Moving dev branch code to master branch 69/369/1
authorEby, Robert (re2429) <re2429@att.com>
Fri, 1 Feb 2019 18:24:11 +0000 (13:24 -0500)
committerEby, Robert (re2429) <re2429@att.com>
Fri, 1 Feb 2019 18:24:11 +0000 (13:24 -0500)
Change-Id: I656c5a55ef6e420e2b9cb0393a7ac8abdb261540
Signed-off-by: Eby, Robert (re2429) <re2429@att.com>
286 files changed:
dellgen10.yaml
hpgen10.yaml [new file with mode: 0644]
scripts/jcopy.py
scripts/update_bios_settings.py [new file with mode: 0644]
site/common/deployment/deployment-configuration.yaml [moved from site/site30/deployment/deployment-configuration.yaml with 94% similarity]
site/common/profiles/genesis.yaml [moved from site/site30/profiles/genesis.yaml with 89% similarity]
site/common/secrets/certificates/ingress.yaml [new file with mode: 0644]
site/common/secrets/passphrases/ceph_fsid.yaml [moved from site/site30/secrets/passphrases/ceph_fsid.yaml with 94% similarity]
site/common/secrets/passphrases/ceph_swift_keystone_password.yaml [moved from site/site30/secrets/passphrases/ceph_swift_keystone_password.yaml with 94% similarity]
site/common/secrets/passphrases/maas_region_secret.yaml [moved from site/site30/secrets/passphrases/maas_region_secret.yaml with 94% similarity]
site/common/secrets/passphrases/osh_barbican_oslo_db_password.yaml [moved from site/site30/secrets/passphrases/osh_barbican_oslo_db_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml [moved from site/site30/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml [moved from site/site30/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_barbican_password.yaml [moved from site/site30/secrets/passphrases/osh_barbican_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml [moved from site/site30/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml with 94% similarity]
site/common/secrets/passphrases/osh_cinder_oslo_db_password.yaml [moved from site/site30/secrets/passphrases/osh_cinder_oslo_db_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml [moved from site/site30/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml [moved from site/site30/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_cinder_password.yaml [moved from site/site30/secrets/passphrases/osh_cinder_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml [moved from site/site30/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml with 94% similarity]
site/common/secrets/passphrases/osh_glance_oslo_db_password.yaml [moved from site/site30/secrets/passphrases/osh_glance_oslo_db_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml [moved from site/site30/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_glance_oslo_messaging_password.yaml [moved from site/site30/secrets/passphrases/osh_glance_oslo_messaging_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_glance_password.yaml [moved from site/site30/secrets/passphrases/osh_glance_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml [moved from site/site30/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml with 94% similarity]
site/common/secrets/passphrases/osh_heat_oslo_db_password.yaml [moved from site/site30/secrets/passphrases/osh_heat_oslo_db_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml [moved from site/site30/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_heat_oslo_messaging_password.yaml [moved from site/site30/secrets/passphrases/osh_heat_oslo_messaging_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_heat_password.yaml [moved from site/site30/secrets/passphrases/osh_heat_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml [moved from site/site30/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml with 94% similarity]
site/common/secrets/passphrases/osh_heat_stack_user_password.yaml [moved from site/site30/secrets/passphrases/osh_heat_stack_user_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_heat_trustee_password.yaml [moved from site/site30/secrets/passphrases/osh_heat_trustee_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_horizon_oslo_db_password.yaml [moved from site/site30/secrets/passphrases/osh_horizon_oslo_db_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_infra_addons_jenkins_password.yaml [moved from site/site30/secrets/passphrases/osh_infra_addons_jenkins_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml [moved from site/site30/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_infra_grafana_admin_password.yaml [moved from site/site30/secrets/passphrases/osh_infra_grafana_admin_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml [moved from site/site30/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml [moved from site/site30/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_infra_kibana_admin_password.yaml [moved from site/site30/secrets/passphrases/osh_infra_kibana_admin_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_infra_nagios_admin_password.yaml [moved from site/site30/secrets/passphrases/osh_infra_nagios_admin_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_infra_openstack_exporter_password.yaml [moved from site/site30/secrets/passphrases/osh_infra_openstack_exporter_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml [moved from site/site30/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_keystone_admin_password.yaml [moved from site/site30/secrets/passphrases/osh_keystone_admin_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_keystone_ldap_mechid_password.yaml [moved from site/site30/secrets/passphrases/osh_keystone_ldap_mechid_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_keystone_ldap_password.yaml [new file with mode: 0644]
site/common/secrets/passphrases/osh_keystone_oslo_db_password.yaml [moved from site/site30/secrets/passphrases/osh_keystone_oslo_db_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml [moved from site/site30/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml [moved from site/site30/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml [moved from site/site30/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml with 94% similarity]
site/common/secrets/passphrases/osh_neutron_oslo_db_password.yaml [moved from site/site30/secrets/passphrases/osh_neutron_oslo_db_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml [moved from site/site30/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml [moved from site/site30/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_neutron_password.yaml [moved from site/site30/secrets/passphrases/osh_neutron_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml [moved from site/site30/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml with 94% similarity]
site/common/secrets/passphrases/osh_nova_oslo_db_password.yaml [moved from site/site30/secrets/passphrases/osh_nova_oslo_db_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml [moved from site/site30/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_nova_oslo_messaging_password.yaml [moved from site/site30/secrets/passphrases/osh_nova_oslo_messaging_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_nova_password.yaml [moved from site/site30/secrets/passphrases/osh_nova_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml [moved from site/site30/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml with 94% similarity]
site/common/secrets/passphrases/osh_oslo_cache_secret_key.yaml [moved from site/site30/secrets/passphrases/osh_oslo_cache_secret_key.yaml with 94% similarity]
site/common/secrets/passphrases/osh_oslo_db_admin_password.yaml [moved from site/site30/secrets/passphrases/osh_oslo_db_admin_password.yaml with 94% similarity]
site/common/secrets/passphrases/osh_placement_password.yaml [moved from site/site30/secrets/passphrases/osh_placement_password.yaml with 94% similarity]
site/common/secrets/passphrases/ucp_airflow_postgres_password.yaml [moved from site/site30/secrets/passphrases/ucp_airflow_postgres_password.yaml with 94% similarity]
site/common/secrets/passphrases/ucp_armada_keystone_password.yaml [moved from site/site30/secrets/passphrases/ucp_armada_keystone_password.yaml with 94% similarity]
site/common/secrets/passphrases/ucp_barbican_keystone_password.yaml [moved from site/site30/secrets/passphrases/ucp_barbican_keystone_password.yaml with 94% similarity]
site/common/secrets/passphrases/ucp_barbican_oslo_db_password.yaml [moved from site/site30/secrets/passphrases/ucp_barbican_oslo_db_password.yaml with 94% similarity]
site/common/secrets/passphrases/ucp_deckhand_keystone_password.yaml [moved from site/site30/secrets/passphrases/ucp_deckhand_keystone_password.yaml with 94% similarity]
site/common/secrets/passphrases/ucp_deckhand_postgres_password.yaml [moved from site/site30/secrets/passphrases/ucp_deckhand_postgres_password.yaml with 94% similarity]
site/common/secrets/passphrases/ucp_drydock_keystone_password.yaml [moved from site/site30/secrets/passphrases/ucp_drydock_keystone_password.yaml with 94% similarity]
site/common/secrets/passphrases/ucp_drydock_postgres_password.yaml [moved from site/site30/secrets/passphrases/ucp_drydock_postgres_password.yaml with 94% similarity]
site/common/secrets/passphrases/ucp_keystone_admin_password.yaml [moved from site/site30/secrets/passphrases/ucp_keystone_admin_password.yaml with 94% similarity]
site/common/secrets/passphrases/ucp_keystone_oslo_db_password.yaml [moved from site/site30/secrets/passphrases/ucp_keystone_oslo_db_password.yaml with 94% similarity]
site/common/secrets/passphrases/ucp_maas_admin_password.yaml [moved from site/site30/secrets/passphrases/ucp_maas_admin_password.yaml with 94% similarity]
site/common/secrets/passphrases/ucp_maas_postgres_password.yaml [moved from site/site30/secrets/passphrases/ucp_maas_postgres_password.yaml with 94% similarity]
site/common/secrets/passphrases/ucp_oslo_db_admin_password.yaml [moved from site/site30/secrets/passphrases/ucp_oslo_db_admin_password.yaml with 94% similarity]
site/common/secrets/passphrases/ucp_oslo_messaging_password.yaml [moved from site/site30/secrets/passphrases/ucp_oslo_messaging_password.yaml with 94% similarity]
site/common/secrets/passphrases/ucp_postgres_admin_password.yaml [moved from site/site30/secrets/passphrases/ucp_postgres_admin_password.yaml with 94% similarity]
site/common/secrets/passphrases/ucp_promenade_keystone_password.yaml [moved from site/site30/secrets/passphrases/ucp_promenade_keystone_password.yaml with 94% similarity]
site/common/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml [moved from site/site30/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml with 94% similarity]
site/common/secrets/passphrases/ucp_shipyard_keystone_password.yaml [moved from site/site30/secrets/passphrases/ucp_shipyard_keystone_password.yaml with 94% similarity]
site/common/secrets/passphrases/ucp_shipyard_postgres_password.yaml [moved from site/site30/secrets/passphrases/ucp_shipyard_postgres_password.yaml with 94% similarity]
site/common/software/charts/kubernetes/dns/coredns.yaml [moved from site/site30/software/charts/kubernetes/dns/coredns.yaml with 97% similarity]
site/common/software/charts/osh-infra/osh-infra-logging/elasticsearch.yaml [new file with mode: 0644]
site/common/software/charts/osh-infra/osh-infra-logging/fluent-logging.yaml [new file with mode: 0644]
site/common/software/charts/ucp/divingbell/divingbell.yaml [moved from site/site30/software/charts/ucp/divingbell/divingbell.yaml with 95% similarity]
site/common/software/charts/ucp/drydock/maas.yaml [moved from site/site30/software/charts/ucp/drydock/maas.yaml with 95% similarity]
site/common/software/config/common-software-config.yaml [moved from site/site30/software/config/common-software-config.yaml with 94% similarity]
site/common/software/config/endpoints.yaml [new file with mode: 0644]
site/common/software/config/service_accounts.yaml [moved from site/site30/software/config/service_accounts.yaml with 97% similarity]
site/common/software/manifests/full-site.yaml [moved from site/site30/software/manifests/full-site.yaml with 89% similarity]
site/dellgen10/baremetal/bootaction-sriov-blacklist.yaml [new file with mode: 0644]
site/dellgen10/baremetal/calico-ip-rules.yaml [new file with mode: 0644]
site/dellgen10/baremetal/promjoin.yaml [new file with mode: 0644]
site/dellgen10/baremetal/rack.yaml [new file with mode: 0644]
site/dellgen10/deployment/deployment-configuration.yaml [new file with mode: 0644]
site/dellgen10/networks/common-addresses.yaml [new file with mode: 0644]
site/dellgen10/networks/physical/rack.yaml [new file with mode: 0644]
site/dellgen10/pki/pki-catalog.yaml [new file with mode: 0644]
site/dellgen10/profiles/genesis.yaml [moved from templates/aic-clcp-manifests/software/charts/ucp/ceph/ceph-update.j2 with 59% similarity]
site/dellgen10/profiles/hardware/generic.yaml [new file with mode: 0644]
site/dellgen10/profiles/host/compute-r01.yaml [new file with mode: 0644]
site/dellgen10/profiles/host/cp-r01.yaml [new file with mode: 0644]
site/dellgen10/profiles/region.yaml [new file with mode: 0644]
site/dellgen10/secrets/certificates/ingress.yaml [new file with mode: 0644]
site/dellgen10/secrets/passphrases/ceph_fsid.yaml [new file with mode: 0644]
site/dellgen10/secrets/passphrases/osh_infra_addons_jenkins_password.yaml [new file with mode: 0644]
site/dellgen10/secrets/passphrases/osh_keystone_ldap_mechid_password.yaml [new file with mode: 0644]
site/dellgen10/secrets/passphrases/osh_oslo_cache_secret_key.yaml [new file with mode: 0644]
site/dellgen10/secrets/publickey/localadmin_ssh_public_key.yaml [moved from site/site30/secrets/publickey/localadmin_ssh_public_key.yaml with 93% similarity]
site/dellgen10/site-definition.yaml [new file with mode: 0644]
site/dellgen10/software/charts/kubernetes/container-networking/calico.yaml [moved from site/site30/software/charts/kubernetes/container-networking/calico.yaml with 94% similarity]
site/dellgen10/software/charts/kubernetes/container-networking/etcd.yaml [new file with mode: 0644]
site/dellgen10/software/charts/kubernetes/dns/coredns.yaml [new file with mode: 0644]
site/dellgen10/software/charts/kubernetes/etcd/etcd.yaml [new file with mode: 0644]
site/dellgen10/software/charts/kubernetes/ingress/ingress.yaml [moved from site/site30/software/charts/kubernetes/ingress/ingress.yaml with 94% similarity]
site/dellgen10/software/charts/osh-infra/osh-infra-logging/elasticsearch.yaml [new file with mode: 0644]
site/dellgen10/software/charts/osh-infra/osh-infra-logging/fluent-logging.yaml [new file with mode: 0644]
site/dellgen10/software/charts/osh/openstack-compute-kit/neutron.yaml [new file with mode: 0644]
site/dellgen10/software/charts/osh/openstack-compute-kit/nova.yaml [new file with mode: 0644]
site/dellgen10/software/charts/ucp/ceph/ceph-client-update.yaml [new file with mode: 0644]
site/dellgen10/software/charts/ucp/ceph/ceph-client.yaml [new file with mode: 0644]
site/dellgen10/software/charts/ucp/ceph/ceph-osd.yaml [moved from site/site30/software/charts/ucp/ceph/ceph-update.yaml with 72% similarity]
site/dellgen10/software/charts/ucp/divingbell/divingbell.yaml [new file with mode: 0644]
site/dellgen10/software/charts/ucp/drydock/maas.yaml [new file with mode: 0644]
site/dellgen10/software/charts/ucp/promenade/promenade.yaml [new file with mode: 0644]
site/dellgen10/software/config/common-software-config.yaml [new file with mode: 0644]
site/dellgen10/software/config/endpoints.yaml [new file with mode: 0644]
site/dellgen10/software/config/service_accounts.yaml [new file with mode: 0644]
site/dellgen10/software/manifests/full-site.yaml [new file with mode: 0644]
site/hpgen10/baremetal/bootaction-sriov-blacklist.yaml [new file with mode: 0644]
site/hpgen10/baremetal/calico-ip-rules.yaml [moved from site/site30/baremetal/calico-ip-rules.yaml with 93% similarity]
site/hpgen10/baremetal/promjoin.yaml [moved from site/site30/baremetal/promjoin.yaml with 94% similarity]
site/hpgen10/baremetal/rack.yaml [moved from site/site30/baremetal/rack.yaml with 52% similarity]
site/hpgen10/deployment/deployment-configuration.yaml [new file with mode: 0644]
site/hpgen10/networks/common-addresses.yaml [moved from site/site30/networks/common-addresses.yaml with 89% similarity]
site/hpgen10/networks/physical/rack.yaml [moved from site/site30/networks/physical/rack.yaml with 94% similarity]
site/hpgen10/pki/pki-catalog.yaml [moved from site/site30/pki/pki-catalog.yaml with 93% similarity]
site/hpgen10/profiles/genesis.yaml [new file with mode: 0644]
site/hpgen10/profiles/hardware/generic.yaml [new file with mode: 0644]
site/hpgen10/profiles/host/compute-r01.yaml [moved from site/site30/profiles/host/compute-r01.yaml with 79% similarity]
site/hpgen10/profiles/host/cp-r01.yaml [moved from site/site30/profiles/host/cp-r01.yaml with 84% similarity]
site/hpgen10/profiles/region.yaml [moved from site/site30/profiles/region.yaml with 94% similarity]
site/hpgen10/secrets/certificates/ingress.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/ceph_fsid.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/ceph_swift_keystone_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/maas_region_secret.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_barbican_oslo_db_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_barbican_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_cinder_oslo_db_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_cinder_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_glance_oslo_db_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_glance_oslo_messaging_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_glance_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_heat_oslo_db_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_heat_oslo_messaging_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_heat_password.yaml [moved from site/site30/secrets/passphrases/ipmi_admin_password.yaml with 90% similarity]
site/hpgen10/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_heat_stack_user_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_heat_trustee_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_horizon_oslo_db_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_infra_addons_jenkins_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_infra_grafana_admin_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_infra_kibana_admin_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_infra_nagios_admin_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_infra_openstack_exporter_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_keystone_admin_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_keystone_ldap_mechid_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_keystone_ldap_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_keystone_oslo_db_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_neutron_oslo_db_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_neutron_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_nova_oslo_db_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_nova_oslo_messaging_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_nova_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_oslo_cache_secret_key.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_oslo_db_admin_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/osh_placement_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/ucp_airflow_postgres_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/ucp_armada_keystone_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/ucp_barbican_keystone_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/ucp_barbican_oslo_db_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/ucp_deckhand_keystone_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/ucp_deckhand_postgres_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/ucp_drydock_keystone_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/ucp_drydock_postgres_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/ucp_keystone_admin_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/ucp_keystone_oslo_db_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/ucp_maas_admin_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/ucp_maas_postgres_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/ucp_oslo_db_admin_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/ucp_oslo_messaging_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/ucp_postgres_admin_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/ucp_promenade_keystone_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/ucp_shipyard_keystone_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/passphrases/ucp_shipyard_postgres_password.yaml [new file with mode: 0644]
site/hpgen10/secrets/publickey/localadmin_ssh_public_key.yaml [new file with mode: 0644]
site/hpgen10/site-definition.yaml [moved from site/site30/site-definition.yaml with 92% similarity]
site/hpgen10/software/charts/kubernetes/container-networking/calico.yaml [new file with mode: 0644]
site/hpgen10/software/charts/kubernetes/container-networking/etcd.yaml [moved from site/site30/software/charts/kubernetes/container-networking/etcd.yaml with 95% similarity]
site/hpgen10/software/charts/kubernetes/dns/coredns.yaml [new file with mode: 0644]
site/hpgen10/software/charts/kubernetes/etcd/etcd.yaml [moved from site/site30/software/charts/kubernetes/etcd/etcd.yaml with 94% similarity]
site/hpgen10/software/charts/kubernetes/ingress/ingress.yaml [new file with mode: 0644]
site/hpgen10/software/charts/osh-infra/osh-infra-logging/elasticsearch.yaml [new file with mode: 0644]
site/hpgen10/software/charts/osh-infra/osh-infra-logging/fluent-logging.yaml [new file with mode: 0644]
site/hpgen10/software/charts/osh/openstack-compute-kit/neutron.yaml [moved from site/site30/software/charts/osh/openstack-compute-kit/neutron.yaml with 71% similarity]
site/hpgen10/software/charts/osh/openstack-compute-kit/nova.yaml [new file with mode: 0644]
site/hpgen10/software/charts/ucp/ceph/ceph-client-update.yaml [new file with mode: 0644]
site/hpgen10/software/charts/ucp/ceph/ceph-client.yaml [new file with mode: 0644]
site/hpgen10/software/charts/ucp/ceph/ceph-osd.yaml [moved from site/site30/software/charts/ucp/ceph/ceph.yaml with 94% similarity]
site/hpgen10/software/charts/ucp/divingbell/divingbell.yaml [new file with mode: 0644]
site/hpgen10/software/charts/ucp/drydock/maas.yaml [new file with mode: 0644]
site/hpgen10/software/charts/ucp/promenade/promenade.yaml [new file with mode: 0644]
site/hpgen10/software/config/common-software-config.yaml [new file with mode: 0644]
site/hpgen10/software/config/endpoints.yaml [new file with mode: 0644]
site/hpgen10/software/config/service_accounts.yaml [new file with mode: 0644]
site/hpgen10/software/manifests/full-site.yaml [new file with mode: 0644]
site/site30/software/charts/osh/openstack-compute-kit/nova.yaml [deleted file]
site/site30/software/config/endpoints.yaml [deleted file]
site30.yaml [deleted file]
templates/aic-clcp-manifests/software/charts/kubernetes/container-networking/calico.j2 [deleted file]
templates/aic-clcp-manifests/software/charts/ucp/ceph/promenade/promenade.j2 [deleted file]
templates/aic-clcp-security-manifests/secrets/passphrases/ipmi_admin_password.j2 [deleted file]
templates/aic-clcp-security-manifests/site-definition.j2 [deleted file]
templates/baremetal/bootaction-sriov-blacklist.j2 [new file with mode: 0644]
templates/baremetal/calico-ip-rules.j2 [moved from templates/aic-clcp-manifests/baremetal/bootaction.j2 with 71% similarity]
templates/baremetal/promjoin.j2 [new file with mode: 0644]
templates/baremetal/rack.j2 [moved from templates/aic-clcp-manifests/baremetal/rack.j2 with 62% similarity]
templates/networks/common-addresses.j2 [moved from templates/aic-clcp-manifests/networks/common-addresses.j2 with 71% similarity]
templates/networks/physical/rack.j2 [moved from templates/aic-clcp-manifests/networks/physical/rack.j2 with 91% similarity]
templates/pki/pki-catalog.j2 [moved from templates/aic-clcp-manifests/pki/pki-catalog.j2 with 87% similarity]
templates/profiles/hardware/generic.j2 [moved from templates/aic-clcp-manifests/profiles/hardware/generic.j2 with 95% similarity]
templates/profiles/host/compute-r01.j2 [new file with mode: 0644]
templates/profiles/host/cp-r01.j2 [moved from templates/aic-clcp-manifests/profiles/host/mycontrolplane_hp.j2 with 82% similarity]
templates/profiles/region.j2 [moved from templates/aic-clcp-manifests/profiles/region.j2 with 94% similarity]
templates/secrets/passphrases/ipmi_admin_password.j2 [moved from templates/aic-clcp-manifests/secrets/passphrases/ipmi_admin_password.j2 with 91% similarity]
templates/secrets/publickey/localadmin_ssh_public_key.j2 [moved from templates/aic-clcp-manifests/secrets/publickey/localadmin_ssh_public_key.j2 with 94% similarity]
templates/site-definition.j2 [moved from templates/aic-clcp-manifests/site-definition.j2 with 87% similarity]
templates/software/charts/kubernetes/container-networking/calico.j2 [moved from site/site30/software/charts/ucp/promenade/promenade.yaml with 62% similarity]
templates/software/charts/kubernetes/container-networking/etcd.j2 [moved from templates/aic-clcp-manifests/software/charts/kubernetes/container-networking/etcd.j2 with 72% similarity]
templates/software/charts/kubernetes/etcd/etcd.j2 [moved from templates/aic-clcp-manifests/software/charts/kubernetes/etcd/etcd.j2 with 77% similarity]
templates/software/charts/kubernetes/ingress/ingress.j2 [moved from templates/aic-clcp-manifests/software/charts/kubernetes/ingress/ingress.j2 with 86% similarity]
templates/software/charts/osh/openstack-compute-kit/neutron.j2 [moved from templates/aic-clcp-manifests/software/charts/osh/openstack-compute-kit/neutron.j2 with 77% similarity]
templates/software/charts/osh/openstack-compute-kit/nova.j2 [moved from templates/aic-clcp-manifests/software/charts/osh/openstack-compute-kit/nova.j2 with 65% similarity]
templates/software/charts/ucp/ceph/ceph-client-update.j2 [new file with mode: 0644]
templates/software/charts/ucp/ceph/ceph-client.j2 [new file with mode: 0644]
templates/software/charts/ucp/ceph/ceph-osd.j2 [moved from templates/aic-clcp-manifests/software/charts/ucp/ceph/ceph.j2 with 89% similarity]
templates/software/charts/ucp/promenade/promenade.j2 [new file with mode: 0644]
tools/0cleanup.sh [deleted file]
tools/1prom-gen.sh
tools/2genesis.sh
tools/3deploy_site.sh
tools/aknode30rc [new file with mode: 0644]
tools/aknode40rc [new file with mode: 0644]
tools/cleanup.sh [new file with mode: 0755]
tools/deploy_site.sh
tools/j2/serverrc.j2 [new file with mode: 0644]
tools/j2/serverrc_raid.j2 [new file with mode: 0644]
tools/j2/set_site_env.sh [moved from templates/yaml_builds/set_site_env.sh with 78% similarity]
tools/pegleg.sh [new file with mode: 0755]
tools/setenv.sh
tools/single_step_deploy.sh
tools/transfer.sh [new file with mode: 0644]
tools/update_iptables.sh [new file with mode: 0644]
version.properties

index d5f0415..0bdf528 100644 (file)
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
 # limitations under the License.                                             #
 ##############################################################################
 
-site_name: dell_akraino
-ipmi_admin_password: calvin
+site_name: dellgen10
+ipmi_admin:
+  username: root
+  password: calvin
 networks:
   bonded: yes
   primary: bond0
   slaves:
-    - name: enp135s0f0
-    - name: enp135s0f1
+    - name: enp94s0f0
+    - name: enp94s0f1
   oob:
     vlan: 40
-    interface: 
+    interface:
     cidr: 192.168.41.0/24
     routes:
       gateway: 192.168.41.1
     ranges:
       reserved:
         start: 192.168.41.2
-        end: 192.168.41.4
+        end: 192.168.41.12
       static:
-        start: 192.168.41.5
+        start: 192.168.41.13
         end: 192.168.41.254
   host:
-    vlan: 41   
+    vlan: 41
     interface: bond0.41
     cidr: 192.168.2.0/24
+    subnet: 192.168.2.0
+    netmask: 255.255.255.0
     routes:
-       gateway: 192.168.2.85
+       gateway: 192.168.2.200
     ranges:
       reserved:
         start: 192.168.2.84
         end: 192.168.2.86
       static:
-        start: 192.168.2.1
-        end: 192.168.2.83
+        start: 192.168.2.40
+        end: 192.168.2.45
+    dns:
+      domain: lab.akraino.org
+      servers: '192.168.2.85 8.8.8.8 8.8.4.4'
   storage:
     vlan: 42
     interface: bond0.42
@@ -65,6 +72,8 @@ networks:
     interface: eno3
     cidr: 172.30.2.0/24
     gateway: 172.30.2.1
+    routes:
+      gateway: 172.30.2.40
     ranges:
       reserved:
         start: 172.30.2.2
@@ -75,6 +84,10 @@ networks:
       dhcp:
         start: 172.30.2.201
         end: 172.30.2.254
+    dns:
+      domain: lab.akraino.org
+      servers: '192.168.2.85 8.8.8.8 8.8.4.4'
+    inf: net4
   ksn:
     vlan: 44
     interface: bond0.44
@@ -103,153 +116,158 @@ networks:
       static:
         start: 10.0.102.11
         end: 10.0.102.254
+dns:
+  upstream_servers:
+    - 192.168.2.85
+    - 8.8.8.8
+    - 8.8.8.8
+  upstream_servers_joined: '192.168.2.85,8.8.8.8'
+  ingress_domain: dellgen10.akraino.org
 sriovnets:
 - physical: sriovnet1
-  interface: enp135s0f
-  vlan_start: 100
-  vlan_end: 4000
+  interface: enp135s0f0
+  vlan_start: 2001
+  vlan_end: 3000
   whitelists:
-      "0000:87:02.0":  "enp135s2"
-      "0000:87:02.1":  "enp135s2f1"
-      "0000:87:03.2":  "enp135s3f2"
-      "0000:87:03.3":  "enp135s3f3"
-      "0000:87:03.4":  "enp135s3f4"
-      "0000:87:03.5":  "enp135s3f5"
-      "0000:87:03.6":  "enp135s3f6"
-      "0000:87:03.7":  "enp135s3f7"
-      "0000:87:04.0":  "enp135s4"
-      "0000:87:04.1":  "enp135s4f1"
-      "0000:87:04.2":  "enp135s4f2"
-      "0000:87:04.3":  "enp135s4f3"
-      "0000:87:02.2":  "enp135s2f2"
-      "0000:87:04.4":  "enp135s4f4"
-      "0000:87:04.5":  "enp135s4f5"
-      "0000:87:04.6":  "enp135s4f6"
-      "0000:87:04.7":  "enp135s4f7"
-      "0000:87:05.0":  "enp135s5"
-      "0000:87:05.1":  "enp135s5f1"
-      "0000:87:05.2":  "enp135s5f2"
-      "0000:87:05.3":  "enp135s5f3"
-      "0000:87:05.4":  "enp135s5f4"
-      "0000:87:05.5":  "enp135s5f5"
-      "0000:87:02.3":  "enp135s2f3"
-      "0000:87:05.6":  "enp135s5f6"
-      "0000:87:05.7":  "enp135s5f7"
-      "0000:87:02.4":  "enp135s2f4"
-      "0000:87:02.5":  "enp135s2f5"
-      "0000:87:02.6":  "enp135s2f6"
-      "0000:87:02.7":  "enp135s2f7"
-      "0000:87:03.0":  "enp135s3"
-      "0000:87:03.1":  "enp135s3f1"
-
+  - "address": "0000:87:02.0"
+  - "address": "0000:87:02.1"
+  - "address": "0000:87:03.2"
+  - "address": "0000:87:03.3"
+  - "address": "0000:87:03.4"
+  - "address": "0000:87:03.5"
+  - "address": "0000:87:03.6"
+  - "address": "0000:87:03.7"
+  - "address": "0000:87:04.0"
+  - "address": "0000:87:04.1"
+  - "address": "0000:87:04.2"
+  - "address": "0000:87:04.3"
+  - "address": "0000:87:02.2"
+  - "address": "0000:87:04.4"
+  - "address": "0000:87:04.5"
+  - "address": "0000:87:04.6"
+  - "address": "0000:87:04.7"
+  - "address": "0000:87:05.0"
+  - "address": "0000:87:05.1"
+  - "address": "0000:87:05.2"
+  - "address": "0000:87:05.3"
+  - "address": "0000:87:05.4"
+  - "address": "0000:87:05.5"
+  - "address": "0000:87:02.3"
+  - "address": "0000:87:05.6"
+  - "address": "0000:87:05.7"
+  - "address": "0000:87:02.4"
+  - "address": "0000:87:02.5"
+  - "address": "0000:87:02.6"
+  - "address": "0000:87:02.7"
+  - "address": "0000:87:03.0"
+  - "address": "0000:87:03.1"
 - physical: sriovnet2
   interface: enp135s0f1
-  vlan_start: 100
-  vlan_end: 4000
+  vlan_start: 2001
+  vlan_end: 3000
   whitelists:
-     "0000:87:0a.0":  "enp135s10i"
-     "0000:87:0a.1":  "enp135s10f1"
-     "0000:87:0b.2":  "enp135s11f2"
-     "0000:87:0b.3":  "enp135s11f3"
-     "0000:87:0b.4":  "enp135s11f4"
-     "0000:87:0b.5":  "enp135s11f5"
-     "0000:87:0b.6":  "enp135s11f6"
-     "0000:87:0b.7":  "enp135s11f7"
-     "0000:87:0c.0":  "enp135s12"
-     "0000:87:0c.1":  "enp135s12f1"
-     "0000:87:0c.2":  "enp135s12f2"
-     "0000:87:0c.3":  "enp135s12f3"
-     "0000:87:0a.2":  "enp135s10f2"
-     "0000:87:0c.4":  "enp135s12f4"
-     "0000:87:0c.5":  "enp135s12f5"
-     "0000:87:0c.6":  "enp135s12f6"
-     "0000:87:0c.7":  "enp135s12f7"
-     "0000:87:0d.0":  "enp135s13"
-     "0000:87:0d.1":  "enp135s13f1"
-     "0000:87:0d.2":  "enp135s13f2"
-     "0000:87:0d.3":  "enp135s13f3"
-     "0000:87:0d.4":  "enp135s13f4"
-     "0000:87:0d.5":  "enp135s13f5"
-     "0000:87:0a.3":  "enp135s10f3"
-     "0000:87:0d.6":  "enp135s13f6"
-     "0000:87:0d.7":  "enp135s13f7"
-     "0000:87:0a.4":  "enp135s10f4"
-     "0000:87:0a.5":  "enp135s10f5"
-     "0000:87:0a.6":  "enp135s10f6"
-     "0000:87:0a.7":  "enp135s10f7"
-     "0000:87:0b.0":  "enp135s11"
-     "0000:87:0b.1":  "enp135s11f1"
+  - "address": "0000:87:0a.0"
+  - "address": "0000:87:0a.1"
+  - "address": "0000:87:0b.2"
+  - "address": "0000:87:0b.3"
+  - "address": "0000:87:0b.4"
+  - "address": "0000:87:0b.5"
+  - "address": "0000:87:0b.6"
+  - "address": "0000:87:0b.7"
+  - "address": "0000:87:0c.0"
+  - "address": "0000:87:0c.1"
+  - "address": "0000:87:0c.2"
+  - "address": "0000:87:0c.3"
+  - "address": "0000:87:0a.2"
+  - "address": "0000:87:0c.4"
+  - "address": "0000:87:0c.5"
+  - "address": "0000:87:0c.6"
+  - "address": "0000:87:0c.7"
+  - "address": "0000:87:0d.0"
+  - "address": "0000:87:0d.1"
+  - "address": "0000:87:0d.2"
+  - "address": "0000:87:0d.3"
+  - "address": "0000:87:0d.4"
+  - "address": "0000:87:0d.5"
+  - "address": "0000:87:0a.3"
+  - "address": "0000:87:0d.6"
+  - "address": "0000:87:0d.7"
+  - "address": "0000:87:0a.4"
+  - "address": "0000:87:0a.5"
+  - "address": "0000:87:0a.6"
+  - "address": "0000:87:0a.7"
+  - "address": "0000:87:0b.0"
+  - "address": "0000:87:0b.1"
 storage:
   osds:
+    - data: /dev/sda
+      journal: /var/lib/ceph/journal/journal-sda
     - data: /dev/sdb
-      journal: /var/lib/openstack-helm/ceph/journal0/osd/journal-sdb
+      journal: /var/lib/ceph/journal/journal-sdb
     - data: /dev/sdc
-      journal: /var/lib/openstack-helm/ceph/journal1/osd/journal-sdc
+      journal: /var/lib/ceph/journal/journal-sdc
     - data: /dev/sdd
-      journal: /var/lib/openstack-helm/ceph/journal0/osd/journal-sdd
+      journal: /var/lib/ceph/journal/journal-sdd
     - data: /dev/sde
-      journal: /var/lib/openstack-helm/ceph/journal1/osd/journal-sde
+      journal: /var/lib/ceph/journal/journal-sde
     - data: /dev/sdf
-      journal: /var/lib/openstack-helm/ceph/journal0/osd/journal-sdf
-    - data: /dev/sdg
-      journal: /var/lib/openstack-helm/ceph/journal1/osd/journal-sdg
-    - data: /dev/sdg
-      journal: /var/lib/openstack-helm/ceph/journal0/osd/journal-sdh
-    - data: /dev/sdi
-      journal: /var/lib/openstack-helm/ceph/journal1/osd/journal-sdi
-    - data: /dev/sdk
-      journal: /var/lib/openstack-helm/ceph/journal0/osd/journal-sdk
-  osd_count: 9
+      journal: /var/lib/ceph/journal/journal-sdf
+  osd_count: 6
+  total_osd_count: 18
 genesis:
-  name: csonjrsv40
+  name: aknode40
   oob: 192.168.41.40
   host: 192.168.2.40
   storage: 172.31.2.40
   pxe: 172.30.2.40
   ksn: 172.29.1.40
   neutron: 10.0.102.40
+  root_password: akraino,d
+  oem: Dell
+  bios_template: dell_r740_g14_uefi_base.xml.template
+  boot_template: dell_r740_g14_uefi_httpboot.xml.template
+  http_boot_device: NIC.Slot.2-1-1
 masters:
-  - name : csonjrsv41
-  - name : csonjrsv42
-workers:
-  - name : csonjrsv43
-  - name : csonjrsv44
-servers:
-  - name : csonjrsv41
+  - name : aknode41
     oob: 192.168.41.41
     host: 192.168.2.41
     storage: 172.31.2.41
     pxe: 172.30.2.41
     ksn: 172.29.1.41
     neutron: 10.0.102.41
-  - name : csonjrsv42
+    oob_user: root
+    oob_password: calvin
+  - name : aknode42
     oob: 192.168.41.42
     host: 192.168.2.42
     storage: 172.31.2.42
     pxe: 172.30.2.42
     ksn: 172.29.1.42
     neutron: 10.0.102.42
-  - name : csonjrsv43
-    oob: 192.168.41.43
-    host: 192.168.2.43
-    storage: 172.31.2.43
-    pxe: 172.30.2.43
-    ksn: 172.29.1.43
-    neutron: 10.0.102.43
-  - name : csonjrsv44
-    oob: 192.168.41.44
-    host: 192.168.2.44
-    storage: 172.31.2.44
-    pxe: 172.30.2.44
-    ksn: 172.29.1.44
-    neutron: 10.0.102.44
+    oob_user: root
+    oob_password: calvin
+#workers:
+#  - name : aknode43
+#    oob: 192.168.41.43
+#    host: 192.168.2.43
+#    storage: 172.31.2.43
+#    pxe: 172.30.2.43
+#    ksn: 172.29.1.43
+#    neutron: 10.0.102.43
+#  - name : aknode44
+#    oob: 192.168.41.44
+#    host: 192.168.2.44
+#    storage: 172.31.2.44
+#    pxe: 172.30.2.44
+#    ksn: 172.29.1.44
+#    neutron: 10.0.102.44
 hardware:
   vendor: DELL
   generation: '10'
   hw_version: '3'
   bios_version: '2.8'
 disks:
-  - name : sdj
+  - name : sdg
     labels:
       bootdrive: 'true'
     partitions:
@@ -262,16 +280,30 @@ disks:
       - name: var
         size: 100g
         mountpoint: /var
-  - name : sdb
+  - name : sdh
     partitions:
-      - name: cephj0
-        size: 100g
-        mountpoint: /var/lib/openstack-helm/ceph/journal0
-  - name : sdc
+      - name: ceph
+        size: 300g
+        mountpoint: /var/lib/ceph/journal
+disks_compute:
+  - name : sdg
+    labels:
+      bootdrive: 'true'
     partitions:
-      - name: cephj1
-        size: 100g
-        mountpoint: /var/lib/openstack-helm/ceph/journal1
+      - name: root
+        size: 20g
+        mountpoint: /
+      - name: boot
+        size: 1g
+        mountpoint: /boot
+      - name: var
+        size: '>300g'
+        mountpoint: /var
+  - name : sdh
+    partitions:
+      - name: nova
+        size: '99%'
+        mountpoint: /var/lib/nova
 genesis_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/n4mNLAj3XKG2fcm+8eVe0NUlNH0g8DA8KJ53rSLKccm8gm4UgLmGOJyBfUloQZMuOpU6a+hexN4ECCliqI7+KUmgJgsvLkJ3OUMNTEVu9tDX5mdXeffsufaqFkAdmbJ/9PMPiPQ3/UqbbtyEcqoZAwUWf4ggAWSp00SGE1Okg+skPSbDzPVHb4810eXZT1yoIg29HAenJNNrsVxvnMT2kw2OYmLfxgEUh1Ev4c5LnUog4GXBDHQtHAwaIoTu9s/q8VIvGav62RJVFn3U1D0jkiwDLSIFn8ezORQ4YkSidwdSrtqsqa2TJ0E5w/n5h5IVGO9neY8YlXrgynLd4Y+7 root@pocnjrsv132"
 kubernetes:
   api_service_ip: 10.96.0.1
diff --git a/hpgen10.yaml b/hpgen10.yaml
new file mode 100644 (file)
index 0000000..a2aff22
--- /dev/null
@@ -0,0 +1,316 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+site_name: hpgen10
+ipmi_admin:
+  username: Administrator
+  password: Admin123
+networks:
+  bonded: yes
+  primary: bond0
+  slaves:
+    - name: ens3f0
+    - name: ens3f1
+  oob:
+    vlan: 40
+    interface: 
+    cidr: 192.168.41.0/24
+    routes:
+      gateway: 192.168.41.1
+    ranges:
+      reserved:
+        start: 192.168.41.2
+        end: 192.168.41.4
+      static:
+        start: 192.168.41.5
+        end: 192.168.41.254
+  host:
+    vlan: 41
+    interface: bond0.41
+    cidr: 192.168.2.0/24
+    subnet: 192.168.2.0
+    netmask: 255.255.255.0
+    routes:
+       gateway: 192.168.2.200
+    ranges:
+      reserved:
+        start: 192.168.2.84
+        end: 192.168.2.86
+      static:
+        start: 192.168.2.1
+        end: 192.168.2.83
+    dns:
+      domain: lab.akraino.org
+      servers: '192.168.2.85 8.8.8.8 8.8.4.4'
+  storage:
+    vlan: 42
+    interface: bond0.42
+    cidr: 172.31.1.0/24
+    ranges:
+      static:
+        start: 172.31.1.2
+        end: 172.31.1.254
+  pxe:
+    vlan: 
+    interface: eno1
+    cidr: 172.30.1.0/24
+    gateway: 172.30.1.1
+    routes:
+       gateway: 172.30.1.30
+    ranges:
+      reserved:
+        start: 172.30.1.1
+        end:  172.30.1.10
+      static:
+        start: 172.30.1.11
+        end: 172.30.1.200
+      dhcp:
+        start: 172.30.1.201
+        end: 172.30.1.254
+    dns:
+      domain: lab.akraino.org
+      servers: '192.168.2.85 8.8.8.8 8.8.4.4'
+    inf: net4
+  ksn:
+    vlan: 44
+    interface: bond0.44
+    cidr: 172.29.1.0/24
+    local_asnumber: 65531
+    ranges:
+      static:
+        start: 172.29.1.5
+        end: 172.29.1.254
+    additional_cidrs:
+      -  172.29.1.136/29
+    ingress_cidr: 172.29.1.137/32
+    peers:
+    - ip: 172.29.1.1
+      scope: global
+      asnumber: 65001
+    vrrp_ip: 172.29.1.1 # keep peers ip address in case of only peer.
+  neutron:
+    vlan: 45
+    interface: bond0.45
+    cidr: 10.0.101.0/24
+    ranges:
+      static:
+        start: 10.0.101.2
+        end: 10.0.101.254
+dns:
+  upstream_servers:
+    - 192.168.2.85
+    - 8.8.8.8
+    - 8.8.8.8
+  upstream_servers_joined: '192.168.2.85,8.8.8.8'
+  ingress_domain: hpgen10.akraino.org
+sriovnets:
+- physical: sriovnet1
+  interface: ens6f0
+  vlan_start: 2001
+  vlan_end: 3000
+  whitelists:
+  - "address": "0000:af:02.0"
+  - "address": "0000:af:02.1"
+  - "address": "0000:af:02.2"
+  - "address": "0000:af:02.3"
+  - "address": "0000:af:02.4"
+  - "address": "0000:af:02.5"
+  - "address": "0000:af:02.6"
+  - "address": "0000:af:02.7"
+  - "address": "0000:af:03.0"
+  - "address": "0000:af:03.1"
+  - "address": "0000:af:03.2"
+  - "address": "0000:af:03.3"
+  - "address": "0000:af:03.4"
+  - "address": "0000:af:03.5"
+  - "address": "0000:af:03.6"
+  - "address": "0000:af:03.7"
+  - "address": "0000:af:04.0"
+  - "address": "0000:af:04.1"
+  - "address": "0000:af:04.2"
+  - "address": "0000:af:04.3"
+  - "address": "0000:af:04.4"
+  - "address": "0000:af:04.5"
+  - "address": "0000:af:04.6"
+  - "address": "0000:af:04.7"
+  - "address": "0000:af:05.0"
+  - "address": "0000:af:05.1"
+  - "address": "0000:af:05.2"
+  - "address": "0000:af:05.3"
+  - "address": "0000:af:05.4"
+  - "address": "0000:af:05.5"
+  - "address": "0000:af:05.6"
+  - "address": "0000:af:05.7"
+- physical: sriovnet2
+  interface: ens6f1
+  vlan_start: 2001
+  vlan_end: 3000
+  whitelists:
+  - "address": "0000:af:0a.0"
+  - "address": "0000:af:0a.1"
+  - "address": "0000:af:0a.2"
+  - "address": "0000:af:0a.3"
+  - "address": "0000:af:0a.4"
+  - "address": "0000:af:0a.5"
+  - "address": "0000:af:0a.6"
+  - "address": "0000:af:0a.7"
+  - "address": "0000:af:0b.0"
+  - "address": "0000:af:0b.1"
+  - "address": "0000:af:0b.2"
+  - "address": "0000:af:0b.3"
+  - "address": "0000:af:0b.4"
+  - "address": "0000:af:0b.5"
+  - "address": "0000:af:0b.6"
+  - "address": "0000:af:0b.7"
+  - "address": "0000:af:0c.0"
+  - "address": "0000:af:0c.1"
+  - "address": "0000:af:0c.2"
+  - "address": "0000:af:0c.3"
+  - "address": "0000:af:0c.4"
+  - "address": "0000:af:0c.5"
+  - "address": "0000:af:0c.6"
+  - "address": "0000:af:0c.7"
+  - "address": "0000:af:0d.0"
+  - "address": "0000:af:0d.1"
+  - "address": "0000:af:0d.2"
+  - "address": "0000:af:0d.3"
+  - "address": "0000:af:0d.4"
+  - "address": "0000:af:0d.5"
+  - "address": "0000:af:0d.6"
+  - "address": "0000:af:0d.7"
+storage:
+  osds:
+    - data: /dev/sdb
+      journal: /var/lib/ceph/journal/journal-sdb
+    - data: /dev/sdc
+      journal: /var/lib/ceph/journal/journal-sdc
+    - data: /dev/sdd
+      journal: /var/lib/ceph/journal/journal-sdd
+    - data: /dev/sde
+      journal: /var/lib/ceph/journal/journal-sde
+    - data: /dev/sdf
+      journal: /var/lib/ceph/journal/journal-sdf
+    - data: /dev/sdg
+      journal: /var/lib/ceph/journal/journal-sdg
+    - data: /dev/sdh
+      journal: /var/lib/ceph/journal/journal-sdh
+    - data: /dev/sdi
+      journal: /var/lib/ceph/journal/journal-sdi
+  osd_count: 8
+  total_osd_count: 24
+genesis:
+  name: aknode30
+  oob: 192.168.41.130
+  host: 192.168.2.30
+  storage: 172.31.1.30
+  pxe: 172.30.1.30
+  ksn: 172.29.1.30
+  neutron: 10.0.101.30
+  root_password: akraino,d
+  oem: HPE
+  mac_address: 3c:fd:fe:aa:90:b0
+  bios_template: hpe_dl380_g10_uefi_base.json.template
+  boot_template: hpe_dl380_g10_uefi_httpboot.json.template
+  http_boot_device: NIC.Slot.3-1-1
+masters:
+  - name : aknode31
+    oob: 192.168.41.131
+    host: 192.168.2.31
+    storage: 172.31.1.31
+    pxe: 172.30.1.31
+    ksn: 172.29.1.31
+    neutron: 10.0.101.31
+    oob_user: Administrator
+    oob_password: Admin123
+  - name : aknode32
+    oob: 192.168.41.132
+    host: 192.168.2.32
+    storage: 172.31.1.32
+    pxe: 172.30.1.32
+    ksn: 172.29.1.32
+    neutron: 10.0.101.32
+    oob_user: Administrator
+    oob_password: Admin123
+#workers:
+#  - name : aknode33
+#    oob: 192.168.41.133
+#    host: 192.168.2.33
+#    storage: 172.31.1.33
+#    pxe: 172.30.1.33
+#    ksn: 172.29.1.33
+#    neutron: 10.0.101.33
+#    oob_user: Administrator
+#    oob_password: Admin123
+#  - name : aknode34
+#    oob: 192.168.41.134
+#    host: 192.168.2.34
+#    storage: 172.31.1.34
+#    pxe: 172.30.1.34
+#    ksn: 172.29.1.34
+#    neutron: 10.0.101.34
+hardware:
+  vendor: HP
+  generation: '10'
+  hw_version: '3'
+  bios_version: '2.8'
+disks:
+  - name : sdj
+    labels:
+      bootdrive: 'true'
+    partitions:
+      - name: root
+        size: 20g
+        mountpoint: /
+      - name: boot
+        size: 1g
+        mountpoint: /boot
+      - name: var
+        size: '>300g'
+        mountpoint: /var
+  - name : sdk
+    partitions:
+      - name: cephj
+        size: 300g
+        mountpoint: /var/lib/ceph/journal
+disks_compute:
+  - name : sdj
+    labels:
+      bootdrive: 'true'
+    partitions:
+      - name: root
+        size: 20g
+        mountpoint: /
+      - name: boot
+        size: 1g
+        mountpoint: /boot
+      - name: var
+        size: '>300g'
+        mountpoint: /var
+  - name : sdk
+    partitions:
+      - name: nova
+        size: '99%'
+        mountpoint: /var/lib/nova
+genesis_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/n4mNLAj3XKG2fcm+8eVe0NUlNH0g8DA8KJ53rSLKccm8gm4UgLmGOJyBfUloQZMuOpU6a+hexN4ECCliqI7+KUmgJgsvLkJ3OUMNTEVu9tDX5mdXeffsufaqFkAdmbJ/9PMPiPQ3/UqbbtyEcqoZAwUWf4ggAWSp00SGE1Okg+skPSbDzPVHb4810eXZT1yoIg29HAenJNNrsVxvnMT2kw2OYmLfxgEUh1Ev4c5LnUog4GXBDHQtHAwaIoTu9s/q8VIvGav62RJVFn3U1D0jkiwDLSIFn8ezORQ4YkSidwdSrtqsqa2TJ0E5w/n5h5IVGO9neY8YlXrgynLd4Y+7 root@pocnjrsv132"
+kubernetes:
+  api_service_ip: 10.96.0.1
+  etcd_service_ip: 10.96.0.2
+  pod_cidr: 10.99.0.0/16
+  service_cidr: 10.96.0.0/14
+regional_server:
+  ip: 135.16.101.85
+...
index fb3f21e..ac89508 100755 (executable)
@@ -1,6 +1,6 @@
 #!/usr/bin/python
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -55,22 +55,21 @@ def expand_files(target_dir, dir_name, files):
         print '{0} -> {1}'.format(source_path, target_path)
         total += 1
 
