diff --git a/ansible-collection-requirements.yml b/ansible-collection-requirements.yml index 0ab07c43..9d9836f2 100644 --- a/ansible-collection-requirements.yml +++ b/ansible-collection-requirements.yml @@ -12,5 +12,5 @@ collections: version: 2.1.0 type: git - name: https://github.com/ansible-collections/kubernetes.core - version: 3.0.0 + version: 3.2.0 type: git diff --git a/ansible/playbooks/network-service-types.yaml b/ansible/playbooks/network-service-types.yaml new file mode 100644 index 00000000..777b0657 --- /dev/null +++ b/ansible/playbooks/network-service-types.yaml @@ -0,0 +1,130 @@ +# This playbook ensures all subnets of a given network have the specified +# service types, but has defaults to prevent nova instances from connecting +# directly to a network named PUBLICNET (so that they have to use floating IPs.) +# +# This works by setting service types network:floatingip, +# network:router_gateway, and network:distributed on all subnets of PUBLICNET +# (or the specified network.) +# +# Usage: +# +# ansible-playbook publicnet.yaml +# +# Optionally, -e network_name=, and/or -e revert=true to remove +# the above-listed service types from the subnets of the network. +# +# It saves a copy of the subnets every time you run the playbook (unless you +# use something like -e save_copy=false) +# +# Dependencies: +# +# - You will need a working clouds.yaml. You can see how to generate one in: +# $GENESTACK/docs/openstack-clouds.md +# - a working `openstack` command +# - unfortunately, the Ansible collection openstack.cloud can only create +# and delete subnets, not modify them +# - Ansible collection openstack.cloud +# - however, you probably will not need to install this because you will +# typically find this already available in the venv the genestack creates +# for the 'root' user on the bastion by default +# +# See comments at the end of the playbook for an example of creating network(s) +# to test on, since you can use -e network_name and specify a test network. + +- name: Set service types on subnets to prevent instances from connecting directly to PUBLICNET + hosts: localhost + gather_facts: false + + vars: + cloud: default + network_name: PUBLICNET + revert: false + save_copy: true + service_types: + - 'network:floatingip' + - 'network:router_gateway' + - 'network:distributed' + + tasks: + + - name: List cloud networks + openstack.cloud.networks_info: + cloud: "{{ cloud }}" + name: "{{ network_name }}" + register: networks_result + + - name: Fail unless matching one network. + fail: + msg: "Failed to match exactly one network. Try -e network_name=" + when: + - networks_result.networks | length != 1 + + - name: Get subnet info + openstack.cloud.subnets_info: + cloud: "{{ cloud }}" + name: "{{ item }}" + register: subnets_result + loop: "{{ networks_result.networks[0].subnet_ids }}" + + - name: Gather timestamp for subnet backup info + ansible.builtin.setup: + filter: "ansible_date_time" + when: save_copy | bool + + # If we operated on the wrong subnet or it has some complicated set of + # service types, we have a full copy of what everything looked like before + # the playbook changed anything and can manually fix it. + - name: Save a copy of pre-change subnet info + # While saving a file should technically result in an Ansible 'changed', + # I only wanted to see 'changed' when Ansible changes service types on + # subnets. + # + # While the task never reports 'changed', it can still fail the playbook + # run, which seems like desirable behavior if we couldn't save a copy. + changed_when: false + copy: + content: > + {{ item.subnets[0] }} + dest: "{{ item.subnets[0].id }}_{{ ansible_date_time.year }}-{{ ansible_date_time.month }}-{{ ansible_date_time.day }}-{{ ansible_date_time.hour }}-{{ ansible_date_time.minute }}-{{ ansible_date_time.second }}.json" + when: save_copy | bool + loop: "{{ subnets_result.results }}" + + # Unfortunately, openstack.cloud.subnet cannot modify subnets. It can only + # create and delete them: https://docs.ansible.com/ansible/latest/collections/openstack/cloud/subnet_module.html#ansible-collections-openstack-cloud-subnet-module + # We have to use the CLI tool here (or the raw Neutron API; we just can't + # use the module.) + # + # If you try to set a service type that already exists on a subnet, Neutron + # will take a very long time and then give you a http 409, so in addition + # to generating one Ansible 'change' per service type and subnet changed + # (which seems good), we definitely have to set only the ones the subnet + # doesn't already have anyway, so we loop through the full cross-product + # of subnets and service types here. + - name: Set service types on subnets. + shell: > + openstack subnet set {{ item.0.subnets[0].id }} --service-type {{ item.1 }} + loop: "{{ subnets_result.results | product(service_types) | list }}" + when: + - item.1 not in item.0.subnets[0].service_types + - not revert | bool + + # Unsetting only happens on 'revert'. + - name: Unset service types on subnets. + shell: > + openstack subnet unset {{ item.0.subnets[0].id }} --service-type {{ item.1 }} + loop: "{{ subnets_result.results | product(service_types) | list }}" + when: + - item.1 in item.0.subnets[0].service_types + - revert | bool + +# Test network +# +# You can easily create a test network with a few subnets to see how this works, +# if desired: +# +# openstack network create testnet +# openstack subnet create testsubnet \ +# --network testnet --subnet-range 192.168.8.0/24 +# openstack subnet create testsubnet2 \ +# --network testnet --subnet-range 192.168.9.0/24 +# ansible-playbook -e network_name=testnet diff --git a/bin/create-secrets.sh b/bin/create-secrets.sh new file mode 100755 index 00000000..a0c38c6a --- /dev/null +++ b/bin/create-secrets.sh @@ -0,0 +1,495 @@ +#!/bin/bash + +generate_password() { + < /dev/urandom tr -dc _A-Za-z0-9 | head -c${1:-32} +} + +mariadb_root_password=$(generate_password 32) +mariadb_password=$(generate_password 32) +keystone_rabbitmq_password=$(generate_password 64) +keystone_db_password=$(generate_password 32) +keystone_admin_password=$(generate_password 32) +keystone_credential_keys_password=$(generate_password 32) +glance_rabbitmq_password=$(generate_password 64) +glance_db_password=$(generate_password 32) +glance_admin_password=$(generate_password 32) +heat_rabbitmq_password=$(generate_password 64) +heat_db_password=$(generate_password 32) +heat_admin_password=$(generate_password 32) +heat_trustee_password=$(generate_password 32) +heat_stack_user_password=$(generate_password 32) +cinder_rabbitmq_password=$(generate_password 64) +cinder_db_password=$(generate_password 32) +cinder_admin_password=$(generate_password 32) +metadata_shared_secret_password=$(generate_password 32) +placement_db_password=$(generate_password 32) +placement_admin_password=$(generate_password 32) +nova_db_password=$(generate_password 32) +nova_admin_password=$(generate_password 32) +nova_rabbitmq_password=$(generate_password 64) +nova_ssh_public_key=$(ssh-keygen -qt ed25519 -N '' -C "nova_ssh" -f nova_ssh_key && cat nova_ssh_key.pub) +nova_ssh_private_key=$(cat nova_ssh_key) +ironic_admin_password=$(generate_password 32) +designate_admin_password=$(generate_password 32) +neutron_rabbitmq_password=$(generate_password 64) +neutron_db_password=$(generate_password 32) +neutron_admin_password=$(generate_password 32) +horizon_secret_key_password=$(generate_password 64) +horizon_db_password=$(generate_password 32) +skyline_service_password=$(generate_password 32) +skyline_db_password=$(generate_password 32) +skyline_secret_key_password=$(generate_password 32) +octavia_rabbitmq_password=$(generate_password 64) +octavia_db_password=$(generate_password 32) +octavia_admin_password=$(generate_password 32) +octavia_certificates_password=$(generate_password 32) +postgresql_identity_admin_password=$(generate_password 32) +postgresql_db_admin_password=$(generate_password 32) +postgresql_db_exporter_password=$(generate_password 32) +postgresql_db_audit_password=$(generate_password 32) +gnocchi_admin_password=$(generate_password 32) +gnocchi_db_password=$(generate_password 32) +gnocchi_pgsql_password=$(generate_password 32) +ceilometer_keystone_admin_password=$(generate_password 32) +ceilometer_keystone_test_password=$(generate_password 32) +ceilometer_rabbitmq_password=$(generate_password 32) + +OUTPUT_FILE="/etc/genestack/secrets.yaml" + +cat < $OUTPUT_FILE +apiVersion: v1 +kind: Secret +metadata: + name: mariadb + namespace: openstack +type: Opaque +data: + root-password: $(echo -n $mariadb_root_password | base64) + password: $(echo -n $mariadb_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: keystone-rabbitmq-password + namespace: openstack +type: Opaque +data: + username: $(echo -n "keystone" | base64) + password: $(echo -n $keystone_rabbitmq_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: keystone-db-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $keystone_db_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: keystone-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $keystone_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: keystone-credential-keys + namespace: openstack +type: Opaque +data: + password: $(echo -n $keystone_credential_keys_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: glance-rabbitmq-password + namespace: openstack +type: Opaque +data: + username: $(echo -n "glance" | base64) + password: $(echo -n $glance_rabbitmq_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: glance-db-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $glance_db_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: glance-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $glance_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: heat-rabbitmq-password + namespace: openstack +type: Opaque +data: + username: $(echo -n "heat" | base64) + password: $(echo -n $heat_rabbitmq_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: heat-db-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $heat_db_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: heat-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $heat_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: heat-trustee + namespace: openstack +type: Opaque +data: + password: $(echo -n $heat_trustee_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: heat-stack-user + namespace: openstack +type: Opaque +data: + password: $(echo -n $heat_stack_user_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: cinder-rabbitmq-password + namespace: openstack +type: Opaque +data: + username: $(echo -n "cinder" | base64) + password: $(echo -n $cinder_rabbitmq_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: cinder-db-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $cinder_db_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: cinder-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $cinder_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: metadata-shared-secret + namespace: openstack +type: Opaque +data: + password: $(echo -n $metadata_shared_secret_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: placement-db-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $placement_db_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: placement-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $placement_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: nova-db-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $nova_db_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: nova-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $nova_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: nova-rabbitmq-password + namespace: openstack +type: Opaque +data: + username: $(echo -n "nova" | base64) + password: $(echo -n $nova_rabbitmq_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: nova-ssh-keypair + namespace: openstack +type: Opaque +data: + public_key: $(echo -n $nova_ssh_public_key | base64) + private_key: $(echo -n $nova_ssh_private_key | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: ironic-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $ironic_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: designate-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $designate_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: neutron-rabbitmq-password + namespace: openstack +type: Opaque +data: + username: $(echo -n "neutron" | base64) + password: $(echo -n $neutron_rabbitmq_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: neutron-db-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $neutron_db_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: neutron-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $neutron_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: horizon-secrete-key + namespace: openstack +type: Opaque +data: + username: $(echo -n "horizon" | base64) + password: $(echo -n $horizon_secret_key_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: horizon-db-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $horizon_db_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: skyline-apiserver-secrets + namespace: openstack +type: Opaque +data: + service-username: $(echo -n "skyline" | base64) + service-password: $(echo -n $skyline_service_password | base64) + service-domain: $(echo -n "service" | base64) + service-project: $(echo -n "service" | base64) + service-project-domain: $(echo -n "service" | base64) + db-endpoint: $(echo -n "mariadb-cluster-primary.openstack.svc.cluster.local" | base64) + db-name: $(echo -n "skyline" | base64) + db-username: $(echo -n "skyline" | base64) + db-password: $(echo -n $skyline_db_password | base64) + secret-key: $(echo -n $skyline_secret_key_password | base64) + keystone-endpoint: $(echo -n $keystone_admin_password | base64) # Using the generated keystone-keystone-admin password + keystone-username: $(echo -n "skyline" | base64) + default-region: $(echo -n "RegionOne" | base64) + prometheus_basic_auth_password: $(echo -n "" | base64) + prometheus_basic_auth_user: $(echo -n "" | base64) + prometheus_enable_basic_auth: $(echo -n "false" | base64) + prometheus_endpoint: $(echo -n "http://kube-prometheus-stack-prometheus.prometheus.svc.cluster.local:9090" | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: octavia-rabbitmq-password + namespace: openstack +type: Opaque +data: + username: $(echo -n "octavia" | base64) + password: $(echo -n $octavia_rabbitmq_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: octavia-db-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $octavia_db_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: octavia-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $octavia_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: octavia-certificates + namespace: openstack +type: Opaque +data: + password: $(echo -n $octavia_certificates_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: postgresql-identity-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $postgresql_identity_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: postgresql-db-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $postgresql_db_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: postgresql-db-exporter + namespace: openstack +type: Opaque +data: + password: $(echo -n $postgresql_db_exporter_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: postgresql-db-audit + namespace: openstack +type: Opaque +data: + password: $(echo -n $postgresql_db_audit_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: gnocchi-admin + namespace: openstack +type: Opaque +data: + password: $(echo -n $gnocchi_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: gnocchi-db-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $gnocchi_db_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: gnocchi-pgsql-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $gnocchi_pgsql_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: ceilometer-keystone-admin-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $ceilometer_keystone_admin_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: ceilometer-keystone-test-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $ceilometer_keystone_test_password | base64) +--- +apiVersion: v1 +kind: Secret +metadata: + name: ceilometer-rabbitmq-password + namespace: openstack +type: Opaque +data: + password: $(echo -n $ceilometer_rabbitmq_password | base64) +EOF + +rm nova_ssh_key nova_ssh_key.pub + +echo "Secrets YAML file created as ${OUTPUT_FILE}" + diff --git a/bin/install-ceilometer.sh b/bin/install-ceilometer.sh new file mode 100755 index 00000000..af432a7c --- /dev/null +++ b/bin/install-ceilometer.sh @@ -0,0 +1,23 @@ +#!/bin/bash +cd /opt/genestack/submodules/openstack-helm +helm upgrade --install ceilometer ./ceilometer \ + --namespace=openstack \ + --wait \ + --timeout 10m \ + -f /etc/genestack/helm-configs/ceilometer/ceilometer-helm-overrides.yaml \ + --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.ceilometer.password="$(kubectl --namespace openstack get secret ceilometer-keystone-admin-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.test.password="$(kubectl --namespace openstack get secret ceilometer-keystone-test-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_messaging.auth.admin.username="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.username}' | base64 -d)" \ + --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_messaging.auth.ceilometer.password="$(kubectl --namespace openstack get secret ceilometer-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.ceilometer.oslo_messaging_notifications.transport_url="\ +rabbit://ceilometer:$(kubectl --namespace openstack get secret ceilometer-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/ceilometer"\ + --set conf.ceilometer.notification.messaging_urls.values="{\ +rabbit://ceilometer:$(kubectl --namespace openstack get secret ceilometer-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/ceilometer,\ +rabbit://cinder:$(kubectl --namespace openstack get secret cinder-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/cinder,\ +rabbit://glance:$(kubectl --namespace openstack get secret glance-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/glance,\ +rabbit://heat:$(kubectl --namespace openstack get secret heat-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/heat,\ +rabbit://keystone:$(kubectl --namespace openstack get secret keystone-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/keystone,\ +rabbit://neutron:$(kubectl --namespace openstack get secret neutron-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/neutron,\ +rabbit://nova:$(kubectl --namespace openstack get secret nova-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)@rabbitmq.openstack.svc.cluster.local:5672/nova}" diff --git a/bin/install-cinder.sh b/bin/install-cinder.sh new file mode 100755 index 00000000..8de6aa4e --- /dev/null +++ b/bin/install-cinder.sh @@ -0,0 +1,18 @@ +#!/bin/bash +cd /opt/genestack/submodules/openstack-helm + +helm upgrade --install heat ./heat \ + --namespace=openstack \ + --timeout 120m \ + -f /etc/genestack/helm-configs/heat/heat-helm-overrides.yaml \ + --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.heat.password="$(kubectl --namespace openstack get secret heat-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.heat_trustee.password="$(kubectl --namespace openstack get secret heat-trustee -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.heat_stack_user.password="$(kubectl --namespace openstack get secret heat-stack-user -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.heat.password="$(kubectl --namespace openstack get secret heat-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.heat.database.slave_connection="mysql+pymysql://heat:$(kubectl --namespace openstack get secret heat-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/heat" \ + --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_messaging.auth.heat.password="$(kubectl --namespace openstack get secret heat-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ + --post-renderer-args heat/base diff --git a/bin/install-glance.sh b/bin/install-glance.sh new file mode 100755 index 00000000..8421090c --- /dev/null +++ b/bin/install-glance.sh @@ -0,0 +1,17 @@ +#!