Initial move of code from ATT to LF repo
authorEby, Robert (re2429) <re2429@att.com>
Fri, 29 Jun 2018 21:30:53 +0000 (17:30 -0400)
committerEby, Robert (re2429) <re2429@att.com>
Fri, 29 Jun 2018 21:30:53 +0000 (17:30 -0400)
Signed-off-by: Eby, Robert (re2429) <re2429@att.com>
142 files changed:
README.md [new file with mode: 0644]
akraino_castaway.yaml [new file with mode: 0644]
dellgen10.yaml [new file with mode: 0644]
scripts/jcopy.py [new file with mode: 0755]
scripts/jcopy3.py [new file with mode: 0755]
site/site30/baremetal/calico-ip-rules.yaml [new file with mode: 0644]
site/site30/baremetal/promjoin.yaml [new file with mode: 0644]
site/site30/baremetal/rack.yaml [new file with mode: 0644]
site/site30/deployment/deployment-configuration.yaml [new file with mode: 0644]
site/site30/networks/common-addresses.yaml [new file with mode: 0644]
site/site30/networks/physical/rack.yaml [new file with mode: 0644]
site/site30/pki/pki-catalog.yaml [new file with mode: 0644]
site/site30/profiles/genesis.yaml [new file with mode: 0644]
site/site30/profiles/host/compute-r01.yaml [new file with mode: 0644]
site/site30/profiles/host/cp-r01.yaml [new file with mode: 0644]
site/site30/profiles/region.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/ceph_fsid.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/ceph_swift_keystone_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/ipmi_admin_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/maas_region_secret.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_barbican_oslo_db_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_barbican_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_cinder_oslo_db_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_cinder_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_glance_oslo_db_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_glance_oslo_messaging_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_glance_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_heat_oslo_db_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_heat_oslo_messaging_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_heat_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_heat_stack_user_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_heat_trustee_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_horizon_oslo_db_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_infra_addons_jenkins_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_infra_grafana_admin_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_infra_kibana_admin_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_infra_nagios_admin_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_infra_openstack_exporter_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_keystone_admin_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_keystone_ldap_mechid_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_keystone_oslo_db_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_neutron_oslo_db_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_neutron_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_nova_oslo_db_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_nova_oslo_messaging_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_nova_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_oslo_cache_secret_key.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_oslo_db_admin_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/osh_placement_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/ucp_airflow_postgres_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/ucp_armada_keystone_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/ucp_barbican_keystone_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/ucp_barbican_oslo_db_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/ucp_deckhand_keystone_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/ucp_deckhand_postgres_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/ucp_drydock_keystone_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/ucp_drydock_postgres_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/ucp_keystone_admin_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/ucp_keystone_oslo_db_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/ucp_maas_admin_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/ucp_maas_postgres_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/ucp_oslo_db_admin_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/ucp_oslo_messaging_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/ucp_postgres_admin_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/ucp_promenade_keystone_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/ucp_shipyard_keystone_password.yaml [new file with mode: 0644]
site/site30/secrets/passphrases/ucp_shipyard_postgres_password.yaml [new file with mode: 0644]
site/site30/secrets/publickey/localadmin_ssh_public_key.yaml [new file with mode: 0644]
site/site30/site-definition.yaml [new file with mode: 0644]
site/site30/software/charts/kubernetes/container-networking/calico.yaml [new file with mode: 0644]
site/site30/software/charts/kubernetes/container-networking/etcd.yaml [new file with mode: 0644]
site/site30/software/charts/kubernetes/dns/coredns.yaml [new file with mode: 0644]
site/site30/software/charts/kubernetes/etcd/etcd.yaml [new file with mode: 0644]
site/site30/software/charts/kubernetes/ingress/ingress.yaml [new file with mode: 0644]
site/site30/software/charts/osh/openstack-compute-kit/neutron.yaml [new file with mode: 0644]
site/site30/software/charts/osh/openstack-compute-kit/nova.yaml [new file with mode: 0644]
site/site30/software/charts/ucp/ceph/ceph-update.yaml [new file with mode: 0644]
site/site30/software/charts/ucp/ceph/ceph.yaml [new file with mode: 0644]
site/site30/software/charts/ucp/divingbell/divingbell.yaml [new file with mode: 0644]
site/site30/software/charts/ucp/drydock/maas.yaml [new file with mode: 0644]
site/site30/software/charts/ucp/promenade/promenade.yaml [new file with mode: 0644]
site/site30/software/config/common-software-config.yaml [new file with mode: 0644]
site/site30/software/config/endpoints.yaml [new file with mode: 0644]
site/site30/software/config/service_accounts.yaml [new file with mode: 0644]
site/site30/software/manifests/full-site.yaml [new file with mode: 0644]
site30.yaml [new file with mode: 0644]
site80.yaml [new file with mode: 0644]
templates/aic-clcp-manifests/baremetal/bootaction.j2 [new file with mode: 0644]
templates/aic-clcp-manifests/baremetal/rack.j2 [new file with mode: 0644]
templates/aic-clcp-manifests/networks/common-addresses.j2 [new file with mode: 0644]
templates/aic-clcp-manifests/networks/physical/rack.j2 [new file with mode: 0644]
templates/aic-clcp-manifests/pki/pki-catalog.j2 [new file with mode: 0644]
templates/aic-clcp-manifests/profiles/hardware/generic.j2 [new file with mode: 0644]
templates/aic-clcp-manifests/profiles/host/mycontrolplane_hp.j2 [new file with mode: 0644]
templates/aic-clcp-manifests/profiles/region.j2 [new file with mode: 0644]
templates/aic-clcp-manifests/secrets/passphrases/ipmi_admin_password.j2 [new file with mode: 0644]
templates/aic-clcp-manifests/secrets/publickey/localadmin_ssh_public_key.j2 [new file with mode: 0644]
templates/aic-clcp-manifests/site-definition.j2 [new file with mode: 0644]
templates/aic-clcp-manifests/software/charts/kubernetes/container-networking/calico.j2 [new file with mode: 0644]
templates/aic-clcp-manifests/software/charts/kubernetes/container-networking/etcd.j2 [new file with mode: 0644]
templates/aic-clcp-manifests/software/charts/kubernetes/etcd/etcd.j2 [new file with mode: 0644]
templates/aic-clcp-manifests/software/charts/kubernetes/ingress/ingress.j2 [new file with mode: 0644]
templates/aic-clcp-manifests/software/charts/osh/openstack-compute-kit/neutron.j2 [new file with mode: 0644]
templates/aic-clcp-manifests/software/charts/osh/openstack-compute-kit/nova.j2 [new file with mode: 0644]
templates/aic-clcp-manifests/software/charts/ucp/ceph/ceph-update.j2 [new file with mode: 0644]
templates/aic-clcp-manifests/software/charts/ucp/ceph/ceph.j2 [new file with mode: 0644]
templates/aic-clcp-manifests/software/charts/ucp/ceph/promenade/promenade.j2 [new file with mode: 0644]
templates/aic-clcp-security-manifests/secrets/passphrases/ipmi_admin_password.j2 [new file with mode: 0644]
templates/aic-clcp-security-manifests/site-definition.j2 [new file with mode: 0644]
templates/yaml_builds/set_site_env.sh [new file with mode: 0644]
tools/0cleanup.sh [new file with mode: 0755]
tools/1prom-gen.sh [new file with mode: 0755]
tools/2genesis.sh [new file with mode: 0644]
tools/3deploy_site.sh [new file with mode: 0644]
tools/calicoctl.sh [new file with mode: 0644]
tools/deploy_site.sh [new file with mode: 0755]
tools/generate_yamls.sh [new file with mode: 0644]
tools/setenv.sh [new file with mode: 0644]
tools/single_step_deploy.sh [new file with mode: 0644]

diff --git a/README.md b/README.md
new file mode 100644 (file)
index 0000000..fdd4beb
--- /dev/null
+++ b/README.md
@@ -0,0 +1,86 @@
+# Acraino Edge Stack
+..............................................................................
+. Copyright © 2018 AT&T Intellectual Property. All rights reserved          .
+.                                                                            .
+. Licensed under the Apache License, Version 2.0 (the "License"); you may    .
+. not use this file except in compliance with the License.                   .
+.                                                                            .
+. You may obtain a copy of the License at                                    .
+.       http://www.apache.org/licenses/LICENSE-2.0                           .
+.                                                                            .
+. Unless required by applicable law or agreed to in writing, software        .
+. distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  .
+. WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           .
+. See the License for the specific language governing permissions and        .
+. limitations under the License.                                             .
+..............................................................................
+
+
+This document explains how to automatically deploy the edge sites from the regional server command line.
+
+This document can be consumed by Camunda developer to expose RESTful APIs that internally invoke commands provided in this document.
+
+### Manual Steps
+The goal of the this project is to deploy edge site with no manual interaction but as we are in the process of achieving that, at this point of time we will still need some manual interactions.
+
+All the manual interactions requested are documented here. In future we automate each of the following and this complete section will be removed.
+ * python should be installed already
+ * jinja2 PyYAML python packages should be available
+ * git clone yaml_build project to your favorite location ( say **/opt/**).
+~~~
+$ git clone http://gerrit.att-akraino.org/yaml_builds.git
+~~~
+ * export YAML_BUILDS=<<absolute path of yaml_builds>> created is previous step.
+ * aic-clcp-manifests should be installed as explained here https://codecloud.web.att.com/projects/ST_CCP/repos/aic-clcp-manifests/browse/docs/source/deployment_blueprint.md
+ * export AIC_CLCP_MANIFESTS
+ * As per aic-clcp-manifests documents copy all required files to new <<site_name>>
+
+      This will copy a bunch of .yaml files to $AIC_CLCP_MANIFESTS/sites/<<site_name>>
+
+  * aic-clcp-security-manifests should be installed as explained here https://codecloud.web.att.com/projects/ST_CCP/repos/aic-clcp-manifests/browse/docs/source/deployment_blueprint.md
+  * export AIC_CLCP_SECURITY_MANIFESTS
+   As per aic-clcp-manifests documents copy all required files to new <<site_name>>
+
+     This will copy a bunch of .yaml files to $AIC_CLCP_MANIFESTS/sites/<<site_name>>
+
+ * Manually verifying the generated .yaml files as explained in 1.1 Manually verifying the .YAMLs
+ * Using following commands ssh and scp should be happen from regional servers to genesis host without asking any username/passwords
+~~~
+ssh-keygen; ssh-copy-id your-host
+~~~
+
+ ### 1. Generating YAML files
+ To bring up a edge site we need to pass a bunch of configurations as form of .yaml documents. Manually documenting these documents is tedious process so we tried to automate all .yaml files that needs modification.
+ ~~~
+ $ sh $YAML_BUILDS/tools/generate_yamls.sh <<site_name>>
+ ~~~
+
+ Based on the input site name it picks the master input .yaml for that site and generates 23 .yaml files to $AIC_CLCP_MANIFESTS/sites/<<site_name>>
+
+##### 1.1 Manually verifying the .YAMLs
+ At the point of writing this document we took effort to automatically generate all the required .yamls but we are just 80% finished on this. So some manual verification required here to validate the generated documents.
+
+### 2. Creating a .tar files
+At this step we generate .tar file required to bring up the Genesis node.
+
+~~~
+$ sh $YAML_BUILDS/tools/1prom-gen.sh  <<site_name>>
+~~~
+
+### 3. Bring up the Genesis node
+At this step we transfer the .tar file generated in previous step to genesis node, untars it and executes the genesis.sh available in it.
+~~~
+$ sh $YAML_BUILDS/tools/2genesis.sh <<site_name>>
+~~~
+This process takes around 4 hours to complete. Meanwhile use the following command to find out the status. On genesis node it installs kubernetes cluster, UCP (Under Cloud flatform)/Airship and Ceph.
+~~~
+$ kubectl get pods --all-namespaces
+~~~
+
+### 4. Deploy the edge site
+At this step it brings other server into the control of Genesis, installs the OS on server using PXE booting, and Required OpenStack components.
+~~~
+$ sh $YAML_BUILDS/tools/3deploy_site.sh <<site_name>>
+~~~
+
+Akraino Team
diff --git a/akraino_castaway.yaml b/akraino_castaway.yaml
new file mode 100644 (file)
index 0000000..4de7805
--- /dev/null
@@ -0,0 +1,294 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+site_name: akraino
+ipmi_admin_password: Admin123
+networks:
+  bonded: yes
+  primary: bond0
+  slaves:
+    - name: ens4f0
+    - name: end4f1
+  oob:
+    vlan: 40
+    interface: bond0.40
+    cidr: 192.168.41.0/24
+    routes:
+      gateway: 192.168.41.1
+    ranges:
+      static:
+        start: 192.168.41.1
+        end: 192.168.41.254
+  host:
+    vlan: 41
+    interface: bond0.41
+    cidr: 192.168.2.0/24
+    ranges:
+      static:
+        start: 192.168.2.2
+        end: 192.168.2.254
+  storage:
+    vlan: 42
+    interface: bond0.42
+    cidr: 172.31.1.0/24
+    ranges:
+      static:
+        start: 172.31.1.2
+        end: 172.31.1.254
+  pxe:
+    vlan: 43
+    interface: eno1
+    cidr: 172.30.1.0/24
+    ranges:
+      static:
+        start: 172.30.1.11
+        end: 172.30.1.200
+  ksn:
+    vlan: 44
+    interface: bond0.44
+    cidr: 172.29.1.0/24
+    ranges:
+      static:
+        start: 172.29.1.5
+        end: 172.29.1.254
+    peers:
+    - ip: 172.29.1.3
+    - ip: 172.29.1.4
+  neutron:
+    vlan: 45
+    interface: bond0.45
+    cidr: 10.0.101.0/24
+    ranges:
+      static:
+        start: 10.0.101.2
+        end: 10.0.101.254
+sriovnets:
+  - physical: sriovnet1
+    interface: ens6f0
+    vlan_start: 100
+    vlan_end: 4000
+    whitelists:
+    - "address": "0000:af:02.0"
+    - "address": "0000:af:02.1"
+    - "address": "0000:af:03.2"
+    - "address": "0000:af:03.3"
+    - "address": "0000:af:03.4"
+    - "address": "0000:af:03.5"
+    - "address": "0000:af:03.6"
+    - "address": "0000:af:03.7"
+    - "address": "0000:af:04.0"
+    - "address": "0000:af:04.1"
+    - "address": "0000:af:04.2"
+    - "address": "0000:af:04.3"
+    - "address": "0000:af:02.2"
+    - "address": "0000:af:04.4"
+    - "address": "0000:af:04.5"
+    - "address": "0000:af:04.6"
+    - "address": "0000:af:04.7"
+    - "address": "0000:af:05.0"
+    - "address": "0000:af:05.1"
+    - "address": "0000:af:05.2"
+    - "address": "0000:af:05.3"
+    - "address": "0000:af:05.4"
+    - "address": "0000:af:05.5"
+    - "address": "0000:af:02.3"
+    - "address": "0000:af:05.6"
+    - "address": "0000:af:05.7"
+    - "address": "0000:af:02.4"
+    - "address": "0000:af:02.5"
+    - "address": "0000:af:02.6"
+    - "address": "0000:af:02.7"
+    - "address": "0000:af:03.0"
+    - "address": "0000:af:03.1"
+  - physical: sriovnet2
+    interface: ens6f1
+    vlan_start: 100
+    vlan_end: 4000
+    whitelists:
+    - "address": "0000:af:0a.0"
+    - "address": "0000:af:0a.1"
+    - "address": "0000:af:0b.2"
+    - "address": "0000:af:0b.3"
+    - "address": "0000:af:0b.4"
+    - "address": "0000:af:0b.5"
+    - "address": "0000:af:0b.6"
+    - "address": "0000:af:0b.7"
+    - "address": "0000:af:0c.0"
+    - "address": "0000:af:0c.1"
+    - "address": "0000:af:0c.2"
+    - "address": "0000:af:0c.3"
+    - "address": "0000:af:0a.2"
+    - "address": "0000:af:0c.4"
+    - "address": "0000:af:0c.5"
+    - "address": "0000:af:0c.6"
+    - "address": "0000:af:0c.7"
+    - "address": "0000:af:0d.0"
+    - "address": "0000:af:0d.1"
+    - "address": "0000:af:0d.2"
+    - "address": "0000:af:0d.3"
+    - "address": "0000:af:0d.4"
+    - "address": "0000:af:0d.5"
+    - "address": "0000:af:0a.3"
+    - "address": "0000:af:0d.6"
+    - "address": "0000:af:0d.7"
+    - "address": "0000:af:0a.4"
+    - "address": "0000:af:0a.5"
+    - "address": "0000:af:0a.6"
+    - "address": "0000:af:0a.7"
+    - "address": "0000:af:0b.0"
+    - "address": "0000:af:0b.1"
+storage:
+  osds:
+    - data: /dev/sdb
+      journal: /var/lib/openstack-helm/ceph/journal0/osd/journal-sdb
+    - data: /dev/sdc
+      journal: /var/lib/openstack-helm/ceph/journal0/osd/journal-sdc
+    - data: /dev/sdd
+      journal: /var/lib/openstack-helm/ceph/journal0/osd/journal-sdd
+    - data: /dev/sde
+      journal: /var/lib/openstack-helm/ceph/journal0/osd/journal-sde
+    - data: /dev/sdf
+      journal: /var/lib/openstack-helm/ceph/journal1/osd/journal-sdf
+    - data: /dev/sdg
+      journal: /var/lib/openstack-helm/ceph/journal1/osd/journal-sdg
+    - data: /dev/sdh
+      journal: /var/lib/openstack-helm/ceph/journal1/osd/journal-sdh
+    - data: /dev/sdi
+      journal: /var/lib/openstack-helm/ceph/journal1/osd/journal-sdi
+    - data: /dev/sdj
+      journal: /var/lib/openstack-helm/ceph/journal1/osd/journal-sdj
+  osd_count: 9
+genesis:
+  name: csonjrsv30
+  oob: 192.168.41.30
+  host: 192.168.2.30
+  storage: 172.31.1.30
+  pxe: 172.30.1.30
+  ksn: 172.29.1.30
+  neutron: 10.0.101.30
+masters:
+  - name : csonjrsv31
+  - name : csonjrsv32
+  - name : csonjrsv33
+workers:
+  - name : csonjrsv34
+  - name : csonjrsv35
+servers:
+  - name : csonjrsv31
+    oob: 192.168.41.31
+    host: 192.168.2.31
+    storage: 172.31.1.31
+    pxe: 172.30.1.31
+    ksn: 172.29.1.31
+    neutron: 10.0.101.31
+  - name : csonjrsv32
+    oob: 192.168.41.32
+    host: 192.168.2.32
+    storage: 172.31.1.32
+    pxe: 172.30.1.32
+    ksn: 172.29.1.32
+    neutron: 10.0.101.32
+  - name : csonjrsv33
+    oob: 192.168.41.33
+    host: 192.168.2.33
+    storage: 172.31.1.33
+    pxe: 172.30.1.33
+    ksn: 172.29.1.33
+    neutron: 10.0.101.33
+  - name : csonjrsv34
+    oob: 192.168.41.34
+    host: 192.168.2.34
+    storage: 172.31.1.34
+    pxe: 172.30.1.34
+    ksn: 172.29.1.34
+    neutron: 10.0.101.34
+  - name : csonjrsv35
+    oob: 192.168.41.35
+    host: 192.168.2.35
+    storage: 172.31.1.35
+    pxe: 172.30.1.35
+    ksn: 172.29.1.35
+    neutron: 10.0.101.35
+hardware:
+  vendor: HPE
+  generation: '10'
+  hw_version: ''
+  bios_version: 'U30'
+disks:
+  - name : sdb
+    partitions:
+      - name: root
+        size: 200g
+        mountpoint: /
+      - name: boot
+        size: 20g
+        mountpoint: /boot
+      - name: var
+        size: 200g
+        mountpoint: /var
+  - name : sdc
+    partitions:
+      - name: cephj0
+        size: 300g
+        mountpoint: /var/lib/openstack-helm/ceph/journal0
+  - name : sdd
+    partitions:
+      - name: cephj1
+        size: 300g
+        mountpoint: /var/lib/openstack-helm/ceph/journal1
+  - name : sde
+    partitions:
+      - name: cephj2
+        size: 300g
+        mountpoint: /var/lib/openstack-helm/ceph/journal2
+  - name : sdf
+    partitions:
+      - name: cephj3
+        size: 300g
+        mountpoint: /var/lib/openstack-helm/ceph/journal3
+  - name : sdg
+    partitions:
+      - name: cephj4
+        size: 300g
+        mountpoint: /var/lib/openstack-helm/ceph/journal4
+  - name : sdh
+    partitions:
+      - name: cephj5
+        size: 300g
+        mountpoint: /var/lib/openstack-helm/ceph/journal5
+  - name : sdi
+    partitions:
+      - name: cephj6
+        size: 300g
+        mountpoint: /var/lib/openstack-helm/ceph/journal6
+  - name : sdj
+    partitions:
+      - name: cephj7
+        size: 300g
+        mountpoint: /var/lib/openstack-helm/ceph/journal7
+  - name : sdk
+    partitions:
+      - name: cephj8
+        size: 300g
+        mountpoint: /var/lib/openstack-helm/ceph/journal8
+genesis_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDO5oCPyXiGlRr931oQBESpseGRh7Cf+xWXgH0q90ogjLyW1aS3ZUGCwjN/KWLKx/rE1j7YMDK2VUaFvZY+4ePmnTao7qFBaoUVOakI+35IsfwWWzMC7kxXSgna4iKf8NAwS4hFLzj3Kt1kAdmXw3bJCLN8DTaaDvBC+lxn3FueNwyQDsSjaKW1x2OfybZToq2/PPl9yeK4s2o6l60ChgE/pY1v01AzpkgJcJEHF0YXZnti3xurggV9SIZv1XvqhOy+P50EuljqQtysH7zczZ7gc9HbV71W6k8Ng++7vYyWAWt2HKNl+FDtVCYXjHZJOKNMN9qrJAxAb1ur/DPXwwgl root@csoaiclab01-85"
+kubernetes:
+  api_service_ip: 10.96.0.1
+  etcd_service_ip: 10.96.0.2
+  pod_cidr: 10.97.0.0/16
+  service_cidr: 10.96.0.0/16
+...
diff --git a/dellgen10.yaml b/dellgen10.yaml
new file mode 100644 (file)
index 0000000..d5f0415
--- /dev/null
@@ -0,0 +1,283 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+site_name: dell_akraino
+ipmi_admin_password: calvin
+networks:
+  bonded: yes
+  primary: bond0
+  slaves:
+    - name: enp135s0f0
+    - name: enp135s0f1
+  oob:
+    vlan: 40
+    interface: 
+    cidr: 192.168.41.0/24
+    routes:
+      gateway: 192.168.41.1
+    ranges:
+      reserved:
+        start: 192.168.41.2
+        end: 192.168.41.4
+      static:
+        start: 192.168.41.5
+        end: 192.168.41.254
+  host:
+    vlan: 41   
+    interface: bond0.41
+    cidr: 192.168.2.0/24
+    routes:
+       gateway: 192.168.2.85
+    ranges:
+      reserved:
+        start: 192.168.2.84
+        end: 192.168.2.86
+      static:
+        start: 192.168.2.1
+        end: 192.168.2.83
+  storage:
+    vlan: 42
+    interface: bond0.42
+    cidr: 172.31.2.0/24
+    ranges:
+      reserved:
+        start: 172.31.2.1
+        end: 172.31.2.10
+      static:
+        start: 172.31.2.11
+        end: 172.31.2.254
+  pxe:
+    vlan: 43
+    interface: eno3
+    cidr: 172.30.2.0/24
+    gateway: 172.30.2.1
+    ranges:
+      reserved:
+        start: 172.30.2.2
+        end:  172.30.2.10
+      static:
+        start: 172.30.2.11
+        end: 172.30.2.200
+      dhcp:
+        start: 172.30.2.201
+        end: 172.30.2.254
+  ksn:
+    vlan: 44
+    interface: bond0.44
+    cidr: 172.29.1.0/24
+    local_asnumber: 65531
+    ranges:
+      static:
+        start: 172.29.1.5
+        end: 172.29.1.254
+    additional_cidrs:
+      -  172.29.1.128/29
+    ingress_cidr: 172.29.1.129/32
+    peers:
+    - ip: 172.29.1.1
+      scope: global
+      asnumber: 65001
+    vrrp_ip: 172.29.1.1 # keep peers ip address in case of only peer.
