm upgrade --install glance ./glance \ helm upgrade --install heat ./heat \ --namespace=openstack \ --timeout 120m \ - -f /opt/genestack/helm-configs/heat/heat-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/heat/heat-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.heat.password="$(kubectl --namespace openstack get secret heat-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.heat_trustee.password="$(kubectl --namespace openstack get secret heat-trustee -o jsonpath='{.data.password}' | base64 -d)" \ @@ -46,7 +46,7 @@ helm upgrade --install cinder ./cinder \ --namespace=openstack \ --wait \ --timeout 120m \ - -f /opt/genestack/helm-configs/cinder/cinder-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/cinder/cinder-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.cinder.password="$(kubectl --namespace openstack get secret cinder-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ @@ -59,7 +59,7 @@ helm upgrade --install cinder ./cinder \ helm upgrade --install neutron ./neutron \ --namespace=openstack \ --timeout 120m \ - -f /opt/genestack/helm-configs/neutron/neutron-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/neutron/neutron-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.neutron.password="$(kubectl --namespace openstack get secret neutron-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.nova.password="$(kubectl --namespace openstack get secret nova-admin -o jsonpath='{.data.password}' | base64 -d)" \ @@ -80,7 +80,7 @@ helm upgrade --install neutron ./neutron \ helm upgrade --install nova ./nova \ --namespace=openstack \ --timeout 120m \ - -f /opt/genestack/helm-configs/nova/nova-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/nova/nova-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.nova.password="$(kubectl --namespace openstack get secret nova-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.neutron.password="$(kubectl --namespace openstack get secret neutron-admin -o jsonpath='{.data.password}' | base64 -d)" \ @@ -101,7 +101,7 @@ helm upgrade --install nova ./nova \ helm upgrade --install placement ./placement --namespace=openstack \ --namespace=openstack \ --timeout 120m \ - -f /opt/genestack/helm-configs/placement/placement-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/placement/placement-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.placement.password="$(kubectl --namespace openstack get secret placement-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ @@ -114,7 +114,7 @@ helm upgrade --install octavia ./octavia \ --namespace=openstack \ --wait \ --timeout 120m \ - -f /opt/genestack/helm-configs/octavia/octavia-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/octavia/octavia-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.octavia.password="$(kubectl --namespace openstack get secret octavia-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ @@ -131,7 +131,7 @@ helm upgrade --install horizon ./horizon \ --namespace=openstack \ --wait \ --timeout 120m \ - -f /opt/genestack/helm-configs/horizon/horizon-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/horizon/horizon-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set conf.horizon.local_settings.config.horizon_secret_key="$(kubectl --namespace openstack get secret horizon-secrete-key -o jsonpath='{.data.root-password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ From b3a74c14d969a9e7687a12a85e0c44b0b32feae2 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Thu, 27 Jun 2024 21:07:56 -0500 Subject: [PATCH 12/20] fix: update last remaining docs (#336) Signed-off-by: cloudnull --- bin/bootstrap.sh | 6 +++--- docs/grafana.md | 10 +++++----- docs/infrastructure-gateway-api.md | 28 ++++++++++++++++------------ docs/infrastructure-letsencrypt.md | 2 +- docs/infrastructure-mariadb.md | 2 +- docs/infrastructure-ovn-setup.md | 2 +- docs/monitoring-getting-started.md | 2 +- docs/prometheus.md | 2 +- docs/storage-ceph-rook-internal.md | 2 +- scripts/openstack-run-all.sh | 18 +++++++++--------- 10 files changed, 39 insertions(+), 35 deletions(-) diff --git a/bin/bootstrap.sh b/bin/bootstrap.sh index f54b98ea..3928c0c7 100755 --- a/bin/bootstrap.sh +++ b/bin/bootstrap.sh @@ -56,10 +56,10 @@ test -L $GENESTACK_CONFIG 2>&1 || mkdir -p ${GENESTACK_CONFIG} test -f $GENESTACK_CONFIG/provider || echo ${K8S_PROVIDER} > ${GENESTACK_CONFIG}/provider test -f $GENESTACK_CONFIG/product || echo ${GENESTACK_PRODUCT} > ${GENESTACK_CONFIG}/product mkdir -p $GENESTACK_CONFIG/inventory/group_vars ${GENESTACK_CONFIG}/inventory/credentials -if [ ! -d "/etc/genestack/helm-configs" ]; then - cp -r /etc/genestack/helm-configs.example /etc/genestack/helm-configs +if [ ! -d "/opt/genestack/helm-configs" ]; then + cp -r /opt/genestack/helm-configs.example /etc/genestack/helm-configs fi -if [ ! -d "/etc/genestack/kustomize" ]; then +if [ ! -d "/opt/genestack/kustomize" ]; then cp -r /opt/genestack/kustomize.example /etc/genestack/kustomize fi diff --git a/docs/grafana.md b/docs/grafana.md index 508a4faf..40dbf2de 100644 --- a/docs/grafana.md +++ b/docs/grafana.md @@ -21,7 +21,7 @@ You can base64 encode your `client_id` and `client_secret` by using the echo and echo -n "YOUR CLIENT ID OR SECRET" | base64 ``` -This example file is located at `/opt/genestack/kustomize/grafana/base` +This example file is located at `/etc/genestack/kustomize/grafana/base` example secret file: ``` yaml @@ -44,7 +44,7 @@ If you are configuring grafana to use tls/ssl, you should create a file for your Your cert and key files should look something like the following (cert and key example taken from [VMware Docs](https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.admin.doc/GUID-BBC4804F-AC54-4DD2-BF6B-ECD2F60083F6.html "VMware Docs")). -These example files are located in `/opt/genestack/kustomize/grafana/base` +These example files are located in `/etc/genestack/kustomize/grafana/base` ??? example @@ -110,7 +110,7 @@ These example files are located in `/opt/genestack/kustomize/grafana/base` ## Update datasources.yaml -The datasource.yaml file is located at `/opt/genestack/kustomize/grafana/base` +The datasource.yaml file is located at `/etc/genestack/kustomize/grafana/base` If you have specific datasources that should be populated when grafana deploys, update the datasource.yaml to use your values. The example below shows one way to configure prometheus and loki datasources. @@ -137,7 +137,7 @@ datasources: ## Update grafana-values.yaml -The grafana-values.yaml file is located at `/opt/genestack/kustomize/grafana/base` +The grafana-values.yaml file is located at `/etc/genestack/kustomize/grafana/base` You must edit this file to include your specific url and azure tenant id @@ -146,7 +146,7 @@ You must edit this file to include your specific url and azure tenant id ## Create the tls secret and install ``` shell -kubectl -n grafana create secret tls grafana-tls-public --cert=/opt/genestack/kustomize/grafana/base/cert.pem --key=/opt/genestack/kustomize/grafana/base/key.pem +kubectl -n grafana create secret tls grafana-tls-public --cert=/etc/genestack/kustomize/grafana/base/cert.pem --key=/etc/genestack/kustomize/grafana/base/key.pem kubectl kustomize --enable-helm /etc/genestack/kustomize/grafana/base | \ kubectl -n grafana -f - diff --git a/docs/infrastructure-gateway-api.md b/docs/infrastructure-gateway-api.md index fabaa8fa..cd3809ae 100644 --- a/docs/infrastructure-gateway-api.md +++ b/docs/infrastructure-gateway-api.md @@ -7,12 +7,14 @@ Since Gateway APIs are successor to Ingress Controllers there needs to be a one ### Resource Models in Gateway API + There are 3 main resource models in gateway apis: 1. GatewayClass - Mostly managed by a controller. 