/bin/bash +cd /opt/genestack/submodules/openstack-helm + +helm upgrade --install glance ./glance \ + --namespace=openstack \ + --wait \ + --timeout 120m \ + -f /etc/genestack/helm-configs/glance/glance-helm-overrides.yaml \ + --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.glance.password="$(kubectl --namespace openstack get secret glance-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.glance.password="$(kubectl --namespace openstack get secret glance-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.glance.database.slave_connection="mysql+pymysql://glance:$(kubectl --namespace openstack get secret glance-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/glance" \ + --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_messaging.auth.glance.password="$(kubectl --namespace openstack get secret glance-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ + --post-renderer-args glance/base diff --git a/bin/install-gnocchi.sh b/bin/install-gnocchi.sh new file mode 100755 index 00000000..01c1d15f --- /dev/null +++ b/bin/install-gnocchi.sh @@ -0,0 +1,16 @@ +#!/bin/bash +cd /opt/genestack/submodules/openstack-helm-infra +helm upgrade --install gnocchi ./gnocchi \ + --namespace=openstack \ + --wait \ + --timeout 10m \ + -f /etc/genestack/helm-configs/gnocchi/gnocchi-helm-overrides.yaml \ + --set conf.ceph.admin_keyring="$(kubectl get secret --namespace rook-ceph rook-ceph-admin-keyring -o jsonpath='{.data.keyring}' | base64 -d)" \ + --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.gnocchi.password="$(kubectl --namespace openstack get secret gnocchi-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.gnocchi.password="$(kubectl --namespace openstack get secret gnocchi-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db_postgresql.auth.admin.password="$(kubectl --namespace openstack get secret postgresql-db-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db_postgresql.auth.gnocchi.password="$(kubectl --namespace openstack get secret gnocchi-pgsql-password -o jsonpath='{.data.password}' | base64 -d)" \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ + --post-renderer-args gnocchi/base diff --git a/bin/install-heat.sh b/bin/install-heat.sh new file mode 100755 index 00000000..b4db1cd7 --- /dev/null +++ b/bin/install-heat.sh @@ -0,0 +1,14 @@ +#!/bin/bash +cd /opt/genestack/submodules/openstack-helm + +helm upgrade --install horizon ./horizon \ + --namespace=openstack \ + --wait \ + --timeout 120m \ + -f /etc/genestack/helm-configs/horizon/horizon-helm-overrides.yaml \ + --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.horizon.local_settings.config.horizon_secret_key="$(kubectl --namespace openstack get secret horizon-secrete-key -o jsonpath='{.data.root-password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.horizon.password="$(kubectl --namespace openstack get secret horizon-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ + --post-renderer-args horizon/base diff --git a/bin/install-keystone.sh b/bin/install-keystone.sh new file mode 100755 index 00000000..a0cc1631 --- /dev/null +++ b/bin/install-keystone.sh @@ -0,0 +1,18 @@ +#!/bin/bash +cd /opt/genestack/submodules/openstack-helm + +helm upgrade --install keystone ./keystone \ + --namespace=openstack \ + --wait \ + --timeout 120m \ + -f /etc/genestack/helm-configs/keystone/keystone-helm-overrides.yaml \ + --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.keystone.password="$(kubectl --namespace openstack get secret keystone-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.keystone.database.slave_connection="mysql+pymysql://keystone:$(kubectl --namespace openstack get secret keystone-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/keystone" \ + --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_messaging.auth.keystone.password="$(kubectl --namespace openstack get secret keystone-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ + --post-renderer-args keystone/base + +kubectl --namespace openstack apply -f /etc/genestack/manifests/utils/utils-openstack-client-admin.yaml diff --git a/bin/install-neutron.sh b/bin/install-neutron.sh new file mode 100755 index 00000000..66b09f71 --- /dev/null +++ b/bin/install-neutron.sh @@ -0,0 +1,26 @@ +#!/bin/bash +cd /opt/genestack/submodules/openstack-helm + +helm upgrade --install neutron ./neutron \ + --namespace=openstack \ + --timeout 120m \ + -f /etc/genestack/helm-configs/neutron/neutron-helm-overrides.yaml \ + --set conf.metadata_agent.DEFAULT.metadata_proxy_shared_secret="$(kubectl --namespace openstack get secret metadata-shared-secret -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.ovn_metadata_agent.DEFAULT.metadata_proxy_shared_secret="$(kubectl --namespace openstack get secret metadata-shared-secret -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.neutron.password="$(kubectl --namespace openstack get secret neutron-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.nova.password="$(kubectl --namespace openstack get secret nova-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.placement.password="$(kubectl --namespace openstack get secret placement-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.designate.password="$(kubectl --namespace openstack get secret designate-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.ironic.password="$(kubectl --namespace openstack get secret ironic-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.neutron.password="$(kubectl --namespace openstack get secret neutron-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.neutron.database.slave_connection="mysql+pymysql://neutron:$(kubectl --namespace openstack get secret neutron-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/neutron" \ + --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_messaging.auth.neutron.password="$(kubectl --namespace openstack get secret neutron-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.neutron.ovn.ovn_nb_connection="tcp:$(kubectl --namespace kube-system get service ovn-nb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ + --set conf.neutron.ovn.ovn_sb_connection="tcp:$(kubectl --namespace kube-system get service ovn-sb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ + --set conf.plugins.ml2_conf.ovn.ovn_nb_connection="tcp:$(kubectl --namespace kube-system get service ovn-nb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ + --set conf.plugins.ml2_conf.ovn.ovn_sb_connection="tcp:$(kubectl --namespace kube-system get service ovn-sb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ + --post-renderer-args neutron/base diff --git a/bin/install-nova.sh b/bin/install-nova.sh new file mode 100755 index 00000000..5f759456 --- /dev/null +++ b/bin/install-nova.sh @@ -0,0 +1,29 @@ +#!/bin/bash +cd /opt/genestack/submodules/openstack-helm + +helm upgrade --install nova ./nova \ + --namespace=openstack \ + --timeout 120m \ + -f /etc/genestack/helm-configs/nova/nova-helm-overrides.yaml \ + --set conf.nova.neutron.metadata_proxy_shared_secret="$(kubectl --namespace openstack get secret metadata-shared-secret -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.nova.password="$(kubectl --namespace openstack get secret nova-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.neutron.password="$(kubectl --namespace openstack get secret neutron-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.ironic.password="$(kubectl --namespace openstack get secret ironic-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.placement.password="$(kubectl --namespace openstack get secret placement-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.cinder.password="$(kubectl --namespace openstack get secret cinder-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.nova.password="$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db_api.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ + --set endpoints.oslo_db_api.auth.nova.password="$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db_cell0.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ + --set endpoints.oslo_db_cell0.auth.nova.password="$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.nova.database.slave_connection="mysql+pymysql://nova:$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/nova" \ + --set conf.nova.api_database.slave_connection="mysql+pymysql://nova:$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/nova_api" \ + --set conf.nova.cell0_database.slave_connection="mysql+pymysql://nova:$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/nova_cell0" \ + --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_messaging.auth.nova.password="$(kubectl --namespace openstack get secret nova-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set network.ssh.public_key="$(kubectl -n openstack get secret nova-ssh-keypair -o jsonpath='{.data.public_key}' | base64 -d)"$'\n' \ + --set network.ssh.private_key="$(kubectl -n openstack get secret nova-ssh-keypair -o jsonpath='{.data.private_key}' | base64 -d)"$'\n' \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ + --post-renderer-args nova/base diff --git a/bin/install-octavia.sh b/bin/install-octavia.sh new file mode 100755 index 00000000..fb112362 --- /dev/null +++ b/bin/install-octavia.sh @@ -0,0 +1,20 @@ +#!/bin/bash +cd /opt/genestack/submodules/openstack-helm + +helm upgrade --install octavia ./octavia \ + --namespace=openstack \ + --wait \ + --timeout 120m \ + -f /etc/genestack/helm-configs/octavia/octavia-helm-overrides.yaml \ + --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.octavia.password="$(kubectl --namespace openstack get secret octavia-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.octavia.password="$(kubectl --namespace openstack get secret octavia-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.octavia.database.slave_connection="mysql+pymysql://octavia:$(kubectl --namespace openstack get secret octavia-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/octavia" \ + --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_messaging.auth.octavia.password="$(kubectl --namespace openstack get secret octavia-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.octavia.certificates.ca_private_key_passphrase="$(kubectl --namespace openstack get secret octavia-certificates -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.octavia.ovn.ovn_nb_connection="tcp:$(kubectl --namespace kube-system get service ovn-nb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ + --set conf.octavia.ovn.ovn_sb_connection="tcp:$(kubectl --namespace kube-system get service ovn-sb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ + --post-renderer-args octavia/base diff --git a/bin/install-placement.sh b/bin/install-placement.sh new file mode 100755 index 00000000..53a8ead2 --- /dev/null +++ b/bin/install-placement.sh @@ -0,0 +1,15 @@ +#!/bin/bash +cd /opt/genestack/submodules/openstack-helm + +helm upgrade --install placement ./placement --namespace=openstack \ + --namespace=openstack \ + --timeout 120m \ + -f /etc/genestack/helm-configs/placement/placement-helm-overrides.yaml \ + --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.placement.password="$(kubectl --namespace openstack get secret placement-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.placement.password="$(kubectl --namespace openstack get secret placement-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set conf.placement.placement_database.slave_connection="mysql+pymysql://placement:$(kubectl --namespace openstack get secret placement-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/placement" \ + --set endpoints.oslo_db.auth.nova_api.password="$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ + --post-renderer-args placement/base diff --git a/bin/install-postgresql.sh b/bin/install-postgresql.sh new file mode 100755 index 00000000..c4a98482 --- /dev/null +++ b/bin/install-postgresql.sh @@ -0,0 +1,12 @@ +#!/bin/bash +cd /opt/genestack/submodules/openstack-helm-infra +helm upgrade --install postgresql ./postgresql \ + --namespace=openstack \ + --wait \ + --timeout 10m \ + -f /etc/genestack/helm-configs/postgresql/postgresql-helm-overrides.yaml \ + --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.postgresql.password="$(kubectl --namespace openstack get secret postgresql-identity-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.postgresql.auth.admin.password="$(kubectl --namespace openstack get secret postgresql-db-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.postgresql.auth.exporter.password="$(kubectl --namespace openstack get secret postgresql-db-exporter -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.postgresql.auth.audit.password="$(kubectl --namespace openstack get secret postgresql-db-audit -o jsonpath='{.data.password}' | base64 -d)" diff --git a/bin/install-skyline.sh b/bin/install-skyline.sh new file mode 100755 index 00000000..c08d1af7 --- /dev/null +++ b/bin/install-skyline.sh @@ -0,0 +1,2 @@ +#!/bin/bash +kubectl --namespace openstack apply -k /etc/genestack/kustomize/skyline/base diff --git a/bin/label-nodes.sh b/bin/label-nodes.sh new file mode 100755 index 00000000..91e7c751 --- /dev/null +++ b/bin/label-nodes.sh @@ -0,0 +1,57 @@ +#!/bin/bash + +if [ -z "$1" ]; then + echo "Usage: $0 " + exit 1 +fi +INVENTORY_FILE="$1" + +# Define the function to label nodes +label_nodes() { + local group=$1 + local label=$2 + + if grep -q "$group:" $INVENTORY_FILE; then + local nodes=($(grep -A 1 "children:" $INVENTORY_FILE | grep -A 1 " $group:" | grep -Eo "^\s+\S+" | tr -d ' ')) + for node in "${nodes[@]}"; do + if [[ $node != "|" ]]; then + kubectl label node $node $label --overwrite + echo "Labeled node $node with $label" + fi + done + else + echo "Group $group does not exist in the inventory file." + fi +} + +# Label the storage nodes identified by ceph_storage_nodes +label_nodes "ceph_storage_nodes" "role=storage-node" + +# Label the openstack controllers identified by openstack_control_plane +label_nodes "openstack_control_plane" "openstack-control-plane=enabled" + +# Label the openstack compute nodes identified by openstack_compute_nodes +label_nodes "openstack_compute_nodes" "openstack-compute-node=enabled" + +# Label the openstack storage nodes identified by cinder_storage_nodes +label_nodes "cinder_storage_nodes" "openstack-storage-node=enabled" + +# Label network nodes identified by ovn_network_nodes +label_nodes "ovn_network_nodes" "openstack-network-node=enabled" + +# Label all workers - Identified by kube_node excluding kube_control_plane +if grep -q "kube_node:" $INVENTORY_FILE; then + kube_control_plane_nodes=($(grep -A 1 "children:" $INVENTORY_FILE | grep -A 1 " kube_control_plane:" | grep -Eo "^\s+\S+" | tr -d ' ')) + all_kube_nodes=($(grep -A 1 "children:" $INVENTORY_FILE | grep -A 1 " kube_node:" | grep -Eo "^\s+\S+" | tr -d ' ')) + + for node in "${all_kube_nodes[@]}"; do + if [[ ! " ${kube_control_plane_nodes[@]} " =~ " ${node} " ]]; then + kubectl label node $node node-role.kubernetes.io/worker=worker --overwrite + echo "Labeled node $node with node-role.kubernetes.io/worker=worker" + fi + done +else + echo "Group kube_node does not exist in the inventory file." +fi + +kubectl get nodes -o json | jq '[.items[] | {"NAME": .metadata.name, "LABELS": .metadata.labels}]' diff --git a/bin/setup-hosts.sh b/bin/setup-hosts.sh new file mode 100755 index 00000000..e4b06856 --- /dev/null +++ b/bin/setup-hosts.sh @@ -0,0 +1,8 @@ +#!/bin/bash +source /opt/genestack/scripts/genestack.rc +cd /opt/genestack/ansible/playbooks +ansible-playbook /root/genestack-scripts/prep-nodes.yaml +# Start kube install +ansible-playbook host-setup.yml +cd /opt/genestack/submodules/kubespray +ansible-playbook cluster.yml diff --git a/bin/setup-openstack.sh b/bin/setup-openstack.sh new file mode 100755 index 00000000..4276dfa9 --- /dev/null +++ b/bin/setup-openstack.sh @@ -0,0 +1,27 @@ +#!/bin/bash +#Deploy Keystone +/opt/genestack/bin/install-keystone.sh + +# Deploy Glance +/opt/genestack/bin/install-glance.sh + +# Deploy Heat +/opt/genestack/bin/install-heat.sh + +# Deploy Cinder +/opt/genestack/bin/install-cinder.sh + +# Deploy placement +/opt/genestack/bin/install-placement.sh + +# Deploy Nova +/opt/genestack/bin/install-nova.sh + +# Deploy Neutron +/opt/genestack/bin/install-neutron.sh + +# Deploy Octavia +/opt/genestack/bin/install-octavia.sh + +# Deploy SkyLine +/opt/genestack/bin/install-skyline.sh diff --git a/bootstrap.sh b/bootstrap.sh index bbf34e22..e902f391 100755 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -56,6 +56,15 @@ test -L $GENESTACK_CONFIG 2>&1 || mkdir -p ${GENESTACK_CONFIG} test -f $GENESTACK_CONFIG/provider || echo ${K8S_PROVIDER} > ${GENESTACK_CONFIG}/provider test -f $GENESTACK_CONFIG/product || echo ${GENESTACK_PRODUCT} > ${GENESTACK_CONFIG}/product mkdir -p $GENESTACK_CONFIG/inventory/group_vars ${GENESTACK_CONFIG}/inventory/credentials +if [ ! -d "/etc/genestack/helm-configs" ]; then + cp -r /opt/genestack/helm-configs.example /etc/genestack/helm-configs +fi +if [ ! -d "/etc/genestack/kustomize" ]; then + cp -r /opt/genestack/kustomize.example /etc/genestack/kustomize +fi +if [ ! -d "/etc/genestack/manifests" ]; then + cp -r /opt/genestack/manifests /etc/genestack/manifests +fi # Copy default k8s config test -d "ansible/inventory/${GENESTACK_PRODUCT}" || error "Product Config ${GENESTACK_PRODUCT} does not exist here" diff --git a/docs/etcd-backup.md b/docs/etcd-backup.md index 11f9b61c..cc5f49ae 100644 --- a/docs/etcd-backup.md +++ b/docs/etcd-backup.md @@ -43,5 +43,5 @@ kubectl --namespace openstack \ Next, Deploy the backup job: ``` -kubectl apply -k /opt/genestack/kustomize/backups/etcd/etcd-backup.yaml --namespace openstack +kubectl apply -k /etc/genestack/kustomize/backups/etcd/etcd-backup.yaml --namespace openstack ``` diff --git a/docs/extra-osie.md b/docs/extra-osie.md index 31eb2a17..9c26b5e7 100644 --- a/docs/extra-osie.md +++ b/docs/extra-osie.md @@ -6,5 +6,5 @@ helm upgrade --install osie osie/osie \ --create-namespace \ --wait \ --timeout 120m \ - -f /opt/genestack/helm-configs/osie/osie-helm-overrides.yaml + -f /etc/genestack/helm-configs/osie/osie-helm-overrides.yaml ``` diff --git a/docs/grafana.md b/docs/grafana.md index 2e140acf..40dbf2de 100644 --- a/docs/grafana.md +++ b/docs/grafana.md @@ -21,7 +21,7 @@ You can base64 encode your `client_id` and `client_secret` by using the echo and echo -n "YOUR CLIENT ID OR SECRET" | base64 ``` -This example file is located at `/opt/genestack/kustomize/grafana/base` +This example file is located at `/etc/genestack/kustomize/grafana/base` example secret file: ``` yaml @@ -44,7 +44,7 @@ If you are configuring grafana to use tls/ssl, you should create a file for your Your cert and key files should look something like the following (cert and key example taken from [VMware Docs](https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.admin.doc/GUID-BBC4804F-AC54-4DD2-BF6B-ECD2F60083F6.html "VMware Docs")). -These example files are located in `/opt/genestack/kustomize/grafana/base` +These example files are located in `/etc/genestack/kustomize/grafana/base` ??? example @@ -110,7 +110,7 @@ These example files are located in `/opt/genestack/kustomize/grafana/base` ## Update datasources.yaml -The datasource.yaml file is located at `/opt/genestack/kustomize/grafana/base` +The datasource.yaml file is located at `/etc/genestack/kustomize/grafana/base` If you have specific datasources that should be populated when grafana deploys, update the datasource.yaml to use your values. The example below shows one way to configure prometheus and loki datasources. @@ -137,7 +137,7 @@ datasources: ## Update grafana-values.yaml -The grafana-values.yaml file is located at `/opt/genestack/kustomize/grafana/base` +The grafana-values.yaml file is located at `/etc/genestack/kustomize/grafana/base` You must edit this file to include your specific url and azure tenant id @@ -146,8 +146,8 @@ You must edit this file to include your specific url and azure tenant id ## Create the tls secret and install ``` shell -kubectl -n grafana create secret tls grafana-tls-public --cert=/opt/genestack/kustomize/grafana/base/cert.pem --key=/opt/genestack/kustomize/grafana/base/key.pem +kubectl -n grafana create secret tls grafana-tls-public --cert=/etc/genestack/kustomize/grafana/base/cert.pem --key=/etc/genestack/kustomize/grafana/base/key.pem -kubectl kustomize --enable-helm /opt/genestack/kustomize/grafana/base | \ +kubectl kustomize --enable-helm /etc/genestack/kustomize/grafana/base | \ kubectl -n grafana -f - ``` diff --git a/docs/infrastructure-gateway-api.md b/docs/infrastructure-gateway-api.md index 2faeac0c..cd3809ae 100644 --- a/docs/infrastructure-gateway-api.md +++ b/docs/infrastructure-gateway-api.md @@ -7,12 +7,14 @@ Since Gateway APIs are successor to Ingress Controllers there needs to be a one ### Resource Models in Gateway API + There are 3 main resource models in gateway apis: 1. GatewayClass - Mostly managed by a controller. 