+  neutron:
+    vlan: 45
+    interface: bond0.45
+    cidr: 10.0.102.0/24
+    ranges:
+      reserved:
+        start: 10.0.102.1
+        end: 10.0.102.10
+      static:
+        start: 10.0.102.11
+        end: 10.0.102.254
+sriovnets:
+- physical: sriovnet1
+  interface: enp135s0f
+  vlan_start: 100
+  vlan_end: 4000
+  whitelists:
+      "0000:87:02.0":  "enp135s2"
+      "0000:87:02.1":  "enp135s2f1"
+      "0000:87:03.2":  "enp135s3f2"
+      "0000:87:03.3":  "enp135s3f3"
+      "0000:87:03.4":  "enp135s3f4"
+      "0000:87:03.5":  "enp135s3f5"
+      "0000:87:03.6":  "enp135s3f6"
+      "0000:87:03.7":  "enp135s3f7"
+      "0000:87:04.0":  "enp135s4"
+      "0000:87:04.1":  "enp135s4f1"
+      "0000:87:04.2":  "enp135s4f2"
+      "0000:87:04.3":  "enp135s4f3"
+      "0000:87:02.2":  "enp135s2f2"
+      "0000:87:04.4":  "enp135s4f4"
+      "0000:87:04.5":  "enp135s4f5"
+      "0000:87:04.6":  "enp135s4f6"
+      "0000:87:04.7":  "enp135s4f7"
+      "0000:87:05.0":  "enp135s5"
+      "0000:87:05.1":  "enp135s5f1"
+      "0000:87:05.2":  "enp135s5f2"
+      "0000:87:05.3":  "enp135s5f3"
+      "0000:87:05.4":  "enp135s5f4"
+      "0000:87:05.5":  "enp135s5f5"
+      "0000:87:02.3":  "enp135s2f3"
+      "0000:87:05.6":  "enp135s5f6"
+      "0000:87:05.7":  "enp135s5f7"
+      "0000:87:02.4":  "enp135s2f4"
+      "0000:87:02.5":  "enp135s2f5"
+      "0000:87:02.6":  "enp135s2f6"
+      "0000:87:02.7":  "enp135s2f7"
+      "0000:87:03.0":  "enp135s3"
+      "0000:87:03.1":  "enp135s3f1"
+
+- physical: sriovnet2
+  interface: enp135s0f1
+  vlan_start: 100
+  vlan_end: 4000
+  whitelists:
+     "0000:87:0a.0":  "enp135s10i"
+     "0000:87:0a.1":  "enp135s10f1"
+     "0000:87:0b.2":  "enp135s11f2"
+     "0000:87:0b.3":  "enp135s11f3"
+     "0000:87:0b.4":  "enp135s11f4"
+     "0000:87:0b.5":  "enp135s11f5"
+     "0000:87:0b.6":  "enp135s11f6"
+     "0000:87:0b.7":  "enp135s11f7"
+     "0000:87:0c.0":  "enp135s12"
+     "0000:87:0c.1":  "enp135s12f1"
+     "0000:87:0c.2":  "enp135s12f2"
+     "0000:87:0c.3":  "enp135s12f3"
+     "0000:87:0a.2":  "enp135s10f2"
+     "0000:87:0c.4":  "enp135s12f4"
+     "0000:87:0c.5":  "enp135s12f5"
+     "0000:87:0c.6":  "enp135s12f6"
+     "0000:87:0c.7":  "enp135s12f7"
+     "0000:87:0d.0":  "enp135s13"
+     "0000:87:0d.1":  "enp135s13f1"
+     "0000:87:0d.2":  "enp135s13f2"
+     "0000:87:0d.3":  "enp135s13f3"
+     "0000:87:0d.4":  "enp135s13f4"
+     "0000:87:0d.5":  "enp135s13f5"
+     "0000:87:0a.3":  "enp135s10f3"
+     "0000:87:0d.6":  "enp135s13f6"
+     "0000:87:0d.7":  "enp135s13f7"
+     "0000:87:0a.4":  "enp135s10f4"
+     "0000:87:0a.5":  "enp135s10f5"
+     "0000:87:0a.6":  "enp135s10f6"
+     "0000:87:0a.7":  "enp135s10f7"
+     "0000:87:0b.0":  "enp135s11"
+     "0000:87:0b.1":  "enp135s11f1"
+storage:
+  osds:
+    - data: /dev/sdb
+      journal: /var/lib/openstack-helm/ceph/journal0/osd/journal-sdb
+    - data: /dev/sdc
+      journal: /var/lib/openstack-helm/ceph/journal1/osd/journal-sdc
+    - data: /dev/sdd
+      journal: /var/lib/openstack-helm/ceph/journal0/osd/journal-sdd
+    - data: /dev/sde
+      journal: /var/lib/openstack-helm/ceph/journal1/osd/journal-sde
+    - data: /dev/sdf
+      journal: /var/lib/openstack-helm/ceph/journal0/osd/journal-sdf
+    - data: /dev/sdg
+      journal: /var/lib/openstack-helm/ceph/journal1/osd/journal-sdg
+    - data: /dev/sdg
+      journal: /var/lib/openstack-helm/ceph/journal0/osd/journal-sdh
+    - data: /dev/sdi
+      journal: /var/lib/openstack-helm/ceph/journal1/osd/journal-sdi
+    - data: /dev/sdk
+      journal: /var/lib/openstack-helm/ceph/journal0/osd/journal-sdk
+  osd_count: 9
+genesis:
+  name: csonjrsv40
+  oob: 192.168.41.40
+  host: 192.168.2.40
+  storage: 172.31.2.40
+  pxe: 172.30.2.40
+  ksn: 172.29.1.40
+  neutron: 10.0.102.40
+masters:
+  - name : csonjrsv41
+  - name : csonjrsv42
+workers:
+  - name : csonjrsv43
+  - name : csonjrsv44
+servers:
+  - name : csonjrsv41
+    oob: 192.168.41.41
+    host: 192.168.2.41
+    storage: 172.31.2.41
+    pxe: 172.30.2.41
+    ksn: 172.29.1.41
+    neutron: 10.0.102.41
+  - name : csonjrsv42
+    oob: 192.168.41.42
+    host: 192.168.2.42
+    storage: 172.31.2.42
+    pxe: 172.30.2.42
+    ksn: 172.29.1.42
+    neutron: 10.0.102.42
+  - name : csonjrsv43
+    oob: 192.168.41.43
+    host: 192.168.2.43
+    storage: 172.31.2.43
+    pxe: 172.30.2.43
+    ksn: 172.29.1.43
+    neutron: 10.0.102.43
+  - name : csonjrsv44
+    oob: 192.168.41.44
+    host: 192.168.2.44
+    storage: 172.31.2.44
+    pxe: 172.30.2.44
+    ksn: 172.29.1.44
+    neutron: 10.0.102.44
+hardware:
+  vendor: DELL
+  generation: '10'
+  hw_version: '3'
+  bios_version: '2.8'
+disks:
+  - name : sdj
+    labels:
+      bootdrive: 'true'
+    partitions:
+      - name: root
+        size: 20g
+        mountpoint: /
+      - name: boot
+        size: 1g
+        mountpoint: /boot
+      - name: var
+        size: 100g
+        mountpoint: /var
+  - name : sdb
+    partitions:
+      - name: cephj0
+        size: 100g
+        mountpoint: /var/lib/openstack-helm/ceph/journal0
+  - name : sdc
+    partitions:
+      - name: cephj1
+        size: 100g
+        mountpoint: /var/lib/openstack-helm/ceph/journal1
+genesis_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/n4mNLAj3XKG2fcm+8eVe0NUlNH0g8DA8KJ53rSLKccm8gm4UgLmGOJyBfUloQZMuOpU6a+hexN4ECCliqI7+KUmgJgsvLkJ3OUMNTEVu9tDX5mdXeffsufaqFkAdmbJ/9PMPiPQ3/UqbbtyEcqoZAwUWf4ggAWSp00SGE1Okg+skPSbDzPVHb4810eXZT1yoIg29HAenJNNrsVxvnMT2kw2OYmLfxgEUh1Ev4c5LnUog4GXBDHQtHAwaIoTu9s/q8VIvGav62RJVFn3U1D0jkiwDLSIFn8ezORQ4YkSidwdSrtqsqa2TJ0E5w/n5h5IVGO9neY8YlXrgynLd4Y+7 root@pocnjrsv132"
+kubernetes:
+  api_service_ip: 10.96.0.1
+  etcd_service_ip: 10.96.0.2
+  pod_cidr: 10.98.0.0/16
+  service_cidr: 10.96.0.0/15
+regional_server:
+  ip: 135.16.101.85
+...
diff --git a/scripts/jcopy.py b/scripts/jcopy.py
new file mode 100755 (executable)
index 0000000..fb3f21e
--- /dev/null
@@ -0,0 +1,93 @@
+#!/usr/bin/python
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+#
+#  jcopy.py - Copy a file or files to a target directory, making
+#    substitutions as needed from the values contained in a YAML file.
+#
+#  usage: jcopy.py <yaml> <in_dir_or_file> <out_dir>
+#
+#  Note: jcopy.sh is for Python2, jcopy3.sh is for Python3
+#
+
+import os.path
+import jinja2
+import sys
+import yaml
+
+def expand_files(target_dir, dir_name, files):
+  global total
+  xlen = len(sys.argv[2])
+  targdir = target_dir + dir_name[xlen:]
+  if not os.path.exists(targdir):
+    os.makedirs(targdir)
+  env = jinja2.Environment()
+  env.trim_blocks = True
+  env.lstrip_blocks = True
+
+  for f in files:
+    if f.endswith(".j2"):
+      t = f.replace(".j2", ".yaml")
+      source_path = dir_name + '/' + f
+      target_path = targdir + '/' + t
+      if os.path.isfile(source_path):
+        with open(source_path) as fd:
+          template = env.from_string(fd.read())
+        data = template.render(yaml=yaml)
+        fd2 = open(target_path,'w')
+        fd2.write(data)
+        fd2.write("\n")
+        fd2.close()
+        print '{0} -> {1}'.format(source_path, target_path)
+        total += 1
+
+def expand_file(target_dir, file):
+  global total
+  if not os.path.exists(target_dir):
+    os.makedirs(target_dir)
+  env = jinja2.Environment()
+  env.trim_blocks = True
+  env.lstrip_blocks = True
+  with open(file) as fd:
+    template = env.from_string(fd.read())
+  data = template.render(yaml=yaml)
+  target_path = target_dir + '/' + os.path.basename(file)
+  fd2 = open(target_path,'w')
+  fd2.write(data)
+  fd2.write("\n")
+  fd2.close()
+  print '{0} -> {1}'.format(file, target_path)
+  total += 1
+
+if len(sys.argv) != 4:
+  print 'usage: jcopy.py <yaml> <in_dir_or_file> <out_dir>'
+  sys.exit(1)
+
+with open(sys.argv[1]) as f:
+  yaml = yaml.safe_load(f)
+
+total = 0
+if os.path.isfile(sys.argv[2]):
+  expand_file(sys.argv[3], sys.argv[2])
+else:
+  os.path.walk(sys.argv[2], expand_files, sys.argv[3])
+print '%d files processed.' % total
+sys.exit(0)
+
+# sudo python -m ensurepip --default-pip
+# sudo python -m pip install --upgrade pip setuptools wheel
+# pip install --user jinja2 PyYAML
diff --git a/scripts/jcopy3.py b/scripts/jcopy3.py
new file mode 100755 (executable)
index 0000000..4ce9249
--- /dev/null
@@ -0,0 +1,79 @@
+#!/usr/local/bin/python\r
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+#\r
+#  jcopy.py - Copy a file or files to a target directory, making\r
+#    substitutions as needed from the values contained in a YAML file.\r
+#\r
+#  usage: jcopy.py <yaml> <in_dir_or_file> <out_dir>\r
+#\r
+#  Note: jcopy.sh is for Python2, jcopy3.sh is for Python3\r
+#\r
+\r
+import os.path\r
+import jinja2\r
+import sys\r
+import yaml\r
+\r
+def expand_files(target_dir, dir_name, files):\r
+       global total\r
+       xlen = len(sys.argv[2])\r
+       targdir = target_dir + dir_name[xlen:]\r
+       if not os.path.exists(targdir):\r
+               os.makedirs(targdir)\r
+       env = jinja2.Environment()\r
+       for f in files:\r
+               source_path = dir_name + '/' + f\r
+               target_path = targdir + '/' + f\r
+               if os.path.isfile(source_path):\r
+                       with open(source_path) as fd:\r
+                               template = env.from_string(fd.read())\r
+                       data = template.render(yaml=yaml)\r
+                       fd2 = open(target_path,'w')\r
+                       fd2.write(data)\r
+                       fd2.close()\r
+                       total += 1\r
+\r
+def expand_file(target_dir, file):\r
+       global total\r
+       if not os.path.exists(target_dir):\r
+               os.makedirs(target_dir)\r
+       env = jinja2.Environment()\r
+       with open(file) as fd:\r
+               template = env.from_string(fd.read())\r
+       data = template.render(yaml=yaml)\r
+       target_path = target_dir + '/' + os.path.basename(file)\r
+       fd2 = open(target_path,'w')\r
+       fd2.write(data)\r
+       fd2.close()\r
+       total += 1\r
+\r
+if len(sys.argv) != 4:\r
+       print('usage: jcopy.py <yaml> <in_dir_or_file> <out_dir>')\r
+       sys.exit(1)\r
+\r
+with open(sys.argv[1]) as f:\r
+       yaml = yaml.safe_load(f)\r
+\r
+total = 0\r
+if os.path.isfile(sys.argv[2]):\r
+       expand_file(sys.argv[3], os.path.abspath(sys.argv[2]))\r
+else:\r
+       for root, dirs, files in os.walk(sys.argv[2]):\r
+               expand_files(sys.argv[3], root, files)\r
+print('%d files processed.' % total)\r
+sys.exit(0)\r
diff --git a/site/site30/baremetal/calico-ip-rules.yaml b/site/site30/baremetal/calico-ip-rules.yaml
new file mode 100644 (file)
index 0000000..1ad67ab
--- /dev/null
@@ -0,0 +1,164 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: 'drydock/BootAction/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: calico-ip-rules
+  storagePolicy: 'cleartext'
+  layeringDefinition:
+    abstract: false
+    layer: site
+  labels:
+    application: 'drydock'
+  substitutions:
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .kubernetes.pod_cidr
+      dest:
+        path: .assets[0].data
+        pattern: DH_SUB_POD_CIDR
+data:
+  signaling: false
+  assets:
+    - path: /etc/systemd/system/configure-ip-rules.service
+      type: unit
+      permissions: '444'
+      data: |-
+        [Unit]
+        Description=IP Rules Initialization Service
+        After=network-online.target local-fs.target
+
+        [Service]
+        Type=simple
+        #ExecStart=/opt/configure-ip-rules.sh -i bond1.2406 -c DH_SUB_POD_CIDR -o 10.34.0.0/15 -s 135.21.157.32/29
+        #ExecStart=/opt/configure-ip-rules.sh -i bond0.44 -c DH_SUB_POD_CIDR -o 10.99.0.0/16 -s 172.29.1.0/24
+        ExecStart=/opt/configure-ip-rules.sh -g 172.29.1.1 -c 10.99.0.0/16 -s 172.29.1.136/29
+
+
+
+        [Install]
+        WantedBy=multi-user.target
+      data_pipeline:
+        - utf8_decode
+    - path: /opt/configure-ip-rules.sh
+      type: file
+      permissions: '700'
+      data_pipeline:
+        - utf8_decode
+      data: |-
+        #!/bin/bash
+        set -ex
+
+        function usage() {
+            cat <<EOU
+        Options are:
+
+          -c POD_CIDR     The pod CIDR for the Kubernetes cluster, e.g. 10.97.0.0/16
+          -i INTERFACE    The interface for internal pod traffic, e.g. bond1.2006
+          -o OVERLAP_CIDR (optional) This CIDR will be routed via the VRRP IP on
+                          INTERFACE.  It is used to provide a work around when
+                          complete Calico routes cannot be received via BGP.
+                          e.g. 10.96.0.0/15.  NOTE: This must include the POD_CIDR.
+          -s SERVICE_CIDR (optional) A routable CIDR to configure for ingress, maas,
+                          e.g. 135.21.99.192/29
+        EOU
+        }
+
+        SERVICE_CIDR=
+        OVERLAP_CIDR=
+
+        while getopts ":c:hi:o:s:" o; do
+            case "${o}" in
+                c)
+                    POD_CIDR=${OPTARG}
+                    ;;
+                h)
+                    usage
+                    exit 0
+                    ;;
+                i)
+                    INTERFACE=${OPTARG}
+                    ;;
+                o)
+                    OVERLAP_CIDR=${OPTARG}
+                    ;;
+                s)
+                    SERVICE_CIDR=${OPTARG}
+                    ;;
+                \?)
+                    echo "Unknown option: -${OPTARG}" >&2
+                    exit 1
+                    ;;
+                :)
+                    echo "Missing argument for option: -${OPTARG}" >&2
+                    exit 1
+                    ;;
+                *)
+                    echo "Unimplemented option: -${OPTARG}" >&2
+                    exit 1
+                    ;;
+            esac
+        done
+        shift $((OPTIND-1))
+
+        if [ "x$POD_CIDR" == "x" ]; then
+            echo "Missing pod CIDR, e.g -c 10.97.0.0/16" >&2
+            usage
+            exit 1
+        fi
+
+        if [ "x$INTERFACE" == "x" ]; then
+            echo "Missing interface, e.g. -i bond1.2006" >&2
+            usage
+            exit 1
+        fi
+
+        while ! ip route list dev "${INTERFACE}" > /dev/null; do
+            echo Waiting for device "${INTERFACE}" to be ready. >&2
+            sleep 5
+        done
+
+        intra_vrrp_ip=$(ip route list dev "${INTERFACE}" | awk '($2~/via/){print $3}' | head -n 1)
+
+        TABLE="1500"
+
+        # Setup a routing table for traffic from service IPs
+        ip route flush table "${TABLE}"
+        ip route add default via "${intra_vrrp_ip}" table "${TABLE}"
+
+        if [ "x$OVERLAP_CIDR" != "x" ]; then
+            # NOTE(mb874d): This is a work-around for nodes not receiving complete
+            # routes via BGP.  It may also be required for brownfield large sites.
+            ip route add "${OVERLAP_CIDR}" via "${intra_vrrp_ip}"
+        fi
+
+        if [ "x$SERVICE_CIDR" != "x" ]; then
+            # Traffic from the service IPs to pods should use the pod network.
+            ip rule add \
+                from "${SERVICE_CIDR}" \
+                to "${POD_CIDR}" \
+                lookup main \
+                pref 10000
+            # Other traffic from service IPs should only use the VRRP IP
+            ip rule add \
+                from "${SERVICE_CIDR}" \
+                lookup "${TABLE}" \
+                pref 10100
+        fi
+...
diff --git a/site/site30/baremetal/promjoin.yaml b/site/site30/baremetal/promjoin.yaml
new file mode 100644 (file)
index 0000000..c2221d9
--- /dev/null
@@ -0,0 +1,63 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: 'drydock/BootAction/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: promjoin
+  storagePolicy: 'cleartext'
+  layeringDefinition:
+    abstract: false
+    layer: site
+  labels:
+    application: 'drydock'
+data:
+  signaling: false
+  node_filter:
+    filter_set_type: 'union'
+    filter_set:
+      - filter_type: 'union'
+        node_names:
+          - 'aknode31'
+          - 'aknode32'
+          - 'aknode33'
+          - 'aknode34'
+  # TODO(alanmeadows) move what is global about this document - everything except nodenames to global
+  assets:
+    - path: /opt/promjoin.sh
+      type: file
+      permissions: '555'
+      # TODO(alanmeadows) You must replace the ip= parameter below with the appropriate MaaS network name of the network
+      # you should use to contact kubernetes in the case below, this is cab24_mgmt
+      location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}&ip={{ node.network.calico.ip }}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %}
+      location_pipeline:
+#originally rack06_calico
+        - template
+      data_pipeline:
+        - utf8_decode
+    - path: /lib/systemd/system/promjoin.service
+      type: unit
+      permissions: '600'
+      data: |-
+        W1VuaXRdCkRlc2NyaXB0aW9uPVByb21lbmFkZSBJbml0aWFsaXphdGlvbiBTZXJ2aWNlCkFmdGVy
+        PW5ldHdvcmstb25saW5lLnRhcmdldCBsb2NhbC1mcy50YXJnZXQKQ29uZGl0aW9uUGF0aEV4aXN0
+        cz0hL3Zhci9saWIvcHJvbS5kb25lCgpbU2VydmljZV0KVHlwZT1zaW1wbGUKRXhlY1N0YXJ0PS9v
+        cHQvcHJvbWpvaW4uc2gKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldAo=
+      data_pipeline:
+        - base64_decode
+        - utf8_decode
+...
diff --git a/site/site30/baremetal/rack.yaml b/site/site30/baremetal/rack.yaml
new file mode 100644 (file)
index 0000000..3ca3cb1
--- /dev/null
@@ -0,0 +1,131 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: aknode31
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  host_profile: MyControlPlane_HP
+#/new/notused/aic-clcp-manifests/site/clcp-seaworthy/profiles/host/cp_rack.yaml
+  addressing:
+    - network: oob
+      address: 192.168.41.131
+    - network: pxe
+      address: 172.30.1.31
+    - network: oam
+      address: 192.168.2.31
+    - network: storage
+      address: 172.31.1.31
+    - network: overlay
+      address: 10.0.101.31
+    - network: calico
+      address: 172.29.1.31
+  metadata:
+    rack: RACK01
+    tags:
+      - 'masters'
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: aknode32
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  host_profile: MyControlPlane_HP
+#/new/notused/aic-clcp-manifests/site/clcp-seaworthy/profiles/host/cp_rack.yaml
+  addressing:
+    - network: oob
+      address: 192.168.41.132
+    - network: pxe
+      address: 172.30.1.32
+    - network: oam
+      address: 192.168.2.32
+    - network: storage
+      address: 172.31.1.32
+    - network: overlay
+      address: 10.0.101.32
+    - network: calico
+      address: 172.29.1.32
+  metadata:
+    rack: RACK01
+    tags:
+      - 'masters'
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: aknode33
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  host_profile: MyComputePlane_HP
+  addressing:
+    - network: oob
+      address: 192.168.41.133
+    - network: pxe
+      address: 172.30.1.33
+    - network: oam
+      address: 192.168.2.33
+    - network: storage
+      address: 172.31.1.33
+    - network: overlay
+      address: 10.0.101.33
+    - network: calico
+      address: 172.29.1.33
+  metadata:
+    rack: RACK01
+    tags:
+      - 'workers'
+#---
+#schema: 'drydock/BaremetalNode/v1'
+#metadata:
+#  schema: 'metadata/Document/v1'
+#  name: aknode34
+#  layeringDefinition:
+#    abstract: false
+#    layer: site
+#  storagePolicy: cleartext
+#data:
+#  host_profile: MyComputePlane_HP
+#  addressing:
+#    - network: oob
+#      address: 192.168.41.134
+#    - network: pxe
+#      address: 172.30.1.34
+#    - network: oam
+#      address: 192.168.2.34
+#    - network: storage
+#      address: 172.31.1.34
+#    - network: overlay
+#      address: 10.0.101.34
+#    - network: calico
+#      address: 172.29.1.34
+#  metadata:
+#    rack: RACK01
+#    tags:
+#      - 'workers'
+...
diff --git a/site/site30/deployment/deployment-configuration.yaml b/site/site30/deployment/deployment-configuration.yaml
new file mode 100644 (file)
index 0000000..41c4162
--- /dev/null
@@ -0,0 +1,29 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: shipyard/DeploymentConfiguration/v1
+metadata:
+  schema: metadata/Document/v1
+  name: deployment-configuration
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  armada:
+    manifest: 'full-site'
+...
diff --git a/site/site30/networks/common-addresses.yaml b/site/site30/networks/common-addresses.yaml
new file mode 100644 (file)
index 0000000..226f5f7
--- /dev/null
@@ -0,0 +1,100 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: pegleg/CommonAddresses/v1
+metadata:
+  schema: metadata/Document/v1
+  name: common-addresses
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  calico:
+    ip_autodetection_method: interface=bond0.44
+    etcd:
+      service_ip: 10.96.232.136
+
+  dns:
+    cluster_domain: cluster.local
+    service_ip: 10.96.0.10
+    upstream_servers:
+      - 192.168.2.85
+      - 8.8.8.8
+      - 8.8.8.8
+    upstream_servers_joined: '192.168.2.85,8.8.8.8'
+
+  genesis:
+    hostname: aknode30
+#    ip: 192.168.2.30
+    ip: 172.29.1.30
+
+  bootstrap:
+    ip: 172.30.1.30
+
+  kubernetes:
+    api_service_ip: 10.96.0.1
+    etcd_service_ip: 10.96.0.2
+    pod_cidr: 10.99.0.0/16
+    service_cidr: 10.96.0.0/14
+    apiserver_port: 6443
+    haproxy_port: 6553
+    service_node_port_range: 30000-32767
+
+  etcd:
+    container_port: 2379
+    haproxy_port: 2378
+
+  masters:
+    - hostname: aknode31
+    - hostname: aknode32
+
+  node_ports:
+    drydock_api: 30000
+    maas_api: 30001
+    maas_proxy: 31800  # hardcoded in MAAS
+    shipyard_api: 30003
+    airflow_web: 30004
+
+  ntp:
+    servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org'
+
+
+  # Used for FQDN setup/definition
+  domain:
+    url: hpgen10.lab.akraino.org
+
+  ldap:
+    url: 'ldap://its-a-ldap.example.com'
+    common_name: AP-NC_Test_Users
+    subdomain: testitservices
+    domain: example
+
+  storage:
+    ceph:
+      public_cidr: '172.31.1.0/24'
+      cluster_cidr: '172.31.1.0/24'
+
+  # external: typically the floating IP subnet
+  # tunnel: overlay network for VM traffic
+  neutron:
+    tunnel_device: 'bond0.45'
+    external_iface: 'bond0'
+
+  openvswitch:
+    external_iface: 'bond0'
+...
diff --git a/site/site30/networks/physical/rack.yaml b/site/site30/networks/physical/rack.yaml
new file mode 100644 (file)
index 0000000..ae374d6
--- /dev/null
@@ -0,0 +1,218 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: 'drydock/NetworkLink/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: oob
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  labels:
+    noconfig: enabled
+  bonding:
+    mode: disabled
+  mtu: 9000
+  linkspeed: auto
+  trunking:
+    mode: disabled
+    default_network: oob
+  allowed_networks:
+    - oob
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: oob
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  cidr: 192.168.41.0/24
+  routes:
+  - subnet: '0.0.0.0/0'
+    gateway: 192.168.41.1
+  ranges:
+  - type: static
+    start: 192.168.41.5
+    end: 192.168.41.254
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: pxe
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  bonding:
+    mode: disabled
+  mtu: 9000
+  linkspeed: auto
+  trunking:
+    mode: disabled
+    default_network: pxe
+  allowed_networks:
+    - pxe
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: pxe
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  cidr: 172.30.1.0/24
+  routes:
+  - subnet: '0.0.0.0/0'
+    gateway: 172.30.1.30
+  ranges:
+  - type: reserved
+    start: 172.30.1.1
+    end: 172.30.1.10
+  - type: static
+    start: 172.30.1.11
+    end: 172.30.1.200
+  - type: dhcp
+    start: 172.30.1.201
+    end: 172.30.1.254
+  dns:
+    domain: lab.akraino.org
+    servers: '192.168.2.85 8.8.8.8 8.8.4.4'
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+#  name: gp
+  name: bond0
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  bonding:
+    mode: 802.3ad
+    hash: layer3+4
+    peer_rate: fast
+    mon_rate: 100
+    up_delay: 1000
+    down_delay: 3000
+  mtu: 9000
+  linkspeed: auto
+  trunking:
+    mode: 802.1q
+  allowed_networks:
+    - oam
+#    - public
+    - storage
+    - overlay
+    - calico
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: oam
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  vlan: '41'
+  mtu: 9000
+  cidr:  192.168.2.0/24
+  routes:
+  - subnet: '0.0.0.0/0'
+    gateway: 192.168.2.200
+  ranges:
+  - type: reserved
+    start:  192.168.2.84
+    end:  192.168.2.86
+  - type: static
+    start: 192.168.2.1
+    end: 192.168.2.83
+  dns:
+    domain: lab.akraino.org
+    servers: '192.168.2.85 8.8.8.8 8.8.4.4'
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: storage
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  vlan: '42'
+  mtu: 9000
+  cidr: 172.31.1.0/24
+  ranges:
+  - type: static
+    start: 172.31.1.2
+    end: 172.31.1.254
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: overlay
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  vlan: '45'
+  mtu: 9000
+  cidr: 10.0.101.0/24
+  ranges:
+  - type: static
+    start: 10.0.101.2
+    end: 10.0.101.254
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: calico
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  vlan: '44'
+  mtu: 9000
+  cidr: 172.29.1.0/24
+  ranges:
+  - type: static
+    start: 172.29.1.5
+    end: 172.29.1.254
+#  routes:
+#  - subnet: '172.29.140.64/26'
+#    gateway: 172.29.140.3
+...