-def expand_file(target_dir, file):
+def expand_file(target_file, file):
   global total
-  if not os.path.exists(target_dir):
-    os.makedirs(target_dir)
+  if not os.path.exists(os.path.dirname(target_file)):
+    os.makedirs(os.path.dirname(target_file))
   env = jinja2.Environment()
   env.trim_blocks = True
   env.lstrip_blocks = True
   with open(file) as fd:
     template = env.from_string(fd.read())
   data = template.render(yaml=yaml)
-  target_path = target_dir + '/' + os.path.basename(file)
-  fd2 = open(target_path,'w')
+  fd2 = open(target_file,'w')
   fd2.write(data)
   fd2.write("\n")
   fd2.close()
-  print '{0} -> {1}'.format(file, target_path)
+  print '{0} -> {1}'.format(file, target_file)
   total += 1
 
 if len(sys.argv) != 4:
diff --git a/scripts/update_bios_settings.py b/scripts/update_bios_settings.py
new file mode 100644 (file)
index 0000000..f15c07b
--- /dev/null
@@ -0,0 +1,99 @@
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+import os
+import sys
+import yaml
+import jinja2
+import subprocess
+
+with open(sys.argv[1]) as f:
+  yaml = yaml.safe_load(f)
+
+def create_rc_genesis(source, target_suffix):
+  env = jinja2.Environment()
+  env.trim_blocks = True
+  env.lstrip_blocks = True
+  
+  with open(source) as fd:
+    template = env.from_string(fd.read())
+  data = template.render(yaml=yaml)
+  target_file = yaml['genesis']['name']+target_suffix
+  fd2 = open(target_file,'w')
+  fd2.write(data)
+  fd2.write("\n")
+  fd2.close()
+  print '{0} -> {1}'.format(source, target_file)
+
+def create_rc_masters(source, target_suffix):
+  env = jinja2.Environment()
+  env.trim_blocks = True
+  env.lstrip_blocks = True
+
+  for master in yaml['masters']:
+    with open(source) as fd:
+      template = env.from_string(fd.read())
+    data = template.render(yaml=master)
+    target_file = "server-config/"+master['name']+target_suffix
+    print target_file
+    if os.path.exists(target_file):
+      print 'rc file exists maynot be new node'
+      continue
+    if not os.path.exists(os.path.dirname(target_file)):
+      os.makedirs(os.path.dirname(target_file))
+    fd2 = open(target_file,'w')
+    fd2.write(data)
+    fd2.write("\n")
+    fd2.close()
+    print '{0} -> {1}'.format(source, target_file)
+    command = '/opt/akraino/tools/apply_dellxml.sh --rc {0} --template dell_r740_g14_uefi_base.xml.template --no-confirm'.format(target_file)
+    print 'command: {0}'.format(command)
+    os.system(command)
+
+def create_rc_workers(source, target_suffix):
+  env = jinja2.Environment()
+  env.trim_blocks = True
+  env.lstrip_blocks = True
+
+  if 'workers' in yaml:
+    for master in yaml['workers']:
+      with open(source) as fd:
+        template = env.from_string(fd.read())
+      data = template.render(yaml=master)
+      target_file = "server-config/"+master['name']+target_suffix
+      print target_file
+      if os.path.exists(target_file):
+        print 'rc file exists maynot be new node'
+        continue
+      if not os.path.exists(os.path.dirname(target_file)):
+        os.makedirs(os.path.dirname(target_file))
+      fd2 = open(target_file,'w')
+      fd2.write(data)
+      fd2.write("\n")
+      fd2.close()
+      print '{0} -> {1}'.format(source, target_file)
+      command = '/opt/akraino/tools/apply_dellxml.sh --rc {0} --template dell_r740_g14_uefi_base.xml.template --no-confirm'.format(target_file)
+      print 'command: {0}'.format(command)
+      os.system(command)
+
+if len(sys.argv) != 2:
+  print 'usage: update_bios_settings.py <yaml>'
+  sys.exit(1)
+
+#create_rc_genesis("tools/j2/serverrc.j2", "rc")
+create_rc_masters("tools/j2/serverrc_raid.j2", "rc.raid")
+create_rc_workers("tools/j2/serverrc_raid.j2", "rc.raid")
+
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
similarity index 89%
rename from site/site30/profiles/genesis.yaml
rename to site/common/profiles/genesis.yaml
index 66a411b..408374e 100644 (file)
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -50,8 +50,9 @@ data:
       - ucp-control-plane=enabled
       - maas-control-plane=enabled
       - ceph-osd-bootstrap=enabled
-#      - openstack-libvirt=kernel
-#      - openvswitch=enabled
-#      - openstack-control-plane=enabled
-#      - openstack-nova-compute=enabled
+      - openstack-libvirt=kernel
+      - openvswitch=enabled
+      - openstack-control-plane=enabled
+      - openstack-nova-compute=enabled
+      - sriov=enabled
 ...
diff --git a/site/common/secrets/certificates/ingress.yaml b/site/common/secrets/certificates/ingress.yaml
new file mode 100644 (file)
index 0000000..6c111e8
--- /dev/null
@@ -0,0 +1,144 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+# self-signed certifacte generated based on
+# https://libvirt.org/remote.html#Remote_certificates
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: ingress-crt
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIFKzCCA5OgAwIBAgIMW2h6FCcFdKeaw3vnMA0GCSqGSIb3DQEBCwUAMBIxEDAO
+  BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTY0MDUyWhcNMTkwODA2MTY0MDUyWjBJ
+  MTUwMwYDVQQDEyxpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3Vu
+  ZHJ5LmNvbTEQMA4GA1UEChMHQWlyc2hpcDCCAaIwDQYJKoZIhvcNAQEBBQADggGP
+  ADCCAYoCggGBALvNHm/G/ylh6aPcvrhOcb4qz1BjcNtnxH8bzZng/rMeX3W2AzjC
+  r2JloJcDvOLBp/TkLOZPImnFW2/GCwktxPgXZuBTPzFV50g77KsPFw0fn3Si7+bs
+  F22tLhdOGk6MQj/WW4pKGHqdw1/VbPwOHBT+I4/scR1L2SZxYtSFIKGenHJH+PMV
+  bCdwnNOR80F8KRzK5iZs/r6S/QqVheieARSWWnk2+TtkM1BloGOhLSd+ZkWh9VO1
+  eOnZowkaDAJwD/G6zoSr5n+beaXzDnEcoVXFSwd4FLoV+om77o92XmZ4rVw0vTMO
+  k6jVwmkdT+dM2K2hLUG/TXWoV2/Qms70gzDOs85RtAkTPe4Ohtdpr51Q0hd35TKG
+  YLKzX/OPblD68iYJYSBvMPpAVTbFYVPW1AQx8wWfannYbMoeL8XTEOKfkqm90YP9
+  EhIdtmw4D7GZxlzG5FXXutmT9sqLfqlRu/RynAhBP8NQvw74WumhOe8r7GhCwgzC
+  gaPLGjeekoS6LQIDAQABo4IBSDCCAUQwDAYDVR0TAQH/BAIwADCBzQYDVR0RBIHF
+  MIHCgixpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNv
+  bYIta2V5c3RvbmUuYWlyc2hpcC1zZWF3b3J0aHkuYXRsYW50YWZvdW5kcnkuY29t
+  gilub3ZhLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNvbYIsaG9y
+  aXpvbi5haXJzaGlwLXNlYXdvcnRoeS5hdGxhbnRhZm91bmRyeS5jb22HBAoXFQuH
+  BAoXFgswEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNV
+  HQ4EFgQUfTAjNgn/1U1Uh1MJDYT2m4dzhsYwHwYDVR0jBBgwFoAUJFuXPZo6RzfE
+  BlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGBAE2ISWmrxqrledJI3aLaS9Yw
+  WsZc8O8CnIyLoxrE85vUubFjuI9ixC/6dJxl2iB1n0H8JgmFREox32Q4+kDJI8V/
+  X9x0PFpRzL7QEPrLZhW94Yis3sOphLW0rf0t06ZepdHHeodYJu1pVMDmLq6bKXdX
+  vo+/WwKnZBXC1qPbXJByv/CN9MtViXOnBGORFRTJPb6U8379LNWclJ/LW12yTwNk
+  JGIbZU61Vxu+2nLIabmmRoODH2jomgMOMMzLgjT3Hvw3whe8GrUoxDiPYQVTDGNm
+  ly6m+5B1Nx06fkZazonozeaOhSQ7RblUSbo+w8TJmLRzD9ft7p4vpjBGxRADMcuF
+  DOjATgdZeisBUHTGEO0P6wJOBQuCFMX9AVl+u8ZpcuRaRaN+pBE6/BqcHBB6qV/N
+  w2DdNtP8BrJ3kJVNEDIo5oTbH5SToxgA4hWBV42M1rB+5vIMDKN3rwVDdNKWYhYc
+  VZpU3V9V6JzSW1O2w4Wu9PdbWJD9oSvC0qJgnjOXzg==
+  -----END CERTIFICATE-----
+...
+---
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: ingress-ca
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIID7TCCAlWgAwIBAgIMW2h3tgSwie0Ypx8eMA0GCSqGSIb3DQEBCwUAMBIxEDAO
+  BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTYzMDQ2WhcNMTkwODA2MTYzMDQ2WjAS
+  MRAwDgYDVQQDEwdBaXJzaGlwMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC
+  AYEAny0Nqu9U2tXdCCTNzD2T62htMmBLg3CmzWajfbfFl7ALqzo3HgbbY3PxTHDE
+  OJ/lwdm0HkEaGfEDXhJd06WZsa8+fKGqhKXvZXwXx5mJ8LCGxz6xiaxwo9lnKe6V
+  o3YX7bJ5YIVxQ2jhvZo+dY8Z/buloi2Tp2HbqTejKULH9+qdiQTDXAnyR0NLqzJ0
+  YQ4v4yU3zix3nBi8z29lQekGO9quNEka3nw2n0Gxmq5z1bNALGCF5F759mVkB0uT
+  fPGF+zm9eqlqAgduYg7R+JYUumVHvIoRY454GtAdZHTJHJZP0gQSGJsLff8ROFpI
+  GVYsOZhJXU9Ihc5VBC5PMErbmCn0YkuxAWNOYBstZ8l+uY6YiPoFV5Ulc/8M0If+
+  T6jbqzWoFC+4ysgY95RKOw53S4o/T6AFwiIKIw0xp3UfHCf6kr5Y0+XdDn5CXpJB
+  d1KK3PoUWzPSsxcUMXvgKWT4x1vsCId21dn1SmVSOEBhM08VZfjd5bvL9Xjt/E0j
+  mUqDAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAd
+  BgNVHQ4EFgQUJFuXPZo6RzfEBlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGB
+  AJaoEtnDoWUUs4nSSqIGcoCfpIO0oqVp8DvkBOcxz5Rz8vMVJSC24/UnuCD2Wknx
+  2V/E3edXIeRo7duhPtNCT7c8OKY/pJsZQTgOczn4rphoD1pmAIPZmpG6ssPadPiM
+  EP8xWJHZt8NXG7D5kJX2COvBvgNeWXL6MF7Tv8+t5xzt59Vitdb/7lm9Z6jjpvN+
+  zoG0pKx3XYESsnLAVAf00F+kWwds/3x3gQywUAQUDER0jliYUE5id+sojp357Cl9
+  XtY+8zSnTduuP8CfMhwv5p6j9xbqacfT7AzpQ6cy4xcQ7MA6JBQcxbaq4NtvIf6+
+  d/5N9d8LGnfXdCd9iwNy9Qk23Ea0SNhnk9F/NqGBPakU4TbHh4iTYMC/+hDGInpO
+  TIRelTidNBFNaIBg3Z0vsh0lDwbt/xhpXip+ZVBqKMTtktEceiVGru9cYUQA2tKI
+  XNoc5s0uQGMpdFzgED4lXZf+n7yGVMKohvi7Yn96HqujGIrVH6qThsI6m7pUSz40
+  +g==
+  -----END CERTIFICATE-----
+...
+---
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: ingress-key
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIG4wIBAAKCAYEAu80eb8b/KWHpo9y+uE5xvirPUGNw22fEfxvNmeD+sx5fdbYD
+  OMKvYmWglwO84sGn9OQs5k8iacVbb8YLCS3E+Bdm4FM/MVXnSDvsqw8XDR+fdKLv
+  5uwXba0uF04aToxCP9ZbikoYep3DX9Vs/A4cFP4jj+xxHUvZJnFi1IUgoZ6cckf4
+  8xVsJ3Cc05HzQXwpHMrmJmz+vpL9CpWF6J4BFJZaeTb5O2QzUGWgY6EtJ35mRaH1
+  U7V46dmjCRoMAnAP8brOhKvmf5t5pfMOcRyhVcVLB3gUuhX6ibvuj3ZeZnitXDS9
+  Mw6TqNXCaR1P50zYraEtQb9NdahXb9CazvSDMM6zzlG0CRM97g6G12mvnVDSF3fl
+  MoZgsrNf849uUPryJglhIG8w+kBVNsVhU9bUBDHzBZ9qedhsyh4vxdMQ4p+Sqb3R
+  g/0SEh22bDgPsZnGXMbkVde62ZP2yot+qVG79HKcCEE/w1C/Dvha6aE57yvsaELC
+  DMKBo8saN56ShLotAgMBAAECggGAYzZDhA1+sx/0zApL/xYB5NK83t0Ju/8fwX6w
+  qUBBjeLXz1mubgf7m2HQ6ragzLI9xpPcXHcl2PbYDT50ig7R5baHNK8FzUxyeKif
+  qOa56Mbx+C4zyqyi2+AHX2x1XVWfkhXuGip2sCA0HKalgqr5juWLZ/ci8rUlLLft
+  3BPQX1FpmL4I+HIyxsspLmQGPGwZVAqkd1xRX+BLKZJAQdlm/LdJaIvwMr4Glcx6
+  ZOe68QhHgzXCYsyV6gR9qstF2OvVuLa2mUc7EzYInFIFhXUdAAwmDqkuuLRdRQhf
+  Ur8nqQW33T0cG0GBUzgBI5YmSPJvTSzcPmeSyNVx2/Yb0pkuXtCw67oDcAsN4nW8
+  uls49E2RaiLJYsy5vPsX5aJNcAxw/CWLdadQ3ukviD/MDJbpTl4F52GOVYL6K4XH
+  g5TJjj7xzjmK3ldR/Kscg7HpCitQLGUYdgIsAFdspXf4aSIa68IjDrc5NsJZuMzc
+  PbVHrw7QYNfHY7VNdUlOVqH5lS3BAoHBANRqKrQXtnJmM006TCEJXdcN/5M685jz
+  +L4Ox0Rhrq8ROgcN5q/hjKb6kP/MccQ9voGQOl9TKEyinGNdTtyc/fuH7RNlQwpS
+  HT+vEzVEcrSe8UFs8c6oJnHFO72ylFcibFf56LvbI3L8BZXp7gPSPQkp5f1NWEZk
+  X5bUL4UNiOm0diltba/ofxywF0M9WGD00eqi0Q29JRlvun+355j06CENxRoonNZC
+  wk1evIxhhckP9zLjI2Ykb1hV6yzwPWtmyQKBwQDiVgru/B396KhzDhLl5AL+pBWA
+  GsfiCbmPLh6W6V5VzldB4+GlMRrJ4zSjZQ3/nvX5KepqjMn1N6LQpZQUI/YShCKE
+  mW0XMiAfbp2d23MRMjLD8L/bIoBHQOPkCaMjbmyDOlCagWakEvHJO/TieVgTmYk6
+  mtEYVjJFWI9OCNMAHdl8ovWr3p+8YbVZ8LLv5ZO/V1cIjczoNQ6p8LG/pPMTDLXM
+  ScN9a8z3f8LQLBHBlu0155xvt95PQLAon/x21kUCgcAvPVk36hoiQQZhw3hQ1JNx
+  E2TmanLobkHAiurYE11VA+DC1t2Z+fBc5la+/MnEWfL3P4srzgOlX3imRIcYWzXE
+  7crUyG1ray2kDxyXeRyFfN+srDzut8is/q81lfSVmEs+GY8f0DGHDfN0Dq1nXidC
+  1XWXqs7aANKdaZ0T2xm61+57ciG1wGAckjDqPEdecLQKmaEijBEnIgj5BH5WLwk8
+  6KIQGj4fDIPHzyzhj4LAX3ObdpZVzf6RR7JgsSEHtLkCgcBROW2dDC87MqZY++D+
+  TVBhz8LDgVjgHntQDc3+fGtVQcKAq+YLYU7qyrXWOWrHpGVDcK5mZHYJoVi1peY5
+  QBqL1I2KpoDGxT9P6GN6BgoKTsh3FsvTOVNtvrTJ3keEbJlWkrPgbrXGBeJtRC4C
+  pGdeSUg9FtgY8r4BsuFisLoAHbYyC008y5zpfusVBtNAUlQuY4qhUDoLzxafF/jB
+  /NEasgH/+SzFss0QuPHRwS7yGVaxdJfoY8TNDjrpqVhx0T0CgcEAvKG4UoWvT8gJ
+  pIeeAxxnv9yrMxgpntu4RXPDHgfX5tva6EaM3r3nLXjd9FVtlQ4cNBMhp9HNhS3a
+  dK+oEDcBysVxxfltlS2Bx0+gQf3WxgBCJwayKe3i/XCDza92EENgxTPmqB1LHiq5
+  2b5aOl2Y5fP0eX6UryxRc443c/ejMHw4lGwnno0qpRk9M9Ucqv5J96QCfAlBSQQS
+  gOG9cypL0kBWzCejn9W4av8HkM8Noqd7Tqul1onv/46OBaX51kt3
+  -----END RSA PRIVATE KEY-----
+...
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
diff --git a/site/common/secrets/passphrases/osh_keystone_ldap_password.yaml b/site/common/secrets/passphrases/osh_keystone_ldap_password.yaml
new file mode 100644 (file)
index 0000000..b253174
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_ldap_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 5aacc198d8a1edeff4a8
+...
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
diff --git a/site/common/software/charts/osh-infra/osh-infra-logging/elasticsearch.yaml b/site/common/software/charts/osh-infra/osh-infra-logging/elasticsearch.yaml
new file mode 100644 (file)
index 0000000..f838322
--- /dev/null
@@ -0,0 +1,32 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: elasticsearch
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      hosttype: elasticsearch-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data: {}
+...
diff --git a/site/common/software/charts/osh-infra/osh-infra-logging/fluent-logging.yaml b/site/common/software/charts/osh-infra/osh-infra-logging/fluent-logging.yaml
new file mode 100644 (file)
index 0000000..bf4b39f
--- /dev/null
@@ -0,0 +1,32 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: fluent-logging
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      hosttype: fluent-logging-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data: {}
+...
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
diff --git a/site/common/software/config/endpoints.yaml b/site/common/software/config/endpoints.yaml
new file mode 100644 (file)
index 0000000..0f0324c
--- /dev/null
@@ -0,0 +1,1582 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: pegleg/EndpointCatalogue/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_endpoints
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+  # substitutions:
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .ucp.identity.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .ucp.shipyard.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .ceph.object_store.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .ceph.ceph_object_store.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .ceph.object_store.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .ceph.object_store.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .ceph.object_store.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .ceph.ceph_object_store.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .ceph.ceph_object_store.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .ceph.ceph_object_store.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .ucp.identity.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .ucp.identity.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .ucp.identity.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .ucp.shipyard.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .ucp.shipyard.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .ucp.shipyard.host_fqdn_override.public.tls.key
+data:
+  ucp:
+    identity:
+      namespace: ucp
+      name: keystone
+      hosts:
+        default: keystone-api
+        public: keystone
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: iam.DOMAIN
+      path:
+        default: /v3
+      scheme:
+        default: http
+        # public: https
+      port:
+        admin:
+          default: 35357
+        api:
+          default: 80
+          public: 80
+    armada:
+      name: armada
+      hosts:
+        default: armada-api
+        public: armada
+      port:
+        api:
+          default: 8000
+      path:
+        default: /api/v1.0
+      scheme:
+        default: http
+      host_fqdn_override:
+        default: null
+    deckhand:
+      name: deckhand
+      hosts:
+        default: deckhand-int
+        public: deckhand-api
+      port:
+        api:
+          default: 9000
+      path:
+        default: /api/v1.0
+      scheme:
+        default: http
+      host_fqdn_override:
+        default: null
+    postgresql:
+      name: postgresql
+      hosts:
+        default: postgresql
+      path: /DB_NAME
+      scheme: postgresql+psycopg2
+      port:
+        postgresql:
+          default: 5432
+      host_fqdn_override:
+        default: null
+    postgresql_airflow_celery:
+      name: postgresql_airflow_celery_db
+      hosts:
+        default: postgresql
+      path: /DB_NAME
+      scheme: db+postgresql
+      port:
+        postgresql:
+          default: 5432
+      host_fqdn_override:
+        default: null
+    oslo_db:
+      hosts:
+        default: mariadb
+        discovery: mariadb-discovery
+      host_fqdn_override:
+        default: null
+      path: /DB_NAME
+      scheme: mysql+pymysql
+      port:
+        mysql:
+          default: 3306
+        wsrep:
+          default: 4567
+    key_manager:
+      name: barbican
+      hosts:
+        default: barbican-api
+        public: barbican
+      host_fqdn_override:
+        default: null
+      path:
+        default: /v1
+      scheme:
+        default: http
+      port:
+        api:
+          default: 9311
+          public: 80
+    oslo_messaging:
+      namespace: null
+      hosts:
+        default: rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /openstack
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+    oslo_cache:
+      hosts:
+        default: memcached
+      host_fqdn_override:
+        default: null
+      port:
+        memcache:
+          default: 11211
+    physicalprovisioner:
+      name: drydock
+      hosts:
+        default: drydock-api
+      port:
+        api:
+          default: 9000
+          nodeport: 31900
+      path:
+        default: /api/v1.0
+      scheme:
+        default: http
+      host_fqdn_override:
+        default: null
+    maas_region_ui:
+      name: maas-region-ui
+      hosts:
+        default: maas-region-ui
+        public: maas
+      path:
+        default: /MAAS
+      scheme:
+        default: "http"
+      port:
+        region_ui:
+          default: 80
+          public: 80
+      host_fqdn_override:
+        default: null
+    kubernetesprovisioner:
+      name: promenade
+      hosts:
+        default: promenade-api
+      port:
+        api:
+          default: 80
+      path:
+        default: /api/v1.0
+      scheme:
+        default: http
+      host_fqdn_override:
+        default: null
+    shipyard:
+      name: shipyard
+      hosts:
+        default: shipyard-int
+        public: shipyard-api
+      port:
+        api:
+          default: 9000
+          public: 80
+      path:
+        default: /api/v1.0
+      scheme:
+        default: http
+        # public: https
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: shipyard.DOMAIN
+    airflow_web:
+      name: airflow-web
+      hosts:
+        default: airflow-web-int
+        public: airflow-web
+      port:
+        airflow_web:
+          default: 8080
+      path:
+        default: /
+      scheme:
+        default: http
+      host_fqdn_override:
+        default: null
+    airflow_flower:
+      name: airflow-flower
+      hosts:
+        default: airflow-flower
+      port:
+        airflow_flower:
+          default: 5555
+      path:
+        default: /
+      scheme:
+        default: http
+      host_fqdn_override:
+        default: null
+  ceph:
+    object_store:
+      name: swift
+      namespace: ceph
+      hosts:
+        default: ceph-rgw
+        public: radosgw
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: object-store.DOMAIN
+      path:
+        default: /swift/v1
+      scheme:
+        default: http
+        # public: "https"
+      port:
+        api:
+          default: 8088
+          # public: 443
+    ceph_object_store:
+      name: radosgw
+      namespace: ceph
+      hosts:
+        default: ceph-rgw
+        public: radosgw
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: object-store.DOMAIN
+      path:
+        default: /auth/v1.0
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8088
+          # public: 443
+    ceph_mon:
+      namespace: ceph
+      hosts:
+        default: ceph-mon
+        discovery: ceph-mon-discovery
+      host_fqdn_override:
+        default: null
+      port:
+        mon:
+          default: 6789
+    ceph_mgr:
+      namespace: ceph
+      hosts:
+        default: ceph-mgr
+      host_fqdn_override:
+        default: null
+      port:
+        mgr:
+          default: 7000
+      scheme:
+        default: http
+...
+---
+schema: pegleg/EndpointCatalogue/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_endpoints
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+  # substitutions:
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.object_store.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.ceph_object_store.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.object_store.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.object_store.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.object_store.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.ceph_object_store.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.ceph_object_store.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.ceph_object_store.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.image.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.cloudformation.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.orchestration.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.compute.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.compute_novnc_proxy.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.placement.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.network.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.identity.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.dashboard.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.volume.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.volumev2.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.volumev3.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.identity.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.identity.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.identity.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.orchestration.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.orchestration.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.orchestration.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.cloudformation.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.cloudformation.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.cloudformation.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.dashboard.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.dashboard.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.dashboard.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.image.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.image.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.image.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.volume.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.volume.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.volume.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.volumev2.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.volumev2.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.volumev2.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.volumev3.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.volumev3.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.volumev3.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.compute.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.compute.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.compute.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.placement.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.placement.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.placement.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.network.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.network.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.network.host_fqdn_override.public.tls.key
+data:
+  osh:
+    object_store:
+      name: swift
+      namespace: ceph
+      hosts:
+        default: ceph-rgw
+        public: radosgw
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: object-store.DOMAIN
+      path:
+        default: /swift/v1/KEY_$(tenant_id)s
+      scheme:
+        default: http
+        # public: "https"
+      port:
+        api:
+          default: 8088
+          # public: 443
+    ceph_object_store:
+      name: radosgw
+      namespace: ceph
+      hosts:
+        default: ceph-rgw
+        public: radosgw
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: object-store.DOMAIN
+      path:
+        default: /auth/v1.0
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8088
+          # public: 443
+    oslo_db:
+      hosts:
+        default: mariadb
+        discovery: mariadb-discovery
+      host_fqdn_override:
+        default: null
+      path: /DB_NAME
+      scheme: mysql+pymysql
+      port:
+        mysql:
+          default: 3306
+        wsrep:
+          default: 4567
+    keystone_oslo_messaging:
+      namespace: openstack
+      hosts:
+        default: keystone-rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /keystone
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+        http:
+          default: 15672
+    keystone_rabbitmq_exporter:
+      namespace: openstack
+      hosts:
+        default: keystone-rabbitmq-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9095
+    oslo_cache:
+      namespace: openstack
+      hosts:
+        default: memcached
+      host_fqdn_override:
+        default: null
+      port:
+        memcache:
+          default: 11211
+    identity:
+      namespace: openstack
+      name: keystone
+      hosts:
+        default: keystone-api
+        public: keystone
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: identity.DOMAIN
+      path:
+        default: /v3
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        admin:
+          default: 35357
+        api:
+          default: 80
+          # public: 443
+    glance_oslo_messaging:
+      namespace: openstack
+      hosts:
+        default: glance-rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /glance
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+        http:
+          default: 15672
+    glance_rabbitmq_exporter:
+      namespace: openstack
+      hosts:
+        default: glance-rabbitmq-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9095
+    image:
+      name: glance
+      hosts:
+        default: glance-api
+        public: glance
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: image.DOMAIN
+      path:
+        default: null
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 9292
+          # public: 443
+    image_registry:
+      name: glance-registry
+      hosts:
+        default: glance-registry
+        public: glance-reg
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 9191
+          public: 80
+    cinder_oslo_messaging:
+      namespace: openstack
+      hosts:
+        default: cinder-rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /cinder
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+        http:
+          default: 15672
+    cinder_rabbitmq_exporter:
+      namespace: openstack
+      hosts:
+        default: cinder-rabbitmq-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9095
+    volume:
+      name: cinder
+      hosts:
+        default: cinder-api
+        public: cinder
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: volume.DOMAIN
+      path:
+        default: "/v1/%(tenant_id)s"
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8776
+          # public: 443
+    volumev2:
+      name: cinderv2
+      hosts:
+        default: cinder-api
+        public: cinder
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: volume.DOMAIN
+      path:
+        default: "/v2/%(tenant_id)s"
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8776
+          # public: 443
+    volumev3:
+      name: cinderv3
+      hosts:
+        default: cinder-api
+        public: cinder
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: volume.DOMAIN
+      path:
+        default: "/v3/%(tenant_id)s"
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8776
+          # public: 443
+    heat_oslo_messaging:
+      namespace: openstack
+      hosts:
+        default: heat-rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /heat
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+        http:
+          default: 15672
+    heat_rabbitmq_exporter:
+      namespace: openstack
+      hosts:
+        default: heat-rabbitmq-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9095
+    orchestration:
+      name: heat
+      hosts:
+        default: heat-api
+        public: heat
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: orchestration.DOMAIN
+      path:
+        default: "/v1/%(project_id)s"
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8004
+          # public: 443
+    cloudformation:
+      name: heat-cfn
+      hosts:
+        default: heat-cfn
+        public: cloudformation
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: cloudformation.DOMAIN
+      path:
+        default: /v1
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8000
+          # public: 443
+    cloudwatch:
+      name: heat-cloudwatch
+      hosts:
+        default: heat-cloudwatch
+        public: cloudwatch
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      type: null
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 8003
+          public: 80
+    neutron_oslo_messaging:
+      namespace: openstack
+      hosts:
+        default: neutron-rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /neutron
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+        http:
+          default: 15672
+    neutron_rabbitmq_exporter:
+      namespace: openstack
+      hosts:
+        default: neutron-rabbitmq-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9095
+    network:
+      name: neutron
+      hosts:
+        default: neutron-server
+        public: neutron
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: network.DOMAIN
+      path:
+        default: null
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 9696
+          # public: 443
+    nova_oslo_messaging:
+      namespace: openstack
+      hosts:
+        default: nova-rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /nova
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+        http:
+          default: 15672
+    nova_rabbitmq_exporter:
+      namespace: openstack
+      hosts:
+        default: nova-rabbitmq-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9095
+    compute:
+      name: nova
+      hosts:
+        default: nova-api
+        public: nova
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: compute.DOMAIN
+      path:
+        default: "/v2/%(tenant_id)s"
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8774
+          # public: 443
+        novncproxy:
+          default: 443
+    compute_metadata:
+      name: nova
+      hosts:
+        default: nova-metadata
+        public: metadata
+      host_fqdn_override:
+        default: null
+      path:
+        default: /
+      scheme:
+        default: "http"
+      port:
+        metadata:
+          default: 8775
+          public: 80
+    compute_novnc_proxy:
+      name: nova
+      hosts:
+        default: nova-novncproxy
+        public: novncproxy
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: nova-novncproxy.DOMAIN
+      path:
+        default: /vnc_auto.html
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        novnc_proxy:
+          default: 6080
+          # public: 443
+    compute_spice_proxy:
+      name: nova
+      hosts:
+        default: nova-spiceproxy
+      host_fqdn_override:
+        default: null
+      path:
+        default: /spice_auto.html
+      scheme:
+        default: "http"
+      port:
+        spice_proxy:
+          default: 6082
+    placement:
+      name: placement
+      hosts:
+        default: placement-api
+        public: placement
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: placement.DOMAIN
+      path:
+        default: /
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8778
+          # public: 443
+    dashboard:
+      name: horizon
+      hosts:
+        default: horizon-int
+        public: horizon
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: dashboard.DOMAIN
+      path:
+        default: null
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        web:
+          default: 80
+          # public: 443
+...
+---
+schema: pegleg/EndpointCatalogue/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_endpoints
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+  # substitutions:
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh_infra.kibana.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh_infra.grafana.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh_infra.nagios.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.kibana.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.kibana.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.kibana.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.grafana.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.grafana.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.grafana.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.nagios.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.nagios.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.nagios.host_fqdn_override.public.tls.key
+  #       path: .osh_infra.nagios.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .ldap.base_url
+  #     dest:
+  #       path:  .osh_infra.ldap.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .ldap.auth_path
+  #     dest:
+  #       path:  .osh_infra.ldap.path.default
+  #       pattern: AUTH_PATH
+data:
+  osh_infra:
+    elasticsearch:
+      name: elasticsearch
+      namespace: osh-infra
+      hosts:
+        data: elasticsearch-data
+        default: elasticsearch-logging
+        discovery: elasticsearch-discovery
+        public: elasticsearch
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        http:
+          default: 80
+    prometheus_elasticsearch_exporter:
+      namespace: null
+      hosts:
+        default: elasticsearch-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9108
+    fluentd:
+      namespace: osh-infra
+      name: fluentd
+      hosts:
+        default: fluentd-logging
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        service:
+          default: 24224
+        metrics:
+          default: 24220
+    prometheus_fluentd_exporter:
+      namespace: osh-infra
+      hosts:
+        default: fluentd-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9309
+    oslo_db:
+      namespace: osh-infra
+      hosts:
+        default: mariadb
+      host_fqdn_override:
+        default: null
+      path: /DB_NAME
+      scheme: mysql+pymysql
+      port:
+        mysql:
+          default: 3306
+    grafana:
+      name: grafana
+      namespace: osh-infra
+      hosts:
+        default: grafana-dashboard
+        public: grafana
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: grafana.DOMAIN
+      path:
+        default: null
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        grafana:
+          default: 3000
+          # public: 443
+    monitoring:
+      name: prometheus
+      namespace: osh-infra
+      hosts:
+        default: prom-metrics
+        public: prometheus
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 9090
+          public: 80
+    kibana:
+      name: kibana
+      namespace: osh-infra
+      hosts:
+        default: kibana-dash
+        public: kibana
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: kibana.DOMAIN
+      path:
+        default: null
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        kibana:
+          default: 5601
+          # public: 443
+    alerts:
+      name: alertmanager
+      namespace: osh-infra
+      hosts:
+        default: alerts-engine
+        public: alertmanager
+        discovery: alertmanager-discovery
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 9093
+          public: 80
+        mesh:
+          default: 6783
+    kube_state_metrics:
+      namespace: kube-system
+      hosts:
+        default: kube-state-metrics
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        http:
+          default: 8080
+    kube_scheduler:
+      scheme:
+        default: "http"
+      path:
+        default: /metrics
+    kube_controller_manager:
+      scheme:
+        default: "http"
+      path:
+        default: /metrics
+    node_metrics:
+      namespace: kube-system
+      hosts:
+        default: node-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9100
+        prometheus_port:
+          default: 9100
+    prometheus_openstack_exporter:
+      namespace: openstack
+      hosts:
+        default: openstack-metrics
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        exporter:
+          default: 9103
+    nagios:
+      name: nagios
+      namespace: osh-infra
+      hosts:
+        default: nagios-metrics
+        public: nagios
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: nagios.DOMAIN
+      path:
+        default: null
+      scheme:
+        default: http
+        # public: https
+      port:
+        http:
+          default: 80
+          # public: 443
+    ldap:
+      hosts:
+        default: ldap
+      host_fqdn_override:
+        default: null
+        public:
+          host: DOMAIN
+      path:
+        default: /AUTH_PATH
+      scheme:
+        default: "ldap"
+      port:
+        ldap:
+          default: 389
+...
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -401,4 +401,13 @@ data:
         username: prometheus-openstack-exporter
         project_name: service
         user_domain_name: default
+    nagios:
+      admin:
+        username: nagios
+    ldap:
+      admin:
+        # NEWSITE-CHANGEME: Replace with the site's LDAP account used to
+        # authenticate to the active directory backend to validate keystone
+        # users.
+        bind: "test@ldap.example.com"
 ...
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -29,7 +29,7 @@ metadata:
         path: .
   storagePolicy: cleartext
 data:
-  release_prefix: clcp
+  release_prefix: airship
   chart_groups:
     - kubernetes-proxy
     - kubernetes-container-networking
@@ -48,10 +48,6 @@ data:
     - ucp-drydock
     - ucp-promenade
     - ucp-shipyard
-#    - artifactory-ceph-config
-#    - artifactory-mariadb
-#    - artifactory-webapp
-#    - jenkins
     - osh-infra-ingress-controller
     - osh-infra-ceph-config
     - osh-infra-logging
@@ -62,15 +58,12 @@ data:
     - openstack-ceph-config
     - openstack-mariadb
     - openstack-memcached
-    - openstack-compute-services
     - openstack-keystone
-    - openstack-glance
     - openstack-radosgw
+    - openstack-glance
     - openstack-cinder
     - openstack-compute-kit
     - openstack-heat
     - osh-infra-prometheus-openstack-exporter
     - openstack-horizon
-    - openstack-barbican
-
 ...
diff --git a/site/dellgen10/baremetal/bootaction-sriov-blacklist.yaml b/site/dellgen10/baremetal/bootaction-sriov-blacklist.yaml
new file mode 100644 (file)
index 0000000..2ad6637
--- /dev/null
@@ -0,0 +1,42 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: 'drydock/BootAction/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: i40evf_blacklist
+  storagePolicy: 'cleartext'
+  layeringDefinition:
+    abstract: false
+    layer: site
+  labels:
+    application: 'drydock'
+data:
+  signaling: false
+  node_filter:
+    filter_set_type: 'union'
+    filter_set:
+      - filter_type: 'union'
+  assets:
+    - path: /etc/modprobe.d/sriov_blacklist.conf
+      type: file
+      permissions: '644'
+      data_pipeline:
+        - utf8_decode
+      data: |
+        blacklist i40evf
+...
diff --git a/site/dellgen10/baremetal/calico-ip-rules.yaml b/site/dellgen10/baremetal/calico-ip-rules.yaml
new file mode 100644 (file)
index 0000000..022b17c
--- /dev/null
@@ -0,0 +1,160 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: 'drydock/BootAction/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: calico-ip-rules
+  storagePolicy: 'cleartext'
+  layeringDefinition:
+    abstract: false
+    layer: site
+  labels:
+    application: 'drydock'
+  substitutions:
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .kubernetes.pod_cidr
+      dest:
+        path: .assets[0].data
+        pattern: DH_SUB_POD_CIDR
+data:
+  signaling: false
+  assets:
+    - path: /etc/systemd/system/configure-ip-rules.service
+      type: unit
+      permissions: '444'
+      data: |-
+        [Unit]
+        Description=IP Rules Initialization Service
+        After=network-online.target local-fs.target
+
+        [Service]
+        Type=simple
+        ExecStart=/opt/configure-ip-rules.sh -g 172.29.1.1 -c 10.98.0.0/16 -s 172.29.1.128/29
+
+        [Install]
+        WantedBy=multi-user.target
+      data_pipeline:
+        - utf8_decode
+    - path: /opt/configure-ip-rules.sh
+      type: file
+      permissions: '700'
+      data_pipeline:
+        - utf8_decode
+      data: |-
+        #!/bin/bash
+        set -ex
+
+        function usage() {
+            cat <<EOU
+        Options are:
+
+          -c POD_CIDR     The pod CIDR for the Kubernetes cluster, e.g. 10.98.0.0/16
+          -i INTERFACE    The interface for internal pod traffic, e.g. bond1.2006
+          -o OVERLAP_CIDR (optional) This CIDR will be routed via the VRRP IP on
+                          INTERFACE.  It is used to provide a work around when
+                          complete Calico routes cannot be received via BGP.
+                          e.g. 10.96.0.0/15.  NOTE: This must include the POD_CIDR.
+          -s SERVICE_CIDR (optional) A routable CIDR to configure for ingress, maas,
+                          e.g. 135.21.99.192/29
+        EOU
+        }
+
+        SERVICE_CIDR=
+        OVERLAP_CIDR=
+
+        while getopts ":c:hi:o:s:" o; do
+            case "${o}" in
+                c)
+                    POD_CIDR=${OPTARG}
+                    ;;
+                h)
+                    usage
+                    exit 0
+                    ;;
+                i)
+                    INTERFACE=${OPTARG}
+                    ;;
+                o)
+                    OVERLAP_CIDR=${OPTARG}
+                    ;;
+                s)
+                    SERVICE_CIDR=${OPTARG}
+                    ;;
+                \?)
+                    echo "Unknown option: -${OPTARG}" >&2
+                    exit 1
+                    ;;
+                :)
+                    echo "Missing argument for option: -${OPTARG}" >&2
+                    exit 1
+                    ;;
+                *)
+                    echo "Unimplemented option: -${OPTARG}" >&2
+                    exit 1
+                    ;;
+            esac
+        done
+        shift $((OPTIND-1))
+
+        if [ "x$POD_CIDR" == "x" ]; then
+            echo "Missing pod CIDR, e.g -c 10.98.0.0/16" >&2
+            usage
+            exit 1
+        fi
+
+        if [ "x$INTERFACE" == "x" ]; then
+            echo "Missing interface, e.g. -i bond1.2006" >&2
+            usage
+            exit 1
+        fi
+
+        while ! ip route list dev "${INTERFACE}" > /dev/null; do
+            echo Waiting for device "${INTERFACE}" to be ready. >&2
+            sleep 5
+        done
+
+        intra_vrrp_ip=$(ip route list dev "${INTERFACE}" | awk '($2~/via/){print $3}' | head -n 1)
+
+        TABLE="1500"
+
+        # Setup a routing table for traffic from service IPs
+        ip route flush table "${TABLE}"
+        ip route add default via "${intra_vrrp_ip}" table "${TABLE}"
+
+        if [ "x$OVERLAP_CIDR" != "x" ]; then
+            # NOTE(mb874d): This is a work-around for nodes not receiving complete
+            # routes via BGP.  It may also be required for brownfield large sites.
+            ip route add "${OVERLAP_CIDR}" via "${intra_vrrp_ip}"
+        fi
+
+        if [ "x$SERVICE_CIDR" != "x" ]; then
+            # Traffic from the service IPs to pods should use the pod network.
+            ip rule add \
+                from "${SERVICE_CIDR}" \
+                to "${POD_CIDR}" \
+                lookup main \
+                pref 10000
+            # Other traffic from service IPs should only use the VRRP IP
+            ip rule add \
+                from "${SERVICE_CIDR}" \
+                lookup "${TABLE}" \
+                pref 10100
+        fi
+...
diff --git a/site/dellgen10/baremetal/promjoin.yaml b/site/dellgen10/baremetal/promjoin.yaml
new file mode 100644 (file)
index 0000000..235895c
--- /dev/null
@@ -0,0 +1,60 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: 'drydock/BootAction/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: promjoin
+  storagePolicy: 'cleartext'
+  layeringDefinition:
+    abstract: false
+    layer: site
+  labels:
+    application: 'drydock'
+data:
+  signaling: false
+  node_filter:
+    filter_set_type: 'union'
+    filter_set:
+      - filter_type: 'union'
+        node_names:
+          - 'aknode41'
+          - 'aknode42'
+  # TODO(alanmeadows) move what is global about this document - everything except nodenames to global
+  assets:
+    - path: /opt/promjoin.sh
+      type: file
+      permissions: '555'
+      # TODO(alanmeadows) You must replace the ip= parameter below with the appropriate MaaS network name of the network
+      # you should use to contact kubernetes in the case below, this is cab24_mgmt
+      location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}&ip={{ node.network.calico.ip }}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %}
+      location_pipeline:
+        - template
+      data_pipeline:
+        - utf8_decode
+    - path: /lib/systemd/system/promjoin.service
+      type: unit
+      permissions: '600'
+      data: |-
+        W1VuaXRdCkRlc2NyaXB0aW9uPVByb21lbmFkZSBJbml0aWFsaXphdGlvbiBTZXJ2aWNlCkFmdGVy
+        PW5ldHdvcmstb25saW5lLnRhcmdldCBsb2NhbC1mcy50YXJnZXQKQ29uZGl0aW9uUGF0aEV4aXN0
+        cz0hL3Zhci9saWIvcHJvbS5kb25lCgpbU2VydmljZV0KVHlwZT1zaW1wbGUKRXhlY1N0YXJ0PS9v
+        cHQvcHJvbWpvaW4uc2gKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldAo=
+      data_pipeline:
+        - base64_decode
+        - utf8_decode
+...
diff --git a/site/dellgen10/baremetal/rack.yaml b/site/dellgen10/baremetal/rack.yaml
new file mode 100644 (file)
index 0000000..94eecc5
--- /dev/null
@@ -0,0 +1,99 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: aknode41
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  host_profile: ControlPlane
+  # the hostname for a server, could be used in multiple DNS domains to
+  # represent different interfaces
+  addressing:
+      # Which network the address applies to. If a network appears in addressing
+      # that isn't assigned to an interface, design validation will fail
+    - network: oob
+      address: 192.168.41.41
+    - network: pxe
+      # The address assigned. Either a explicit IPv4 or IPv6 address
+      # or dhcp or slaac
+      address: 172.30.2.41
+    - network: oam
+      address: 192.168.2.41
+    - network: storage
+      address: 172.31.2.41
+    - network: overlay
+      address: 10.0.102.41
+    - network: calico
+      address: 172.29.1.41
+  metadata:
+    rack: RACK01
+    tags:
+      - 'masters'
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: aknode42
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  host_profile: ControlPlane
+  # the hostname for a server, could be used in multiple DNS domains to
+  # represent different interfaces
+  addressing:
+      # Which network the address applies to. If a network appears in addressing
+      # that isn't assigned to an interface, design validation will fail
+    - network: oob
+      address: 192.168.41.42
+    - network: pxe
+      # The address assigned. Either a explicit IPv4 or IPv6 address
+      # or dhcp or slaac
+      address: 172.30.2.42
+    - network: oam
+      address: 192.168.2.42
+    - network: storage
+      address: 172.31.2.42
+    - network: overlay
+      address: 10.0.102.42
+    - network: calico
+      address: 172.29.1.42
+  metadata:
+    rack: RACK01
+    tags:
+      - 'masters'
+...
diff --git a/site/dellgen10/deployment/deployment-configuration.yaml b/site/dellgen10/deployment/deployment-configuration.yaml
new file mode 100644 (file)
index 0000000..22fae54
--- /dev/null
@@ -0,0 +1,29 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: shipyard/DeploymentConfiguration/v1
+metadata:
+  schema: metadata/Document/v1
+  name: deployment-configuration
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  armada:
+    manifest: 'full-site'
+...
diff --git a/site/dellgen10/networks/common-addresses.yaml b/site/dellgen10/networks/common-addresses.yaml
new file mode 100644 (file)
index 0000000..21e5812
--- /dev/null
@@ -0,0 +1,103 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: pegleg/CommonAddresses/v1
+metadata:
+  schema: metadata/Document/v1
+  name: common-addresses
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  calico:
+    ip_autodetection_method: interface=bond0.44
+    etcd:
+      service_ip: 10.96.232.136
+
+  dns:
+    cluster_domain: cluster.local
+    service_ip: 10.96.0.10
+    upstream_servers:
+      - 192.168.2.85
+      - 8.8.8.8
+      - 8.8.8.8
+    upstream_servers_joined: '192.168.2.85,8.8.8.8'
+    ingress_domain: dellgen10.akraino.org
+  genesis:
+    hostname: aknode40
+    ip: 172.29.1.40
+
+  bootstrap:
+    ip: 172.30.2.40
+
+  kubernetes:
+    api_service_ip: 10.96.0.1
+    etcd_service_ip: 10.96.0.2
+    pod_cidr: 10.98.0.0/16
+    service_cidr: 10.96.0.0/15
+    apiserver_port: 6443
+    haproxy_port: 6553
+    service_node_port_range: 30000-32767
+
+  etcd:
+    container_port: 2379
+    haproxy_port: 2378
+
+  masters:
+    - hostname: aknode41
+    - hostname: aknode42
+
+  proxy:
+    http: ""
+    https: ""
+    no_proxy: []
+
+  node_ports:
+    drydock_api: 30000
+    maas_api: 30001
+    maas_proxy: 31800  # hardcoded in MAAS
+    shipyard_api: 30003
+    airflow_web: 30004
+
+  ntp:
+    servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org'
+
+  # Used for FQDN setup/definition
+  domain:
+    url: dellgen10.lab.akraino.org
+
+  ldap:
+    base_url: 'its-a-ldap.example.com'
+    url: 'ldap://its-a-ldap.example.com'
+    auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
+    common_name: AP-NC_Test_Users
+    subdomain: testitservices
+    domain: example
+
+  storage:
+    ceph:
+      public_cidr: '172.31.2.0/24'
+      cluster_cidr: '172.31.2.0/24'
+
+  neutron:
+    tunnel_device: 'bond0.45'
+    external_iface: 'bond0'
+
+  openvswitch:
+    external_iface: 'bond0'
+...
diff --git a/site/dellgen10/networks/physical/rack.yaml b/site/dellgen10/networks/physical/rack.yaml
new file mode 100644 (file)
index 0000000..931d9a6
--- /dev/null
@@ -0,0 +1,213 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: 'drydock/NetworkLink/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: oob
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  labels:
+    noconfig: enabled
+  bonding:
+    mode: disabled
+  mtu: 9000
+  linkspeed: auto
+  trunking:
+    mode: disabled
+    default_network: oob
+  allowed_networks:
+    - oob
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: oob
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  cidr: 192.168.41.0/24
+  routes:
+  - subnet: '0.0.0.0/0'
+    gateway: 192.168.41.1
+  ranges:
+  - type: static
+    start: 192.168.41.13
+    end: 192.168.41.254
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: pxe
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  bonding:
+    mode: disabled
+  mtu: 9000
+  linkspeed: auto
+  trunking:
+    mode: disabled
+    default_network: pxe
+  allowed_networks:
+    - pxe
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: pxe
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  cidr: 172.30.2.0/24
+  routes:
+  - subnet: '0.0.0.0/0'
+    gateway: 172.30.2.40
+  ranges:
+  - type: reserved
+    start: 172.30.2.2
+    end: 172.30.2.10
+  - type: static
+    start: 172.30.2.11
+    end: 172.30.2.200
+  - type: dhcp
+    start: 172.30.2.201
+    end: 172.30.2.254
+  dns:
+    domain: lab.akraino.org
+    servers: '192.168.2.85 8.8.8.8 8.8.4.4'
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: bond0
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  bonding:
+    mode: 802.3ad
+    hash: layer3+4
+    peer_rate: fast
+    mon_rate: 100
+    up_delay: 1000
+    down_delay: 3000
+  mtu: 9000
+  linkspeed: auto
+  trunking:
+    mode: 802.1q
+  allowed_networks:
+    - oam
+    - storage
+    - overlay
+    - calico
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: oam
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  vlan: '41'
+  mtu: 9000
+  cidr: 192.168.2.0/24
+  routes:
+  - subnet: '0.0.0.0/0'
+    gateway: 192.168.2.200
+  ranges:
+  - type: reserved
+    start: 192.168.2.84
+    end: 192.168.2.86
+  - type: static
+    start: 192.168.2.40
+    end: 192.168.2.45
+  dns:
+    domain: lab.akraino.org
+    servers: '192.168.2.85 8.8.8.8 8.8.4.4'
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: storage
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  vlan: '42'
+  mtu: 9000
+  cidr: 172.31.2.0/24
+  ranges:
+  - type: static
+    start: 172.31.2.11
+    end: 172.31.2.254
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: overlay
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  vlan: '45'
+  mtu: 9000
+  cidr: 10.0.102.0/24
+  ranges:
+  - type: static
+    start: 10.0.102.11
+    end: 10.0.102.254
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: calico
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  vlan: '44'
+  mtu: 9000
+  cidr: 172.29.1.0/24
+  ranges:
+  - type: static
+    start: 172.29.1.5
+    end: 172.29.1.254
+...
diff --git a/site/dellgen10/pki/pki-catalog.yaml b/site/dellgen10/pki/pki-catalog.yaml
new file mode 100644 (file)
index 0000000..6b3b1cd
--- /dev/null
@@ -0,0 +1,266 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: promenade/PKICatalog/v1
+metadata:
+  schema: metadata/Document/v1
+  name: cluster-certificates
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  certificate_authorities:
+    kubernetes:
+      description: CA for Kubernetes components
+      certificates:
+        - document_name: apiserver
+          description: Service certificate for Kubernetes apiserver
+          common_name: apiserver
+          hosts:
+            - localhost
+            - 127.0.0.1
+            - 10.96.0.1
+          kubernetes_service_names:
+            - kubernetes.default.svc.cluster.local
+        - document_name: kubelet-genesis
+          common_name: system:node:aknode40
+          hosts:
+            - aknode40
+            - 192.168.2.40
+            - 172.29.1.40
+            - 172.30.2.40
+          groups:
+            - system:nodes
+        - document_name: kubelet-aknode40
+          common_name: system:node:aknode40
+          hosts:
+            - aknode40
+            - 192.168.2.40
+            - 172.29.1.40
+            - 172.30.2.40
+          groups:
+            - system:nodes
+        - document_name: kubelet-aknode41
+          common_name: system:node:aknode41
+          hosts:
+            - aknode41
+            - 192.168.2.41
+            - 172.29.1.41
+            - 172.30.2.41
+          groups:
+            - system:nodes
+        - document_name: kubelet-aknode42
+          common_name: system:node:aknode42
+          hosts:
+            - aknode42
+            - 192.168.2.42
+            - 172.29.1.42
+            - 172.30.2.42
+          groups:
+            - system:nodes
+        - document_name: scheduler
+          description: Service certificate for Kubernetes scheduler
+          common_name: system:kube-scheduler
+        - document_name: controller-manager
+          description: certificate for controller-manager
+          common_name: system:kube-controller-manager
+        - document_name: admin
+          common_name: admin
+          groups:
+            - system:masters
+        - document_name: armada
+          common_name: armada
+          groups:
+            - system:masters
+    kubernetes-etcd:
+      description: Certificates for Kubernetes's etcd servers
+      certificates:
+        - document_name: apiserver-etcd
+          description: etcd client certificate for use by Kubernetes apiserver
+          common_name: apiserver
+          # NOTE(mark-burnett): hosts not required for client certificates
+        - document_name: kubernetes-etcd-anchor
+          description: anchor
+          common_name: anchor
+        - document_name: kubernetes-etcd-genesis
+          common_name: kubernetes-etcd-genesis
+          hosts:
+            - aknode40
+            - 192.168.2.40
+            - 172.29.1.40
+            - 172.30.2.40
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-aknode40
+          common_name: kubernetes-etcd-aknode40
+          hosts:
+            - aknode40
+            - 192.168.2.40
+            - 172.29.1.40
+            - 172.30.2.40
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-aknode41
+          common_name: kubernetes-etcd-aknode41
+          hosts:
+            - aknode41
+            - 192.168.2.41
+            - 172.29.1.41
+            - 172.30.2.41
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-aknode42
+          common_name: kubernetes-etcd-aknode42
+          hosts:
+            - aknode42
+            - 192.168.2.42
+            - 172.29.1.42
+            - 172.30.2.42
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+    kubernetes-etcd-peer:
+      certificates:
+        - document_name: kubernetes-etcd-genesis-peer
+          common_name: kubernetes-etcd-genesis-peer
+          hosts:
+            - aknode40
+            - 192.168.2.40
+            - 172.29.1.40
+            - 172.30.2.40
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-aknode40-peer
+          common_name: kubernetes-etcd-aknode40-peer
+          hosts:
+            - aknode40
+            - 192.168.2.40
+            - 172.29.1.40
+            - 172.30.2.40
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-aknode41-peer
+          common_name: kubernetes-etcd-aknode41-peer
+          hosts:
+            - aknode41
+            - 192.168.2.41
+            - 172.29.1.41
+            - 172.30.2.41
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+        - document_name: kubernetes-etcd-aknode42-peer
+          common_name: kubernetes-etcd-aknode42-peer
+          hosts:
+            - aknode42
+            - 192.168.2.42
+            - 172.29.1.42
+            - 172.30.2.42
+            - 127.0.0.1
+            - localhost
+            - kubernetes-etcd.kube-system.svc.cluster.local
+            - 10.96.0.2
+    calico-etcd:
+      description: Certificates for Calico etcd client traffic
+      certificates:
+        - document_name: calico-etcd-anchor
+          description: anchor
+          common_name: anchor
+        - document_name: calico-etcd-aknode40
+          common_name: calico-etcd-aknode40
+          hosts:
+            - aknode40
+            - 192.168.2.40
+            - 172.29.1.40
+            - 172.30.2.40
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-etcd-aknode41
+          common_name: calico-etcd-aknode41
+          hosts:
+            - aknode41
+            - 192.168.2.41
+            - 172.29.1.41
+            - 172.30.2.41
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-etcd-aknode42
+          common_name: calico-etcd-aknode42
+          hosts:
+            - aknode42
+            - 192.168.2.42
+            - 172.29.1.42
+            - 172.30.2.42
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-node
+          common_name: calcico-node
+    calico-etcd-peer:
+      description: Certificates for Calico etcd clients
+      certificates:
+        - document_name: calico-etcd-aknode40-peer
+          common_name: calico-etcd-aknode40-peer
+          hosts:
+            - aknode40
+            - 192.168.2.40
+            - 172.29.1.40
+            - 172.30.2.40
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-etcd-aknode41-peer
+          common_name: calico-etcd-aknode41-peer
+          hosts:
+            - aknode41
+            - 192.168.2.41
+            - 172.29.1.41
+            - 172.30.2.41
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-etcd-aknode42-peer
+          common_name: calico-etcd-aknode42-peer
+          hosts:
+            - aknode42
+            - 192.168.2.42
+            - 172.29.1.42
+            - 172.30.2.42
+            - 127.0.0.1
+            - localhost
+            - 10.96.232.136
+        - document_name: calico-node-peer
+          common_name: calcico-node-peer
+  keypairs:
+    - name: service-account
+      description: Service account signing key for use by Kubernetes controller-manager.
+...
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
 # limitations under the License.                                             #
 ##############################################################################
 