2. Gateway - An instance of traffic handling infra like a LB. 3. Routes - Defines HTTP-specific rules for mapping traffic from a Gateway listener to a representation of backend network endpoints. **k8s Gateway API is NOT the same as API Gateways** + While both sound the same, API Gateway is a more of a general concept that defines a set of resources that exposes capabilities of a backend service but also provide other functionalities like traffic management, rate limiting, authentication and more. It is geared towards commercial API management and monetisation. From the gateway api sig: @@ -21,27 +23,30 @@ From the gateway api sig: Most Gateway API implementations are API Gateways to some extent, but not all API Gateways are Gateway API implementations. - ### Controller: NGINX Gateway Fabric + [NGINX Gateway Fabric](https://github.com/nginxinc/nginx-gateway-fabric) is an open-source project that provides an implementation of the Gateway API using nginx as the data plane. Chart Install: https://github.com/nginxinc/nginx-gateway-fabric/blob/main/deploy/helm-chart/values.yaml Create the Namespace -``` + +``` shell kubectl create ns nginx-gateway ``` First Install the Gateway API Resource from Kubernetes -``` + +``` shell kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml ``` Next, Install the NGINX Gateway Fabric controller -``` + +``` shell cd /opt/genestack/submodules/nginx-gateway-fabric/deploy/helm-chart -helm upgrade --install nginx-gateway-fabric . --namespace=nginx-gateway -f /opt/genestack/helm-configs/nginx-gateway-fabric/helm-overrides.yaml +helm upgrade --install nginx-gateway-fabric . --namespace=nginx-gateway -f /etc/genestack/helm-configs/nginx-gateway-fabric/helm-overrides.yaml ``` Helm install does not automatically upgrade the crds for this resource. To upgrade the crds you will have to manually install them. Follow the process from : [Upgrade CRDs](https://docs.nginx.com/nginx-gateway-fabric/installation/installing-ngf/helm/#upgrade-nginx-gateway-fabric-crds) @@ -51,13 +56,15 @@ Helm install does not automatically upgrade the crds for this resource. To upgra In this example we will look at how Prometheus UI is exposed through the gateway. For other services the gateway kustomization file for the service. Rackspace specific gateway kustomization files can be applied like so -``` -cd /opt/genestack/kustomize/gateway + +``` shell +cd /etc/genestack/kustomize/gateway kubectl kustomize | kubectl apply -f - ``` First, create the shared gateway and then the httproute resource for prometheus. -``` + +``` yaml apiVersion: gateway.networking.k8s.io/v1 kind: Gateway metadata: @@ -73,7 +80,7 @@ spec: then -``` +``` yaml apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: @@ -89,6 +96,7 @@ spec: - name: kube-prometheus-stack-prometheus port: 9090 ``` + At this point, flex-gateway has a listener pointed to the port 80 matching *.sjc.ohthree.com hostname. The HTTPRoute resource configures routes for this gateway. Here, we match all path and simply pass any request from the matching hostname to kube-prometheus-stack-prometheus backend service. ### Exposing Flex Services @@ -104,7 +112,6 @@ For each externally exposed service, example: keystone endpoint, we have a Gatew ``` External Traffic -> F5 VIP Address -> MetalLB VIP Address -> Gateway Service - ``` This setup can be expended to have multiple MetalLB VIPs with multiple Gateway Services listening on different IP addresses as required by your setup. @@ -112,11 +119,8 @@ This setup can be expended to have multiple MetalLB VIPs with multiple Gateway S !!! tip The metalLB speaker wont advertise the service if : - 1. There is no active endpoint backing the service - 2. There are no matching L2 or BGP speaker nodes - 3. If the service has external Traffic Policy set to local you need to have the running endpoint on the speaker node. diff --git a/docs/infrastructure-ingress.md b/docs/infrastructure-ingress.md index 0aa701a9..98d788e4 100644 --- a/docs/infrastructure-ingress.md +++ b/docs/infrastructure-ingress.md @@ -9,13 +9,13 @@ We need two different Ingress controllers, one in the `openstack` namespace, the ### Deploy our ingress controller within the ingress-nginx Namespace ``` shell -kubectl kustomize --enable-helm /opt/genestack/kustomize/ingress/external | kubectl apply --namespace ingress-nginx -f - +kubectl kustomize --enable-helm /etc/genestack/kustomize/ingress/external | kubectl apply --namespace ingress-nginx -f - ``` ### Deploy our ingress controller within the OpenStack Namespace ``` shell -kubectl kustomize --enable-helm /opt/genestack/kustomize/ingress/internal | kubectl apply --namespace openstack -f - +kubectl kustomize --enable-helm /etc/genestack/kustomize/ingress/internal | kubectl apply --namespace openstack -f - ``` The openstack ingress controller uses the class name `nginx-openstack`. diff --git a/docs/infrastructure-letsencrypt.md b/docs/infrastructure-letsencrypt.md index 3e1995aa..34cb6176 100644 --- a/docs/infrastructure-letsencrypt.md +++ b/docs/infrastructure-letsencrypt.md @@ -67,13 +67,13 @@ kustomize overlay to use for that is aptly named, `letsencrypt`. --namespace=openstack \ --wait \ --timeout 120m \ - -f /opt/genestack/helm-configs/keystone/keystone-helm-overrides.yaml \ - -f /opt/genestack/helm-configs/prod-example-openstack-overrides.yaml \ + -f /etc/genestack/helm-configs/keystone/keystone-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/prod-example-openstack-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ --set endpoints.oslo_db.auth.keystone.password="$(kubectl --namespace openstack get secret keystone-db-password -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.keystone.password="$(kubectl --namespace openstack get secret keystone-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args keystone/letsencrypt ``` diff --git a/docs/infrastructure-libvirt.md b/docs/infrastructure-libvirt.md index 7daf2b21..e47e66f0 100644 --- a/docs/infrastructure-libvirt.md +++ b/docs/infrastructure-libvirt.md @@ -3,7 +3,7 @@ The first part of the compute kit is Libvirt. ``` shell -kubectl kustomize --enable-helm /opt/genestack/kustomize/libvirt | kubectl apply --namespace openstack -f - +kubectl kustomize --enable-helm /etc/genestack/kustomize/libvirt | kubectl apply --namespace openstack -f - ``` Once deployed you can validate functionality on your compute hosts with `virsh` diff --git a/docs/infrastructure-loki.md b/docs/infrastructure-loki.md index cc661825..04375d4a 100644 --- a/docs/infrastructure-loki.md +++ b/docs/infrastructure-loki.md @@ -25,7 +25,7 @@ helm upgrade --install \ If you plan on using **Swift** as a backend for log storage see the `loki-helm-swift-overrides-example.yaml` file in the `helm-configs/loki` directory. ``` yaml - --8<-- "helm-configs/loki/loki-helm-swift-overrides-example.yaml" + --8<-- "helm-configs.example/loki/loki-helm-swift-overrides-example.yaml" ``` !!! example @@ -33,7 +33,7 @@ helm upgrade --install \ If you plan on using **S3** as a backend for log storage see the `loki-helm-s3-overrides-example.yaml` file in the `helm-configs/loki` directory. ``` yaml - --8<-- "helm-configs/loki/loki-helm-s3-overrides-example.yaml" + --8<-- "helm-configs.example/loki/loki-helm-s3-overrides-example.yaml" ``` !!! example @@ -41,5 +41,5 @@ helm upgrade --install \ If you plan on using **Minio** as a backend for log storage see the `loki-helm-s3-overrides-example.yaml` file in the `helm-configs/loki` directory. ``` yaml - --8<-- "helm-configs/loki/loki-helm-minio-overrides-example.yaml" + --8<-- "helm-configs.example/loki/loki-helm-minio-overrides-example.yaml" ``` diff --git a/docs/infrastructure-mariadb.md b/docs/infrastructure-mariadb.md index f9fe2b57..8920fb7a 100644 --- a/docs/infrastructure-mariadb.md +++ b/docs/infrastructure-mariadb.md @@ -15,9 +15,9 @@ kubectl --namespace openstack \ ``` shell cluster_name=`kubectl config view --minify -o jsonpath='{.clusters[0].name}'` -sed -i -e "s/cluster\.local/$cluster_name/" /opt/genestack/kustomize/mariadb-operator/kustomization.yaml +sed -i -e "s/cluster\.local/$cluster_name/" /etc/genestack/kustomize/mariadb-operator/kustomization.yaml -test -n "$cluster_name" && kubectl kustomize --enable-helm /opt/genestack/kustomize/mariadb-operator | \ +test -n "$cluster_name" && kubectl kustomize --enable-helm /etc/genestack/kustomize/mariadb-operator | \ kubectl --namespace mariadb-system apply --server-side --force-conflicts -f - ``` @@ -32,7 +32,7 @@ kubectl --namespace mariadb-system get pods -w ## Deploy the MariaDB Cluster ``` shell -kubectl --namespace openstack apply -k /opt/genestack/kustomize/mariadb-cluster/base +kubectl --namespace openstack apply -k /etc/genestack/kustomize/mariadb-cluster/base ``` !!! note diff --git a/docs/infrastructure-memcached.md b/docs/infrastructure-memcached.md index 9a7602fe..217c18e8 100644 --- a/docs/infrastructure-memcached.md +++ b/docs/infrastructure-memcached.md @@ -3,7 +3,7 @@ ## Deploy the Memcached Cluster ``` shell -kubectl kustomize --enable-helm /opt/genestack/kustomize/memcached/base | kubectl apply --namespace openstack -f - +kubectl kustomize --enable-helm /etc/genestack/kustomize/memcached/base | kubectl apply --namespace openstack -f - ``` !!! note diff --git a/docs/infrastructure-metallb.md b/docs/infrastructure-metallb.md index 0831ed2d..ec2bc1fe 100644 --- a/docs/infrastructure-metallb.md +++ b/docs/infrastructure-metallb.md @@ -38,7 +38,7 @@ spec: ``` ``` shell -kubectl apply -f /opt/genestack/manifests/metallb/metallb-openstack-service-lb.yml +kubectl apply -f /etc/genestack/manifests/metallb/metallb-openstack-service-lb.yml ``` Assuming your ingress controller is all setup and your metallb loadbalancer is operational you can patch the ingress controller to expose your external VIP address. diff --git a/docs/infrastructure-namespace.md b/docs/infrastructure-namespace.md index 21b5eea4..7835dafc 100644 --- a/docs/infrastructure-namespace.md +++ b/docs/infrastructure-namespace.md @@ -3,5 +3,19 @@ The following command will generate our OpenStack namespace and ensure we have everything needed to proceed with the deployment. ``` shell -kubectl apply -k /opt/genestack/kustomize/openstack +kubectl apply -k /etc/genestack/kustomize/openstack +``` + +Then you can create all needed secrets by running the create-secrets.sh command located in /opt/genestack/bin + +``` shell +/opt/genestack/bin/create-secrets.sh +``` + +That will create a secrets.yaml file located in /etc/genestack + +You can then apply them to kubernetes with the following command: + +``` shell +kubectl apply -f /etc/genestack/secrets.yaml -n openstack ``` diff --git a/docs/infrastructure-ovn-setup.md b/docs/infrastructure-ovn-setup.md index 5e097d89..90a3b817 100644 --- a/docs/infrastructure-ovn-setup.md +++ b/docs/infrastructure-ovn-setup.md @@ -115,32 +115,34 @@ kubectl annotate \ With all of the annotations defined, we can now apply the network policy with the following command. ``` shell -kubectl apply -k /opt/genestack/kustomize/ovn +kubectl apply -k /etc/genestack/kustomize/ovn ``` After running the setup, nodes will have the label `ovn.openstack.org/configured` with a date stamp when it was configured. If there's ever a need to reconfigure a node, simply remove the label and the DaemonSet will take care of it automatically. -!!! note +!!! tip "Setup your OVN backup" To upload backups to Swift with tempauth, edit - /opt/genestack/kustomize/ovn/ovn-backup/ovn-backup.config to set + /etc/genestack/kustomize/ovn/ovn-backup/ovn-backup.config to set `SWIFT_TEMPAUTH_UPLOAD' "true"`, edit the other related options appropriately (i.e., set the CONTAINER) and fill the ST_AUTH, ST_USER, and ST_KEY as appropriate for the Swift CLI client in the `swift-tempauth.env` file and then run: - kubectl apply -k /opt/genestack/kustomize/ovn/ovn-backup \ + ``` shell + kubectl apply -k /etc/genestack/kustomize/ovn/ovn-backup \ --prune -l app=ovn-backup \ --prune-allowlist=core/v1/Secret \ --prune-allowlist=core/v1/ConfigMap + ``` If you need to change variables in the future, you can edit the relevant files and use `kubectl` with these prune options to avoid accumulating old ConfigMaps and Secrets from successive `kubectl apply` operations, but you can omit the pruning options if desired. -## Centralize `kube-ovn-controller` pods +### Centralize `kube-ovn-controller` pods By default, _Kubespray_ deploys _Kube-OVN_ allowing [`kube-ovn-controller` pods](https://kube-ovn.readthedocs.io/zh-cn/stable/en/reference/architecture/#kube-ovn-controller), which play a central role, to distribute across various kinds of cluster nodes. In _Genestack_, this would include compute nodes and other kinds of nodes. By contrast, `ovn-central` pods, which also play a crucial central role, run only on nodes labelled `"kube-ovn/role": "master"`. A _Genestack_ installation will typically have control functions centralized on a small set of nodes, which you may have different resource allocations and different redundancy and uptime requirements for relative to other types of nodes, so you can set the `kube-ovn-controller` pods to run in the same location as [`ovn-central`](https://kube-ovn.readthedocs.io/zh-cn/stable/en/reference/architecture/#ovn-central) on _Kube-OVN_ master nodes (which most likely simply match your k8s cluster control nodes unless you've customized it): diff --git a/docs/infrastructure-postgresql.md b/docs/infrastructure-postgresql.md index 23536cf9..d28d30fd 100644 --- a/docs/infrastructure-postgresql.md +++ b/docs/infrastructure-postgresql.md @@ -1,6 +1,9 @@ # Deploy PostgreSQL ## Create Secrets +!!! info + + This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ``` shell kubectl --namespace openstack create secret generic postgresql-identity-admin \ @@ -29,7 +32,7 @@ helm upgrade --install postgresql ./postgresql \ --namespace=openstack \ --wait \ --timeout 10m \ - -f /opt/genestack/helm-configs/postgresql/postgresql-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/postgresql/postgresql-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.postgresql.password="$(kubectl --namespace openstack get secret postgresql-identity-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.postgresql.auth.admin.password="$(kubectl --namespace openstack get secret postgresql-db-admin -o jsonpath='{.data.password}' | base64 -d)" \ diff --git a/docs/infrastructure-rabbitmq.md b/docs/infrastructure-rabbitmq.md index b59a485f..2bc3ce62 100644 --- a/docs/infrastructure-rabbitmq.md +++ b/docs/infrastructure-rabbitmq.md @@ -3,7 +3,7 @@ ## Deploy the RabbitMQ operator. ``` shell -kubectl apply -k /opt/genestack/kustomize/rabbitmq-operator +kubectl apply -k /etc/genestack/kustomize/rabbitmq-operator ``` !!! note @@ -13,13 +13,13 @@ kubectl apply -k /opt/genestack/kustomize/rabbitmq-operator ## Deploy the RabbitMQ topology operator. ``` shell -kubectl apply -k /opt/genestack/kustomize/rabbitmq-topology-operator +kubectl apply -k /etc/genestack/kustomize/rabbitmq-topology-operator ``` ## Deploy the RabbitMQ cluster. ``` shell -kubectl apply -k /opt/genestack/kustomize/rabbitmq-cluster/base +kubectl apply -k /etc/genestack/kustomize/rabbitmq-cluster/base ``` !!! note diff --git a/docs/k8s-dashboard.md b/docs/k8s-dashboard.md index b614791f..d555f9c1 100644 --- a/docs/k8s-dashboard.md +++ b/docs/k8s-dashboard.md @@ -3,7 +3,7 @@ While the dashboard is installed you will have no ability to access it until we setup some basic RBAC. ``` shell -kubectl apply -k /opt/genestack/kustomize/k8s-dashboard +kubectl apply -k /etc/genestack/kustomize/k8s-dashboard ``` You can now retrieve a permanent token. diff --git a/docs/monitoring-getting-started.md b/docs/monitoring-getting-started.md index 182b1ef1..e2e0b6a3 100644 --- a/docs/monitoring-getting-started.md +++ b/docs/monitoring-getting-started.md @@ -47,5 +47,5 @@ Within the genestack repo we can update our alerting rules via the alerting_rule View alerting_rules.yaml in: ``` shell -less /opt/genestack/kustomize/prometheus/alerting_rules.yaml +less /etc/genestack/kustomize/prometheus/alerting_rules.yaml ``` diff --git a/docs/openstack-ceilometer.md b/docs/openstack-ceilometer.md index 9d67fb4f..1632a44a 100644 --- a/docs/openstack-ceilometer.md +++ b/docs/openstack-ceilometer.md @@ -1,6 +1,9 @@ # Deploy Ceilometer ## Create Secrets +!!! info + + This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ``` shell kubectl --namespace openstack create secret generic ceilometer-keystone-admin-password \ @@ -22,7 +25,7 @@ helm upgrade --install ceilometer ./ceilometer \ --namespace=openstack \ --wait \ --timeout 10m \ - -f /opt/genestack/helm-configs/ceilometer/ceilometer-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/ceilometer/ceilometer-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.ceilometer.password="$(kubectl --namespace openstack get secret ceilometer-keystone-admin-password -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.test.password="$(kubectl --namespace openstack get secret ceilometer-keystone-test-password -o jsonpath='{.data.password}' | base64 -d)" \ diff --git a/docs/openstack-cinder.md b/docs/openstack-cinder.md index 0ed16f2b..131acf5c 100644 --- a/docs/openstack-cinder.md +++ b/docs/openstack-cinder.md @@ -3,6 +3,10 @@ [![asciicast](https://asciinema.org/a/629808.svg)](https://asciinema.org/a/629808) ## Create secrets +!!! info + + This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin + ``` shell kubectl --namespace openstack \ @@ -29,7 +33,7 @@ helm upgrade --install cinder ./cinder \ --namespace=openstack \ --wait \ --timeout 120m \ - -f /opt/genestack/helm-configs/cinder/cinder-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/cinder/cinder-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.cinder.password="$(kubectl --namespace openstack get secret cinder-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ @@ -37,7 +41,7 @@ helm upgrade --install cinder ./cinder \ --set conf.cinder.database.slave_connection="mysql+pymysql://cinder:$(kubectl --namespace openstack get secret cinder-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/cinder" \ --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.cinder.password="$(kubectl --namespace openstack get secret cinder-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args cinder/base ``` @@ -215,12 +219,12 @@ root@openstack-flex-node-4:~# lvs ## Enable multipath in Nova Compute: -Toggle volume_use_multipath to true in /opt/genestack/helm-configs/nova/nova-helm-overrides.yaml +Toggle volume_use_multipath to true in /etc/genestack/helm-configs/nova/nova-helm-overrides.yaml ``` shell -sed -i 's/volume_use_multipath: false/volume_use_multipath: true/' /opt/genestack/helm-configs/nova/nova-helm-overrides.yaml -sed -i 's/enable_iscsi: false/enable_iscsi: true/' /opt/genestack/helm-configs/nova/nova-helm-overrides.yaml +sed -i 's/volume_use_multipath: false/volume_use_multipath: true/' /etc/genestack/helm-configs/nova/nova-helm-overrides.yaml +sed -i 's/enable_iscsi: false/enable_iscsi: true/' /etc/genestack/helm-configs/nova/nova-helm-overrides.yaml ``` diff --git a/docs/openstack-compute-kit.md b/docs/openstack-compute-kit.md index e70c5c3e..0941c554 100644 --- a/docs/openstack-compute-kit.md +++ b/docs/openstack-compute-kit.md @@ -5,6 +5,9 @@ ## Creating the Compute Kit Secrets Part of running Nova is also running placement. Setup all credentials now so we can use them across the nova and placement services. +!!! info + + This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ### Shared @@ -97,14 +100,14 @@ cd /opt/genestack/submodules/openstack-helm helm upgrade --install placement ./placement --namespace=openstack \ --namespace=openstack \ --timeout 120m \ - -f /opt/genestack/helm-configs/placement/placement-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/placement/placement-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.placement.password="$(kubectl --namespace openstack get secret placement-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ --set endpoints.oslo_db.auth.placement.password="$(kubectl --namespace openstack get secret placement-db-password -o jsonpath='{.data.password}' | base64 -d)" \ --set conf.placement.placement_database.slave_connection="mysql+pymysql://placement:$(kubectl --namespace openstack get secret placement-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/placement" \ --set endpoints.oslo_db.auth.nova_api.password="$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args placement/base ``` @@ -116,7 +119,7 @@ cd /opt/genestack/submodules/openstack-helm helm upgrade --install nova ./nova \ --namespace=openstack \ --timeout 120m \ - -f /opt/genestack/helm-configs/nova/nova-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/nova/nova-helm-overrides.yaml \ --set conf.nova.neutron.metadata_proxy_shared_secret="$(kubectl --namespace openstack get secret metadata-shared-secret -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.nova.password="$(kubectl --namespace openstack get secret nova-admin -o jsonpath='{.data.password}' | base64 -d)" \ @@ -137,7 +140,7 @@ helm upgrade --install nova ./nova \ --set endpoints.oslo_messaging.auth.nova.password="$(kubectl --namespace openstack get secret nova-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ --set network.ssh.public_key="$(kubectl -n openstack get secret nova-ssh-keypair -o jsonpath='{.data.public_key}' | base64 -d)"$'\n' \ --set network.ssh.private_key="$(kubectl -n openstack get secret nova-ssh-keypair -o jsonpath='{.data.private_key}' | base64 -d)"$'\n' \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args nova/base ``` @@ -167,7 +170,7 @@ cd /opt/genestack/submodules/openstack-helm helm upgrade --install neutron ./neutron \ --namespace=openstack \ --timeout 120m \ - -f /opt/genestack/helm-configs/neutron/neutron-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/neutron/neutron-helm-overrides.yaml \ --set conf.metadata_agent.DEFAULT.metadata_proxy_shared_secret="$(kubectl --namespace openstack get secret metadata-shared-secret -o jsonpath='{.data.password}' | base64 -d)" \ --set conf.ovn_metadata_agent.DEFAULT.metadata_proxy_shared_secret="$(kubectl --namespace openstack get secret metadata-shared-secret -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ @@ -185,7 +188,7 @@ helm upgrade --install neutron ./neutron \ --set conf.neutron.ovn.ovn_sb_connection="tcp:$(kubectl --namespace kube-system get service ovn-sb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ --set conf.plugins.ml2_conf.ovn.ovn_nb_connection="tcp:$(kubectl --namespace kube-system get service ovn-nb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ --set conf.plugins.ml2_conf.ovn.ovn_sb_connection="tcp:$(kubectl --namespace kube-system get service ovn-sb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args neutron/base ``` diff --git a/docs/openstack-glance.md b/docs/openstack-glance.md index 9a3b2ce8..f8f3dcf4 100644 --- a/docs/openstack-glance.md +++ b/docs/openstack-glance.md @@ -3,6 +3,9 @@ [![asciicast](https://asciinema.org/a/629806.svg)](https://asciinema.org/a/629806) ## Create secrets. +!!! info + + This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ``` shell kubectl --namespace openstack \ @@ -33,7 +36,7 @@ helm upgrade --install glance ./glance \ --namespace=openstack \ --wait \ --timeout 120m \ - -f /opt/genestack/helm-configs/glance/glance-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/glance/glance-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.glance.password="$(kubectl --namespace openstack get secret glance-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ @@ -41,7 +44,7 @@ helm upgrade --install glance ./glance \ --set conf.glance.database.slave_connection="mysql+pymysql://glance:$(kubectl --namespace openstack get secret glance-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/glance" \ --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.glance.password="$(kubectl --namespace openstack get secret glance-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args glance/base ``` diff --git a/docs/openstack-gnocchi.md b/docs/openstack-gnocchi.md index 3961d0ee..151d4d8d 100644 --- a/docs/openstack-gnocchi.md +++ b/docs/openstack-gnocchi.md @@ -1,6 +1,9 @@ # Deploy Gnocchi ## Create Secrets +!!! info + + This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ``` shell kubectl --namespace openstack create secret generic gnocchi-admin \ @@ -58,7 +61,7 @@ helm upgrade --install gnocchi ./gnocchi \ --namespace=openstack \ --wait \ --timeout 10m \ - -f /opt/genestack/helm-configs/gnocchi/gnocchi-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/gnocchi/gnocchi-helm-overrides.yaml \ --set conf.ceph.admin_keyring="$(kubectl get secret --namespace rook-ceph rook-ceph-admin-keyring -o jsonpath='{.data.keyring}' | base64 -d)" \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.gnocchi.password="$(kubectl --namespace openstack get secret gnocchi-admin -o jsonpath='{.data.password}' | base64 -d)" \ @@ -66,7 +69,7 @@ helm upgrade --install gnocchi ./gnocchi \ --set endpoints.oslo_db.auth.gnocchi.password="$(kubectl --namespace openstack get secret gnocchi-db-password -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db_postgresql.auth.admin.password="$(kubectl --namespace openstack get secret postgresql-db-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db_postgresql.auth.gnocchi.password="$(kubectl --namespace openstack get secret gnocchi-pgsql-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args gnocchi/base ``` diff --git a/docs/openstack-heat.md b/docs/openstack-heat.md index 1c00f2db..be1d0b75 100644 --- a/docs/openstack-heat.md +++ b/docs/openstack-heat.md @@ -3,6 +3,9 @@ [![asciicast](https://asciinema.org/a/629807.svg)](https://asciinema.org/a/629807) ## Create secrets +!!! info + + This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ``` shell kubectl --namespace openstack \ @@ -36,7 +39,7 @@ cd /opt/genestack/submodules/openstack-helm helm upgrade --install heat ./heat \ --namespace=openstack \ --timeout 120m \ - -f /opt/genestack/helm-configs/heat/heat-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/heat/heat-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.heat.password="$(kubectl --namespace openstack get secret heat-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.heat_trustee.password="$(kubectl --namespace openstack get secret heat-trustee -o jsonpath='{.data.password}' | base64 -d)" \ @@ -46,7 +49,7 @@ helm upgrade --install heat ./heat \ --set conf.heat.database.slave_connection="mysql+pymysql://heat:$(kubectl --namespace openstack get secret heat-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/heat" \ --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.heat.password="$(kubectl --namespace openstack get secret heat-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args heat/base ``` diff --git a/docs/openstack-horizon.md b/docs/openstack-horizon.md index 6672744c..21009b53 100644 --- a/docs/openstack-horizon.md +++ b/docs/openstack-horizon.md @@ -3,6 +3,9 @@ [![asciicast](https://asciinema.org/a/629815.svg)](https://asciinema.org/a/629815) ## Create secrets +!!! info + + This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ``` shell kubectl --namespace openstack \ @@ -25,12 +28,12 @@ helm upgrade --install horizon ./horizon \ --namespace=openstack \ --wait \ --timeout 120m \ - -f /opt/genestack/helm-configs/horizon/horizon-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/horizon/horizon-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set conf.horizon.local_settings.config.horizon_secret_key="$(kubectl --namespace openstack get secret horizon-secrete-key -o jsonpath='{.data.root-password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ --set endpoints.oslo_db.auth.horizon.password="$(kubectl --namespace openstack get secret horizon-db-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args horizon/base ``` diff --git a/docs/openstack-keystone-readonly.md b/docs/openstack-keystone-readonly.md index 93d0b115..80ba713b 100644 --- a/docs/openstack-keystone-readonly.md +++ b/docs/openstack-keystone-readonly.md @@ -1,18 +1,18 @@ -# Create a Readonly User +# Create a Platform Services Project The following commands will setup a readonly user which is able to read data across domains. -## Create the VMM user and project +## Create the platform-services user and project -After running the following commands, a readonly user (example: `vmm`) will have read only access to everything under the `default` and `rackspace_cloud_domain` domains. +After running the following commands, a readonly user (example: `platform-services`) will have read only access to everything under the `default` and `rackspace_cloud_domain` domains. ### Create a project ``` shell -openstack --os-cloud default project create --description 'vmm enablement' vmm --domain default +openstack --os-cloud default project create --description 'platform-services enablement' platform-services --domain default ``` -### Create a new user +#### Create a new zamboni user !!! tip "Make sure to set the password accordingly" @@ -21,29 +21,119 @@ openstack --os-cloud default project create --description 'vmm enablement' vmm - ``` ``` shell -openstack --os-cloud default user create --project vmm --password ${PASSWORD} vmm --domain default +openstack --os-cloud default user create --project zamboni --password ${PASSWORD} platform-services --domain default ``` -### Add the member role to the new user +##### Add the member role to the new user ``` shell -openstack --os-cloud default role add --user vmm --project vmm member --inherited +openstack --os-cloud default role add --user zamboni --project platform-services member --inherited ``` -### Add the reader roles for user `vmm` to the `default` domain +##### Add the reader roles for user `zamboni` to the `default` domain ``` shell -openstack --os-cloud default role add --user vmm --domain default reader --inherited +openstack --os-cloud default role add --user zamboni --domain default reader --inherited ``` -### Add the reader role for user `vmm` to the `rackspace_cloud_domain` domain +##### Add the reader role for user `zamboni` to the `rackspace_cloud_domain` domain ``` shell -openstack --os-cloud default role add --user vmm --domain rackspace_cloud_domain reader --inherited +openstack --os-cloud default role add --user zamboni --domain rackspace_cloud_domain reader --inherited ``` -### Add the reader role for user `vmm` to the system +##### Add the reader role for user `zamboni` to the system ``` shell -openstack --os-cloud default role add --user vmm --system all reader +openstack --os-cloud default role add --user zamboni --system all reader +``` + +#### Create a new member user + +!!! tip "Make sure to set the password accordingly" + + ``` shell + PASSWORD=SuperSecrete + ``` + +``` shell +openstack --os-cloud default user create --project platform-services --password ${PASSWORD} platform-services --domain default +``` + +##### Add the member role to the new platform-services user + +``` shell +openstack --os-cloud default role add --user platform-services --project platform-services member --inherited +``` + +#### Create a new core user + +!!! tip "Make sure to set the password accordingly" + + ``` shell + PASSWORD=SuperSecrete + ``` + +``` shell +openstack --os-cloud default user create --project platform-services-core --password ${PASSWORD} platform-services --domain default +``` + +##### Add the member role to the new core user + +``` shell +openstack --os-cloud default role add --user platform-services-core --project platform-services member --inherited +``` + +##### Add the reader roles for user `platform-services-core` to the `default` domain + +``` shell +openstack --os-cloud default role add --user platform-services-core --domain default reader --inherited +``` + +##### Add the reader role for user `platform-services-core` to the `rackspace_cloud_domain` domain + +``` shell +openstack --os-cloud default role add --user platform-services-core --domain rackspace_cloud_domain reader --inherited +``` + +##### Add the reader role for user `platform-services-core` to the system + +``` shell +openstack --os-cloud default role add --user platform-services-core --system all reader +``` + +#### Create a new alt user + +!!! tip "Make sure to set the password accordingly" + + ``` shell + PASSWORD=SuperSecrete + ``` + +``` shell +openstack --os-cloud default user create --project platform-services-core-alt --password ${PASSWORD} platform-services --domain default +``` + +##### Add the member role to the new core-alt user + +``` shell +openstack --os-cloud default role add --user platform-services-core-alt --project platform-services member --inherited +``` + +##### Add the reader roles for user `platform-services-core-alt` to the `default` domain + +``` shell +openstack --os-cloud default role add --user platform-services-core-alt --domain default reader --inherited +``` + +##### Add the reader role for user `platform-services-core-alt` to the `rackspace_cloud_domain` domain + +``` shell +openstack --os-cloud default role add --user platform-services-core-alt --domain rackspace_cloud_domain reader --inherited +``` + +##### Add the reader role for user `platform-services-core-alt` to the system + +``` shell +openstack --os-cloud default role add --user platform-services-core-alt --system all reader ``` diff --git a/docs/openstack-keystone.md b/docs/openstack-keystone.md index 09d8aeff..cc69d5a5 100644 --- a/docs/openstack-keystone.md +++ b/docs/openstack-keystone.md @@ -3,6 +3,9 @@ [![asciicast](https://asciinema.org/a/629802.svg)](https://asciinema.org/a/629802) ## Create secrets. +!!! info + + This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ``` shell kubectl --namespace openstack \ @@ -33,14 +36,14 @@ helm upgrade --install keystone ./keystone \ --namespace=openstack \ --wait \ --timeout 120m \ - -f /opt/genestack/helm-configs/keystone/keystone-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/keystone/keystone-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ --set endpoints.oslo_db.auth.keystone.password="$(kubectl --namespace openstack get secret keystone-db-password -o jsonpath='{.data.password}' | base64 -d)" \ --set conf.keystone.database.slave_connection="mysql+pymysql://keystone:$(kubectl --namespace openstack get secret keystone-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/keystone" \ --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.keystone.password="$(kubectl --namespace openstack get secret keystone-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args keystone/base ``` @@ -55,7 +58,7 @@ helm upgrade --install keystone ./keystone \ Deploy the openstack admin client pod (optional) ``` shell -kubectl --namespace openstack apply -f /opt/genestack/manifests/utils/utils-openstack-client-admin.yaml +kubectl --namespace openstack apply -f /etc/genestack/manifests/utils/utils-openstack-client-admin.yaml ``` ## Validate functionality diff --git a/docs/openstack-octavia.md b/docs/openstack-octavia.md index c09e75b6..78222da1 100644 --- a/docs/openstack-octavia.md +++ b/docs/openstack-octavia.md @@ -3,6 +3,9 @@ [![asciicast](https://asciinema.org/a/629814.svg)](https://asciinema.org/a/629814) ### Create secrets +!!! info + + This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin ``` shell kubectl --namespace openstack \ @@ -33,7 +36,7 @@ helm upgrade --install octavia ./octavia \ --namespace=openstack \ --wait \ --timeout 120m \ - -f /opt/genestack/helm-configs/octavia/octavia-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/octavia/octavia-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.octavia.password="$(kubectl --namespace openstack get secret octavia-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ @@ -44,7 +47,7 @@ helm upgrade --install octavia ./octavia \ --set conf.octavia.certificates.ca_private_key_passphrase="$(kubectl --namespace openstack get secret octavia-certificates -o jsonpath='{.data.password}' | base64 -d)" \ --set conf.octavia.ovn.ovn_nb_connection="tcp:$(kubectl --namespace kube-system get service ovn-nb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ --set conf.octavia.ovn.ovn_sb_connection="tcp:$(kubectl --namespace kube-system get service ovn-sb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args octavia/base ``` diff --git a/docs/openstack-skyline.md b/docs/openstack-skyline.md index 9e748ee1..c830d19f 100644 --- a/docs/openstack-skyline.md +++ b/docs/openstack-skyline.md @@ -5,6 +5,9 @@ Skyline is an alternative Web UI for OpenStack. If you deploy horizon there's no need for Skyline. ## Create secrets +!!! info + + This step is not needed if you ran the create-secrets.sh script located in /opt/genestack/bin Skyline is a little different because there's no helm integration. Given this difference the deployment is far simpler, and all secrets can be managed in one object. @@ -39,8 +42,8 @@ kubectl --namespace openstack \ !!! tip - Pause for a moment to consider if you will be wanting to access Skyline via your ingress controller over a specific FQDN. If so, modify `/opt/genestack/kustomize/skyline/fqdn/kustomization.yaml` to suit your needs then use `fqdn` below in lieu of `base`... + Pause for a moment to consider if you will be wanting to access Skyline via your ingress controller over a specific FQDN. If so, modify `/etc/genestack/kustomize/skyline/fqdn/kustomization.yaml` to suit your needs then use `fqdn` below in lieu of `base`... ``` shell -kubectl --namespace openstack apply -k /opt/genestack/kustomize/skyline/base +kubectl --namespace openstack apply -k /etc/genestack/kustomize/skyline/base ``` diff --git a/docs/prometheus-blackbox-exporter.md b/docs/prometheus-blackbox-exporter.md index 860dfde0..ce458a7f 100644 --- a/docs/prometheus-blackbox-exporter.md +++ b/docs/prometheus-blackbox-exporter.md @@ -8,7 +8,7 @@ The blackbox exporter ideally would be ran