diff --git a/site/site30/pki/pki-catalog.yaml b/site/site30/pki/pki-catalog.yaml
new file mode 100644 (file)
index 0000000..b4c5889
--- /dev/null
@@ -0,0 +1,285 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: promenade/PKICatalog/v1
+metadata:
+  schema: metadata/Document/v1
+  name: cluster-certificates
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  certificate_authorities:
+    kubernetes:
+      description: CA for Kubernetes components
+      certificates:
+        - document_name: apiserver
+          description: Service certificate for Kubernetes apiserver
+          common_name: apiserver
+          hosts:
+            - localhost
+            - 127.0.0.1
+            - 10.96.0.1
+          kubernetes_service_names:
+            - kubernetes.default.svc.cluster.local
+        - document_name: kubelet-genesis
+          common_name: system:node:aknode30
+          hosts:
+            - aknode30
+            - 192.168.2.30
+            - 172.29.1.30
+            - 172.30.1.30
+          groups:
+            - system:nodes
+        - document_name: kubelet-aknode30
+          common_name: system:node:aknode30
+          hosts:
+            - aknode30
+            - 192.168.2.30
+            - 172.29.1.30
+            - 172.30.1.30
+          groups:
+            - system:nodes
+        - document_name: kubelet-aknode31
+          common_name: system:node:aknode31
+          hosts:
+            - aknode31
+            - 192.168.2.31
+            - 172.29.1.31
+            - 172.30.1.31
+          groups:
+            - system:nodes
+        - document_name: kubelet-aknode32
+          common_name: system:node:aknode32
+          hosts:
+            - aknode32
+            - 192.168.2.32
+            - 172.29.1.32
+            - 172.30.1.32
+          groups:
+            - system:nodes
+        - document_name: kubelet-aknode33
+          common_name: system:node:aknode33
+          hosts:
+            - aknode33
+            - 192.168.2.33
+            - 172.29.1.33
+            - 172.30.1.33
+          groups:
+            - system:nodes
+        - document_name: kubelet-aknode34
+          common_name: system:node:aknode34
+          hosts:
+            - aknode34
+            - 192.168.2.34
+            - 172.29.1.34
+            - 172.30.1.34
+          groups:
+            - system:nodes
+        - document_name: scheduler
+          description: Service certificate for Kubernetes scheduler
+          common_name: system:kube-scheduler
+        - document_name: controller-manager
+          description: certificate for controller-manager
+          common_name: system:kube-controller-manager
+        - document_name: admin
+          common_name: admin
+          groups:
+            - system:masters
+        - document_name: armada
+          common_name: armada
+          groups:
+            - system:masters
+    kubernetes-etcd:
+      description: Certificates for Kubernetes's etcd servers
+      certificates:
+        - document_name: apiserver-etcd
+          description: etcd client certificate for use by Kubernetes apiserver
+          common_name: apiserver
+          # NOTE(mark-burnett): hosts not required for client certificates
+        - document_name: kubernetes-etcd-anchor
+          description: anchor
+          common_name: anchor
+        - document_name: kubernetes-etcd-genesis
+          common_name: kubernetes-etcd-genesis
+          hosts:
+            - aknode30
+            - 192.168.2.30
+            - 172.29.1.30
+            - 172.30.1.30
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-aknode30
+          common_name: kubernetes-etcd-aknode30
+          hosts:
+            - aknode30
+            - 192.168.2.30
+            - 172.29.1.30
+            - 172.30.1.30
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-aknode31
+          common_name: kubernetes-etcd-aknode31
+          hosts:
+            - aknode31
+            - 192.168.2.31
+            - 172.29.1.31
+            - 172.30.1.31
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-aknode32
+          common_name: kubernetes-etcd-aknode32
+          hosts:
+            - aknode32
+            - 192.168.2.32
+            - 172.29.1.32
+            - 172.30.1.32
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+    kubernetes-etcd-peer:
+      certificates:
+        - document_name: kubernetes-etcd-genesis-peer
+          common_name: kubernetes-etcd-genesis-peer
+          hosts:
+            - aknode30
+            - 192.168.2.30
+            - 172.29.1.30
+            - 172.30.1.30
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-aknode30-peer
+          common_name: kubernetes-etcd-aknode30-peer
+          hosts:
+            - aknode30
+            - 192.168.2.30
+            - 172.29.1.30
+            - 172.30.1.30
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-aknode31-peer
+          common_name: kubernetes-etcd-aknode31-peer
+          hosts:
+            - aknode31
+            - 192.168.2.31
+            - 172.29.1.31
+            - 172.30.1.31
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-aknode32-peer
+          common_name: kubernetes-etcd-aknode32-peer
+          hosts:
+            - aknode32
+            - 192.168.2.32
+            - 172.29.1.32
+            - 172.30.1.32
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+    calico-etcd:
+      description: Certificates for Calico etcd client traffic
+      certificates:
+        - document_name: calico-etcd-anchor
+          description: anchor
+          common_name: anchor
+        - document_name: calico-etcd-aknode30
+          common_name: calico-etcd-aknode30
+          hosts:
+            - aknode30
+            - 192.168.2.30
+            - 172.29.1.30
+            - 172.30.1.30
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-etcd-aknode31
+          common_name: calico-etcd-aknode31
+          hosts:
+            - aknode31
+            - 192.168.2.31
+            - 172.29.1.31
+            - 172.30.1.31
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-etcd-aknode32
+          common_name: calico-etcd-aknode32
+          hosts:
+            - aknode32
+            - 192.168.2.32
+            - 172.29.1.32
+            - 172.30.1.32
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-node
+          common_name: calcico-node
+    calico-etcd-peer:
+      description: Certificates for Calico etcd clients
+      certificates:
+        - document_name: calico-etcd-aknode30-peer
+          common_name: calico-etcd-aknode30-peer
+          hosts:
+            - aknode30
+            - 192.168.2.30
+            - 172.29.1.30
+            - 172.30.1.30
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-etcd-aknode31-peer
+          common_name: calico-etcd-aknode31-peer
+          hosts:
+            - aknode31
+            - 192.168.2.31
+            - 172.29.1.31
+            - 172.30.1.31
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-etcd-aknode32-peer
+          common_name: calico-etcd-aknode32-peer
+          hosts:
+            - aknode32
+            - 192.168.2.32
+            - 172.29.1.32
+            - 172.30.1.32
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-node-peer
+          common_name: calcico-node-peer
+  keypairs:
+    - name: service-account
+      description: Service account signing key for use by Kubernetes controller-manager.
+...
+
diff --git a/site/site30/profiles/genesis.yaml b/site/site30/profiles/genesis.yaml
new file mode 100644 (file)
index 0000000..66a411b
--- /dev/null
@@ -0,0 +1,57 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: promenade/Genesis/v1
+metadata:
+  schema: metadata/Document/v1
+  name: genesis-site
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: genesis-global
+    actions:
+      - method: replace
+        path: .labels.dynamic
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  labels:
+    dynamic:
+      - beta.kubernetes.io/fluentd-ds-ready=true
+      - calico-etcd=enabled
+      - ceph-mds=enabled
+      - ceph-mon=enabled
+      - ceph-osd=enabled
+      - ceph-rgw=enabled
+      - ceph-mgr=enabled
+      - kube-dns=enabled
+      - kube-ingress=enabled
+      - kubernetes-apiserver=enabled
+      - kubernetes-controller-manager=enabled
+      - kubernetes-etcd=enabled
+      - kubernetes-scheduler=enabled
+      - promenade-genesis=enabled
+      - ucp-control-plane=enabled
+      - maas-control-plane=enabled
+      - ceph-osd-bootstrap=enabled
+#      - openstack-libvirt=kernel
+#      - openvswitch=enabled
+#      - openstack-control-plane=enabled
+#      - openstack-nova-compute=enabled
+...
diff --git a/site/site30/profiles/host/compute-r01.yaml b/site/site30/profiles/host/compute-r01.yaml
new file mode 100644 (file)
index 0000000..35ece6c
--- /dev/null
@@ -0,0 +1,104 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: drydock/HostProfile/v1
+metadata:
+  schema: metadata/Document/v1
+  name: MyComputePlane_HP
+  storagePolicy: cleartext
+  labels:
+    hosttype: MyComputePlane_HP
+  layeringDefinition:
+    abstract: false
+    layer: site
+  substitutions:
+    - dest:
+        path: .oob.credential
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ipmi_admin_password
+        path: .
+data:
+  oob:
+    type: 'ipmi'
+    network: 'oob'
+    account: 'Administrator'
+  primary_network: 'oam'
+  hardware_profile: DELL_HP_Generic
+  interfaces:
+    pxe:
+      device_link: pxe
+      slaves:
+        - 'eno1'
+      networks:
+        - 'pxe'
+    bond0:
+      device_link: bond0
+      slaves:
+        - 'ens3f0'
+        - 'ens3f1'
+      networks:
+        - 'oam'
+        - 'storage'
+        - 'overlay'
+        - 'calico'
+  storage:
+    physical_devices:
+      sdj:
+        labels:
+          bootdrive: 'true'
+        partitions:
+          - name: 'root'
+            size: '20g'
+            bootable: true
+            filesystem:
+              mountpoint: '/'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+          - name: 'boot'
+            size: '1g'
+            filesystem:
+              mountpoint: '/boot'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+          - name: 'var'
+            size: '>300g'
+            filesystem:
+              mountpoint: '/var'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+      sdk:
+        partitions:
+          - name: 'nova'
+            size: '99%'
+            filesystem:
+              mountpoint: '/var/lib/nova'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+  platform:
+    image: 'xenial'
+    kernel: 'hwe-16.04'
+    kernel_params:
+      console: 'ttyS1,115200n8'
+  metadata:
+    owner_data:
+      openstack-nova-compute: enabled
+      openvswitch: enabled
+      openstack-libvirt: kernel
+      beta.kubernetes.io/fluentd-ds-ready: 'true'
+...
+
diff --git a/site/site30/profiles/host/cp-r01.yaml b/site/site30/profiles/host/cp-r01.yaml
new file mode 100644 (file)
index 0000000..7a686e0
--- /dev/null
@@ -0,0 +1,156 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: drydock/HostProfile/v1
+metadata:
+  schema: metadata/Document/v1
+  name: MyControlPlane_HP 
+  storagePolicy: cleartext
+  labels:
+    hosttype: MyControlPlane_HP
+  layeringDefinition:
+    abstract: false
+    layer: site
+  substitutions:
+    - dest:
+        path: .oob.credential
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ipmi_admin_password
+        path: .
+data:
+  oob:
+    type: 'ipmi'
+    network: 'oob'
+    account: 'Administrator'
+  primary_network: 'oam'
+  hardware_profile: DELL_HP_Generic 
+  interfaces:
+    pxe:
+      device_link: pxe
+      slaves:
+        - 'eno1'
+      networks:
+        - 'pxe'
+    bond0:
+      device_link: bond0
+      slaves:
+        - 'ens3f0'
+        - 'ens3f1'
+      networks:
+        - 'oam'
+        - 'storage'
+        - 'overlay'
+        - 'calico'
+  storage:
+    physical_devices:
+      sdj:
+        labels:
+          bootdrive: 'true'
+        partitions:
+          - name: 'root'
+            size: '20g'
+            bootable: true
+            filesystem:
+              mountpoint: '/'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+          - name: 'boot'
+            size: '1g'
+            filesystem:
+              mountpoint: '/boot'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+          - name: 'var'
+            size: '>300g'
+            filesystem:
+              mountpoint: '/var'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+      sdk:
+        partitions:
+          - name: 'cephj'
+            size: '300g'
+            filesystem:
+              mountpoint: '/var/lib/ceph/journal'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+  platform:
+    image: 'xenial'
+    kernel: 'hwe-16.04'
+#    kernel_params:
+#      console: 'ttyS1,115200n8'
+  metadata:
+    owner_data:
+      control-plane: enabled
+      ucp-control-plane: enabled
+      openstack-control-plane: enabled
+      openstack-heat: enabled
+      openstack-keystone: enabled
+      openstack-rabbitmq: enabled
+      openstack-dns-helper: enabled
+      openstack-mariadb: enabled
+      openstack-nova-control: enabled
+      openstack-etcd: enabled
+      openstack-mistral: enabled
+      openstack-memcached: enabled
+      openstack-glance: enabled
+      openstack-horizon: enabled
+      openstack-cinder-control: enabled
+      openstack-cinder-volume: control
+      openstack-neutron: enabled
+      openvswitch: enabled
+      sriov: enabled
+      ucp-barbican: enabled
+      ceph-bootstrap: enabled
+      ceph-mon: enabled
+      ceph-osd: enabled
+      ceph-mds: enabled
+      ceph-rgw: enabled
+      ucp-maas: enabled
+      kube-dns: enabled
+      kubernetes-apiserver: enabled
+      kubernetes-controller-manager: enabled
+      kubernetes-etcd: enabled
+      kubernetes-scheduler: enabled
+      tiller-helm: enabled
+      kube-etcd: enabled
+      calico-policy: enabled
+      calico-node: enabled
+      calico-etcd: enabled
+      ucp-armada: enabled
+      ucp-drydock: enabled
+      ucp-deckhand: enabled
+      ucp-shipyard: enabled
+      IAM: enabled
+      ucp-promenade: enabled
+      prometheus-server: enabled
+      prometheus-client: enabled
+      fluentd: enabled
+      influxdb: enabled
+      kibana: enabled
+      elasticsearch-client: enabled
+      elasticsearch-master: enabled
+      elasticsearch-data: enabled
+      postgresql: enabled
+      kube-ingress: enabled
+      sriov: enabled
+      openstack-nova-compute: enabled
+      openstack-libvirt: kernel
+      beta.kubernetes.io/fluentd-ds-ready: 'true'
+...
+
diff --git a/site/site30/profiles/region.yaml b/site/site30/profiles/region.yaml
new file mode 100644 (file)
index 0000000..803aafb
--- /dev/null
@@ -0,0 +1,36 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: 'drydock/Region/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: hpgen10
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+  substitutions:
+    - dest:
+        path: .authorized_keys[0]
+      src:
+        schema: deckhand/PublicKey/v1
+        name: localadmin_ssh_public_key
+        path: .
+data:
+  tag_definitions: []
+  authorized_keys: []
+...
diff --git a/site/site30/secrets/passphrases/ceph_fsid.yaml b/site/site30/secrets/passphrases/ceph_fsid.yaml
new file mode 100644 (file)
index 0000000..3b8385b
--- /dev/null
@@ -0,0 +1,27 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ceph_fsid
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 3e2a3755-863a-423b-bf19-e8b5bf7f3d95
+...
diff --git a/site/site30/secrets/passphrases/ceph_swift_keystone_password.yaml b/site/site30/secrets/passphrases/ceph_swift_keystone_password.yaml
new file mode 100644 (file)
index 0000000..564669e
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ceph_swift_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 610becbb8563c2d7abb2
+...
diff --git a/site/site30/secrets/passphrases/ipmi_admin_password.yaml b/site/site30/secrets/passphrases/ipmi_admin_password.yaml
new file mode 100644 (file)
index 0000000..c0a70f1
--- /dev/null
@@ -0,0 +1,27 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ipmi_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: Admin123
+...
diff --git a/site/site30/secrets/passphrases/maas_region_secret.yaml b/site/site30/secrets/passphrases/maas_region_secret.yaml
new file mode 100644 (file)
index 0000000..c2dc167
--- /dev/null
@@ -0,0 +1,27 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: maas-region-key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 3858f62230ac3c915f300c664312c63f
+...
diff --git a/site/site30/secrets/passphrases/osh_barbican_oslo_db_password.yaml b/site/site30/secrets/passphrases/osh_barbican_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..d677a51
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_barbican_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: d992b45a48a3bf2698bc
+...
diff --git a/site/site30/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml b/site/site30/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..754d504
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_barbican_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: c01c594967dfd4024121
+...
diff --git a/site/site30/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml b/site/site30/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..7a19639
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_barbican_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 7451bf1643ee73782da9
+...
diff --git a/site/site30/secrets/passphrases/osh_barbican_password.yaml b/site/site30/secrets/passphrases/osh_barbican_password.yaml
new file mode 100644 (file)
index 0000000..06f27f4
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_barbican_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: ec1a97a83907f193a717
+...
diff --git a/site/site30/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml b/site/site30/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..5cff226
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_barbican_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 634c104df082faf67332
+...
diff --git a/site/site30/secrets/passphrases/osh_cinder_oslo_db_password.yaml b/site/site30/secrets/passphrases/osh_cinder_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..50ea246
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_cinder_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 4be86cd9e1e9fc3f7dc5
+...
diff --git a/site/site30/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml b/site/site30/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..350c8b1
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_cinder_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 8d143e5fb4b4dac3768c
+...
diff --git a/site/site30/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml b/site/site30/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..912fe40
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_cinder_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: ac0217906c77ee117000
+...
diff --git a/site/site30/secrets/passphrases/osh_cinder_password.yaml b/site/site30/secrets/passphrases/osh_cinder_password.yaml
new file mode 100644 (file)
index 0000000..ba71bda
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_cinder_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 4dca0954fba72f359566
+...
diff --git a/site/site30/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml b/site/site30/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..ffe275c
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_cinder_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: f3bda8af291469d2240d
+...
diff --git a/site/site30/secrets/passphrases/osh_glance_oslo_db_password.yaml b/site/site30/secrets/passphrases/osh_glance_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..03eb509
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_glance_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 153a394cfd01623987a7
+...
diff --git a/site/site30/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml b/site/site30/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..524118f
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_glance_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 2c3fcccd6597903cb67c
+...
diff --git a/site/site30/secrets/passphrases/osh_glance_oslo_messaging_password.yaml b/site/site30/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..9fcc71c
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_glance_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 597a366bd4f86f2d7070
+...
diff --git a/site/site30/secrets/passphrases/osh_glance_password.yaml b/site/site30/secrets/passphrases/osh_glance_password.yaml
new file mode 100644 (file)
index 0000000..a1dfe1d
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_glance_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: bf7662ee82349d8ce8a2
+...
diff --git a/site/site30/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml b/site/site30/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..191a4f1
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_glance_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 245f4c5f7ca0d06e8416
+...
diff --git a/site/site30/secrets/passphrases/osh_heat_oslo_db_password.yaml b/site/site30/secrets/passphrases/osh_heat_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..627e20b
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 6d5cbe4e78499e7ea1be
+...
diff --git a/site/site30/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml b/site/site30/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..927af8b
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 0fb3767e5bd60737c3ce
+...
diff --git a/site/site30/secrets/passphrases/osh_heat_oslo_messaging_password.yaml b/site/site30/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..4f929fe
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 2f986c8b860f5e2e6e67
+...
diff --git a/site/site30/secrets/passphrases/osh_heat_password.yaml b/site/site30/secrets/passphrases/osh_heat_password.yaml
new file mode 100644 (file)
index 0000000..29567f3
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 444f3082037eb9921782
+...
diff --git a/site/site30/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml b/site/site30/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..ca06200
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 7a525e66176fd10c317a
+...
diff --git a/site/site30/secrets/passphrases/osh_heat_stack_user_password.yaml b/site/site30/secrets/passphrases/osh_heat_stack_user_password.yaml
new file mode 100644 (file)
index 0000000..dcf61bb
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_stack_user_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 3cfcdb863f68ec896735
+...
diff --git a/site/site30/secrets/passphrases/osh_heat_trustee_password.yaml b/site/site30/secrets/passphrases/osh_heat_trustee_password.yaml
new file mode 100644 (file)
index 0000000..c40c42e
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_trustee_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 6b1727c22c773c902647
+...
diff --git a/site/site30/secrets/passphrases/osh_horizon_oslo_db_password.yaml b/site/site30/secrets/passphrases/osh_horizon_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..96e95a0
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_horizon_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 97456d11a2389e0a68b9
+...
diff --git a/site/site30/secrets/passphrases/osh_infra_addons_jenkins_password.yaml b/site/site30/secrets/passphrases/osh_infra_addons_jenkins_password.yaml
new file mode 100644 (file)
index 0000000..721cb7d
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_addons_jenkins_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 0ca991324505e13f7a77
+...
diff --git a/site/site30/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml b/site/site30/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
new file mode 100644 (file)
index 0000000..45f8daa
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_elasticsearch_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: b12f1e35c6951455d62d
+...
diff --git a/site/site30/secrets/passphrases/osh_infra_grafana_admin_password.yaml b/site/site30/secrets/passphrases/osh_infra_grafana_admin_password.yaml
new file mode 100644 (file)
index 0000000..ef9132a
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_grafana_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 573a60b9ca0e5639f86b
+...
diff --git a/site/site30/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml b/site/site30/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..e5e2af1
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_grafana_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 6e9a3a90bdac0988b850
+...
diff --git a/site/site30/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml b/site/site30/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
new file mode 100644 (file)
index 0000000..0e5fe5a
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_grafana_oslo_db_session_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: e59fde1e4e2ca04a0e6d
+...
diff --git a/site/site30/secrets/passphrases/osh_infra_kibana_admin_password.yaml b/site/site30/secrets/passphrases/osh_infra_kibana_admin_password.yaml
new file mode 100644 (file)
index 0000000..6912479
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_kibana_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: c3d955527901302d2c10
+...
diff --git a/site/site30/secrets/passphrases/osh_infra_nagios_admin_password.yaml b/site/site30/secrets/passphrases/osh_infra_nagios_admin_password.yaml
new file mode 100644 (file)
index 0000000..df53e52
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_nagios_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: cc78bc60e26c2f5a28fa
+...
diff --git a/site/site30/secrets/passphrases/osh_infra_openstack_exporter_password.yaml b/site/site30/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
new file mode 100644 (file)
index 0000000..9eccf74
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_openstack_exporter_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: d5f5133765b1ab430e85
+...
diff --git a/site/site30/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml b/site/site30/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
new file mode 100644 (file)
index 0000000..9416e61
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_oslo_db_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: f6a5b5fe9e6eb437c207
+...
diff --git a/site/site30/secrets/passphrases/osh_keystone_admin_password.yaml b/site/site30/secrets/passphrases/osh_keystone_admin_password.yaml
new file mode 100644 (file)
index 0000000..04411e5
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: a3df1a9771d9f0480bb2
+...
diff --git a/site/site30/secrets/passphrases/osh_keystone_ldap_mechid_password.yaml b/site/site30/secrets/passphrases/osh_keystone_ldap_mechid_password.yaml
new file mode 100644 (file)
index 0000000..bd0bdc2
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_ldap_mechid_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 5aacc198d8a1edeff4a8
+...
diff --git a/site/site30/secrets/passphrases/osh_keystone_oslo_db_password.yaml b/site/site30/secrets/passphrases/osh_keystone_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..cd0b501
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 57cfda14a8ec656b9ccf
+...
diff --git a/site/site30/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml b/site/site30/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..f954528
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: c7e2ef5bfab729b9cdf1
+...
diff --git a/site/site30/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml b/site/site30/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..78dda18
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: a00052e05aa7e1b704bc
+...
diff --git a/site/site30/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml b/site/site30/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..f67a3a2
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 7388108f67be16a4f252
+...
diff --git a/site/site30/secrets/passphrases/osh_neutron_oslo_db_password.yaml b/site/site30/secrets/passphrases/osh_neutron_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..67d5a82
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_neutron_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 5496c4a52d6223a1bc6c
+...
diff --git a/site/site30/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml b/site/site30/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..5014942
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_neutron_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 4eaff3effbc9a1b5ddc3
+...
diff --git a/site/site30/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml b/site/site30/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..63f94c0
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_neutron_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 10a9e6ad21ef9f43173c
+...
diff --git a/site/site30/secrets/passphrases/osh_neutron_password.yaml b/site/site30/secrets/passphrases/osh_neutron_password.yaml
new file mode 100644 (file)
index 0000000..39dd49e
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_neutron_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 9bb23c5d7181eabc52f7
+...
diff --git a/site/site30/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml b/site/site30/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..bef5290
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_neutron_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: afa9d3d0af33dcc3ca57
+...
diff --git a/site/site30/secrets/passphrases/osh_nova_oslo_db_password.yaml b/site/site30/secrets/passphrases/osh_nova_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..3333f6a
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: a1b32d78a4e4deee451a
+...
diff --git a/site/site30/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml b/site/site30/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..446fa35
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: c450b0c73cafa654e144
+...
diff --git a/site/site30/secrets/passphrases/osh_nova_oslo_messaging_password.yaml b/site/site30/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..5b62c33
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 173ec39e9f950f86ae24
+...
diff --git a/site/site30/secrets/passphrases/osh_nova_password.yaml b/site/site30/secrets/passphrases/osh_nova_password.yaml
new file mode 100644 (file)
index 0000000..b4436d2
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: a48fdaacf7bd05f7c3ff
+...
diff --git a/site/site30/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml b/site/site30/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..79904d7
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 410fe4f619b2cc8c417b
+...
diff --git a/site/site30/secrets/passphrases/osh_oslo_cache_secret_key.yaml b/site/site30/secrets/passphrases/osh_oslo_cache_secret_key.yaml
new file mode 100644 (file)
index 0000000..3c8d88b
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_oslo_cache_secret_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 083d87906595da201c0b
+...
diff --git a/site/site30/secrets/passphrases/osh_oslo_db_admin_password.yaml b/site/site30/secrets/passphrases/osh_oslo_db_admin_password.yaml
new file mode 100644 (file)
index 0000000..6577f16
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_oslo_db_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 3affb82b52f975a256a8
+...
diff --git a/site/site30/secrets/passphrases/osh_placement_password.yaml b/site/site30/secrets/passphrases/osh_placement_password.yaml
new file mode 100644 (file)
index 0000000..daa03d4
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_placement_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: c8d291a1a4dfa9fd41e0
+...
diff --git a/site/site30/secrets/passphrases/ucp_airflow_postgres_password.yaml b/site/site30/secrets/passphrases/ucp_airflow_postgres_password.yaml
new file mode 100644 (file)
index 0000000..1858213
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_airflow_postgres_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 2b2e4c8018c2b4ae511f
+...
diff --git a/site/site30/secrets/passphrases/ucp_armada_keystone_password.yaml b/site/site30/secrets/passphrases/ucp_armada_keystone_password.yaml
new file mode 100644 (file)
index 0000000..9b2ea15
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_armada_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 1263859ed8265dac6feb
+...
diff --git a/site/site30/secrets/passphrases/ucp_barbican_keystone_password.yaml b/site/site30/secrets/passphrases/ucp_barbican_keystone_password.yaml
new file mode 100644 (file)
index 0000000..4d0d894
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_barbican_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 138611c0102dc397da43
+...
diff --git a/site/site30/secrets/passphrases/ucp_barbican_oslo_db_password.yaml b/site/site30/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..deea869
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_barbican_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 9915552068ae3e3dc2e2
+...
diff --git a/site/site30/secrets/passphrases/ucp_deckhand_keystone_password.yaml b/site/site30/secrets/passphrases/ucp_deckhand_keystone_password.yaml
new file mode 100644 (file)
index 0000000..0538d36
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_deckhand_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 05f4bbbb3be35cc9b1ac
+...
diff --git a/site/site30/secrets/passphrases/ucp_deckhand_postgres_password.yaml b/site/site30/secrets/passphrases/ucp_deckhand_postgres_password.yaml
new file mode 100644 (file)
index 0000000..5e32f60
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_deckhand_postgres_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 3f4f1368325e1d492ee0
+...
diff --git a/site/site30/secrets/passphrases/ucp_drydock_keystone_password.yaml b/site/site30/secrets/passphrases/ucp_drydock_keystone_password.yaml
new file mode 100644 (file)
index 0000000..bb36b23
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_drydock_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 40cdf9c49bd6c7e66bc8
+...
diff --git a/site/site30/secrets/passphrases/ucp_drydock_postgres_password.yaml b/site/site30/secrets/passphrases/ucp_drydock_postgres_password.yaml
new file mode 100644 (file)
index 0000000..ca5bca8
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_drydock_postgres_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 4c771ed9d38d38f4d939
+...
diff --git a/site/site30/secrets/passphrases/ucp_keystone_admin_password.yaml b/site/site30/secrets/passphrases/ucp_keystone_admin_password.yaml
new file mode 100644 (file)
index 0000000..94a6ff1
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_keystone_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: e170ddbdf99b022ae1fd
+...
diff --git a/site/site30/secrets/passphrases/ucp_keystone_oslo_db_password.yaml b/site/site30/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..a444522
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_keystone_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 276a90de2bf3be8d1df8
+...
diff --git a/site/site30/secrets/passphrases/ucp_maas_admin_password.yaml b/site/site30/secrets/passphrases/ucp_maas_admin_password.yaml
new file mode 100644 (file)
index 0000000..9182cfe
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_maas_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 825958a1a47ccba33b2a
+...