-schema: armada/Chart/v1
+schema: promenade/Genesis/v1
 metadata:
   schema: metadata/Document/v1
-  name: ucp-ceph-update
+  name: genesis-site
   layeringDefinition:
     abstract: false
     layer: site
     parentSelector:
-      name: ucp-ceph-global
+      name: genesis-global
     actions:
       - method: replace
-        path: .values.conf.storage.osd
+        path: .labels.dynamic
       - method: merge
         path: .
   storagePolicy: cleartext
 data:
-  values:
-    conf:
-      storage:
-        osd:
-{% for osd in yaml.storage.osds %}
-          - data:
-              type: block-logical
-              location: {{osd.data}}
-            journal:
-              type: directory
-              location: {{osd.journal}}
-{% endfor %}
-      pool:
-        target:
-          osd: {{yaml.storage.osd_count}}
-        default:
-          crush_rule: replicated_rule
-...
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ceph-update
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  description: Ceph post intall update
-  chart_group:
-    - ucp-ceph-update
+  labels:
+    dynamic:
+      - beta.kubernetes.io/fluentd-ds-ready=true
+      - calico-etcd=enabled
+      - ceph-mds=enabled
+      - ceph-mon=enabled
+      - ceph-osd=enabled
+      - ceph-rgw=enabled
+      - ceph-mgr=enabled
+      - kube-dns=enabled
+      - kube-ingress=enabled
+      - kubernetes-apiserver=enabled
+      - kubernetes-controller-manager=enabled
+      - kubernetes-etcd=enabled
+      - kubernetes-scheduler=enabled
+      - promenade-genesis=enabled
+      - ucp-control-plane=enabled
+      - maas-control-plane=enabled
+      - ceph-osd-bootstrap=enabled
+      - openstack-libvirt=kernel
+      - openvswitch=enabled
+      - openstack-control-plane=enabled
+      - openstack-nova-compute=enabled
+      - sriov=enabled
 ...
diff --git a/site/dellgen10/profiles/hardware/generic.yaml b/site/dellgen10/profiles/hardware/generic.yaml
new file mode 100644 (file)
index 0000000..7109ec0
--- /dev/null
@@ -0,0 +1,35 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: 'drydock/HardwareProfile/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: DELL_HP_Generic
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  vendor: DELL
+  generation: '10'
+  hw_version: '3'
+  bios_version: '2.8'
+  boot_mode: bios
+  bootstrap_protocol: pxe
+  pxe_interface: 0
+  device_aliases: {}
+...
diff --git a/site/dellgen10/profiles/host/compute-r01.yaml b/site/dellgen10/profiles/host/compute-r01.yaml
new file mode 100644 (file)
index 0000000..b8a8fe4
--- /dev/null
@@ -0,0 +1,124 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: drydock/HostProfile/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ComputePlane
+  storagePolicy: cleartext
+  labels:
+    hosttype: ComputePlane
+  layeringDefinition:
+    abstract: false
+    layer: site
+  substitutions:
+    - dest:
+        path: .oob.credential
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ipmi_admin_password
+        path: .
+data:
+  hardware_profile: DELL_HP_Generic
+  oob:
+    type: 'ipmi'
+    network: 'oob'
+    account: 'root'
+  primary_network: 'oam'
+  hardware_profile: DELL_HP_Generic
+  interfaces:
+    pxe:
+      device_link: pxe
+      slaves:
+        - 'eno3'
+      networks:
+        - 'pxe'
+    bond0:
+      device_link: bond0
+      slaves:
+        - 'enp94s0f0'
+        - 'enp94s0f1'
+      networks:
+        - 'oam'
+        - 'storage'
+        - 'overlay'
+        - 'calico'
+    p1p1:
+      slaves:
+        - 'sriov_nic01'
+      sriov:
+        vf_count: 32 # Currently ignored
+        trustedmode: false
+    p3p2:
+      slaves:
+        - 'sriov_nic02'
+      sriov:
+        vf_count: 32 # Currently ignored
+        trustedmode: false
+  storage:
+    physical_devices:
+      sdg:
+        labels:
+          bootdrive: 'true'
+        partitions:
+          - name: 'root'
+            size: '20g'
+            filesystem:
+              mountpoint: '/'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+          - name: 'boot'
+            size: '1g'
+            filesystem:
+              mountpoint: '/boot'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+          - name: 'var'
+            size: '>300g'
+            filesystem:
+              mountpoint: '/var'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+      sdh:
+        partitions:
+          - name: 'nova'
+            size: '99%'
+            filesystem:
+              mountpoint: '/var/lib/nova'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+  platform:
+    image: 'xenial'
+    kernel: 'hwe-16.04'
+    kernel_params:
+      console: 'ttyS1,115200n8'
+      intel_iommu: 'on'
+      iommu: 'pt'
+      amd_iommu: 'on'
+      transparent_hugepage: 'never'
+      hugepagesz: 'hardwareprofile:hugepages.dpdk.size'
+      hugepages: 'hardwareprofile:hugepages.dpdk.count'
+      default_hugepagesz: 'hardwareprofile:hugepages.dpdk.size'
+      isolcpus: 'hardwareprofile:cpuset.kvm'
+  metadata:
+    owner_data:
+      openstack-nova-compute: enabled
+      openvswitch: enabled
+      openstack-libvirt: kernel
+      sriov: enabled
+      beta.kubernetes.io/fluentd-ds-ready: 'true'
+...
diff --git a/site/dellgen10/profiles/host/cp-r01.yaml b/site/dellgen10/profiles/host/cp-r01.yaml
new file mode 100644 (file)
index 0000000..bd74315
--- /dev/null
@@ -0,0 +1,174 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: drydock/HostProfile/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ControlPlane
+  storagePolicy: cleartext
+  labels:
+    hosttype: ControlPlane
+  layeringDefinition:
+    abstract: false
+    layer: site
+  substitutions:
+    - dest:
+        path: .oob.credential
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ipmi_admin_password
+        path: .
+data:
+  oob:
+    type: 'ipmi'
+    network: 'oob'
+    account: 'root'
+  primary_network: 'oam'
+  hardware_profile: DELL_HP_Generic
+  interfaces:
+    pxe:
+      device_link: pxe
+      slaves:
+        - 'eno3'
+      networks:
+        - 'pxe'
+    bond0:
+      device_link: bond0
+      slaves:
+        - 'enp94s0f0'
+        - 'enp94s0f1'
+      networks:
+        - 'oam'
+        - 'storage'
+        - 'overlay'
+        - 'calico'
+    p1p1:
+      slaves:
+        - 'sriov_nic01'
+      sriov:
+        vf_count: 32 # Currently ignored
+        trustedmode: false
+    p3p2:
+      slaves:
+        - 'sriov_nic02'
+      sriov:
+        vf_count: 32 # Currently ignored
+        trustedmode: false
+  storage:
+    physical_devices:
+      sdg:
+        labels:
+          bootdrive: 'true'
+        partitions:
+          - name: 'root'
+            size: '20g'
+            filesystem:
+              mountpoint: '/'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+          - name: 'boot'
+            size: '1g'
+            filesystem:
+              mountpoint: '/boot'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+          - name: 'var'
+            size: '100g'
+            filesystem:
+              mountpoint: '/var'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+      sdh:
+        partitions:
+          - name: 'ceph'
+            size: '300g'
+            filesystem:
+              mountpoint: '/var/lib/ceph/journal'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+  platform:
+    image: 'xenial'
+    kernel: 'hwe-16.04'
+    kernel_params:
+      console: 'ttyS1,115200n8'
+      intel_iommu: 'on'
+      iommu: 'pt'
+      amd_iommu: 'on'
+      transparent_hugepage: 'never'
+      hugepagesz: 'hardwareprofile:hugepages.dpdk.size'
+      hugepages: 'hardwareprofile:hugepages.dpdk.count'
+      default_hugepagesz: 'hardwareprofile:hugepages.dpdk.size'
+      isolcpus: 'hardwareprofile:cpuset.kvm'
+  metadata:
+    owner_data:
+      control-plane: enabled
+      ucp-control-plane: enabled
+      openstack-control-plane: enabled
+      openstack-heat: enabled
+      openstack-keystone: enabled
+      openstack-rabbitmq: enabled
+      openstack-dns-helper: enabled
+      openstack-mariadb: enabled
+      openstack-nova-control: enabled
+      openstack-etcd: enabled
+      openstack-mistral: enabled
+      openstack-memcached: enabled
+      openstack-glance: enabled
+      openstack-horizon: enabled
+      openstack-cinder-control: enabled
+      openstack-cinder-volume: control
+      openstack-neutron: enabled
+      openstack-libvirt: kernel
+      openvswitch: enabled
+      openstack-nova-compute: enabled
+      ucp-barbican: enabled
+      ceph-bootstrap: enabled
+      ceph-mon: enabled
+      ceph-mgr: enabled
+      ceph-osd: enabled
+      ceph-mds: enabled
+      ceph-rgw: enabled
+      ucp-maas: enabled
+      kube-dns: enabled
+      kubernetes-apiserver: enabled
+      kubernetes-controller-manager: enabled
+      kubernetes-etcd: enabled
+      kubernetes-scheduler: enabled
+      tiller-helm: enabled
+      kube-etcd: enabled
+      calico-policy: enabled
+      calico-node: enabled
+      calico-etcd: enabled
+      ucp-armada: enabled
+      ucp-drydock: enabled
+      ucp-deckhand: enabled
+      ucp-shipyard: enabled
+      IAM: enabled
+      ucp-promenade: enabled
+      prometheus-server: enabled
+      prometheus-client: enabled
+      fluentd: enabled
+      influxdb: enabled
+      kibana: enabled
+      elasticsearch-client: enabled
+      elasticsearch-master: enabled
+      elasticsearch-data: enabled
+      postgresql: enabled
+      kube-ingress: enabled
+      sriov: enabled
+      beta.kubernetes.io/fluentd-ds-ready: 'true'
+...
diff --git a/site/dellgen10/profiles/region.yaml b/site/dellgen10/profiles/region.yaml
new file mode 100644 (file)
index 0000000..0fb343c
--- /dev/null
@@ -0,0 +1,36 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: 'drydock/Region/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: dellgen10
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+  substitutions:
+    - dest:
+        path: .authorized_keys[0]
+      src:
+        schema: deckhand/PublicKey/v1
+        name: localadmin_ssh_public_key
+        path: .
+data:
+  tag_definitions: []
+  authorized_keys: []
+...
diff --git a/site/dellgen10/secrets/certificates/ingress.yaml b/site/dellgen10/secrets/certificates/ingress.yaml
new file mode 100644 (file)
index 0000000..6c111e8
--- /dev/null
@@ -0,0 +1,144 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+# self-signed certifacte generated based on
+# https://libvirt.org/remote.html#Remote_certificates
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: ingress-crt
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIFKzCCA5OgAwIBAgIMW2h6FCcFdKeaw3vnMA0GCSqGSIb3DQEBCwUAMBIxEDAO
+  BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTY0MDUyWhcNMTkwODA2MTY0MDUyWjBJ
+  MTUwMwYDVQQDEyxpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3Vu
+  ZHJ5LmNvbTEQMA4GA1UEChMHQWlyc2hpcDCCAaIwDQYJKoZIhvcNAQEBBQADggGP
+  ADCCAYoCggGBALvNHm/G/ylh6aPcvrhOcb4qz1BjcNtnxH8bzZng/rMeX3W2AzjC
+  r2JloJcDvOLBp/TkLOZPImnFW2/GCwktxPgXZuBTPzFV50g77KsPFw0fn3Si7+bs
+  F22tLhdOGk6MQj/WW4pKGHqdw1/VbPwOHBT+I4/scR1L2SZxYtSFIKGenHJH+PMV
+  bCdwnNOR80F8KRzK5iZs/r6S/QqVheieARSWWnk2+TtkM1BloGOhLSd+ZkWh9VO1
+  eOnZowkaDAJwD/G6zoSr5n+beaXzDnEcoVXFSwd4FLoV+om77o92XmZ4rVw0vTMO
+  k6jVwmkdT+dM2K2hLUG/TXWoV2/Qms70gzDOs85RtAkTPe4Ohtdpr51Q0hd35TKG
+  YLKzX/OPblD68iYJYSBvMPpAVTbFYVPW1AQx8wWfannYbMoeL8XTEOKfkqm90YP9
+  EhIdtmw4D7GZxlzG5FXXutmT9sqLfqlRu/RynAhBP8NQvw74WumhOe8r7GhCwgzC
+  gaPLGjeekoS6LQIDAQABo4IBSDCCAUQwDAYDVR0TAQH/BAIwADCBzQYDVR0RBIHF
+  MIHCgixpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNv
+  bYIta2V5c3RvbmUuYWlyc2hpcC1zZWF3b3J0aHkuYXRsYW50YWZvdW5kcnkuY29t
+  gilub3ZhLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNvbYIsaG9y
+  aXpvbi5haXJzaGlwLXNlYXdvcnRoeS5hdGxhbnRhZm91bmRyeS5jb22HBAoXFQuH
+  BAoXFgswEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNV
+  HQ4EFgQUfTAjNgn/1U1Uh1MJDYT2m4dzhsYwHwYDVR0jBBgwFoAUJFuXPZo6RzfE
+  BlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGBAE2ISWmrxqrledJI3aLaS9Yw
+  WsZc8O8CnIyLoxrE85vUubFjuI9ixC/6dJxl2iB1n0H8JgmFREox32Q4+kDJI8V/
+  X9x0PFpRzL7QEPrLZhW94Yis3sOphLW0rf0t06ZepdHHeodYJu1pVMDmLq6bKXdX
+  vo+/WwKnZBXC1qPbXJByv/CN9MtViXOnBGORFRTJPb6U8379LNWclJ/LW12yTwNk
+  JGIbZU61Vxu+2nLIabmmRoODH2jomgMOMMzLgjT3Hvw3whe8GrUoxDiPYQVTDGNm
+  ly6m+5B1Nx06fkZazonozeaOhSQ7RblUSbo+w8TJmLRzD9ft7p4vpjBGxRADMcuF
+  DOjATgdZeisBUHTGEO0P6wJOBQuCFMX9AVl+u8ZpcuRaRaN+pBE6/BqcHBB6qV/N
+  w2DdNtP8BrJ3kJVNEDIo5oTbH5SToxgA4hWBV42M1rB+5vIMDKN3rwVDdNKWYhYc
+  VZpU3V9V6JzSW1O2w4Wu9PdbWJD9oSvC0qJgnjOXzg==
+  -----END CERTIFICATE-----
+...
+---
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: ingress-ca
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIID7TCCAlWgAwIBAgIMW2h3tgSwie0Ypx8eMA0GCSqGSIb3DQEBCwUAMBIxEDAO
+  BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTYzMDQ2WhcNMTkwODA2MTYzMDQ2WjAS
+  MRAwDgYDVQQDEwdBaXJzaGlwMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC
+  AYEAny0Nqu9U2tXdCCTNzD2T62htMmBLg3CmzWajfbfFl7ALqzo3HgbbY3PxTHDE
+  OJ/lwdm0HkEaGfEDXhJd06WZsa8+fKGqhKXvZXwXx5mJ8LCGxz6xiaxwo9lnKe6V
+  o3YX7bJ5YIVxQ2jhvZo+dY8Z/buloi2Tp2HbqTejKULH9+qdiQTDXAnyR0NLqzJ0
+  YQ4v4yU3zix3nBi8z29lQekGO9quNEka3nw2n0Gxmq5z1bNALGCF5F759mVkB0uT
+  fPGF+zm9eqlqAgduYg7R+JYUumVHvIoRY454GtAdZHTJHJZP0gQSGJsLff8ROFpI
+  GVYsOZhJXU9Ihc5VBC5PMErbmCn0YkuxAWNOYBstZ8l+uY6YiPoFV5Ulc/8M0If+
+  T6jbqzWoFC+4ysgY95RKOw53S4o/T6AFwiIKIw0xp3UfHCf6kr5Y0+XdDn5CXpJB
+  d1KK3PoUWzPSsxcUMXvgKWT4x1vsCId21dn1SmVSOEBhM08VZfjd5bvL9Xjt/E0j
+  mUqDAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAd
+  BgNVHQ4EFgQUJFuXPZo6RzfEBlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGB
+  AJaoEtnDoWUUs4nSSqIGcoCfpIO0oqVp8DvkBOcxz5Rz8vMVJSC24/UnuCD2Wknx
+  2V/E3edXIeRo7duhPtNCT7c8OKY/pJsZQTgOczn4rphoD1pmAIPZmpG6ssPadPiM
+  EP8xWJHZt8NXG7D5kJX2COvBvgNeWXL6MF7Tv8+t5xzt59Vitdb/7lm9Z6jjpvN+
+  zoG0pKx3XYESsnLAVAf00F+kWwds/3x3gQywUAQUDER0jliYUE5id+sojp357Cl9
+  XtY+8zSnTduuP8CfMhwv5p6j9xbqacfT7AzpQ6cy4xcQ7MA6JBQcxbaq4NtvIf6+
+  d/5N9d8LGnfXdCd9iwNy9Qk23Ea0SNhnk9F/NqGBPakU4TbHh4iTYMC/+hDGInpO
+  TIRelTidNBFNaIBg3Z0vsh0lDwbt/xhpXip+ZVBqKMTtktEceiVGru9cYUQA2tKI
+  XNoc5s0uQGMpdFzgED4lXZf+n7yGVMKohvi7Yn96HqujGIrVH6qThsI6m7pUSz40
+  +g==
+  -----END CERTIFICATE-----
+...
+---
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: ingress-key
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIG4wIBAAKCAYEAu80eb8b/KWHpo9y+uE5xvirPUGNw22fEfxvNmeD+sx5fdbYD
+  OMKvYmWglwO84sGn9OQs5k8iacVbb8YLCS3E+Bdm4FM/MVXnSDvsqw8XDR+fdKLv
+  5uwXba0uF04aToxCP9ZbikoYep3DX9Vs/A4cFP4jj+xxHUvZJnFi1IUgoZ6cckf4
+  8xVsJ3Cc05HzQXwpHMrmJmz+vpL9CpWF6J4BFJZaeTb5O2QzUGWgY6EtJ35mRaH1
+  U7V46dmjCRoMAnAP8brOhKvmf5t5pfMOcRyhVcVLB3gUuhX6ibvuj3ZeZnitXDS9
+  Mw6TqNXCaR1P50zYraEtQb9NdahXb9CazvSDMM6zzlG0CRM97g6G12mvnVDSF3fl
+  MoZgsrNf849uUPryJglhIG8w+kBVNsVhU9bUBDHzBZ9qedhsyh4vxdMQ4p+Sqb3R
+  g/0SEh22bDgPsZnGXMbkVde62ZP2yot+qVG79HKcCEE/w1C/Dvha6aE57yvsaELC
+  DMKBo8saN56ShLotAgMBAAECggGAYzZDhA1+sx/0zApL/xYB5NK83t0Ju/8fwX6w
+  qUBBjeLXz1mubgf7m2HQ6ragzLI9xpPcXHcl2PbYDT50ig7R5baHNK8FzUxyeKif
+  qOa56Mbx+C4zyqyi2+AHX2x1XVWfkhXuGip2sCA0HKalgqr5juWLZ/ci8rUlLLft
+  3BPQX1FpmL4I+HIyxsspLmQGPGwZVAqkd1xRX+BLKZJAQdlm/LdJaIvwMr4Glcx6
+  ZOe68QhHgzXCYsyV6gR9qstF2OvVuLa2mUc7EzYInFIFhXUdAAwmDqkuuLRdRQhf
+  Ur8nqQW33T0cG0GBUzgBI5YmSPJvTSzcPmeSyNVx2/Yb0pkuXtCw67oDcAsN4nW8
+  uls49E2RaiLJYsy5vPsX5aJNcAxw/CWLdadQ3ukviD/MDJbpTl4F52GOVYL6K4XH
+  g5TJjj7xzjmK3ldR/Kscg7HpCitQLGUYdgIsAFdspXf4aSIa68IjDrc5NsJZuMzc
+  PbVHrw7QYNfHY7VNdUlOVqH5lS3BAoHBANRqKrQXtnJmM006TCEJXdcN/5M685jz
+  +L4Ox0Rhrq8ROgcN5q/hjKb6kP/MccQ9voGQOl9TKEyinGNdTtyc/fuH7RNlQwpS
+  HT+vEzVEcrSe8UFs8c6oJnHFO72ylFcibFf56LvbI3L8BZXp7gPSPQkp5f1NWEZk
+  X5bUL4UNiOm0diltba/ofxywF0M9WGD00eqi0Q29JRlvun+355j06CENxRoonNZC
+  wk1evIxhhckP9zLjI2Ykb1hV6yzwPWtmyQKBwQDiVgru/B396KhzDhLl5AL+pBWA
+  GsfiCbmPLh6W6V5VzldB4+GlMRrJ4zSjZQ3/nvX5KepqjMn1N6LQpZQUI/YShCKE
+  mW0XMiAfbp2d23MRMjLD8L/bIoBHQOPkCaMjbmyDOlCagWakEvHJO/TieVgTmYk6
+  mtEYVjJFWI9OCNMAHdl8ovWr3p+8YbVZ8LLv5ZO/V1cIjczoNQ6p8LG/pPMTDLXM
+  ScN9a8z3f8LQLBHBlu0155xvt95PQLAon/x21kUCgcAvPVk36hoiQQZhw3hQ1JNx
+  E2TmanLobkHAiurYE11VA+DC1t2Z+fBc5la+/MnEWfL3P4srzgOlX3imRIcYWzXE
+  7crUyG1ray2kDxyXeRyFfN+srDzut8is/q81lfSVmEs+GY8f0DGHDfN0Dq1nXidC
+  1XWXqs7aANKdaZ0T2xm61+57ciG1wGAckjDqPEdecLQKmaEijBEnIgj5BH5WLwk8
+  6KIQGj4fDIPHzyzhj4LAX3ObdpZVzf6RR7JgsSEHtLkCgcBROW2dDC87MqZY++D+
+  TVBhz8LDgVjgHntQDc3+fGtVQcKAq+YLYU7qyrXWOWrHpGVDcK5mZHYJoVi1peY5
+  QBqL1I2KpoDGxT9P6GN6BgoKTsh3FsvTOVNtvrTJ3keEbJlWkrPgbrXGBeJtRC4C
+  pGdeSUg9FtgY8r4BsuFisLoAHbYyC008y5zpfusVBtNAUlQuY4qhUDoLzxafF/jB
+  /NEasgH/+SzFss0QuPHRwS7yGVaxdJfoY8TNDjrpqVhx0T0CgcEAvKG4UoWvT8gJ
+  pIeeAxxnv9yrMxgpntu4RXPDHgfX5tva6EaM3r3nLXjd9FVtlQ4cNBMhp9HNhS3a
+  dK+oEDcBysVxxfltlS2Bx0+gQf3WxgBCJwayKe3i/XCDza92EENgxTPmqB1LHiq5
+  2b5aOl2Y5fP0eX6UryxRc443c/ejMHw4lGwnno0qpRk9M9Ucqv5J96QCfAlBSQQS
+  gOG9cypL0kBWzCejn9W4av8HkM8Noqd7Tqul1onv/46OBaX51kt3
+  -----END RSA PRIVATE KEY-----
+...
diff --git a/site/dellgen10/secrets/passphrases/ceph_fsid.yaml b/site/dellgen10/secrets/passphrases/ceph_fsid.yaml
new file mode 100644 (file)
index 0000000..08c4388
--- /dev/null
@@ -0,0 +1,27 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ceph_fsid
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 3e2a3755-863a-423b-bf19-e8b5bf7f3d95
+...
diff --git a/site/dellgen10/secrets/passphrases/osh_infra_addons_jenkins_password.yaml b/site/dellgen10/secrets/passphrases/osh_infra_addons_jenkins_password.yaml
new file mode 100644 (file)
index 0000000..00610fb
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_addons_jenkins_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 0ca991324505e13f7a77
+...
diff --git a/site/dellgen10/secrets/passphrases/osh_keystone_ldap_mechid_password.yaml b/site/dellgen10/secrets/passphrases/osh_keystone_ldap_mechid_password.yaml
new file mode 100644 (file)
index 0000000..04bd863
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_ldap_mechid_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 5aacc198d8a1edeff4a8
+...
diff --git a/site/dellgen10/secrets/passphrases/osh_oslo_cache_secret_key.yaml b/site/dellgen10/secrets/passphrases/osh_oslo_cache_secret_key.yaml
new file mode 100644 (file)
index 0000000..d2f3350
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_oslo_cache_secret_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 083d87906595da201c0b
+...
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -18,7 +18,7 @@
 schema: deckhand/PublicKey/v1
 metadata:
   schema: metadata/Document/v1
-  name: localadmin_ssh_public_key 
+  name: localadmin_ssh_public_key
   layeringDefinition:
     abstract: false
     layer: site
diff --git a/site/dellgen10/site-definition.yaml b/site/dellgen10/site-definition.yaml
new file mode 100644 (file)
index 0000000..0aa12b2
--- /dev/null
@@ -0,0 +1,29 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: pegleg/SiteDefinition/v1
+metadata:
+  schema: metadata/Document/v1
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: dellgen10
+  storagePolicy: cleartext
+data:
+  revision: v4.0
+  site_type: foundry
+...
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -42,7 +42,7 @@ data:
         asnumber: 65531
         ipv4:
           additional_cidrs:
-            - 172.29.1.136/29 
+            - 172.29.1.128/29
           peers:
             - apiVersion: v1
               kind: bgpPeer
diff --git a/site/dellgen10/software/charts/kubernetes/container-networking/etcd.yaml b/site/dellgen10/software/charts/kubernetes/container-networking/etcd.yaml
new file mode 100644 (file)
index 0000000..bd2d637
--- /dev/null
@@ -0,0 +1,191 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-calico-etcd
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+        name: kubernetes-calico-etcd-global
+    actions:
+        - method: merge
+          path: .
+  storagePolicy: cleartext
+  substitutions:
+
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.calico.etcd
+      dest:
+        path: .source
+
+    # Image versions
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.calico.etcd
+      dest:
+        path: .values.images.tags
+
+    # IP addresses
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .calico.etcd.service_ip
+      dest:
+        path: .values.service.ip
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .calico.etcd.service_ip
+      dest:
+        path: .values.anchor.etcdctl_endpoint
+
+    # CAs
+    - src:
+        schema: deckhand/CertificateAuthority/v1
+        name: calico-etcd
+        path: .
+      dest:
+        path: .values.secrets.tls.client.ca
+    - src:
+        schema: deckhand/CertificateAuthority/v1
+        name: calico-etcd-peer
+        path: .
+      dest:
+        path: .values.secrets.tls.peer.ca
+
+    # Anchor client cert
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-anchor
+        path: .
+      dest:
+        path: .values.secrets.anchor.tls.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-anchor
+        path: .
+      dest:
+        path: .values.secrets.anchor.tls.key
+
+    # Node names
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[0].hostname
+      dest:
+        path: .values.nodes[0].name
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[1].hostname
+      dest:
+        path: .values.nodes[1].name
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .genesis.hostname
+      dest:
+        path: .values.nodes[2].name
+
+    # Server certs
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-aknode41
+        path: .
+      dest:
+        path: .values.nodes[0].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-aknode41
+        path: .
+      dest:
+        path: .values.nodes[0].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-aknode41-peer
+        path: .
+      dest:
+        path: .values.nodes[0].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-aknode41-peer
+        path: .
+      dest:
+        path: .values.nodes[0].tls.peer.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-aknode42
+        path: .
+      dest:
+        path: .values.nodes[1].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-aknode42
+        path: .
+      dest:
+        path: .values.nodes[1].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-aknode42-peer
+        path: .
+      dest:
+        path: .values.nodes[1].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-aknode42-peer
+        path: .
+      dest:
+        path: .values.nodes[1].tls.peer.key
+
+    # NOTE(mb874d): Be sure we generate these certs for genesis.
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-aknode40
+        path: .
+      dest:
+        path: .values.nodes[2].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-aknode40
+        path: .
+      dest:
+        path: .values.nodes[2].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: calico-etcd-aknode40-peer
+        path: .
+      dest:
+        path: .values.nodes[2].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: calico-etcd-aknode40-peer
+        path: .
+      dest:
+        path: .values.nodes[2].tls.peer.key
+
+data:
+  values:
+    manifests:
+      test_etcd_health: false
+...
diff --git a/site/dellgen10/software/charts/kubernetes/dns/coredns.yaml b/site/dellgen10/software/charts/kubernetes/dns/coredns.yaml
new file mode 100644 (file)
index 0000000..01d7d57
--- /dev/null
@@ -0,0 +1,102 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: coredns
+  replacement: true
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+        name: coredns-global
+    actions:
+        - method: replace
+          path: .values.conf.coredns.corefile
+        - method: merge
+          path: .
+  storagePolicy: cleartext
+  substitutions:
+    # Zones
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .dns.cluster_domain
+      dest:
+        path: .values.conf.coredns.corefile
+        pattern: '(CLUSTER_DOMAIN)'
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .kubernetes.service_cidr
+      dest:
+        path: .values.conf.coredns.corefile
+        pattern: '(SERVICE_CIDR)'
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .kubernetes.pod_cidr
+      dest:
+        path:  .values.conf.coredns.corefile
+        pattern: '(POD_CIDR)'
+
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .dns.upstream_servers[0]
+      dest:
+        path: .values.conf.coredns.corefile
+        pattern: '(UPSTREAM1)'
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .dns.upstream_servers[1]
+      dest:
+        path: .values.conf.coredns.corefile
+        pattern: '(UPSTREAM2)'
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .dns.upstream_servers[2]
+      dest:
+        path: .values.conf.coredns.corefile
+        pattern: '(UPSTREAM3)'
+data:
+  values:
+    conf:
+      coredns:
+        # TODO(alanmeadows) this needs to be adjusted to use substition
+        corefile: |
+          .:53 {
+              errors
+              health
+              autopath @kubernetes
+              kubernetes CLUSTER_DOMAIN SERVICE_CIDR POD_CIDR {
+                pods insecure
+                fallthrough in-addr.arpa ip6.arpa
+                upstream UPSTREAM1
+                upstream UPSTREAM2
+                upstream UPSTREAM3
+              }
+              prometheus :9153
+              proxy . UPSTREAM1
+              proxy . UPSTREAM2
+              proxy . UPSTREAM3
+              cache 30
+          }
+...
diff --git a/site/dellgen10/software/charts/kubernetes/etcd/etcd.yaml b/site/dellgen10/software/charts/kubernetes/etcd/etcd.yaml
new file mode 100644 (file)
index 0000000..3afeb10
--- /dev/null
@@ -0,0 +1,187 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: kubernetes-etcd
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: kubernetes-etcd-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+  substitutions:
+
+  # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.etcd
+      dest:
+        path: .source
+
+    # Images
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.kubernetes.etcd
+      dest:
+        path: .values.images.tags
+
+    # IP addresses
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .kubernetes.etcd_service_ip
+      dest:
+        path: .values.service.ip
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .kubernetes.etcd_service_ip
+      dest:
+        path: .values.anchor.etcdctl_endpoint
+
+    # CAs
+    - src:
+        schema: deckhand/CertificateAuthority/v1
+        name: kubernetes-etcd
+        path: .
+      dest:
+        path: .values.secrets.tls.client.ca
+    - src:
+        schema: deckhand/CertificateAuthority/v1
+        name: kubernetes-etcd-peer
+        path: .
+      dest:
+        path: .values.secrets.tls.peer.ca
+
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-anchor
+        path: .
+      dest:
+        path: .values.secrets.anchor.tls.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-anchor
+        path: .
+      dest:
+        path: .values.secrets.anchor.tls.key
+
+    # Node names
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[0].hostname
+      dest:
+        path: .values.nodes[0].name
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[1].hostname
+      dest:
+        path: .values.nodes[1].name
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .genesis.hostname
+      dest:
+        path: .values.nodes[2].name
+
+    # Server certs
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-aknode41
+        path: .
+      dest:
+        path: .values.nodes[0].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-aknode41
+        path: .
+      dest:
+        path: .values.nodes[0].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-aknode41-peer
+        path: .
+      dest:
+        path: .values.nodes[0].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-aknode41-peer
+        path: .
+      dest:
+        path: .values.nodes[0].tls.peer.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-aknode42
+        path: .
+      dest:
+        path: .values.nodes[1].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-aknode42
+        path: .
+      dest:
+        path: .values.nodes[1].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-aknode42-peer
+        path: .
+      dest:
+        path: .values.nodes[1].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-aknode42-peer
+        path: .
+      dest:
+        path: .values.nodes[1].tls.peer.key
+
+    # Genesis node
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-genesis
+        path: .
+      dest:
+        path: .values.nodes[2].tls.client.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-genesis
+        path: .
+      dest:
+        path: .values.nodes[2].tls.client.key
+    - src:
+        schema: deckhand/Certificate/v1
+        name: kubernetes-etcd-genesis-peer
+        path: .
+      dest:
+        path: .values.nodes[2].tls.peer.cert
+    - src:
+        schema: deckhand/CertificateKey/v1
+        name: kubernetes-etcd-genesis-peer
+        path: $
+      dest:
+        path: .values.nodes[2].tls.peer.key
+
+data: {}
+...
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
diff --git a/site/dellgen10/software/charts/osh-infra/osh-infra-logging/elasticsearch.yaml b/site/dellgen10/software/charts/osh-infra/osh-infra-logging/elasticsearch.yaml
new file mode 100644 (file)
index 0000000..f838322
--- /dev/null
@@ -0,0 +1,32 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: elasticsearch
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      hosttype: elasticsearch-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data: {}
+...
diff --git a/site/dellgen10/software/charts/osh-infra/osh-infra-logging/fluent-logging.yaml b/site/dellgen10/software/charts/osh-infra/osh-infra-logging/fluent-logging.yaml
new file mode 100644 (file)
index 0000000..bf4b39f
--- /dev/null
@@ -0,0 +1,32 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: fluent-logging
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      hosttype: fluent-logging-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data: {}
+...
diff --git a/site/dellgen10/software/charts/osh/openstack-compute-kit/neutron.yaml b/site/dellgen10/software/charts/osh/openstack-compute-kit/neutron.yaml
new file mode 100644 (file)
index 0000000..7941670
--- /dev/null
@@ -0,0 +1,69 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: neutron
+  replacement: true
+  labels:
+    component: neutron
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: neutron-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    labels:
+      agent:
+        sriov:
+          node_selector_key: sriov
+          node_selector_value: enabled
+    network:
+      backend:
+        - openvswitch
+        - sriov
+      interface:
+        sriov:
+          - device: enp135s0f0
+            num_vfs: 32
+            promisc: false
+          - device: enp135s0f1
+            num_vfs: 32
+            promisc: false
+    conf:
+      plugins:
+        openvswitch_agent:
+          ovs:
+            bridge_mappings: bond0:br-bond0
+        sriov_agent:
+          securitygroup:
+            firewall_driver: neutron.agent.firewall.NoopFirewallDriver
+          sriov_nic:
+            exclude_devices: null
+            physical_device_mappings: 'sriovnet1:enp135s0f0,sriovnet2:enp135s0f1'
+        ml2_conf:
+          ml2:
+            mechanism_drivers: l2population,openvswitch,sriovnicswitch
+          ml2_type_vlan:
+            network_vlan_ranges: bond0:46:300,sriovnet1:2001:3000,sriovnet2:2001:3000
+...
diff --git a/site/dellgen10/software/charts/osh/openstack-compute-kit/nova.yaml b/site/dellgen10/software/charts/osh/openstack-compute-kit/nova.yaml
new file mode 100644 (file)
index 0000000..5cd0e3e
--- /dev/null
@@ -0,0 +1,52 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: nova
+  labels:
+    component: nova
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: nova-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    network:
+      backend:
+        - openvswitch
+        - sriov
+    conf:
+      nova:
+        filter_scheduler:
+          enabled_filters: "RetryFilter, AvailabilityZoneFilter, RamFilter, ComputeFilter, ComputeCapabilitiesFilter, ImagePropertiesFilter, ServerGroupAntiAffinityFilter, ServerGroupAffinityFilter, PciPassthroughFilter, NUMATopologyFilter, DifferentHostFilter, SameHostFilter"
+        libvirt:
+          virt_type: kvm
+        DEFAULT:
+          vcpu_pin_set: "4-21,26-43,48-65,72-87"
+          vif_plugging_is_fatal: False
+          vif_plugging_timeout: 30
+        pci:
+          alias: '{ "vendor_id":"10de", "product_id":"1db4", "name":"V100", "device_type":"type-PCI" }'
+          passthrough_whitelist: '{"vendor_id": "10de", "product_id": "1db4"}'
+...
diff --git a/site/dellgen10/software/charts/ucp/ceph/ceph-client-update.yaml b/site/dellgen10/software/charts/ucp/ceph/ceph-client-update.yaml
new file mode 100644 (file)
index 0000000..4ed957f
--- /dev/null
@@ -0,0 +1,37 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-ceph-client-update
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-ceph-client-update-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    conf:
+      pool:
+        target:
+          osd: 18
+...
diff --git a/site/dellgen10/software/charts/ucp/ceph/ceph-client.yaml b/site/dellgen10/software/charts/ucp/ceph/ceph-client.yaml
new file mode 100644 (file)
index 0000000..6dc9822
--- /dev/null
@@ -0,0 +1,37 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-ceph-client
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-ceph-client-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    conf:
+      pool:
+        target:
+          osd: 6
+...
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
 schema: armada/Chart/v1
 metadata:
   schema: metadata/Document/v1
-  name: ucp-ceph-update
+  name: ucp-ceph-osd
   layeringDefinition:
     abstract: false
     layer: site
     parentSelector:
-      name: ucp-ceph-global
+      name: ucp-ceph-osd-global
     actions:
       - method: replace
         path: .values.conf.storage.osd
@@ -35,6 +35,12 @@ data:
     conf:
       storage:
         osd:
+          - data:
+              type: block-logical
+              location: /dev/sda
+            journal:
+              type: directory
+              location: /var/lib/ceph/journal/journal-sda
           - data:
               type: block-logical
               location: /dev/sdb
@@ -65,41 +71,4 @@ data:
             journal:
               type: directory
               location: /var/lib/ceph/journal/journal-sdf
-          - data:
-              type: block-logical
-              location: /dev/sdg
-            journal:
-              type: directory
-              location: /var/lib/ceph/journal/journal-sdg
-          - data:
-              type: block-logical
-              location: /dev/sdh
-            journal:
-              type: directory
-              location: /var/lib/ceph/journal/journal-sdh
-          - data:
-              type: block-logical
-              location: /dev/sdi
-            journal:
-              type: directory
-              location: /var/lib/ceph/journal/journal-sdi
-      pool:
-        target:
-          osd: 24
-        default:
-          crush_rule: replicated_rule
-...
----
-schema: armada/ChartGroup/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-ceph-update
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  description: Ceph post intall update
-  chart_group:
-    - ucp-ceph-update
 ...
diff --git a/site/dellgen10/software/charts/ucp/divingbell/divingbell.yaml b/site/dellgen10/software/charts/ucp/divingbell/divingbell.yaml
new file mode 100644 (file)
index 0000000..5b9525a
--- /dev/null
@@ -0,0 +1,47 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-divingbell
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-divingbell-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+  substitutions:
+    - dest:
+        path: .values.conf.uamlite.users[0].user_sshkeys[0]
+      src:
+        schema: deckhand/PublicKey/v1
+        name: localadmin_ssh_public_key
+        path: .
+
+data:
+  values:
+    conf:
+      uamlite:
+        users:
+          - user_name: localadmin
+            user_sudo: true
+            user_sshkeys: []
+...
diff --git a/site/dellgen10/software/charts/ucp/drydock/maas.yaml b/site/dellgen10/software/charts/ucp/drydock/maas.yaml
new file mode 100644 (file)
index 0000000..4aad5c7
--- /dev/null
@@ -0,0 +1,47 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-maas
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-maas-global
+    actions:
+      - method: replace
+        path: .values.conf.maas.proxy
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    conf:
+      maas:
+        ntp:
+          disable_ntpd_region: true
+          disable_ntpd_rack: true
+        images:
+          default_os: 'ubuntu'
+          default_image: 'xenial'
+          default_kernel: 'hwe-16.04'
+        proxy:
+          proxy_enabled: 'false'
+          peer_proxy_enabled: false
+...
diff --git a/site/dellgen10/software/charts/ucp/promenade/promenade.yaml b/site/dellgen10/software/charts/ucp/promenade/promenade.yaml
new file mode 100644 (file)
index 0000000..3ba5671
--- /dev/null
@@ -0,0 +1,40 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-promenade
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-promenade-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    pod:
+      env:
+        promenade_api:
+         - name: no_proxy
+           value: localhost,127.0.0.1,192.168.0.0/16,172.0.0.0/8,10.0.0.0/8
+         - name: NO_PROXY
+           value: localhost,127.0.0.1,192.168.0.0/16,172.0.0.0/8,10.0.0.0/8
+...
diff --git a/site/dellgen10/software/config/common-software-config.yaml b/site/dellgen10/software/config/common-software-config.yaml
new file mode 100644 (file)
index 0000000..6683425
--- /dev/null
@@ -0,0 +1,29 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: pegleg/CommonSoftwareConfig/v1
+metadata:
+  schema: metadata/Document/v1
+  name: common-software-config
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  osh:
+    region_name: RegionOne
+...
diff --git a/site/dellgen10/software/config/endpoints.yaml b/site/dellgen10/software/config/endpoints.yaml
new file mode 100644 (file)
index 0000000..0f0324c
--- /dev/null
@@ -0,0 +1,1582 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: pegleg/EndpointCatalogue/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_endpoints
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+  # substitutions:
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .ucp.identity.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .ucp.shipyard.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .ceph.object_store.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .ceph.ceph_object_store.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .ceph.object_store.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .ceph.object_store.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .ceph.object_store.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .ceph.ceph_object_store.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .ceph.ceph_object_store.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .ceph.ceph_object_store.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .ucp.identity.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .ucp.identity.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .ucp.identity.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .ucp.shipyard.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .ucp.shipyard.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .ucp.shipyard.host_fqdn_override.public.tls.key
+data:
+  ucp:
+    identity:
+      namespace: ucp
+      name: keystone
+      hosts:
+        default: keystone-api
+        public: keystone
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: iam.DOMAIN
+      path:
+        default: /v3
+      scheme:
+        default: http
+        # public: https
+      port:
+        admin:
+          default: 35357
+        api:
+          default: 80
+          public: 80
+    armada:
+      name: armada
+      hosts:
+        default: armada-api
+        public: armada
+      port:
+        api:
+          default: 8000
+      path:
+        default: /api/v1.0
+      scheme:
+        default: http
+      host_fqdn_override:
+        default: null
+    deckhand:
+      name: deckhand
+      hosts:
+        default: deckhand-int
+        public: deckhand-api
+      port:
+        api:
+          default: 9000
+      path:
+        default: /api/v1.0
+      scheme:
+        default: http
+      host_fqdn_override:
+        default: null
+    postgresql:
+      name: postgresql
+      hosts:
+        default: postgresql
+      path: /DB_NAME
+      scheme: postgresql+psycopg2
+      port:
+        postgresql:
+          default: 5432
+      host_fqdn_override:
+        default: null
+    postgresql_airflow_celery:
+      name: postgresql_airflow_celery_db
+      hosts:
+        default: postgresql
+      path: /DB_NAME
+      scheme: db+postgresql
+      port:
+        postgresql:
+          default: 5432
+      host_fqdn_override:
+        default: null
+    oslo_db:
+      hosts:
+        default: mariadb
+        discovery: mariadb-discovery
+      host_fqdn_override:
+        default: null
+      path: /DB_NAME
+      scheme: mysql+pymysql
+      port:
+        mysql:
+          default: 3306
+        wsrep:
+          default: 4567
+    key_manager:
+      name: barbican
+      hosts:
+        default: barbican-api
+        public: barbican
+      host_fqdn_override:
+        default: null
+      path:
+        default: /v1
+      scheme:
+        default: http
+      port:
+        api:
+          default: 9311
+          public: 80
+    oslo_messaging:
+      namespace: null
+      hosts:
+        default: rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /openstack
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+    oslo_cache:
+      hosts:
+        default: memcached
+      host_fqdn_override:
+        default: null
+      port:
+        memcache:
+          default: 11211
+    physicalprovisioner:
+      name: drydock
+      hosts:
+        default: drydock-api
+      port:
+        api:
+          default: 9000
+          nodeport: 31900
+      path:
+        default: /api/v1.0
+      scheme:
+        default: http
+      host_fqdn_override:
+        default: null
+    maas_region_ui:
+      name: maas-region-ui
+      hosts:
+        default: maas-region-ui
+        public: maas
+      path:
+        default: /MAAS
+      scheme:
+        default: "http"
+      port:
+        region_ui:
+          default: 80
+          public: 80
+      host_fqdn_override:
+        default: null
+    kubernetesprovisioner:
+      name: promenade
+      hosts:
+        default: promenade-api
+      port:
+        api:
+          default: 80
+      path:
+        default: /api/v1.0
+      scheme:
+        default: http
+      host_fqdn_override:
+        default: null
+    shipyard:
+      name: shipyard
+      hosts:
+        default: shipyard-int
+        public: shipyard-api
+      port:
+        api:
+          default: 9000
+          public: 80
+      path:
+        default: /api/v1.0
+      scheme:
+        default: http
+        # public: https
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: shipyard.DOMAIN
+    airflow_web:
+      name: airflow-web
+      hosts:
+        default: airflow-web-int
+        public: airflow-web
+      port:
+        airflow_web:
+          default: 8080
+      path:
+        default: /
+      scheme:
+        default: http
+      host_fqdn_override:
+        default: null
+    airflow_flower:
+      name: airflow-flower
+      hosts:
+        default: airflow-flower
+      port:
+        airflow_flower:
+          default: 5555
+      path:
+        default: /
+      scheme:
+        default: http
+      host_fqdn_override:
+        default: null
+  ceph:
+    object_store:
+      name: swift
+      namespace: ceph
+      hosts:
+        default: ceph-rgw
+        public: radosgw
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: object-store.DOMAIN
+      path:
+        default: /swift/v1
+      scheme:
+        default: http
+        # public: "https"
+      port:
+        api:
+          default: 8088
+          # public: 443
+    ceph_object_store:
+      name: radosgw
+      namespace: ceph
+      hosts:
+        default: ceph-rgw
+        public: radosgw
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: object-store.DOMAIN
+      path:
+        default: /auth/v1.0
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8088
+          # public: 443
+    ceph_mon:
+      namespace: ceph
+      hosts:
+        default: ceph-mon
+        discovery: ceph-mon-discovery
+      host_fqdn_override:
+        default: null
+      port:
+        mon:
+          default: 6789
+    ceph_mgr:
+      namespace: ceph
+      hosts:
+        default: ceph-mgr
+      host_fqdn_override:
+        default: null
+      port:
+        mgr:
+          default: 7000
+      scheme:
+        default: http
+...
+---
+schema: pegleg/EndpointCatalogue/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_endpoints
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+  # substitutions:
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.object_store.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.ceph_object_store.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.object_store.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.object_store.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.object_store.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.ceph_object_store.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.ceph_object_store.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.ceph_object_store.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.image.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.cloudformation.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.orchestration.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.compute.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.compute_novnc_proxy.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.placement.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.network.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.identity.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.dashboard.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.volume.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.volumev2.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.volumev3.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.identity.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.identity.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.identity.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.orchestration.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.orchestration.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.orchestration.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.cloudformation.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.cloudformation.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.cloudformation.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.dashboard.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.dashboard.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.dashboard.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.image.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.image.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.image.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.volume.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.volume.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.volume.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.volumev2.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.volumev2.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.volumev2.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.volumev3.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.volumev3.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.volumev3.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.compute.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.compute.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.compute.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.placement.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.placement.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.placement.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.network.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.network.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.network.host_fqdn_override.public.tls.key
+data:
+  osh:
+    object_store:
+      name: swift
+      namespace: ceph
+      hosts:
+        default: ceph-rgw
+        public: radosgw
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: object-store.DOMAIN
+      path:
+        default: /swift/v1/KEY_$(tenant_id)s
+      scheme:
+        default: http
+        # public: "https"
+      port:
+        api:
+          default: 8088
+          # public: 443
+    ceph_object_store:
+      name: radosgw
+      namespace: ceph
+      hosts:
+        default: ceph-rgw
+        public: radosgw
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: object-store.DOMAIN
+      path:
+        default: /auth/v1.0
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8088
+          # public: 443
+    oslo_db:
+      hosts:
+        default: mariadb
+        discovery: mariadb-discovery
+      host_fqdn_override:
+        default: null
+      path: /DB_NAME
+      scheme: mysql+pymysql
+      port:
+        mysql:
+          default: 3306
+        wsrep:
+          default: 4567
+    keystone_oslo_messaging:
+      namespace: openstack
+      hosts:
+        default: keystone-rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /keystone
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+        http:
+          default: 15672
+    keystone_rabbitmq_exporter:
+      namespace: openstack
+      hosts:
+        default: keystone-rabbitmq-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9095
+    oslo_cache:
+      namespace: openstack
+      hosts:
+        default: memcached
+      host_fqdn_override:
+        default: null
+      port:
+        memcache:
+          default: 11211
+    identity:
+      namespace: openstack
+      name: keystone
+      hosts:
+        default: keystone-api
+        public: keystone
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: identity.DOMAIN
+      path:
+        default: /v3
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        admin:
+          default: 35357
+        api:
+          default: 80
+          # public: 443
+    glance_oslo_messaging:
+      namespace: openstack
+      hosts:
+        default: glance-rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /glance
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+        http:
+          default: 15672
+    glance_rabbitmq_exporter:
+      namespace: openstack
+      hosts:
+        default: glance-rabbitmq-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9095
+    image:
+      name: glance
+      hosts:
+        default: glance-api
+        public: glance
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: image.DOMAIN
+      path:
+        default: null
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 9292
+          # public: 443
+    image_registry:
+      name: glance-registry
+      hosts:
+        default: glance-registry
+        public: glance-reg
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 9191
+          public: 80
+    cinder_oslo_messaging:
+      namespace: openstack
+      hosts:
+        default: cinder-rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /cinder
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+        http:
+          default: 15672
+    cinder_rabbitmq_exporter:
+      namespace: openstack
+      hosts:
+        default: cinder-rabbitmq-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9095
+    volume:
+      name: cinder
+      hosts:
+        default: cinder-api
+        public: cinder
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: volume.DOMAIN
+      path:
+        default: "/v1/%(tenant_id)s"
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8776
+          # public: 443
+    volumev2:
+      name: cinderv2
+      hosts:
+        default: cinder-api
+        public: cinder
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: volume.DOMAIN
+      path:
+        default: "/v2/%(tenant_id)s"
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8776
+          # public: 443
+    volumev3:
+      name: cinderv3
+      hosts:
+        default: cinder-api
+        public: cinder
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: volume.DOMAIN
+      path:
+        default: "/v3/%(tenant_id)s"
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8776
+          # public: 443
+    heat_oslo_messaging:
+      namespace: openstack
+      hosts:
+        default: heat-rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /heat
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+        http:
+          default: 15672
+    heat_rabbitmq_exporter:
+      namespace: openstack
+      hosts:
+        default: heat-rabbitmq-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9095
+    orchestration:
+      name: heat
+      hosts:
+        default: heat-api
+        public: heat
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: orchestration.DOMAIN
+      path:
+        default: "/v1/%(project_id)s"
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8004
+          # public: 443
+    cloudformation:
+      name: heat-cfn
+      hosts:
+        default: heat-cfn
+        public: cloudformation
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: cloudformation.DOMAIN
+      path:
+        default: /v1
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8000
+          # public: 443
+    cloudwatch:
+      name: heat-cloudwatch
+      hosts:
+        default: heat-cloudwatch
+        public: cloudwatch
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      type: null
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 8003
+          public: 80
+    neutron_oslo_messaging:
+      namespace: openstack
+      hosts:
+        default: neutron-rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /neutron
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+        http:
+          default: 15672
+    neutron_rabbitmq_exporter:
+      namespace: openstack
+      hosts:
+        default: neutron-rabbitmq-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9095
+    network:
+      name: neutron
+      hosts:
+        default: neutron-server
+        public: neutron
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: network.DOMAIN
+      path:
+        default: null
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 9696
+          # public: 443
+    nova_oslo_messaging:
+      namespace: openstack
+      hosts:
+        default: nova-rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /nova
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+        http:
+          default: 15672
+    nova_rabbitmq_exporter:
+      namespace: openstack
+      hosts:
+        default: nova-rabbitmq-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9095
+    compute:
+      name: nova
+      hosts:
+        default: nova-api
+        public: nova
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: compute.DOMAIN
+      path:
+        default: "/v2/%(tenant_id)s"
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8774
+          # public: 443
+        novncproxy:
+          default: 443
+    compute_metadata:
+      name: nova
+      hosts:
+        default: nova-metadata
+        public: metadata
+      host_fqdn_override:
+        default: null
+      path:
+        default: /
+      scheme:
+        default: "http"
+      port:
+        metadata:
+          default: 8775
+          public: 80
+    compute_novnc_proxy:
+      name: nova
+      hosts:
+        default: nova-novncproxy
+        public: novncproxy
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: nova-novncproxy.DOMAIN
+      path:
+        default: /vnc_auto.html
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        novnc_proxy:
+          default: 6080
+          # public: 443
+    compute_spice_proxy:
+      name: nova
+      hosts:
+        default: nova-spiceproxy
+      host_fqdn_override:
+        default: null
+      path:
+        default: /spice_auto.html
+      scheme:
+        default: "http"
+      port:
+        spice_proxy:
+          default: 6082
+    placement:
+      name: placement
+      hosts:
+        default: placement-api
+        public: placement
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: placement.DOMAIN
+      path:
+        default: /
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8778
+          # public: 443
+    dashboard:
+      name: horizon
+      hosts:
+        default: horizon-int
+        public: horizon
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: dashboard.DOMAIN
+      path:
+        default: null
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        web:
+          default: 80
+          # public: 443
+...
+---
+schema: pegleg/EndpointCatalogue/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_endpoints
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+  # substitutions:
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh_infra.kibana.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh_infra.grafana.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh_infra.nagios.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.kibana.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.kibana.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.kibana.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.grafana.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.grafana.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.grafana.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.nagios.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.nagios.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.nagios.host_fqdn_override.public.tls.key
+  #       path: .osh_infra.nagios.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .ldap.base_url
+  #     dest:
+  #       path:  .osh_infra.ldap.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .ldap.auth_path
+  #     dest:
+  #       path:  .osh_infra.ldap.path.default
+  #       pattern: AUTH_PATH
+data:
+  osh_infra:
+    elasticsearch:
+      name: elasticsearch
+      namespace: osh-infra
+      hosts:
+        data: elasticsearch-data
+        default: elasticsearch-logging
+        discovery: elasticsearch-discovery
+        public: elasticsearch
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        http:
+          default: 80
+    prometheus_elasticsearch_exporter:
+      namespace: null
+      hosts:
+        default: elasticsearch-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9108
+    fluentd:
+      namespace: osh-infra
+      name: fluentd
+      hosts:
+        default: fluentd-logging
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        service:
+          default: 24224
+        metrics:
+          default: 24220
+    prometheus_fluentd_exporter:
+      namespace: osh-infra
+      hosts:
+        default: fluentd-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9309
+    oslo_db:
+      namespace: osh-infra
+      hosts:
+        default: mariadb
+      host_fqdn_override:
+        default: null
+      path: /DB_NAME
+      scheme: mysql+pymysql
+      port:
+        mysql:
+          default: 3306
+    grafana:
+      name: grafana
+      namespace: osh-infra
+      hosts:
+        default: grafana-dashboard
+        public: grafana
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: grafana.DOMAIN
+      path:
+        default: null
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        grafana:
+          default: 3000
+          # public: 443
+    monitoring:
+      name: prometheus
+      namespace: osh-infra
+      hosts:
+        default: prom-metrics
+        public: prometheus
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 9090
+          public: 80
+    kibana:
+      name: kibana
+      namespace: osh-infra
+      hosts:
+        default: kibana-dash
+        public: kibana
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: kibana.DOMAIN
+      path:
+        default: null
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        kibana:
+          default: 5601
+          # public: 443
+    alerts:
+      name: alertmanager
+      namespace: osh-infra
+      hosts:
+        default: alerts-engine
+        public: alertmanager
+        discovery: alertmanager-discovery
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 9093
+          public: 80
+        mesh:
+          default: 6783
+    kube_state_metrics:
+      namespace: kube-system
+      hosts:
+        default: kube-state-metrics
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        http:
+          default: 8080
+    kube_scheduler:
+      scheme:
+        default: "http"
+      path:
+        default: /metrics
+    kube_controller_manager:
+      scheme:
+        default: "http"
+      path:
+        default: /metrics
+    node_metrics:
+      namespace: kube-system
+      hosts:
+        default: node-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9100
+        prometheus_port:
+          default: 9100
+    prometheus_openstack_exporter:
+      namespace: openstack
+      hosts:
+        default: openstack-metrics
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        exporter:
+          default: 9103
+    nagios:
+      name: nagios
+      namespace: osh-infra
+      hosts:
+        default: nagios-metrics
+        public: nagios
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: nagios.DOMAIN
+      path:
+        default: null
+      scheme:
+        default: http
+        # public: https
+      port:
+        http:
+          default: 80
+          # public: 443
+    ldap:
+      hosts:
+        default: ldap
+      host_fqdn_override:
+        default: null
+        public:
+          host: DOMAIN
+      path:
+        default: /AUTH_PATH
+      scheme:
+        default: "ldap"
+      port:
+        ldap:
+          default: 389
+...
diff --git a/site/dellgen10/software/config/service_accounts.yaml b/site/dellgen10/software/config/service_accounts.yaml
new file mode 100644 (file)
index 0000000..4dbe82d
--- /dev/null
@@ -0,0 +1,413 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: pegleg/AccountCatalogue/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_service_accounts
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+    ucp:
+        postgres:
+            admin:
+                username: postgres
+        oslo_db:
+            admin:
+                username: root
+        oslo_messaging:
+            admin:
+                username: rabbitmq
+        keystone:
+            admin:
+                region_name: RegionOne
+                username: admin
+                project_name: admin
+                user_domain_name: default
+                project_domain_name: default
+            oslo_messaging:
+                admin:
+                    username: rabbitmq
+                keystone:
+                    username: keystone
+            oslo_db:
+                username: keystone
+                database: keystone
+        promenade:
+            keystone:
+                region_name: RegionOne
+                role: admin
+                project_name: service
+                project_domain_name: default
+                user_domain_name: default
+                username: promenade
+        drydock:
+            keystone:
+                region_name: RegionOne
+                role: admin
+                project_name: service
+                project_domain_name: default
+                user_domain_name: default
+                username: drydock
+            postgres:
+                username: drydock
+                database: drydock
+        shipyard:
+            keystone:
+                region_name: RegionOne
+                role: admin
+                project_name: service
+                project_domain_name: default
+                user_domain_name: default
+                username: shipyard
+            postgres:
+                username: shipyard
+                database: shipyard
+        airflow:
+            postgres:
+                username: airflow
+                database: airflow
+            oslo_messaging:
+                username: rabbitmq
+        maas:
+            admin:
+                username: admin
+                email: none@none
+            postgres:
+                username: maas
+                database: maasdb
+        barbican:
+            keystone:
+                region_name: RegionOne
+                role: admin
+                project_name: service
+                project_domain_name: default
+                user_domain_name: default
+                username: barbican
+            oslo_db:
+                username: barbican
+                database: barbican
+            oslo_messaging:
+                admin:
+                    username: rabbitmq
+                keystone:
+                    username: keystone
+        armada:
+            keystone:
+                project_domain_name: default
+                user_domain_name: default
+                project_name: service
+                region_name: RegionOne
+                role: admin
+                user_domain_name: default
+                username: armada
+        deckhand:
+            keystone:
+                region_name: RegionOne
+                role: admin
+                project_name: service
+                project_domain_name: default
+                user_domain_name: default
+                username: deckhand
+            postgres:
+                username: deckhand
+                database: deckhand
+    ceph:
+        swift:
+            keystone:
+                role: admin
+                region_name: RegionOne
+                username: swift
+                project_name: service
+                user_domain_name: default
+                project_domain_name: default
+...
+---
+schema: pegleg/AccountCatalogue/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_service_accounts
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.keystone.admin.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.cinder.cinder.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.glance.glance.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.heat.heat.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.heat.heat_trustee.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.heat.heat_stack_user.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.swift.keystone.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.neutron.neutron.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.nova.nova.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.nova.placement.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.barbican.barbican.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.barbican.barbican.region_name
+data:
+  osh:
+    keystone:
+      admin:
+        username: admin
+        project_name: admin
+        user_domain_name: default
+        project_domain_name: default
+      oslo_db:
+        username: keystone
+        database: keystone
+      oslo_messaging:
+        admin:
+          username: keystone-rabbitmq-admin
+        keystone:
+          username: keystone-rabbitmq-user
+      ldap:
+        username: "user@example-ldap.com"
+    cinder:
+      cinder:
+        role: admin
+        username: cinder
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+      oslo_db:
+        username: cinder
+        database: cinder
+      oslo_messaging:
+        admin:
+          username: cinder-rabbitmq-admin
+        cinder:
+          username: cinder-rabbitmq-user
+    glance:
+      glance:
+        role: admin
+        username: glance
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+      oslo_db:
+        username: glance
+        database: glance
+      oslo_messaging:
+        admin:
+          username: glance-rabbitmq-admin
+        glance:
+          username: glance-rabbitmq-user
+      ceph_object_store:
+        username: glance
+    heat:
+      heat:
+        role: admin
+        username: heat
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+      heat_trustee:
+        role: admin
+        username: heat-trust
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+      heat_stack_user:
+        role: admin
+        username: heat-domain
+        domain_name: heat
+      oslo_db:
+        username: heat
+        database: heat
+      oslo_messaging:
+        admin:
+          username: heat-rabbitmq-admin
+        heat:
+          username: heat-rabbitmq-user
+    swift:
+      keystone:
+        role: admin
+        username: swift
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+    oslo_db:
+      admin:
+        username: root
+    neutron:
+      neutron:
+        role: admin
+        username: neutron
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+      oslo_db:
+        username: neutron
+        database: neutron
+      oslo_messaging:
+        admin:
+          username: neutron-rabbitmq-admin
+        neutron:
+          username: neutron-rabbitmq-user
+    nova:
+      nova:
+        role: admin
+        username: nova
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+      placement:
+        role: admin
+        username: placement
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+      oslo_db:
+        username: nova
+        database: nova
+      oslo_db_api:
+        username: nova
+        database: nova_api
+      oslo_db_cell0:
+        username: nova
+        database: "nova_cell0"
+      oslo_messaging:
+        admin:
+          username: nova-rabbitmq-admin
+        nova:
+          username: nova-rabbitmq-user
+    horizon:
+      oslo_db:
+        username: horizon
+        database: horizon
+    barbican:
+      barbican:
+        role: admin
+        username: barbican
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+      oslo_db:
+        username: barbican
+        database: barbican
+      oslo_messaging:
+        admin:
+          username: barbican-rabbitmq-admin
+        barbican:
+          username: barbican-rabbitmq-user
+...
+---
+schema: pegleg/AccountCatalogue/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_service_accounts
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  osh_infra:
+    grafana:
+      admin:
+        username: grafana
+      oslo_db:
+        username: grafana
+        database: grafana
+      oslo_db_session:
+        username: grafana_session
+        database: grafana_session
+    elasticsearch:
+      admin:
+        username: elasticsearch
+    kibana:
+      admin:
+        username: kibana
+    oslo_db:
+      admin:
+        username: root
+    prometheus_openstack_exporter:
+      user:
+        username: prometheus-openstack-exporter
+        project_name: service
+        user_domain_name: default
+    nagios:
+      admin:
+        username: nagios
+    ldap:
+      admin:
+        # NEWSITE-CHANGEME: Replace with the site's LDAP account used to
+        # authenticate to the active directory backend to validate keystone
+        # users.
+        bind: "test@ldap.example.com"
+...
diff --git a/site/dellgen10/software/manifests/full-site.yaml b/site/dellgen10/software/manifests/full-site.yaml
new file mode 100644 (file)
index 0000000..0bf3dd6
--- /dev/null
@@ -0,0 +1,69 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Manifest/v1
+metadata:
+  schema: metadata/Document/v1
+  name: full-site
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: full-site-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  release_prefix: airship
+  chart_groups:
+    - kubernetes-proxy
+    - kubernetes-container-networking
+    - kubernetes-dns
+    - kubernetes-etcd
+    - kubernetes-haproxy
+    - kubernetes-core
+    - ingress-kube-system
+    - ucp-ceph-update
+    - ucp-ceph-config
+    - ucp-core
+    - ucp-keystone
+    - ucp-divingbell
+    - ucp-armada
+    - ucp-deckhand
+    - ucp-drydock
+    - ucp-promenade
+    - ucp-shipyard
+    - osh-infra-ingress-controller
+    - osh-infra-ceph-config
+    - osh-infra-logging
+    - osh-infra-monitoring
+    - osh-infra-mariadb
+    - osh-infra-dashboards
+    - openstack-ingress-controller
+    - openstack-ceph-config
+    - openstack-mariadb
+    - openstack-memcached
+    - openstack-keystone
+    - openstack-radosgw
+    - openstack-glance
+    - openstack-cinder
+    - openstack-compute-kit
+    - openstack-heat
+    - osh-infra-prometheus-openstack-exporter
+    - openstack-horizon
+...
diff --git a/site/hpgen10/baremetal/bootaction-sriov-blacklist.yaml b/site/hpgen10/baremetal/bootaction-sriov-blacklist.yaml
new file mode 100644 (file)
index 0000000..2ad6637
--- /dev/null
@@ -0,0 +1,42 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: 'drydock/BootAction/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: i40evf_blacklist
+  storagePolicy: 'cleartext'
+  layeringDefinition:
+    abstract: false
+    layer: site
+  labels:
+    application: 'drydock'
+data:
+  signaling: false
+  node_filter:
+    filter_set_type: 'union'
+    filter_set:
+      - filter_type: 'union'
+  assets:
+    - path: /etc/modprobe.d/sriov_blacklist.conf
+      type: file
+      permissions: '644'
+      data_pipeline:
+        - utf8_decode
+      data: |
+        blacklist i40evf
+...
similarity index 93%
rename from site/site30/baremetal/calico-ip-rules.yaml
rename to site/hpgen10/baremetal/calico-ip-rules.yaml
index 1ad67ab..89c0e53 100644 (file)
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -46,12 +46,8 @@ data:
 