outside the cluster but can still pro ``` shell -kubectl kustomize --enable-helm /opt/genestack/kustomize/prometheus-blackbox-exporter | kubectl apply -f - +kubectl kustomize --enable-helm /etc/genestack/kustomize/prometheus-blackbox-exporter | kubectl apply -f - ``` !!! success diff --git a/docs/prometheus-kube-ovn.md b/docs/prometheus-kube-ovn.md index de7cffd4..0049545b 100644 --- a/docs/prometheus-kube-ovn.md +++ b/docs/prometheus-kube-ovn.md @@ -7,7 +7,7 @@ create a service monitor to pull these metrics into Prometheus. ## Installation ``` shell -kubectl apply -f /opt/genestack/kustomize/prometheus-ovn/ +kubectl apply -f /etc/genestack/kustomize/prometheus-ovn/ ``` !!! success diff --git a/docs/prometheus-memcached-exporter.md b/docs/prometheus-memcached-exporter.md index 5fa9f2db..7c3a8305 100644 --- a/docs/prometheus-memcached-exporter.md +++ b/docs/prometheus-memcached-exporter.md @@ -17,7 +17,7 @@ Install the Memcached Exporter ### Deploy the Memcached Cluster With Monitoring Enabled ``` shell -kubectl kustomize --enable-helm /opt/genestack/kustomize/memcached/base-monitoring | \ +kubectl kustomize --enable-helm /etc/genestack/kustomize/memcached/base-monitoring | \ kubectl apply --namespace openstack --server-side -f - ``` diff --git a/docs/prometheus-mysql-exporter.md b/docs/prometheus-mysql-exporter.md index 5bf43b7f..dec517cf 100644 --- a/docs/prometheus-mysql-exporter.md +++ b/docs/prometheus-mysql-exporter.md @@ -23,7 +23,7 @@ kubectl --namespace openstack \ Next, install the exporter ``` shell -kubectl kustomize --enable-helm /opt/genestack/kustomize/prometheus-mysql-exporter | \ +kubectl kustomize --enable-helm /etc/genestack/kustomize/prometheus-mysql-exporter | \ kubectl --namespace openstack apply --server-side -f - ``` diff --git a/docs/prometheus-openstack-metrics-exporter.md b/docs/prometheus-openstack-metrics-exporter.md index 0361221a..c5de634e 100644 --- a/docs/prometheus-openstack-metrics-exporter.md +++ b/docs/prometheus-openstack-metrics-exporter.md @@ -54,7 +54,7 @@ cd /opt/genestack/submodules/openstack-exporter/charts helm upgrade --install os-metrics ./prometheus-openstack-exporter \ --namespace=openstack \ --timeout 15m \ - -f /opt/genestack/helm-configs/monitoring/openstack-metrics-exporter/openstack-metrics-exporter-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/monitoring/openstack-metrics-exporter/openstack-metrics-exporter-helm-overrides.yaml \ --set clouds_yaml_config="$(kubectl --namespace openstack get secret clouds-yaml-secret -o jsonpath='{.data.gen-clouds-yaml}' | base64 -d)" ``` diff --git a/docs/prometheus-postgres-exporter.md b/docs/prometheus-postgres-exporter.md index c06125de..e11db1b6 100644 --- a/docs/prometheus-postgres-exporter.md +++ b/docs/prometheus-postgres-exporter.md @@ -11,7 +11,7 @@ PostgresSQL Exporter is used to expose metrics from a running PostgresSQL deploy Install the PostgresSQL Exporter ``` shell -kubectl kustomize --enable-helm /opt/genestack/kustomize/prometheus-postgres-exporter | \ +kubectl kustomize --enable-helm /etc/genestack/kustomize/prometheus-postgres-exporter | \ kubectl --namespace openstack apply --server-side -f - ``` diff --git a/docs/prometheus-rabbitmq-exporter.md b/docs/prometheus-rabbitmq-exporter.md index aa88a8a2..11a1d314 100644 --- a/docs/prometheus-rabbitmq-exporter.md +++ b/docs/prometheus-rabbitmq-exporter.md @@ -11,7 +11,7 @@ RabbitMQ Exporter is used to expose metrics from a running RabbitMQ deployment. Install the RabbitMQ Exporter ``` shell -kubectl kustomize --enable-helm /opt/genestack/kustomize/prometheus-rabbitmq-exporter | \ +kubectl kustomize --enable-helm /etc/genestack/kustomize/prometheus-rabbitmq-exporter | \ kubectl --namespace openstack apply --server-side -f - ``` diff --git a/docs/prometheus.md b/docs/prometheus.md index 5b4ab744..583bfe4b 100644 --- a/docs/prometheus.md +++ b/docs/prometheus.md @@ -14,13 +14,13 @@ Currently you can supply a Teams webhook url to send all current alerts to a tea ``` shell webhook_url='https://my.webhook.example' -sed -i -e "s#https://webhook_url.example#$webhook_url#" /opt/genestack/kustomize/prometheus/alertmanager_config.yaml +sed -i -e "s#https://webhook_url.example#$webhook_url#" /etc/genestack/kustomize/prometheus/alertmanager_config.yaml ``` ## Install the prometheus stack ``` shell -kubectl kustomize --enable-helm /opt/genestack/kustomize/prometheus | kubectl apply --server-side -f - +kubectl kustomize --enable-helm /etc/genestack/kustomize/prometheus | kubectl apply --server-side -f - ``` !!! success diff --git a/docs/storage-ceph-rook-external.md b/docs/storage-ceph-rook-external.md index 2b708a95..8349db02 100644 --- a/docs/storage-ceph-rook-external.md +++ b/docs/storage-ceph-rook-external.md @@ -67,7 +67,7 @@ python3 create-external-cluster-resources.py --rbd-data-pool-name general --ceph Run the following commands to import the cluster after pasting in exports from external cluster ``` shell -kubectl apply -k /opt/genestack/kustomize/rook-operator/ +kubectl apply -k /etc/genestack/kustomize/rook-operator/ /opt/genestack/scripts/import-external-cluster.sh helm repo add rook-release https://charts.rook.io/release kubectl -n rook-ceph set image deploy/rook-ceph-operator rook-ceph-operator=rook/ceph:v1.13.7 diff --git a/docs/storage-ceph-rook-internal.md b/docs/storage-ceph-rook-internal.md index e986af94..d7591699 100644 --- a/docs/storage-ceph-rook-internal.md +++ b/docs/storage-ceph-rook-internal.md @@ -3,7 +3,7 @@ ## Deploy the Rook operator ``` shell -kubectl apply -k /opt/genestack/kustomize/rook-operator/ +kubectl apply -k /etc/genestack/kustomize/rook-operator/ kubectl -n rook-ceph set image deploy/rook-ceph-operator rook-ceph-operator=rook/ceph:v1.13.7 ``` @@ -11,10 +11,10 @@ kubectl -n rook-ceph set image deploy/rook-ceph-operator rook-ceph-operator=rook !!! note - Rook will deploy against nodes labeled `role=storage-node`. Make sure to have a look at the `/opt/genestack/kustomize/rook-cluster/rook-cluster.yaml` file to ensure it's setup to your liking, pay special attention to your `deviceFilter` settings, especially if different devices have different device layouts. + Rook will deploy against nodes labeled `role=storage-node`. Make sure to have a look at the `/etc/genestack/kustomize/rook-cluster/rook-cluster.yaml` file to ensure it's setup to your liking, pay special attention to your `deviceFilter` settings, especially if different devices have different device layouts. ``` shell -kubectl apply -k /opt/genestack/kustomize/rook-cluster/ +kubectl apply -k /etc/genestack/kustomize/rook-cluster/ ``` ## Validate the cluster is operational @@ -32,7 +32,7 @@ kubectl --namespace rook-ceph get cephclusters.ceph.rook.io Once the rook cluster is online with a HEALTH status of `HEALTH_OK`, deploy the filesystem, storage-class, and pool defaults. ``` shell -kubectl apply -k /opt/genestack/kustomize/rook-defaults +kubectl apply -k /etc/genestack/kustomize/rook-defaults ``` !!! note diff --git a/docs/storage-external-block.md b/docs/storage-external-block.md index c9cbe7fb..818b0718 100644 --- a/docs/storage-external-block.md +++ b/docs/storage-external-block.md @@ -19,14 +19,14 @@ general (default) org.democratic-csi.iscsi Delete Immediate Deploy Ceph operator ``` shell -kubectl apply -k /opt/genestack/kustomize/rook-operator/ +kubectl apply -k /etc/genestack/kustomize/rook-operator/ kubectl -n rook-ceph set image deploy/rook-ceph-operator rook-ceph-operator=rook/ceph:v1.13.7 ``` Deploy Ceph on PVC ``` shell -kubectl apply -k /opt/genestack/kustomize/rook-cluster-external-pvc/ +kubectl apply -k /etc/genestack/kustomize/rook-cluster-external-pvc/ ``` Monitor cluster state, once cluster HEALTH_OK proceed to the next step @@ -40,7 +40,7 @@ rook-ceph /var/lib/rook 3 129m Ready Cluster created successf Deploy cephfs filesystem named 'general-multi-attach' for Glance consumption ``` shell -kubectl apply -k /opt/genestack/kustomize/rook-defaults-external-pvc/ +kubectl apply -k /etc/genestack/kustomize/rook-defaults-external-pvc/ ``` You should now have two storage class providers configured for Genestack diff --git a/docs/storage-topolvm.md b/docs/storage-topolvm.md index f1a3d5db..fddf4bc7 100644 --- a/docs/storage-topolvm.md +++ b/docs/storage-topolvm.md @@ -23,5 +23,5 @@ Once the volume group is on your storage nodes, the node is ready for use. ### Deploy the TopoLVM Provisioner ``` shell -kubectl kustomize --enable-helm /opt/genestack/kustomize/topolvm/general | kubectl apply -f - +kubectl kustomize --enable-helm /etc/genestack/kustomize/topolvm/general | kubectl apply -f - ``` diff --git a/helm-configs/aio-example-openstack-overrides.yaml b/helm-configs.example/aio-example-openstack-overrides.yaml similarity index 100% rename from helm-configs/aio-example-openstack-overrides.yaml rename to helm-configs.example/aio-example-openstack-overrides.yaml diff --git a/helm-configs/ceilometer/ceilometer-helm-overrides.yaml b/helm-configs.example/ceilometer/ceilometer-helm-overrides.yaml similarity index 100% rename from helm-configs/ceilometer/ceilometer-helm-overrides.yaml rename to helm-configs.example/ceilometer/ceilometer-helm-overrides.yaml diff --git a/helm-configs/cinder/cinder-helm-overrides.yaml b/helm-configs.example/cinder/cinder-helm-overrides.yaml similarity index 100% rename from helm-configs/cinder/cinder-helm-overrides.yaml rename to helm-configs.example/cinder/cinder-helm-overrides.yaml diff --git a/helm-configs/designate/designate-helm-overrides.yaml b/helm-configs.example/designate/designate-helm-overrides.yaml similarity index 100% rename from helm-configs/designate/designate-helm-overrides.yaml rename to helm-configs.example/designate/designate-helm-overrides.yaml diff --git a/helm-configs/fluentbit/README.md b/helm-configs.example/fluentbit/README.md similarity index 100% rename from helm-configs/fluentbit/README.md rename to helm-configs.example/fluentbit/README.md diff --git a/helm-configs/fluentbit/fluentbit-helm-overrides.yaml b/helm-configs.example/fluentbit/fluentbit-helm-overrides.yaml similarity index 100% rename from helm-configs/fluentbit/fluentbit-helm-overrides.yaml rename to helm-configs.example/fluentbit/fluentbit-helm-overrides.yaml diff --git a/helm-configs/glance/glance-helm-overrides.yaml b/helm-configs.example/glance/glance-helm-overrides.yaml similarity index 98% rename from helm-configs/glance/glance-helm-overrides.yaml rename to helm-configs.example/glance/glance-helm-overrides.yaml index fd643429..3262f060 100644 --- a/helm-configs/glance/glance-helm-overrides.yaml +++ b/helm-configs.example/glance/glance-helm-overrides.yaml @@ -1,5 +1,5 @@ # radosgw, rbd, swift or pvc -storage: pvc # This should likely be set to swift or rbd in production +storage: swift # Use override to switch to pvc or rbd labels: api: @@ -251,6 +251,10 @@ conf: rbd_store_ceph_conf: /etc/ceph/ceph.conf filesystem_store_datadir: /var/lib/glance/images default_swift_reference: ref1 + swift_auth_address: https://swift.cluster.local + swift_auth_version: 3 + swift_user: glance:glance-store + swift_password: override_from_your_secrets_files swift_store_container: glance swift_store_create_container_on_put: true swift_store_config_file: /etc/glance/swift-store.conf @@ -367,6 +371,11 @@ conf: auth_address = {{ tuple "ceph_object_store" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} user = {{ .Values.endpoints.ceph_object_store.auth.glance.username }}:swift key = {{ .Values.endpoints.ceph_object_store.auth.glance.password }} + {{- else if eq .Values.storage "swift" }} + auth_version = {{ .Values.conf.glance.glance_store.swift_auth_version }} + auth_address = {{ .Values.conf.glance.glance_store.swift_auth_address }} + user = {{ .Values.conf.glance.glance_store.swift_user }} + key = {{ .Values.conf.glance.glance_store.swift_password }} {{- else }} user = {{ .Values.endpoints.identity.auth.glance.project_name }}:{{ .Values.endpoints.identity.auth.glance.username }} key = {{ .Values.endpoints.identity.auth.glance.password }} diff --git a/helm-configs/gnocchi/gnocchi-helm-overrides.yaml b/helm-configs.example/gnocchi/gnocchi-helm-overrides.yaml similarity index 100% rename from helm-configs/gnocchi/gnocchi-helm-overrides.yaml rename to helm-configs.example/gnocchi/gnocchi-helm-overrides.yaml diff --git a/helm-configs/grafana/README.md b/helm-configs.example/grafana/README.md similarity index 100% rename from helm-configs/grafana/README.md rename to helm-configs.example/grafana/README.md diff --git a/helm-configs/grafana/datasources.yaml b/helm-configs.example/grafana/datasources.yaml similarity index 100% rename from helm-configs/grafana/datasources.yaml rename to helm-configs.example/grafana/datasources.yaml diff --git a/helm-configs/grafana/overrides.yaml b/helm-configs.example/grafana/overrides.yaml similarity index 100% rename from helm-configs/grafana/overrides.yaml rename to helm-configs.example/grafana/overrides.yaml diff --git a/helm-configs/heat/heat-helm-overrides.yaml b/helm-configs.example/heat/heat-helm-overrides.yaml similarity index 100% rename from helm-configs/heat/heat-helm-overrides.yaml rename to helm-configs.example/heat/heat-helm-overrides.yaml diff --git a/helm-configs/horizon/horizon-helm-overrides.yaml b/helm-configs.example/horizon/horizon-helm-overrides.yaml similarity index 100% rename from helm-configs/horizon/horizon-helm-overrides.yaml rename to helm-configs.example/horizon/horizon-helm-overrides.yaml diff --git a/helm-configs/keystone/keystone-helm-overrides.yaml b/helm-configs.example/keystone/keystone-helm-overrides.yaml similarity index 100% rename from helm-configs/keystone/keystone-helm-overrides.yaml rename to helm-configs.example/keystone/keystone-helm-overrides.yaml diff --git a/helm-configs/loki/loki-helm-minio-overrides-example.yaml b/helm-configs.example/loki/loki-helm-minio-overrides-example.yaml similarity index 100% rename from helm-configs/loki/loki-helm-minio-overrides-example.yaml rename to helm-configs.example/loki/loki-helm-minio-overrides-example.yaml diff --git a/helm-configs/loki/loki-helm-s3-overrides-example.yaml b/helm-configs.example/loki/loki-helm-s3-overrides-example.yaml similarity index 100% rename from helm-configs/loki/loki-helm-s3-overrides-example.yaml rename to helm-configs.example/loki/loki-helm-s3-overrides-example.yaml diff --git a/helm-configs/loki/loki-helm-swift-overrides-example.yaml b/helm-configs.example/loki/loki-helm-swift-overrides-example.yaml similarity index 100% rename from helm-configs/loki/loki-helm-swift-overrides-example.yaml rename to helm-configs.example/loki/loki-helm-swift-overrides-example.yaml diff --git a/helm-configs/monitoring/openstack-metrics-exporter/clouds-yaml b/helm-configs.example/monitoring/openstack-metrics-exporter/clouds-yaml similarity index 100% rename from helm-configs/monitoring/openstack-metrics-exporter/clouds-yaml rename to helm-configs.example/monitoring/openstack-metrics-exporter/clouds-yaml diff --git a/helm-configs/monitoring/openstack-metrics-exporter/openstack-metrics-exporter-helm-overrides.yaml b/helm-configs.example/monitoring/openstack-metrics-exporter/openstack-metrics-exporter-helm-overrides.yaml similarity index 100% rename from helm-configs/monitoring/openstack-metrics-exporter/openstack-metrics-exporter-helm-overrides.yaml rename to helm-configs.example/monitoring/openstack-metrics-exporter/openstack-metrics-exporter-helm-overrides.yaml diff --git a/helm-configs/neutron/neutron-helm-overrides.yaml b/helm-configs.example/neutron/neutron-helm-overrides.yaml similarity index 100% rename from helm-configs/neutron/neutron-helm-overrides.yaml rename to helm-configs.example/neutron/neutron-helm-overrides.yaml diff --git a/helm-configs/nginx-gateway-fabric/helm-overrides.yaml b/helm-configs.example/nginx-gateway-fabric/helm-overrides.yaml similarity index 100% rename from helm-configs/nginx-gateway-fabric/helm-overrides.yaml rename to helm-configs.example/nginx-gateway-fabric/helm-overrides.yaml diff --git a/helm-configs/nova/nova-helm-overrides.yaml b/helm-configs.example/nova/nova-helm-overrides.yaml similarity index 100% rename from helm-configs/nova/nova-helm-overrides.yaml rename to helm-configs.example/nova/nova-helm-overrides.yaml diff --git a/helm-configs/octavia/octavia-helm-overrides.yaml b/helm-configs.example/octavia/octavia-helm-overrides.yaml similarity index 100% rename from helm-configs/octavia/octavia-helm-overrides.yaml rename to helm-configs.example/octavia/octavia-helm-overrides.yaml diff --git a/helm-configs/osie/osie-helm-overrides.yaml b/helm-configs.example/osie/osie-helm-overrides.yaml similarity index 100% rename from helm-configs/osie/osie-helm-overrides.yaml rename to helm-configs.example/osie/osie-helm-overrides.yaml diff --git a/helm-configs/placement/placement-helm-overrides.yaml b/helm-configs.example/placement/placement-helm-overrides.yaml similarity index 100% rename from helm-configs/placement/placement-helm-overrides.yaml rename to helm-configs.example/placement/placement-helm-overrides.yaml diff --git a/helm-configs/postgresql/postgresql-helm-overrides.yaml b/helm-configs.example/postgresql/postgresql-helm-overrides.yaml similarity index 100% rename from helm-configs/postgresql/postgresql-helm-overrides.yaml rename to helm-configs.example/postgresql/postgresql-helm-overrides.yaml diff --git a/helm-configs/prod-example-openstack-overrides.yaml b/helm-configs.example/prod-example-openstack-overrides.yaml similarity index 100% rename from helm-configs/prod-example-openstack-overrides.yaml rename to helm-configs.example/prod-example-openstack-overrides.yaml diff --git a/justfile b/justfile new file mode 100644 index 00000000..30784191 --- /dev/null +++ b/justfile @@ -0,0 +1,23 @@ +justfile-checkout: + cd {{ justfile_directory() }}; \ + git checkout justfile -- justfile + +_sync USERHOST: + dir=$(basename $(pwd)); \ + cd {{ justfile_directory() }}; \ + rsync -avz --delete --exclude .git -e ssh . {{ USERHOST }}:$dir + +sync ENV: + case {{ ENV }} in \ + lab) \ + userhost=ubuntu@63.131.145.238 ;; \ + sjc) \ + userhost="gu=adam5637@adam5637@66.70.54.105@support.dfw1.gateway.rackspace.com" ;; \ + sjc-ubuntu) \ + userhost="gu=adam5637@ubuntu@66.70.54.105@support.dfw1.gateway.rackspace.com" ;; \ + dfw) \ + userhost="gu=adam5637@adam5637@10.5.83.147@support.dfw1.gateway.rackspace.com" ;; \ + dfw-ubuntu) \ + userhost="gu=adam5637@ubuntu@10.5.83.147@support.dfw1.gateway.rackspace.com" ;; \ + esac ; \ + just _sync $userhost diff --git a/kustomize/argocd/base/kustomization.yaml b/kustomize.example/argocd/base/kustomization.yaml similarity index 100% rename from kustomize/argocd/base/kustomization.yaml rename to kustomize.example/argocd/base/kustomization.yaml diff --git a/kustomize/argocd/base/namespace.yaml b/kustomize.example/argocd/base/namespace.yaml similarity index 100% rename from kustomize/argocd/base/namespace.yaml rename to kustomize.example/argocd/base/namespace.yaml diff --git a/kustomize/argocd/base/values.yaml b/kustomize.example/argocd/base/values.yaml similarity index 100% rename from kustomize/argocd/base/values.yaml rename to kustomize.example/argocd/base/values.yaml diff --git a/kustomize/backups/etcd/etcd-backup.yaml b/kustomize.example/backups/etcd/etcd-backup.yaml similarity index 100% rename from kustomize/backups/etcd/etcd-backup.yaml rename to kustomize.example/backups/etcd/etcd-backup.yaml diff --git a/kustomize/backups/etcd/kustomization.yaml b/kustomize.example/backups/etcd/kustomization.yaml similarity index 100% rename from kustomize/backups/etcd/kustomization.yaml rename to kustomize.example/backups/etcd/kustomization.yaml diff --git a/kustomize/cinder/aio/kustomization.yaml b/kustomize.example/cinder/aio/kustomization.yaml similarity index 100% rename from kustomize/cinder/aio/kustomization.yaml rename to