diff --git a/site/site30/secrets/passphrases/ucp_maas_postgres_password.yaml b/site/site30/secrets/passphrases/ucp_maas_postgres_password.yaml
new file mode 100644 (file)
index 0000000..9ee7798
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_maas_postgres_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: f3401297fd1b8e4b6df4
+...
diff --git a/site/site30/secrets/passphrases/ucp_oslo_db_admin_password.yaml b/site/site30/secrets/passphrases/ucp_oslo_db_admin_password.yaml
new file mode 100644 (file)
index 0000000..853f052
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_oslo_db_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 045d835905deff7c4ed9
+...
diff --git a/site/site30/secrets/passphrases/ucp_oslo_messaging_password.yaml b/site/site30/secrets/passphrases/ucp_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..88376bc
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 8744bd7b9d14fa037451
+...
diff --git a/site/site30/secrets/passphrases/ucp_postgres_admin_password.yaml b/site/site30/secrets/passphrases/ucp_postgres_admin_password.yaml
new file mode 100644 (file)
index 0000000..8070539
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_postgres_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: a7330557eea3ce512402
+...
diff --git a/site/site30/secrets/passphrases/ucp_promenade_keystone_password.yaml b/site/site30/secrets/passphrases/ucp_promenade_keystone_password.yaml
new file mode 100644 (file)
index 0000000..d6d89f9
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_promenade_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 4533ad6a479120ef4710
+...
diff --git a/site/site30/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml b/site/site30/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..747f616
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 541fe3ba1c65bd553e9a
+...
diff --git a/site/site30/secrets/passphrases/ucp_shipyard_keystone_password.yaml b/site/site30/secrets/passphrases/ucp_shipyard_keystone_password.yaml
new file mode 100644 (file)
index 0000000..d2ad2b4
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_shipyard_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 86db58e20de93ef55477
+...
diff --git a/site/site30/secrets/passphrases/ucp_shipyard_postgres_password.yaml b/site/site30/secrets/passphrases/ucp_shipyard_postgres_password.yaml
new file mode 100644 (file)
index 0000000..58ac856
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_shipyard_postgres_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: d1fcd313bdc5fe69464b
+...
diff --git a/site/site30/secrets/publickey/localadmin_ssh_public_key.yaml b/site/site30/secrets/publickey/localadmin_ssh_public_key.yaml
new file mode 100644 (file)
index 0000000..7bbe911
--- /dev/null
@@ -0,0 +1,27 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: deckhand/PublicKey/v1
+metadata:
+  schema: metadata/Document/v1
+  name: localadmin_ssh_public_key 
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/n4mNLAj3XKG2fcm+8eVe0NUlNH0g8DA8KJ53rSLKccm8gm4UgLmGOJyBfUloQZMuOpU6a+hexN4ECCliqI7+KUmgJgsvLkJ3OUMNTEVu9tDX5mdXeffsufaqFkAdmbJ/9PMPiPQ3/UqbbtyEcqoZAwUWf4ggAWSp00SGE1Okg+skPSbDzPVHb4810eXZT1yoIg29HAenJNNrsVxvnMT2kw2OYmLfxgEUh1Ev4c5LnUog4GXBDHQtHAwaIoTu9s/q8VIvGav62RJVFn3U1D0jkiwDLSIFn8ezORQ4YkSidwdSrtqsqa2TJ0E5w/n5h5IVGO9neY8YlXrgynLd4Y+7 root@pocnjrsv132
+...
diff --git a/site/site30/site-definition.yaml b/site/site30/site-definition.yaml
new file mode 100644 (file)
index 0000000..135d804
--- /dev/null
@@ -0,0 +1,29 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: pegleg/SiteDefinition/v1
+metadata:
+  schema: metadata/Document/v1
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: hpgen10
+  storagePolicy: cleartext
+data:
+  revision: v4.0
+  site_type: large
+...
diff --git a/site/site30/software/charts/kubernetes/container-networking/calico.yaml b/site/site30/software/charts/kubernetes/container-networking/calico.yaml
new file mode 100644 (file)
index 0000000..bdbd4b5
--- /dev/null
@@ -0,0 +1,54 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  replacement: true
+  name: kubernetes-calico
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: kubernetes-calico-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    networking:
+      settings:
+        mesh: "off"
+        ippool:
+          ipip:
+            enabled: "false"
+            mode: "cross-subnet"
+      bgp:
+        asnumber: 65531
+        ipv4:
+          additional_cidrs:
+            - 172.29.1.136/29 
+          peers:
+            - apiVersion: v1
+              kind: bgpPeer
+              metadata:
+                peerIP: 172.29.1.1
+                scope: global
+              spec:
+                asnumber: 65001
+...
diff --git a/site/site30/software/charts/kubernetes/container-networking/etcd.yaml b/site/site30/software/charts/kubernetes/container-networking/etcd.yaml
new file mode 100644 (file)
index 0000000..2df6132
--- /dev/null
@@ -0,0 +1,198 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-calico-etcd
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+        name: kubernetes-calico-etcd-global
+    actions:
+        - method: merge
+          path: .
+  storagePolicy: cleartext
+  substitutions:
+
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.calico.etcd
+      dest:
+        path: .source
+
+    # Image versions
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.calico.etcd
+      dest:
+        path: .values.images.tags
+
+    # IP addresses
+    -
+      src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .calico.etcd.service_ip
+      dest:
+        path: .values.service.ip
+    -
+      src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .calico.etcd.service_ip
+      dest:
+        path: .values.anchor.etcdctl_endpoint
+
+    # CAs
+    -
+      src:
+        schema: deckhand/CertificateAuthority/v1
+        name: calico-etcd
+        path: .
+      dest:
+        path: .values.secrets.tls.client.ca
+    -
+      src:
+        schema: deckhand/CertificateAuthority/v1
+        name: calico-etcd-peer
+        path: .
+      dest:
+        path: .values.secrets.tls.peer.ca
+
+    # Anchor client cert
+    -
+      src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-anchor
+        path: .
+      dest:
+        path: .values.secrets.anchor.tls.cert
+    -
+      src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-anchor
+        path: .
+      dest:
+        path: .values.secrets.anchor.tls.key
+
+    # Node names
+    -
+      src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[0].hostname
+      dest:
+        path: .values.nodes[0].name
+    -
+      src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[1].hostname
+      dest:
+        path: .values.nodes[1].name
+    -
+      src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .genesis.hostname
+      dest:
+        path: .values.nodes[2].name
+
+   # Server certs
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-aknode31
+        path: .
+      dest:
+        path: .values.nodes[0].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-aknode31
+        path: .
+      dest:
+        path: .values.nodes[0].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-aknode31-peer
+        path: .
+      dest:
+        path: .values.nodes[0].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-aknode31-peer
+        path: .
+      dest:
+        path: .values.nodes[0].tls.peer.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-aknode32
+        path: .
+      dest:
+        path: .values.nodes[1].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-aknode32
+        path: .
+      dest:
+        path: .values.nodes[1].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-aknode32-peer
+        path: .
+      dest:
+        path: .values.nodes[1].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-aknode32-peer
+        path: .
+      dest:
+        path: .values.nodes[1].tls.peer.key
+    # NOTE(mb874d): Be sure we generate these certs for genesis.
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-aknode30
+        path: .
+      dest:
+        path: .values.nodes[2].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-aknode30
+        path: .
+      dest:
+        path: .values.nodes[2].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-aknode30-peer
+        path: .
+      dest:
+        path: .values.nodes[2].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-aknode30-peer
+        path: .
+      dest:
+        path: .values.nodes[2].tls.peer.key
+
+
+data: {}
+
+...
diff --git a/site/site30/software/charts/kubernetes/dns/coredns.yaml b/site/site30/software/charts/kubernetes/dns/coredns.yaml
new file mode 100644 (file)
index 0000000..7f87116
--- /dev/null
@@ -0,0 +1,102 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: coredns
+  replacement: true
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+        name: coredns-global
+    actions:
+        - method: replace
+          path: .values.conf.coredns.corefile
+        - method: merge
+          path: .
+  storagePolicy: cleartext
+  substitutions:
+    # Zones
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .dns.cluster_domain
+      dest:
+        path: .values.conf.coredns.corefile
+        pattern: '(CLUSTER_DOMAIN)'
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .kubernetes.service_cidr
+      dest:
+        path: .values.conf.coredns.corefile
+        pattern: '(SERVICE_CIDR)'
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .kubernetes.pod_cidr
+      dest:
+        path:  .values.conf.coredns.corefile
+        pattern: '(POD_CIDR)'
+
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .dns.upstream_servers[0]
+      dest:
+        path: .values.conf.coredns.corefile
+        pattern: '(UPSTREAM1)'
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .dns.upstream_servers[1]
+      dest:
+        path: .values.conf.coredns.corefile
+        pattern: '(UPSTREAM2)'
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .dns.upstream_servers[2]
+      dest:
+        path: .values.conf.coredns.corefile
+        pattern: '(UPSTREAM3)'
+data:
+  values:
+    conf:
+      coredns:
+        # TODO(alanmeadows) this needs to be adjusted to use substition
+        corefile: |
+          .:53 {
+              errors
+              health
+              autopath @kubernetes
+              kubernetes CLUSTER_DOMAIN SERVICE_CIDR POD_CIDR {
+                pods insecure
+                fallthrough in-addr.arpa ip6.arpa
+                upstream UPSTREAM1
+                upstream UPSTREAM2
+                upstream UPSTREAM3
+              }
+              prometheus :9153
+              proxy . UPSTREAM1
+              proxy . UPSTREAM2
+              proxy . UPSTREAM3
+              cache 30
+          }
+...
diff --git a/site/site30/software/charts/kubernetes/etcd/etcd.yaml b/site/site30/software/charts/kubernetes/etcd/etcd.yaml
new file mode 100644 (file)
index 0000000..b6b9f60
--- /dev/null
@@ -0,0 +1,197 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-etcd
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+        name: kubernetes-etcd-global
+    actions:
+        - method: merge
+          path: .
+  storagePolicy: cleartext
+  substitutions:
+
+  # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.etcd
+      dest:
+        path: .source
+
+    # Images
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.kubernetes.etcd
+      dest:
+        path: .values.images.tags
+
+    # IP addresses
+    -
+      src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .kubernetes.etcd_service_ip
+      dest:
+        path: .values.service.ip
+    -
+      src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .kubernetes.etcd_service_ip
+      dest:
+        path: .values.anchor.etcdctl_endpoint
+
+    # CAs
+    -
+      src:
+        schema: deckhand/CertificateAuthority/v1
+        name: kubernetes-etcd
+        path: .
+      dest:
+        path: .values.secrets.tls.client.ca
+    -
+      src:
+        schema: deckhand/CertificateAuthority/v1
+        name: kubernetes-etcd-peer
+        path: .
+      dest:
+        path: .values.secrets.tls.peer.ca
+
+    -
+      src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-anchor
+        path: .
+      dest:
+        path: .values.secrets.anchor.tls.cert
+    -
+      src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-anchor
+        path: .
+      dest:
+        path: .values.secrets.anchor.tls.key
+
+    # Node names
+    -
+      src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[0].hostname
+      dest:
+        path: .values.nodes[0].name
+    -
+      src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[1].hostname
+      dest:
+        path: .values.nodes[1].name
+
+    -
+      src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .genesis.hostname
+      dest:
+        path: .values.nodes[2].name
+
+   # Server certs
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-aknode31
+        path: .
+      dest:
+        path: .values.nodes[0].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-aknode31
+        path: .
+      dest:
+        path: .values.nodes[0].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-aknode31-peer
+        path: .
+      dest:
+        path: .values.nodes[0].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-aknode31-peer
+        path: .
+      dest:
+        path: .values.nodes[0].tls.peer.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-aknode32
+        path: .
+      dest:
+        path: .values.nodes[1].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-aknode32
+        path: .
+      dest:
+        path: .values.nodes[1].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-aknode32-peer
+        path: .
+      dest:
+        path: .values.nodes[1].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-aknode32-peer
+        path: .
+      dest:
+        path: .values.nodes[1].tls.peer.key
+    # Genesis node
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-genesis
+        path: .
+      dest:
+        path: .values.nodes[2].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-genesis
+        path: .
+      dest:
+        path: .values.nodes[2].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-genesis-peer
+        path: .
+      dest:
+        path: .values.nodes[2].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-genesis-peer
+        path: $
+      dest:
+        path: .values.nodes[2].tls.peer.key
+
+data: {}
+
+...
diff --git a/site/site30/software/charts/kubernetes/ingress/ingress.yaml b/site/site30/software/charts/kubernetes/ingress/ingress.yaml
new file mode 100644 (file)
index 0000000..13b4030
--- /dev/null
@@ -0,0 +1,32 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ingress-kube-system
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      ingress: kube-system
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data: {}
+...
diff --git a/site/site30/software/charts/osh/openstack-compute-kit/neutron.yaml b/site/site30/software/charts/osh/openstack-compute-kit/neutron.yaml
new file mode 100644 (file)
index 0000000..ec60713
--- /dev/null
@@ -0,0 +1,58 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: neutron-site30
+  #replacement: true
+  labels:
+    component: neutron
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: neutron-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    network:
+#      auto_bridge_add:
+#        br-bond0: bond0
+      interface:
+        sriov:
+          - device: ens6f0
+            num_vfs: 32
+            promisc: false
+          - device: ens6f1
+            num_vfs: 32
+            promisc: false
+    conf:
+      plugins:
+        openvswitch_agent:
+          ovs:
+            bridge_mappings: physnet:br-bond0
+        sriov_agent:
+          sriov_nic:
+            physical_device_mappings: sriovnet1:ens6f0,sriovnet2:ens6f1
+        ml2_conf:
+          ml2_type_vlan:
+            network_vlan_ranges: physnet:46:300,sriovnet1:100:4000,sriovnet2:100:4000,sriovnet3:100:4000,sriovnet4:100:4000
+...
diff --git a/site/site30/software/charts/osh/openstack-compute-kit/nova.yaml b/site/site30/software/charts/osh/openstack-compute-kit/nova.yaml
new file mode 100644 (file)
index 0000000..1cce35b
--- /dev/null
@@ -0,0 +1,45 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: nova
+  labels:
+    component: nova
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: nova-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    conf:
+      nova:
+        libvirt:
+          virt_type: kvm
+        DEFAULT:
+          vcpu_pin_set: "4-23,28-47"
+        pci:
+          alias: '{"name": "numa0", "capability_type": "pci", "product_id": "154c", "vendor_id": "8086", "device_type": "type-PCI", "numa_policy": "required"}'
+          passthrough_whitelist: |
+            [{"address": "0000:08:10.0", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:10.2", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:12.4", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:12.6", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:13.0", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:13.2", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:13.4", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:13.6", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:14.0", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:14.2", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:14.4", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:14.6", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:10.4", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:15.0", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:15.2", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:15.4", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:15.6", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:16.0", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:16.2", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:16.4", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:16.6", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:17.0", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:17.2", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:10.6", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:17.4", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:17.6", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:11.0", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:11.2", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:11.4", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:11.6", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:12.0", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:12.2", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:10.1", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:10.3", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:12.5", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:12.7", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:13.1", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:13.3", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:13.5", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:13.7", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:14.1", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:14.3", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:14.5", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:14.7", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:10.5", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:15.1", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:15.3", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:15.5", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:15.7", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:16.1", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:16.3", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:16.5", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:16.7", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:17.1", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:17.3", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:10.7", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:17.5", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:17.7", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:11.1", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:11.3", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:11.5", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:11.7", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:12.1", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:12.3", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:81:10.0", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:10.2", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:12.4", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:12.6", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:13.0", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:13.2", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:13.4", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:13.6", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:14.0", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:14.2", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:14.4", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:14.6", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:10.4", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:15.0", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:15.2", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:15.4", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:15.6", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:16.0", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:16.2", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:16.4", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:16.6", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:17.0", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:17.2", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:10.6", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:17.4", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:17.6", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:11.0", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:11.2", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:11.4", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:11.6", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:12.0", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:12.2", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:10.1", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:10.3", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:12.5", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:12.7", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:13.1", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:13.3", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:13.5", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:13.7", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:14.1", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:14.3", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:14.5", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:14.7", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:10.5", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:15.1", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:15.3", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:15.5", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:15.7", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:16.1", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:16.3", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:16.5", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:16.7", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:17.1", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:17.3", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:10.7", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:17.5", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:17.7", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:11.1", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:11.3", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:11.5", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:11.7", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:12.1", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:12.3", "physical_network": "sriovnet4", "trusted": "true"}]
+...
diff --git a/site/site30/software/charts/ucp/ceph/ceph-update.yaml b/site/site30/software/charts/ucp/ceph/ceph-update.yaml
new file mode 100644 (file)
index 0000000..aa1f372
--- /dev/null
@@ -0,0 +1,105 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-ceph-update
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-ceph-global
+    actions:
+      - method: replace
+        path: .values.conf.storage.osd
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    conf:
+      storage:
+        osd:
+          - data:
+              type: block-logical
+              location: /dev/sdb
+            journal:
+              type: directory
+              location: /var/lib/ceph/journal/journal-sdb
+          - data:
+              type: block-logical
+              location: /dev/sdc
+            journal:
+              type: directory
+              location: /var/lib/ceph/journal/journal-sdc
+          - data:
+              type: block-logical
+              location: /dev/sdd
+            journal:
+              type: directory
+              location: /var/lib/ceph/journal/journal-sdd
+          - data:
+              type: block-logical
+              location: /dev/sde
+            journal:
+              type: directory
+              location: /var/lib/ceph/journal/journal-sde
+          - data:
+              type: block-logical
+              location: /dev/sdf
+            journal:
+              type: directory
+              location: /var/lib/ceph/journal/journal-sdf
+          - data:
+              type: block-logical
+              location: /dev/sdg
+            journal:
+              type: directory
+              location: /var/lib/ceph/journal/journal-sdg
+          - data:
+              type: block-logical
+              location: /dev/sdh
+            journal:
+              type: directory
+              location: /var/lib/ceph/journal/journal-sdh
+          - data:
+              type: block-logical
+              location: /dev/sdi
+            journal:
+              type: directory
+              location: /var/lib/ceph/journal/journal-sdi
+      pool:
+        target:
+          osd: 24
+        default:
+          crush_rule: replicated_rule
+...
+---
+schema: armada/ChartGroup/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-ceph-update
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  description: Ceph post intall update
+  chart_group:
+    - ucp-ceph-update
+...
diff --git a/site/site30/software/charts/ucp/ceph/ceph.yaml b/site/site30/software/charts/ucp/ceph/ceph.yaml
new file mode 100644 (file)
index 0000000..adf3976
--- /dev/null
@@ -0,0 +1,90 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-ceph
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-ceph-global
+    actions:
+      - method: replace
+        path: .values.conf.storage.osd
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    conf:
+      storage:
+        osd:
+          - data:
+              type: block-logical
+              location: /dev/sdb
+            journal:
+              type: directory
+              location: /var/lib/ceph/journal/journal-sdb
+          - data:
+              type: block-logical
+              location: /dev/sdc
+            journal:
+              type: directory
+              location: /var/lib/ceph/journal/journal-sdc
+          - data:
+              type: block-logical
+              location: /dev/sdd
+            journal:
+              type: directory
+              location: /var/lib/ceph/journal/journal-sdd
+          - data:
+              type: block-logical
+              location: /dev/sde
+            journal:
+              type: directory
+              location: /var/lib/ceph/journal/journal-sde
+          - data:
+              type: block-logical
+              location: /dev/sdf
+            journal:
+              type: directory
+              location: /var/lib/ceph/journal/journal-sdf
+          - data:
+              type: block-logical
+              location: /dev/sdg
+            journal:
+              type: directory
+              location: /var/lib/ceph/journal/journal-sdg
+          - data:
+              type: block-logical
+              location: /dev/sdh
+            journal:
+              type: directory
+              location: /var/lib/ceph/journal/journal-sdh
+          - data:
+              type: block-logical
+              location: /dev/sdi
+            journal:
+              type: directory
+              location: /var/lib/ceph/journal/journal-sdi
+      pool:
+        target:
+          osd: 8
+...
+
diff --git a/site/site30/software/charts/ucp/divingbell/divingbell.yaml b/site/site30/software/charts/ucp/divingbell/divingbell.yaml
new file mode 100644 (file)
index 0000000..e0ebd93
--- /dev/null
@@ -0,0 +1,47 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-divingbell
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-divingbell-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+  substitutions:
+    - dest:
+        path: .values.conf.uamlite.users[0].user_sshkeys[0]
+      src:
+        schema: deckhand/PublicKey/v1
+        name: localadmin_ssh_public_key
+        path: .
+
+data:
+  values:
+    conf:
+      uamlite:
+        users:
+          - user_name: localadmin
+            user_sudo: true
+            user_sshkeys: []
+...
diff --git a/site/site30/software/charts/ucp/drydock/maas.yaml b/site/site30/software/charts/ucp/drydock/maas.yaml
new file mode 100644 (file)
index 0000000..b214198
--- /dev/null
@@ -0,0 +1,47 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-maas
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-maas-global
+    actions:
+      - method: replace
+        path: .values.conf.maas.proxy
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    conf:
+      maas:
+        ntp:
+          disable_ntpd_region: true
+          disable_ntpd_rack: true
+        images:
+          default_os: 'ubuntu'
+          default_image: 'xenial'
+          default_kernel: 'hwe-16.04'
+        proxy:
+          proxy_enabled: 'false'
+          peer_proxy_enabled: false
+...
diff --git a/site/site30/software/charts/ucp/promenade/promenade.yaml b/site/site30/software/charts/ucp/promenade/promenade.yaml
new file mode 100644 (file)
index 0000000..1072d22
--- /dev/null
@@ -0,0 +1,40 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-promenade
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-promenade-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    pod:
+      env:
+        promenade_api:
+         - name: no_proxy
+           value: 172.30.1.30,10.96.0.1,.cluster.local,192.168.2.30,192.168.2.31,192.168.2.32,192.168.2.33,192.168.2.34,nexus3.att-akraino.org,hpgen10.lab.akraino.org,gcr.io,quay.io,lachlanevenson,docker.io,github.com,localhost,127.0.0.1
+         - name: NO_PROXY
+           value: 172.30.1.30,10.96.0.1,.cluster.local,192.168.2.30,192.168.2.31,192.168.2.32,192.168.2.33,192.168.2.34,nexus3.att-akraino.org,hpgen10.lab.akraino.org,gcr.io,quay.io,lachlanevenson,docker.io,github.com,localhost,127.0.0.1
+...
diff --git a/site/site30/software/config/common-software-config.yaml b/site/site30/software/config/common-software-config.yaml
new file mode 100644 (file)
index 0000000..2a35eec
--- /dev/null
@@ -0,0 +1,29 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: pegleg/CommonSoftwareConfig/v1
+metadata:
+  schema: metadata/Document/v1
+  name: common-software-config
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  osh:
+    region_name: RegionOne
+...
diff --git a/site/site30/software/config/endpoints.yaml b/site/site30/software/config/endpoints.yaml
new file mode 100644 (file)
index 0000000..d620941
--- /dev/null
@@ -0,0 +1,1069 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: pegleg/EndpointCatalogue/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_endpoints
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .domain.url
+      dest:
+        path: .ucp.identity.host_fqdn_override.public
+        pattern: DOMAIN
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .domain.url
+      dest:
+        path: .ucp.shipyard.host_fqdn_override.public
+        pattern: DOMAIN
+data:
+  ucp:
+    identity:
+      namespace: ucp
+      name: keystone
+      hosts:
+        default: keystone-api
+        public: keystone
+      host_fqdn_override:
+        default: null
+        public: iam.DOMAIN
+      path:
+        default: /v3
+      scheme:
+        default: http
+      port:
+        admin:
+          default: 35357
+        api:
+          default: 80
+    armada:
+      name: armada
+      hosts:
+        default: armada-api
+        public: armada
+      port:
+        api:
+          default: 8000
+      path:
+        default: /api/v1.0
+      scheme:
+        default: http
+      host_fqdn_override:
+        default: null
+    deckhand:
+      name: deckhand
+      hosts:
+        default: deckhand-int
+        public: deckhand-api
+      port:
+        api:
+          default: 9000
+      path:
+        default: /api/v1.0
+      scheme:
+        default: http
+      host_fqdn_override:
+        default: null
+    postgresql:
+      name: postgresql
+      hosts:
+        default: postgresql
+      path: /DB_NAME
+      scheme: postgresql+psycopg2
+      port:
+        postgresql:
+          default: 5432
+      host_fqdn_override:
+        default: null
+    postgresql_airflow_celery:
+      name: postgresql_airflow_celery_db
+      hosts:
+        default: postgresql
+      path: /DB_NAME
+      scheme: db+postgresql
+      port:
+        postgresql:
+          default: 5432
+      host_fqdn_override:
+        default: null
+    oslo_db:
+      hosts:
+        default: mariadb
+        discovery: mariadb-discovery
+      host_fqdn_override:
+        default: null
+      path: /DB_NAME
+      scheme: mysql+pymysql
+      port:
+        mysql:
+          default: 3306
+        wsrep:
+          default: 4567
+    key_manager:
+      name: barbican
+      hosts:
+        default: barbican-api
+        public: barbican
+      host_fqdn_override:
+        default: null
+      path:
+        default: /v1
+      scheme:
+        default: http
+      port:
+        api:
+          default: 9311
+          public: 80
+    oslo_messaging:
+      namespace: null
+      hosts:
+        default: rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /openstack
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+    oslo_cache:
+      hosts:
+        default: memcached
+      host_fqdn_override:
+        default: null
+      port:
+        memcache:
+          default: 11211
+    physicalprovisioner:
+      name: drydock
+      hosts:
+        default: drydock-api
+      port:
+        api:
+          default: 9000
+          nodeport: 31900
+      path:
+        default: /api/v1.0
+      scheme:
+        default: http
+      host_fqdn_override:
+        default: null
+    maas_region_ui:
+      name: maas-region-ui
+      hosts:
+        default: maas-region-ui
+        public: maas
+      path:
+        default: /MAAS
+      scheme:
+        default: "http"
+      port:
+        region_ui:
+          default: 80
+          public: 80
+      host_fqdn_override:
+        default: null
+    kubernetesprovisioner:
+      name: promenade
+      hosts:
+        default: promenade-api
+      port:
+        api:
+          default: 80
+      path:
+        default: /api/v1.0
+      scheme:
+        default: http
+      host_fqdn_override:
+        default: null
+    shipyard:
+      name: shipyard
+      hosts:
+        default: shipyard-int
+        public: shipyard-api
+      port:
+        api:
+          default: 9000
+          public: 80
+      path:
+        default: /api/v1.0
+      scheme:
+        default: http
+      host_fqdn_override:
+        default: null
+        public: shipyard.DOMAIN
+    airflow_web:
+      name: airflow-web
+      hosts:
+        default: airflow-web-int
+        public: airflow-web
+      port:
+        airflow_web:
+          default: 8080
+      path:
+        default: /
+      scheme:
+        default: http
+      host_fqdn_override:
+        default: null
+    airflow_flower:
+      name: airflow-flower
+      hosts:
+        default: airflow-flower
+      port:
+        airflow_flower:
+          default: 5555
+      path:
+        default: /
+      scheme:
+        default: http
+      host_fqdn_override:
+        default: null
+  ceph:
+    object_store:
+      name: swift
+      namespace: ceph
+      hosts:
+        default: ceph-rgw
+      host_fqdn_override:
+        default: null
+      path:
+        default: /swift/v1
+      scheme:
+        default: http
+      port:
+        api:
+          default: 8088
+    ceph_mon:
+      namespace: ceph
+      hosts:
+        default: ceph-mon
+        discovery: ceph-mon-discovery
+      host_fqdn_override:
+        default: null
+      port:
+        mon:
+          default: 6789
+    ceph_mgr:
+      namespace: ceph
+      hosts:
+        default: ceph-mgr
+      host_fqdn_override:
+        default: null
+      port:
+        mgr:
+          default: 7000
+      scheme:
+        default: http
+...
