--- /dev/null
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may #
+# not use this file except in compliance with the License. #
+# #
+# You may obtain a copy of the License at #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+##############################################################################
+# This file defines a boot action for MaaS to deploy the calico-ip-rules script
+# to nodes, register with systemd, and runs the script on all PXE booted nodes.
+# On the genesis node, this is a manual step detailed in deployment documentation.
+
+# NOTE: This is a copy from `aic-clcp-manifests/type/cruiser/v4.0/`, because
+# this is an upstream manifest based on airship-treasuremap, which does not
+# have bgp VIP configuration scripts.
+schema: 'drydock/BootAction/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: calico-ip-rules
+ storagePolicy: 'cleartext'
+ layeringDefinition:
+ abstract: false
+ layer: site
+ labels:
+ application: 'drydock'
+ substitutions:
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .calico.ip_rule.gateway
+ dest:
+ path: .assets[0].data
+ pattern: DH_SUB_GATEWAY_IP
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .kubernetes.pod_cidr
+ dest:
+ path: .assets[0].data
+ pattern: DH_SUB_POD_CIDR
+ - src:
+ schema: pegleg/CommonAddresses/v1
+ name: common-addresses
+ path: .calico.bgp.ipv4.public_service_cidr
+ dest:
+ path: .assets[0].data
+ pattern: DH_SUB_INGRESS_CIDR
+ # Substitution of the configure-ip-rules script into this bootaction
+ - src:
+ schema: pegleg/Script/v1
+ name: configure-ip-rules
+ path: .
+ dest:
+ path: .assets[1].data
+data:
+ signaling: false
+ assets:
+ - path: /etc/systemd/system/configure-ip-rules.service
+ type: unit
+ permissions: '444'
+ data: |-
+ [Unit]
+ Description=IP Rules Initialization Service
+ After=network-online.target local-fs.target
+ [Service]
+ Type=simple
+ ExecStart=/opt/configure-ip-rules.sh -g DH_SUB_GATEWAY_IP -c DH_SUB_POD_CIDR -s DH_SUB_INGRESS_CIDR
+ [Install]
+ WantedBy=multi-user.target
+ data_pipeline:
+ - utf8_decode
+ - path: /opt/configure-ip-rules.sh
+ type: file
+ permissions: '700'
+ data_pipeline:
+ - utf8_decode
+...