         [Service]
         Type=simple
-        #ExecStart=/opt/configure-ip-rules.sh -i bond1.2406 -c DH_SUB_POD_CIDR -o 10.34.0.0/15 -s 135.21.157.32/29
-        #ExecStart=/opt/configure-ip-rules.sh -i bond0.44 -c DH_SUB_POD_CIDR -o 10.99.0.0/16 -s 172.29.1.0/24
         ExecStart=/opt/configure-ip-rules.sh -g 172.29.1.1 -c 10.99.0.0/16 -s 172.29.1.136/29
 
-
-
         [Install]
         WantedBy=multi-user.target
       data_pipeline:
@@ -69,7 +65,7 @@ data:
             cat <<EOU
         Options are:
 
-          -c POD_CIDR     The pod CIDR for the Kubernetes cluster, e.g. 10.97.0.0/16
+          -c POD_CIDR     The pod CIDR for the Kubernetes cluster, e.g. 10.99.0.0/16
           -i INTERFACE    The interface for internal pod traffic, e.g. bond1.2006
           -o OVERLAP_CIDR (optional) This CIDR will be routed via the VRRP IP on
                           INTERFACE.  It is used to provide a work around when
@@ -118,7 +114,7 @@ data:
         shift $((OPTIND-1))
 
         if [ "x$POD_CIDR" == "x" ]; then
-            echo "Missing pod CIDR, e.g -c 10.97.0.0/16" >&2
+            echo "Missing pod CIDR, e.g -c 10.99.0.0/16" >&2
             usage
             exit 1
         fi
similarity index 94%
rename from site/site30/baremetal/promjoin.yaml
rename to site/hpgen10/baremetal/promjoin.yaml
index c2221d9..8932c1e 100644 (file)
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -34,8 +34,6 @@ data:
         node_names:
           - 'aknode31'
           - 'aknode32'
-          - 'aknode33'
-          - 'aknode34'
   # TODO(alanmeadows) move what is global about this document - everything except nodenames to global
   assets:
     - path: /opt/promjoin.sh
@@ -45,7 +43,6 @@ data:
       # you should use to contact kubernetes in the case below, this is cab24_mgmt
       location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}&ip={{ node.network.calico.ip }}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %}
       location_pipeline:
-#originally rack06_calico
         - template
       data_pipeline:
         - utf8_decode
similarity index 52%
rename from site/site30/baremetal/rack.yaml
rename to site/hpgen10/baremetal/rack.yaml
index 3ca3cb1..58bcb28 100644 (file)
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -14,7 +14,6 @@
 # See the License for the specific language governing permissions and        #
 # limitations under the License.                                             #
 ##############################################################################
-
 schema: 'drydock/BaremetalNode/v1'
 metadata:
   schema: 'metadata/Document/v1'
@@ -24,12 +23,17 @@ metadata:
     layer: site
   storagePolicy: cleartext
 data:
-  host_profile: MyControlPlane_HP
-#/new/notused/aic-clcp-manifests/site/clcp-seaworthy/profiles/host/cp_rack.yaml
+  host_profile: ControlPlane
+  # the hostname for a server, could be used in multiple DNS domains to
+  # represent different interfaces
   addressing:
+      # Which network the address applies to. If a network appears in addressing
+      # that isn't assigned to an interface, design validation will fail
     - network: oob
       address: 192.168.41.131
     - network: pxe
+      # The address assigned. Either a explicit IPv4 or IPv6 address
+      # or dhcp or slaac
       address: 172.30.1.31
     - network: oam
       address: 192.168.2.31
@@ -44,6 +48,21 @@ data:
     tags:
       - 'masters'
 ---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
 schema: 'drydock/BaremetalNode/v1'
 metadata:
   schema: 'metadata/Document/v1'
@@ -53,12 +72,17 @@ metadata:
     layer: site
   storagePolicy: cleartext
 data:
-  host_profile: MyControlPlane_HP
-#/new/notused/aic-clcp-manifests/site/clcp-seaworthy/profiles/host/cp_rack.yaml
+  host_profile: ControlPlane
+  # the hostname for a server, could be used in multiple DNS domains to
+  # represent different interfaces
   addressing:
+      # Which network the address applies to. If a network appears in addressing
+      # that isn't assigned to an interface, design validation will fail
     - network: oob
       address: 192.168.41.132
     - network: pxe
+      # The address assigned. Either a explicit IPv4 or IPv6 address
+      # or dhcp or slaac
       address: 172.30.1.32
     - network: oam
       address: 192.168.2.32
@@ -72,60 +96,4 @@ data:
     rack: RACK01
     tags:
       - 'masters'
----
-schema: 'drydock/BaremetalNode/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: aknode33
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data:
-  host_profile: MyComputePlane_HP
-  addressing:
-    - network: oob
-      address: 192.168.41.133
-    - network: pxe
-      address: 172.30.1.33
-    - network: oam
-      address: 192.168.2.33
-    - network: storage
-      address: 172.31.1.33
-    - network: overlay
-      address: 10.0.101.33
-    - network: calico
-      address: 172.29.1.33
-  metadata:
-    rack: RACK01
-    tags:
-      - 'workers'
-#---
-#schema: 'drydock/BaremetalNode/v1'
-#metadata:
-#  schema: 'metadata/Document/v1'
-#  name: aknode34
-#  layeringDefinition:
-#    abstract: false
-#    layer: site
-#  storagePolicy: cleartext
-#data:
-#  host_profile: MyComputePlane_HP
-#  addressing:
-#    - network: oob
-#      address: 192.168.41.134
-#    - network: pxe
-#      address: 172.30.1.34
-#    - network: oam
-#      address: 192.168.2.34
-#    - network: storage
-#      address: 172.31.1.34
-#    - network: overlay
-#      address: 10.0.101.34
-#    - network: calico
-#      address: 172.29.1.34
-#  metadata:
-#    rack: RACK01
-#    tags:
-#      - 'workers'
 ...
diff --git a/site/hpgen10/deployment/deployment-configuration.yaml b/site/hpgen10/deployment/deployment-configuration.yaml
new file mode 100644 (file)
index 0000000..22fae54
--- /dev/null
@@ -0,0 +1,29 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: shipyard/DeploymentConfiguration/v1
+metadata:
+  schema: metadata/Document/v1
+  name: deployment-configuration
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  armada:
+    manifest: 'full-site'
+...
similarity index 89%
rename from site/site30/networks/common-addresses.yaml
rename to site/hpgen10/networks/common-addresses.yaml
index 226f5f7..0d6ca3d 100644 (file)
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -37,10 +37,9 @@ data:
       - 8.8.8.8
       - 8.8.8.8
     upstream_servers_joined: '192.168.2.85,8.8.8.8'
-
+    ingress_domain: hpgen10.akraino.org
   genesis:
     hostname: aknode30
-#    ip: 192.168.2.30
     ip: 172.29.1.30
 
   bootstrap:
@@ -63,6 +62,11 @@ data:
     - hostname: aknode31
     - hostname: aknode32
 
+  proxy:
+    http: ""
+    https: ""
+    no_proxy: []
+
   node_ports:
     drydock_api: 30000
     maas_api: 30001
@@ -73,13 +77,14 @@ data:
   ntp:
     servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org'
 
-
   # Used for FQDN setup/definition
   domain:
     url: hpgen10.lab.akraino.org
 
   ldap:
+    base_url: 'its-a-ldap.example.com'
     url: 'ldap://its-a-ldap.example.com'
+    auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
     common_name: AP-NC_Test_Users
     subdomain: testitservices
     domain: example
@@ -89,8 +94,6 @@ data:
       public_cidr: '172.31.1.0/24'
       cluster_cidr: '172.31.1.0/24'
 
-  # external: typically the floating IP subnet
-  # tunnel: overlay network for VM traffic
   neutron:
     tunnel_device: 'bond0.45'
     external_iface: 'bond0'
similarity index 94%
rename from site/site30/networks/physical/rack.yaml
rename to site/hpgen10/networks/physical/rack.yaml
index ae374d6..8348382 100644 (file)
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -107,7 +107,6 @@ data:
 schema: 'drydock/NetworkLink/v1'
 metadata:
   schema: 'metadata/Document/v1'
-#  name: gp
   name: bond0
   layeringDefinition:
     abstract: false
@@ -127,7 +126,6 @@ data:
     mode: 802.1q
   allowed_networks:
     - oam
-#    - public
     - storage
     - overlay
     - calico
@@ -144,14 +142,14 @@ metadata:
 data:
   vlan: '41'
   mtu: 9000
-  cidr:  192.168.2.0/24
+  cidr: 192.168.2.0/24
   routes:
   - subnet: '0.0.0.0/0'
     gateway: 192.168.2.200
   ranges:
   - type: reserved
-    start:  192.168.2.84
-    end:  192.168.2.86
+    start: 192.168.2.84
+    end: 192.168.2.86
   - type: static
     start: 192.168.2.1
     end: 192.168.2.83
@@ -212,7 +210,4 @@ data:
   - type: static
     start: 172.29.1.5
     end: 172.29.1.254
-#  routes:
-#  - subnet: '172.29.140.64/26'
-#    gateway: 172.29.140.3
 ...
similarity index 93%
rename from site/site30/pki/pki-catalog.yaml
rename to site/hpgen10/pki/pki-catalog.yaml
index b4c5889..cce0cb4 100644 (file)
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -73,24 +73,6 @@ data:
             - 172.30.1.32
           groups:
             - system:nodes
-        - document_name: kubelet-aknode33
-          common_name: system:node:aknode33
-          hosts:
-            - aknode33
-            - 192.168.2.33
-            - 172.29.1.33
-            - 172.30.1.33
-          groups:
-            - system:nodes
-        - document_name: kubelet-aknode34
-          common_name: system:node:aknode34
-          hosts:
-            - aknode34
-            - 192.168.2.34
-            - 172.29.1.34
-            - 172.30.1.34
-          groups:
-            - system:nodes
         - document_name: scheduler
           description: Service certificate for Kubernetes scheduler
           common_name: system:kube-scheduler
@@ -282,4 +264,3 @@ data:
     - name: service-account
       description: Service account signing key for use by Kubernetes controller-manager.
 ...
-
diff --git a/site/hpgen10/profiles/genesis.yaml b/site/hpgen10/profiles/genesis.yaml
new file mode 100644 (file)
index 0000000..408374e
--- /dev/null
@@ -0,0 +1,58 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: promenade/Genesis/v1
+metadata:
+  schema: metadata/Document/v1
+  name: genesis-site
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: genesis-global
+    actions:
+      - method: replace
+        path: .labels.dynamic
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  labels:
+    dynamic:
+      - beta.kubernetes.io/fluentd-ds-ready=true
+      - calico-etcd=enabled
+      - ceph-mds=enabled
+      - ceph-mon=enabled
+      - ceph-osd=enabled
+      - ceph-rgw=enabled
+      - ceph-mgr=enabled
+      - kube-dns=enabled
+      - kube-ingress=enabled
+      - kubernetes-apiserver=enabled
+      - kubernetes-controller-manager=enabled
+      - kubernetes-etcd=enabled
+      - kubernetes-scheduler=enabled
+      - promenade-genesis=enabled
+      - ucp-control-plane=enabled
+      - maas-control-plane=enabled
+      - ceph-osd-bootstrap=enabled
+      - openstack-libvirt=kernel
+      - openvswitch=enabled
+      - openstack-control-plane=enabled
+      - openstack-nova-compute=enabled
+      - sriov=enabled
+...
diff --git a/site/hpgen10/profiles/hardware/generic.yaml b/site/hpgen10/profiles/hardware/generic.yaml
new file mode 100644 (file)
index 0000000..3c03512
--- /dev/null
@@ -0,0 +1,35 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: 'drydock/HardwareProfile/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: DELL_HP_Generic
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  vendor: HP
+  generation: '10'
+  hw_version: '3'
+  bios_version: '2.8'
+  boot_mode: bios
+  bootstrap_protocol: pxe
+  pxe_interface: 0
+  device_aliases: {}
+...
similarity index 79%
rename from site/site30/profiles/host/compute-r01.yaml
rename to site/hpgen10/profiles/host/compute-r01.yaml
index 35ece6c..67b04d8 100644 (file)
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
 schema: drydock/HostProfile/v1
 metadata:
   schema: metadata/Document/v1
-  name: MyComputePlane_HP
+  name: ComputePlane
   storagePolicy: cleartext
   labels:
-    hosttype: MyComputePlane_HP
+    hosttype: ComputePlane
   layeringDefinition:
     abstract: false
     layer: site
@@ -33,6 +33,7 @@ metadata:
         name: ipmi_admin_password
         path: .
 data:
+  hardware_profile: DELL_HP_Generic
   oob:
     type: 'ipmi'
     network: 'oob'
@@ -56,6 +57,18 @@ data:
         - 'storage'
         - 'overlay'
         - 'calico'
+    p1p1:
+      slaves:
+        - 'sriov_nic01'
+      sriov:
+        vf_count: 32 # Currently ignored
+        trustedmode: false
+    p3p2:
+      slaves:
+        - 'sriov_nic02'
+      sriov:
+        vf_count: 32 # Currently ignored
+        trustedmode: false
   storage:
     physical_devices:
       sdj:
@@ -64,7 +77,6 @@ data:
         partitions:
           - name: 'root'
             size: '20g'
-            bootable: true
             filesystem:
               mountpoint: '/'
               fstype: 'ext4'
@@ -94,11 +106,19 @@ data:
     kernel: 'hwe-16.04'
     kernel_params:
       console: 'ttyS1,115200n8'
+      intel_iommu: 'on'
+      iommu: 'pt'
+      amd_iommu: 'on'
+      transparent_hugepage: 'never'
+      hugepagesz: 'hardwareprofile:hugepages.dpdk.size'
+      hugepages: 'hardwareprofile:hugepages.dpdk.count'
+      default_hugepagesz: 'hardwareprofile:hugepages.dpdk.size'
+      isolcpus: 'hardwareprofile:cpuset.kvm'
   metadata:
     owner_data:
       openstack-nova-compute: enabled
       openvswitch: enabled
       openstack-libvirt: kernel
+      sriov: enabled
       beta.kubernetes.io/fluentd-ds-ready: 'true'
 ...
-
similarity index 84%
rename from site/site30/profiles/host/cp-r01.yaml
rename to site/hpgen10/profiles/host/cp-r01.yaml
index 7a686e0..605aa3b 100644 (file)
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
 schema: drydock/HostProfile/v1
 metadata:
   schema: metadata/Document/v1
-  name: MyControlPlane_HP 
+  name: ControlPlane
   storagePolicy: cleartext
   labels:
-    hosttype: MyControlPlane_HP
+    hosttype: ControlPlane
   layeringDefinition:
     abstract: false
     layer: site
@@ -38,7 +38,7 @@ data:
     network: 'oob'
     account: 'Administrator'
   primary_network: 'oam'
-  hardware_profile: DELL_HP_Generic 
+  hardware_profile: DELL_HP_Generic
   interfaces:
     pxe:
       device_link: pxe
@@ -56,6 +56,18 @@ data:
         - 'storage'
         - 'overlay'
         - 'calico'
+    p1p1:
+      slaves:
+        - 'sriov_nic01'
+      sriov:
+        vf_count: 32 # Currently ignored
+        trustedmode: false
+    p3p2:
+      slaves:
+        - 'sriov_nic02'
+      sriov:
+        vf_count: 32 # Currently ignored
+        trustedmode: false
   storage:
     physical_devices:
       sdj:
@@ -64,7 +76,6 @@ data:
         partitions:
           - name: 'root'
             size: '20g'
-            bootable: true
             filesystem:
               mountpoint: '/'
               fstype: 'ext4'
@@ -92,8 +103,16 @@ data:
   platform:
     image: 'xenial'
     kernel: 'hwe-16.04'
-#    kernel_params:
-#      console: 'ttyS1,115200n8'
+    kernel_params:
+      console: 'ttyS1,115200n8'
+      intel_iommu: 'on'
+      iommu: 'pt'
+      amd_iommu: 'on'
+      transparent_hugepage: 'never'
+      hugepagesz: 'hardwareprofile:hugepages.dpdk.size'
+      hugepages: 'hardwareprofile:hugepages.dpdk.count'
+      default_hugepagesz: 'hardwareprofile:hugepages.dpdk.size'
+      isolcpus: 'hardwareprofile:cpuset.kvm'
   metadata:
     owner_data:
       control-plane: enabled
@@ -113,11 +132,13 @@ data:
       openstack-cinder-control: enabled
       openstack-cinder-volume: control
       openstack-neutron: enabled
+      openstack-libvirt: kernel
       openvswitch: enabled
-      sriov: enabled
+      openstack-nova-compute: enabled
       ucp-barbican: enabled
       ceph-bootstrap: enabled
       ceph-mon: enabled
+      ceph-mgr: enabled
       ceph-osd: enabled
       ceph-mds: enabled
       ceph-rgw: enabled
@@ -149,8 +170,5 @@ data:
       postgresql: enabled
       kube-ingress: enabled
       sriov: enabled
-      openstack-nova-compute: enabled
-      openstack-libvirt: kernel
       beta.kubernetes.io/fluentd-ds-ready: 'true'
 ...
-
similarity index 94%
rename from site/site30/profiles/region.yaml
rename to site/hpgen10/profiles/region.yaml
index 803aafb..528c3dd 100644 (file)
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
diff --git a/site/hpgen10/secrets/certificates/ingress.yaml b/site/hpgen10/secrets/certificates/ingress.yaml
new file mode 100644 (file)
index 0000000..6c111e8
--- /dev/null
@@ -0,0 +1,144 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+# self-signed certifacte generated based on
+# https://libvirt.org/remote.html#Remote_certificates
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: ingress-crt
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/Certificate/v1
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIIFKzCCA5OgAwIBAgIMW2h6FCcFdKeaw3vnMA0GCSqGSIb3DQEBCwUAMBIxEDAO
+  BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTY0MDUyWhcNMTkwODA2MTY0MDUyWjBJ
+  MTUwMwYDVQQDEyxpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3Vu
+  ZHJ5LmNvbTEQMA4GA1UEChMHQWlyc2hpcDCCAaIwDQYJKoZIhvcNAQEBBQADggGP
+  ADCCAYoCggGBALvNHm/G/ylh6aPcvrhOcb4qz1BjcNtnxH8bzZng/rMeX3W2AzjC
+  r2JloJcDvOLBp/TkLOZPImnFW2/GCwktxPgXZuBTPzFV50g77KsPFw0fn3Si7+bs
+  F22tLhdOGk6MQj/WW4pKGHqdw1/VbPwOHBT+I4/scR1L2SZxYtSFIKGenHJH+PMV
+  bCdwnNOR80F8KRzK5iZs/r6S/QqVheieARSWWnk2+TtkM1BloGOhLSd+ZkWh9VO1
+  eOnZowkaDAJwD/G6zoSr5n+beaXzDnEcoVXFSwd4FLoV+om77o92XmZ4rVw0vTMO
+  k6jVwmkdT+dM2K2hLUG/TXWoV2/Qms70gzDOs85RtAkTPe4Ohtdpr51Q0hd35TKG
+  YLKzX/OPblD68iYJYSBvMPpAVTbFYVPW1AQx8wWfannYbMoeL8XTEOKfkqm90YP9
+  EhIdtmw4D7GZxlzG5FXXutmT9sqLfqlRu/RynAhBP8NQvw74WumhOe8r7GhCwgzC
+  gaPLGjeekoS6LQIDAQABo4IBSDCCAUQwDAYDVR0TAQH/BAIwADCBzQYDVR0RBIHF
+  MIHCgixpbmdyZXNzLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNv
+  bYIta2V5c3RvbmUuYWlyc2hpcC1zZWF3b3J0aHkuYXRsYW50YWZvdW5kcnkuY29t
+  gilub3ZhLmFpcnNoaXAtc2Vhd29ydGh5LmF0bGFudGFmb3VuZHJ5LmNvbYIsaG9y
+  aXpvbi5haXJzaGlwLXNlYXdvcnRoeS5hdGxhbnRhZm91bmRyeS5jb22HBAoXFQuH
+  BAoXFgswEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAwegADAdBgNV
+  HQ4EFgQUfTAjNgn/1U1Uh1MJDYT2m4dzhsYwHwYDVR0jBBgwFoAUJFuXPZo6RzfE
+  BlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGBAE2ISWmrxqrledJI3aLaS9Yw
+  WsZc8O8CnIyLoxrE85vUubFjuI9ixC/6dJxl2iB1n0H8JgmFREox32Q4+kDJI8V/
+  X9x0PFpRzL7QEPrLZhW94Yis3sOphLW0rf0t06ZepdHHeodYJu1pVMDmLq6bKXdX
+  vo+/WwKnZBXC1qPbXJByv/CN9MtViXOnBGORFRTJPb6U8379LNWclJ/LW12yTwNk
+  JGIbZU61Vxu+2nLIabmmRoODH2jomgMOMMzLgjT3Hvw3whe8GrUoxDiPYQVTDGNm
+  ly6m+5B1Nx06fkZazonozeaOhSQ7RblUSbo+w8TJmLRzD9ft7p4vpjBGxRADMcuF
+  DOjATgdZeisBUHTGEO0P6wJOBQuCFMX9AVl+u8ZpcuRaRaN+pBE6/BqcHBB6qV/N
+  w2DdNtP8BrJ3kJVNEDIo5oTbH5SToxgA4hWBV42M1rB+5vIMDKN3rwVDdNKWYhYc
+  VZpU3V9V6JzSW1O2w4Wu9PdbWJD9oSvC0qJgnjOXzg==
+  -----END CERTIFICATE-----
+...
+---
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: ingress-ca
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateAuthority/v1
+data: |
+  -----BEGIN CERTIFICATE-----
+  MIID7TCCAlWgAwIBAgIMW2h3tgSwie0Ypx8eMA0GCSqGSIb3DQEBCwUAMBIxEDAO
+  BgNVBAMTB0FpcnNoaXAwHhcNMTgwODA2MTYzMDQ2WhcNMTkwODA2MTYzMDQ2WjAS
+  MRAwDgYDVQQDEwdBaXJzaGlwMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC
+  AYEAny0Nqu9U2tXdCCTNzD2T62htMmBLg3CmzWajfbfFl7ALqzo3HgbbY3PxTHDE
+  OJ/lwdm0HkEaGfEDXhJd06WZsa8+fKGqhKXvZXwXx5mJ8LCGxz6xiaxwo9lnKe6V
+  o3YX7bJ5YIVxQ2jhvZo+dY8Z/buloi2Tp2HbqTejKULH9+qdiQTDXAnyR0NLqzJ0
+  YQ4v4yU3zix3nBi8z29lQekGO9quNEka3nw2n0Gxmq5z1bNALGCF5F759mVkB0uT
+  fPGF+zm9eqlqAgduYg7R+JYUumVHvIoRY454GtAdZHTJHJZP0gQSGJsLff8ROFpI
+  GVYsOZhJXU9Ihc5VBC5PMErbmCn0YkuxAWNOYBstZ8l+uY6YiPoFV5Ulc/8M0If+
+  T6jbqzWoFC+4ysgY95RKOw53S4o/T6AFwiIKIw0xp3UfHCf6kr5Y0+XdDn5CXpJB
+  d1KK3PoUWzPSsxcUMXvgKWT4x1vsCId21dn1SmVSOEBhM08VZfjd5bvL9Xjt/E0j
+  mUqDAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAd
+  BgNVHQ4EFgQUJFuXPZo6RzfEBlJjnnk5jhcP4wIwDQYJKoZIhvcNAQELBQADggGB
+  AJaoEtnDoWUUs4nSSqIGcoCfpIO0oqVp8DvkBOcxz5Rz8vMVJSC24/UnuCD2Wknx
+  2V/E3edXIeRo7duhPtNCT7c8OKY/pJsZQTgOczn4rphoD1pmAIPZmpG6ssPadPiM
+  EP8xWJHZt8NXG7D5kJX2COvBvgNeWXL6MF7Tv8+t5xzt59Vitdb/7lm9Z6jjpvN+
+  zoG0pKx3XYESsnLAVAf00F+kWwds/3x3gQywUAQUDER0jliYUE5id+sojp357Cl9
+  XtY+8zSnTduuP8CfMhwv5p6j9xbqacfT7AzpQ6cy4xcQ7MA6JBQcxbaq4NtvIf6+
+  d/5N9d8LGnfXdCd9iwNy9Qk23Ea0SNhnk9F/NqGBPakU4TbHh4iTYMC/+hDGInpO
+  TIRelTidNBFNaIBg3Z0vsh0lDwbt/xhpXip+ZVBqKMTtktEceiVGru9cYUQA2tKI
+  XNoc5s0uQGMpdFzgED4lXZf+n7yGVMKohvi7Yn96HqujGIrVH6qThsI6m7pUSz40
+  +g==
+  -----END CERTIFICATE-----
+...
+---
+metadata:
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: ingress-key
+  schema: metadata/Document/v1
+  storagePolicy: cleartext
+schema: deckhand/CertificateKey/v1
+data: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIIG4wIBAAKCAYEAu80eb8b/KWHpo9y+uE5xvirPUGNw22fEfxvNmeD+sx5fdbYD
+  OMKvYmWglwO84sGn9OQs5k8iacVbb8YLCS3E+Bdm4FM/MVXnSDvsqw8XDR+fdKLv
+  5uwXba0uF04aToxCP9ZbikoYep3DX9Vs/A4cFP4jj+xxHUvZJnFi1IUgoZ6cckf4
+  8xVsJ3Cc05HzQXwpHMrmJmz+vpL9CpWF6J4BFJZaeTb5O2QzUGWgY6EtJ35mRaH1
+  U7V46dmjCRoMAnAP8brOhKvmf5t5pfMOcRyhVcVLB3gUuhX6ibvuj3ZeZnitXDS9
+  Mw6TqNXCaR1P50zYraEtQb9NdahXb9CazvSDMM6zzlG0CRM97g6G12mvnVDSF3fl
+  MoZgsrNf849uUPryJglhIG8w+kBVNsVhU9bUBDHzBZ9qedhsyh4vxdMQ4p+Sqb3R
+  g/0SEh22bDgPsZnGXMbkVde62ZP2yot+qVG79HKcCEE/w1C/Dvha6aE57yvsaELC
+  DMKBo8saN56ShLotAgMBAAECggGAYzZDhA1+sx/0zApL/xYB5NK83t0Ju/8fwX6w
+  qUBBjeLXz1mubgf7m2HQ6ragzLI9xpPcXHcl2PbYDT50ig7R5baHNK8FzUxyeKif
+  qOa56Mbx+C4zyqyi2+AHX2x1XVWfkhXuGip2sCA0HKalgqr5juWLZ/ci8rUlLLft
+  3BPQX1FpmL4I+HIyxsspLmQGPGwZVAqkd1xRX+BLKZJAQdlm/LdJaIvwMr4Glcx6
+  ZOe68QhHgzXCYsyV6gR9qstF2OvVuLa2mUc7EzYInFIFhXUdAAwmDqkuuLRdRQhf
+  Ur8nqQW33T0cG0GBUzgBI5YmSPJvTSzcPmeSyNVx2/Yb0pkuXtCw67oDcAsN4nW8
+  uls49E2RaiLJYsy5vPsX5aJNcAxw/CWLdadQ3ukviD/MDJbpTl4F52GOVYL6K4XH
+  g5TJjj7xzjmK3ldR/Kscg7HpCitQLGUYdgIsAFdspXf4aSIa68IjDrc5NsJZuMzc
+  PbVHrw7QYNfHY7VNdUlOVqH5lS3BAoHBANRqKrQXtnJmM006TCEJXdcN/5M685jz
+  +L4Ox0Rhrq8ROgcN5q/hjKb6kP/MccQ9voGQOl9TKEyinGNdTtyc/fuH7RNlQwpS
+  HT+vEzVEcrSe8UFs8c6oJnHFO72ylFcibFf56LvbI3L8BZXp7gPSPQkp5f1NWEZk
+  X5bUL4UNiOm0diltba/ofxywF0M9WGD00eqi0Q29JRlvun+355j06CENxRoonNZC
+  wk1evIxhhckP9zLjI2Ykb1hV6yzwPWtmyQKBwQDiVgru/B396KhzDhLl5AL+pBWA
+  GsfiCbmPLh6W6V5VzldB4+GlMRrJ4zSjZQ3/nvX5KepqjMn1N6LQpZQUI/YShCKE
+  mW0XMiAfbp2d23MRMjLD8L/bIoBHQOPkCaMjbmyDOlCagWakEvHJO/TieVgTmYk6
+  mtEYVjJFWI9OCNMAHdl8ovWr3p+8YbVZ8LLv5ZO/V1cIjczoNQ6p8LG/pPMTDLXM
+  ScN9a8z3f8LQLBHBlu0155xvt95PQLAon/x21kUCgcAvPVk36hoiQQZhw3hQ1JNx
+  E2TmanLobkHAiurYE11VA+DC1t2Z+fBc5la+/MnEWfL3P4srzgOlX3imRIcYWzXE
+  7crUyG1ray2kDxyXeRyFfN+srDzut8is/q81lfSVmEs+GY8f0DGHDfN0Dq1nXidC
+  1XWXqs7aANKdaZ0T2xm61+57ciG1wGAckjDqPEdecLQKmaEijBEnIgj5BH5WLwk8
+  6KIQGj4fDIPHzyzhj4LAX3ObdpZVzf6RR7JgsSEHtLkCgcBROW2dDC87MqZY++D+
+  TVBhz8LDgVjgHntQDc3+fGtVQcKAq+YLYU7qyrXWOWrHpGVDcK5mZHYJoVi1peY5
+  QBqL1I2KpoDGxT9P6GN6BgoKTsh3FsvTOVNtvrTJ3keEbJlWkrPgbrXGBeJtRC4C
+  pGdeSUg9FtgY8r4BsuFisLoAHbYyC008y5zpfusVBtNAUlQuY4qhUDoLzxafF/jB
+  /NEasgH/+SzFss0QuPHRwS7yGVaxdJfoY8TNDjrpqVhx0T0CgcEAvKG4UoWvT8gJ
+  pIeeAxxnv9yrMxgpntu4RXPDHgfX5tva6EaM3r3nLXjd9FVtlQ4cNBMhp9HNhS3a
+  dK+oEDcBysVxxfltlS2Bx0+gQf3WxgBCJwayKe3i/XCDza92EENgxTPmqB1LHiq5
+  2b5aOl2Y5fP0eX6UryxRc443c/ejMHw4lGwnno0qpRk9M9Ucqv5J96QCfAlBSQQS
+  gOG9cypL0kBWzCejn9W4av8HkM8Noqd7Tqul1onv/46OBaX51kt3
+  -----END RSA PRIVATE KEY-----
+...
diff --git a/site/hpgen10/secrets/passphrases/ceph_fsid.yaml b/site/hpgen10/secrets/passphrases/ceph_fsid.yaml
new file mode 100644 (file)
index 0000000..08c4388
--- /dev/null
@@ -0,0 +1,27 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ceph_fsid
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 3e2a3755-863a-423b-bf19-e8b5bf7f3d95
+...
diff --git a/site/hpgen10/secrets/passphrases/ceph_swift_keystone_password.yaml b/site/hpgen10/secrets/passphrases/ceph_swift_keystone_password.yaml
new file mode 100644 (file)
index 0000000..043a560
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ceph_swift_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 610becbb8563c2d7abb2
+...
diff --git a/site/hpgen10/secrets/passphrases/maas_region_secret.yaml b/site/hpgen10/secrets/passphrases/maas_region_secret.yaml
new file mode 100644 (file)
index 0000000..f1a59f4
--- /dev/null
@@ -0,0 +1,27 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: maas-region-key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 3858f62230ac3c915f300c664312c63f
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_barbican_oslo_db_password.yaml b/site/hpgen10/secrets/passphrases/osh_barbican_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..469ff36
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_barbican_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: d992b45a48a3bf2698bc
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml b/site/hpgen10/secrets/passphrases/osh_barbican_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..237f6ac
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_barbican_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: c01c594967dfd4024121
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml b/site/hpgen10/secrets/passphrases/osh_barbican_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..b0b1203
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_barbican_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 7451bf1643ee73782da9
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_barbican_password.yaml b/site/hpgen10/secrets/passphrases/osh_barbican_password.yaml
new file mode 100644 (file)
index 0000000..b6b898e
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_barbican_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: ec1a97a83907f193a717
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml b/site/hpgen10/secrets/passphrases/osh_barbican_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..8d4896e
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_barbican_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 634c104df082faf67332
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_cinder_oslo_db_password.yaml b/site/hpgen10/secrets/passphrases/osh_cinder_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..f746a53
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_cinder_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 4be86cd9e1e9fc3f7dc5
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml b/site/hpgen10/secrets/passphrases/osh_cinder_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..7c44dad
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_cinder_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 8d143e5fb4b4dac3768c
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml b/site/hpgen10/secrets/passphrases/osh_cinder_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..ef35609
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_cinder_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: ac0217906c77ee117000
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_cinder_password.yaml b/site/hpgen10/secrets/passphrases/osh_cinder_password.yaml
new file mode 100644 (file)
index 0000000..6c862e9
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_cinder_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 4dca0954fba72f359566
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml b/site/hpgen10/secrets/passphrases/osh_cinder_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..6b40e2e
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_cinder_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: f3bda8af291469d2240d
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_glance_oslo_db_password.yaml b/site/hpgen10/secrets/passphrases/osh_glance_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..d1b477f
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_glance_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 153a394cfd01623987a7
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml b/site/hpgen10/secrets/passphrases/osh_glance_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..3794583
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_glance_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 2c3fcccd6597903cb67c
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_glance_oslo_messaging_password.yaml b/site/hpgen10/secrets/passphrases/osh_glance_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..536f9e1
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_glance_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 597a366bd4f86f2d7070
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_glance_password.yaml b/site/hpgen10/secrets/passphrases/osh_glance_password.yaml
new file mode 100644 (file)
index 0000000..7e13ed4
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_glance_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: bf7662ee82349d8ce8a2
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml b/site/hpgen10/secrets/passphrases/osh_glance_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..4f71b69
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_glance_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 245f4c5f7ca0d06e8416
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_heat_oslo_db_password.yaml b/site/hpgen10/secrets/passphrases/osh_heat_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..9145d8b
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 6d5cbe4e78499e7ea1be
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml b/site/hpgen10/secrets/passphrases/osh_heat_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..8165c99
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 0fb3767e5bd60737c3ce
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_heat_oslo_messaging_password.yaml b/site/hpgen10/secrets/passphrases/osh_heat_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..f588658
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 2f986c8b860f5e2e6e67
+...
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
 # See the License for the specific language governing permissions and        #
 # limitations under the License.                                             #
 ##############################################################################
-
 schema: deckhand/Passphrase/v1
 metadata:
   schema: metadata/Document/v1
-  name: ipmi_admin_password
+  name: osh_heat_password
   layeringDefinition:
     abstract: false
     layer: site
   storagePolicy: cleartext
-data: Admin123
+data: 444f3082037eb9921782
 ...
diff --git a/site/hpgen10/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml b/site/hpgen10/secrets/passphrases/osh_heat_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..a708f8b
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 7a525e66176fd10c317a
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_heat_stack_user_password.yaml b/site/hpgen10/secrets/passphrases/osh_heat_stack_user_password.yaml
new file mode 100644 (file)
index 0000000..66ce0ca
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_stack_user_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 3cfcdb863f68ec896735
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_heat_trustee_password.yaml b/site/hpgen10/secrets/passphrases/osh_heat_trustee_password.yaml
new file mode 100644 (file)
index 0000000..4ff7f30
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_heat_trustee_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 6b1727c22c773c902647
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_horizon_oslo_db_password.yaml b/site/hpgen10/secrets/passphrases/osh_horizon_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..51b950a
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_horizon_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 97456d11a2389e0a68b9
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_infra_addons_jenkins_password.yaml b/site/hpgen10/secrets/passphrases/osh_infra_addons_jenkins_password.yaml
new file mode 100644 (file)
index 0000000..00610fb
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_addons_jenkins_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 0ca991324505e13f7a77
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml b/site/hpgen10/secrets/passphrases/osh_infra_elasticsearch_admin_password.yaml
new file mode 100644 (file)
index 0000000..b103a8e
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_elasticsearch_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: b12f1e35c6951455d62d
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_infra_grafana_admin_password.yaml b/site/hpgen10/secrets/passphrases/osh_infra_grafana_admin_password.yaml
new file mode 100644 (file)
index 0000000..e58ee87
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_grafana_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 573a60b9ca0e5639f86b
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml b/site/hpgen10/secrets/passphrases/osh_infra_grafana_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..764bd20
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_grafana_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 6e9a3a90bdac0988b850
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml b/site/hpgen10/secrets/passphrases/osh_infra_grafana_oslo_db_session_password.yaml
new file mode 100644 (file)
index 0000000..f5c107c
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_grafana_oslo_db_session_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: e59fde1e4e2ca04a0e6d
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_infra_kibana_admin_password.yaml b/site/hpgen10/secrets/passphrases/osh_infra_kibana_admin_password.yaml
new file mode 100644 (file)
index 0000000..99615fe
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_kibana_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: c3d955527901302d2c10
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_infra_nagios_admin_password.yaml b/site/hpgen10/secrets/passphrases/osh_infra_nagios_admin_password.yaml
new file mode 100644 (file)
index 0000000..90aadfc
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_nagios_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: cc78bc60e26c2f5a28fa
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_infra_openstack_exporter_password.yaml b/site/hpgen10/secrets/passphrases/osh_infra_openstack_exporter_password.yaml
new file mode 100644 (file)
index 0000000..5df7971
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_openstack_exporter_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: d5f5133765b1ab430e85
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml b/site/hpgen10/secrets/passphrases/osh_infra_oslo_db_admin_password.yaml
new file mode 100644 (file)
index 0000000..ed26a19
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_oslo_db_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: f6a5b5fe9e6eb437c207
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_keystone_admin_password.yaml b/site/hpgen10/secrets/passphrases/osh_keystone_admin_password.yaml
new file mode 100644 (file)
index 0000000..47f8457
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: a3df1a9771d9f0480bb2
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_keystone_ldap_mechid_password.yaml b/site/hpgen10/secrets/passphrases/osh_keystone_ldap_mechid_password.yaml
new file mode 100644 (file)
index 0000000..04bd863
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_ldap_mechid_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 5aacc198d8a1edeff4a8
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_keystone_ldap_password.yaml b/site/hpgen10/secrets/passphrases/osh_keystone_ldap_password.yaml
new file mode 100644 (file)
index 0000000..b253174
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_ldap_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 5aacc198d8a1edeff4a8
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_keystone_oslo_db_password.yaml b/site/hpgen10/secrets/passphrases/osh_keystone_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..ef96f98
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 57cfda14a8ec656b9ccf
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml b/site/hpgen10/secrets/passphrases/osh_keystone_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..0f9734e
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: c7e2ef5bfab729b9cdf1
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml b/site/hpgen10/secrets/passphrases/osh_keystone_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..44e39c1
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: a00052e05aa7e1b704bc
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml b/site/hpgen10/secrets/passphrases/osh_keystone_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..28e43a8
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_keystone_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 7388108f67be16a4f252
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_neutron_oslo_db_password.yaml b/site/hpgen10/secrets/passphrases/osh_neutron_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..1548270
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_neutron_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 5496c4a52d6223a1bc6c
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml b/site/hpgen10/secrets/passphrases/osh_neutron_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..c471565
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_neutron_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 4eaff3effbc9a1b5ddc3
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml b/site/hpgen10/secrets/passphrases/osh_neutron_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..133bd8f
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_neutron_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 10a9e6ad21ef9f43173c
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_neutron_password.yaml b/site/hpgen10/secrets/passphrases/osh_neutron_password.yaml
new file mode 100644 (file)
index 0000000..487d7af
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_neutron_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 9bb23c5d7181eabc52f7
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml b/site/hpgen10/secrets/passphrases/osh_neutron_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..d03ecd4
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_neutron_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: afa9d3d0af33dcc3ca57
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_nova_oslo_db_password.yaml b/site/hpgen10/secrets/passphrases/osh_nova_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..71a158f
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: a1b32d78a4e4deee451a
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml b/site/hpgen10/secrets/passphrases/osh_nova_oslo_messaging_admin_password.yaml
new file mode 100644 (file)
index 0000000..497262c
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_oslo_messaging_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: c450b0c73cafa654e144
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_nova_oslo_messaging_password.yaml b/site/hpgen10/secrets/passphrases/osh_nova_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..55ef5e6
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 173ec39e9f950f86ae24
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_nova_password.yaml b/site/hpgen10/secrets/passphrases/osh_nova_password.yaml
new file mode 100644 (file)
index 0000000..36213b4
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: a48fdaacf7bd05f7c3ff
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml b/site/hpgen10/secrets/passphrases/osh_nova_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..627de35
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_nova_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 410fe4f619b2cc8c417b
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_oslo_cache_secret_key.yaml b/site/hpgen10/secrets/passphrases/osh_oslo_cache_secret_key.yaml
new file mode 100644 (file)
index 0000000..d2f3350
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_oslo_cache_secret_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 083d87906595da201c0b
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_oslo_db_admin_password.yaml b/site/hpgen10/secrets/passphrases/osh_oslo_db_admin_password.yaml
new file mode 100644 (file)
index 0000000..7663900
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_oslo_db_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 3affb82b52f975a256a8
+...
diff --git a/site/hpgen10/secrets/passphrases/osh_placement_password.yaml b/site/hpgen10/secrets/passphrases/osh_placement_password.yaml
new file mode 100644 (file)
index 0000000..d67e1a4
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_placement_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: c8d291a1a4dfa9fd41e0
+...
diff --git a/site/hpgen10/secrets/passphrases/ucp_airflow_postgres_password.yaml b/site/hpgen10/secrets/passphrases/ucp_airflow_postgres_password.yaml
new file mode 100644 (file)
index 0000000..e17c30f
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_airflow_postgres_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 2b2e4c8018c2b4ae511f
+...
diff --git a/site/hpgen10/secrets/passphrases/ucp_armada_keystone_password.yaml b/site/hpgen10/secrets/passphrases/ucp_armada_keystone_password.yaml
new file mode 100644 (file)
index 0000000..0c1d1f6
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_armada_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 1263859ed8265dac6feb
+...
diff --git a/site/hpgen10/secrets/passphrases/ucp_barbican_keystone_password.yaml b/site/hpgen10/secrets/passphrases/ucp_barbican_keystone_password.yaml
new file mode 100644 (file)
index 0000000..94c9807
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_barbican_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 138611c0102dc397da43
+...
diff --git a/site/hpgen10/secrets/passphrases/ucp_barbican_oslo_db_password.yaml b/site/hpgen10/secrets/passphrases/ucp_barbican_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..c0212fe
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_barbican_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 9915552068ae3e3dc2e2
+...
diff --git a/site/hpgen10/secrets/passphrases/ucp_deckhand_keystone_password.yaml b/site/hpgen10/secrets/passphrases/ucp_deckhand_keystone_password.yaml
new file mode 100644 (file)
index 0000000..8d44a79
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_deckhand_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 05f4bbbb3be35cc9b1ac
+...
diff --git a/site/hpgen10/secrets/passphrases/ucp_deckhand_postgres_password.yaml b/site/hpgen10/secrets/passphrases/ucp_deckhand_postgres_password.yaml
new file mode 100644 (file)
index 0000000..661c72b
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_deckhand_postgres_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 3f4f1368325e1d492ee0
+...
diff --git a/site/hpgen10/secrets/passphrases/ucp_drydock_keystone_password.yaml b/site/hpgen10/secrets/passphrases/ucp_drydock_keystone_password.yaml
new file mode 100644 (file)
index 0000000..1592a56
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_drydock_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 40cdf9c49bd6c7e66bc8
+...
diff --git a/site/hpgen10/secrets/passphrases/ucp_drydock_postgres_password.yaml b/site/hpgen10/secrets/passphrases/ucp_drydock_postgres_password.yaml
new file mode 100644 (file)
index 0000000..2d9e071
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_drydock_postgres_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 4c771ed9d38d38f4d939
+...
diff --git a/site/hpgen10/secrets/passphrases/ucp_keystone_admin_password.yaml b/site/hpgen10/secrets/passphrases/ucp_keystone_admin_password.yaml
new file mode 100644 (file)
index 0000000..066880c
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_keystone_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: e170ddbdf99b022ae1fd
+...
diff --git a/site/hpgen10/secrets/passphrases/ucp_keystone_oslo_db_password.yaml b/site/hpgen10/secrets/passphrases/ucp_keystone_oslo_db_password.yaml
new file mode 100644 (file)
index 0000000..b584f02
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_keystone_oslo_db_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 276a90de2bf3be8d1df8
+...
diff --git a/site/hpgen10/secrets/passphrases/ucp_maas_admin_password.yaml b/site/hpgen10/secrets/passphrases/ucp_maas_admin_password.yaml
new file mode 100644 (file)
index 0000000..1506e83
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_maas_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 825958a1a47ccba33b2a
+...
diff --git a/site/hpgen10/secrets/passphrases/ucp_maas_postgres_password.yaml b/site/hpgen10/secrets/passphrases/ucp_maas_postgres_password.yaml
new file mode 100644 (file)
index 0000000..569d372
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_maas_postgres_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: f3401297fd1b8e4b6df4
+...
diff --git a/site/hpgen10/secrets/passphrases/ucp_oslo_db_admin_password.yaml b/site/hpgen10/secrets/passphrases/ucp_oslo_db_admin_password.yaml
new file mode 100644 (file)
index 0000000..41d2a62
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_oslo_db_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 045d835905deff7c4ed9
+...
diff --git a/site/hpgen10/secrets/passphrases/ucp_oslo_messaging_password.yaml b/site/hpgen10/secrets/passphrases/ucp_oslo_messaging_password.yaml
new file mode 100644 (file)
index 0000000..8f781ec
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_oslo_messaging_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 8744bd7b9d14fa037451
+...
diff --git a/site/hpgen10/secrets/passphrases/ucp_postgres_admin_password.yaml b/site/hpgen10/secrets/passphrases/ucp_postgres_admin_password.yaml
new file mode 100644 (file)
index 0000000..02edeaf
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_postgres_admin_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: a7330557eea3ce512402
+...
diff --git a/site/hpgen10/secrets/passphrases/ucp_promenade_keystone_password.yaml b/site/hpgen10/secrets/passphrases/ucp_promenade_keystone_password.yaml
new file mode 100644 (file)
index 0000000..308e44f
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_promenade_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 4533ad6a479120ef4710
+...
diff --git a/site/hpgen10/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml b/site/hpgen10/secrets/passphrases/ucp_rabbitmq_erlang_cookie.yaml
new file mode 100644 (file)
index 0000000..c61043c
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_rabbitmq_erlang_cookie
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 541fe3ba1c65bd553e9a
+...
diff --git a/site/hpgen10/secrets/passphrases/ucp_shipyard_keystone_password.yaml b/site/hpgen10/secrets/passphrases/ucp_shipyard_keystone_password.yaml
new file mode 100644 (file)
index 0000000..f7231fa
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_shipyard_keystone_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: 86db58e20de93ef55477
+...
diff --git a/site/hpgen10/secrets/passphrases/ucp_shipyard_postgres_password.yaml b/site/hpgen10/secrets/passphrases/ucp_shipyard_postgres_password.yaml
new file mode 100644 (file)
index 0000000..5f2da82
--- /dev/null
@@ -0,0 +1,26 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: deckhand/Passphrase/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_shipyard_postgres_password
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: d1fcd313bdc5fe69464b
+...
diff --git a/site/hpgen10/secrets/publickey/localadmin_ssh_public_key.yaml b/site/hpgen10/secrets/publickey/localadmin_ssh_public_key.yaml
new file mode 100644 (file)
index 0000000..9ccf31e
--- /dev/null
@@ -0,0 +1,27 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: deckhand/PublicKey/v1
+metadata:
+  schema: metadata/Document/v1
+  name: localadmin_ssh_public_key
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/n4mNLAj3XKG2fcm+8eVe0NUlNH0g8DA8KJ53rSLKccm8gm4UgLmGOJyBfUloQZMuOpU6a+hexN4ECCliqI7+KUmgJgsvLkJ3OUMNTEVu9tDX5mdXeffsufaqFkAdmbJ/9PMPiPQ3/UqbbtyEcqoZAwUWf4ggAWSp00SGE1Okg+skPSbDzPVHb4810eXZT1yoIg29HAenJNNrsVxvnMT2kw2OYmLfxgEUh1Ev4c5LnUog4GXBDHQtHAwaIoTu9s/q8VIvGav62RJVFn3U1D0jkiwDLSIFn8ezORQ4YkSidwdSrtqsqa2TJ0E5w/n5h5IVGO9neY8YlXrgynLd4Y+7 root@pocnjrsv132
+...
similarity index 92%
rename from site/site30/site-definition.yaml
rename to site/hpgen10/site-definition.yaml
index 135d804..df500a2 100644 (file)
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -25,5 +25,5 @@ metadata:
   storagePolicy: cleartext
 data:
   revision: v4.0
-  site_type: large
+  site_type: foundry
 ...
diff --git a/site/hpgen10/software/charts/kubernetes/container-networking/calico.yaml b/site/hpgen10/software/charts/kubernetes/container-networking/calico.yaml
new file mode 100644 (file)
index 0000000..f3c0661
--- /dev/null
@@ -0,0 +1,54 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  replacement: true
+  name: kubernetes-calico
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: kubernetes-calico-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    networking:
+      settings:
+        mesh: "off"
+        ippool:
+          ipip:
+            enabled: "false"
+            mode: "cross-subnet"
+      bgp:
+        asnumber: 65531
+        ipv4:
+          additional_cidrs:
+            - 172.29.1.136/29
+          peers:
+            - apiVersion: v1
+              kind: bgpPeer
+              metadata:
+                peerIP: 172.29.1.1
+                scope: global
+              spec:
+                asnumber: 65001
+...
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -47,15 +47,13 @@ metadata:
         path: .values.images.tags
 