+---
+schema: pegleg/EndpointCatalogue/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_endpoints
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .domain.url
+      dest:
+        path: .osh.image.host_fqdn_override.public
+        pattern: DOMAIN
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .domain.url
+      dest:
+        path: .osh.cloudformation.host_fqdn_override.public
+        pattern: DOMAIN
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .domain.url
+      dest:
+        path: .osh.orchestration.host_fqdn_override.public
+        pattern: DOMAIN
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .domain.url
+      dest:
+        path: .osh.compute.host_fqdn_override.public
+        pattern: DOMAIN
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .domain.url
+      dest:
+        path: .osh.compute_novnc_proxy.host_fqdn_override.public
+        pattern: DOMAIN
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .domain.url
+      dest:
+        path: .osh.network.host_fqdn_override.public
+        pattern: DOMAIN
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .domain.url
+      dest:
+        path: .osh.identity.host_fqdn_override.public
+        pattern: DOMAIN
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .domain.url
+      dest:
+        path: .osh.dashboard.host_fqdn_override.public
+        pattern: DOMAIN
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .domain.url
+      dest:
+        path: .osh.volume.host_fqdn_override.public
+        pattern: DOMAIN
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .domain.url
+      dest:
+        path: .osh.volumev2.host_fqdn_override.public
+        pattern: DOMAIN
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .domain.url
+      dest:
+        path: .osh.volumev3.host_fqdn_override.public
+        pattern: DOMAIN
+data:
+  osh:
+    oslo_db:
+      hosts:
+        default: mariadb
+        discovery: mariadb-discovery
+      host_fqdn_override:
+        default: null
+      path: /DB_NAME
+      scheme: mysql+pymysql
+      port:
+        mysql:
+          default: 3306
+        wsrep:
+          default: 4567
+    keystone_oslo_messaging:
+      namespace: openstack
+      hosts:
+        default: keystone-rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /keystone
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+        http:
+          default: 15672
+    keystone_rabbitmq_exporter:
+      namespace: openstack
+      hosts:
+        default: keystone-rabbitmq-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9095
+    oslo_cache:
+      namespace: openstack
+      hosts:
+        default: memcached
+      host_fqdn_override:
+        default: null
+      port:
+        memcache:
+          default: 11211
+    identity:
+      namespace: openstack
+      name: keystone
+      hosts:
+        default: keystone-api
+        public: keystone
+      host_fqdn_override:
+        default: null
+        public: keystone.DOMAIN
+      path:
+        default: /v3
+      scheme:
+        default: "http"
+      port:
+        admin:
+          default: 35357
+        api:
+          default: 80
+    glance_oslo_messaging:
+      namespace: openstack
+      hosts:
+        default: glance-rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /glance
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+        http:
+          default: 15672
+    glance_rabbitmq_exporter:
+      namespace: openstack
+      hosts:
+        default: glance-rabbitmq-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9095
+    image:
+      name: glance
+      hosts:
+        default: glance-api
+        public: glance
+      host_fqdn_override:
+        default: null
+        public: image.DOMAIN
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 9292
+          public: 80
+    image_registry:
+      name: glance-registry
+      hosts:
+        default: glance-registry
+        public: glance-reg
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 9191
+          public: 80
+    cinder_oslo_messaging:
+      namespace: openstack
+      hosts:
+        default: cinder-rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /cinder
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+        http:
+          default: 15672
+    cinder_rabbitmq_exporter:
+      namespace: openstack
+      hosts:
+        default: cinder-rabbitmq-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9095
+    volume:
+      name: cinder
+      hosts:
+        default: cinder-api
+        public: cinder
+      host_fqdn_override:
+        default: null
+        public: volume.DOMAIN
+      path:
+        default: "/v1/%(tenant_id)s"
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 8776
+          public: 80
+    volumev2:
+      name: cinderv2
+      hosts:
+        default: cinder-api
+        public: cinder
+      host_fqdn_override:
+        default: null
+        public: volume.DOMAIN
+      path:
+        default: "/v2/%(tenant_id)s"
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 8776
+          public: 80
+    volumev3:
+      name: cinderv3
+      hosts:
+        default: cinder-api
+        public: cinder
+      host_fqdn_override:
+        default: null
+        public: volume.DOMAIN
+      path:
+        default: "/v3/%(tenant_id)s"
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 8776
+          public: 80
+    ceph_object_store:
+      name: radosgw
+      namespace: ceph
+      hosts:
+        default: ceph-rgw
+      host_fqdn_override:
+        default: null
+      path:
+        default: /auth/v1.0
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 8088
+    heat_oslo_messaging:
+      namespace: openstack
+      hosts:
+        default: heat-rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /heat
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+        http:
+          default: 15672
+    heat_rabbitmq_exporter:
+      namespace: openstack
+      hosts:
+        default: heat-rabbitmq-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9095
+    orchestration:
+      name: heat
+      hosts:
+        default: heat-api
+        public: heat
+      host_fqdn_override:
+        default: null
+        public: orchestration.DOMAIN
+      path:
+        default: "/v1/%(project_id)s"
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 8004
+          public: 80
+    cloudformation:
+      name: heat-cfn
+      hosts:
+        default: heat-cfn
+        public: cloudformation
+      host_fqdn_override:
+        default: null
+        public: cloudformation.DOMAIN
+      path:
+        default: /v1
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 8000
+          public: 80
+    cloudwatch:
+      name: heat-cloudwatch
+      hosts:
+        default: heat-cloudwatch
+        public: cloudwatch
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      type: null
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 8003
+          public: 80
+    neutron_oslo_messaging:
+      namespace: openstack
+      hosts:
+        default: neutron-rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /neutron
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+        http:
+          default: 15672
+    neutron_rabbitmq_exporter:
+      namespace: openstack
+      hosts:
+        default: neutron-rabbitmq-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9095
+    network:
+      name: neutron
+      hosts:
+        default: neutron-server
+        public: neutron
+      host_fqdn_override:
+        default: null
+        public: network.DOMAIN
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 9696
+          public: 80
+    nova_oslo_messaging:
+      namespace: openstack
+      hosts:
+        default: nova-rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /nova
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+        http:
+          default: 15672
+    nova_rabbitmq_exporter:
+      namespace: openstack
+      hosts:
+        default: nova-rabbitmq-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9095
+    compute:
+      name: nova
+      hosts:
+        default: nova-api
+        public: nova
+      host_fqdn_override:
+        default: null
+        public: compute.DOMAIN
+      path:
+        default: "/v2/%(tenant_id)s"
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 8774
+          public: 80
+        novncproxy:
+          default: 6080
+    compute_metadata:
+      name: nova
+      hosts:
+        default: nova-metadata
+        public: metadata
+      host_fqdn_override:
+        default: null
+      path:
+        default: /
+      scheme:
+        default: "http"
+      port:
+        metadata:
+          default: 8775
+          public: 80
+    compute_novnc_proxy:
+      name: nova
+      hosts:
+        default: nova-novncproxy
+        public: novncproxy
+      host_fqdn_override:
+        default: null
+        public: nova-novncproxy.DOMAIN
+      path:
+        default: /vnc_auto.html
+      scheme:
+        default: "http"
+      port:
+        novnc_proxy:
+          default: 6080
+    compute_spice_proxy:
+      name: nova
+      hosts:
+        default: nova-spiceproxy
+      host_fqdn_override:
+        default: null
+      path:
+        default: /spice_auto.html
+      scheme:
+        default: "http"
+      port:
+        spice_proxy:
+          default: 6082
+    placement:
+      name: placement
+      hosts:
+        default: placement-api
+        public: placement
+      host_fqdn_override:
+        default: null
+      path:
+        default: /
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 8778
+          public: 80
+    dashboard:
+      name: horizon
+      hosts:
+        default: horizon-int
+        public: horizon
+      host_fqdn_override:
+        default: null
+        public: dashboard.DOMAIN
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        web:
+          default: 80
+    barbican_oslo_messaging:
+      namespace: openstack
+      hosts:
+        default: barbican-rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /barbican
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+        http:
+          default: 15672
+    barbican_rabbitmq_exporter:
+      namespace: openstack
+      hosts:
+        default: barbican-rabbitmq-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9095
+    key_manager:
+      name: barbican
+      hosts:
+        default: barbican-api
+        public: barbican
+      host_fqdn_override:
+        default: null
+      path:
+        default: /v1
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 9311
+          public: 80
+...
+---
+schema: pegleg/EndpointCatalogue/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_endpoints
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .domain.url
+      dest:
+        path: .osh_infra.kibana.host_fqdn_override.public
+        pattern: DOMAIN
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .domain.url
+      dest:
+        path: .osh_infra.grafana.host_fqdn_override.public
+        pattern: DOMAIN
+data:
+  osh_infra:
+    elasticsearch:
+      name: elasticsearch
+      namespace: osh-infra
+      hosts:
+        data: elasticsearch-data
+        default: elasticsearch-logging
+        discovery: elasticsearch-discovery
+        public: elasticsearch
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        http:
+          default: 80
+    prometheus_elasticsearch_exporter:
+      namespace: null
+      hosts:
+        default: elasticsearch-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9108
+    fluentd:
+      namespace: osh-infra
+      name: fluentd
+      hosts:
+        default: fluentd-logging
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        service:
+          default: 24224
+        metrics:
+          default: 24220
+    prometheus_fluentd_exporter:
+      namespace: osh-infra
+      hosts:
+        default: fluentd-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9309
+    oslo_db:
+      namespace: osh-infra
+      hosts:
+        default: mariadb
+      host_fqdn_override:
+        default: null
+      path: /DB_NAME
+      scheme: mysql+pymysql
+      port:
+        mysql:
+          default: 3306
+    grafana:
+      name: grafana
+      namespace: osh-infra
+      hosts:
+        default: grafana-dashboard
+        public: grafana
+      host_fqdn_override:
+        default: null
+        public: grafana.DOMAIN
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        grafana:
+          default: 3000
+    monitoring:
+      name: prometheus
+      namespace: osh-infra
+      hosts:
+        default: prom-metrics
+        public: prometheus
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 9090
+          public: 80
+    kibana:
+      name: kibana
+      namespace: osh-infra
+      hosts:
+        default: kibana-dash
+        public: kibana
+      host_fqdn_override:
+        default: null
+        public: kibana.DOMAIN
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        kibana:
+          default: 5601
+    alerts:
+      name: alertmanager
+      namespace: osh-infra
+      hosts:
+        default: alerts-engine
+        public: alertmanager
+        discovery: alertmanager-discovery
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 9093
+          public: 80
+        mesh:
+          default: 6783
+    kube_state_metrics:
+      namespace: kube-system
+      hosts:
+        default: kube-state-metrics
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        http:
+          default: 8080
+    kube_scheduler:
+      scheme:
+        default: "http"
+      path:
+        default: /metrics
+    kube_controller_manager:
+      scheme:
+        default: "http"
+      path:
+        default: /metrics
+    node_metrics:
+      namespace: kube-system
+      hosts:
+        default: node-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9100
+        prometheus_port:
+          default: 9100
+    prometheus_openstack_exporter:
+      namespace: openstack
+      hosts:
+        default: openstack-metrics
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        exporter:
+          default: 9103
+...
diff --git a/site/site30/software/config/service_accounts.yaml b/site/site30/software/config/service_accounts.yaml
new file mode 100644 (file)
index 0000000..08b78e3
--- /dev/null
@@ -0,0 +1,404 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: pegleg/AccountCatalogue/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_service_accounts
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+    ucp:
+        postgres:
+            admin:
+                username: postgres
+        oslo_db:
+            admin:
+                username: root
+        oslo_messaging:
+            admin:
+                username: rabbitmq
+        keystone:
+            admin:
+                region_name: RegionOne
+                username: admin
+                project_name: admin
+                user_domain_name: default
+                project_domain_name: default
+            oslo_messaging:
+                admin:
+                    username: rabbitmq
+                keystone:
+                    username: keystone
+            oslo_db:
+                username: keystone
+                database: keystone
+        promenade:
+            keystone:
+                region_name: RegionOne
+                role: admin
+                project_name: service
+                project_domain_name: default
+                user_domain_name: default
+                username: promenade
+        drydock:
+            keystone:
+                region_name: RegionOne
+                role: admin
+                project_name: service
+                project_domain_name: default
+                user_domain_name: default
+                username: drydock
+            postgres:
+                username: drydock
+                database: drydock
+        shipyard:
+            keystone:
+                region_name: RegionOne
+                role: admin
+                project_name: service
+                project_domain_name: default
+                user_domain_name: default
+                username: shipyard
+            postgres:
+                username: shipyard
+                database: shipyard
+        airflow:
+            postgres:
+                username: airflow
+                database: airflow
+            oslo_messaging:
+                username: rabbitmq
+        maas:
+            admin:
+                username: admin
+                email: none@none
+            postgres:
+                username: maas
+                database: maasdb
+        barbican:
+            keystone:
+                region_name: RegionOne
+                role: admin
+                project_name: service
+                project_domain_name: default
+                user_domain_name: default
+                username: barbican
+            oslo_db:
+                username: barbican
+                database: barbican
+            oslo_messaging:
+                admin:
+                    username: rabbitmq
+                keystone:
+                    username: keystone
+        armada:
+            keystone:
+                project_domain_name: default
+                user_domain_name: default
+                project_name: service
+                region_name: RegionOne
+                role: admin
+                user_domain_name: default
+                username: armada
+        deckhand:
+            keystone:
+                region_name: RegionOne
+                role: admin
+                project_name: service
+                project_domain_name: default
+                user_domain_name: default
+                username: deckhand
+            postgres:
+                username: deckhand
+                database: deckhand
+    ceph:
+        swift:
+            keystone:
+                role: admin
+                region_name: RegionOne
+                username: swift
+                project_name: service
+                user_domain_name: default
+                project_domain_name: default
+...
+---
+schema: pegleg/AccountCatalogue/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_service_accounts
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.keystone.admin.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.cinder.cinder.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.glance.glance.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.heat.heat.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.heat.heat_trustee.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.heat.heat_stack_user.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.swift.keystone.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.neutron.neutron.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.nova.nova.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.nova.placement.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.barbican.barbican.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.barbican.barbican.region_name
+data:
+  osh:
+    keystone:
+      admin:
+        username: admin
+        project_name: admin
+        user_domain_name: default
+        project_domain_name: default
+      oslo_db:
+        username: keystone
+        database: keystone
+      oslo_messaging:
+        admin:
+          username: keystone-rabbitmq-admin
+        keystone:
+          username: keystone-rabbitmq-user
+      ldap:
+        username: "user@example-ldap.com"
+    cinder:
+      cinder:
+        role: admin
+        username: cinder
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+      oslo_db:
+        username: cinder
+        database: cinder
+      oslo_messaging:
+        admin:
+          username: cinder-rabbitmq-admin
+        cinder:
+          username: cinder-rabbitmq-user
+    glance:
+      glance:
+        role: admin
+        username: glance
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+      oslo_db:
+        username: glance
+        database: glance
+      oslo_messaging:
+        admin:
+          username: glance-rabbitmq-admin
+        glance:
+          username: glance-rabbitmq-user
+      ceph_object_store:
+        username: glance
+    heat:
+      heat:
+        role: admin
+        username: heat
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+      heat_trustee:
+        role: admin
+        username: heat-trust
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+      heat_stack_user:
+        role: admin
+        username: heat-domain
+        domain_name: heat
+      oslo_db:
+        username: heat
+        database: heat
+      oslo_messaging:
+        admin:
+          username: heat-rabbitmq-admin
+        heat:
+          username: heat-rabbitmq-user
+    swift:
+      keystone:
+        role: admin
+        username: swift
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+    oslo_db:
+      admin:
+        username: root
+    neutron:
+      neutron:
+        role: admin
+        username: neutron
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+      oslo_db:
+        username: neutron
+        database: neutron
+      oslo_messaging:
+        admin:
+          username: neutron-rabbitmq-admin
+        neutron:
+          username: neutron-rabbitmq-user
+    nova:
+      nova:
+        role: admin
+        username: nova
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+      placement:
+        role: admin
+        username: placement
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+      oslo_db:
+        username: nova
+        database: nova
+      oslo_db_api:
+        username: nova
+        database: nova_api
+      oslo_db_cell0:
+        username: nova
+        database: "nova_cell0"
+      oslo_messaging:
+        admin:
+          username: nova-rabbitmq-admin
+        nova:
+          username: nova-rabbitmq-user
+    horizon:
+      oslo_db:
+        username: horizon
+        database: horizon
+    barbican:
+      barbican:
+        role: admin
+        username: barbican
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+      oslo_db:
+        username: barbican
+        database: barbican
+      oslo_messaging:
+        admin:
+          username: barbican-rabbitmq-admin
+        barbican:
+          username: barbican-rabbitmq-user
+...
+---
+schema: pegleg/AccountCatalogue/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_service_accounts
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  osh_infra:
+    grafana:
+      admin:
+        username: grafana
+      oslo_db:
+        username: grafana
+        database: grafana
+      oslo_db_session:
+        username: grafana_session
+        database: grafana_session
+    elasticsearch:
+      admin:
+        username: elasticsearch
+    kibana:
+      admin:
+        username: kibana
+    oslo_db:
+      admin:
+        username: root
+    prometheus_openstack_exporter:
+      user:
+        username: prometheus-openstack-exporter
+        project_name: service
+        user_domain_name: default
+...
diff --git a/site/site30/software/manifests/full-site.yaml b/site/site30/software/manifests/full-site.yaml
new file mode 100644 (file)
index 0000000..ff45494
--- /dev/null
@@ -0,0 +1,76 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Manifest/v1
+metadata:
+  schema: metadata/Document/v1
+  name: full-site
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: full-site-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  release_prefix: clcp
+  chart_groups:
+    - kubernetes-proxy
+    - kubernetes-container-networking
+    - kubernetes-dns
+    - kubernetes-etcd
+    - kubernetes-haproxy
+    - kubernetes-core
+    - ingress-kube-system
+    - ucp-ceph-update
+    - ucp-ceph-config
+    - ucp-core
+    - ucp-keystone
+    - ucp-divingbell
+    - ucp-armada
+    - ucp-deckhand
+    - ucp-drydock
+    - ucp-promenade
+    - ucp-shipyard
+#    - artifactory-ceph-config
+#    - artifactory-mariadb
+#    - artifactory-webapp
+#    - jenkins
+    - osh-infra-ingress-controller
+    - osh-infra-ceph-config
+    - osh-infra-logging
+    - osh-infra-monitoring
+    - osh-infra-mariadb
+    - osh-infra-dashboards
+    - openstack-ingress-controller
+    - openstack-ceph-config
+    - openstack-mariadb
+    - openstack-memcached
+    - openstack-compute-services
+    - openstack-keystone
+    - openstack-glance
+    - openstack-radosgw
+    - openstack-cinder
+    - openstack-compute-kit
+    - openstack-heat
+    - osh-infra-prometheus-openstack-exporter
+    - openstack-horizon
+    - openstack-barbican
+
+...
diff --git a/site30.yaml b/site30.yaml
new file mode 100644 (file)
index 0000000..2bdb18b
--- /dev/null
@@ -0,0 +1,282 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+site_name: hp_akraino
+ipmi_admin_password: Admin123
+networks:
+  bonded: yes
+  primary: bond0
+  slaves:
+    - name: ens3f0
+    - name: ens3f1
+  oob:
+    vlan: 40
+    interface: 
+    cidr: 192.168.41.0/24
+    routes:
+      gateway: 192.168.41.1
+    ranges:
+      reserved:
+        start: 192.168.41.2
+        end: 192.168.41.4
+      static:
+        start: 192.168.41.5
+        end: 192.168.41.254
+  host:
+    vlan: 41   
+    interface: bond0.41
+    cidr: 192.168.2.0/24
+    routes:
+       gateway: 192.168.2.85
+    ranges:
+      reserved:
+        start: 192.168.2.84
+        end: 192.168.2.86
+      static:
+        start: 192.168.2.1
+        end: 192.168.2.83
+  storage:
+    vlan: 42
+    interface: bond0.42
+    cidr: 172.31.1.0/24
+    ranges:
+      reserved:
+        start: 172.31.1.1
+        end: 172.31.1.10
+      static:
+        start: 172.31.1.11
+        end: 172.31.1.254
+  pxe:
+    vlan: 
+    interface: eno1
+    cidr: 172.30.1.0/24
+    gateway: 172.30.1.1
+    ranges:
+      reserved:
+        start: 172.30.1.2
+        end:  172.30.1.10
+      static:
+        start: 172.30.1.11
+        end: 172.30.1.200
+      dhcp:
+        start: 172.30.1.201
+        end: 172.30.1.254
+  ksn:
+    vlan: 44
+    interface: bond0.44
+    cidr: 172.29.1.0/24
+    local_asnumber: 65531
+    ranges:
+      static:
+        start: 172.29.1.5
+        end: 172.29.1.254
+    additional_cidrs:
+      -  172.29.1.136/29
+    ingress_cidr: 172.29.1.137/32
+    peers:
+    - ip: 172.29.1.1
+      scope: global
+      asnumber: 65001
+    vrrp_ip: 172.29.1.1 # keep peers ip address in case of only peer.
+  neutron:
+    vlan: 45
+    interface: bond0.45
+    cidr: 10.0.101.0/24
+    ranges:
+      reserved:
+        start: 10.0.101.1
+        end: 10.0.101.10
+      static:
+        start: 10.0.101.11
+        end: 10.0.101.254
+sriovnets:
+- physical: sriovnet1
+  interface: ens6f0
+  vlan_start: 100
+  vlan_end: 4000
+  whitelists:
+      "0000:af:02.0":  "enp175s2"
+      "0000:af:02.1":  "enp175s2f1"
+      "0000:af:03.2":  "enp175s3f2"
+      "0000:af:03.3":  "enp175s3f3"
+      "0000:af:03.4":  "enp175s3f4"
+      "0000:af:03.5":  "enp175s3f5"
+      "0000:af:03.6":  "enp175s3f6"
+      "0000:af:03.7":  "enp175s3f7"
+      "0000:af:04.0":  "enp175s4"
+      "0000:af:04.1":  "enp175s4f1"
+      "0000:af:04.2":  "enp175s4f2"
+      "0000:af:04.3":  "enp175s4f3"
+      "0000:af:02.2":  "enp175s2f2"
+      "0000:af:04.4":  "enp175s4f4"
+      "0000:af:04.5":  "enp175s4f5"
+      "0000:af:04.6":  "enp175s4f6"
+      "0000:af:04.7":  "enp175s4f7"
+      "0000:af:05.0":  "enp175s5"
+      "0000:af:05.1":  "enp175s5f1"
+      "0000:af:05.2":  "enp175s5f2"
+      "0000:af:05.3":  "enp175s5f3"
+      "0000:af:05.4":  "enp175s5f4"
+      "0000:af:05.5":  "enp175s5f5"
+      "0000:af:02.3":  "enp175s2f3"
+      "0000:af:05.6":  "enp175s5f6"
+      "0000:af:05.7":  "enp175s5f7"
+      "0000:af:02.4":  "enp175s2f4"
+      "0000:af:02.5":  "enp175s2f5"
+      "0000:af:02.6":  "enp175s2f6"
+      "0000:af:02.7":  "enp175s2f7"
+      "0000:af:03.0":  "enp175s3"
+      "0000:af:03.1":  "enp175s3f1"
+- physical: sriovnet2
+  interface: ens6f1
+  vlan_start: 100
+  vlan_end: 4000
+  whitelists:
+      "0000:af:0a.0":  "enp175s10"
+      "0000:af:0a.1":  "enp175s10f1"
+      "0000:af:0b.2":  "enp175s11f2"
+      "0000:af:0b.3":  "enp175s11f3"
+      "0000:af:0b.4":  "enp175s11f4"
+      "0000:af:0b.5":  "enp175s11f5"
+      "0000:af:0b.6":  "enp175s11f6"
+      "0000:af:0b.7":  "enp175s11f7"
+      "0000:af:0c.0":  "enp175s12"
+      "0000:af:0c.1":  "enp175s12f1"
+      "0000:af:0c.2":  "enp175s12f2"
+      "0000:af:0c.3":  "enp175s12f3"
+      "0000:af:0a.2":  "enp175s10f2"
+      "0000:af:0c.4":  "enp175s12f4"
+      "0000:af:0c.5":  "enp175s12f5"
+      "0000:af:0c.6":  "enp175s12f6"
+      "0000:af:0c.7":  "enp175s12f7"
+      "0000:af:0d.0":  "enp175s13"
+      "0000:af:0d.1":  "enp175s13f1"
+      "0000:af:0d.2":  "enp175s13f2"
+      "0000:af:0d.3":  "enp175s13f3"
+      "0000:af:0d.4":  "enp175s13f4"
+      "0000:af:0d.5":  "enp175s13f5"
+      "0000:af:0a.3":  "enp175s10f3"
+      "0000:af:0d.6":  "enp175s13f6"
+      "0000:af:0d.7":  "enp175s13f7"
+      "0000:af:0a.4":  "enp175s10f4"
+      "0000:af:0a.5":  "enp175s10f5"
+      "0000:af:0a.6":  "enp175s10f6"
+      "0000:af:0a.7":  "enp175s10f7"
+      "0000:af:0b.0":  "enp175s11"
+      "0000:af:0b.1":  "enp175s11f1"
+storage:
+  osds:
+    - data: /dev/sdb
+      journal: /var/lib/openstack-helm/ceph/journal0/osd/journal-sdb
+    - data: /dev/sdc
+      journal: /var/lib/openstack-helm/ceph/journal1/osd/journal-sdc
+    - data: /dev/sdd
+      journal: /var/lib/openstack-helm/ceph/journal0/osd/journal-sdd
+    - data: /dev/sde
+      journal: /var/lib/openstack-helm/ceph/journal1/osd/journal-sde
+    - data: /dev/sdf
+      journal: /var/lib/openstack-helm/ceph/journal0/osd/journal-sdf
+    - data: /dev/sdg
+      journal: /var/lib/openstack-helm/ceph/journal1/osd/journal-sdg
+    - data: /dev/sdg
+      journal: /var/lib/openstack-helm/ceph/journal0/osd/journal-sdh
+    - data: /dev/sdi
+      journal: /var/lib/openstack-helm/ceph/journal1/osd/journal-sdi
+    - data: /dev/sdk
+      journal: /var/lib/openstack-helm/ceph/journal0/osd/journal-sdk
+  osd_count: 9
+genesis:
+  name: csonjrsv30
+  oob: 192.168.41.30
+  host: 192.168.2.30
+  storage: 172.31.1.30
+  pxe: 172.30.1.30
+  ksn: 172.29.1.30
+  neutron: 10.0.101.30
+masters:
+  - name : csonjrsv31
+  - name : csonjrsv32
+workers:
+  - name : csonjrsv33
+  - name : csonjrsv34
+servers:
+  - name : csonjrsv31
+    oob: 192.168.41.31
+    host: 192.168.2.31
+    storage: 172.31.1.31
+    pxe: 172.30.1.31
+    ksn: 172.29.1.31
+    neutron: 10.0.101.31
+  - name : csonjrsv32
+    oob: 192.168.41.32
+    host: 192.168.2.32
+    storage: 172.31.1.32
+    pxe: 172.30.1.32
+    ksn: 172.29.1.32
+    neutron: 10.0.101.32
+  - name : csonjrsv33
+    oob: 192.168.41.33
+    host: 192.168.2.33
+    storage: 172.31.1.33
+    pxe: 172.30.1.33
+    ksn: 172.29.1.33
+    neutron: 10.0.101.33
+  - name : csonjrsv34
+    oob: 192.168.41.34
+    host: 192.168.2.34
+    storage: 172.31.1.34
+    pxe: 172.30.1.34
+    ksn: 172.29.1.34
+    neutron: 10.0.101.34
+hardware:
+  vendor: HP
+  generation: '10'
+  hw_version: '3'
+  bios_version: '2.8'
+disks:
+  - name : sdj
+    labels:
+      bootdrive: 'true'
+    partitions:
+      - name: root
+        size: 20g
+        mountpoint: /
+      - name: boot
+        size: 1g
+        mountpoint: /boot
+      - name: var
+        size: 100g
+        mountpoint: /var
+  - name : sdb
+    partitions:
+      - name: cephj0
+        size: 100g
+        mountpoint: /var/lib/openstack-helm/ceph/journal0
+  - name : sdc
+    partitions:
+      - name: cephj1
+        size: 100g
+        mountpoint: /var/lib/openstack-helm/ceph/journal1
+genesis_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/n4mNLAj3XKG2fcm+8eVe0NUlNH0g8DA8KJ53rSLKccm8gm4UgLmGOJyBfUloQZMuOpU6a+hexN4ECCliqI7+KUmgJgsvLkJ3OUMNTEVu9tDX5mdXeffsufaqFkAdmbJ/9PMPiPQ3/UqbbtyEcqoZAwUWf4ggAWSp00SGE1Okg+skPSbDzPVHb4810eXZT1yoIg29HAenJNNrsVxvnMT2kw2OYmLfxgEUh1Ev4c5LnUog4GXBDHQtHAwaIoTu9s/q8VIvGav62RJVFn3U1D0jkiwDLSIFn8ezORQ4YkSidwdSrtqsqa2TJ0E5w/n5h5IVGO9neY8YlXrgynLd4Y+7 root@pocnjrsv132"
+kubernetes:
+  api_service_ip: 10.96.0.1
+  etcd_service_ip: 10.96.0.2
+  pod_cidr: 10.99.0.0/16
+  service_cidr: 10.96.0.0/15
+regional_server:
+  ip: 135.16.101.85
+...