kustomize.example/cinder/aio/kustomization.yaml diff --git a/kustomize/cinder/base/cinder-mariadb-database.yaml b/kustomize.example/cinder/base/cinder-mariadb-database.yaml similarity index 100% rename from kustomize/cinder/base/cinder-mariadb-database.yaml rename to kustomize.example/cinder/base/cinder-mariadb-database.yaml diff --git a/kustomize/cinder/base/cinder-rabbitmq-queue.yaml b/kustomize.example/cinder/base/cinder-rabbitmq-queue.yaml similarity index 100% rename from kustomize/cinder/base/cinder-rabbitmq-queue.yaml rename to kustomize.example/cinder/base/cinder-rabbitmq-queue.yaml diff --git a/kustomize/cinder/base/hpa-cinder-api.yaml b/kustomize.example/cinder/base/hpa-cinder-api.yaml similarity index 100% rename from kustomize/cinder/base/hpa-cinder-api.yaml rename to kustomize.example/cinder/base/hpa-cinder-api.yaml diff --git a/kustomize/cinder/base/hpa-cinder-scheduler.yaml b/kustomize.example/cinder/base/hpa-cinder-scheduler.yaml similarity index 100% rename from kustomize/cinder/base/hpa-cinder-scheduler.yaml rename to kustomize.example/cinder/base/hpa-cinder-scheduler.yaml diff --git a/kustomize/cinder/base/kustomization.yaml b/kustomize.example/cinder/base/kustomization.yaml similarity index 100% rename from kustomize/cinder/base/kustomization.yaml rename to kustomize.example/cinder/base/kustomization.yaml diff --git a/kustomize/cinder/letsencrypt/kustomization.yaml b/kustomize.example/cinder/letsencrypt/kustomization.yaml similarity index 100% rename from kustomize/cinder/letsencrypt/kustomization.yaml rename to kustomize.example/cinder/letsencrypt/kustomization.yaml diff --git a/kustomize/designate/aio/kustomization.yaml b/kustomize.example/designate/aio/kustomization.yaml similarity index 100% rename from kustomize/designate/aio/kustomization.yaml rename to kustomize.example/designate/aio/kustomization.yaml diff --git a/kustomize/designate/base/designate-mariadb-database.yaml b/kustomize.example/designate/base/designate-mariadb-database.yaml similarity index 100% rename from kustomize/designate/base/designate-mariadb-database.yaml rename to kustomize.example/designate/base/designate-mariadb-database.yaml diff --git a/kustomize/designate/base/designate-rabbitmq-queue.yaml b/kustomize.example/designate/base/designate-rabbitmq-queue.yaml similarity index 100% rename from kustomize/designate/base/designate-rabbitmq-queue.yaml rename to kustomize.example/designate/base/designate-rabbitmq-queue.yaml diff --git a/kustomize/designate/base/hpa-designate-api.yaml b/kustomize.example/designate/base/hpa-designate-api.yaml similarity index 100% rename from kustomize/designate/base/hpa-designate-api.yaml rename to kustomize.example/designate/base/hpa-designate-api.yaml diff --git a/kustomize/designate/base/kustomization.yaml b/kustomize.example/designate/base/kustomization.yaml similarity index 100% rename from kustomize/designate/base/kustomization.yaml rename to kustomize.example/designate/base/kustomization.yaml diff --git a/kustomize/designate/letsencrypt/kustomization.yaml b/kustomize.example/designate/letsencrypt/kustomization.yaml similarity index 100% rename from kustomize/designate/letsencrypt/kustomization.yaml rename to kustomize.example/designate/letsencrypt/kustomization.yaml diff --git a/kustomize/gateway/alertmanager-routes.yaml b/kustomize.example/gateway/alertmanager-routes.yaml similarity index 100% rename from kustomize/gateway/alertmanager-routes.yaml rename to kustomize.example/gateway/alertmanager-routes.yaml diff --git a/kustomize/gateway/internal-gateway-api.yaml b/kustomize.example/gateway/internal-gateway-api.yaml similarity index 100% rename from kustomize/gateway/internal-gateway-api.yaml rename to kustomize.example/gateway/internal-gateway-api.yaml diff --git a/kustomize/gateway/kustomization.yaml b/kustomize.example/gateway/kustomization.yaml similarity index 100% rename from kustomize/gateway/kustomization.yaml rename to kustomize.example/gateway/kustomization.yaml diff --git a/kustomize/gateway/prometheus-routes.yaml b/kustomize.example/gateway/prometheus-routes.yaml similarity index 100% rename from kustomize/gateway/prometheus-routes.yaml rename to kustomize.example/gateway/prometheus-routes.yaml diff --git a/kustomize/glance/aio/kustomization.yaml b/kustomize.example/glance/aio/kustomization.yaml similarity index 100% rename from kustomize/glance/aio/kustomization.yaml rename to kustomize.example/glance/aio/kustomization.yaml diff --git a/kustomize/glance/base/glance-mariadb-database.yaml b/kustomize.example/glance/base/glance-mariadb-database.yaml similarity index 100% rename from kustomize/glance/base/glance-mariadb-database.yaml rename to kustomize.example/glance/base/glance-mariadb-database.yaml diff --git a/kustomize/glance/base/glance-rabbitmq-queue.yaml b/kustomize.example/glance/base/glance-rabbitmq-queue.yaml similarity index 100% rename from kustomize/glance/base/glance-rabbitmq-queue.yaml rename to kustomize.example/glance/base/glance-rabbitmq-queue.yaml diff --git a/kustomize/glance/base/hpa-glance-api.yaml b/kustomize.example/glance/base/hpa-glance-api.yaml similarity index 100% rename from kustomize/glance/base/hpa-glance-api.yaml rename to kustomize.example/glance/base/hpa-glance-api.yaml diff --git a/kustomize/glance/base/kustomization.yaml b/kustomize.example/glance/base/kustomization.yaml similarity index 100% rename from kustomize/glance/base/kustomization.yaml rename to kustomize.example/glance/base/kustomization.yaml diff --git a/kustomize/glance/letsencrypt/kustomization.yaml b/kustomize.example/glance/letsencrypt/kustomization.yaml similarity index 100% rename from kustomize/glance/letsencrypt/kustomization.yaml rename to kustomize.example/glance/letsencrypt/kustomization.yaml diff --git a/kustomize/gnocchi/base/configmap-bin.yaml b/kustomize.example/gnocchi/base/configmap-bin.yaml similarity index 100% rename from kustomize/gnocchi/base/configmap-bin.yaml rename to kustomize.example/gnocchi/base/configmap-bin.yaml diff --git a/kustomize/gnocchi/base/gnocchi-temp-keyring.yaml b/kustomize.example/gnocchi/base/gnocchi-temp-keyring.yaml similarity index 100% rename from kustomize/gnocchi/base/gnocchi-temp-keyring.yaml rename to kustomize.example/gnocchi/base/gnocchi-temp-keyring.yaml diff --git a/kustomize/gnocchi/base/kustomization.yaml b/kustomize.example/gnocchi/base/kustomization.yaml similarity index 100% rename from kustomize/gnocchi/base/kustomization.yaml rename to kustomize.example/gnocchi/base/kustomization.yaml diff --git a/kustomize/grafana/base/azure-client-secret.yaml b/kustomize.example/grafana/base/azure-client-secret.yaml similarity index 100% rename from kustomize/grafana/base/azure-client-secret.yaml rename to kustomize.example/grafana/base/azure-client-secret.yaml diff --git a/kustomize/grafana/base/datasources.yaml b/kustomize.example/grafana/base/datasources.yaml similarity index 100% rename from kustomize/grafana/base/datasources.yaml rename to kustomize.example/grafana/base/datasources.yaml diff --git a/kustomize/grafana/base/example-cert.pem b/kustomize.example/grafana/base/example-cert.pem similarity index 100% rename from kustomize/grafana/base/example-cert.pem rename to kustomize.example/grafana/base/example-cert.pem diff --git a/kustomize/grafana/base/example-key.pem b/kustomize.example/grafana/base/example-key.pem similarity index 100% rename from kustomize/grafana/base/example-key.pem rename to kustomize.example/grafana/base/example-key.pem diff --git a/kustomize/grafana/base/grafana-database.yaml b/kustomize.example/grafana/base/grafana-database.yaml similarity index 100% rename from kustomize/grafana/base/grafana-database.yaml rename to kustomize.example/grafana/base/grafana-database.yaml diff --git a/kustomize/grafana/base/grafana-values.yaml b/kustomize.example/grafana/base/grafana-values.yaml similarity index 100% rename from kustomize/grafana/base/grafana-values.yaml rename to kustomize.example/grafana/base/grafana-values.yaml diff --git a/kustomize/grafana/base/kustomization.yaml b/kustomize.example/grafana/base/kustomization.yaml similarity index 100% rename from kustomize/grafana/base/kustomization.yaml rename to kustomize.example/grafana/base/kustomization.yaml diff --git a/kustomize/grafana/base/ns-grafana.yaml b/kustomize.example/grafana/base/ns-grafana.yaml similarity index 100% rename from kustomize/grafana/base/ns-grafana.yaml rename to kustomize.example/grafana/base/ns-grafana.yaml diff --git a/kustomize/heat/aio/kustomization.yaml b/kustomize.example/heat/aio/kustomization.yaml similarity index 100% rename from kustomize/heat/aio/kustomization.yaml rename to kustomize.example/heat/aio/kustomization.yaml diff --git a/kustomize/heat/base/heat-mariadb-database.yaml b/kustomize.example/heat/base/heat-mariadb-database.yaml similarity index 100% rename from kustomize/heat/base/heat-mariadb-database.yaml rename to kustomize.example/heat/base/heat-mariadb-database.yaml diff --git a/kustomize/heat/base/heat-rabbitmq-queue.yaml b/kustomize.example/heat/base/heat-rabbitmq-queue.yaml similarity index 100% rename from kustomize/heat/base/heat-rabbitmq-queue.yaml rename to kustomize.example/heat/base/heat-rabbitmq-queue.yaml diff --git a/kustomize/heat/base/hpa-heat-api.yaml b/kustomize.example/heat/base/hpa-heat-api.yaml similarity index 100% rename from kustomize/heat/base/hpa-heat-api.yaml rename to kustomize.example/heat/base/hpa-heat-api.yaml diff --git a/kustomize/heat/base/hpa-heat-cfn.yaml b/kustomize.example/heat/base/hpa-heat-cfn.yaml similarity index 100% rename from kustomize/heat/base/hpa-heat-cfn.yaml rename to kustomize.example/heat/base/hpa-heat-cfn.yaml diff --git a/kustomize/heat/base/hpa-heat-engine.yaml b/kustomize.example/heat/base/hpa-heat-engine.yaml similarity index 100% rename from kustomize/heat/base/hpa-heat-engine.yaml rename to kustomize.example/heat/base/hpa-heat-engine.yaml diff --git a/kustomize/heat/base/kustomization.yaml b/kustomize.example/heat/base/kustomization.yaml similarity index 100% rename from kustomize/heat/base/kustomization.yaml rename to kustomize.example/heat/base/kustomization.yaml diff --git a/kustomize/heat/letsencrypt/kustomization.yaml b/kustomize.example/heat/letsencrypt/kustomization.yaml similarity index 100% rename from kustomize/heat/letsencrypt/kustomization.yaml rename to kustomize.example/heat/letsencrypt/kustomization.yaml diff --git a/kustomize/horizon/aio/kustomization.yaml b/kustomize.example/horizon/aio/kustomization.yaml similarity index 100% rename from kustomize/horizon/aio/kustomization.yaml rename to kustomize.example/horizon/aio/kustomization.yaml diff --git a/kustomize/horizon/base/horizon-mariadb-database.yaml b/kustomize.example/horizon/base/horizon-mariadb-database.yaml similarity index 100% rename from kustomize/horizon/base/horizon-mariadb-database.yaml rename to kustomize.example/horizon/base/horizon-mariadb-database.yaml diff --git a/kustomize/horizon/base/hpa-horizon-api.yaml b/kustomize.example/horizon/base/hpa-horizon-api.yaml similarity index 100% rename from kustomize/horizon/base/hpa-horizon-api.yaml rename to kustomize.example/horizon/base/hpa-horizon-api.yaml diff --git a/kustomize/horizon/base/kustomization.yaml b/kustomize.example/horizon/base/kustomization.yaml similarity index 100% rename from kustomize/horizon/base/kustomization.yaml rename to kustomize.example/horizon/base/kustomization.yaml diff --git a/kustomize/horizon/letsencrypt/kustomization.yaml b/kustomize.example/horizon/letsencrypt/kustomization.yaml similarity index 100% rename from kustomize/horizon/letsencrypt/kustomization.yaml rename to kustomize.example/horizon/letsencrypt/kustomization.yaml diff --git a/kustomize/ingress/external/helm/ingress-helm-overrides.yaml b/kustomize.example/ingress/external/helm/ingress-helm-overrides.yaml similarity index 100% rename from kustomize/ingress/external/helm/ingress-helm-overrides.yaml rename to kustomize.example/ingress/external/helm/ingress-helm-overrides.yaml diff --git a/kustomize/ingress/external/kustomization.yaml b/kustomize.example/ingress/external/kustomization.yaml similarity index 100% rename from kustomize/ingress/external/kustomization.yaml rename to kustomize.example/ingress/external/kustomization.yaml diff --git a/kustomize/ingress/external/ns-ingress-nginx.yaml b/kustomize.example/ingress/external/ns-ingress-nginx.yaml similarity index 100% rename from kustomize/ingress/external/ns-ingress-nginx.yaml rename to kustomize.example/ingress/external/ns-ingress-nginx.yaml diff --git a/kustomize/ingress/internal/helm/ingress-helm-overrides.yaml b/kustomize.example/ingress/internal/helm/ingress-helm-overrides.yaml similarity index 100% rename from kustomize/ingress/internal/helm/ingress-helm-overrides.yaml rename to kustomize.example/ingress/internal/helm/ingress-helm-overrides.yaml diff --git a/kustomize/ingress/internal/kustomization.yaml b/kustomize.example/ingress/internal/kustomization.yaml similarity index 100% rename from kustomize/ingress/internal/kustomization.yaml rename to kustomize.example/ingress/internal/kustomization.yaml diff --git a/kustomize/k8s-dashboard/dashboard-rbac-default.yaml b/kustomize.example/k8s-dashboard/dashboard-rbac-default.yaml similarity index 100% rename from kustomize/k8s-dashboard/dashboard-rbac-default.yaml rename to kustomize.example/k8s-dashboard/dashboard-rbac-default.yaml diff --git a/kustomize/k8s-dashboard/kustomization.yaml b/kustomize.example/k8s-dashboard/kustomization.yaml similarity index 100% rename from kustomize/k8s-dashboard/kustomization.yaml rename to kustomize.example/k8s-dashboard/kustomization.yaml diff --git a/kustomize/keystone/aio/kustomization.yaml b/kustomize.example/keystone/aio/kustomization.yaml similarity index 100% rename from kustomize/keystone/aio/kustomization.yaml rename to kustomize.example/keystone/aio/kustomization.yaml diff --git a/kustomize/keystone/base/hpa-keystone-api.yaml b/kustomize.example/keystone/base/hpa-keystone-api.yaml similarity index 100% rename from kustomize/keystone/base/hpa-keystone-api.yaml rename to kustomize.example/keystone/base/hpa-keystone-api.yaml diff --git a/kustomize/keystone/base/keystone-mariadb-database.yaml b/kustomize.example/keystone/base/keystone-mariadb-database.yaml similarity index 100% rename from kustomize/keystone/base/keystone-mariadb-database.yaml rename to kustomize.example/keystone/base/keystone-mariadb-database.yaml diff --git a/kustomize/keystone/base/keystone-rabbitmq-queue.yaml b/kustomize.example/keystone/base/keystone-rabbitmq-queue.yaml similarity index 100% rename from kustomize/keystone/base/keystone-rabbitmq-queue.yaml rename to kustomize.example/keystone/base/keystone-rabbitmq-queue.yaml diff --git a/kustomize/keystone/base/kustomization.yaml b/kustomize.example/keystone/base/kustomization.yaml similarity index 100% rename from kustomize/keystone/base/kustomization.yaml rename to kustomize.example/keystone/base/kustomization.yaml diff --git a/kustomize/keystone/letsencrypt/kustomization.yaml b/kustomize.example/keystone/letsencrypt/kustomization.yaml similarity index 100% rename from kustomize/keystone/letsencrypt/kustomization.yaml rename to kustomize.example/keystone/letsencrypt/kustomization.yaml diff --git a/kustomize/kustomize.sh b/kustomize.example/kustomize.sh similarity index 100% rename from kustomize/kustomize.sh rename to kustomize.example/kustomize.sh diff --git a/kustomize/libvirt/helm/libvirt-helm-overrides.yaml b/kustomize.example/libvirt/helm/libvirt-helm-overrides.yaml similarity index 100% rename from kustomize/libvirt/helm/libvirt-helm-overrides.yaml rename to kustomize.example/libvirt/helm/libvirt-helm-overrides.yaml diff --git a/kustomize/libvirt/kustomization.yaml b/kustomize.example/libvirt/kustomization.yaml similarity index 73% rename from kustomize/libvirt/kustomization.yaml rename to kustomize.example/libvirt/kustomization.yaml index d278dc2e..7619c256 100644 --- a/kustomize/libvirt/kustomization.yaml +++ b/kustomize.example/libvirt/kustomization.yaml @@ -1,5 +1,5 @@ helmGlobals: - chartHome: ../../submodules/openstack-helm-infra + chartHome: /opt/genestack/submodules/openstack-helm-infra helmCharts: - name: libvirt diff --git a/kustomize/mariadb-cluster/aio/kustomization.yaml b/kustomize.example/mariadb-cluster/aio/kustomization.yaml similarity index 100% rename from kustomize/mariadb-cluster/aio/kustomization.yaml rename to kustomize.example/mariadb-cluster/aio/kustomization.yaml diff --git a/kustomize/mariadb-cluster/base/kustomization.yaml b/kustomize.example/mariadb-cluster/base/kustomization.yaml similarity index 100% rename from kustomize/mariadb-cluster/base/kustomization.yaml rename to kustomize.example/mariadb-cluster/base/kustomization.yaml diff --git a/kustomize/mariadb-cluster/base/mariadb-backup.yaml b/kustomize.example/mariadb-cluster/base/mariadb-backup.yaml similarity index 100% rename from kustomize/mariadb-cluster/base/mariadb-backup.yaml rename to kustomize.example/mariadb-cluster/base/mariadb-backup.yaml diff --git a/kustomize/mariadb-cluster/base/mariadb-configmap.yaml b/kustomize.example/mariadb-cluster/base/mariadb-configmap.yaml similarity index 100% rename from kustomize/mariadb-cluster/base/mariadb-configmap.yaml rename to kustomize.example/mariadb-cluster/base/mariadb-configmap.yaml diff --git a/kustomize/mariadb-cluster/base/mariadb-replication.yaml b/kustomize.example/mariadb-cluster/base/mariadb-replication.yaml similarity index 100% rename from kustomize/mariadb-cluster/base/mariadb-replication.yaml rename to kustomize.example/mariadb-cluster/base/mariadb-replication.yaml diff --git a/kustomize/mariadb-operator/kustomization.yaml b/kustomize.example/mariadb-operator/kustomization.yaml similarity index 100% rename from kustomize/mariadb-operator/kustomization.yaml rename to kustomize.example/mariadb-operator/kustomization.yaml diff --git a/kustomize/mariadb-operator/ns-mariadb.yaml b/kustomize.example/mariadb-operator/ns-mariadb.yaml similarity index 100% rename from kustomize/mariadb-operator/ns-mariadb.yaml rename to kustomize.example/mariadb-operator/ns-mariadb.yaml diff --git a/kustomize/memcached/aio/kustomization.yaml b/kustomize.example/memcached/aio/kustomization.yaml similarity index 100% rename from kustomize/memcached/aio/kustomization.yaml rename to kustomize.example/memcached/aio/kustomization.yaml diff --git a/kustomize/memcached/base-monitoring/kustomization.yaml b/kustomize.example/memcached/base-monitoring/kustomization.yaml similarity index 100% rename from kustomize/memcached/base-monitoring/kustomization.yaml rename to kustomize.example/memcached/base-monitoring/kustomization.yaml diff --git a/kustomize/memcached/base/kustomization.yaml b/kustomize.example/memcached/base/kustomization.yaml similarity index 100% rename from kustomize/memcached/base/kustomization.yaml rename to kustomize.example/memcached/base/kustomization.yaml diff --git a/kustomize/neutron/aio/kustomization.yaml b/kustomize.example/neutron/aio/kustomization.yaml similarity index 100% rename from kustomize/neutron/aio/kustomization.yaml rename to kustomize.example/neutron/aio/kustomization.yaml diff --git a/kustomize/neutron/base/hpa-neutron-server.yaml b/kustomize.example/neutron/base/hpa-neutron-server.yaml similarity index 100% rename from kustomize/neutron/base/hpa-neutron-server.yaml rename to kustomize.example/neutron/base/hpa-neutron-server.yaml diff --git a/kustomize/neutron/base/kustomization.yaml b/kustomize.example/neutron/base/kustomization.yaml similarity index 100% rename from kustomize/neutron/base/kustomization.yaml rename to kustomize.example/neutron/base/kustomization.yaml diff --git a/kustomize/neutron/base/neutron-mariadb-database.yaml b/kustomize.example/neutron/base/neutron-mariadb-database.yaml similarity index 100% rename from kustomize/neutron/base/neutron-mariadb-database.yaml