     # IP addresses
-    -
-      src:
+    - src:
         schema: pegleg/CommonAddresses/v1
         name: common-addresses
         path: .calico.etcd.service_ip
       dest:
         path: .values.service.ip
-    -
-      src:
+    - src:
         schema: pegleg/CommonAddresses/v1
         name: common-addresses
         path: .calico.etcd.service_ip
@@ -63,15 +61,13 @@ metadata:
         path: .values.anchor.etcdctl_endpoint
 
     # CAs
-    -
-      src:
+    - src:
         schema: deckhand/CertificateAuthority/v1
         name: calico-etcd
         path: .
       dest:
         path: .values.secrets.tls.client.ca
-    -
-      src:
+    - src:
         schema: deckhand/CertificateAuthority/v1
         name: calico-etcd-peer
         path: .
@@ -79,15 +75,13 @@ metadata:
         path: .values.secrets.tls.peer.ca
 
     # Anchor client cert
-    -
-      src:
+    - src:
         schema: deckhand/Certificate/v1
         name: calico-etcd-anchor
         path: .
       dest:
         path: .values.secrets.anchor.tls.cert
-    -
-      src:
+    - src:
         schema: deckhand/CertificateKey/v1
         name: calico-etcd-anchor
         path: .
@@ -95,29 +89,26 @@ metadata:
         path: .values.secrets.anchor.tls.key
 
     # Node names
-    -
-      src:
+    - src:
         schema: pegleg/CommonAddresses/v1
         name: common-addresses
         path: .masters[0].hostname
       dest:
         path: .values.nodes[0].name
-    -
-      src:
+    - src:
         schema: pegleg/CommonAddresses/v1
         name: common-addresses
         path: .masters[1].hostname
       dest:
         path: .values.nodes[1].name
-    -
-      src:
+    - src:
         schema: pegleg/CommonAddresses/v1
         name: common-addresses
         path: .genesis.hostname
       dest:
         path: .values.nodes[2].name
 
-   # Server certs
+    # Server certs
     - src:
         schema: deckhand/Certificate/v1
         name: calico-etcd-aknode31
@@ -166,6 +157,7 @@ metadata:
         path: .
       dest:
         path: .values.nodes[1].tls.peer.key
+
     # NOTE(mb874d): Be sure we generate these certs for genesis.
     - src:
         schema: deckhand/Certificate/v1
@@ -192,7 +184,8 @@ metadata:
       dest:
         path: .values.nodes[2].tls.peer.key
 
-
-data: {}
-
+data:
+  values:
+    manifests:
+      test_etcd_health: false
 ...
diff --git a/site/hpgen10/software/charts/kubernetes/dns/coredns.yaml b/site/hpgen10/software/charts/kubernetes/dns/coredns.yaml
new file mode 100644 (file)
index 0000000..01d7d57
--- /dev/null
@@ -0,0 +1,102 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: coredns
+  replacement: true
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+        name: coredns-global
+    actions:
+        - method: replace
+          path: .values.conf.coredns.corefile
+        - method: merge
+          path: .
+  storagePolicy: cleartext
+  substitutions:
+    # Zones
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .dns.cluster_domain
+      dest:
+        path: .values.conf.coredns.corefile
+        pattern: '(CLUSTER_DOMAIN)'
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .kubernetes.service_cidr
+      dest:
+        path: .values.conf.coredns.corefile
+        pattern: '(SERVICE_CIDR)'
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .kubernetes.pod_cidr
+      dest:
+        path:  .values.conf.coredns.corefile
+        pattern: '(POD_CIDR)'
+
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .dns.upstream_servers[0]
+      dest:
+        path: .values.conf.coredns.corefile
+        pattern: '(UPSTREAM1)'
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .dns.upstream_servers[1]
+      dest:
+        path: .values.conf.coredns.corefile
+        pattern: '(UPSTREAM2)'
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .dns.upstream_servers[2]
+      dest:
+        path: .values.conf.coredns.corefile
+        pattern: '(UPSTREAM3)'
+data:
+  values:
+    conf:
+      coredns:
+        # TODO(alanmeadows) this needs to be adjusted to use substition
+        corefile: |
+          .:53 {
+              errors
+              health
+              autopath @kubernetes
+              kubernetes CLUSTER_DOMAIN SERVICE_CIDR POD_CIDR {
+                pods insecure
+                fallthrough in-addr.arpa ip6.arpa
+                upstream UPSTREAM1
+                upstream UPSTREAM2
+                upstream UPSTREAM3
+              }
+              prometheus :9153
+              proxy . UPSTREAM1
+              proxy . UPSTREAM2
+              proxy . UPSTREAM3
+              cache 30
+          }
+...
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -23,10 +23,10 @@ metadata:
     abstract: false
     layer: site
     parentSelector:
-        name: kubernetes-etcd-global
+      name: kubernetes-etcd-global
     actions:
-        - method: merge
-          path: .
+      - method: merge
+        path: .
   storagePolicy: cleartext
   substitutions:
 
@@ -47,15 +47,13 @@ metadata:
         path: .values.images.tags
 
     # IP addresses
-    -
-      src:
+    - src:
         schema: pegleg/CommonAddresses/v1
         name: common-addresses
         path: .kubernetes.etcd_service_ip
       dest:
         path: .values.service.ip
-    -
-      src:
+    - src:
         schema: pegleg/CommonAddresses/v1
         name: common-addresses
         path: .kubernetes.etcd_service_ip
@@ -63,30 +61,26 @@ metadata:
         path: .values.anchor.etcdctl_endpoint
 
     # CAs
-    -
-      src:
+    - src:
         schema: deckhand/CertificateAuthority/v1
         name: kubernetes-etcd
         path: .
       dest:
         path: .values.secrets.tls.client.ca
-    -
-      src:
+    - src:
         schema: deckhand/CertificateAuthority/v1
         name: kubernetes-etcd-peer
         path: .
       dest:
         path: .values.secrets.tls.peer.ca
 
-    -
-      src:
+    - src:
         schema: deckhand/Certificate/v1
         name: kubernetes-etcd-anchor
         path: .
       dest:
         path: .values.secrets.anchor.tls.cert
-    -
-      src:
+    - src:
         schema: deckhand/CertificateKey/v1
         name: kubernetes-etcd-anchor
         path: .
@@ -94,30 +88,26 @@ metadata:
         path: .values.secrets.anchor.tls.key
 
     # Node names
-    -
-      src:
+    - src:
         schema: pegleg/CommonAddresses/v1
         name: common-addresses
         path: .masters[0].hostname
       dest:
         path: .values.nodes[0].name
-    -
-      src:
+    - src:
         schema: pegleg/CommonAddresses/v1
         name: common-addresses
         path: .masters[1].hostname
       dest:
         path: .values.nodes[1].name
-
-    -
-      src:
+    - src:
         schema: pegleg/CommonAddresses/v1
         name: common-addresses
         path: .genesis.hostname
       dest:
         path: .values.nodes[2].name
 
-   # Server certs
+    # Server certs
     - src:
         schema: deckhand/Certificate/v1
         name: kubernetes-etcd-aknode31
@@ -166,6 +156,7 @@ metadata:
         path: .
       dest:
         path: .values.nodes[1].tls.peer.key
+
     # Genesis node
     - src:
         schema: deckhand/Certificate/v1
@@ -193,5 +184,4 @@ metadata:
         path: .values.nodes[2].tls.peer.key
 