diff --git a/site80.yaml b/site80.yaml
new file mode 100644 (file)
index 0000000..8a65fff
--- /dev/null
@@ -0,0 +1,251 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+site_name: site80
+ipmi_admin_password: Admin123
+networks:
+  bonded: no
+  primary: eno49
+  slaves:
+    - name: eno49
+  oob:
+    vlan: 199
+    interface: eno49.40
+    cidr: 192.168.14.0/24
+    routes:
+      gateway: 192.168.14.11
+    ranges:
+      reserved:
+        start: 192.168.14.1
+        end: 192.168.14.11
+      static:
+        start: 192.168.14.12
+        end: 192.168.14.254
+  host:
+    vlan: 136
+    interface: eno49.136
+    cidr: 135.16.101.0/25
+    routes:
+       gateway: 135.16.101.8
+    ranges:
+      reserved:
+        start: 135.16.101.1
+        end: 135.16.101.10
+      static:
+        start: 135.16.101.11
+        end: 135.16.101.126
+  storage:
+    vlan: 1320
+    interface: eno49.1320
+    cidr: 192.168.110.0/24
+    ranges:
+      reserved:
+        start: 192.168.110.1
+        end: 192.168.110.10
+      static:
+        start: 192.168.110.11
+        end: 192.168.110.254
+  pxe:
+    vlan: 198
+    interface: eno1
+    cidr: 192.168.13.0/24
+    gateway: 192.168.13.11
+    ranges:
+      reserved:
+        start: 192.168.13.1
+        end: 192.168.13.10
+      static:
+        start: 192.168.13.11
+        end: 192.168.13.100
+      dhcp:
+        start: 192.168.13.201
+        end: 192.168.13.254
+  ksn:
+    vlan: 44
+    interface: eno49.44
+    cidr: 172.29.1.0/24
+    local_asnumber: 65531
+    ranges:
+      static:
+        start: 172.29.1.5
+        end: 172.29.1.254
+    additional_cidrs:
+      -  172.29.1.144/29
+    ingress_cidr: 172.29.1.145/32
+    peers:
+    - ip: 172.29.1.1
+      scope: global
+      asnumber: 65001
+    vrrp_ip: 172.29.1.1 # keep peers ip address in case of only peer.
+  neutron:
+    vlan: 126
+    interface: eno49.45
+    cidr: 135.25.50.128/25
+    ranges:
+      reserved:
+        start: 135.25.50.129
+        end: 135.25.50.139
+      static:
+        start: 135.25.50.140
+        end: 135.25.50.254
+sriovnets:
+- physical: sriovnet1
+  interface: ens6f0
+  vlan_start: 100
+  vlan_end: 4000
+  whitelists:
+      "0000:81:10.2":  "enp129s16f2"
+      "0000:81:12.4":  "enp129s18f4"
+      "0000:81:12.6":  "enp129s18f6"
+      "0000:81:13.0":  "enp129s19"
+      "0000:81:13.2":  "enp129s19f2"
+      "0000:81:13.4":  "enp129s19f4"
+      "0000:81:13.6":  "enp129s19f6"
+      "0000:81:14.0":  "enp129s20"
+      "0000:81:14.2":  "enp129s20f2"
+      "0000:81:14.4":  "enp129s20f4"
+      "0000:81:14.6":  "enp129s20f6"
+      "0000:81:10.4":  "enp129s16f4"
+      "0000:81:15.0":  "enp129s21"
+      "0000:81:15.2":  "enp129s21f2"
+      "0000:81:15.4":  "enp129s21f4"
+      "0000:81:15.6":  "enp129s21f6"
+      "0000:81:16.0":  "enp129s22"
+      "0000:81:16.2":  "enp129s22f2"
+      "0000:81:16.4":  "enp129s22f4"
+      "0000:81:16.6":  "enp129s22f6"
+      "0000:81:17.0":  "enp129s23"
+      "0000:81:17.2":  "enp129s23f2"
+      "0000:81:10.6":  "enp129s16f6"
+      "0000:81:17.4":  "enp129s23f4"
+      "0000:81:17.6":  "enp129s23f6"
+      "0000:81:11.0":  "enp129s17"
+      "0000:81:11.2":  "enp129s17f2"
+      "0000:81:11.4":  "enp129s17f4"
+      "0000:81:11.6":  "enp129s17f6"
+      "0000:81:12.0":  "enp129s18"
+      "0000:81:12.2":  "enp129s18f2"
+- physical: sriovnet2
+  interface: ens6f1
+  vlan_start: 100
+  vlan_end: 4000
+  whitelists:
+      "0000:81:10.1":  "enp129s16f1"
+      "0000:81:10.3":  "enp129s16f3"
+      "0000:81:12.5":  "enp129s18f5"
+      "0000:81:12.7":  "enp129s18f7"
+      "0000:81:13.1":  "enp129s19f1"
+      "0000:81:13.3":  "enp129s19f3"
+      "0000:81:13.5":  "enp129s19f5"
+      "0000:81:13.7":  "enp129s19f7"
+      "0000:81:14.1":  "enp129s20f1"
+      "0000:81:14.3":  "enp129s20f3"
+      "0000:81:14.5":  "enp129s20f5"
+      "0000:81:14.7":  "enp129s20f7"
+      "0000:81:10.5":  "enp129s16f5"
+      "0000:81:15.1":  "enp129s21f1"
+      "0000:81:15.3":  "enp129s21f3"
+      "0000:81:15.5":  "enp129s21f5"
+      "0000:81:15.7":  "enp129s21f7"
+      "0000:81:16.1":  "enp129s22f1"
+      "0000:81:16.3":  "enp129s22f3"
+      "0000:81:16.5":  "enp129s22f5"
+      "0000:81:16.7":  "enp129s22f7"
+      "0000:81:17.1":  "enp129s23f1"
+      "0000:81:17.3":  "enp129s23f3"
+      "0000:81:10.7":  "enp129s16f7"
+      "0000:81:17.5":  "enp129s23f5"
+      "0000:81:17.7":  "enp129s23f7"
+      "0000:81:11.1":  "enp129s17f1"
+      "0000:81:11.3":  "enp129s17f3"
+      "0000:81:11.5":  "enp129s17f5"
+      "0000:81:11.7":  "enp129s17f7"
+      "0000:81:12.1":  "enp129s18f1"
+      "0000:81:12.3":  "enp129s18f3"
+storage:
+  osds:
+    - data: /dev/sdb
+      journal: /var/lib/openstack-helm/ceph/journal0/osd/journal-sdb
+    - data: /dev/sdc
+      journal: /var/lib/openstack-helm/ceph/journal1/osd/journal-sdc
+  osd_count: 2
+genesis:
+  name: csoaiclab01-80
+  oob: 192.168.14.90
+  host: 135.16.101.80
+  storage: 192.168.110.80
+  pxe: 192.168.13.80
+  ksn: 172.29.1.80
+  neutron: 135.25.50.190
+masters:
+  - name : csoaiclab01-81
+  - name : csoaiclab01-82
+#workers:
+#  - name : csoaiclab01-83
+servers:
+  - name : csoaiclab01-81
+    oob: 192.168.14.91
+    host: 135.16.101.81
+    storage: 192.168.110.81
+    pxe: 192.168.13.81
+    ksn: 172.29.1.81
+    neutron: 135.25.50.210
+  - name : csoaiclab01-82
+    oob: 192.168.14.92
+    host: 135.16.101.82
+    storage: 192.168.110.82
+    pxe: 192.168.13.82
+    ksn: 172.29.1.82
+    neutron: 135.25.50.209
+hardware:
+  vendor: HPE
+  generation: '9'
+  hw_version: '3'
+  bios_version: '2.8'
+disks:
+  - name : sda
+    labels:
+      bootdrive: 'true'
+    partitions:
+      - name: root
+        size: 20g
+        mountpoint: /
+      - name: boot
+        size: 1g
+        mountpoint: /boot
+      - name: var
+        size: 100g
+        mountpoint: /var
+  - name : sdb
+    partitions:
+      - name: cephj0
+        size: 100g
+        mountpoint: /var/lib/openstack-helm/ceph/journal0
+  - name : sdc
+    partitions:
+      - name: cephj1
+        size: 100g
+        mountpoint: /var/lib/openstack-helm/ceph/journal1
+genesis_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRx+c0dtn1jjCN1UiZDETe/XApDv13mFsDs4523HStwC9u2fnl/2cREr2KmLzCBXZD+rJv/hTyPElrglQkzTOwtGUasRW7wZKCoxAeqaP/M3z7xARmWzMQKaswZMzYZtvDL29yuATrJbAl+qafu/hLssvyJYsQ4V8TbNGITlIwfGgqk2sAMWdl5+PAvS1AJ1jxsNmcrzBcWbOia/+eiAAA5iy+NDBzMgid0MIfQsPKQ2PbMGJB/cPwZJ523EsSwn0ax1mqmQX9lBv0TRTubqEKLkHUjh5JbElYjED+ez5eEq2iHF8UMbypiiRR+DEROcALuKvsDWgLbiliwwonAOup root@csoaiclab01-80"
+kubernetes:
+  api_service_ip: 10.96.0.1
+  etcd_service_ip: 10.96.0.2
+  pod_cidr: 10.97.0.0/16
+  service_cidr: 10.96.0.0/15
+regional_server:
+  ip: 135.16.101.85
+...
diff --git a/templates/aic-clcp-manifests/baremetal/bootaction.j2 b/templates/aic-clcp-manifests/baremetal/bootaction.j2
new file mode 100644 (file)
index 0000000..6b63344
--- /dev/null
@@ -0,0 +1,224 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: 'drydock/BootAction/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: promjoin
+  storagePolicy: 'cleartext'
+  layeringDefinition:
+    abstract: false
+    layer: site
+  labels:
+    application: 'drydock'
+data:
+  node_filter:
+    filter_set_type: 'union'
+    filter_set:
+      - filter_type: 'union'
+        node_names:
+{% for server in yaml.servers %}
+          - '{{server.name}}'
+{% endfor %}
+{% raw %}  # TODO(alanmeadows) move what is global about this document - everything except nodenames to global
+  assets:
+    - path: /opt/promjoin.sh
+      type: file
+      permissions: '555'
+      # TODO(alanmeadows) You must replace the ip= parameter below with the appropriate MaaS network name of the network
+      # you should use to contact kubernetes in the case below, this is cab24_mgmt
+      location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}{% if 'ksn' in node.network %}&ip={{ node.network.ksn.ip }}{% endif %}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %}
+      location_pipeline:
+        - template
+      data_pipeline:
+        - utf8_decode
+    - path: /lib/systemd/system/promjoin.service
+      type: unit
+      permissions: '600'
+      data: |-
+        W1VuaXRdCkRlc2NyaXB0aW9uPVByb21lbmFkZSBJbml0aWFsaXphdGlvbiBTZXJ2aWNlCkFmdGVy
+        PW5ldHdvcmstb25saW5lLnRhcmdldCBsb2NhbC1mcy50YXJnZXQKQ29uZGl0aW9uUGF0aEV4aXN0
+        cz0hL3Zhci9saWIvcHJvbS5kb25lCgpbU2VydmljZV0KVHlwZT1zaW1wbGUKRXhlY1N0YXJ0PS9v
+        cHQvcHJvbWpvaW4uc2gKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldAo=
+      data_pipeline:
+        - base64_decode
+        - utf8_decode
+{% endraw %}
+---
+schema: 'drydock/BootAction/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: calico-ip-rules
+  storagePolicy: 'cleartext'
+  layeringDefinition:
+    abstract: false
+    layer: site
+  labels:
+    application: 'drydock'
+  substitutions:
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .kubernetes.pod_cidr
+      dest:
+        path: .assets[0].data
+        pattern: DH_SUB_POD_CIDR
+data:
+  signaling: false
+  assets:
+    - path: /etc/systemd/system/configure-ip-rules.service
+      type: unit
+      permissions: '444'
+      data: |-
+        [Unit]
+        Description=IP Rules Initialization Service
+        After=network-online.target local-fs.target
+
+        [Service]
+        Type=simple
+        ExecStart=/opt/configure-ip-rules.sh -g {{yaml.networks.ksn.vrrp_ip}} -c {{yaml.kubernetes.pod_cidr}} -s {{yaml.networks.ksn.additional_cidrs | first}}
+
+        [Install]
+        WantedBy=multi-user.target
+      data_pipeline:
+        - utf8_decode
+    - path: /opt/configure-ip-rules.sh
+      type: file
+      permissions: '700'
+      data_pipeline:
+        - utf8_decode
+      data: |-
+        #!/bin/bash
+        set -ex
+
+        function usage() {
+            cat <<EOU
+        Options are:
+
+          -c POD_CIDR     The pod CIDR for the Kubernetes cluster, e.g. {{yaml.kubernetes.pod_cidr}}
+          -i INTERFACE    The interface for internal pod traffic, e.g. bond1.2006
+          -o OVERLAP_CIDR (optional) This CIDR will be routed via the VRRP IP on
+                          INTERFACE.  It is used to provide a work around when
+                          complete Calico routes cannot be received via BGP.
+                          e.g. 10.96.0.0/15.  NOTE: This must include the POD_CIDR.
+          -s SERVICE_CIDR (optional) A routable CIDR to configure for ingress, maas,
+                          e.g. 135.21.99.192/29
+        EOU
+        }
+
+        SERVICE_CIDR=
+        OVERLAP_CIDR=
+
+        while getopts ":c:hi:o:s:" o; do
+            case "${o}" in
+                c)
+                    POD_CIDR=${OPTARG}
+                    ;;
+                h)
+                    usage
+                    exit 0
+                    ;;
+                i)
+                    INTERFACE=${OPTARG}
+                    ;;
+                o)
+                    OVERLAP_CIDR=${OPTARG}
+                    ;;
+                s)
+                    SERVICE_CIDR=${OPTARG}
+                    ;;
+                \?)
+                    echo "Unknown option: -${OPTARG}" >&2
+                    exit 1
+                    ;;
+                :)
+                    echo "Missing argument for option: -${OPTARG}" >&2
+                    exit 1
+                    ;;
+                *)
+                    echo "Unimplemented option: -${OPTARG}" >&2
+                    exit 1
+                    ;;
+            esac
+        done
+        shift $((OPTIND-1))
+
+        if [ "x$POD_CIDR" == "x" ]; then
+            echo "Missing pod CIDR, e.g -c {{yaml.kubernetes.pod_cidr}}" >&2
+            usage
+            exit 1
+        fi
+
+        if [ "x$INTERFACE" == "x" ]; then
+            echo "Missing interface, e.g. -i bond1.2006" >&2
+            usage
+            exit 1
+        fi
+
+        while ! ip route list dev "${INTERFACE}" > /dev/null; do
+            echo Waiting for device "${INTERFACE}" to be ready. >&2
+            sleep 5
+        done
+
+        intra_vrrp_ip=$(ip route list dev "${INTERFACE}" | awk '($2~/via/){print $3}' | head -n 1)
+
+        TABLE="1500"
+
+        # Setup a routing table for traffic from service IPs
+        ip route flush table "${TABLE}"
+        ip route add default via "${intra_vrrp_ip}" table "${TABLE}"
+
+        if [ "x$OVERLAP_CIDR" != "x" ]; then
+            # NOTE(mb874d): This is a work-around for nodes not receiving complete
+            # routes via BGP.  It may also be required for brownfield large sites.
+            ip route add "${OVERLAP_CIDR}" via "${intra_vrrp_ip}"
+        fi
+
+        if [ "x$SERVICE_CIDR" != "x" ]; then
+            # Traffic from the service IPs to pods should use the pod network.
+            ip rule add \
+                from "${SERVICE_CIDR}" \
+                to "${POD_CIDR}" \
+                lookup main \
+                pref 10000
+            # Other traffic from service IPs should only use the VRRP IP
+            ip rule add \
+                from "${SERVICE_CIDR}" \
+                lookup "${TABLE}" \
+                pref 10100
+        fi
+---
+schema: 'drydock/BootAction/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: i40evf_blacklist
+  storagePolicy: 'cleartext'
+  layeringDefinition:
+    abstract: false
+    layer: site
+  labels:
+    application: 'drydock'
+data:
+  assets:
+    - path: /etc/modprobe.d/sriov_blacklist.conf
+      type: file
+      permissions: '644'
+      data_pipeline:
+        - utf8_decode
+      data: |
+        blacklist i40evf
+...
diff --git a/templates/aic-clcp-manifests/baremetal/rack.j2 b/templates/aic-clcp-manifests/baremetal/rack.j2
new file mode 100644 (file)
index 0000000..22f0039
--- /dev/null
@@ -0,0 +1,54 @@
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+{% for server in yaml.servers %}
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: {{server.name}}
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  host_profile: MyControlPlane_HP 
+  # the hostname for a server, could be used in multiple DNS domains to
+  # represent different interfaces
+  addressing:
+      # Which network the address applies to. If a network appears in addressing
+      # that isn't assigned to an interface, design validation will fail
+    - network: pxe
+      # The address assigned. Either a explicit IPv4 or IPv6 address
+      # or dhcp or slaac
+      address: {{server.pxe}}
+    - network: oam
+      address: {{server.host}}
+    - network: ksn
+      address: {{server.ksn}}
+    - network: storage
+      address: {{server.storage}}
+    - network: overlay
+      address: {{server.neutron}}
+    - network: oob
+      address: {{server.oob}}
+  metadata:
+    rack: rack01
+    tags:
+      - 'masters'
+{% endfor %}
+...
+
diff --git a/templates/aic-clcp-manifests/networks/common-addresses.j2 b/templates/aic-clcp-manifests/networks/common-addresses.j2
new file mode 100644 (file)
index 0000000..2f00c5f
--- /dev/null
@@ -0,0 +1,97 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: pegleg/CommonAddresses/v1
+metadata:
+  schema: metadata/Document/v1
+  name: common-addresses
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  calico:
+    ip_autodetection_method: interface={{yaml.networks.ksn.interface}}
+    etcd:
+      service_ip: 10.96.232.136
+
+  dns:
+    cluster_domain: cluster.local
+    service_ip: 10.96.0.10
+    upstream_servers:
+      - 135.37.9.16
+      - 135.38.244.16
+      - 135.188.34.84
+    upstream_servers_joined: 135.37.9.16,135.38.244.16,135.53.34.84
+
+  genesis:
+    hostname: {{yaml.genesis.name}}
+    ip: {{yaml.genesis.ksn}}
+
+  bootstrap:
+    ip: {{yaml.genesis.pxe}}
+
+  kubernetes:
+    api_service_ip: {{yaml.kubernetes.api_service_ip}}
+    etcd_service_ip: {{yaml.kubernetes.etcd_service_ip}}
+    pod_cidr: {{yaml.kubernetes.pod_cidr}}
+    service_cidr: {{yaml.kubernetes.service_cidr}}
+    apiserver_port: 6443
+    haproxy_port: 6553
+    service_node_port_range: 30000-35357
+
+  etcd:
+    container_port: 2379
+    haproxy_port: 2378
+
+  masters:
+{% for master in yaml.masters %}
+    - hostname: {{master.name}}
+{% endfor %}
+
+  workers:
+{% for worker in yaml.workers %}
+    - hostname: {{worker.name}}
+{% endfor %}
+
+  proxy:
+    http: http://one.proxy.att.com:8080
+    https: http://one.proxy.att.com:8080
+    no_proxy: '{{yaml.kubernetes.api_service_ip}},*.cluster.local,{{yaml.genesis.host}}{%for server in yaml.servers%},{{server.host}}{% endfor %}'
+
+  node_ports:
+    drydock_api: 30000
+    maas_api: 30001
+    maas_proxy: 31800  # hardcoded in maas
+    shipyard_api: 30003
+    airflow_web: 30004
+
+  ntp:
+    servers_joined: '135.25.154.100'
+
+  storage:
+    ceph:
+      public_cidr: '{{yaml.networks.storage.cidr}}'
+      cluster_cidr: '{{yaml.networks.storage.cidr}}'
+
+  neutron:
+    tunnel_device: '{{yaml.networks.neutron.interface}}'
+    external_iface: '{{yaml.networks.neutron.interface}}'
+
+  openvswitch:
+    external_iface: '{{yaml.networks.neutron.interface}}'
+...
diff --git a/templates/aic-clcp-manifests/networks/physical/rack.j2 b/templates/aic-clcp-manifests/networks/physical/rack.j2
new file mode 100644 (file)
index 0000000..86cb116
--- /dev/null
@@ -0,0 +1,216 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: 'drydock/NetworkLink/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: oob
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  labels:
+    noconfig: enabled
+  bonding:
+    mode: disabled
+  mtu: 1500
+  linkspeed: auto
+  trunking:
+    mode: disabled
+    default_network: oob
+  allowed_networks:
+    - oob
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: oob
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  cidr: {{yaml.networks.oob.cidr}}
+  routes:
+  - subnet: '0.0.0.0/0'
+    gateway: {{yaml.networks.oob.routes.gateway}}
+    metric: 100
+  ranges:
+  - type: static
+    start: {{yaml.networks.oob.ranges.static.start}}
+    end: {{yaml.networks.oob.ranges.static.end}}
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: pxe
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  bonding:
+    mode: disabled
+  mtu: 9000
+  linkspeed: auto
+  trunking:
+    mode: disabled
+    default_network: pxe
+  allowed_networks:
+    - pxe
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: pxe
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  routedomain: provisioning
+  cidr: {{yaml.networks.pxe.cidr}}
+  ranges:
+  - type: reserved
+    start: {{yaml.networks.pxe.ranges.reserved.start}}
+    end: {{yaml.networks.pxe.ranges.reserved.end}}
+  - type: static
+    start: {{yaml.networks.pxe.ranges.static.start}}
+    end: {{yaml.networks.pxe.ranges.static.end}}
+  - type: dhcp
+    start: {{yaml.networks.pxe.ranges.dhcp.start}}
+    end: {{yaml.networks.pxe.ranges.dhcp.end}}
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: bond0
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  bonding:
+{% if yaml.networks.bonded %}
+    mode: 802.3ad
+    hash: layer3+4
+    peer_rate: fast
+    mon_rate: 100
+    up_delay: 1000
+    down_delay: 3000
+{% else %}
+    mode: disabled
+{% endif %}
+  mtu: 9000
+  linkspeed: auto
+  trunking:
+    mode: 802.1q
+  allowed_networks:
+    - oam
+    - storage
+    - overlay
+    - ksn
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: oam
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  vlan: '{{yaml.networks.host.vlan}}'
+  cidr: {{yaml.networks.host.cidr}}
+  routes:
+  - subnet: '0.0.0.0/0'
+    gateway: {{yaml.networks.host.routes.gateway}}
+    metric: 100
+  ranges:
+  - type: reserved
+    start: {{yaml.networks.host.ranges.reserved.start}}
+    end: {{yaml.networks.host.ranges.reserved.end}}
+  - type: static
+    start: {{yaml.networks.host.ranges.static.start}}
+    end: {{yaml.networks.host.ranges.static.end}}
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: storage
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  vlan: '{{yaml.networks.storage.vlan}}'
+  mtu: 9000
+  cidr: {{yaml.networks.storage.cidr}}
+  ranges:
+  - type: reserved
+    start: {{yaml.networks.storage.ranges.reserved.start}}
+    end: {{yaml.networks.storage.ranges.reserved.end}}
+  - type: static
+    start: {{yaml.networks.storage.ranges.static.start}}
+    end: {{yaml.networks.storage.ranges.static.end}}
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: ksn
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  vlan: '44'
+  mtu: 9000
+  cidr: {{yaml.networks.ksn.cidr}}
+  ranges:
+  - type: static
+    start: {{yaml.networks.ksn.ranges.static.start}}
+    end: {{yaml.networks.ksn.ranges.static.end}}
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: overlay
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  vlan: '{{yaml.networks.neutron.vlan}}'
+  mtu: 9000
+  cidr: {{yaml.networks.neutron.cidr}}
+  ranges:
+  - type: reserved
+    start: {{yaml.networks.neutron.ranges.reserved.start}}
+    end: {{yaml.networks.neutron.ranges.reserved.end}}
+  - type: static
+    start: {{yaml.networks.neutron.ranges.static.start}}
+    end: {{yaml.networks.neutron.ranges.static.end}}
+...