2. Gateway - An instance of traffic handling infra like a LB. 3. Routes - Defines HTTP-specific rules for mapping traffic from a Gateway listener to a representation of backend network endpoints. **k8s Gateway API is NOT the same as API Gateways** + While both sound the same, API Gateway is a more of a general concept that defines a set of resources that exposes capabilities of a backend service but also provide other functionalities like traffic management, rate limiting, authentication and more. It is geared towards commercial API management and monetisation. From the gateway api sig: @@ -21,24 +23,27 @@ From the gateway api sig: Most Gateway API implementations are API Gateways to some extent, but not all API Gateways are Gateway API implementations. - ### Controller: NGINX Gateway Fabric + [NGINX Gateway Fabric](https://github.com/nginxinc/nginx-gateway-fabric) is an open-source project that provides an implementation of the Gateway API using nginx as the data plane. Chart Install: https://github.com/nginxinc/nginx-gateway-fabric/blob/main/deploy/helm-chart/values.yaml Create the Namespace -``` + +``` shell kubectl create ns nginx-gateway ``` First Install the Gateway API Resource from Kubernetes -``` + +``` shell kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml ``` Next, Install the NGINX Gateway Fabric controller -``` + +``` shell cd /opt/genestack/submodules/nginx-gateway-fabric/deploy/helm-chart helm upgrade --install nginx-gateway-fabric . --namespace=nginx-gateway -f /etc/genestack/helm-configs/nginx-gateway-fabric/helm-overrides.yaml @@ -51,13 +56,15 @@ Helm install does not automatically upgrade the crds for this resource. To upgra In this example we will look at how Prometheus UI is exposed through the gateway. For other services the gateway kustomization file for the service. Rackspace specific gateway kustomization files can be applied like so -``` -cd /opt/genestack/kustomize/gateway + +``` shell +cd /etc/genestack/kustomize/gateway kubectl kustomize | kubectl apply -f - ``` First, create the shared gateway and then the httproute resource for prometheus. -``` + +``` yaml apiVersion: gateway.networking.k8s.io/v1 kind: Gateway metadata: @@ -73,7 +80,7 @@ spec: then -``` +``` yaml apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: @@ -89,6 +96,7 @@ spec: - name: kube-prometheus-stack-prometheus port: 9090 ``` + At this point, flex-gateway has a listener pointed to the port 80 matching *.sjc.ohthree.com hostname. The HTTPRoute resource configures routes for this gateway. Here, we match all path and simply pass any request from the matching hostname to kube-prometheus-stack-prometheus backend service. ### Exposing Flex Services @@ -104,7 +112,6 @@ For each externally exposed service, example: keystone endpoint, we have a Gatew ``` External Traffic -> F5 VIP Address -> MetalLB VIP Address -> Gateway Service - ``` This setup can be expended to have multiple MetalLB VIPs with multiple Gateway Services listening on different IP addresses as required by your setup. @@ -112,11 +119,8 @@ This setup can be expended to have multiple MetalLB VIPs with multiple Gateway S !!! tip The metalLB speaker wont advertise the service if : - 1. There is no active endpoint backing the service - 2. There are no matching L2 or BGP speaker nodes - 3. If the service has external Traffic Policy set to local you need to have the running endpoint on the speaker node. diff --git a/docs/infrastructure-letsencrypt.md b/docs/infrastructure-letsencrypt.md index 555e970f..34cb6176 100644 --- a/docs/infrastructure-letsencrypt.md +++ b/docs/infrastructure-letsencrypt.md @@ -74,6 +74,6 @@ kustomize overlay to use for that is aptly named, `letsencrypt`. --set endpoints.oslo_db.auth.keystone.password="$(kubectl --namespace openstack get secret keystone-db-password -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.keystone.password="$(kubectl --namespace openstack get secret keystone-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args keystone/letsencrypt ``` diff --git