 data: {}
-
 ...
diff --git a/site/hpgen10/software/charts/kubernetes/ingress/ingress.yaml b/site/hpgen10/software/charts/kubernetes/ingress/ingress.yaml
new file mode 100644 (file)
index 0000000..d7121cb
--- /dev/null
@@ -0,0 +1,32 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ingress-kube-system
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      ingress: kube-system
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data: {}
+...
diff --git a/site/hpgen10/software/charts/osh-infra/osh-infra-logging/elasticsearch.yaml b/site/hpgen10/software/charts/osh-infra/osh-infra-logging/elasticsearch.yaml
new file mode 100644 (file)
index 0000000..f838322
--- /dev/null
@@ -0,0 +1,32 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: elasticsearch
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      hosttype: elasticsearch-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data: {}
+...
diff --git a/site/hpgen10/software/charts/osh-infra/osh-infra-logging/fluent-logging.yaml b/site/hpgen10/software/charts/osh-infra/osh-infra-logging/fluent-logging.yaml
new file mode 100644 (file)
index 0000000..bf4b39f
--- /dev/null
@@ -0,0 +1,32 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: fluent-logging
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      hosttype: fluent-logging-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data: {}
+...
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -18,8 +18,8 @@
 schema: armada/Chart/v1
 metadata:
   schema: metadata/Document/v1
-  name: neutron-site30
-  #replacement: true
+  name: neutron
+  replacement: true
   labels:
     component: neutron
   layeringDefinition:
@@ -33,9 +33,15 @@ metadata:
   storagePolicy: cleartext
 data:
   values:
+    labels:
+      agent:
+        sriov:
+          node_selector_key: sriov
+          node_selector_value: enabled
     network:
-#      auto_bridge_add:
-#        br-bond0: bond0
+      backend:
+        - openvswitch
+        - sriov
       interface:
         sriov:
           - device: ens6f0
@@ -48,11 +54,16 @@ data:
       plugins:
         openvswitch_agent:
           ovs:
-            bridge_mappings: physnet:br-bond0
+            bridge_mappings: bond0:br-bond0
         sriov_agent:
+          securitygroup:
+            firewall_driver: neutron.agent.firewall.NoopFirewallDriver
           sriov_nic:
-            physical_device_mappings: sriovnet1:ens6f0,sriovnet2:ens6f1
+            exclude_devices: null
+            physical_device_mappings: 'sriovnet1:ens6f0,sriovnet2:ens6f1'
         ml2_conf:
+          ml2:
+            mechanism_drivers: l2population,openvswitch,sriovnicswitch
           ml2_type_vlan:
-            network_vlan_ranges: physnet:46:300,sriovnet1:100:4000,sriovnet2:100:4000,sriovnet3:100:4000,sriovnet4:100:4000
+            network_vlan_ranges: bond0:46:300,sriovnet1:2001:3000,sriovnet2:2001:3000
 ...
diff --git a/site/hpgen10/software/charts/osh/openstack-compute-kit/nova.yaml b/site/hpgen10/software/charts/osh/openstack-compute-kit/nova.yaml
new file mode 100644 (file)
index 0000000..5cd0e3e
--- /dev/null
@@ -0,0 +1,52 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: nova
+  labels:
+    component: nova
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: nova-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    network:
+      backend:
+        - openvswitch
+        - sriov
+    conf:
+      nova:
+        filter_scheduler:
+          enabled_filters: "RetryFilter, AvailabilityZoneFilter, RamFilter, ComputeFilter, ComputeCapabilitiesFilter, ImagePropertiesFilter, ServerGroupAntiAffinityFilter, ServerGroupAffinityFilter, PciPassthroughFilter, NUMATopologyFilter, DifferentHostFilter, SameHostFilter"
+        libvirt:
+          virt_type: kvm
+        DEFAULT:
+          vcpu_pin_set: "4-21,26-43,48-65,72-87"
+          vif_plugging_is_fatal: False
+          vif_plugging_timeout: 30
+        pci:
+          alias: '{ "vendor_id":"10de", "product_id":"1db4", "name":"V100", "device_type":"type-PCI" }'
+          passthrough_whitelist: '{"vendor_id": "10de", "product_id": "1db4"}'
+...
diff --git a/site/hpgen10/software/charts/ucp/ceph/ceph-client-update.yaml b/site/hpgen10/software/charts/ucp/ceph/ceph-client-update.yaml
new file mode 100644 (file)
index 0000000..9dda132
--- /dev/null
@@ -0,0 +1,37 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-ceph-client-update
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-ceph-client-update-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    conf:
+      pool:
+        target:
+          osd: 24
+...
diff --git a/site/hpgen10/software/charts/ucp/ceph/ceph-client.yaml b/site/hpgen10/software/charts/ucp/ceph/ceph-client.yaml
new file mode 100644 (file)
index 0000000..6abdfbf
--- /dev/null
@@ -0,0 +1,37 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-ceph-client
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-ceph-client-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    conf:
+      pool:
+        target:
+          osd: 8
+...
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
 schema: armada/Chart/v1
 metadata:
   schema: metadata/Document/v1
-  name: ucp-ceph
+  name: ucp-ceph-osd
   layeringDefinition:
     abstract: false
     layer: site
     parentSelector:
-      name: ucp-ceph-global
+      name: ucp-ceph-osd-global
     actions:
       - method: replace
         path: .values.conf.storage.osd
@@ -83,8 +83,4 @@ data:
             journal:
               type: directory
               location: /var/lib/ceph/journal/journal-sdi
-      pool:
-        target:
-          osd: 8
 ...
-
diff --git a/site/hpgen10/software/charts/ucp/divingbell/divingbell.yaml b/site/hpgen10/software/charts/ucp/divingbell/divingbell.yaml
new file mode 100644 (file)
index 0000000..5b9525a
--- /dev/null
@@ -0,0 +1,47 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-divingbell
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-divingbell-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+  substitutions:
+    - dest:
+        path: .values.conf.uamlite.users[0].user_sshkeys[0]
+      src:
+        schema: deckhand/PublicKey/v1
+        name: localadmin_ssh_public_key
+        path: .
+
+data:
+  values:
+    conf:
+      uamlite:
+        users:
+          - user_name: localadmin
+            user_sudo: true
+            user_sshkeys: []
+...
diff --git a/site/hpgen10/software/charts/ucp/drydock/maas.yaml b/site/hpgen10/software/charts/ucp/drydock/maas.yaml
new file mode 100644 (file)
index 0000000..4aad5c7
--- /dev/null
@@ -0,0 +1,47 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-maas
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-maas-global
+    actions:
+      - method: replace
+        path: .values.conf.maas.proxy
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    conf:
+      maas:
+        ntp:
+          disable_ntpd_region: true
+          disable_ntpd_rack: true
+        images:
+          default_os: 'ubuntu'
+          default_image: 'xenial'
+          default_kernel: 'hwe-16.04'
+        proxy:
+          proxy_enabled: 'false'
+          peer_proxy_enabled: false
+...
diff --git a/site/hpgen10/software/charts/ucp/promenade/promenade.yaml b/site/hpgen10/software/charts/ucp/promenade/promenade.yaml
new file mode 100644 (file)
index 0000000..3ba5671
--- /dev/null
@@ -0,0 +1,40 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-promenade
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-promenade-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    pod:
+      env:
+        promenade_api:
+         - name: no_proxy
+           value: localhost,127.0.0.1,192.168.0.0/16,172.0.0.0/8,10.0.0.0/8
+         - name: NO_PROXY
+           value: localhost,127.0.0.1,192.168.0.0/16,172.0.0.0/8,10.0.0.0/8
+...
diff --git a/site/hpgen10/software/config/common-software-config.yaml b/site/hpgen10/software/config/common-software-config.yaml
new file mode 100644 (file)
index 0000000..6683425
--- /dev/null
@@ -0,0 +1,29 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: pegleg/CommonSoftwareConfig/v1
+metadata:
+  schema: metadata/Document/v1
+  name: common-software-config
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  osh:
+    region_name: RegionOne
+...
diff --git a/site/hpgen10/software/config/endpoints.yaml b/site/hpgen10/software/config/endpoints.yaml
new file mode 100644 (file)
index 0000000..0f0324c
--- /dev/null
@@ -0,0 +1,1582 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+schema: pegleg/EndpointCatalogue/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_endpoints
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+  # substitutions:
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .ucp.identity.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .ucp.shipyard.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .ceph.object_store.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .ceph.ceph_object_store.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .ceph.object_store.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .ceph.object_store.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .ceph.object_store.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .ceph.ceph_object_store.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .ceph.ceph_object_store.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .ceph.ceph_object_store.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .ucp.identity.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .ucp.identity.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .ucp.identity.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .ucp.shipyard.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .ucp.shipyard.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .ucp.shipyard.host_fqdn_override.public.tls.key
+data:
+  ucp:
+    identity:
+      namespace: ucp
+      name: keystone
+      hosts:
+        default: keystone-api
+        public: keystone
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: iam.DOMAIN
+      path:
+        default: /v3
+      scheme:
+        default: http
+        # public: https
+      port:
+        admin:
+          default: 35357
+        api:
+          default: 80
+          public: 80
+    armada:
+      name: armada
+      hosts:
+        default: armada-api
+        public: armada
+      port:
+        api:
+          default: 8000
+      path:
+        default: /api/v1.0
+      scheme:
+        default: http
+      host_fqdn_override:
+        default: null
+    deckhand:
+      name: deckhand
+      hosts:
+        default: deckhand-int
+        public: deckhand-api
+      port:
+        api:
+          default: 9000
+      path:
+        default: /api/v1.0
+      scheme:
+        default: http
+      host_fqdn_override:
+        default: null
+    postgresql:
+      name: postgresql
+      hosts:
+        default: postgresql
+      path: /DB_NAME
+      scheme: postgresql+psycopg2
+      port:
+        postgresql:
+          default: 5432
+      host_fqdn_override:
+        default: null
+    postgresql_airflow_celery:
+      name: postgresql_airflow_celery_db
+      hosts:
+        default: postgresql
+      path: /DB_NAME
+      scheme: db+postgresql
+      port:
+        postgresql:
+          default: 5432
+      host_fqdn_override:
+        default: null
+    oslo_db:
+      hosts:
+        default: mariadb
+        discovery: mariadb-discovery
+      host_fqdn_override:
+        default: null
+      path: /DB_NAME
+      scheme: mysql+pymysql
+      port:
+        mysql:
+          default: 3306
+        wsrep:
+          default: 4567
+    key_manager:
+      name: barbican
+      hosts:
+        default: barbican-api
+        public: barbican
+      host_fqdn_override:
+        default: null
+      path:
+        default: /v1
+      scheme:
+        default: http
+      port:
+        api:
+          default: 9311
+          public: 80
+    oslo_messaging:
+      namespace: null
+      hosts:
+        default: rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /openstack
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+    oslo_cache:
+      hosts:
+        default: memcached
+      host_fqdn_override:
+        default: null
+      port:
+        memcache:
+          default: 11211
+    physicalprovisioner:
+      name: drydock
+      hosts:
+        default: drydock-api
+      port:
+        api:
+          default: 9000
+          nodeport: 31900
+      path:
+        default: /api/v1.0
+      scheme:
+        default: http
+      host_fqdn_override:
+        default: null
+    maas_region_ui:
+      name: maas-region-ui
+      hosts:
+        default: maas-region-ui
+        public: maas
+      path:
+        default: /MAAS
+      scheme:
+        default: "http"
+      port:
+        region_ui:
+          default: 80
+          public: 80
+      host_fqdn_override:
+        default: null
+    kubernetesprovisioner:
+      name: promenade
+      hosts:
+        default: promenade-api
+      port:
+        api:
+          default: 80
+      path:
+        default: /api/v1.0
+      scheme:
+        default: http
+      host_fqdn_override:
+        default: null
+    shipyard:
+      name: shipyard
+      hosts:
+        default: shipyard-int
+        public: shipyard-api
+      port:
+        api:
+          default: 9000
+          public: 80
+      path:
+        default: /api/v1.0
+      scheme:
+        default: http
+        # public: https
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: shipyard.DOMAIN
+    airflow_web:
+      name: airflow-web
+      hosts:
+        default: airflow-web-int
+        public: airflow-web
+      port:
+        airflow_web:
+          default: 8080
+      path:
+        default: /
+      scheme:
+        default: http
+      host_fqdn_override:
+        default: null
+    airflow_flower:
+      name: airflow-flower
+      hosts:
+        default: airflow-flower
+      port:
+        airflow_flower:
+          default: 5555
+      path:
+        default: /
+      scheme:
+        default: http
+      host_fqdn_override:
+        default: null
+  ceph:
+    object_store:
+      name: swift
+      namespace: ceph
+      hosts:
+        default: ceph-rgw
+        public: radosgw
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: object-store.DOMAIN
+      path:
+        default: /swift/v1
+      scheme:
+        default: http
+        # public: "https"
+      port:
+        api:
+          default: 8088
+          # public: 443
+    ceph_object_store:
+      name: radosgw
+      namespace: ceph
+      hosts:
+        default: ceph-rgw
+        public: radosgw
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: object-store.DOMAIN
+      path:
+        default: /auth/v1.0
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8088
+          # public: 443
+    ceph_mon:
+      namespace: ceph
+      hosts:
+        default: ceph-mon
+        discovery: ceph-mon-discovery
+      host_fqdn_override:
+        default: null
+      port:
+        mon:
+          default: 6789
+    ceph_mgr:
+      namespace: ceph
+      hosts:
+        default: ceph-mgr
+      host_fqdn_override:
+        default: null
+      port:
+        mgr:
+          default: 7000
+      scheme:
+        default: http
+...
+---
+schema: pegleg/EndpointCatalogue/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_endpoints
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+  # substitutions:
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.object_store.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.ceph_object_store.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.object_store.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.object_store.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.object_store.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.ceph_object_store.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.ceph_object_store.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.ceph_object_store.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.image.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.cloudformation.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.orchestration.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.compute.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.compute_novnc_proxy.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.placement.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.network.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.identity.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.dashboard.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.volume.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.volumev2.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh.volumev3.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.identity.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.identity.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.identity.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.orchestration.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.orchestration.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.orchestration.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.cloudformation.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.cloudformation.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.cloudformation.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.dashboard.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.dashboard.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.dashboard.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.image.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.image.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.image.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.volume.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.volume.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.volume.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.volumev2.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.volumev2.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.volumev2.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.volumev3.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.volumev3.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.volumev3.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.compute.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.compute.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.compute.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.compute_novnc_proxy.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.placement.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.placement.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.placement.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh.network.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh.network.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh.network.host_fqdn_override.public.tls.key
+data:
+  osh:
+    object_store:
+      name: swift
+      namespace: ceph
+      hosts:
+        default: ceph-rgw
+        public: radosgw
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: object-store.DOMAIN
+      path:
+        default: /swift/v1/KEY_$(tenant_id)s
+      scheme:
+        default: http
+        # public: "https"
+      port:
+        api:
+          default: 8088
+          # public: 443
+    ceph_object_store:
+      name: radosgw
+      namespace: ceph
+      hosts:
+        default: ceph-rgw
+        public: radosgw
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: object-store.DOMAIN
+      path:
+        default: /auth/v1.0
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8088
+          # public: 443
+    oslo_db:
+      hosts:
+        default: mariadb
+        discovery: mariadb-discovery
+      host_fqdn_override:
+        default: null
+      path: /DB_NAME
+      scheme: mysql+pymysql
+      port:
+        mysql:
+          default: 3306
+        wsrep:
+          default: 4567
+    keystone_oslo_messaging:
+      namespace: openstack
+      hosts:
+        default: keystone-rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /keystone
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+        http:
+          default: 15672
+    keystone_rabbitmq_exporter:
+      namespace: openstack
+      hosts:
+        default: keystone-rabbitmq-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9095
+    oslo_cache:
+      namespace: openstack
+      hosts:
+        default: memcached
+      host_fqdn_override:
+        default: null
+      port:
+        memcache:
+          default: 11211
+    identity:
+      namespace: openstack
+      name: keystone
+      hosts:
+        default: keystone-api
+        public: keystone
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: identity.DOMAIN
+      path:
+        default: /v3
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        admin:
+          default: 35357
+        api:
+          default: 80
+          # public: 443
+    glance_oslo_messaging:
+      namespace: openstack
+      hosts:
+        default: glance-rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /glance
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+        http:
+          default: 15672
+    glance_rabbitmq_exporter:
+      namespace: openstack
+      hosts:
+        default: glance-rabbitmq-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9095
+    image:
+      name: glance
+      hosts:
+        default: glance-api
+        public: glance
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: image.DOMAIN
+      path:
+        default: null
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 9292
+          # public: 443
+    image_registry:
+      name: glance-registry
+      hosts:
+        default: glance-registry
+        public: glance-reg
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 9191
+          public: 80
+    cinder_oslo_messaging:
+      namespace: openstack
+      hosts:
+        default: cinder-rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /cinder
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+        http:
+          default: 15672
+    cinder_rabbitmq_exporter:
+      namespace: openstack
+      hosts:
+        default: cinder-rabbitmq-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9095
+    volume:
+      name: cinder
+      hosts:
+        default: cinder-api
+        public: cinder
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: volume.DOMAIN
+      path:
+        default: "/v1/%(tenant_id)s"
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8776
+          # public: 443
+    volumev2:
+      name: cinderv2
+      hosts:
+        default: cinder-api
+        public: cinder
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: volume.DOMAIN
+      path:
+        default: "/v2/%(tenant_id)s"
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8776
+          # public: 443
+    volumev3:
+      name: cinderv3
+      hosts:
+        default: cinder-api
+        public: cinder
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: volume.DOMAIN
+      path:
+        default: "/v3/%(tenant_id)s"
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8776
+          # public: 443
+    heat_oslo_messaging:
+      namespace: openstack
+      hosts:
+        default: heat-rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /heat
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+        http:
+          default: 15672
+    heat_rabbitmq_exporter:
+      namespace: openstack
+      hosts:
+        default: heat-rabbitmq-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9095
+    orchestration:
+      name: heat
+      hosts:
+        default: heat-api
+        public: heat
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: orchestration.DOMAIN
+      path:
+        default: "/v1/%(project_id)s"
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8004
+          # public: 443
+    cloudformation:
+      name: heat-cfn
+      hosts:
+        default: heat-cfn
+        public: cloudformation
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: cloudformation.DOMAIN
+      path:
+        default: /v1
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8000
+          # public: 443
+    cloudwatch:
+      name: heat-cloudwatch
+      hosts:
+        default: heat-cloudwatch
+        public: cloudwatch
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      type: null
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 8003
+          public: 80
+    neutron_oslo_messaging:
+      namespace: openstack
+      hosts:
+        default: neutron-rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /neutron
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+        http:
+          default: 15672
+    neutron_rabbitmq_exporter:
+      namespace: openstack
+      hosts:
+        default: neutron-rabbitmq-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9095
+    network:
+      name: neutron
+      hosts:
+        default: neutron-server
+        public: neutron
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: network.DOMAIN
+      path:
+        default: null
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 9696
+          # public: 443
+    nova_oslo_messaging:
+      namespace: openstack
+      hosts:
+        default: nova-rabbitmq
+      host_fqdn_override:
+        default: null
+      path: /nova
+      scheme: rabbit
+      port:
+        amqp:
+          default: 5672
+        http:
+          default: 15672
+    nova_rabbitmq_exporter:
+      namespace: openstack
+      hosts:
+        default: nova-rabbitmq-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9095
+    compute:
+      name: nova
+      hosts:
+        default: nova-api
+        public: nova
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: compute.DOMAIN
+      path:
+        default: "/v2/%(tenant_id)s"
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8774
+          # public: 443
+        novncproxy:
+          default: 443
+    compute_metadata:
+      name: nova
+      hosts:
+        default: nova-metadata
+        public: metadata
+      host_fqdn_override:
+        default: null
+      path:
+        default: /
+      scheme:
+        default: "http"
+      port:
+        metadata:
+          default: 8775
+          public: 80
+    compute_novnc_proxy:
+      name: nova
+      hosts:
+        default: nova-novncproxy
+        public: novncproxy
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: nova-novncproxy.DOMAIN
+      path:
+        default: /vnc_auto.html
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        novnc_proxy:
+          default: 6080
+          # public: 443
+    compute_spice_proxy:
+      name: nova
+      hosts:
+        default: nova-spiceproxy
+      host_fqdn_override:
+        default: null
+      path:
+        default: /spice_auto.html
+      scheme:
+        default: "http"
+      port:
+        spice_proxy:
+          default: 6082
+    placement:
+      name: placement
+      hosts:
+        default: placement-api
+        public: placement
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: placement.DOMAIN
+      path:
+        default: /
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        api:
+          default: 8778
+          # public: 443
+    dashboard:
+      name: horizon
+      hosts:
+        default: horizon-int
+        public: horizon
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: dashboard.DOMAIN
+      path:
+        default: null
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        web:
+          default: 80
+          # public: 443
+...
+---
+schema: pegleg/EndpointCatalogue/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_endpoints
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+  # substitutions:
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh_infra.kibana.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh_infra.grafana.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .dns.ingress_domain
+  #     dest:
+  #       path: .osh_infra.nagios.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.kibana.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.kibana.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.kibana.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.grafana.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.grafana.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.grafana.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: deckhand/Certificate/v1
+  #       name: ingress-crt
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.nagios.host_fqdn_override.public.tls.crt
+  #   - src:
+  #       schema: deckhand/CertificateAuthority/v1
+  #       name: ingress-ca
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.nagios.host_fqdn_override.public.tls.ca
+  #   - src:
+  #       schema: deckhand/CertificateKey/v1
+  #       name: ingress-key
+  #       path: .
+  #     dest:
+  #       path: .osh_infra.nagios.host_fqdn_override.public.tls.key
+  #       path: .osh_infra.nagios.host_fqdn_override.public.tls.key
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .ldap.base_url
+  #     dest:
+  #       path:  .osh_infra.ldap.host_fqdn_override.public.host
+  #       pattern: DOMAIN
+  #   - src:
+  #       schema: pegleg/CommonAddresses/v1
+  #       name: common-addresses
+  #       path: .ldap.auth_path
+  #     dest:
+  #       path:  .osh_infra.ldap.path.default
+  #       pattern: AUTH_PATH
+data:
+  osh_infra:
+    elasticsearch:
+      name: elasticsearch
+      namespace: osh-infra
+      hosts:
+        data: elasticsearch-data
+        default: elasticsearch-logging
+        discovery: elasticsearch-discovery
+        public: elasticsearch
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        http:
+          default: 80
+    prometheus_elasticsearch_exporter:
+      namespace: null
+      hosts:
+        default: elasticsearch-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9108
+    fluentd:
+      namespace: osh-infra
+      name: fluentd
+      hosts:
+        default: fluentd-logging
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        service:
+          default: 24224
+        metrics:
+          default: 24220
+    prometheus_fluentd_exporter:
+      namespace: osh-infra
+      hosts:
+        default: fluentd-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: /metrics
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9309
+    oslo_db:
+      namespace: osh-infra
+      hosts:
+        default: mariadb
+      host_fqdn_override:
+        default: null
+      path: /DB_NAME
+      scheme: mysql+pymysql
+      port:
+        mysql:
+          default: 3306
+    grafana:
+      name: grafana
+      namespace: osh-infra
+      hosts:
+        default: grafana-dashboard
+        public: grafana
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: grafana.DOMAIN
+      path:
+        default: null
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        grafana:
+          default: 3000
+          # public: 443
+    monitoring:
+      name: prometheus
+      namespace: osh-infra
+      hosts:
+        default: prom-metrics
+        public: prometheus
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 9090
+          public: 80
+    kibana:
+      name: kibana
+      namespace: osh-infra
+      hosts:
+        default: kibana-dash
+        public: kibana
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: kibana.DOMAIN
+      path:
+        default: null
+      scheme:
+        default: "http"
+        # public: "https"
+      port:
+        kibana:
+          default: 5601
+          # public: 443
+    alerts:
+      name: alertmanager
+      namespace: osh-infra
+      hosts:
+        default: alerts-engine
+        public: alertmanager
+        discovery: alertmanager-discovery
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        api:
+          default: 9093
+          public: 80
+        mesh:
+          default: 6783
+    kube_state_metrics:
+      namespace: kube-system
+      hosts:
+        default: kube-state-metrics
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        http:
+          default: 8080
+    kube_scheduler:
+      scheme:
+        default: "http"
+      path:
+        default: /metrics
+    kube_controller_manager:
+      scheme:
+        default: "http"
+      path:
+        default: /metrics
+    node_metrics:
+      namespace: kube-system
+      hosts:
+        default: node-exporter
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        metrics:
+          default: 9100
+        prometheus_port:
+          default: 9100
+    prometheus_openstack_exporter:
+      namespace: openstack
+      hosts:
+        default: openstack-metrics
+      host_fqdn_override:
+        default: null
+      path:
+        default: null
+      scheme:
+        default: "http"
+      port:
+        exporter:
+          default: 9103
+    nagios:
+      name: nagios
+      namespace: osh-infra
+      hosts:
+        default: nagios-metrics
+        public: nagios
+      host_fqdn_override:
+        default: null
+        # public:
+        #   host: nagios.DOMAIN
+      path:
+        default: null
+      scheme:
+        default: http
+        # public: https
+      port:
+        http:
+          default: 80
+          # public: 443
+    ldap:
+      hosts:
+        default: ldap
+      host_fqdn_override:
+        default: null
+        public:
+          host: DOMAIN
+      path:
+        default: /AUTH_PATH
+      scheme:
+        default: "ldap"
+      port:
+        ldap:
+          default: 389
+...
diff --git a/site/hpgen10/software/config/service_accounts.yaml b/site/hpgen10/software/config/service_accounts.yaml
new file mode 100644 (file)
index 0000000..4dbe82d
--- /dev/null
@@ -0,0 +1,413 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: pegleg/AccountCatalogue/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp_service_accounts
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+    ucp:
+        postgres:
+            admin:
+                username: postgres
+        oslo_db:
+            admin:
+                username: root
+        oslo_messaging:
+            admin:
+                username: rabbitmq
+        keystone:
+            admin:
+                region_name: RegionOne
+                username: admin
+                project_name: admin
+                user_domain_name: default
+                project_domain_name: default
+            oslo_messaging:
+                admin:
+                    username: rabbitmq
+                keystone:
+                    username: keystone
+            oslo_db:
+                username: keystone
+                database: keystone
+        promenade:
+            keystone:
+                region_name: RegionOne
+                role: admin
+                project_name: service
+                project_domain_name: default
+                user_domain_name: default
+                username: promenade
+        drydock:
+            keystone:
+                region_name: RegionOne
+                role: admin
+                project_name: service
+                project_domain_name: default
+                user_domain_name: default
+                username: drydock
+            postgres:
+                username: drydock
+                database: drydock
+        shipyard:
+            keystone:
+                region_name: RegionOne
+                role: admin
+                project_name: service
+                project_domain_name: default
+                user_domain_name: default
+                username: shipyard
+            postgres:
+                username: shipyard
+                database: shipyard
+        airflow:
+            postgres:
+                username: airflow
+                database: airflow
+            oslo_messaging:
+                username: rabbitmq
+        maas:
+            admin:
+                username: admin
+                email: none@none
+            postgres:
+                username: maas
+                database: maasdb
+        barbican:
+            keystone:
+                region_name: RegionOne
+                role: admin
+                project_name: service
+                project_domain_name: default
+                user_domain_name: default
+                username: barbican
+            oslo_db:
+                username: barbican
+                database: barbican
+            oslo_messaging:
+                admin:
+                    username: rabbitmq
+                keystone:
+                    username: keystone
+        armada:
+            keystone:
+                project_domain_name: default
+                user_domain_name: default
+                project_name: service
+                region_name: RegionOne
+                role: admin
+                user_domain_name: default
+                username: armada
+        deckhand:
+            keystone:
+                region_name: RegionOne
+                role: admin
+                project_name: service
+                project_domain_name: default
+                user_domain_name: default
+                username: deckhand
+            postgres:
+                username: deckhand
+                database: deckhand
+    ceph:
+        swift:
+            keystone:
+                role: admin
+                region_name: RegionOne
+                username: swift
+                project_name: service
+                user_domain_name: default
+                project_domain_name: default
+...
+---
+schema: pegleg/AccountCatalogue/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_service_accounts
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+  substitutions:
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.keystone.admin.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.cinder.cinder.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.glance.glance.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.heat.heat.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.heat.heat_trustee.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.heat.heat_stack_user.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.swift.keystone.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.neutron.neutron.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.nova.nova.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.nova.placement.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.barbican.barbican.region_name
+    - src:
+        schema: pegleg/CommonSoftwareConfig/v1
+        name: common-software-config
+        path: .osh.region_name
+      dest:
+        path: .osh.barbican.barbican.region_name
+data:
+  osh:
+    keystone:
+      admin:
+        username: admin
+        project_name: admin
+        user_domain_name: default
+        project_domain_name: default
+      oslo_db:
+        username: keystone
+        database: keystone
+      oslo_messaging:
+        admin:
+          username: keystone-rabbitmq-admin
+        keystone:
+          username: keystone-rabbitmq-user
+      ldap:
+        username: "user@example-ldap.com"
+    cinder:
+      cinder:
+        role: admin
+        username: cinder
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+      oslo_db:
+        username: cinder
+        database: cinder
+      oslo_messaging:
+        admin:
+          username: cinder-rabbitmq-admin
+        cinder:
+          username: cinder-rabbitmq-user
+    glance:
+      glance:
+        role: admin
+        username: glance
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+      oslo_db:
+        username: glance
+        database: glance
+      oslo_messaging:
+        admin:
+          username: glance-rabbitmq-admin
+        glance:
+          username: glance-rabbitmq-user
+      ceph_object_store:
+        username: glance
+    heat:
+      heat:
+        role: admin
+        username: heat
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+      heat_trustee:
+        role: admin
+        username: heat-trust
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+      heat_stack_user:
+        role: admin
+        username: heat-domain
+        domain_name: heat
+      oslo_db:
+        username: heat
+        database: heat
+      oslo_messaging:
+        admin:
+          username: heat-rabbitmq-admin
+        heat:
+          username: heat-rabbitmq-user
+    swift:
+      keystone:
+        role: admin
+        username: swift
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+    oslo_db:
+      admin:
+        username: root
+    neutron:
+      neutron:
+        role: admin
+        username: neutron
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+      oslo_db:
+        username: neutron
+        database: neutron
+      oslo_messaging:
+        admin:
+          username: neutron-rabbitmq-admin
+        neutron:
+          username: neutron-rabbitmq-user
+    nova:
+      nova:
+        role: admin
+        username: nova
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+      placement:
+        role: admin
+        username: placement
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+      oslo_db:
+        username: nova
+        database: nova
+      oslo_db_api:
+        username: nova
+        database: nova_api
+      oslo_db_cell0:
+        username: nova
+        database: "nova_cell0"
+      oslo_messaging:
+        admin:
+          username: nova-rabbitmq-admin
+        nova:
+          username: nova-rabbitmq-user
+    horizon:
+      oslo_db:
+        username: horizon
+        database: horizon
+    barbican:
+      barbican:
+        role: admin
+        username: barbican
+        project_name: service
+        user_domain_name: default
+        project_domain_name: default
+      oslo_db:
+        username: barbican
+        database: barbican
+      oslo_messaging:
+        admin:
+          username: barbican-rabbitmq-admin
+        barbican:
+          username: barbican-rabbitmq-user
+...
+---
+schema: pegleg/AccountCatalogue/v1
+metadata:
+  schema: metadata/Document/v1
+  name: osh_infra_service_accounts
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  osh_infra:
+    grafana:
+      admin:
+        username: grafana
+      oslo_db:
+        username: grafana
+        database: grafana
+      oslo_db_session:
+        username: grafana_session
+        database: grafana_session
+    elasticsearch:
+      admin:
+        username: elasticsearch
+    kibana:
+      admin:
+        username: kibana
+    oslo_db:
+      admin:
+        username: root
+    prometheus_openstack_exporter:
+      user:
+        username: prometheus-openstack-exporter
+        project_name: service
+        user_domain_name: default
+    nagios:
+      admin:
+        username: nagios
+    ldap:
+      admin:
+        # NEWSITE-CHANGEME: Replace with the site's LDAP account used to
+        # authenticate to the active directory backend to validate keystone
+        # users.
+        bind: "test@ldap.example.com"
+...
diff --git a/site/hpgen10/software/manifests/full-site.yaml b/site/hpgen10/software/manifests/full-site.yaml
new file mode 100644 (file)
index 0000000..0bf3dd6
--- /dev/null
@@ -0,0 +1,69 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Manifest/v1
+metadata:
+  schema: metadata/Document/v1
+  name: full-site
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: full-site-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  release_prefix: airship
+  chart_groups:
+    - kubernetes-proxy
+    - kubernetes-container-networking
+    - kubernetes-dns
+    - kubernetes-etcd
+    - kubernetes-haproxy
+    - kubernetes-core
+    - ingress-kube-system
+    - ucp-ceph-update
+    - ucp-ceph-config
+    - ucp-core
+    - ucp-keystone
+    - ucp-divingbell
+    - ucp-armada
+    - ucp-deckhand
+    - ucp-drydock
+    - ucp-promenade
+    - ucp-shipyard
+    - osh-infra-ingress-controller
+    - osh-infra-ceph-config
+    - osh-infra-logging
+    - osh-infra-monitoring
+    - osh-infra-mariadb
+    - osh-infra-dashboards
+    - openstack-ingress-controller
+    - openstack-ceph-config
+    - openstack-mariadb
+    - openstack-memcached
+    - openstack-keystone
+    - openstack-radosgw
+    - openstack-glance
+    - openstack-cinder
+    - openstack-compute-kit
+    - openstack-heat
+    - osh-infra-prometheus-openstack-exporter
+    - openstack-horizon
+...
diff --git a/site/site30/software/charts/osh/openstack-compute-kit/nova.yaml b/site/site30/software/charts/osh/openstack-compute-kit/nova.yaml
deleted file mode 100644 (file)
index 1cce35b..0000000
+++ /dev/null
@@ -1,45 +0,0 @@
----
-##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
-#                                                                            #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
-# not use this file except in compliance with the License.                   #
-#                                                                            #
-# You may obtain a copy of the License at                                    #
-#       http://www.apache.org/licenses/LICENSE-2.0                           #
-#                                                                            #
-# Unless required by applicable law or agreed to in writing, software        #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
-# See the License for the specific language governing permissions and        #
-# limitations under the License.                                             #
-##############################################################################
-
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: nova
-  labels:
-    component: nova
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: nova-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    conf:
-      nova:
-        libvirt:
-          virt_type: kvm
-        DEFAULT:
-          vcpu_pin_set: "4-23,28-47"
-        pci:
-          alias: '{"name": "numa0", "capability_type": "pci", "product_id": "154c", "vendor_id": "8086", "device_type": "type-PCI", "numa_policy": "required"}'
-          passthrough_whitelist: |