diff --git a/templates/aic-clcp-manifests/pki/pki-catalog.j2 b/templates/aic-clcp-manifests/pki/pki-catalog.j2
new file mode 100644 (file)
index 0000000..b6dd258
--- /dev/null
@@ -0,0 +1,223 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: promenade/PKICatalog/v1
+metadata:
+  schema: metadata/Document/v1
+  name: cluster-certificates
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  certificate_authorities:
+    kubernetes:
+      description: CA for Kubernetes components
+      certificates:
+        - document_name: apiserver
+          description: Service certificate for Kubernetes apiserver
+          common_name: apiserver
+          hosts:
+            - localhost
+            - 127.0.0.1
+            - {{yaml.kubernetes.api_service_ip}}
+          kubernetes_service_names:
+            - kubernetes.default.svc.cluster.local
+        - document_name: kubelet-genesis
+          common_name: system:node:{{yaml.genesis.name}}
+          hosts:
+            - {{yaml.genesis.name}}
+            - {{yaml.genesis.host}}
+            - {{yaml.genesis.ksn}}
+            - {{yaml.genesis.storage}}
+          groups:
+            - system:nodes
+        - document_name: kubelet-{{yaml.genesis.name}}
+          common_name: system:node:{{yaml.genesis.name}}
+          hosts:
+            - {{yaml.genesis.name}}
+            - {{yaml.genesis.host}}
+            - {{yaml.genesis.ksn}}
+            - {{yaml.genesis.storage}}
+          groups:
+            - system:nodes
+{% for server in yaml.servers %}
+        - document_name: kubelet-{{ server.name }}
+          common_name: system:node:{{ server.name }}
+          hosts:
+            - {{server.name}}
+            - {{server.host}}
+            - {{server.ksn}}
+            - {{server.storage}}
+          groups:
+            - system:nodes
+{% endfor %}
+        - document_name: scheduler
+          description: Service certificate for Kubernetes scheduler
+          common_name: system:kube-scheduler
+        - document_name: controller-manager
+          description: certificate for controller-manager
+          common_name: system:kube-controller-manager
+        - document_name: admin
+          common_name: admin
+          groups:
+            - system:masters
+        - document_name: armada
+          common_name: armada
+          groups:
+            - system:masters
+    kubernetes-etcd:
+      description: Certificates for Kubernetes's etcd servers
+      certificates:
+        - document_name: apiserver-etcd
+          description: etcd client certificate for use by Kubernetes apiserver
+          common_name: apiserver
+          # NOTE(mark-burnett): hosts not required for client certificates
+        - document_name: kubernetes-etcd-anchor
+          description: anchor
+          common_name: anchor
+        - document_name: kubernetes-etcd-genesis
+          common_name: kubernetes-etcd-genesis
+          hosts:
+            - {{yaml.genesis.name}}
+            - {{yaml.genesis.host}}
+            - {{yaml.genesis.ksn}}
+            - {{yaml.genesis.storage}}
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - {{yaml.kubernetes.etcd_service_ip}}
+        - document_name: kubernetes-etcd-{{yaml.genesis.name}}
+          common_name: kubernetes-etcd-{{yaml.genesis.name}}
+          hosts:
+            - {{yaml.genesis.name}}
+            - {{yaml.genesis.host}}
+            - {{yaml.genesis.ksn}}
+            - {{yaml.genesis.storage}}
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - {{yaml.kubernetes.etcd_service_ip}}
+{% for server in yaml.servers %}
+        - document_name: kubernetes-etcd-{{ server.name }}
+          common_name: kubernetes-etcd-{{ server.name }}
+          hosts:
+            - {{ server.name }}
+            - {{server.host}}
+            - {{server.ksn}}
+            - {{server.storage}}
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - {{yaml.kubernetes.etcd_service_ip}}
+{% endfor %}
+    kubernetes-etcd-peer:
+      certificates:
+        - document_name: kubernetes-etcd-genesis-peer
+          common_name: kubernetes-etcd-genesis-peer
+          hosts:
+            - {{yaml.genesis.name}}
+            - {{yaml.genesis.host}}
+            - {{yaml.genesis.ksn}}
+            - {{yaml.genesis.storage}}
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - {{yaml.kubernetes.etcd_service_ip}}
+        - document_name: kubernetes-etcd-{{yaml.genesis.name}}-peer
+          common_name: kubernetes-etcd-{{yaml.genesis.name}}-peer
+          hosts:
+            - {{yaml.genesis.name}}
+            - {{yaml.genesis.host}}
+            - {{yaml.genesis.ksn}}
+            - {{yaml.genesis.storage}}
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - {{yaml.kubernetes.etcd_service_ip}}
+{% for server in yaml.servers %}
+        - document_name: kubernetes-etcd-{{server.name}}-peer
+          common_name: kubernetes-etcd-{{server.name}}-peer
+          hosts:
+            - {{server.name}}
+            - {{server.host}}
+            - {{server.ksn}}
+            - {{server.storage}}
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - {{yaml.kubernetes.etcd_service_ip}}
+{% endfor %}
+    calico-etcd:
+      description: Certificates for Calico etcd client traffic
+      certificates:
+        - document_name: calico-etcd-anchor
+          description: anchor
+          common_name: anchor
+        - document_name: calico-etcd-{{yaml.genesis.name}}
+          common_name: calico-etcd-{{yaml.genesis.name}}
+          hosts:
+            - {{yaml.genesis.name}}
+            - {{yaml.genesis.host}}
+            - {{yaml.genesis.ksn}}
+            - {{yaml.genesis.storage}}
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+{% for server in yaml.servers %}
+        - document_name: calico-etcd-{{server.name}}
+          common_name: calico-etcd-{{server.name}}
+          hosts:
+            - {{server.name}}
+            - {{server.host}}
+            - {{server.ksn}}
+            - {{server.storage}}
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+{% endfor %}
+        - document_name: calico-node
+          common_name: calcico-node
+    calico-etcd-peer:
+      description: Certificates for Calico etcd clients
+      certificates:
+        - document_name: calico-etcd-{{yaml.genesis.name}}-peer
+          common_name: calico-etcd-{{yaml.genesis.name}}-peer
+          hosts:
+            - {{yaml.genesis.name}}
+            - {{yaml.genesis.host}}
+            - {{yaml.genesis.ksn}}
+            - {{yaml.genesis.storage}}
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+{% for server in yaml.servers %}
+        - document_name: calico-etcd-{{server.name}}-peer
+          common_name: calico-etcd-{{server.name}}-peer
+          hosts:
+            - {{server.name}}
+            - {{server.host}}
+            - {{server.ksn}}
+            - {{server.storage}}
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+{% endfor %}
+  keypairs:
+    - name: service-account
+      description: Service account signing key for use by Kubernetes controller-manager.
+...
diff --git a/templates/aic-clcp-manifests/profiles/hardware/generic.j2 b/templates/aic-clcp-manifests/profiles/hardware/generic.j2
new file mode 100644 (file)
index 0000000..1317f4a
--- /dev/null
@@ -0,0 +1,35 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: 'drydock/HardwareProfile/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: DELL_HP_Generic
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  vendor: {{yaml.hardware.vendor}}
+  generation: '{{yaml.hardware.generation}}'
+  hw_version: '{{yaml.hardware.hw_version}}'
+  bios_version: '{{yaml.hardware.bios_version}}'
+  boot_mode: bios
+  bootstrap_protocol: pxe
+  pxe_interface: 0
+  device_aliases: {}
+...
diff --git a/templates/aic-clcp-manifests/profiles/host/mycontrolplane_hp.j2 b/templates/aic-clcp-manifests/profiles/host/mycontrolplane_hp.j2
new file mode 100644 (file)
index 0000000..822e2b4
--- /dev/null
@@ -0,0 +1,141 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: drydock/HostProfile/v1
+metadata:
+  schema: metadata/Document/v1
+  name: MyControlPlane_HP
+  storagePolicy: cleartext
+  labels:
+    hosttype: MyControlPlane_HP
+  layeringDefinition:
+    abstract: false
+    layer: site
+  substitutions:
+    - dest:
+        path: .oob.credential
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ipmi_admin_password
+        path: .
+data:
+  oob:
+    type: 'ipmi'
+    network: 'oob'
+    account: 'administrator'
+  primary_network: 'oam'
+  hardware_profile: DELL_HP_Generic
+  interfaces:
+    pxe:
+      device_link: pxe
+      slaves:
+        - 'eno1'
+      networks:
+        - 'pxe'
+    bond0:
+      device_link: bond0
+      slaves:
+{% for slave in yaml.networks.slaves %}
+        - '{{ slave.name }}'
+{% endfor %}
+      networks:
+        - 'oam'
+        - 'storage'
+        - 'overlay'
+        - 'ksn'
+  storage:
+    physical_devices:
+{% for disk in yaml.disks %}
+      {{disk.name}}:
+      {% if disk.labels %}
+        labels:
+        {% for key, value in disk.labels.items() %}
+          {{key}}: '{{value}}'
+        {% endfor %}
+      {% endif %}
+        partitions:
+       {% for p in disk.partitions %}
+          - name: '{{p.name}}'
+            size: '{{p.size}}'
+            filesystem:
+              mountpoint: '{{p.mountpoint}}'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+      {% endfor %}
+{% endfor %}
+  platform:
+    image: 'xenial'
+    kernel: 'hwe-16.04'
+    kernel_params:
+      console: 'ttyS1,115200n8'
+  metadata:
+    owner_data:
+      control-plane: enabled
+      ucp-control-plane: enabled
+      openstack-control-plane: enabled
+      openstack-heat: enabled
+      openstack-keystone: enabled
+      openstack-rabbitmq: enabled
+      openstack-dns-helper: enabled
+      openstack-mariadb: enabled
+      openstack-nova-control: enabled
+      openstack-etcd: enabled
+      openstack-mistral: enabled
+      openstack-memcached: enabled
+      openstack-glance: enabled
+      openstack-horizon: enabled
+      openstack-cinder-control: enabled
+      openstack-cinder-volume: control
+      openstack-neutron: enabled
+      openvswitch: enabled
+      sriov: enabled
+      ucp-barbican: enabled
+      ceph-bootstrap: enabled
+      ceph-mon: enabled
+      ceph-osd: enabled
+      ceph-mds: enabled
+      ceph-rgw: enabled
+      ucp-maas: enabled
+      kube-dns: enabled
+      kubernetes-apiserver: enabled
+      kubernetes-controller-manager: enabled
+      kubernetes-etcd: enabled
+      kubernetes-scheduler: enabled
+      tiller-helm: enabled
+      kube-etcd: enabled
+      calico-policy: enabled
+      calico-node: enabled
+      calico-etcd: enabled
+      ucp-armada: enabled
+      ucp-drydock: enabled
+      ucp-deckhand: enabled
+      ucp-shipyard: enabled
+      IAM: enabled
+      ucp-promenade: enabled
+      prometheus-server: enabled
+      prometheus-client: enabled
+      fluentd: enabled
+      influxdb: enabled
+      kibana: enabled
+      elasticsearch-client: enabled
+      elasticsearch-master: enabled
+      elasticsearch-data: enabled
+      postgresql: enabled
+      kube-ingress: enabled
+      sriov: enabled
+      beta.kubernetes.io/fluentd-ds-ready: 'true'
+...
diff --git a/templates/aic-clcp-manifests/profiles/region.j2 b/templates/aic-clcp-manifests/profiles/region.j2
new file mode 100644 (file)
index 0000000..7b9767b
--- /dev/null
@@ -0,0 +1,37 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: 'drydock/Region/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: {{yaml.site_name}}
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+  substitutions:
+    - dest:
+        path: .authorized_keys[0]
+      src:
+        schema: deckhand/PublicKey/v1
+        name: localadmin_ssh_public_key
+        path: .
+data:
+  tag_definitions: []
+  authorized_keys: []
+...
+
diff --git a/templates/aic-clcp-manifests/secrets/passphrases/ipmi_admin_password.j2 b/templates/aic-clcp-manifests/secrets/passphrases/ipmi_admin_password.j2
new file mode 100644 (file)
index 0000000..9a3aa97
--- /dev/null
@@ -0,0 +1,27 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ipmi_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: {{yaml.ipmi_admin_password}}
+...
diff --git a/templates/aic-clcp-manifests/secrets/publickey/localadmin_ssh_public_key.j2 b/templates/aic-clcp-manifests/secrets/publickey/localadmin_ssh_public_key.j2
new file mode 100644 (file)
index 0000000..e13be2e
--- /dev/null
@@ -0,0 +1,27 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: deckhand/PublicKey/v1
+metadata:
+  schema: metadata/Document/v1
+  name: localadmin_ssh_public_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: {{yaml.genesis_ssh_public_key}}
+...
diff --git a/templates/aic-clcp-manifests/site-definition.j2 b/templates/aic-clcp-manifests/site-definition.j2
new file mode 100644 (file)
index 0000000..017202c
--- /dev/null
@@ -0,0 +1,28 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+data:
+    revision: v4.0
+    site_type: 5ec
+metadata:
+  layeringDefinition: {abstract: false, layer: site}
+  name: {{yaml.site_name}}
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: pegleg/SiteDefinition/v1
+...
+
diff --git a/templates/aic-clcp-manifests/software/charts/kubernetes/container-networking/calico.j2 b/templates/aic-clcp-manifests/software/charts/kubernetes/container-networking/calico.j2
new file mode 100644 (file)
index 0000000..485d487
--- /dev/null
@@ -0,0 +1,163 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-calico
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+        name: kubernetes-calico-global
+    actions:
+        - method: delete
+          path: .values.calico
+        - method: delete
+          path: .values.etcd
+        - method: merge
+          path: .
+  storagePolicy: cleartext
+  substitutions:
+    # IP addresses
+    -
+      src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .calico.etcd.service_ip
+      dest:
+        path: .values.endpoints.etcd.host_fqdn_override.default
+    -
+      src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .kubernetes.pod_cidr
+      dest:
+        path: .values.networking.podSubnet
+    -
+      src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .kubernetes.api_service_ip
+      dest:
+        path: .values.conf.policy_controller.K8S_API
+        pattern: SUB_KUBERNETES_IP
+
+    # Other site-specific configuration
+    -
+      src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .calico.ip_autodetection_method
+      dest:
+        path: .values.conf.node.IP_AUTODETECTION_METHOD
+
+    # Certificates
+    -
+      src:
+        schema: deckhand/CertificateAuthority/v1
+        name: calico-etcd
+        path: .
+      dest:
+        path: .values.endpoints.etcd.auth.client.tls.ca
+    -
+      src:
+        schema: deckhand/Certificate/v1
+        name: calico-node
+        path: .
+      dest:
+        path: .values.endpoints.etcd.auth.client.tls.crt
+    -
+      src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-node
+        path: .
+      dest:
+        path: .values.endpoints.etcd.auth.client.tls.key
+data:
+  chart_name: calico
+  release: calico
+  namespace: kube-system
+  timeout: 600
+  upgrade:
+    no_hooks: true
+  values:
+    conf:
+      cni_network_config:
+        name: k8s-pod-network
+        cniVersion: 0.1.0
+        type: calico
+        etcd_endpoints: __ETCD_ENDPOINTS__
+        etcd_ca_cert_file: /etc/calico/pki/ca
+        etcd_cert_file: /etc/calico/pki/crt
+        etcd_key_file: /etc/calico/pki/key
+        log_level: info
+        mtu: 1500
+        ipam:
+          type: calico-ipam
+        policy:
+          type: k8s
+          k8s_api_root: https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__
+          k8s_auth_token: __SERVICEACCOUNT_TOKEN__
+
+      policy_controller:
+        K8S_API: "https://SUB_KUBERNETES_IP:443"
+
+      node:
+        CALICO_STARTUP_LOGLEVEL: INFO
+        CLUSTER_TYPE:
+          - k8s
+          - bgp
+        WAIT_FOR_STORAGE: "true"
+
+    endpoints:
+      etcd:
+        hosts:
+          default: calico-etcd
+        scheme:
+          default: https
+
+    networking:
+      mtu: 1500
+      settings:
+        mesh: "off"
+        ippool:
+          ipip:
+            enabled: "false"
+            mode: "cross-subnet"
+      bgp:
+        asnumber: {{yaml.networks.ksn.local_asnumber}}
+        ipv4:
+          additional_cidrs:
+{% for add_cidr in yaml.networks.ksn.additional_cidrs %}
+            -  {{add_cidr}}
+{% endfor %}
+          peers:
+{% for peer in yaml.networks.ksn.peers %}
+            - apiVersion: v1
+              kind: bgpPeer
+              metadata:
+                peerIP: {{peer.ip}}
+                scope: {{peer.scope}}
+              spec:
+                asnumber: {{peer.asnumber}}
+{% endfor %}
+    manifests:
+      daemonset_calico_etcd: false
+      job_image_repo_sync: false
+      service_calico_etcd: false
+...
diff --git a/templates/aic-clcp-manifests/software/charts/kubernetes/container-networking/etcd.j2 b/templates/aic-clcp-manifests/software/charts/kubernetes/container-networking/etcd.j2
new file mode 100644 (file)
index 0000000..91f502d
--- /dev/null
@@ -0,0 +1,158 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-calico-etcd
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+        name: kubernetes-calico-etcd-global
+    actions:
+        - method: merge
+          path: .
+  storagePolicy: cleartext
+  substitutions:
+    # Node names
+{% set count = [0] %}
+{% for server in yaml.masters %}
+    -
+      src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[{{count[0]}}].hostname
+      dest:
+        path: .values.nodes[{{count[0]}}].name
+      {% if count.append(count.pop() + 1) %}{% endif %}
+{% endfor %}
+{% for server in yaml.workers %}
+    -
+      src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[{{count[0]}}].hostname
+      dest:
+        path: .values.nodes[{{count[0]}}].name
+      {% if count.append(count.pop() + 1) %}{% endif %}
+{% endfor %}
+    -
+      src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .genesis.hostname
+      dest:
+        path: .values.nodes[{{count[0]}}].name
+{% set count = [0] %}
+{% for server in yaml.masters %}
+   # Server certs
+    -
+      src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-{{server.name}}
+        path: .
+      dest:
+        path: .values.nodes[{{count[0]}}].tls.client.cert
+    -
+      src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-{{server.name}}
+        path: .
+      dest:
+        path: .values.nodes[{{count[0]}}].tls.client.key
+    -
+      src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-{{server.name}}-peer
+        path: .
+      dest:
+        path: .values.nodes[{{count[0]}}].tls.peer.cert
+    -
+      src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-{{server.name}}-peer
+        path: .
+      dest:
+        path: .values.nodes[{{count[0]}}].tls.peer.key
+        {% if count.append(count.pop() + 1) %}{% endif %}
+{% endfor %}
+{% for server in yaml.workers %}
+   # Server certs
+    -
+      src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-{{server.name}}
+        path: .
+      dest:
+        path: .values.nodes[{{count[0]}}].tls.client.cert
+    -
+      src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-{{server.name}}
+        path: .
+      dest:
+        path: .values.nodes[{{count[0]}}].tls.client.key
+    -
+      src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-{{server.name}}-peer
+        path: .
+      dest:
+        path: .values.nodes[{{count[0]}}].tls.peer.cert
+    -
+      src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-{{server.name}}-peer
+        path: .
+      dest:
+        path: .values.nodes[{{count[0]}}].tls.peer.key
+        {% if count.append(count.pop() + 1) %}{% endif %}
+{% endfor %}
+
+    # NOTE(mb874d): Be sure we generate these certs for genesis.
+    -
+      src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-{{yaml.genesis.name}}
+        path: .
+      dest:
+        path: .values.nodes[{{count[0]}}].tls.client.cert
+    -
+      src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-{{yaml.genesis.name}}
+        path: .
+      dest:
+        path: .values.nodes[{{count[0]}}].tls.client.key
+    -
+      src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-{{yaml.genesis.name}}-peer
+        path: .
+      dest:
+        path: .values.nodes[{{count[0]}}].tls.peer.cert
+    -
+      src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-{{yaml.genesis.name}}-peer
+        path: .
+      dest:
+        path: .values.nodes[{{count[0]}}].tls.peer.key
+
+data: {}
+...
diff --git a/templates/aic-clcp-manifests/software/charts/kubernetes/etcd/etcd.j2 b/templates/aic-clcp-manifests/software/charts/kubernetes/etcd/etcd.j2
new file mode 100644 (file)
index 0000000..ad31545
--- /dev/null
@@ -0,0 +1,144 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-etcd
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: kubernetes-etcd-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+  substitutions:
+    # Node names
+{% set count = [0] %}
+{% for server in yaml.masters %}
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[{{count[0]}}].hostname
+      dest:
+        path: .values.nodes[{{count[0]}}].name
+      {% if count.append(count.pop() + 1) %}{% endif %}
+{% endfor %}
+{% for server in yaml.workers %}
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[{{count[0]}}].hostname
+      dest:
+        path: .values.nodes[{{count[0]}}].name
+      {% if count.append(count.pop() + 1) %}{% endif %}
+{% endfor %}
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .genesis.hostname
+      dest:
+        path: .values.nodes[{{count[0]}}].name
+
+    # Server certs
+{% set count = [0] %}
+{% for server in yaml.masters %}
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-{{server.name}}
+        path: .
+      dest:
+        path: .values.nodes[{{count[0]}}].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-{{server.name}}
+        path: .
+      dest:
+        path: .values.nodes[{{count[0]}}].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-{{server.name}}-peer
+        path: .
+      dest:
+        path: .values.nodes[{{count[0]}}].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-{{server.name}}-peer
+        path: .
+      dest:
+        path: .values.nodes[{{count[0]}}].tls.peer.key
+      {% if count.append(count.pop() + 1) %}{% endif %}
+{% endfor %}
+{% for server in yaml.workers %}
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-{{server.name}}
+        path: .
+      dest:
+        path: .values.nodes[{{count[0]}}].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-{{server.name}}
+        path: .
+      dest:
+        path: .values.nodes[{{count[0]}}].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-{{server.name}}-peer
+        path: .
+      dest:
+        path: .values.nodes[{{count[0]}}].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-{{server.name}}-peer
+        path: .
+      dest:
+        path: .values.nodes[{{count[0]}}].tls.peer.key
+      {% if count.append(count.pop() + 1) %}{% endif %}
+{% endfor %}
+
+    # Genesis node
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-genesis
+        path: .
+      dest:
+        path: .values.nodes[{{count[0]}}].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-genesis
+        path: .
+      dest:
+        path: .values.nodes[{{count[0]}}].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-genesis-peer
+        path: .
+      dest:
+        path: .values.nodes[{{count[0]}}].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-genesis-peer
+        path: $
+      dest:
+        path: .values.nodes[{{count[0]}}].tls.peer.key
+
+data: {}
+
+...
diff --git a/templates/aic-clcp-manifests/software/charts/kubernetes/ingress/ingress.j2 b/templates/aic-clcp-manifests/software/charts/kubernetes/ingress/ingress.j2
new file mode 100644 (file)
index 0000000..dfe50d1
--- /dev/null
@@ -0,0 +1,38 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ingress-kube-system
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      ingress: kube-system
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    network:
+      vip:
+        manage: true
+        interface: ingress0
+        addr: {{yaml.networks.ksn.ingress_cidr}}
+...
diff --git a/templates/aic-clcp-manifests/software/charts/osh/openstack-compute-kit/neutron.j2 b/templates/aic-clcp-manifests/software/charts/osh/openstack-compute-kit/neutron.j2
new file mode 100644 (file)
index 0000000..8a8d913
--- /dev/null
@@ -0,0 +1,66 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: neutron
+  labels:
+    component: neutron
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: neutron-5ec
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    network:
+      auto_bridge_add:
+        br-bond0: bond0
+      interface:
+        sriov:
+{% for sriovnet in yaml.sriovnets %}
+          - device: {{sriovnet.interface}}
+            num_vfs: 32
+            promisc: false
+{% endfor %}
+    conf:
+      plugins:
+        openvswitch_agent:
+          ovs:
+            bridge_mappings: oam:br-bond0
+        sriov_agent:
+          sriov_nic:
+            physical_device_mappings: ' 
+{%- for sriovnet in yaml.sriovnets -%}
+{%- if loop.index > 1 -%}
+,
+{%- endif -%}
+{{sriovnet.physical}}:{{sriovnet.interface}}
+{%- endfor %}'
+        ml2_conf:
+          ml2_type_vlan:
+            network_vlan_ranges: oam:100:4000
+{%- for sriovnet in yaml.sriovnets -%}
+,{{sriovnet.physical}}:{{sriovnet.vlan_start}}:{{sriovnet.vlan_end}}
+{%- endfor %}
+
+...
diff --git a/templates/aic-clcp-manifests/software/charts/osh/openstack-compute-kit/nova.j2 b/templates/aic-clcp-manifests/software/charts/osh/openstack-compute-kit/nova.j2
new file mode 100644 (file)
index 0000000..5555db4
--- /dev/null
@@ -0,0 +1,55 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: nova
+  labels:
+    component: nova
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: nova-5ec
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    conf:
+      nova:
+        libvirt:
+          virt_type: kvm
+        DEFAULT:
+          vcpu_pin_set: "4-23,28-47"
+        pci:
+          alias: '{"name": "numa0", "capability_type": "pci", "product_id": "154c", "vendor_id": "8086", "device_type": "type-PCI", "numa_policy": "required"}'
+          passthrough_whitelist: |
+            [
+{%- for sriov in yaml.sriovnets -%}
+  {%set sriovloop = loop%}
+  {%- for whitelist in sriov.whitelists -%}
+    {%- if sriovloop.index > 1 or loop.index > 1 -%}
+    ,
+    {%- endif -%}
+  {"address": "{{whitelist.address}}", "physical_network": "{{sriov.physical}}", "trusted": "true"}
+  {%- endfor -%}
+{%- endfor -%}
+]
+...
diff --git a/templates/aic-clcp-manifests/software/charts/ucp/ceph/ceph-update.j2 b/templates/aic-clcp-manifests/software/charts/ucp/ceph/ceph-update.j2
new file mode 100644 (file)
index 0000000..c7bcb47
--- /dev/null
@@ -0,0 +1,65 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-ceph-update
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-ceph-global
+    actions:
+      - method: replace
+        path: .values.conf.storage.osd
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    conf:
+      storage:
+        osd:
+{% for osd in yaml.storage.osds %}
+          - data:
+              type: block-logical
+              location: {{osd.data}}
+            journal:
+              type: directory
+              location: {{osd.journal}}
+{% endfor %}
+      pool:
+        target:
+          osd: {{yaml.storage.osd_count}}
+        default:
+          crush_rule: replicated_rule
+...
+---
+schema: armada/ChartGroup/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-ceph-update
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  description: Ceph post intall update
+  chart_group:
+    - ucp-ceph-update
+...
diff --git a/templates/aic-clcp-manifests/software/charts/ucp/ceph/ceph.j2 b/templates/aic-clcp-manifests/software/charts/ucp/ceph/ceph.j2
new file mode 100644 (file)
index 0000000..3fb985c
--- /dev/null
@@ -0,0 +1,50 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-ceph
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-ceph-global
+    actions:
+      - method: replace
+        path: .values.conf.storage.osd
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    conf:
+      storage:
+        osd:
+{% for osd in yaml.storage.osds %}
+          - data:
+              type: block-logical
+              location: {{osd.data}}
+            journal:
+              type: directory
+              location: {{osd.journal}}
+{% endfor %}
+      pool:
+        target:
+          osd: {{yaml.storage.osd_count}}
+...