a/docs/infrastructure-mariadb.md b/docs/infrastructure-mariadb.md index 98d0749b..8920fb7a 100644 --- a/docs/infrastructure-mariadb.md +++ b/docs/infrastructure-mariadb.md @@ -15,7 +15,7 @@ kubectl --namespace openstack \ ``` shell cluster_name=`kubectl config view --minify -o jsonpath='{.clusters[0].name}'` -sed -i -e "s/cluster\.local/$cluster_name/" /opt/genestack/kustomize/mariadb-operator/kustomization.yaml +sed -i -e "s/cluster\.local/$cluster_name/" /etc/genestack/kustomize/mariadb-operator/kustomization.yaml test -n "$cluster_name" && kubectl kustomize --enable-helm /etc/genestack/kustomize/mariadb-operator | \ kubectl --namespace mariadb-system apply --server-side --force-conflicts -f - diff --git a/docs/infrastructure-ovn-setup.md b/docs/infrastructure-ovn-setup.md index e970abd7..187adde1 100644 --- a/docs/infrastructure-ovn-setup.md +++ b/docs/infrastructure-ovn-setup.md @@ -124,7 +124,7 @@ If there's ever a need to reconfigure a node, simply remove the label and the Da !!! note To upload backups to Swift with tempauth, edit - /opt/genestack/kustomize/ovn/ovn-backup/ovn-backup.config to set + /etc/genestack/kustomize/ovn/ovn-backup/ovn-backup.config to set `SWIFT_TEMPAUTH_UPLOAD' "true"`, edit the other related options appropriately (i.e., set the CONTAINER) and fill the ST_AUTH, ST_USER, and ST_KEY as appropriate for the Swift CLI client in the `swift-tempauth.env` diff --git a/docs/monitoring-getting-started.md b/docs/monitoring-getting-started.md index 182b1ef1..e2e0b6a3 100644 --- a/docs/monitoring-getting-started.md +++ b/docs/monitoring-getting-started.md @@ -47,5 +47,5 @@ Within the genestack repo we can update our alerting rules via the alerting_rule View alerting_rules.yaml in: ``` shell -less /opt/genestack/kustomize/prometheus/alerting_rules.yaml +less /etc/genestack/kustomize/prometheus/alerting_rules.yaml ``` diff --git a/docs/prometheus.md b/docs/prometheus.md index 88dc95e9..583bfe4b 100644 --- a/docs/prometheus.md +++ b/docs/prometheus.md @@ -14,7 +14,7 @@ Currently you can supply a Teams webhook url to send all current alerts to a tea ``` shell webhook_url='https://my.webhook.example' -sed -i -e "s#https://webhook_url.example#$webhook_url#" /opt/genestack/kustomize/prometheus/alertmanager_config.yaml +sed -i -e "s#https://webhook_url.example#$webhook_url#" /etc/genestack/kustomize/prometheus/alertmanager_config.yaml ``` ## Install the prometheus stack diff --git a/docs/storage-ceph-rook-internal.md b/docs/storage-ceph-rook-internal.md index 258205c9..d7591699 100644 --- a/docs/storage-ceph-rook-internal.md +++ b/docs/storage-ceph-rook-internal.md @@ -11,7 +11,7 @@ kubectl -n rook-ceph set image deploy/rook-ceph-operator rook-ceph-operator=rook !!! note - Rook will deploy against nodes labeled `role=storage-node`. Make sure to have a look at the `/opt/genestack/kustomize/rook-cluster/rook-cluster.yaml` file to ensure it's setup to your liking, pay special attention to your `deviceFilter` settings, especially if different devices have different device layouts. + Rook will deploy against nodes labeled `role=storage-node`. Make sure to have a look at the `/etc/genestack/kustomize/rook-cluster/rook-cluster.yaml` file to ensure it's setup to your liking, pay special attention to your `deviceFilter` settings, especially if different devices have different device layouts. ``` shell kubectl apply -k /etc/genestack/kustomize/rook-cluster/ diff --git a/scripts/openstack-run-all.sh b/scripts/openstack-run-all.sh index 69815671..8eab8de7 100644 --- a/scripts/openstack-run-all.sh +++ b/scripts/openstack-run-all.sh @@ -10,7 +10,7 @@ helm upgrade --install keystone ./keystone \ --set endpoints.oslo_db.auth.keystone.password="$(kubectl --namespace openstack get secret keystone-db-password -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.keystone.password="$(kubectl --namespace openstack get secret