-            [{"address": "0000:08:10.0", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:10.2", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:12.4", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:12.6", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:13.0", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:13.2", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:13.4", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:13.6", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:14.0", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:14.2", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:14.4", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:14.6", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:10.4", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:15.0", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:15.2", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:15.4", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:15.6", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:16.0", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:16.2", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:16.4", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:16.6", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:17.0", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:17.2", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:10.6", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:17.4", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:17.6", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:11.0", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:11.2", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:11.4", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:11.6", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:12.0", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:12.2", "physical_network": "sriovnet1", "trusted": "true"}, {"address": "0000:08:10.1", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:10.3", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:12.5", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:12.7", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:13.1", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:13.3", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:13.5", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:13.7", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:14.1", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:14.3", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:14.5", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:14.7", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:10.5", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:15.1", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:15.3", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:15.5", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:15.7", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:16.1", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:16.3", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:16.5", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:16.7", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:17.1", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:17.3", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:10.7", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:17.5", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:17.7", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:11.1", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:11.3", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:11.5", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:11.7", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:12.1", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:08:12.3", "physical_network": "sriovnet2", "trusted": "true"}, {"address": "0000:81:10.0", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:10.2", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:12.4", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:12.6", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:13.0", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:13.2", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:13.4", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:13.6", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:14.0", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:14.2", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:14.4", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:14.6", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:10.4", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:15.0", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:15.2", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:15.4", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:15.6", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:16.0", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:16.2", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:16.4", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:16.6", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:17.0", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:17.2", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:10.6", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:17.4", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:17.6", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:11.0", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:11.2", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:11.4", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:11.6", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:12.0", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:12.2", "physical_network": "sriovnet3", "trusted": "true"}, {"address": "0000:81:10.1", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:10.3", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:12.5", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:12.7", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:13.1", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:13.3", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:13.5", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:13.7", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:14.1", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:14.3", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:14.5", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:14.7", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:10.5", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:15.1", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:15.3", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:15.5", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:15.7", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:16.1", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:16.3", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:16.5", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:16.7", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:17.1", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:17.3", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:10.7", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:17.5", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:17.7", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:11.1", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:11.3", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:11.5", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:11.7", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:12.1", "physical_network": "sriovnet4", "trusted": "true"}, {"address": "0000:81:12.3", "physical_network": "sriovnet4", "trusted": "true"}]
-...
diff --git a/site/site30/software/config/endpoints.yaml b/site/site30/software/config/endpoints.yaml
deleted file mode 100644 (file)
index d620941..0000000
+++ /dev/null
@@ -1,1069 +0,0 @@
----
-##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
-#                                                                            #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
-# not use this file except in compliance with the License.                   #
-#                                                                            #
-# You may obtain a copy of the License at                                    #
-#       http://www.apache.org/licenses/LICENSE-2.0                           #
-#                                                                            #
-# Unless required by applicable law or agreed to in writing, software        #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
-# See the License for the specific language governing permissions and        #
-# limitations under the License.                                             #
-##############################################################################
-
-schema: pegleg/EndpointCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp_endpoints
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .domain.url
-      dest:
-        path: .ucp.identity.host_fqdn_override.public
-        pattern: DOMAIN
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .domain.url
-      dest:
-        path: .ucp.shipyard.host_fqdn_override.public
-        pattern: DOMAIN
-data:
-  ucp:
-    identity:
-      namespace: ucp
-      name: keystone
-      hosts:
-        default: keystone-api
-        public: keystone
-      host_fqdn_override:
-        default: null
-        public: iam.DOMAIN
-      path:
-        default: /v3
-      scheme:
-        default: http
-      port:
-        admin:
-          default: 35357
-        api:
-          default: 80
-    armada:
-      name: armada
-      hosts:
-        default: armada-api
-        public: armada
-      port:
-        api:
-          default: 8000
-      path:
-        default: /api/v1.0
-      scheme:
-        default: http
-      host_fqdn_override:
-        default: null
-    deckhand:
-      name: deckhand
-      hosts:
-        default: deckhand-int
-        public: deckhand-api
-      port:
-        api:
-          default: 9000
-      path:
-        default: /api/v1.0
-      scheme:
-        default: http
-      host_fqdn_override:
-        default: null
-    postgresql:
-      name: postgresql
-      hosts:
-        default: postgresql
-      path: /DB_NAME
-      scheme: postgresql+psycopg2
-      port:
-        postgresql:
-          default: 5432
-      host_fqdn_override:
-        default: null
-    postgresql_airflow_celery:
-      name: postgresql_airflow_celery_db
-      hosts:
-        default: postgresql
-      path: /DB_NAME
-      scheme: db+postgresql
-      port:
-        postgresql:
-          default: 5432
-      host_fqdn_override:
-        default: null
-    oslo_db:
-      hosts:
-        default: mariadb
-        discovery: mariadb-discovery
-      host_fqdn_override:
-        default: null
-      path: /DB_NAME
-      scheme: mysql+pymysql
-      port:
-        mysql:
-          default: 3306
-        wsrep:
-          default: 4567
-    key_manager:
-      name: barbican
-      hosts:
-        default: barbican-api
-        public: barbican
-      host_fqdn_override:
-        default: null
-      path:
-        default: /v1
-      scheme:
-        default: http
-      port:
-        api:
-          default: 9311
-          public: 80
-    oslo_messaging:
-      namespace: null
-      hosts:
-        default: rabbitmq
-      host_fqdn_override:
-        default: null
-      path: /openstack
-      scheme: rabbit
-      port:
-        amqp:
-          default: 5672
-    oslo_cache:
-      hosts:
-        default: memcached
-      host_fqdn_override:
-        default: null
-      port:
-        memcache:
-          default: 11211
-    physicalprovisioner:
-      name: drydock
-      hosts:
-        default: drydock-api
-      port:
-        api:
-          default: 9000
-          nodeport: 31900
-      path:
-        default: /api/v1.0
-      scheme:
-        default: http
-      host_fqdn_override:
-        default: null
-    maas_region_ui:
-      name: maas-region-ui
-      hosts:
-        default: maas-region-ui
-        public: maas
-      path:
-        default: /MAAS
-      scheme:
-        default: "http"
-      port:
-        region_ui:
-          default: 80
-          public: 80
-      host_fqdn_override:
-        default: null
-    kubernetesprovisioner:
-      name: promenade
-      hosts:
-        default: promenade-api
-      port:
-        api:
-          default: 80
-      path:
-        default: /api/v1.0
-      scheme:
-        default: http
-      host_fqdn_override:
-        default: null
-    shipyard:
-      name: shipyard
-      hosts:
-        default: shipyard-int
-        public: shipyard-api
-      port:
-        api:
-          default: 9000
-          public: 80
-      path:
-        default: /api/v1.0
-      scheme:
-        default: http
-      host_fqdn_override:
-        default: null
-        public: shipyard.DOMAIN
-    airflow_web:
-      name: airflow-web
-      hosts:
-        default: airflow-web-int
-        public: airflow-web
-      port:
-        airflow_web:
-          default: 8080
-      path:
-        default: /
-      scheme:
-        default: http
-      host_fqdn_override:
-        default: null
-    airflow_flower:
-      name: airflow-flower
-      hosts:
-        default: airflow-flower
-      port:
-        airflow_flower:
-          default: 5555
-      path:
-        default: /
-      scheme:
-        default: http
-      host_fqdn_override:
-        default: null
-  ceph:
-    object_store:
-      name: swift
-      namespace: ceph
-      hosts:
-        default: ceph-rgw
-      host_fqdn_override:
-        default: null
-      path:
-        default: /swift/v1
-      scheme:
-        default: http
-      port:
-        api:
-          default: 8088
-    ceph_mon:
-      namespace: ceph
-      hosts:
-        default: ceph-mon
-        discovery: ceph-mon-discovery
-      host_fqdn_override:
-        default: null
-      port:
-        mon:
-          default: 6789
-    ceph_mgr:
-      namespace: ceph
-      hosts:
-        default: ceph-mgr
-      host_fqdn_override:
-        default: null
-      port:
-        mgr:
-          default: 7000
-      scheme:
-        default: http
-...
----
-schema: pegleg/EndpointCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_endpoints
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .domain.url
-      dest:
-        path: .osh.image.host_fqdn_override.public
-        pattern: DOMAIN
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .domain.url
-      dest:
-        path: .osh.cloudformation.host_fqdn_override.public
-        pattern: DOMAIN
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .domain.url
-      dest:
-        path: .osh.orchestration.host_fqdn_override.public
-        pattern: DOMAIN
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .domain.url
-      dest:
-        path: .osh.compute.host_fqdn_override.public
-        pattern: DOMAIN
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .domain.url
-      dest:
-        path: .osh.compute_novnc_proxy.host_fqdn_override.public
-        pattern: DOMAIN
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .domain.url
-      dest:
-        path: .osh.network.host_fqdn_override.public
-        pattern: DOMAIN
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .domain.url
-      dest:
-        path: .osh.identity.host_fqdn_override.public
-        pattern: DOMAIN
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .domain.url
-      dest:
-        path: .osh.dashboard.host_fqdn_override.public
-        pattern: DOMAIN
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .domain.url
-      dest:
-        path: .osh.volume.host_fqdn_override.public
-        pattern: DOMAIN
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .domain.url
-      dest:
-        path: .osh.volumev2.host_fqdn_override.public
-        pattern: DOMAIN
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .domain.url
-      dest:
-        path: .osh.volumev3.host_fqdn_override.public
-        pattern: DOMAIN
-data:
-  osh:
-    oslo_db:
-      hosts:
-        default: mariadb
-        discovery: mariadb-discovery
-      host_fqdn_override:
-        default: null
-      path: /DB_NAME
-      scheme: mysql+pymysql
-      port:
-        mysql:
-          default: 3306
-        wsrep:
-          default: 4567
-    keystone_oslo_messaging:
-      namespace: openstack
-      hosts:
-        default: keystone-rabbitmq
-      host_fqdn_override:
-        default: null
-      path: /keystone
-      scheme: rabbit
-      port:
-        amqp:
-          default: 5672
-        http:
-          default: 15672
-    keystone_rabbitmq_exporter:
-      namespace: openstack
-      hosts:
-        default: keystone-rabbitmq-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9095
-    oslo_cache:
-      namespace: openstack
-      hosts:
-        default: memcached
-      host_fqdn_override:
-        default: null
-      port:
-        memcache:
-          default: 11211
-    identity:
-      namespace: openstack
-      name: keystone
-      hosts:
-        default: keystone-api
-        public: keystone
-      host_fqdn_override:
-        default: null
-        public: keystone.DOMAIN
-      path:
-        default: /v3
-      scheme:
-        default: "http"
-      port:
-        admin:
-          default: 35357
-        api:
-          default: 80
-    glance_oslo_messaging:
-      namespace: openstack
-      hosts:
-        default: glance-rabbitmq
-      host_fqdn_override:
-        default: null
-      path: /glance
-      scheme: rabbit
-      port:
-        amqp:
-          default: 5672
-        http:
-          default: 15672
-    glance_rabbitmq_exporter:
-      namespace: openstack
-      hosts:
-        default: glance-rabbitmq-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9095
-    image:
-      name: glance
-      hosts:
-        default: glance-api
-        public: glance
-      host_fqdn_override:
-        default: null
-        public: image.DOMAIN
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 9292
-          public: 80
-    image_registry:
-      name: glance-registry
-      hosts:
-        default: glance-registry
-        public: glance-reg
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 9191
-          public: 80
-    cinder_oslo_messaging:
-      namespace: openstack
-      hosts:
-        default: cinder-rabbitmq
-      host_fqdn_override:
-        default: null
-      path: /cinder
-      scheme: rabbit
-      port:
-        amqp:
-          default: 5672
-        http:
-          default: 15672
-    cinder_rabbitmq_exporter:
-      namespace: openstack
-      hosts:
-        default: cinder-rabbitmq-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9095
-    volume:
-      name: cinder
-      hosts:
-        default: cinder-api
-        public: cinder
-      host_fqdn_override:
-        default: null
-        public: volume.DOMAIN
-      path:
-        default: "/v1/%(tenant_id)s"
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 8776
-          public: 80
-    volumev2:
-      name: cinderv2
-      hosts:
-        default: cinder-api
-        public: cinder
-      host_fqdn_override:
-        default: null
-        public: volume.DOMAIN
-      path:
-        default: "/v2/%(tenant_id)s"
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 8776
-          public: 80
-    volumev3:
-      name: cinderv3
-      hosts:
-        default: cinder-api
-        public: cinder
-      host_fqdn_override:
-        default: null
-        public: volume.DOMAIN
-      path:
-        default: "/v3/%(tenant_id)s"
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 8776
-          public: 80
-    ceph_object_store:
-      name: radosgw
-      namespace: ceph
-      hosts:
-        default: ceph-rgw
-      host_fqdn_override:
-        default: null
-      path:
-        default: /auth/v1.0
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 8088
-    heat_oslo_messaging:
-      namespace: openstack
-      hosts:
-        default: heat-rabbitmq
-      host_fqdn_override:
-        default: null
-      path: /heat
-      scheme: rabbit
-      port:
-        amqp:
-          default: 5672
-        http:
-          default: 15672
-    heat_rabbitmq_exporter:
-      namespace: openstack
-      hosts:
-        default: heat-rabbitmq-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9095
-    orchestration:
-      name: heat
-      hosts:
-        default: heat-api
-        public: heat
-      host_fqdn_override:
-        default: null
-        public: orchestration.DOMAIN
-      path:
-        default: "/v1/%(project_id)s"
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 8004
-          public: 80
-    cloudformation:
-      name: heat-cfn
-      hosts:
-        default: heat-cfn
-        public: cloudformation
-      host_fqdn_override:
-        default: null
-        public: cloudformation.DOMAIN
-      path:
-        default: /v1
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 8000
-          public: 80
-    cloudwatch:
-      name: heat-cloudwatch
-      hosts:
-        default: heat-cloudwatch
-        public: cloudwatch
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      type: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 8003
-          public: 80
-    neutron_oslo_messaging:
-      namespace: openstack
-      hosts:
-        default: neutron-rabbitmq
-      host_fqdn_override:
-        default: null
-      path: /neutron
-      scheme: rabbit
-      port:
-        amqp:
-          default: 5672
-        http:
-          default: 15672
-    neutron_rabbitmq_exporter:
-      namespace: openstack
-      hosts:
-        default: neutron-rabbitmq-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9095
-    network:
-      name: neutron
-      hosts:
-        default: neutron-server
-        public: neutron
-      host_fqdn_override:
-        default: null
-        public: network.DOMAIN
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 9696
-          public: 80
-    nova_oslo_messaging:
-      namespace: openstack
-      hosts:
-        default: nova-rabbitmq
-      host_fqdn_override:
-        default: null
-      path: /nova
-      scheme: rabbit
-      port:
-        amqp:
-          default: 5672
-        http:
-          default: 15672
-    nova_rabbitmq_exporter:
-      namespace: openstack
-      hosts:
-        default: nova-rabbitmq-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9095
-    compute:
-      name: nova
-      hosts:
-        default: nova-api
-        public: nova
-      host_fqdn_override:
-        default: null
-        public: compute.DOMAIN
-      path:
-        default: "/v2/%(tenant_id)s"
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 8774
-          public: 80
-        novncproxy:
-          default: 6080
-    compute_metadata:
-      name: nova
-      hosts:
-        default: nova-metadata
-        public: metadata
-      host_fqdn_override:
-        default: null
-      path:
-        default: /
-      scheme:
-        default: "http"
-      port:
-        metadata:
-          default: 8775
-          public: 80
-    compute_novnc_proxy:
-      name: nova
-      hosts:
-        default: nova-novncproxy
-        public: novncproxy
-      host_fqdn_override:
-        default: null
-        public: nova-novncproxy.DOMAIN
-      path:
-        default: /vnc_auto.html
-      scheme:
-        default: "http"
-      port:
-        novnc_proxy:
-          default: 6080
-    compute_spice_proxy:
-      name: nova
-      hosts:
-        default: nova-spiceproxy
-      host_fqdn_override:
-        default: null
-      path:
-        default: /spice_auto.html
-      scheme:
-        default: "http"
-      port:
-        spice_proxy:
-          default: 6082
-    placement:
-      name: placement
-      hosts:
-        default: placement-api
-        public: placement
-      host_fqdn_override:
-        default: null
-      path:
-        default: /
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 8778
-          public: 80
-    dashboard:
-      name: horizon
-      hosts:
-        default: horizon-int
-        public: horizon
-      host_fqdn_override:
-        default: null
-        public: dashboard.DOMAIN
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        web:
-          default: 80
-    barbican_oslo_messaging:
-      namespace: openstack
-      hosts:
-        default: barbican-rabbitmq
-      host_fqdn_override:
-        default: null
-      path: /barbican
-      scheme: rabbit
-      port:
-        amqp:
-          default: 5672
-        http:
-          default: 15672
-    barbican_rabbitmq_exporter:
-      namespace: openstack
-      hosts:
-        default: barbican-rabbitmq-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9095
-    key_manager:
-      name: barbican
-      hosts:
-        default: barbican-api
-        public: barbican
-      host_fqdn_override:
-        default: null
-      path:
-        default: /v1
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 9311
-          public: 80
-...
----
-schema: pegleg/EndpointCatalogue/v1
-metadata:
-  schema: metadata/Document/v1
-  name: osh_infra_endpoints
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-  substitutions:
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .domain.url
-      dest:
-        path: .osh_infra.kibana.host_fqdn_override.public
-        pattern: DOMAIN
-    - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .domain.url
-      dest:
-        path: .osh_infra.grafana.host_fqdn_override.public
-        pattern: DOMAIN
-data:
-  osh_infra:
-    elasticsearch:
-      name: elasticsearch
-      namespace: osh-infra
-      hosts:
-        data: elasticsearch-data
-        default: elasticsearch-logging
-        discovery: elasticsearch-discovery
-        public: elasticsearch
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        http:
-          default: 80
-    prometheus_elasticsearch_exporter:
-      namespace: null
-      hosts:
-        default: elasticsearch-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9108
-    fluentd:
-      namespace: osh-infra
-      name: fluentd
-      hosts:
-        default: fluentd-logging
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        service:
-          default: 24224
-        metrics:
-          default: 24220
-    prometheus_fluentd_exporter:
-      namespace: osh-infra
-      hosts:
-        default: fluentd-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: /metrics
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9309
-    oslo_db:
-      namespace: osh-infra
-      hosts:
-        default: mariadb
-      host_fqdn_override:
-        default: null
-      path: /DB_NAME
-      scheme: mysql+pymysql
-      port:
-        mysql:
-          default: 3306
-    grafana:
-      name: grafana
-      namespace: osh-infra
-      hosts:
-        default: grafana-dashboard
-        public: grafana
-      host_fqdn_override:
-        default: null
-        public: grafana.DOMAIN
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        grafana:
-          default: 3000
-    monitoring:
-      name: prometheus
-      namespace: osh-infra
-      hosts:
-        default: prom-metrics
-        public: prometheus
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 9090
-          public: 80
-    kibana:
-      name: kibana
-      namespace: osh-infra
-      hosts:
-        default: kibana-dash
-        public: kibana
-      host_fqdn_override:
-        default: null
-        public: kibana.DOMAIN
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        kibana:
-          default: 5601
-    alerts:
-      name: alertmanager
-      namespace: osh-infra
-      hosts:
-        default: alerts-engine
-        public: alertmanager
-        discovery: alertmanager-discovery
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        api:
-          default: 9093
-          public: 80
-        mesh:
-          default: 6783
-    kube_state_metrics:
-      namespace: kube-system
-      hosts:
-        default: kube-state-metrics
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        http:
-          default: 8080
-    kube_scheduler:
-      scheme:
-        default: "http"
-      path:
-        default: /metrics
-    kube_controller_manager:
-      scheme:
-        default: "http"
-      path:
-        default: /metrics
-    node_metrics:
-      namespace: kube-system
-      hosts:
-        default: node-exporter
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        metrics:
-          default: 9100
-        prometheus_port:
-          default: 9100
-    prometheus_openstack_exporter:
-      namespace: openstack
-      hosts:
-        default: openstack-metrics
-      host_fqdn_override:
-        default: null
-      path:
-        default: null
-      scheme:
-        default: "http"
-      port:
-        exporter:
-          default: 9103
-...
diff --git a/site30.yaml b/site30.yaml
deleted file mode 100644 (file)
index 2bdb18b..0000000
+++ /dev/null
@@ -1,282 +0,0 @@
----
-##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
-#                                                                            #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
-# not use this file except in compliance with the License.                   #
-#                                                                            #
-# You may obtain a copy of the License at                                    #
-#       http://www.apache.org/licenses/LICENSE-2.0                           #
-#                                                                            #
-# Unless required by applicable law or agreed to in writing, software        #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
-# See the License for the specific language governing permissions and        #
-# limitations under the License.                                             #
-##############################################################################
-
-site_name: hp_akraino
-ipmi_admin_password: Admin123
-networks:
-  bonded: yes
-  primary: bond0
-  slaves:
-    - name: ens3f0
-    - name: ens3f1
-  oob:
-    vlan: 40
-    interface: 
-    cidr: 192.168.41.0/24
-    routes:
-      gateway: 192.168.41.1
-    ranges:
-      reserved:
-        start: 192.168.41.2
-        end: 192.168.41.4
-      static:
-        start: 192.168.41.5
-        end: 192.168.41.254
-  host:
-    vlan: 41   
-    interface: bond0.41
-    cidr: 192.168.2.0/24
-    routes:
-       gateway: 192.168.2.85
-    ranges:
-      reserved:
-        start: 192.168.2.84
-        end: 192.168.2.86
-      static:
-        start: 192.168.2.1
-        end: 192.168.2.83
-  storage:
-    vlan: 42
-    interface: bond0.42
-    cidr: 172.31.1.0/24
-    ranges:
-      reserved:
-        start: 172.31.1.1
-        end: 172.31.1.10
-      static:
-        start: 172.31.1.11
-        end: 172.31.1.254
-  pxe:
-    vlan: 
-    interface: eno1
-    cidr: 172.30.1.0/24
-    gateway: 172.30.1.1
-    ranges:
-      reserved:
-        start: 172.30.1.2
-        end:  172.30.1.10
-      static:
-        start: 172.30.1.11
-        end: 172.30.1.200
-      dhcp:
-        start: 172.30.1.201
-        end: 172.30.1.254
-  ksn:
-    vlan: 44
-    interface: bond0.44
-    cidr: 172.29.1.0/24
-    local_asnumber: 65531
-    ranges:
-      static:
-        start: 172.29.1.5
-        end: 172.29.1.254
-    additional_cidrs:
-      -  172.29.1.136/29
-    ingress_cidr: 172.29.1.137/32
-    peers:
-    - ip: 172.29.1.1
-      scope: global
-      asnumber: 65001
-    vrrp_ip: 172.29.1.1 # keep peers ip address in case of only peer.
-  neutron:
-    vlan: 45
-    interface: bond0.45
-    cidr: 10.0.101.0/24
-    ranges:
-      reserved:
-        start: 10.0.101.1
-        end: 10.0.101.10
-      static:
-        start: 10.0.101.11
-        end: 10.0.101.254
-sriovnets:
-- physical: sriovnet1
-  interface: ens6f0
-  vlan_start: 100
-  vlan_end: 4000
-  whitelists:
-      "0000:af:02.0":  "enp175s2"
-      "0000:af:02.1":  "enp175s2f1"
-      "0000:af:03.2":  "enp175s3f2"
-      "0000:af:03.3":  "enp175s3f3"
-      "0000:af:03.4":  "enp175s3f4"
-      "0000:af:03.5":  "enp175s3f5"
-      "0000:af:03.6":  "enp175s3f6"
-      "0000:af:03.7":  "enp175s3f7"
-      "0000:af:04.0":  "enp175s4"
-      "0000:af:04.1":  "enp175s4f1"
-      "0000:af:04.2":  "enp175s4f2"
-      "0000:af:04.3":  "enp175s4f3"
-      "0000:af:02.2":  "enp175s2f2"
-      "0000:af:04.4":  "enp175s4f4"
-      "0000:af:04.5":  "enp175s4f5"
-      "0000:af:04.6":  "enp175s4f6"
-      "0000:af:04.7":  "enp175s4f7"
-      "0000:af:05.0":  "enp175s5"
-      "0000:af:05.1":  "enp175s5f1"
-      "0000:af:05.2":  "enp175s5f2"
-      "0000:af:05.3":  "enp175s5f3"
-      "0000:af:05.4":  "enp175s5f4"
-      "0000:af:05.5":  "enp175s5f5"
-      "0000:af:02.3":  "enp175s2f3"
-      "0000:af:05.6":  "enp175s5f6"
-      "0000:af:05.7":  "enp175s5f7"
-      "0000:af:02.4":  "enp175s2f4"
-      "0000:af:02.5":  "enp175s2f5"
-      "0000:af:02.6":  "enp175s2f6"
-      "0000:af:02.7":  "enp175s2f7"
-      "0000:af:03.0":  "enp175s3"
-      "0000:af:03.1":  "enp175s3f1"
-- physical: sriovnet2
-  interface: ens6f1
-  vlan_start: 100
-  vlan_end: 4000
-  whitelists:
-      "0000:af:0a.0":  "enp175s10"
-      "0000:af:0a.1":  "enp175s10f1"
-      "0000:af:0b.2":  "enp175s11f2"
-      "0000:af:0b.3":  "enp175s11f3"
-      "0000:af:0b.4":  "enp175s11f4"
-      "0000:af:0b.5":  "enp175s11f5"
-      "0000:af:0b.6":  "enp175s11f6"
-      "0000:af:0b.7":  "enp175s11f7"
-      "0000:af:0c.0":  "enp175s12"
-      "0000:af:0c.1":  "enp175s12f1"
-      "0000:af:0c.2":  "enp175s12f2"
-      "0000:af:0c.3":  "enp175s12f3"
-      "0000:af:0a.2":  "enp175s10f2"
-      "0000:af:0c.4":  "enp175s12f4"
-      "0000:af:0c.5":  "enp175s12f5"
-      "0000:af:0c.6":  "enp175s12f6"
-      "0000:af:0c.7":  "enp175s12f7"
-      "0000:af:0d.0":  "enp175s13"
-      "0000:af:0d.1":  "enp175s13f1"
-      "0000:af:0d.2":  "enp175s13f2"
-      "0000:af:0d.3":  "enp175s13f3"
-      "0000:af:0d.4":  "enp175s13f4"
-      "0000:af:0d.5":  "enp175s13f5"
-      "0000:af:0a.3":  "enp175s10f3"
-      "0000:af:0d.6":  "enp175s13f6"
-      "0000:af:0d.7":  "enp175s13f7"
-      "0000:af:0a.4":  "enp175s10f4"
-      "0000:af:0a.5":  "enp175s10f5"
-      "0000:af:0a.6":  "enp175s10f6"
-      "0000:af:0a.7":  "enp175s10f7"
-      "0000:af:0b.0":  "enp175s11"
-      "0000:af:0b.1":  "enp175s11f1"
-storage:
-  osds:
-    - data: /dev/sdb
-      journal: /var/lib/openstack-helm/ceph/journal0/osd/journal-sdb
-    - data: /dev/sdc
-      journal: /var/lib/openstack-helm/ceph/journal1/osd/journal-sdc
-    - data: /dev/sdd
-      journal: /var/lib/openstack-helm/ceph/journal0/osd/journal-sdd
-    - data: /dev/sde
-      journal: /var/lib/openstack-helm/ceph/journal1/osd/journal-sde
-    - data: /dev/sdf
-      journal: /var/lib/openstack-helm/ceph/journal0/osd/journal-sdf
-    - data: /dev/sdg
-      journal: /var/lib/openstack-helm/ceph/journal1/osd/journal-sdg
-    - data: /dev/sdg
-      journal: /var/lib/openstack-helm/ceph/journal0/osd/journal-sdh
-    - data: /dev/sdi
-      journal: /var/lib/openstack-helm/ceph/journal1/osd/journal-sdi
-    - data: /dev/sdk
-      journal: /var/lib/openstack-helm/ceph/journal0/osd/journal-sdk
-  osd_count: 9
-genesis:
-  name: csonjrsv30
-  oob: 192.168.41.30
-  host: 192.168.2.30
-  storage: 172.31.1.30
-  pxe: 172.30.1.30
-  ksn: 172.29.1.30
-  neutron: 10.0.101.30
-masters:
-  - name : csonjrsv31
-  - name : csonjrsv32
-workers:
-  - name : csonjrsv33
-  - name : csonjrsv34
-servers:
-  - name : csonjrsv31
-    oob: 192.168.41.31
-    host: 192.168.2.31
-    storage: 172.31.1.31
-    pxe: 172.30.1.31
-    ksn: 172.29.1.31
-    neutron: 10.0.101.31
-  - name : csonjrsv32
-    oob: 192.168.41.32
-    host: 192.168.2.32
-    storage: 172.31.1.32
-    pxe: 172.30.1.32
-    ksn: 172.29.1.32
-    neutron: 10.0.101.32
-  - name : csonjrsv33
-    oob: 192.168.41.33
-    host: 192.168.2.33
-    storage: 172.31.1.33
-    pxe: 172.30.1.33
-    ksn: 172.29.1.33
-    neutron: 10.0.101.33
-  - name : csonjrsv34
-    oob: 192.168.41.34
-    host: 192.168.2.34
-    storage: 172.31.1.34
-    pxe: 172.30.1.34
-    ksn: 172.29.1.34
-    neutron: 10.0.101.34
-hardware:
-  vendor: HP
-  generation: '10'
-  hw_version: '3'
-  bios_version: '2.8'
-disks:
-  - name : sdj
-    labels:
-      bootdrive: 'true'
-    partitions:
-      - name: root
-        size: 20g
-        mountpoint: /
-      - name: boot
-        size: 1g
-        mountpoint: /boot
-      - name: var
-        size: 100g
-        mountpoint: /var
-  - name : sdb
-    partitions:
-      - name: cephj0
-        size: 100g
-        mountpoint: /var/lib/openstack-helm/ceph/journal0
-  - name : sdc
-    partitions:
-      - name: cephj1
-        size: 100g
-        mountpoint: /var/lib/openstack-helm/ceph/journal1
-genesis_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/n4mNLAj3XKG2fcm+8eVe0NUlNH0g8DA8KJ53rSLKccm8gm4UgLmGOJyBfUloQZMuOpU6a+hexN4ECCliqI7+KUmgJgsvLkJ3OUMNTEVu9tDX5mdXeffsufaqFkAdmbJ/9PMPiPQ3/UqbbtyEcqoZAwUWf4ggAWSp00SGE1Okg+skPSbDzPVHb4810eXZT1yoIg29HAenJNNrsVxvnMT2kw2OYmLfxgEUh1Ev4c5LnUog4GXBDHQtHAwaIoTu9s/q8VIvGav62RJVFn3U1D0jkiwDLSIFn8ezORQ4YkSidwdSrtqsqa2TJ0E5w/n5h5IVGO9neY8YlXrgynLd4Y+7 root@pocnjrsv132"
-kubernetes:
-  api_service_ip: 10.96.0.1
-  etcd_service_ip: 10.96.0.2
-  pod_cidr: 10.99.0.0/16
-  service_cidr: 10.96.0.0/15
-regional_server:
-  ip: 135.16.101.85
-...
diff --git a/templates/aic-clcp-manifests/software/charts/kubernetes/container-networking/calico.j2 b/templates/aic-clcp-manifests/software/charts/kubernetes/container-networking/calico.j2
deleted file mode 100644 (file)
index 485d487..0000000
+++ /dev/null
@@ -1,163 +0,0 @@
----
-##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
-#                                                                            #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
-# not use this file except in compliance with the License.                   #
-#                                                                            #
-# You may obtain a copy of the License at                                    #
-#       http://www.apache.org/licenses/LICENSE-2.0                           #
-#                                                                            #
-# Unless required by applicable law or agreed to in writing, software        #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
-# See the License for the specific language governing permissions and        #
-# limitations under the License.                                             #
-##############################################################################
-
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: kubernetes-calico
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-        name: kubernetes-calico-global
-    actions:
-        - method: delete
-          path: .values.calico
-        - method: delete
-          path: .values.etcd
-        - method: merge
-          path: .
-  storagePolicy: cleartext
-  substitutions:
-    # IP addresses
-    -
-      src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .calico.etcd.service_ip
-      dest:
-        path: .values.endpoints.etcd.host_fqdn_override.default
-    -
-      src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.pod_cidr
-      dest:
-        path: .values.networking.podSubnet
-    -
-      src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .kubernetes.api_service_ip
-      dest:
-        path: .values.conf.policy_controller.K8S_API
-        pattern: SUB_KUBERNETES_IP
-
-    # Other site-specific configuration
-    -
-      src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .calico.ip_autodetection_method
-      dest:
-        path: .values.conf.node.IP_AUTODETECTION_METHOD
-
-    # Certificates
-    -
-      src:
-        schema: deckhand/CertificateAuthority/v1
-        name: calico-etcd
-        path: .
-      dest:
-        path: .values.endpoints.etcd.auth.client.tls.ca
-    -
-      src:
-        schema: deckhand/Certificate/v1
-        name: calico-node
-        path: .
-      dest:
-        path: .values.endpoints.etcd.auth.client.tls.crt
-    -
-      src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-node
-        path: .
-      dest:
-        path: .values.endpoints.etcd.auth.client.tls.key
-data:
-  chart_name: calico
-  release: calico
-  namespace: kube-system
-  timeout: 600
-  upgrade:
-    no_hooks: true
-  values:
-    conf:
-      cni_network_config:
-        name: k8s-pod-network
-        cniVersion: 0.1.0
-        type: calico
-        etcd_endpoints: __ETCD_ENDPOINTS__
-        etcd_ca_cert_file: /etc/calico/pki/ca
-        etcd_cert_file: /etc/calico/pki/crt
-        etcd_key_file: /etc/calico/pki/key
-        log_level: info
-        mtu: 1500
-        ipam:
-          type: calico-ipam
-        policy:
-          type: k8s
-          k8s_api_root: https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__
-          k8s_auth_token: __SERVICEACCOUNT_TOKEN__
-
-      policy_controller:
-        K8S_API: "https://SUB_KUBERNETES_IP:443"
-
-      node:
-        CALICO_STARTUP_LOGLEVEL: INFO
-        CLUSTER_TYPE:
-          - k8s
-          - bgp
-        WAIT_FOR_STORAGE: "true"
-
-    endpoints:
-      etcd:
-        hosts:
-          default: calico-etcd
-        scheme:
-          default: https
-
-    networking:
-      mtu: 1500
-      settings:
-        mesh: "off"
-        ippool:
-          ipip:
-            enabled: "false"
-            mode: "cross-subnet"
-      bgp:
-        asnumber: {{yaml.networks.ksn.local_asnumber}}
-        ipv4:
-          additional_cidrs:
-{% for add_cidr in yaml.networks.ksn.additional_cidrs %}
-            -  {{add_cidr}}
-{% endfor %}
-          peers:
-{% for peer in yaml.networks.ksn.peers %}
-            - apiVersion: v1
-              kind: bgpPeer
-              metadata:
-                peerIP: {{peer.ip}}
-                scope: {{peer.scope}}
-              spec:
-                asnumber: {{peer.asnumber}}
-{% endfor %}
-    manifests:
-      daemonset_calico_etcd: false
-      job_image_repo_sync: false
-      service_calico_etcd: false
-...
diff --git a/templates/aic-clcp-manifests/software/charts/ucp/ceph/promenade/promenade.j2 b/templates/aic-clcp-manifests/software/charts/ucp/ceph/promenade/promenade.j2
deleted file mode 100644 (file)
index 743fc84..0000000
+++ /dev/null
@@ -1,48 +0,0 @@
----
-##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
-#                                                                            #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
-# not use this file except in compliance with the License.                   #
-#                                                                            #
-# You may obtain a copy of the License at                                    #
-#       http://www.apache.org/licenses/LICENSE-2.0                           #
-#                                                                            #
-# Unless required by applicable law or agreed to in writing, software        #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
-# See the License for the specific language governing permissions and        #
-# limitations under the License.                                             #
-##############################################################################
-
-schema: armada/Chart/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ucp-promenade
-  layeringDefinition:
-    abstract: false
-    layer: site
-    parentSelector:
-      name: ucp-promenade-global
-    actions:
-      - method: merge
-        path: .
-  storagePolicy: cleartext
-data:
-  values:
-    pod:
-      env:
-        promenade_api:
-         - name: http_proxy
-           value: http://one.proxy.att.com:8888
-         - name: https_proxy
-           value: http://one.proxy.att.com:8888
-         - name: no_proxy
-           value: {{yaml.genesis.pxe}},{{yaml.kubernetes.api_service_ip}},.cluster.local
-         - name: HTTP_PROXY
-           value: http://one.proxy.att.com:8888
-         - name: HTTPS_PROXY
-           value: http://one.proxy.att.com:8888
-         - name: NO_PROXY
-           value: {{yaml.genesis.pxe}},{{yaml.kubernetes.api_service_ip}},.cluster.local
-...
diff --git a/templates/aic-clcp-security-manifests/secrets/passphrases/ipmi_admin_password.j2 b/templates/aic-clcp-security-manifests/secrets/passphrases/ipmi_admin_password.j2
deleted file mode 100644 (file)
index 9a3aa97..0000000
+++ /dev/null
@@ -1,27 +0,0 @@
----
-##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
-#                                                                            #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
-# not use this file except in compliance with the License.                   #
-#                                                                            #
-# You may obtain a copy of the License at                                    #
-#       http://www.apache.org/licenses/LICENSE-2.0                           #
-#                                                                            #
-# Unless required by applicable law or agreed to in writing, software        #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
-# See the License for the specific language governing permissions and        #
-# limitations under the License.                                             #
-##############################################################################
-
-schema: deckhand/Passphrase/v1
-metadata:
-  schema: metadata/Document/v1
-  name: ipmi_admin_password
-  layeringDefinition:
-    abstract: false
-    layer: site
-  storagePolicy: cleartext
-data: {{yaml.ipmi_admin_password}}
-...
diff --git a/templates/aic-clcp-security-manifests/site-definition.j2 b/templates/aic-clcp-security-manifests/site-definition.j2
deleted file mode 100644 (file)
index 92c7e87..0000000
+++ /dev/null
@@ -1,27 +0,0 @@
----
-##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
-#                                                                            #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
-# not use this file except in compliance with the License.                   #
-#                                                                            #
-# You may obtain a copy of the License at                                    #
-#       http://www.apache.org/licenses/LICENSE-2.0                           #
-#                                                                            #
-# Unless required by applicable law or agreed to in writing, software        #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
-# See the License for the specific language governing permissions and        #
-# limitations under the License.                                             #
-##############################################################################
-
-data:
-    revision: v4.0
-    site_type: 5ec
-metadata:
-  layeringDefinition: {abstract: false, layer: site}
-  name: {{yaml.site_name}}
-  schema: metadata/Document/v1
-  storagePolicy: cleartext
-schema: pegleg/SiteDefinition/v1
-...
diff --git a/templates/baremetal/bootaction-sriov-blacklist.j2 b/templates/baremetal/bootaction-sriov-blacklist.j2
new file mode 100644 (file)
index 0000000..2ad6637
--- /dev/null
@@ -0,0 +1,42 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: 'drydock/BootAction/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: i40evf_blacklist
+  storagePolicy: 'cleartext'
+  layeringDefinition:
+    abstract: false
+    layer: site
+  labels:
+    application: 'drydock'
+data:
+  signaling: false
+  node_filter:
+    filter_set_type: 'union'
+    filter_set:
+      - filter_type: 'union'
+  assets:
+    - path: /etc/modprobe.d/sriov_blacklist.conf
+      type: file
+      permissions: '644'
+      data_pipeline:
+        - utf8_decode
+      data: |
+        blacklist i40evf
+...
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
 # limitations under the License.                                             #
 ##############################################################################
 