+
diff --git a/templates/aic-clcp-manifests/software/charts/ucp/ceph/promenade/promenade.j2 b/templates/aic-clcp-manifests/software/charts/ucp/ceph/promenade/promenade.j2
new file mode 100644 (file)
index 0000000..743fc84
--- /dev/null
@@ -0,0 +1,48 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-promenade
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-promenade-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    pod:
+      env:
+        promenade_api:
+         - name: http_proxy
+           value: http://one.proxy.att.com:8888
+         - name: https_proxy
+           value: http://one.proxy.att.com:8888
+         - name: no_proxy
+           value: {{yaml.genesis.pxe}},{{yaml.kubernetes.api_service_ip}},.cluster.local
+         - name: HTTP_PROXY
+           value: http://one.proxy.att.com:8888
+         - name: HTTPS_PROXY
+           value: http://one.proxy.att.com:8888
+         - name: NO_PROXY
+           value: {{yaml.genesis.pxe}},{{yaml.kubernetes.api_service_ip}},.cluster.local
+...
diff --git a/templates/aic-clcp-security-manifests/secrets/passphrases/ipmi_admin_password.j2 b/templates/aic-clcp-security-manifests/secrets/passphrases/ipmi_admin_password.j2
new file mode 100644 (file)
index 0000000..9a3aa97
--- /dev/null
@@ -0,0 +1,27 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ipmi_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: {{yaml.ipmi_admin_password}}
+...
diff --git a/templates/aic-clcp-security-manifests/site-definition.j2 b/templates/aic-clcp-security-manifests/site-definition.j2
new file mode 100644 (file)
index 0000000..92c7e87
--- /dev/null
@@ -0,0 +1,27 @@
+---
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+data:
+    revision: v4.0
+    site_type: 5ec
+metadata:
+  layeringDefinition: {abstract: false, layer: site}
+  name: {{yaml.site_name}}
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: pegleg/SiteDefinition/v1
+...
diff --git a/templates/yaml_builds/set_site_env.sh b/templates/yaml_builds/set_site_env.sh
new file mode 100644 (file)
index 0000000..b420961
--- /dev/null
@@ -0,0 +1,24 @@
+#!/bin/bash
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+
+export GENESIS_HOST={{yaml.genesis.host}}
+echo GENESIS_HOST=$GENESIS_HOST
+export GENESIS_PXE={{yaml.genesis.pxe}}
+echo GENESIS_PXE=$GENESIS_PXE
+export REGIONAL_SERVER_IP={{yaml.regional_server.ip}}
+echo REGIONAL_SERVER_IP=$REGIONAL_SERVER_IP
diff --git a/tools/0cleanup.sh b/tools/0cleanup.sh
new file mode 100755 (executable)
index 0000000..9328901
--- /dev/null
@@ -0,0 +1,99 @@
+#!/usr/bin/env bash
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+
+read -p "Are you sure you wish to continue? (y/n)" REPLY
+if [ "$REPLY" != "y" ]; then
+   echo "Good Bye"
+   exit
+fi
+
+set -x
+
+# Check that we are root
+if [[ $(whoami) != "root" ]]
+then
+  echo "Must be root to run $0"
+  exit -1
+fi
+
+export KUBECONFIG=/etc/kubernetes/admin/kubeconfig.yaml
+
+kubectl drain --delete-local-data --force $(hostname)
+systemctl stop kubelet
+df -lh | awk '{ print $6 }' | grep -i kubelet | xargs -I {} umount -f -l {}
+df -lh | awk '{ print $6 }' | grep -i docker | grep -v "/var/lib" | xargs -I {} umount -f -l {}
+umount -f -l /run/user/0
+mount -a
+docker rm -fv $(docker ps -aq)
+
+#systemctl stop docker
+apt-get remove --autoremove --purge -y docker-engine=1.13.1-0~ubuntu-xenial socat=1.7.3.1-1
+#Docker
+rm -rf /dev/docker-data
+rm -rf /var/lib/docker/*
+rm -rf /etc/docker
+rm -rf /etc/systemd/system/docker.service.d
+rm -rf /var/lib/dockershim
+
+#Ceph
+rm -rf /var/lib/openstack-helm
+rm -rf /var/lib/ceph
+dd if=/dev/zero of=/dev/sdb  bs=512  count=1 conv=notrunc
+dd if=/dev/zero of=/dev/sdc  bs=512  count=1 conv=notrunc
+rm -rf /var/lib/openstack-helm/ceph/journal0/*
+rm -rf /var/lib/openstack-helm/ceph/journal1/*
+
+#Kubernetes
+rm -rf /etc/kubernetes
+rm -rf /usr/local/bin/kubectl
+rm -rf /usr/local/bin/kubelet
+rm -rf /var/lib/kubelet
+rm -rf /etc/systemd/system/kubelet
+rm -rf /etc/systemd/system/kubelet.service
+
+# apt-get install creates the following directory
+rm -rf /etc/systemd/system/kubelet.service.d/
+rm -rf /var/log/pods
+rm -rf /var/log/containers
+
+#etcd
+rm -rf /var/lib/auxiliary-etcd-0
+rm -rf /var/lib/auxiliary-etcd-1
+rm -rf /var/lib/auxiliary-calico-etcd-0
+rm -rf /var/lib/auxiliary-calico-etcd-1
+rm -rf /var/lib/calico-etcd
+rm -rf /var/lib/kube-etcd
+
+#nova
+rm -rf /var/lib/nova/*
+
+#ONAP
+rm -rf /dockerdata-nfs/onap/
+rm -rf /etc/dnsmasq.d
+rm -rf /opt/cni
+rm -rf /usr/local/bin/bootstrap
+rm -rf /usr/local/bin/helm
+rm -rf /var/lib/prom.done
+
+# Remove files generated by Promenade
+rm -rf /etc/cni
+rm -rf /etc/coredns
+rm -rf /etc/etcd
+rm -rf /etc/genesis
+rm -rf /var/lib/etcd
+rm -rf /var/lib/kubelet/pods
diff --git a/tools/1prom-gen.sh b/tools/1prom-gen.sh
new file mode 100755 (executable)
index 0000000..7d3b895
--- /dev/null
@@ -0,0 +1,162 @@
+#!/bin/bash
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+
+# re-generate prom config
+
+set -x
+
+source $(dirname $0)/setenv.sh
+
+PROMENADE_IMAGE=quay.io/airshipit/promenade:master
+
+if [ -z "$AIC_CLCP_MANIFESTS" ]
+then
+  echo "Please follow https://codecloud.web.att.com/projects/ST_CCP/repos/aic-clcp-manifests/browse/docs/source/deployment_blueprint.md to clone aic-clcp-manifests. Also set AIC_CLCP_MANIFESTS to it."
+  exit -1
+else
+  WORKSPACE=$AIC_CLCP_MANIFESTS
+  echo "WORKSPACE=$WORKSPACE"
+fi
+
+if [ -z "$1" ]
+then
+  echo "Plese pass site name as command line argument"
+  exit -2
+else
+  SITE=${SITE:-$1}
+  echo "SITE=$SITE"
+fi
+
+source $(dirname $0)/env_$SITE.sh
+
+# Check that we are root
+if [[ $(whoami) != "root" ]]
+then
+  echo "Must be root to run $0"
+  exit -1
+fi
+cd $AIC_CLCP_MANIFESTS/tools/
+
+install_docker() {
+   # Configure proxy for Docker daemon
+   mkdir -p /etc/systemd/system/docker.service.d
+   mkdir -p /etc/docker
+
+cat <<EOF > /etc/apt/sources.list.d/promenade-sources.list
+deb http://apt.dockerproject.org/repo ubuntu-xenial main
+EOF
+
+#cat<<EOF > /etc/docker/daemon.json
+#{
+#  "insecure-registries": [
+#    "artifacts-aic.atlantafoundry.com"
+#  ],
+#  "live-restore": true,
+#  "storage-driver": "overlay2"
+#}
+#EOF
+
+cat<<EOF > /etc/docker/daemon.json
+{
+  "live-restore": true,
+  "storage-driver": "overlay2"
+}
+EOF
+
+#Set HTTPS Proxy Variable
+cat <<EOF > /etc/systemd/system/docker.service.d/http-proxy.conf
+[Service]
+Environment="HTTP_PROXY=http://one.proxy.att.com:8888"
+EOF
+
+#Set HTTPS Proxy Variable
+cat <<EOF > /etc/systemd/system/docker.service.d/https-proxy.conf
+[Service]
+Environment="HTTPS_PROXY=http://one.proxy.att.com:8888"
+EOF
+
+apt-key add - <<"ENDKEY"
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFWln24BEADrBl5p99uKh8+rpvqJ48u4eTtjeXAWbslJotmC/CakbNSqOb9o
+ddfzRvGVeJVERt/Q/mlvEqgnyTQy+e6oEYN2Y2kqXceUhXagThnqCoxcEJ3+KM4R
+mYdoe/BJ/J/6rHOjq7Omk24z2qB3RU1uAv57iY5VGw5p45uZB4C4pNNsBJXoCvPn
+TGAs/7IrekFZDDgVraPx/hdiwopQ8NltSfZCyu/jPpWFK28TR8yfVlzYFwibj5WK
+dHM7ZTqlA1tHIG+agyPf3Rae0jPMsHR6q+arXVwMccyOi+ULU0z8mHUJ3iEMIrpT
+X+80KaN/ZjibfsBOCjcfiJSB/acn4nxQQgNZigna32velafhQivsNREFeJpzENiG
+HOoyC6qVeOgKrRiKxzymj0FIMLru/iFF5pSWcBQB7PYlt8J0G80lAcPr6VCiN+4c
+NKv03SdvA69dCOj79PuO9IIvQsJXsSq96HB+TeEmmL+xSdpGtGdCJHHM1fDeCqkZ
+hT+RtBGQL2SEdWjxbF43oQopocT8cHvyX6Zaltn0svoGs+wX3Z/H6/8P5anog43U
+65c0A+64Jj00rNDr8j31izhtQMRo892kGeQAaaxg4Pz6HnS7hRC+cOMHUU4HA7iM
+zHrouAdYeTZeZEQOA7SxtCME9ZnGwe2grxPXh/U/80WJGkzLFNcTKdv+rwARAQAB
+tDdEb2NrZXIgUmVsZWFzZSBUb29sIChyZWxlYXNlZG9ja2VyKSA8ZG9ja2VyQGRv
+Y2tlci5jb20+iQI4BBMBAgAiBQJVpZ9uAhsvBgsJCAcDAgYVCAIJCgsEFgIDAQIe
+AQIXgAAKCRD3YiFXLFJgnbRfEAC9Uai7Rv20QIDlDogRzd+Vebg4ahyoUdj0CH+n
+Ak40RIoq6G26u1e+sdgjpCa8jF6vrx+smpgd1HeJdmpahUX0XN3X9f9qU9oj9A4I
+1WDalRWJh+tP5WNv2ySy6AwcP9QnjuBMRTnTK27pk1sEMg9oJHK5p+ts8hlSC4Sl
+uyMKH5NMVy9c+A9yqq9NF6M6d6/ehKfBFFLG9BX+XLBATvf1ZemGVHQusCQebTGv
+0C0V9yqtdPdRWVIEhHxyNHATaVYOafTj/EF0lDxLl6zDT6trRV5n9F1VCEh4Aal8
+L5MxVPcIZVO7NHT2EkQgn8CvWjV3oKl2GopZF8V4XdJRl90U/WDv/6cmfI08GkzD
+YBHhS8ULWRFwGKobsSTyIvnbk4NtKdnTGyTJCQ8+6i52s+C54PiNgfj2ieNn6oOR
+7d+bNCcG1CdOYY+ZXVOcsjl73UYvtJrO0Rl/NpYERkZ5d/tzw4jZ6FCXgggA/Zxc
+jk6Y1ZvIm8Mt8wLRFH9Nww+FVsCtaCXJLP8DlJLASMD9rl5QS9Ku3u7ZNrr5HWXP
+HXITX660jglyshch6CWeiUATqjIAzkEQom/kEnOrvJAtkypRJ59vYQOedZ1sFVEL
+MXg2UCkD/FwojfnVtjzYaTCeGwFQeqzHmM241iuOmBYPeyTY5veF49aBJA1gEJOQ
+TvBR8Q==
+=Fm3p
+-----END PGP PUBLIC KEY BLOCK-----
+ENDKEY
+
+   apt-get update
+   apt-get install -y docker-engine=1.13.1-0~ubuntu-xenial socat=1.7.3.1-1
+   systemctl daemon-reload
+   systemctl restart docker || true
+}
+
+cleanup() {
+   rm -rf ./configs/promenade
+   rm -rf ./configs/promenade-bundle
+   mkdir -p ./configs/promenade
+   mkdir -p ./configs/promenade-bundle
+}
+
+get_site_config(){
+   ./pegleg.sh site -p /workspace collect ${SITE} -s /workspace/tools/configs/promenade
+}
+
+gen_certs() {
+   docker run --env http_proxy=$http_proxy  --env https_proxy=$https_proxy --user 0 --rm -t -w /target -v $(pwd):/target ${PROMENADE_IMAGE} promenade generate-certs -o /target/configs/promenade /target/configs/promenade/*.yaml
+}
+
+gen_bundle(){
+   docker run --env http_proxy=$http_proxy  --env https_proxy=$https_proxy --user 0 --rm -t -w /target -v $(pwd):/target ${PROMENADE_IMAGE} promenade build-all --validators -o /target/configs/promenade-bundle /target/configs/promenade/*.yaml
+}
+
+prepare_tar(){
+   rm ./promenade-bundle.tar
+   cp ./configs/promenade/*.yaml ./configs/promenade-bundle/
+   tar cvf promenade-bundle.tar ./configs/promenade-bundle/
+}
+
+#install_docker
+cleanup
+get_site_config
+gen_certs
+gen_bundle
+prepare_tar
+
diff --git a/tools/2genesis.sh b/tools/2genesis.sh
new file mode 100644 (file)
index 0000000..40e3f97
--- /dev/null
@@ -0,0 +1,43 @@
+#!/bin/bash
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+
+source $(dirname $0)/setenv.sh
+
+if [ -z "$1" ]
+then
+  echo "Plese pass site name as command line argument"
+  exit -2
+else
+  SITE=${SITE:-$1}
+  echo "SITE=$SITE"
+fi
+
+
+source $(dirname $0)/env_$SITE.sh
+
+scp $AIC_CLCP_MANIFESTS/tools/promenade-bundle.tar $GENESIS_HOST:/tmp/
+ssh $GENESIS_HOST << EOF
+  mkdir -p /opt/sitename/aic-clcp-manifests/tools
+  cp /tmp/promenade-bundle.tar /opt/sitename/aic-clcp-manifests/tools/
+  cd /opt/sitename/aic-clcp-manifests/tools/
+  tar -xmf promenade-bundle.tar
+  mkdir configs/promenade
+  cp configs/promenade-bundle/*.yaml configs/promenade/
+  bash /opt/sitename/aic-clcp-manifests/tools/configs/promenade-bundle/genesis.sh
+EOF
+
diff --git a/tools/3deploy_site.sh b/tools/3deploy_site.sh
new file mode 100644 (file)
index 0000000..7436496
--- /dev/null
@@ -0,0 +1,51 @@
+#!/bin/bash
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+
+set -x
+
+source $(dirname $0)/setenv.sh
+
+if [ -z "$1" ]
+then
+  echo "Plese pass site name as command line argument"
+  exit -2
+else
+  SITE=${SITE:-$1}
+  echo "SITE=$SITE"
+fi
+
+source $(dirname $0)/env_$SITE.sh
+
+KEYSTONE_IMAGE=$(grep "keystone_db_sync" $AIC_CLCP_MANIFESTS/global/v4.0/software/config/versions.yaml | uniq | awk '{print $2}')
+SHIPYARD_IMAGE=$(grep "shipyard_db_sync" $AIC_CLCP_MANIFESTS/global/v4.0/software/config/versions.yaml | uniq | awk '{print $2}')
+
+DRYDOCK_PASSWORD=$(grep "^data:" $AIC_CLCP_MANIFESTS/site/$SITE/secrets/passphrases/ucp_drydock_keystone_password.yaml | awk '{print $2}')
+SHIPYARD_PASSWORD=$(grep "^data:" $AIC_CLCP_MANIFESTS/site/$SITE/secrets/passphrases/ucp_shipyard_keystone_password.yaml | awk '{print $2}')
+REGION_NAME=$SITE
+
+mkdir -p $YAML_BUILDS/tools/$SITE
+cp $YAML_BUILDS/tools/deploy_site.sh $YAML_BUILDS/tools/$SITE/
+sed -i -e "s,KEYSTONE_IMAGE=,KEYSTONE_IMAGE=$KEYSTONE_IMAGE,g" $YAML_BUILDS/tools/$SITE/deploy_site.sh
+sed -i -e "s,SHIPYARD_IMAGE=,SHIPYARD_IMAGE=$SHIPYARD_IMAGE,g" $YAML_BUILDS/tools/$SITE/deploy_site.sh
+sed -i -e "s/DRYDOCK_PASSWORD=/DRYDOCK_PASSWORD=$DRYDOCK_PASSWORD/g" $YAML_BUILDS/tools/$SITE/deploy_site.sh
+sed -i -e "s/SHIPYARD_PASSWORD=/SHIPYARD_PASSWORD=$SHIPYARD_PASSWORD/g" $YAML_BUILDS/tools/$SITE/deploy_site.sh
+sed -i -e "s/REGION_NAME=/REGION_NAME=$REGION_NAME/g" $YAML_BUILDS/tools/$SITE/deploy_site.sh
+sed -i -e "s/{{yaml.genesis.host}}/$GENESIS_HOST/g" $YAML_BUILDS/tools/$SITE/deploy_site.sh
+
+scp $YAML_BUILDS/tools/$SITE/deploy_site.sh $GENESIS_HOST:/opt/sitename/aic-clcp-manifests/tools/
+ssh $GENESIS_HOST 'bash /opt/sitename/aic-clcp-manifests/tools/deploy_site.sh'
diff --git a/tools/calicoctl.sh b/tools/calicoctl.sh
new file mode 100644 (file)
index 0000000..93276ec
--- /dev/null
@@ -0,0 +1,23 @@
+#!/bin/bash
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+
+export ETCD_ENDPOINTS=https://10.96.232.136:6666
+if [ -e /etc/calico/pki/key ]; then export ETCD_KEY_FILE=/etc/calico/pki/key; fi;
+if [ -e /etc/calico/pki/crt ]; then export ETCD_CERT_FILE=/etc/calico/pki/crt; fi;
+if [ -e /etc/calico/pki/ca ]; then export ETCD_CA_CERT_FILE=/etc/calico/pki/ca; fi;
+exec /opt/cni/bin/calicoctl.bin $*
diff --git a/tools/deploy_site.sh b/tools/deploy_site.sh
new file mode 100755 (executable)
index 0000000..2db8214
--- /dev/null
@@ -0,0 +1,83 @@
+#!/bin/bash
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+
+set -x
+
+# Regional Server specific variables
+KEYSTONE_IMAGE=
+SHIPYARD_IMAGE=
+# Site specific variables
+DRYDOCK_PASSWORD=
+SHIPYARD_PASSWORD=
+REGION_NAME=
+
+
+clean_configdocs(){
+  ## clean site YAMLs from Deckhand
+  TOKEN=`sudo docker run --rm --net=host -e OS_AUTH_URL=http://keystone-api.ucp.svc.cluster.local:80/v3 -e OS_PROJECT_DOMAIN_NAME=default -e OS_USER_DOMAIN_NAME=default -e OS_PROJECT_NAME=service -e OS_REGION_NAME=RegionOne -e OS_USERNAME=drydock -e OS_PASSWORD=${DRYDOCK_PASSWORD} -e OS_IDENTITY_API_VERSION=3 ${KEYSTONE_IMAGE} openstack token issue -f value -c id`
+
+  curl -v -X DELETE -H "X-AUTH-TOKEN: $TOKEN" -H 'Content-Type: application/x-yaml' http://deckhand-int.ucp.svc.cluster.local:9000/api/v1.0/revisions
+}
+
+create_configdocs(){
+  sudo docker run -v $(pwd):/target -e 'OS_AUTH_URL=http://keystone-api.ucp.svc.cluster.local:80/v3' -e OS_PASSWORD=${SHIPYARD_PASSWORD} -e 'OS_PROJECT_DOMAIN_NAME=default' -e 'OS_PROJECT_NAME=service' -e 'OS_USERNAME=shipyard' -e 'OS_USER_DOMAIN_NAME=default' -e 'OS_IDENTITY_API_VERSION=3' --rm --net=host ${SHIPYARD_IMAGE} create configdocs ${REGION_NAME} --directory=/target/configs/promenade
+
+  sleep 5
+}
+
+renderedconfigdocs(){
+  sudo docker run -v $(pwd):/target -e 'OS_AUTH_URL=http://keystone-api.ucp.svc.cluster.local:80/v3' -e OS_PASSWORD=${SHIPYARD_PASSWORD} -e 'OS_PROJECT_DOMAIN_NAME=default' -e 'OS_PROJECT_NAME=service' -e 'OS_USERNAME=shipyard' -e 'OS_USER_DOMAIN_NAME=default' -e 'OS_IDENTITY_API_VERSION=3' --rm --net=host ${SHIPYARD_IMAGE} get renderedconfigdocs --committed > /tmp/renderedconfigdocs.yaml
+
+  sleep 5
+}
+
+commit_configdocs(){
+  sudo docker run -v $(pwd):/target -e 'OS_AUTH_URL=http://keystone-api.ucp.svc.cluster.local:80/v3' -e OS_PASSWORD=${SHIPYARD_PASSWORD} -e 'OS_PROJECT_DOMAIN_NAME=default' -e 'OS_PROJECT_NAME=service' -e 'OS_USERNAME=shipyard' -e 'OS_USER_DOMAIN_NAME=default' -e 'OS_IDENTITY_API_VERSION=3' --rm --net=host ${SHIPYARD_IMAGE} commit configdocs
+
+  sleep 5
+}
+
+deploy_site(){
+  sudo docker run -e 'OS_AUTH_URL=http://keystone-api.ucp.svc.cluster.local:80/v3' -e OS_PASSWORD=${SHIPYARD_PASSWORD} -e 'OS_PROJECT_DOMAIN_NAME=default' -e 'OS_PROJECT_NAME=service' -e 'OS_USERNAME=shipyard' -e 'OS_USER_DOMAIN_NAME=default' -e 'OS_IDENTITY_API_VERSION=3' --rm --net=host ${SHIPYARD_IMAGE} create action deploy_site
+}
+
+update_site(){
+  sudo docker run -e 'OS_AUTH_URL=http://keystone-api.ucp.svc.cluster.local:80/v3' -e OS_PASSWORD=${SHIPYARD_PASSWORD} -e 'OS_PROJECT_DOMAIN_NAME=default' -e 'OS_PROJECT_NAME=service' -e 'OS_USERNAME=shipyard' -e 'OS_USER_DOMAIN_NAME=default' -e 'OS_IDENTITY_API_VERSION=3' --rm --net=host ${SHIPYARD_IMAGE} create action update_site
+}
+
+
+getactions(){
+  sudo docker run -v $(pwd):/target -e 'OS_AUTH_URL=http://keystone-api.ucp.svc.cluster.local:80/v3' -e OS_PASSWORD=${SHIPYARD_PASSWORD} -e 'OS_PROJECT_DOMAIN_NAME=default' -e 'OS_PROJECT_NAME=service' -e 'OS_USERNAME=shipyard' -e 'OS_USER_DOMAIN_NAME=default' -e 'OS_IDENTITY_API_VERSION=3' --rm --net=host ${SHIPYARD_IMAGE} get actions
+
+  sleep 5
+}
+
+#clean_configdocs
+#create_configdocs
+#commit_configdocs
+renderedconfigdocs
+
+#deploy_site
+getactions
+#update_site
+
+##
+#"Look at.. for progress"
+#'MaaS GUI -> http://{{yaml.genesis.host}}:30001/MAAS/#/nodes'
+#'Airflow GUI -> http://{{yaml.genesis.host}}:30004/admin/taskinstance/'
+
diff --git a/tools/generate_yamls.sh b/tools/generate_yamls.sh
new file mode 100644 (file)
index 0000000..4528442
--- /dev/null
@@ -0,0 +1,46 @@
+#!/bin/bash
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+
+source $(dirname $0)/setenv.sh
+
+if [ -z "$AIC_CLCP_MANIFESTS" ]
+then
+  echo "Please follow https://codecloud.web.att.com/projects/ST_CCP/repos/aic-clcp-manifests/browse/docs/source/deployment_blueprint.md to clone aic-clcp-manifests. Also export AIC_CLCP_MANIFESTS to it."
+  exit -1
+fi
+
+if [ -z "$AIC_CLCP_SECURITY_MANIFESTS" ]
+then
+  echo "Please follow https://codecloud.web.att.com/projects/ST_CCP/repos/aic-clcp-manifests/browse/docs/source/deployment_blueprint.md to clone aic-clcp-security-manifests. Also export AIC_CLCP_SECURITY_MANIFESTS to it."
+  exit -1
+fi
+
+if [ -z "$1" ]
+then
+  echo "Plese pass site name as command line argument"
+  exit -2
+else
+  SITE=${SITE:-$1}
+  echo "SITE=$SITE"
+fi
+
+cd $YAML_BUILDS
+python ./scripts/jcopy.py $SITE.yaml ./templates/aic-clcp-manifests $AIC_CLCP_MANIFESTS/site/$SITE
+python ./scripts/jcopy.py $SITE.yaml ./templates/aic-clcp-security-manifests $AIC_CLCP_SECURITY_MANIFESTS/site/$SITE
+python ./scripts/jcopy.py $SITE.yaml ./templates/yaml_builds/set_site_env.sh ./tools/
+mv ./tools/set_site_env.sh ./tools/env_$SITE.sh
diff --git a/tools/setenv.sh b/tools/setenv.sh
new file mode 100644 (file)
index 0000000..7e0e99d
--- /dev/null
@@ -0,0 +1,24 @@
+#!/bin/bash
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+
+export YAML_BUILDS=/opt/yaml_builds
+echo YAML_BUILDS=$YAML_BUILDS
+export AIC_CLCP_MANIFESTS=/opt/yaml_builds/aic-clcp-manifests
+echo AIC_CLCP_MANIFESTS=$AIC_CLCP_MANIFESTS
+export AIC_CLCP_SECURITY_MANIFESTS=/opt/yaml_builds/aic-clcp-security-manifests
+echo AIC_CLCP_SECURITY_MANIFESTS=$AIC_CLCP_SECURITY_MANIFESTS
diff --git a/tools/single_step_deploy.sh b/tools/single_step_deploy.sh
new file mode 100644 (file)
index 0000000..8fe225d
--- /dev/null
@@ -0,0 +1,55 @@
+#!/bin/bash
+##############################################################################
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+
+if [ -z "$1" ]
+then
+  echo "Plese pass site name as command line argument"
+  exit -2
+else
+  export SITE=${SITE:-$1}
+  echo "SITE=$SITE"
+fi
+
+source $(dirname $0)/setenv.sh
+TIMESTAMP=$(date +"%Y%m%d%H%M")
+echo "TIMESTAMP=$TIMESTAMP"
+
+echo "Validating the setup and generating the tar file"
+bash $YAML_BUILDS/tools/1prom-gen.sh $SITE > /var/log/yaml_builds/1prom-gen-$TIMESTAMP.log 2>&1
+if [ $? -ne 0 ]
+then
+  echo "Error:Could not generate tar file. So stopping here"
+  exit 1 
+fi
+
+echo "Bringing up the genesis node"
+bash $YAML_BUILDS/tools/2genesis.sh $SITE > /var/log/yaml_builds/2genesis-$TIMESTAMP.log 2>&1
+if [ $? -ne 0 ]
+then
+  echo "Error:Could not bringup the genesis nodes. So stopping here"
+  exit 2
+fi
+
+echo "Deploying the site"
+bash $YAML_BUILDS/tools/3deploy_site.sh $SITE > /var/log/yaml_builds/3deploy-$TIMESTAMP.log 2>&1
+if [ $? -ne 0 ]
+then
+  echo "Error:Could not deploy the site."
+  exit 3
+fi
+echo "We are done."