rename to kustomize.example/neutron/base/neutron-mariadb-database.yaml diff --git a/kustomize/neutron/base/neutron-rabbitmq-queue.yaml b/kustomize.example/neutron/base/neutron-rabbitmq-queue.yaml similarity index 100% rename from kustomize/neutron/base/neutron-rabbitmq-queue.yaml rename to kustomize.example/neutron/base/neutron-rabbitmq-queue.yaml diff --git a/kustomize/neutron/letsencrypt/kustomization.yaml b/kustomize.example/neutron/letsencrypt/kustomization.yaml similarity index 100% rename from kustomize/neutron/letsencrypt/kustomization.yaml rename to kustomize.example/neutron/letsencrypt/kustomization.yaml diff --git a/kustomize/nova/aio/kustomization.yaml b/kustomize.example/nova/aio/kustomization.yaml similarity index 100% rename from kustomize/nova/aio/kustomization.yaml rename to kustomize.example/nova/aio/kustomization.yaml diff --git a/kustomize/nova/base/hpa-nova-api-metadata.yaml b/kustomize.example/nova/base/hpa-nova-api-metadata.yaml similarity index 100% rename from kustomize/nova/base/hpa-nova-api-metadata.yaml rename to kustomize.example/nova/base/hpa-nova-api-metadata.yaml diff --git a/kustomize/nova/base/hpa-nova-api-osapi.yaml b/kustomize.example/nova/base/hpa-nova-api-osapi.yaml similarity index 100% rename from kustomize/nova/base/hpa-nova-api-osapi.yaml rename to kustomize.example/nova/base/hpa-nova-api-osapi.yaml diff --git a/kustomize/nova/base/hpa-nova-conductor.yaml b/kustomize.example/nova/base/hpa-nova-conductor.yaml similarity index 100% rename from kustomize/nova/base/hpa-nova-conductor.yaml rename to kustomize.example/nova/base/hpa-nova-conductor.yaml diff --git a/kustomize/nova/base/hpa-nova-novncproxy.yaml b/kustomize.example/nova/base/hpa-nova-novncproxy.yaml similarity index 100% rename from kustomize/nova/base/hpa-nova-novncproxy.yaml rename to kustomize.example/nova/base/hpa-nova-novncproxy.yaml diff --git a/kustomize/nova/base/hpa-nova-scheduler.yaml b/kustomize.example/nova/base/hpa-nova-scheduler.yaml similarity index 100% rename from kustomize/nova/base/hpa-nova-scheduler.yaml rename to kustomize.example/nova/base/hpa-nova-scheduler.yaml diff --git a/kustomize/nova/base/kustomization.yaml b/kustomize.example/nova/base/kustomization.yaml similarity index 100% rename from kustomize/nova/base/kustomization.yaml rename to kustomize.example/nova/base/kustomization.yaml diff --git a/kustomize/nova/base/nova-mariadb-database.yaml b/kustomize.example/nova/base/nova-mariadb-database.yaml similarity index 100% rename from kustomize/nova/base/nova-mariadb-database.yaml rename to kustomize.example/nova/base/nova-mariadb-database.yaml diff --git a/kustomize/nova/base/nova-rabbitmq-queue.yaml b/kustomize.example/nova/base/nova-rabbitmq-queue.yaml similarity index 100% rename from kustomize/nova/base/nova-rabbitmq-queue.yaml rename to kustomize.example/nova/base/nova-rabbitmq-queue.yaml diff --git a/kustomize/nova/letsencrypt/kustomization.yaml b/kustomize.example/nova/letsencrypt/kustomization.yaml similarity index 100% rename from kustomize/nova/letsencrypt/kustomization.yaml rename to kustomize.example/nova/letsencrypt/kustomization.yaml diff --git a/kustomize/octavia/aio/kustomization.yaml b/kustomize.example/octavia/aio/kustomization.yaml similarity index 100% rename from kustomize/octavia/aio/kustomization.yaml rename to kustomize.example/octavia/aio/kustomization.yaml diff --git a/kustomize/octavia/base/hpa-octavia-api.yaml b/kustomize.example/octavia/base/hpa-octavia-api.yaml similarity index 100% rename from kustomize/octavia/base/hpa-octavia-api.yaml rename to kustomize.example/octavia/base/hpa-octavia-api.yaml diff --git a/kustomize/octavia/base/hpa-octavia-worker.yaml b/kustomize.example/octavia/base/hpa-octavia-worker.yaml similarity index 100% rename from kustomize/octavia/base/hpa-octavia-worker.yaml rename to kustomize.example/octavia/base/hpa-octavia-worker.yaml diff --git a/kustomize/octavia/base/kustomization.yaml b/kustomize.example/octavia/base/kustomization.yaml similarity index 100% rename from kustomize/octavia/base/kustomization.yaml rename to kustomize.example/octavia/base/kustomization.yaml diff --git a/kustomize/octavia/base/octavia-agent.yaml b/kustomize.example/octavia/base/octavia-agent.yaml similarity index 100% rename from kustomize/octavia/base/octavia-agent.yaml rename to kustomize.example/octavia/base/octavia-agent.yaml diff --git a/kustomize/octavia/base/octavia-mariadb-database.yaml b/kustomize.example/octavia/base/octavia-mariadb-database.yaml similarity index 100% rename from kustomize/octavia/base/octavia-mariadb-database.yaml rename to kustomize.example/octavia/base/octavia-mariadb-database.yaml diff --git a/kustomize/octavia/base/octavia-rabbitmq-queue.yaml b/kustomize.example/octavia/base/octavia-rabbitmq-queue.yaml similarity index 100% rename from kustomize/octavia/base/octavia-rabbitmq-queue.yaml rename to kustomize.example/octavia/base/octavia-rabbitmq-queue.yaml diff --git a/kustomize/octavia/letsencrypt/kustomization.yaml b/kustomize.example/octavia/letsencrypt/kustomization.yaml similarity index 100% rename from kustomize/octavia/letsencrypt/kustomization.yaml rename to kustomize.example/octavia/letsencrypt/kustomization.yaml diff --git a/kustomize/openstack/issuer-kube-system-selfsigned.yaml b/kustomize.example/openstack/issuer-kube-system-selfsigned.yaml similarity index 100% rename from kustomize/openstack/issuer-kube-system-selfsigned.yaml rename to kustomize.example/openstack/issuer-kube-system-selfsigned.yaml diff --git a/kustomize/openstack/kustomization.yaml b/kustomize.example/openstack/kustomization.yaml similarity index 100% rename from kustomize/openstack/kustomization.yaml rename to kustomize.example/openstack/kustomization.yaml diff --git a/kustomize/openstack/ns-openstack.yaml b/kustomize.example/openstack/ns-openstack.yaml similarity index 100% rename from kustomize/openstack/ns-openstack.yaml rename to kustomize.example/openstack/ns-openstack.yaml diff --git a/kustomize/ovn/kustomization.yaml b/kustomize.example/ovn/kustomization.yaml similarity index 100% rename from kustomize/ovn/kustomization.yaml rename to kustomize.example/ovn/kustomization.yaml diff --git a/kustomize/ovn/ovn-backup/kustomization.yaml b/kustomize.example/ovn/ovn-backup/kustomization.yaml similarity index 100% rename from kustomize/ovn/ovn-backup/kustomization.yaml rename to kustomize.example/ovn/ovn-backup/kustomization.yaml diff --git a/kustomize/ovn/ovn-backup/ovn-backup.config b/kustomize.example/ovn/ovn-backup/ovn-backup.config similarity index 100% rename from kustomize/ovn/ovn-backup/ovn-backup.config rename to kustomize.example/ovn/ovn-backup/ovn-backup.config diff --git a/kustomize/ovn/ovn-backup/ovn-backup.sh b/kustomize.example/ovn/ovn-backup/ovn-backup.sh similarity index 100% rename from kustomize/ovn/ovn-backup/ovn-backup.sh rename to kustomize.example/ovn/ovn-backup/ovn-backup.sh diff --git a/kustomize/ovn/ovn-backup/ovn-backup.yaml b/kustomize.example/ovn/ovn-backup/ovn-backup.yaml similarity index 100% rename from kustomize/ovn/ovn-backup/ovn-backup.yaml rename to kustomize.example/ovn/ovn-backup/ovn-backup.yaml diff --git a/kustomize/ovn/ovn-backup/swift-tempauth.env b/kustomize.example/ovn/ovn-backup/swift-tempauth.env similarity index 100% rename from kustomize/ovn/ovn-backup/swift-tempauth.env rename to kustomize.example/ovn/ovn-backup/swift-tempauth.env diff --git a/kustomize/ovn/ovn-setup.yaml b/kustomize.example/ovn/ovn-setup.yaml similarity index 100% rename from kustomize/ovn/ovn-setup.yaml rename to kustomize.example/ovn/ovn-setup.yaml diff --git a/kustomize/placement/aio/kustomization.yaml b/kustomize.example/placement/aio/kustomization.yaml similarity index 100% rename from kustomize/placement/aio/kustomization.yaml rename to kustomize.example/placement/aio/kustomization.yaml diff --git a/kustomize/placement/base/hpa-placement-api.yaml b/kustomize.example/placement/base/hpa-placement-api.yaml similarity index 100% rename from kustomize/placement/base/hpa-placement-api.yaml rename to kustomize.example/placement/base/hpa-placement-api.yaml diff --git a/kustomize/placement/base/kustomization.yaml b/kustomize.example/placement/base/kustomization.yaml similarity index 100% rename from kustomize/placement/base/kustomization.yaml rename to kustomize.example/placement/base/kustomization.yaml diff --git a/kustomize/placement/base/placement-mariadb-database.yaml b/kustomize.example/placement/base/placement-mariadb-database.yaml similarity index 100% rename from kustomize/placement/base/placement-mariadb-database.yaml rename to kustomize.example/placement/base/placement-mariadb-database.yaml diff --git a/kustomize/placement/letsencrypt/kustomization.yaml b/kustomize.example/placement/letsencrypt/kustomization.yaml similarity index 100% rename from kustomize/placement/letsencrypt/kustomization.yaml rename to kustomize.example/placement/letsencrypt/kustomization.yaml diff --git a/kustomize/prometheus-blackbox-exporter/kustomization.yaml b/kustomize.example/prometheus-blackbox-exporter/kustomization.yaml similarity index 100% rename from kustomize/prometheus-blackbox-exporter/kustomization.yaml rename to kustomize.example/prometheus-blackbox-exporter/kustomization.yaml diff --git a/kustomize/prometheus-blackbox-exporter/probe_targets.yaml b/kustomize.example/prometheus-blackbox-exporter/probe_targets.yaml similarity index 100% rename from kustomize/prometheus-blackbox-exporter/probe_targets.yaml rename to kustomize.example/prometheus-blackbox-exporter/probe_targets.yaml diff --git a/kustomize/prometheus-blackbox-exporter/values.yaml b/kustomize.example/prometheus-blackbox-exporter/values.yaml similarity index 100% rename from kustomize/prometheus-blackbox-exporter/values.yaml rename to kustomize.example/prometheus-blackbox-exporter/values.yaml diff --git a/kustomize/prometheus-mysql-exporter/kustomization.yaml b/kustomize.example/prometheus-mysql-exporter/kustomization.yaml similarity index 100% rename from kustomize/prometheus-mysql-exporter/kustomization.yaml rename to kustomize.example/prometheus-mysql-exporter/kustomization.yaml diff --git a/kustomize/prometheus-mysql-exporter/monitoring_user_create.yaml b/kustomize.example/prometheus-mysql-exporter/monitoring_user_create.yaml similarity index 100% rename from kustomize/prometheus-mysql-exporter/monitoring_user_create.yaml rename to kustomize.example/prometheus-mysql-exporter/monitoring_user_create.yaml diff --git a/kustomize/prometheus-mysql-exporter/monitoring_user_grant.yaml b/kustomize.example/prometheus-mysql-exporter/monitoring_user_grant.yaml similarity index 100% rename from kustomize/prometheus-mysql-exporter/monitoring_user_grant.yaml rename to kustomize.example/prometheus-mysql-exporter/monitoring_user_grant.yaml diff --git a/kustomize/prometheus-mysql-exporter/values.yaml b/kustomize.example/prometheus-mysql-exporter/values.yaml similarity index 100% rename from kustomize/prometheus-mysql-exporter/values.yaml rename to kustomize.example/prometheus-mysql-exporter/values.yaml diff --git a/kustomize/prometheus-ovn/cni-monitor.yaml b/kustomize.example/prometheus-ovn/cni-monitor.yaml similarity index 100% rename from kustomize/prometheus-ovn/cni-monitor.yaml rename to kustomize.example/prometheus-ovn/cni-monitor.yaml diff --git a/kustomize/prometheus-ovn/controller-monitor.yaml b/kustomize.example/prometheus-ovn/controller-monitor.yaml similarity index 100% rename from kustomize/prometheus-ovn/controller-monitor.yaml rename to kustomize.example/prometheus-ovn/controller-monitor.yaml diff --git a/kustomize/prometheus-ovn/ovn-monitor.yaml b/kustomize.example/prometheus-ovn/ovn-monitor.yaml similarity index 100% rename from kustomize/prometheus-ovn/ovn-monitor.yaml rename to kustomize.example/prometheus-ovn/ovn-monitor.yaml diff --git a/kustomize/prometheus-ovn/pinger-monitor.yaml b/kustomize.example/prometheus-ovn/pinger-monitor.yaml similarity index 100% rename from kustomize/prometheus-ovn/pinger-monitor.yaml rename to kustomize.example/prometheus-ovn/pinger-monitor.yaml diff --git a/kustomize/prometheus-postgres-exporter/kustomization.yaml b/kustomize.example/prometheus-postgres-exporter/kustomization.yaml similarity index 100% rename from kustomize/prometheus-postgres-exporter/kustomization.yaml rename to kustomize.example/prometheus-postgres-exporter/kustomization.yaml diff --git a/kustomize/prometheus-postgres-exporter/values.yaml b/kustomize.example/prometheus-postgres-exporter/values.yaml similarity index 100% rename from kustomize/prometheus-postgres-exporter/values.yaml rename to kustomize.example/prometheus-postgres-exporter/values.yaml diff --git a/kustomize/prometheus-rabbitmq-exporter/kustomization.yaml b/kustomize.example/prometheus-rabbitmq-exporter/kustomization.yaml similarity index 100% rename from kustomize/prometheus-rabbitmq-exporter/kustomization.yaml rename to kustomize.example/prometheus-rabbitmq-exporter/kustomization.yaml diff --git a/kustomize/prometheus-rabbitmq-exporter/values.yaml b/kustomize.example/prometheus-rabbitmq-exporter/values.yaml similarity index 100% rename from kustomize/prometheus-rabbitmq-exporter/values.yaml rename to kustomize.example/prometheus-rabbitmq-exporter/values.yaml diff --git a/kustomize/prometheus/alerting_rules.yaml b/kustomize.example/prometheus/alerting_rules.yaml similarity index 100% rename from kustomize/prometheus/alerting_rules.yaml rename to kustomize.example/prometheus/alerting_rules.yaml diff --git a/kustomize/prometheus/alertmanager_config.yaml b/kustomize.example/prometheus/alertmanager_config.yaml similarity index 100% rename from kustomize/prometheus/alertmanager_config.yaml rename to kustomize.example/prometheus/alertmanager_config.yaml diff --git a/kustomize/prometheus/kustomization.yaml b/kustomize.example/prometheus/kustomization.yaml similarity index 100% rename from kustomize/prometheus/kustomization.yaml rename to kustomize.example/prometheus/kustomization.yaml diff --git a/kustomize/prometheus/ns-prometheus.yaml b/kustomize.example/prometheus/ns-prometheus.yaml similarity index 100% rename from kustomize/prometheus/ns-prometheus.yaml rename to kustomize.example/prometheus/ns-prometheus.yaml diff --git a/kustomize/prometheus/values.yaml b/kustomize.example/prometheus/values.yaml similarity index 100% rename from kustomize/prometheus/values.yaml rename to kustomize.example/prometheus/values.yaml diff --git a/kustomize/rabbitmq-cluster/aio/kustomization.yaml b/kustomize.example/rabbitmq-cluster/aio/kustomization.yaml similarity index 100% rename from kustomize/rabbitmq-cluster/aio/kustomization.yaml rename to kustomize.example/rabbitmq-cluster/aio/kustomization.yaml diff --git a/kustomize/rabbitmq-cluster/base/kustomization.yaml b/kustomize.example/rabbitmq-cluster/base/kustomization.yaml similarity index 100% rename from kustomize/rabbitmq-cluster/base/kustomization.yaml rename to kustomize.example/rabbitmq-cluster/base/kustomization.yaml diff --git a/kustomize/rabbitmq-cluster/base/rabbitmq-cluster.yaml b/kustomize.example/rabbitmq-cluster/base/rabbitmq-cluster.yaml similarity index 100% rename from kustomize/rabbitmq-cluster/base/rabbitmq-cluster.yaml rename to kustomize.example/rabbitmq-cluster/base/rabbitmq-cluster.yaml diff --git a/kustomize/rabbitmq-operator/cluster-operator.yaml b/kustomize.example/rabbitmq-operator/cluster-operator.yaml similarity index 100% rename from kustomize/rabbitmq-operator/cluster-operator.yaml rename to kustomize.example/rabbitmq-operator/cluster-operator.yaml diff --git a/kustomize/rabbitmq-operator/kustomization.yaml b/kustomize.example/rabbitmq-operator/kustomization.yaml similarity index 100% rename from kustomize/rabbitmq-operator/kustomization.yaml rename to kustomize.example/rabbitmq-operator/kustomization.yaml diff --git a/kustomize/rabbitmq-topology-operator/kustomization.yaml b/kustomize.example/rabbitmq-topology-operator/kustomization.yaml similarity index 100% rename from kustomize/rabbitmq-topology-operator/kustomization.yaml rename to kustomize.example/rabbitmq-topology-operator/kustomization.yaml diff --git a/kustomize/rabbitmq-topology-operator/messaging-topology-operator-with-certmanager.yaml b/kustomize.example/rabbitmq-topology-operator/messaging-topology-operator-with-certmanager.yaml similarity index 100% rename from kustomize/rabbitmq-topology-operator/messaging-topology-operator-with-certmanager.yaml rename to kustomize.example/rabbitmq-topology-operator/messaging-topology-operator-with-certmanager.yaml diff --git a/kustomize/rook-cluster-external-pvc/cluster-on-pvc.yaml b/kustomize.example/rook-cluster-external-pvc/cluster-on-pvc.yaml similarity index 100% rename from kustomize/rook-cluster-external-pvc/cluster-on-pvc.yaml rename to kustomize.example/rook-cluster-external-pvc/cluster-on-pvc.yaml diff --git a/kustomize/rook-cluster-external-pvc/kustomization.yaml b/kustomize.example/rook-cluster-external-pvc/kustomization.yaml similarity index 100% rename from kustomize/rook-cluster-external-pvc/kustomization.yaml rename to kustomize.example/rook-cluster-external-pvc/kustomization.yaml diff --git a/kustomize/rook-cluster-external-pvc/toolbox.yaml b/kustomize.example/rook-cluster-external-pvc/toolbox.yaml similarity index 100% rename from kustomize/rook-cluster-external-pvc/toolbox.yaml rename to kustomize.example/rook-cluster-external-pvc/toolbox.yaml diff --git a/kustomize/rook-cluster/kustomization.yaml b/kustomize.example/rook-cluster/kustomization.yaml similarity index 100% rename from kustomize/rook-cluster/kustomization.yaml rename to kustomize.example/rook-cluster/kustomization.yaml diff --git a/kustomize/rook-cluster/rook-cluster.yaml b/kustomize.example/rook-cluster/rook-cluster.yaml similarity index 100% rename from kustomize/rook-cluster/rook-cluster.yaml rename to kustomize.example/rook-cluster/rook-cluster.yaml diff --git a/kustomize/rook-cluster/toolbox.yaml b/kustomize.example/rook-cluster/toolbox.yaml similarity index 100% rename from kustomize/rook-cluster/toolbox.yaml rename to kustomize.example/rook-cluster/toolbox.yaml diff --git a/kustomize/rook-defaults-external-pvc/filesystem.yaml b/kustomize.example/rook-defaults-external-pvc/filesystem.yaml similarity index 100% rename from kustomize/rook-defaults-external-pvc/filesystem.yaml rename to kustomize.example/rook-defaults-external-pvc/filesystem.yaml diff --git a/kustomize/rook-defaults-external-pvc/kustomization.yaml b/kustomize.example/rook-defaults-external-pvc/kustomization.yaml similarity index 100% rename from kustomize/rook-defaults-external-pvc/kustomization.yaml rename to kustomize.example/rook-defaults-external-pvc/kustomization.yaml diff --git a/kustomize/rook-defaults-external-pvc/storageclass-cephfs.yaml b/kustomize.example/rook-defaults-external-pvc/storageclass-cephfs.yaml similarity index 100% rename from kustomize/rook-defaults-external-pvc/storageclass-cephfs.yaml rename to kustomize.example/rook-defaults-external-pvc/storageclass-cephfs.yaml diff --git a/kustomize/rook-defaults/filesystem.yaml b/kustomize.example/rook-defaults/filesystem.yaml similarity index 100% rename from kustomize/rook-defaults/filesystem.yaml rename to kustomize.example/rook-defaults/filesystem.yaml diff --git a/kustomize/rook-defaults/kustomization.yaml b/kustomize.example/rook-defaults/kustomization.yaml similarity index 100% rename from kustomize/rook-defaults/kustomization.yaml rename to kustomize.example/rook-defaults/kustomization.yaml diff --git a/kustomize/rook-defaults/storageclass-cephfs.yaml b/kustomize.example/rook-defaults/storageclass-cephfs.yaml similarity index 100% rename from kustomize/rook-defaults/storageclass-cephfs.yaml rename to kustomize.example/rook-defaults/storageclass-cephfs.yaml diff --git a/kustomize/rook-defaults/storageclass-general.yaml