keystone-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args keystone/base & helm upgrade --install glance ./glance \ @@ -24,7 +24,7 @@ helm upgrade --install glance ./glance \ --set endpoints.oslo_db.auth.glance.password="$(kubectl --namespace openstack get secret glance-db-password -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.glance.password="$(kubectl --namespace openstack get secret glance-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args glance/base & helm upgrade --install heat ./heat \ @@ -39,7 +39,7 @@ helm upgrade --install heat ./heat \ --set endpoints.oslo_db.auth.heat.password="$(kubectl --namespace openstack get secret heat-db-password -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.heat.password="$(kubectl --namespace openstack get secret heat-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args heat/base & helm upgrade --install cinder ./cinder \ @@ -53,7 +53,7 @@ helm upgrade --install cinder ./cinder \ --set endpoints.oslo_db.auth.cinder.password="$(kubectl --namespace openstack get secret cinder-db-password -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.cinder.password="$(kubectl --namespace openstack get secret cinder-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args cinder/base & helm upgrade --install neutron ./neutron \ @@ -74,7 +74,7 @@ helm upgrade --install neutron ./neutron \ --set conf.neutron.ovn.ovn_sb_connection="tcp:$(kubectl --namespace kube-system get service ovn-sb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ --set conf.plugins.ml2_conf.ovn.ovn_nb_connection="tcp:$(kubectl --namespace kube-system get service ovn-nb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ --set conf.plugins.ml2_conf.ovn.ovn_sb_connection="tcp:$(kubectl --namespace kube-system get service ovn-sb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args neutron/base & helm upgrade --install nova ./nova \ @@ -95,7 +95,7 @@ helm upgrade --install nova ./nova \ --set endpoints.oslo_db_cell0.auth.nova.password="$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.nova.password="$(kubectl --namespace openstack get secret nova-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args nova/base & helm upgrade --install placement ./placement --namespace=openstack \ @@ -107,7 +107,7 @@ helm upgrade --install placement ./placement --namespace=openstack \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ --set endpoints.oslo_db.auth.placement.password="$(kubectl --namespace openstack get secret placement-db-password -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db.auth.nova_api.password="$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args placement/base & helm upgrade --install octavia ./octavia \ @@ -124,7 +124,7 @@ helm upgrade --install octavia ./octavia \ --set conf.octavia.certificates.ca_private_key_passphrase="$(kubectl --namespace openstack get secret octavia-certificates -o jsonpath='{.data.password}' | base64 -d)" \ --set conf.octavia.ovn.ovn_nb_connection="tcp:$(kubectl --namespace kube-system get service ovn-nb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ --set conf.octavia.ovn.ovn_sb_connection="tcp:$(kubectl --namespace kube-system get service ovn-sb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args octavia/base & helm upgrade --install horizon ./horizon \ @@ -136,5 +136,5 @@ helm upgrade --install horizon ./horizon \ --set conf.horizon.local_settings.config.horizon_secret_key="$(kubectl --namespace openstack get secret horizon-secrete-key -o jsonpath='{.data.root-password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ --set endpoints.oslo_db.auth.horizon.password="$(kubectl --namespace openstack get secret horizon-db-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args horizon/base & From 9d07d5ee74a7481fa5e3ac0f8287d976fa615132 Mon Sep 17 00:00:00 2001 From: cloudnull Date: Thu, 27 Jun 2024 21:30:47 -0500 Subject: [PATCH 13/20] fix: topolvm example The topolvm storage provider was forcing the name to be 'local-path' in the 'general' overlay. While this work, it is a broken example for the rest of our docs. This fix addresses the naming so that it works like all the rest of our storage options. Signed-off-by: cloudnull --- kustomize.example/topolvm/general/kustomization.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kustomize.example/topolvm/general/kustomization.yaml b/kustomize.example/topolvm/general/kustomization.yaml index 502a5887..1540310d 100644 --- a/kustomize.example/topolvm/general/kustomization.yaml +++ b/kustomize.example/topolvm/general/kustomization.yaml @@ -15,7 +15,7 @@ helmCharts: cert-manager: enabled: false storageClasses: - - name: local-path # Defines name of storage class. + - name: general # Defines name of storage class. storageClass: fsType: xfs # Supported filesystems are: ext4, xfs, and btrfs. # reclaimPolicy @@ -30,7 +30,7 @@ helmCharts: # enables CSI drivers to expand volumes. This feature is available for Kubernetes 1.16 and later releases. allowVolumeExpansion: true additionalParameters: - topolvm.io/device-class: "local-path" + topolvm.io/device-class: "general" # mount options mountOptions: [] # lvmd service @@ -41,7 +41,7 @@ helmCharts: socketName: /run/topolvm/lvmd.sock # lvmd.deviceClasses -- Specify the device-class settings. deviceClasses: - - name: local-path + - name: general volume-group: vg-general default: true spare-gb: 10 From dad0ebc208fb1e0990e34477731deb2b2ab201e0 Mon Sep 17 00:00:00 2001 From: cloudnull Date: Thu, 27 Jun 2024 21:38:54 -0500 Subject: [PATCH 14/20] fix: correct libvirt chart path After the path rename and move to etc, we need to set the chart path for our example accordingly. Before the rename we used a relative path, this change updates the kustomize file to use the full known path. Signed-off-by: cloudnull --- kustomize.example/libvirt/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kustomize.example/libvirt/kustomization.yaml b/kustomize.example/libvirt/kustomization.yaml index d278dc2e..7619c256 100644 --- a/kustomize.example/libvirt/kustomization.yaml +++ b/kustomize.example/libvirt/kustomization.yaml @@ -1,5 +1,5 @@ helmGlobals: - chartHome: ../../submodules/openstack-helm-infra + chartHome: /opt/genestack/submodules/openstack-helm-infra helmCharts: - name: libvirt From a7675a78ed259ea9242b495063bfe0bd95cd8ab4 Mon Sep 17 00:00:00 2001 From: cloudnull Date: Thu, 27 Jun 2024 21:45:12 -0500 Subject: [PATCH 15/20] fix: doc types on ovn setup Simple fix to make the ovn setup doc use code blocks Signed-off-by: cloudnull --- docs/infrastructure-ovn-setup.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/infrastructure-ovn-setup.md b/docs/infrastructure-ovn-setup.md index 187adde1..90a3b817 100644 --- a/docs/infrastructure-ovn-setup.md +++ b/docs/infrastructure-ovn-setup.md @@ -121,7 +121,7 @@ kubectl apply -k /etc/genestack/kustomize/ovn After running the setup, nodes will have the label `ovn.openstack.org/configured` with a date stamp when it was configured. If there's ever a need to reconfigure a node, simply remove the label and the DaemonSet will take care of it automatically. -!!! note +!!! tip "Setup your OVN backup" To upload backups to Swift with tempauth, edit /etc/genestack/kustomize/ovn/ovn-backup/ovn-backup.config to set @@ -130,17 +130,19 @@ If there's ever a need to reconfigure a node, simply remove the label and the Da ST_KEY as appropriate for the Swift CLI client in the `swift-tempauth.env` file and then run: + ``` shell kubectl apply -k /etc/genestack/kustomize/ovn/ovn-backup \ --prune -l app=ovn-backup \ --prune-allowlist=core/v1/Secret \ --prune-allowlist=core/v1/ConfigMap + ``` If you need to change variables in the future, you can edit the relevant files and use `kubectl` with these prune options to avoid accumulating old ConfigMaps and Secrets from successive `kubectl apply` operations, but