b/kustomize.example/rook-defaults/storageclass-general.yaml similarity index 100% rename from kustomize/rook-defaults/storageclass-general.yaml rename to kustomize.example/rook-defaults/storageclass-general.yaml diff --git a/kustomize/rook-defaults/storageclass-rbd.yaml b/kustomize.example/rook-defaults/storageclass-rbd.yaml similarity index 100% rename from kustomize/rook-defaults/storageclass-rbd.yaml rename to kustomize.example/rook-defaults/storageclass-rbd.yaml diff --git a/kustomize/rook-operator/common.yaml b/kustomize.example/rook-operator/common.yaml similarity index 100% rename from kustomize/rook-operator/common.yaml rename to kustomize.example/rook-operator/common.yaml diff --git a/kustomize/rook-operator/crds.yaml b/kustomize.example/rook-operator/crds.yaml similarity index 100% rename from kustomize/rook-operator/crds.yaml rename to kustomize.example/rook-operator/crds.yaml diff --git a/kustomize/rook-operator/kustomization.yaml b/kustomize.example/rook-operator/kustomization.yaml similarity index 100% rename from kustomize/rook-operator/kustomization.yaml rename to kustomize.example/rook-operator/kustomization.yaml diff --git a/kustomize/rook-operator/operator.yaml b/kustomize.example/rook-operator/operator.yaml similarity index 100% rename from kustomize/rook-operator/operator.yaml rename to kustomize.example/rook-operator/operator.yaml diff --git a/kustomize/sealed-secrets/base/kustomization.yaml b/kustomize.example/sealed-secrets/base/kustomization.yaml similarity index 100% rename from kustomize/sealed-secrets/base/kustomization.yaml rename to kustomize.example/sealed-secrets/base/kustomization.yaml diff --git a/kustomize/sealed-secrets/base/namespace.yaml b/kustomize.example/sealed-secrets/base/namespace.yaml similarity index 100% rename from kustomize/sealed-secrets/base/namespace.yaml rename to kustomize.example/sealed-secrets/base/namespace.yaml diff --git a/kustomize/sealed-secrets/base/values.yaml b/kustomize.example/sealed-secrets/base/values.yaml similarity index 100% rename from kustomize/sealed-secrets/base/values.yaml rename to kustomize.example/sealed-secrets/base/values.yaml diff --git a/kustomize/skyline/aio/kustomization.yaml b/kustomize.example/skyline/aio/kustomization.yaml similarity index 100% rename from kustomize/skyline/aio/kustomization.yaml rename to kustomize.example/skyline/aio/kustomization.yaml diff --git a/kustomize/skyline/base/configmap-bin.yaml b/kustomize.example/skyline/base/configmap-bin.yaml similarity index 100% rename from kustomize/skyline/base/configmap-bin.yaml rename to kustomize.example/skyline/base/configmap-bin.yaml diff --git a/kustomize/skyline/base/deployment-apiserver.yaml b/kustomize.example/skyline/base/deployment-apiserver.yaml similarity index 99% rename from kustomize/skyline/base/deployment-apiserver.yaml rename to kustomize.example/skyline/base/deployment-apiserver.yaml index 3a923f06..79de0cb0 100644 --- a/kustomize/skyline/base/deployment-apiserver.yaml +++ b/kustomize.example/skyline/base/deployment-apiserver.yaml @@ -317,7 +317,7 @@ spec: key: prometheus_endpoint optional: true - name: skyline-apiserver-db-migrate - image: "ghcr.io/rackerlabs/skyline-rxt:master-ubuntu_jammy-1718885915" + image: "ghcr.io/rackerlabs/skyline-rxt:master-ubuntu_jammy-1719410798" imagePullPolicy: IfNotPresent resources: requests: @@ -340,7 +340,7 @@ spec: readOnly: true containers: - name: skyline-apiserver - image: "ghcr.io/rackerlabs/skyline-rxt:master-ubuntu_jammy-1718885915" + image: "ghcr.io/rackerlabs/skyline-rxt:master-ubuntu_jammy-1719410798" imagePullPolicy: IfNotPresent resources: limits: diff --git a/kustomize/skyline/base/hpa-skyline-apiserver.yaml b/kustomize.example/skyline/base/hpa-skyline-apiserver.yaml similarity index 100% rename from kustomize/skyline/base/hpa-skyline-apiserver.yaml rename to kustomize.example/skyline/base/hpa-skyline-apiserver.yaml diff --git a/kustomize/skyline/base/ingress-apiserver.yaml b/kustomize.example/skyline/base/ingress-apiserver.yaml similarity index 100% rename from kustomize/skyline/base/ingress-apiserver.yaml rename to kustomize.example/skyline/base/ingress-apiserver.yaml diff --git a/kustomize/skyline/base/kustomization.yaml b/kustomize.example/skyline/base/kustomization.yaml similarity index 100% rename from kustomize/skyline/base/kustomization.yaml rename to kustomize.example/skyline/base/kustomization.yaml diff --git a/kustomize/skyline/base/pdb-apiserver.yaml b/kustomize.example/skyline/base/pdb-apiserver.yaml similarity index 100% rename from kustomize/skyline/base/pdb-apiserver.yaml rename to kustomize.example/skyline/base/pdb-apiserver.yaml diff --git a/kustomize/skyline/base/services.yaml b/kustomize.example/skyline/base/services.yaml similarity index 100% rename from kustomize/skyline/base/services.yaml rename to kustomize.example/skyline/base/services.yaml diff --git a/kustomize/skyline/base/skyline-mariadb-database.yaml b/kustomize.example/skyline/base/skyline-mariadb-database.yaml similarity index 100% rename from kustomize/skyline/base/skyline-mariadb-database.yaml rename to kustomize.example/skyline/base/skyline-mariadb-database.yaml diff --git a/kustomize/skyline/fqdn/kustomization.yaml b/kustomize.example/skyline/fqdn/kustomization.yaml similarity index 100% rename from kustomize/skyline/fqdn/kustomization.yaml rename to kustomize.example/skyline/fqdn/kustomization.yaml diff --git a/kustomize/skyline/letsencrypt/kustomization.yaml b/kustomize.example/skyline/letsencrypt/kustomization.yaml similarity index 100% rename from kustomize/skyline/letsencrypt/kustomization.yaml rename to kustomize.example/skyline/letsencrypt/kustomization.yaml diff --git a/kustomize/topolvm/general/kustomization.yaml b/kustomize.example/topolvm/general/kustomization.yaml similarity index 92% rename from kustomize/topolvm/general/kustomization.yaml rename to kustomize.example/topolvm/general/kustomization.yaml index 502a5887..1540310d 100644 --- a/kustomize/topolvm/general/kustomization.yaml +++ b/kustomize.example/topolvm/general/kustomization.yaml @@ -15,7 +15,7 @@ helmCharts: cert-manager: enabled: false storageClasses: - - name: local-path # Defines name of storage class. + - name: general # Defines name of storage class. storageClass: fsType: xfs # Supported filesystems are: ext4, xfs, and btrfs. # reclaimPolicy @@ -30,7 +30,7 @@ helmCharts: # enables CSI drivers to expand volumes. This feature is available for Kubernetes 1.16 and later releases. allowVolumeExpansion: true additionalParameters: - topolvm.io/device-class: "local-path" + topolvm.io/device-class: "general" # mount options mountOptions: [] # lvmd service @@ -41,7 +41,7 @@ helmCharts: socketName: /run/topolvm/lvmd.sock # lvmd.deviceClasses -- Specify the device-class settings. deviceClasses: - - name: local-path + - name: general volume-group: vg-general default: true spare-gb: 10 diff --git a/kustomize/topolvm/general/ns-topolvm.yaml b/kustomize.example/topolvm/general/ns-topolvm.yaml similarity index 100% rename from kustomize/topolvm/general/ns-topolvm.yaml rename to kustomize.example/topolvm/general/ns-topolvm.yaml diff --git a/kustomize/vault-secrets-operator/base/kustomization.yaml b/kustomize.example/vault-secrets-operator/base/kustomization.yaml similarity index 100% rename from kustomize/vault-secrets-operator/base/kustomization.yaml rename to kustomize.example/vault-secrets-operator/base/kustomization.yaml diff --git a/kustomize/vault-secrets-operator/base/namespace.yaml b/kustomize.example/vault-secrets-operator/base/namespace.yaml similarity index 100% rename from kustomize/vault-secrets-operator/base/namespace.yaml rename to kustomize.example/vault-secrets-operator/base/namespace.yaml diff --git a/kustomize/vault-secrets-operator/base/values.yaml b/kustomize.example/vault-secrets-operator/base/values.yaml similarity index 100% rename from kustomize/vault-secrets-operator/base/values.yaml rename to kustomize.example/vault-secrets-operator/base/values.yaml diff --git a/kustomize/vault/base/kustomization.yaml b/kustomize.example/vault/base/kustomization.yaml similarity index 100% rename from kustomize/vault/base/kustomization.yaml rename to kustomize.example/vault/base/kustomization.yaml diff --git a/kustomize/vault/base/local_storage/kustomization.yaml b/kustomize.example/vault/base/local_storage/kustomization.yaml similarity index 100% rename from kustomize/vault/base/local_storage/kustomization.yaml rename to kustomize.example/vault/base/local_storage/kustomization.yaml diff --git a/kustomize/vault/base/local_storage/local_sc.yaml b/kustomize.example/vault/base/local_storage/local_sc.yaml similarity index 100% rename from kustomize/vault/base/local_storage/local_sc.yaml rename to kustomize.example/vault/base/local_storage/local_sc.yaml diff --git a/kustomize/vault/base/local_storage/vault-dwpp.yaml b/kustomize.example/vault/base/local_storage/vault-dwpp.yaml similarity index 100% rename from kustomize/vault/base/local_storage/vault-dwpp.yaml rename to kustomize.example/vault/base/local_storage/vault-dwpp.yaml diff --git a/kustomize/vault/base/local_storage/vault-fezz.yaml b/kustomize.example/vault/base/local_storage/vault-fezz.yaml similarity index 100% rename from kustomize/vault/base/local_storage/vault-fezz.yaml rename to kustomize.example/vault/base/local_storage/vault-fezz.yaml diff --git a/kustomize/vault/base/local_storage/vault-hprr.yaml b/kustomize.example/vault/base/local_storage/vault-hprr.yaml similarity index 100% rename from kustomize/vault/base/local_storage/vault-hprr.yaml rename to kustomize.example/vault/base/local_storage/vault-hprr.yaml diff --git a/kustomize/vault/base/local_storage/vault-jyff.yaml b/kustomize.example/vault/base/local_storage/vault-jyff.yaml similarity index 100% rename from kustomize/vault/base/local_storage/vault-jyff.yaml rename to kustomize.example/vault/base/local_storage/vault-jyff.yaml diff --git a/kustomize/vault/base/local_storage/vault-ktpw.yaml b/kustomize.example/vault/base/local_storage/vault-ktpw.yaml similarity index 100% rename from kustomize/vault/base/local_storage/vault-ktpw.yaml rename to kustomize.example/vault/base/local_storage/vault-ktpw.yaml diff --git a/kustomize/vault/base/local_storage/vault-uqhy.yaml b/kustomize.example/vault/base/local_storage/vault-uqhy.yaml similarity index 100% rename from kustomize/vault/base/local_storage/vault-uqhy.yaml rename to kustomize.example/vault/base/local_storage/vault-uqhy.yaml diff --git a/kustomize/vault/base/namespace.yaml b/kustomize.example/vault/base/namespace.yaml similarity index 100% rename from kustomize/vault/base/namespace.yaml rename to kustomize.example/vault/base/namespace.yaml diff --git a/kustomize/vault/base/ssl/kustomization.yaml b/kustomize.example/vault/base/ssl/kustomization.yaml similarity index 100% rename from kustomize/vault/base/ssl/kustomization.yaml rename to kustomize.example/vault/base/ssl/kustomization.yaml diff --git a/kustomize/vault/base/ssl/vault-ca-issuer.yaml b/kustomize.example/vault/base/ssl/vault-ca-issuer.yaml similarity index 100% rename from kustomize/vault/base/ssl/vault-ca-issuer.yaml rename to kustomize.example/vault/base/ssl/vault-ca-issuer.yaml diff --git a/kustomize/vault/base/ssl/vault-cert.yaml b/kustomize.example/vault/base/ssl/vault-cert.yaml similarity index 100% rename from kustomize/vault/base/ssl/vault-cert.yaml rename to kustomize.example/vault/base/ssl/vault-cert.yaml diff --git a/kustomize/vault/base/ssl/vault-selfsigned-ca.yaml b/kustomize.example/vault/base/ssl/vault-selfsigned-ca.yaml similarity index 100% rename from kustomize/vault/base/ssl/vault-selfsigned-ca.yaml rename to kustomize.example/vault/base/ssl/vault-selfsigned-ca.yaml diff --git a/kustomize/vault/base/ssl/vault-selfsigned-issuer.yaml b/kustomize.example/vault/base/ssl/vault-selfsigned-issuer.yaml similarity index 100% rename from kustomize/vault/base/ssl/vault-selfsigned-issuer.yaml rename to kustomize.example/vault/base/ssl/vault-selfsigned-issuer.yaml diff --git a/kustomize/vault/base/values.yaml b/kustomize.example/vault/base/values.yaml similarity index 100% rename from kustomize/vault/base/values.yaml rename to kustomize.example/vault/base/values.yaml diff --git a/requirements.txt b/requirements.txt index 1408b456..7eec69ea 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,6 @@ ansible>=6.7.0,<=8.5.0 cryptography==42.0.4 -jinja2==3.1.2 +jinja2==3.1.4 jmespath==1.0.1 MarkupSafe==2.1.3 netaddr==0.9.0 diff --git a/scripts/openstack-run-all.sh b/scripts/openstack-run-all.sh index ed8b27a9..8eab8de7 100644 --- a/scripts/openstack-run-all.sh +++ b/scripts/openstack-run-all.sh @@ -4,33 +4,33 @@ helm upgrade --install keystone ./keystone \ --namespace=openstack \ --wait \ --timeout 120m \ - -f /opt/genestack/helm-configs/keystone/keystone-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/keystone/keystone-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ --set endpoints.oslo_db.auth.keystone.password="$(kubectl --namespace openstack get secret keystone-db-password -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.keystone.password="$(kubectl --namespace openstack get secret keystone-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args keystone/base & helm upgrade --install glance ./glance \ --namespace=openstack \ --wait \ --timeout 120m \ - -f /opt/genestack/helm-configs/glance/glance-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/glance/glance-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.glance.password="$(kubectl --namespace openstack get secret glance-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ --set endpoints.oslo_db.auth.glance.password="$(kubectl --namespace openstack get secret glance-db-password -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.glance.password="$(kubectl --namespace openstack get secret glance-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args glance/base & helm upgrade --install heat ./heat \ --namespace=openstack \ --timeout 120m \ - -f /opt/genestack/helm-configs/heat/heat-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/heat/heat-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.heat.password="$(kubectl --namespace openstack get secret heat-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.heat_trustee.password="$(kubectl --namespace openstack get secret heat-trustee -o jsonpath='{.data.password}' | base64 -d)" \ @@ -39,27 +39,27 @@ helm upgrade --install heat ./heat \ --set endpoints.oslo_db.auth.heat.password="$(kubectl --namespace openstack get secret heat-db-password -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.heat.password="$(kubectl --namespace openstack get secret heat-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args heat/base & helm upgrade --install cinder ./cinder \ --namespace=openstack \ --wait \ --timeout 120m \ - -f /opt/genestack/helm-configs/cinder/cinder-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/cinder/cinder-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.cinder.password="$(kubectl --namespace openstack get secret cinder-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ --set endpoints.oslo_db.auth.cinder.password="$(kubectl --namespace openstack get secret cinder-db-password -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.cinder.password="$(kubectl --namespace openstack get secret cinder-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args cinder/base & helm upgrade --install neutron ./neutron \ --namespace=openstack \ --timeout 120m \ - -f /opt/genestack/helm-configs/neutron/neutron-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/neutron/neutron-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.neutron.password="$(kubectl --namespace openstack get secret neutron-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.nova.password="$(kubectl --namespace openstack get secret nova-admin -o jsonpath='{.data.password}' | base64 -d)" \ @@ -74,13 +74,13 @@ helm upgrade --install neutron ./neutron \ --set conf.neutron.ovn.ovn_sb_connection="tcp:$(kubectl --namespace kube-system get service ovn-sb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ --set conf.plugins.ml2_conf.ovn.ovn_nb_connection="tcp:$(kubectl --namespace kube-system get service ovn-nb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ --set conf.plugins.ml2_conf.ovn.ovn_sb_connection="tcp:$(kubectl --namespace kube-system get service ovn-sb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args neutron/base & helm upgrade --install nova ./nova \ --namespace=openstack \ --timeout 120m \ - -f /opt/genestack/helm-configs/nova/nova-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/nova/nova-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.nova.password="$(kubectl --namespace openstack get secret nova-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.neutron.password="$(kubectl --namespace openstack get secret neutron-admin -o jsonpath='{.data.password}' | base64 -d)" \ @@ -95,26 +95,26 @@ helm upgrade --install nova ./nova \ --set endpoints.oslo_db_cell0.auth.nova.password="$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.admin.password="$(kubectl --namespace openstack get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_messaging.auth.nova.password="$(kubectl --namespace openstack get secret nova-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args nova/base & helm upgrade --install placement ./placement --namespace=openstack \ --namespace=openstack \ --timeout 120m \ - -f /opt/genestack/helm-configs/placement/placement-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/placement/placement-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.placement.password="$(kubectl --namespace openstack get secret placement-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ --set endpoints.oslo_db.auth.placement.password="$(kubectl --namespace openstack get secret placement-db-password -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db.auth.nova_api.password="$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args placement/base & helm upgrade --install octavia ./octavia \ --namespace=openstack \ --wait \ --timeout 120m \ - -f /opt/genestack/helm-configs/octavia/octavia-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/octavia/octavia-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.identity.auth.octavia.password="$(kubectl --namespace openstack get secret octavia-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ @@ -124,17 +124,17 @@ helm upgrade --install octavia ./octavia \ --set conf.octavia.certificates.ca_private_key_passphrase="$(kubectl --namespace openstack get secret octavia-certificates -o jsonpath='{.data.password}' | base64 -d)" \ --set conf.octavia.ovn.ovn_nb_connection="tcp:$(kubectl --namespace kube-system get service ovn-nb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ --set conf.octavia.ovn.ovn_sb_connection="tcp:$(kubectl --namespace kube-system get service ovn-sb -o jsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args octavia/base & helm upgrade --install horizon ./horizon \ --namespace=openstack \ --wait \ --timeout 120m \ - -f /opt/genestack/helm-configs/horizon/horizon-helm-overrides.yaml \ + -f /etc/genestack/helm-configs/horizon/horizon-helm-overrides.yaml \ --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ --set conf.horizon.local_settings.config.horizon_secret_key="$(kubectl --namespace openstack get secret horizon-secrete-key -o jsonpath='{.data.root-password}' | base64 -d)" \ --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \ --set endpoints.oslo_db.auth.horizon.password="$(kubectl --namespace openstack get secret horizon-db-password -o jsonpath='{.data.password}' | base64 -d)" \ - --post-renderer /opt/genestack/kustomize/kustomize.sh \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ --post-renderer-args horizon/base &