you can omit the pruning options if desired. -## Centralize `kube-ovn-controller` pods +### Centralize `kube-ovn-controller` pods By default, _Kubespray_ deploys _Kube-OVN_ allowing [`kube-ovn-controller` pods](https://kube-ovn.readthedocs.io/zh-cn/stable/en/reference/architecture/#kube-ovn-controller), which play a central role, to distribute across various kinds of cluster nodes. In _Genestack_, this would include compute nodes and other kinds of nodes. By contrast, `ovn-central` pods, which also play a crucial central role, run only on nodes labelled `"kube-ovn/role": "master"`. A _Genestack_ installation will typically have control functions centralized on a small set of nodes, which you may have different resource allocations and different redundancy and uptime requirements for relative to other types of nodes, so you can set the `kube-ovn-controller` pods to run in the same location as [`ovn-central`](https://kube-ovn.readthedocs.io/zh-cn/stable/en/reference/architecture/#ovn-central) on _Kube-OVN_ master nodes (which most likely simply match your k8s cluster control nodes unless you've customized it): From 291343b9ec12d58d86ad78b906e008fbdd0f4a7e Mon Sep 17 00:00:00 2001 From: cloudnull Date: Thu, 27 Jun 2024 21:48:05 -0500 Subject: [PATCH 16/20] feat: add /opt/genestack/manifests to bootstrap Signed-off-by: cloudnull --- bin/bootstrap.sh | 3 +++ bin/install-keystone.sh | 2 +- docs/infrastructure-metallb.md | 2 +- docs/openstack-keystone.md | 2 +- 4 files changed, 6 insertions(+), 3 deletions(-) diff --git a/bin/bootstrap.sh b/bin/bootstrap.sh index 3928c0c7..a17e469c 100755 --- a/bin/bootstrap.sh +++ b/bin/bootstrap.sh @@ -62,6 +62,9 @@ fi if [ ! -d "/opt/genestack/kustomize" ]; then cp -r /opt/genestack/kustomize.example /etc/genestack/kustomize fi +if [ ! -d "/opt/genestack/manifests" ]; then + cp -r /opt/genestack/manifests /etc/genestack/manifests +fi # Copy default k8s config test -d "ansible/inventory/${GENESTACK_PRODUCT}" || error "Product Config ${GENESTACK_PRODUCT} does not exist here" diff --git a/bin/install-keystone.sh b/bin/install-keystone.sh index 13e4ca78..a0cc1631 100755 --- a/bin/install-keystone.sh +++ b/bin/install-keystone.sh @@ -15,4 +15,4 @@ helm upgrade --install keystone ./keystone \ --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args keystone/base -kubectl --namespace openstack apply -f /opt/genestack/manifests/utils/utils-openstack-client-admin.yaml +kubectl --namespace openstack apply -f /etc/genestack/manifests/utils/utils-openstack-client-admin.yaml diff --git a/docs/infrastructure-metallb.md b/docs/infrastructure-metallb.md index 0831ed2d..ec2bc1fe 100644 --- a/docs/infrastructure-metallb.md +++ b/docs/infrastructure-metallb.md @@ -38,7 +38,7 @@ spec: ``` ``` shell -kubectl apply -f /opt/genestack/manifests/metallb/metallb-openstack-service-lb.yml +kubectl apply -f /etc/genestack/manifests/metallb/metallb-openstack-service-lb.yml ``` Assuming your ingress controller is all setup and your metallb loadbalancer is operational you can patch the ingress controller to expose your external VIP address. diff --git a/docs/openstack-keystone.md b/docs/openstack-keystone.md index fa827693..cc69d5a5 100644 --- a/docs/openstack-keystone.md +++ b/docs/openstack-keystone.md @@ -58,7 +58,7 @@ helm upgrade --install keystone ./keystone \ Deploy the openstack admin client pod (optional) ``` shell -kubectl --namespace openstack apply -f /opt/genestack/manifests/utils/utils-openstack-client-admin.yaml +kubectl --namespace openstack apply -f /etc/genestack/manifests/utils/utils-openstack-client-admin.yaml ``` ## Validate functionality From 402c1bf552ddbea286d5f80b582cc59524e70cb1 Mon Sep 17 00:00:00 2001 From: cloudnull Date: Thu, 27 Jun 2024 21:51:24 -0500 Subject: [PATCH 17/20] fix: fix path for loki examples Signed-off-by: cloudnull --- docs/infrastructure-loki.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/infrastructure-loki.md b/docs/infrastructure-loki.md index cc661825..04375d4a 100644 --- a/docs/infrastructure-loki.md +++ b/docs/infrastructure-loki.md @@ -25,7 +25,7 @@ helm upgrade --install \ If you plan on using **Swift** as a backend for log storage see the `loki-helm-swift-overrides-example.yaml` file in the `helm-configs/loki` directory. ``` yaml - --8<-- "helm-configs/loki/loki-helm-swift-overrides-example.yaml" + --8<-- "helm-configs.example/loki/loki-helm-swift-overrides-example.yaml" ``` !!! example @@ -33,7 +33,7 @@ helm upgrade --install \ If you plan on using **S3** as a backend for log storage see the `loki-helm-s3-overrides-example.yaml` file in the `helm-configs/loki` directory. ``` yaml - --8<-- "helm-configs/loki/loki-helm-s3-overrides-example.yaml" + --8<-- "helm-configs.example/loki/loki-helm-s3-overrides-example.yaml" ``` !!! example @@ -41,5 +41,5 @@ helm upgrade --install \ If you plan on using **Minio** as a backend for log storage see the `loki-helm-s3-overrides-example.yaml` file in the `helm-configs/loki` directory. ``` yaml - --8<-- "helm-configs/loki/loki-helm-minio-overrides-example.yaml" + --8<-- "helm-configs.example/loki/loki-helm-minio-overrides-example.yaml" ``` From 41562c60dc31cd0b4618bd6953cde036214d9b31 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Fri, 28 Jun 2024 07:54:08 -0500 Subject: [PATCH 18/20] fix: Ensure that bootstrap is checking the right path --- bin/bootstrap.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/bootstrap.sh b/bin/bootstrap.sh index a17e469c..e902f391 100755 --- a/bin/bootstrap.sh +++ b/bin/bootstrap.sh @@ -56,13 +56,13 @@ test -L $GENESTACK_CONFIG 2>&1 || mkdir -p ${GENESTACK_CONFIG} test -f $GENESTACK_CONFIG/provider || echo ${K8S_PROVIDER} > ${GENESTACK_CONFIG}/provider test -f $GENESTACK_CONFIG/product || echo ${GENESTACK_PRODUCT} > ${GENESTACK_CONFIG}/product mkdir -p $GENESTACK_CONFIG/inventory/group_vars ${GENESTACK_CONFIG}/inventory/credentials -if [ ! -d "/opt/genestack/helm-configs" ]; then +if [ ! -d "/etc/genestack/helm-configs" ]; then cp -r /opt/genestack/helm-configs.example /etc/genestack/helm-configs fi -if [ ! -d "/opt/genestack/kustomize" ]; then +if [ ! -d "/etc/genestack/kustomize" ]; then cp -r /opt/genestack/kustomize.example /etc/genestack/kustomize fi -if [ ! -d "/opt/genestack/manifests" ]; then +if [ ! -d "/etc/genestack/manifests" ]; then cp -r /opt/genestack/manifests /etc/genestack/manifests fi From 3e97d28db1daeb2150f37dd44763f6a264938ef8 Mon Sep 17 00:00:00 2001 From: Sulochan Acharya Date: Fri, 28 Jun 2024 12:42:10 +0100 Subject: [PATCH 19/20] Update jinja2 to 3.1.4 There is a dependabot alert on jinja2 version. We need this updated to 3.1.4 Ref: https://github.com/rackerlabs/genestack/security/dependabot/8 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 1408b456..7eec69ea 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,6 @@ ansible>=6.7.0,<=8.5.0 cryptography==42.0.4 -jinja2==3.1.2 +jinja2==3.1.4 jmespath==1.0.1 MarkupSafe==2.1.3 netaddr==0.9.0 From 3ca3d67423c96c8d2fa5a5ef1fc66e4e7bb22e23 Mon Sep 17 00:00:00 2001 From: aedan Date: Fri, 28 Jun 2024 09:20:58 -0500 Subject: [PATCH 20/20] Bootstrap needs to be in opt/genestack --- bin/bootstrap.sh => bootstrap.sh | 0 docs/genestack-getting-started.md | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename bin/bootstrap.sh => bootstrap.sh (100%) diff --git a/bin/bootstrap.sh b/bootstrap.sh similarity index 100% rename from bin/bootstrap.sh rename to bootstrap.sh diff --git a/docs/genestack-getting-started.md b/docs/genestack-getting-started.md index 8b4fc640..24abef62 100644 --- a/docs/genestack-getting-started.md +++ b/docs/genestack-getting-started.md @@ -19,7 +19,7 @@ It is persisted at /etc/genestack/product` for subsequent executions, it only ha ``` shell export GENESTACK_PRODUCT=openstack-flex -/opt/genestack/bin/bootstrap.sh +/opt/genestack/bootstrap.sh ``` !!! tip