-schema: 'drydock/BootAction/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: promjoin
-  storagePolicy: 'cleartext'
-  layeringDefinition:
-    abstract: false
-    layer: site
-  labels:
-    application: 'drydock'
-data:
-  node_filter:
-    filter_set_type: 'union'
-    filter_set:
-      - filter_type: 'union'
-        node_names:
-{% for server in yaml.servers %}
-          - '{{server.name}}'
-{% endfor %}
-{% raw %}  # TODO(alanmeadows) move what is global about this document - everything except nodenames to global
-  assets:
-    - path: /opt/promjoin.sh
-      type: file
-      permissions: '555'
-      # TODO(alanmeadows) You must replace the ip= parameter below with the appropriate MaaS network name of the network
-      # you should use to contact kubernetes in the case below, this is cab24_mgmt
-      location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}{% if 'ksn' in node.network %}&ip={{ node.network.ksn.ip }}{% endif %}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %}
-      location_pipeline:
-        - template
-      data_pipeline:
-        - utf8_decode
-    - path: /lib/systemd/system/promjoin.service
-      type: unit
-      permissions: '600'
-      data: |-
-        W1VuaXRdCkRlc2NyaXB0aW9uPVByb21lbmFkZSBJbml0aWFsaXphdGlvbiBTZXJ2aWNlCkFmdGVy
-        PW5ldHdvcmstb25saW5lLnRhcmdldCBsb2NhbC1mcy50YXJnZXQKQ29uZGl0aW9uUGF0aEV4aXN0
-        cz0hL3Zhci9saWIvcHJvbS5kb25lCgpbU2VydmljZV0KVHlwZT1zaW1wbGUKRXhlY1N0YXJ0PS9v
-        cHQvcHJvbWpvaW4uc2gKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldAo=
-      data_pipeline:
-        - base64_decode
-        - utf8_decode
-{% endraw %}
----
 schema: 'drydock/BootAction/v1'
 metadata:
   schema: 'metadata/Document/v1'
@@ -201,24 +157,4 @@ data:
                 lookup "${TABLE}" \
                 pref 10100
         fi
----
-schema: 'drydock/BootAction/v1'
-metadata:
-  schema: 'metadata/Document/v1'
-  name: i40evf_blacklist
-  storagePolicy: 'cleartext'
-  layeringDefinition:
-    abstract: false
-    layer: site
-  labels:
-    application: 'drydock'
-data:
-  assets:
-    - path: /etc/modprobe.d/sriov_blacklist.conf
-      type: file
-      permissions: '644'
-      data_pipeline:
-        - utf8_decode
-      data: |
-        blacklist i40evf
 ...
diff --git a/templates/baremetal/promjoin.j2 b/templates/baremetal/promjoin.j2
new file mode 100644 (file)
index 0000000..c28363d
--- /dev/null
@@ -0,0 +1,65 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: 'drydock/BootAction/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: promjoin
+  storagePolicy: 'cleartext'
+  layeringDefinition:
+    abstract: false
+    layer: site
+  labels:
+    application: 'drydock'
+data:
+  signaling: false
+  node_filter:
+    filter_set_type: 'union'
+    filter_set:
+      - filter_type: 'union'
+        node_names:
+{% for server in yaml.masters %}
+          - '{{server.name}}'
+{% endfor %}
+{% for server in yaml.workers %}
+          - '{{server.name}}'
+{% endfor %}
+{% raw %}  # TODO(alanmeadows) move what is global about this document - everything except nodenames to global
+  assets:
+    - path: /opt/promjoin.sh
+      type: file
+      permissions: '555'
+      # TODO(alanmeadows) You must replace the ip= parameter below with the appropriate MaaS network name of the network
+      # you should use to contact kubernetes in the case below, this is cab24_mgmt
+      location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}&ip={{ node.network.calico.ip }}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %}
+      location_pipeline:
+        - template
+      data_pipeline:
+        - utf8_decode
+    - path: /lib/systemd/system/promjoin.service
+      type: unit
+      permissions: '600'
+      data: |-
+        W1VuaXRdCkRlc2NyaXB0aW9uPVByb21lbmFkZSBJbml0aWFsaXphdGlvbiBTZXJ2aWNlCkFmdGVy
+        PW5ldHdvcmstb25saW5lLnRhcmdldCBsb2NhbC1mcy50YXJnZXQKQ29uZGl0aW9uUGF0aEV4aXN0
+        cz0hL3Zhci9saWIvcHJvbS5kb25lCgpbU2VydmljZV0KVHlwZT1zaW1wbGUKRXhlY1N0YXJ0PS9v
+        cHQvcHJvbWpvaW4uc2gKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldAo=
+      data_pipeline:
+        - base64_decode
+        - utf8_decode
+{% endraw %}
+...
similarity index 62%
rename from templates/aic-clcp-manifests/baremetal/rack.j2
rename to templates/baremetal/rack.j2
index 22f0039..b6e6620 100644 (file)
@@ -1,5 +1,7 @@
+{% for server in yaml.masters %}
+---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -13,9 +15,6 @@
 # See the License for the specific language governing permissions and        #
 # limitations under the License.                                             #
 ##############################################################################
-
-{% for server in yaml.servers %}
----
 schema: 'drydock/BaremetalNode/v1'
 metadata:
   schema: 'metadata/Document/v1'
@@ -25,30 +24,65 @@ metadata:
     layer: site
   storagePolicy: cleartext
 data:
-  host_profile: MyControlPlane_HP 
+  host_profile: ControlPlane
   # the hostname for a server, could be used in multiple DNS domains to
   # represent different interfaces
   addressing:
       # Which network the address applies to. If a network appears in addressing
       # that isn't assigned to an interface, design validation will fail
+    - network: oob
+      address: {{server.oob}}
     - network: pxe
       # The address assigned. Either a explicit IPv4 or IPv6 address
       # or dhcp or slaac
       address: {{server.pxe}}
     - network: oam
       address: {{server.host}}
-    - network: ksn
-      address: {{server.ksn}}
     - network: storage
       address: {{server.storage}}
     - network: overlay
       address: {{server.neutron}}
+    - network: calico
+      address: {{server.ksn}}
+  metadata:
+    rack: RACK01
+    tags:
+      - 'masters'
+{% endfor %}
+{% for server in yaml.workers %}
+---
+schema: 'drydock/BaremetalNode/v1'
+metadata:
+  schema: 'metadata/Document/v1'
+  name: {{server.name}}
+  layeringDefinition:
+    abstract: false
+    layer: site
+  storagePolicy: cleartext
+data:
+  host_profile: ComputePlane
+  # the hostname for a server, could be used in multiple DNS domains to
+  # represent different interfaces
+  addressing:
+      # Which network the address applies to. If a network appears in addressing
+      # that isn't assigned to an interface, design validation will fail
     - network: oob
       address: {{server.oob}}
+    - network: pxe
+      # The address assigned. Either a explicit IPv4 or IPv6 address
+      # or dhcp or slaac
+      address: {{server.pxe}}
+    - network: oam
+      address: {{server.host}}
+    - network: storage
+      address: {{server.storage}}
+    - network: overlay
+      address: {{server.neutron}}
+    - network: calico
+      address: {{server.ksn}}
   metadata:
-    rack: rack01
+    rack: RACK01
     tags:
-      - 'masters'
+      - 'workers'
 {% endfor %}
 ...
-
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -33,11 +33,11 @@ data:
     cluster_domain: cluster.local
     service_ip: 10.96.0.10
     upstream_servers:
-      - 135.37.9.16
-      - 135.38.244.16
-      - 135.188.34.84
-    upstream_servers_joined: 135.37.9.16,135.38.244.16,135.53.34.84
-
+{% for server in yaml.dns.upstream_servers %}
+      - {{server}}
+{% endfor %}
+    upstream_servers_joined: '{{yaml.dns.upstream_servers_joined}}'
+    ingress_domain: {{yaml.dns.ingress_domain}}
   genesis:
     hostname: {{yaml.genesis.name}}
     ip: {{yaml.genesis.ksn}}
@@ -52,7 +52,7 @@ data:
     service_cidr: {{yaml.kubernetes.service_cidr}}
     apiserver_port: 6443
     haproxy_port: 6553
-    service_node_port_range: 30000-35357
+    service_node_port_range: 30000-32767
 
   etcd:
     container_port: 2379
@@ -63,25 +63,32 @@ data:
     - hostname: {{master.name}}
 {% endfor %}
 
-  workers:
-{% for worker in yaml.workers %}
-    - hostname: {{worker.name}}
-{% endfor %}
-
   proxy:
-    http: http://one.proxy.att.com:8080
-    https: http://one.proxy.att.com:8080
-    no_proxy: '{{yaml.kubernetes.api_service_ip}},*.cluster.local,{{yaml.genesis.host}}{%for server in yaml.servers%},{{server.host}}{% endfor %}'
+    http: ""
+    https: ""
+    no_proxy: []
 
   node_ports:
     drydock_api: 30000
     maas_api: 30001
-    maas_proxy: 31800  # hardcoded in maas
+    maas_proxy: 31800  # hardcoded in MAAS
     shipyard_api: 30003
     airflow_web: 30004
 
   ntp:
-    servers_joined: '135.25.154.100'
+    servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org'
+
+  # Used for FQDN setup/definition
+  domain:
+    url: {{yaml.site_name}}.lab.akraino.org
+
+  ldap:
+    base_url: 'its-a-ldap.example.com'
+    url: 'ldap://its-a-ldap.example.com'
+    auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
+    common_name: AP-NC_Test_Users
+    subdomain: testitservices
+    domain: example
 
   storage:
     ceph:
@@ -90,8 +97,8 @@ data:
 
   neutron:
     tunnel_device: '{{yaml.networks.neutron.interface}}'
-    external_iface: '{{yaml.networks.neutron.interface}}'
+    external_iface: '{{yaml.networks.primary}}'
 
   openvswitch:
-    external_iface: '{{yaml.networks.neutron.interface}}'
+    external_iface: '{{yaml.networks.primary}}'
 ...
similarity index 91%
rename from templates/aic-clcp-manifests/networks/physical/rack.j2
rename to templates/networks/physical/rack.j2
index 86cb116..ff259a4 100644 (file)
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -28,7 +28,7 @@ data:
     noconfig: enabled
   bonding:
     mode: disabled
-  mtu: 1500
+  mtu: 9000
   linkspeed: auto
   trunking:
     mode: disabled
@@ -50,7 +50,6 @@ data:
   routes:
   - subnet: '0.0.0.0/0'
     gateway: {{yaml.networks.oob.routes.gateway}}
-    metric: 100
   ranges:
   - type: static
     start: {{yaml.networks.oob.ranges.static.start}}
@@ -86,8 +85,10 @@ metadata:
     layer: site
   storagePolicy: cleartext
 data:
-  routedomain: provisioning
   cidr: {{yaml.networks.pxe.cidr}}
+  routes:
+  - subnet: '0.0.0.0/0'
+    gateway: {{yaml.networks.pxe.routes.gateway}}
   ranges:
   - type: reserved
     start: {{yaml.networks.pxe.ranges.reserved.start}}
@@ -98,6 +99,9 @@ data:
   - type: dhcp
     start: {{yaml.networks.pxe.ranges.dhcp.start}}
     end: {{yaml.networks.pxe.ranges.dhcp.end}}
+  dns:
+    domain: {{yaml.networks.pxe.dns.domain}}
+    servers: '{{yaml.networks.pxe.dns.servers}}'
 ...
 ---
 schema: 'drydock/NetworkLink/v1'
@@ -128,7 +132,7 @@ data:
     - oam
     - storage
     - overlay
-    - ksn
+    - calico
 ...
 ---
 schema: 'drydock/Network/v1'
@@ -141,11 +145,11 @@ metadata:
   storagePolicy: cleartext
 data:
   vlan: '{{yaml.networks.host.vlan}}'
+  mtu: 9000
   cidr: {{yaml.networks.host.cidr}}
   routes:
   - subnet: '0.0.0.0/0'
     gateway: {{yaml.networks.host.routes.gateway}}
-    metric: 100
   ranges:
   - type: reserved
     start: {{yaml.networks.host.ranges.reserved.start}}
@@ -153,6 +157,9 @@ data:
   - type: static
     start: {{yaml.networks.host.ranges.static.start}}
     end: {{yaml.networks.host.ranges.static.end}}
+  dns:
+    domain: {{yaml.networks.host.dns.domain}}
+    servers: '{{yaml.networks.host.dns.servers}}'
 ...
 ---
 schema: 'drydock/Network/v1'
@@ -168,9 +175,6 @@ data:
   mtu: 9000
   cidr: {{yaml.networks.storage.cidr}}
   ranges:
-  - type: reserved
-    start: {{yaml.networks.storage.ranges.reserved.start}}
-    end: {{yaml.networks.storage.ranges.reserved.end}}
   - type: static
     start: {{yaml.networks.storage.ranges.static.start}}
     end: {{yaml.networks.storage.ranges.static.end}}
@@ -179,38 +183,35 @@ data:
 schema: 'drydock/Network/v1'
 metadata:
   schema: 'metadata/Document/v1'
-  name: ksn
+  name: overlay
   layeringDefinition:
     abstract: false
     layer: site
   storagePolicy: cleartext
 data:
-  vlan: '44'
+  vlan: '{{yaml.networks.neutron.vlan}}'
   mtu: 9000
-  cidr: {{yaml.networks.ksn.cidr}}
+  cidr: {{yaml.networks.neutron.cidr}}
   ranges:
   - type: static
-    start: {{yaml.networks.ksn.ranges.static.start}}
-    end: {{yaml.networks.ksn.ranges.static.end}}
+    start: {{yaml.networks.neutron.ranges.static.start}}
+    end: {{yaml.networks.neutron.ranges.static.end}}
 ...
 ---
 schema: 'drydock/Network/v1'
 metadata:
   schema: 'metadata/Document/v1'
-  name: overlay
+  name: calico
   layeringDefinition:
     abstract: false
     layer: site
   storagePolicy: cleartext
 data:
-  vlan: '{{yaml.networks.neutron.vlan}}'
+  vlan: '{{yaml.networks.ksn.vlan}}'
   mtu: 9000
-  cidr: {{yaml.networks.neutron.cidr}}
+  cidr: {{yaml.networks.ksn.cidr}}
   ranges:
-  - type: reserved
-    start: {{yaml.networks.neutron.ranges.reserved.start}}
-    end: {{yaml.networks.neutron.ranges.reserved.end}}
   - type: static
-    start: {{yaml.networks.neutron.ranges.static.start}}
-    end: {{yaml.networks.neutron.ranges.static.end}}
+    start: {{yaml.networks.ksn.ranges.static.start}}
+    end: {{yaml.networks.ksn.ranges.static.end}}
 ...
similarity index 87%
rename from templates/aic-clcp-manifests/pki/pki-catalog.j2
rename to templates/pki/pki-catalog.j2
index b6dd258..17e18f1 100644 (file)
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -43,7 +43,7 @@ data:
             - {{yaml.genesis.name}}
             - {{yaml.genesis.host}}
             - {{yaml.genesis.ksn}}
-            - {{yaml.genesis.storage}}
+            - {{yaml.genesis.pxe}}
           groups:
             - system:nodes
         - document_name: kubelet-{{yaml.genesis.name}}
@@ -52,17 +52,28 @@ data:
             - {{yaml.genesis.name}}
             - {{yaml.genesis.host}}
             - {{yaml.genesis.ksn}}
-            - {{yaml.genesis.storage}}
+            - {{yaml.genesis.pxe}}
           groups:
             - system:nodes
-{% for server in yaml.servers %}
+{% for server in yaml.masters %}
         - document_name: kubelet-{{ server.name }}
           common_name: system:node:{{ server.name }}
           hosts:
             - {{server.name}}
             - {{server.host}}
             - {{server.ksn}}
-            - {{server.storage}}
+            - {{server.pxe}}
+          groups:
+            - system:nodes
+{% endfor %}
+{% for server in yaml.workers %}
+        - document_name: kubelet-{{ server.name }}
+          common_name: system:node:{{ server.name }}
+          hosts:
+            - {{server.name}}
+            - {{server.host}}
+            - {{server.ksn}}
+            - {{server.pxe}}
           groups:
             - system:nodes
 {% endfor %}
@@ -96,7 +107,7 @@ data:
             - {{yaml.genesis.name}}
             - {{yaml.genesis.host}}
             - {{yaml.genesis.ksn}}
-            - {{yaml.genesis.storage}}
+            - {{yaml.genesis.pxe}}
             - 127.0.0.1
             - localhost
             - kubernetes-etcd.kube-system.svc.cluster.local
@@ -107,19 +118,19 @@ data:
             - {{yaml.genesis.name}}
             - {{yaml.genesis.host}}
             - {{yaml.genesis.ksn}}
-            - {{yaml.genesis.storage}}
+            - {{yaml.genesis.pxe}}
             - 127.0.0.1
             - localhost
             - kubernetes-etcd.kube-system.svc.cluster.local
             - {{yaml.kubernetes.etcd_service_ip}}
-{% for server in yaml.servers %}
+{% for server in yaml.masters %}
         - document_name: kubernetes-etcd-{{ server.name }}
           common_name: kubernetes-etcd-{{ server.name }}
           hosts:
             - {{ server.name }}
             - {{server.host}}
             - {{server.ksn}}
-            - {{server.storage}}
+            - {{server.pxe}}
             - 127.0.0.1
             - localhost
             - kubernetes-etcd.kube-system.svc.cluster.local
@@ -133,7 +144,7 @@ data:
             - {{yaml.genesis.name}}
             - {{yaml.genesis.host}}
             - {{yaml.genesis.ksn}}
-            - {{yaml.genesis.storage}}
+            - {{yaml.genesis.pxe}}
             - 127.0.0.1
             - localhost
             - kubernetes-etcd.kube-system.svc.cluster.local
@@ -144,19 +155,19 @@ data:
             - {{yaml.genesis.name}}
             - {{yaml.genesis.host}}
             - {{yaml.genesis.ksn}}
-            - {{yaml.genesis.storage}}
+            - {{yaml.genesis.pxe}}
             - 127.0.0.1
             - localhost
             - kubernetes-etcd.kube-system.svc.cluster.local
             - {{yaml.kubernetes.etcd_service_ip}}
-{% for server in yaml.servers %}
+{% for server in yaml.masters %}
         - document_name: kubernetes-etcd-{{server.name}}-peer
           common_name: kubernetes-etcd-{{server.name}}-peer
           hosts:
             - {{server.name}}
             - {{server.host}}
             - {{server.ksn}}
-            - {{server.storage}}
+            - {{server.pxe}}
             - 127.0.0.1
             - localhost
             - kubernetes-etcd.kube-system.svc.cluster.local
@@ -174,18 +185,18 @@ data:
             - {{yaml.genesis.name}}
             - {{yaml.genesis.host}}
             - {{yaml.genesis.ksn}}
-            - {{yaml.genesis.storage}}
+            - {{yaml.genesis.pxe}}
             - 127.0.0.1
             - localhost
             - 10.96.232.136
-{% for server in yaml.servers %}
+{% for server in yaml.masters %}
         - document_name: calico-etcd-{{server.name}}
           common_name: calico-etcd-{{server.name}}
           hosts:
             - {{server.name}}
             - {{server.host}}
             - {{server.ksn}}
-            - {{server.storage}}
+            - {{server.pxe}}
             - 127.0.0.1
             - localhost
             - 10.96.232.136
@@ -201,22 +212,24 @@ data:
             - {{yaml.genesis.name}}
             - {{yaml.genesis.host}}
             - {{yaml.genesis.ksn}}
-            - {{yaml.genesis.storage}}
+            - {{yaml.genesis.pxe}}
             - 127.0.0.1
             - localhost
             - 10.96.232.136
-{% for server in yaml.servers %}
+{% for server in yaml.masters %}
         - document_name: calico-etcd-{{server.name}}-peer
           common_name: calico-etcd-{{server.name}}-peer
           hosts:
             - {{server.name}}
             - {{server.host}}
             - {{server.ksn}}
-            - {{server.storage}}
+            - {{server.pxe}}
             - 127.0.0.1
             - localhost
             - 10.96.232.136
 {% endfor %}
+        - document_name: calico-node-peer
+          common_name: calcico-node-peer
   keypairs:
     - name: service-account
       description: Service account signing key for use by Kubernetes controller-manager.
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
diff --git a/templates/profiles/host/compute-r01.j2 b/templates/profiles/host/compute-r01.j2
new file mode 100644 (file)
index 0000000..be609de
--- /dev/null
@@ -0,0 +1,113 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: drydock/HostProfile/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ComputePlane
+  storagePolicy: cleartext
+  labels:
+    hosttype: ComputePlane
+  layeringDefinition:
+    abstract: false
+    layer: site
+  substitutions:
+    - dest:
+        path: .oob.credential
+      src:
+        schema: deckhand/Passphrase/v1
+        name: ipmi_admin_password
+        path: .
+data:
+  hardware_profile: DELL_HP_Generic
+  oob:
+    type: 'ipmi'
+    network: 'oob'
+    account: '{{yaml.ipmi_admin.username}}'
+  primary_network: 'oam'
+  hardware_profile: DELL_HP_Generic
+  interfaces:
+    pxe:
+      device_link: pxe
+      slaves:
+        - '{{yaml.networks.pxe.interface}}'
+      networks:
+        - 'pxe'
+    bond0:
+      device_link: bond0
+      slaves:
+{% for slave in yaml.networks.slaves %}
+        - '{{ slave.name }}'
+{% endfor %}
+      networks:
+        - 'oam'
+        - 'storage'
+        - 'overlay'
+        - 'calico'
+    p1p1:
+      slaves:
+        - 'sriov_nic01'
+      sriov:
+        vf_count: 32 # Currently ignored
+        trustedmode: false
+    p3p2:
+      slaves:
+        - 'sriov_nic02'
+      sriov:
+        vf_count: 32 # Currently ignored
+        trustedmode: false
+  storage:
+    physical_devices:
+{% for disk in yaml.disks_compute %}
+      {{disk.name}}:
+      {% if disk.labels %}
+        labels:
+        {% for key, value in disk.labels.items() %}
+          {{key}}: '{{value}}'
+        {% endfor %}
+      {% endif %}
+        partitions:
+       {% for p in disk.partitions %}
+          - name: '{{p.name}}'
+            size: '{{p.size}}'
+            filesystem:
+              mountpoint: '{{p.mountpoint}}'
+              fstype: 'ext4'
+              mount_options: 'defaults'
+      {% endfor %}
+{% endfor %}
+  platform:
+    image: 'xenial'
+    kernel: 'hwe-16.04'
+    kernel_params:
+      console: 'ttyS1,115200n8'
+      intel_iommu: 'on'
+      iommu: 'pt'
+      amd_iommu: 'on'
+      transparent_hugepage: 'never'
+      hugepagesz: 'hardwareprofile:hugepages.dpdk.size'
+      hugepages: 'hardwareprofile:hugepages.dpdk.count'
+      default_hugepagesz: 'hardwareprofile:hugepages.dpdk.size'
+      isolcpus: 'hardwareprofile:cpuset.kvm'
+  metadata:
+    owner_data:
+      openstack-nova-compute: enabled
+      openvswitch: enabled
+      openstack-libvirt: kernel
+      sriov: enabled
+      beta.kubernetes.io/fluentd-ds-ready: 'true'
+...
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
 schema: drydock/HostProfile/v1
 metadata:
   schema: metadata/Document/v1
-  name: MyControlPlane_HP
+  name: ControlPlane
   storagePolicy: cleartext
   labels:
-    hosttype: MyControlPlane_HP
+    hosttype: ControlPlane
   layeringDefinition:
     abstract: false
     layer: site
@@ -36,14 +36,14 @@ data:
   oob:
     type: 'ipmi'
     network: 'oob'
-    account: 'administrator'
+    account: '{{yaml.ipmi_admin.username}}'
   primary_network: 'oam'
   hardware_profile: DELL_HP_Generic
   interfaces:
     pxe:
       device_link: pxe
       slaves:
-        - 'eno1'
+        - '{{yaml.networks.pxe.interface}}'
       networks:
         - 'pxe'
     bond0:
@@ -56,7 +56,19 @@ data:
         - 'oam'
         - 'storage'
         - 'overlay'
-        - 'ksn'
+        - 'calico'
+    p1p1:
+      slaves:
+        - 'sriov_nic01'
+      sriov:
+        vf_count: 32 # Currently ignored
+        trustedmode: false
+    p3p2:
+      slaves:
+        - 'sriov_nic02'
+      sriov:
+        vf_count: 32 # Currently ignored
+        trustedmode: false
   storage:
     physical_devices:
 {% for disk in yaml.disks %}
@@ -82,6 +94,14 @@ data:
     kernel: 'hwe-16.04'
     kernel_params:
       console: 'ttyS1,115200n8'
+      intel_iommu: 'on'
+      iommu: 'pt'
+      amd_iommu: 'on'
+      transparent_hugepage: 'never'
+      hugepagesz: 'hardwareprofile:hugepages.dpdk.size'
+      hugepages: 'hardwareprofile:hugepages.dpdk.count'
+      default_hugepagesz: 'hardwareprofile:hugepages.dpdk.size'
+      isolcpus: 'hardwareprofile:cpuset.kvm'
   metadata:
     owner_data:
       control-plane: enabled
@@ -101,11 +121,13 @@ data:
       openstack-cinder-control: enabled
       openstack-cinder-volume: control
       openstack-neutron: enabled
+      openstack-libvirt: kernel
       openvswitch: enabled
-      sriov: enabled
+      openstack-nova-compute: enabled
       ucp-barbican: enabled
       ceph-bootstrap: enabled
       ceph-mon: enabled
+      ceph-mgr: enabled
       ceph-osd: enabled
       ceph-mds: enabled
       ceph-rgw: enabled
similarity index 94%
rename from templates/aic-clcp-manifests/profiles/region.j2
rename to templates/profiles/region.j2
index 7b9767b..eaf838f 100644 (file)
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -34,4 +34,3 @@ data:
   tag_definitions: []
   authorized_keys: []
 ...
-
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -23,5 +23,5 @@ metadata:
     abstract: false
     layer: site
   storagePolicy: cleartext
-data: {{yaml.ipmi_admin_password}}
+data: '{{yaml.ipmi_admin.password}}'
 ...
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
similarity index 87%
rename from templates/aic-clcp-manifests/site-definition.j2
rename to templates/site-definition.j2
index 017202c..bf44d95 100644 (file)
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
 # limitations under the License.                                             #
 ##############################################################################
 
-data:
-    revision: v4.0
-    site_type: 5ec
+schema: pegleg/SiteDefinition/v1
 metadata:
-  layeringDefinition: {abstract: false, layer: site}
-  name: {{yaml.site_name}}
   schema: metadata/Document/v1
+  layeringDefinition:
+    abstract: false
+    layer: site
+  name: {{yaml.site_name}}
   storagePolicy: cleartext
-schema: pegleg/SiteDefinition/v1
+data:
+  revision: v4.0
+  site_type: foundry
 ...
-
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
 schema: armada/Chart/v1
 metadata:
   schema: metadata/Document/v1
-  name: ucp-promenade
+  replacement: true
+  name: kubernetes-calico
   layeringDefinition:
     abstract: false
     layer: site
     parentSelector:
-      name: ucp-promenade-global
+      name: kubernetes-calico-global
     actions:
       - method: merge
         path: .
   storagePolicy: cleartext
 data:
   values:
-    pod:
-      env:
-        promenade_api:
-         - name: no_proxy
-           value: 172.30.1.30,10.96.0.1,.cluster.local,192.168.2.30,192.168.2.31,192.168.2.32,192.168.2.33,192.168.2.34,nexus3.att-akraino.org,hpgen10.lab.akraino.org,gcr.io,quay.io,lachlanevenson,docker.io,github.com,localhost,127.0.0.1
-         - name: NO_PROXY
-           value: 172.30.1.30,10.96.0.1,.cluster.local,192.168.2.30,192.168.2.31,192.168.2.32,192.168.2.33,192.168.2.34,nexus3.att-akraino.org,hpgen10.lab.akraino.org,gcr.io,quay.io,lachlanevenson,docker.io,github.com,localhost,127.0.0.1
+    networking:
+      settings:
+        mesh: "off"
+        ippool:
+          ipip:
+            enabled: "false"
+            mode: "cross-subnet"
+      bgp:
+        asnumber: {{yaml.networks.ksn.local_asnumber}}
+        ipv4:
+          additional_cidrs:
+{% for add_cidr in yaml.networks.ksn.additional_cidrs %}
+            - {{add_cidr}}
+{% endfor %}
+          peers:
+{% for peer in yaml.networks.ksn.peers %}
+            - apiVersion: v1
+              kind: bgpPeer
+              metadata:
+                peerIP: {{peer.ip}}
+                scope: {{peer.scope}}
+              spec:
+                asnumber: {{peer.asnumber}}
+{% endfor %}
 ...
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -29,93 +29,105 @@ metadata:
           path: .
   storagePolicy: cleartext
   substitutions:
-    # Node names
-{% set count = [0] %}
-{% for server in yaml.masters %}
-    -
-      src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[{{count[0]}}].hostname
+
+    # Chart source
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.calico.etcd
       dest:
-        path: .values.nodes[{{count[0]}}].name
-      {% if count.append(count.pop() + 1) %}{% endif %}
-{% endfor %}
-{% for server in yaml.workers %}
-    -
-      src:
+        path: .source
+
+    # Image versions
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.calico.etcd
+      dest:
+        path: .values.images.tags
+
+    # IP addresses
+    - src:
         schema: pegleg/CommonAddresses/v1
         name: common-addresses
-        path: .masters[{{count[0]}}].hostname
+        path: .calico.etcd.service_ip
       dest:
-        path: .values.nodes[{{count[0]}}].name
-      {% if count.append(count.pop() + 1) %}{% endif %}
-{% endfor %}
-    -
-      src:
+        path: .values.service.ip
+    - src:
         schema: pegleg/CommonAddresses/v1
         name: common-addresses
-        path: .genesis.hostname
+        path: .calico.etcd.service_ip
       dest:
-        path: .values.nodes[{{count[0]}}].name
-{% set count = [0] %}
-{% for server in yaml.masters %}
-   # Server certs
-    -
-      src:
-        schema: deckhand/Certificate/v1
-        name: calico-etcd-{{server.name}}
+        path: .values.anchor.etcdctl_endpoint
+
+    # CAs
+    - src:
+        schema: deckhand/CertificateAuthority/v1
+        name: calico-etcd
         path: .
       dest:
-        path: .values.nodes[{{count[0]}}].tls.client.cert
-    -
-      src:
-        schema: deckhand/CertificateKey/v1
-        name: calico-etcd-{{server.name}}
+        path: .values.secrets.tls.client.ca
+    - src:
+        schema: deckhand/CertificateAuthority/v1
+        name: calico-etcd-peer
         path: .
       dest:
-        path: .values.nodes[{{count[0]}}].tls.client.key
-    -
-      src:
+        path: .values.secrets.tls.peer.ca
+
+    # Anchor client cert
+    - src:
         schema: deckhand/Certificate/v1
-        name: calico-etcd-{{server.name}}-peer
+        name: calico-etcd-anchor
         path: .
       dest:
-        path: .values.nodes[{{count[0]}}].tls.peer.cert
-    -
-      src:
+        path: .values.secrets.anchor.tls.cert
+    - src:
         schema: deckhand/CertificateKey/v1
-        name: calico-etcd-{{server.name}}-peer
+        name: calico-etcd-anchor
         path: .
       dest:
-        path: .values.nodes[{{count[0]}}].tls.peer.key
-        {% if count.append(count.pop() + 1) %}{% endif %}
+        path: .values.secrets.anchor.tls.key
+
+    # Node names
+{% set count = [0] %}
+{% for server in yaml.masters %}
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[{{count[0]}}].hostname
+      dest:
+        path: .values.nodes[{{count[0]}}].name
+      {% if count.append(count.pop() + 1) %}{% endif %}
 {% endfor %}
-{% for server in yaml.workers %}
-   # Server certs
-    -
-      src:
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .genesis.hostname
+      dest:
+        path: .values.nodes[{{count[0]}}].name
+
+    # Server certs
+{% set count = [0] %}
+{% for server in yaml.masters %}
+    - src:
         schema: deckhand/Certificate/v1
         name: calico-etcd-{{server.name}}
         path: .
       dest:
         path: .values.nodes[{{count[0]}}].tls.client.cert
-    -
-      src:
+    - src:
         schema: deckhand/CertificateKey/v1
         name: calico-etcd-{{server.name}}
         path: .
       dest:
         path: .values.nodes[{{count[0]}}].tls.client.key
-    -
-      src:
+    - src:
         schema: deckhand/Certificate/v1
         name: calico-etcd-{{server.name}}-peer
         path: .
       dest:
         path: .values.nodes[{{count[0]}}].tls.peer.cert
-    -
-      src:
+    - src:
         schema: deckhand/CertificateKey/v1
         name: calico-etcd-{{server.name}}-peer
         path: .
@@ -125,34 +137,33 @@ metadata:
 {% endfor %}
 
     # NOTE(mb874d): Be sure we generate these certs for genesis.
-    -
-      src:
+    - src:
         schema: deckhand/Certificate/v1
         name: calico-etcd-{{yaml.genesis.name}}
         path: .
       dest:
         path: .values.nodes[{{count[0]}}].tls.client.cert
-    -
-      src:
+    - src:
         schema: deckhand/CertificateKey/v1
         name: calico-etcd-{{yaml.genesis.name}}
         path: .
       dest:
         path: .values.nodes[{{count[0]}}].tls.client.key
-    -
-      src:
+    - src:
         schema: deckhand/Certificate/v1
         name: calico-etcd-{{yaml.genesis.name}}-peer
         path: .
       dest:
         path: .values.nodes[{{count[0]}}].tls.peer.cert
-    -
-      src:
+    - src:
         schema: deckhand/CertificateKey/v1
         name: calico-etcd-{{yaml.genesis.name}}-peer
         path: .
       dest:
         path: .values.nodes[{{count[0]}}].tls.peer.key
 
-data: {}
+data:
+  values:
+    manifests:
+      test_etcd_health: false
 ...
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -29,63 +29,85 @@ metadata:
         path: .
   storagePolicy: cleartext
   substitutions:
-    # Node names
-{% set count = [0] %}
-{% for server in yaml.masters %}
+
+  # Chart source
     - src:
-        schema: pegleg/CommonAddresses/v1
-        name: common-addresses
-        path: .masters[{{count[0]}}].hostname
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .charts.kubernetes.etcd
       dest:
-        path: .values.nodes[{{count[0]}}].name
-      {% if count.append(count.pop() + 1) %}{% endif %}
-{% endfor %}
-{% for server in yaml.workers %}
+        path: .source
+
+    # Images
+    - src:
+        schema: pegleg/SoftwareVersions/v1
+        name: software-versions
+        path: .images.kubernetes.etcd
+      dest:
+        path: .values.images.tags
+
+    # IP addresses
     - src:
         schema: pegleg/CommonAddresses/v1
         name: common-addresses
-        path: .masters[{{count[0]}}].hostname
+        path: .kubernetes.etcd_service_ip
       dest:
-        path: .values.nodes[{{count[0]}}].name
-      {% if count.append(count.pop() + 1) %}{% endif %}
-{% endfor %}
+        path: .values.service.ip
     - src:
         schema: pegleg/CommonAddresses/v1
         name: common-addresses
-        path: .genesis.hostname
+        path: .kubernetes.etcd_service_ip
       dest:
-        path: .values.nodes[{{count[0]}}].name
+        path: .values.anchor.etcdctl_endpoint
 
-    # Server certs
-{% set count = [0] %}
-{% for server in yaml.masters %}
+    # CAs
     - src:
-        schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-{{server.name}}
+        schema: deckhand/CertificateAuthority/v1
+        name: kubernetes-etcd
         path: .
       dest:
-        path: .values.nodes[{{count[0]}}].tls.client.cert
+        path: .values.secrets.tls.client.ca
     - src:
-        schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-{{server.name}}
+        schema: deckhand/CertificateAuthority/v1
+        name: kubernetes-etcd-peer
         path: .
       dest:
-        path: .values.nodes[{{count[0]}}].tls.client.key
+        path: .values.secrets.tls.peer.ca
+
     - src:
         schema: deckhand/Certificate/v1
-        name: kubernetes-etcd-{{server.name}}-peer
+        name: kubernetes-etcd-anchor
         path: .
       dest:
-        path: .values.nodes[{{count[0]}}].tls.peer.cert
+        path: .values.secrets.anchor.tls.cert
     - src:
         schema: deckhand/CertificateKey/v1
-        name: kubernetes-etcd-{{server.name}}-peer
+        name: kubernetes-etcd-anchor
         path: .
       dest:
-        path: .values.nodes[{{count[0]}}].tls.peer.key
+        path: .values.secrets.anchor.tls.key
+
+    # Node names
+{% set count = [0] %}
+{% for server in yaml.masters %}
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .masters[{{count[0]}}].hostname
+      dest:
+        path: .values.nodes[{{count[0]}}].name
       {% if count.append(count.pop() + 1) %}{% endif %}
 {% endfor %}
-{% for server in yaml.workers %}
+    - src:
+        schema: pegleg/CommonAddresses/v1
+        name: common-addresses
+        path: .genesis.hostname
+      dest:
+        path: .values.nodes[{{count[0]}}].name
+
+    # Server certs
+{% set count = [0] %}
+{% for server in yaml.masters %}
     - src:
         schema: deckhand/Certificate/v1
         name: kubernetes-etcd-{{server.name}}
@@ -140,5 +162,4 @@ metadata:
         path: .values.nodes[{{count[0]}}].tls.peer.key
 
 data: {}
-
 ...
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -28,11 +28,5 @@ metadata:
       - method: merge
         path: .
   storagePolicy: cleartext
-data:
-  values:
-    network:
-      vip:
-        manage: true
-        interface: ingress0
-        addr: {{yaml.networks.ksn.ingress_cidr}}
+data: {}
 ...
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -19,22 +19,29 @@ schema: armada/Chart/v1
 metadata:
   schema: metadata/Document/v1
   name: neutron
+  replacement: true
   labels:
     component: neutron
   layeringDefinition:
     abstract: false
     layer: site
     parentSelector:
-      name: neutron-5ec
+      name: neutron-global
     actions:
       - method: merge
         path: .
   storagePolicy: cleartext
 data:
   values:
+    labels:
+      agent:
+        sriov:
+          node_selector_key: sriov
+          node_selector_value: enabled
     network:
-      auto_bridge_add:
-        br-bond0: bond0
+      backend:
+        - openvswitch
+        - sriov
       interface:
         sriov:
 {% for sriovnet in yaml.sriovnets %}
@@ -46,9 +53,12 @@ data:
       plugins:
         openvswitch_agent:
           ovs:
-            bridge_mappings: oam:br-bond0
+            bridge_mappings: bond0:br-bond0
         sriov_agent:
+          securitygroup:
+            firewall_driver: neutron.agent.firewall.NoopFirewallDriver
           sriov_nic:
+            exclude_devices: null
             physical_device_mappings: ' 
 {%- for sriovnet in yaml.sriovnets -%}
 {%- if loop.index > 1 -%}
@@ -57,8 +67,10 @@ data:
 {{sriovnet.physical}}:{{sriovnet.interface}}
 {%- endfor %}'
         ml2_conf:
+          ml2:
+            mechanism_drivers: l2population,openvswitch,sriovnicswitch
           ml2_type_vlan:
-            network_vlan_ranges: oam:100:4000
+            network_vlan_ranges: bond0:46:300
 {%- for sriovnet in yaml.sriovnets -%}
 ,{{sriovnet.physical}}:{{sriovnet.vlan_start}}:{{sriovnet.vlan_end}}
 {%- endfor %}
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -25,31 +25,28 @@ metadata:
     abstract: false
     layer: site
     parentSelector:
-      name: nova-5ec
+      name: nova-global
     actions:
       - method: merge
         path: .
   storagePolicy: cleartext
 data:
   values:
+    network:
+      backend:
+        - openvswitch
+        - sriov
     conf:
       nova:
+        filter_scheduler:
+          enabled_filters: "RetryFilter, AvailabilityZoneFilter, RamFilter, ComputeFilter, ComputeCapabilitiesFilter, ImagePropertiesFilter, ServerGroupAntiAffinityFilter, ServerGroupAffinityFilter, PciPassthroughFilter, NUMATopologyFilter, DifferentHostFilter, SameHostFilter"
         libvirt:
           virt_type: kvm
         DEFAULT:
-          vcpu_pin_set: "4-23,28-47"
+          vcpu_pin_set: "4-21,26-43,48-65,72-87"
+          vif_plugging_is_fatal: False
+          vif_plugging_timeout: 30
         pci:
-          alias: '{"name": "numa0", "capability_type": "pci", "product_id": "154c", "vendor_id": "8086", "device_type": "type-PCI", "numa_policy": "required"}'
-          passthrough_whitelist: |
-            [
-{%- for sriov in yaml.sriovnets -%}
-  {%set sriovloop = loop%}
-  {%- for whitelist in sriov.whitelists -%}
-    {%- if sriovloop.index > 1 or loop.index > 1 -%}
-    ,
-    {%- endif -%}
-  {"address": "{{whitelist.address}}", "physical_network": "{{sriov.physical}}", "trusted": "true"}
-  {%- endfor -%}
-{%- endfor -%}
-]
+          alias: '{ "vendor_id":"10de", "product_id":"1db4", "name":"V100", "device_type":"type-PCI" }'
+          passthrough_whitelist: '{"vendor_id": "10de", "product_id": "1db4"}'
 ...
diff --git a/templates/software/charts/ucp/ceph/ceph-client-update.j2 b/templates/software/charts/ucp/ceph/ceph-client-update.j2
new file mode 100644 (file)
index 0000000..8f09f97
--- /dev/null
@@ -0,0 +1,37 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-ceph-client-update
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-ceph-client-update-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    conf:
+      pool:
+        target:
+          osd: {{yaml.storage.total_osd_count}}
+...
diff --git a/templates/software/charts/ucp/ceph/ceph-client.j2 b/templates/software/charts/ucp/ceph/ceph-client.j2
new file mode 100644 (file)
index 0000000..ec13391
--- /dev/null
@@ -0,0 +1,37 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-ceph-client
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-ceph-client-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    conf:
+      pool:
+        target:
+          osd: {{yaml.storage.osd_count}}
+...
@@ -1,6 +1,6 @@
 ---
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
 schema: armada/Chart/v1
 metadata:
   schema: metadata/Document/v1
-  name: ucp-ceph
+  name: ucp-ceph-osd
   layeringDefinition:
     abstract: false
     layer: site
     parentSelector:
-      name: ucp-ceph-global
+      name: ucp-ceph-osd-global
     actions:
       - method: replace
         path: .values.conf.storage.osd
@@ -43,8 +43,4 @@ data:
               type: directory
               location: {{osd.journal}}
 {% endfor %}
-      pool:
-        target:
-          osd: {{yaml.storage.osd_count}}
 ...
-
diff --git a/templates/software/charts/ucp/promenade/promenade.j2 b/templates/software/charts/ucp/promenade/promenade.j2
new file mode 100644 (file)
index 0000000..3ba5671
--- /dev/null
@@ -0,0 +1,40 @@
+---
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: ucp-promenade
+  layeringDefinition:
+    abstract: false
+    layer: site
+    parentSelector:
+      name: ucp-promenade-global
+    actions:
+      - method: merge
+        path: .
+  storagePolicy: cleartext
+data:
+  values:
+    pod:
+      env:
+        promenade_api:
+         - name: no_proxy
+           value: localhost,127.0.0.1,192.168.0.0/16,172.0.0.0/8,10.0.0.0/8
+         - name: NO_PROXY
+           value: localhost,127.0.0.1,192.168.0.0/16,172.0.0.0/8,10.0.0.0/8
+...
diff --git a/tools/0cleanup.sh b/tools/0cleanup.sh
deleted file mode 100755 (executable)
index 9328901..0000000
+++ /dev/null
@@ -1,99 +0,0 @@
-#!/usr/bin/env bash
-##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
-#                                                                            #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
-# not use this file except in compliance with the License.                   #
-#                                                                            #
-# You may obtain a copy of the License at                                    #
-#       http://www.apache.org/licenses/LICENSE-2.0                           #
-#                                                                            #
-# Unless required by applicable law or agreed to in writing, software        #
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
-# See the License for the specific language governing permissions and        #
-# limitations under the License.                                             #
-##############################################################################
-
-
-read -p "Are you sure you wish to continue? (y/n)" REPLY
-if [ "$REPLY" != "y" ]; then
-   echo "Good Bye"
-   exit
-fi
-
-set -x
-
-# Check that we are root
-if [[ $(whoami) != "root" ]]
-then
-  echo "Must be root to run $0"
-  exit -1
-fi
-
-export KUBECONFIG=/etc/kubernetes/admin/kubeconfig.yaml
-
-kubectl drain --delete-local-data --force $(hostname)
-systemctl stop kubelet
-df -lh | awk '{ print $6 }' | grep -i kubelet | xargs -I {} umount -f -l {}
-df -lh | awk '{ print $6 }' | grep -i docker | grep -v "/var/lib" | xargs -I {} umount -f -l {}
-umount -f -l /run/user/0
-mount -a
-docker rm -fv $(docker ps -aq)
-
-#systemctl stop docker
-apt-get remove --autoremove --purge -y docker-engine=1.13.1-0~ubuntu-xenial socat=1.7.3.1-1
-#Docker
-rm -rf /dev/docker-data
-rm -rf /var/lib/docker/*
-rm -rf /etc/docker
-rm -rf /etc/systemd/system/docker.service.d
-rm -rf /var/lib/dockershim
-
-#Ceph
-rm -rf /var/lib/openstack-helm
-rm -rf /var/lib/ceph
-dd if=/dev/zero of=/dev/sdb  bs=512  count=1 conv=notrunc
-dd if=/dev/zero of=/dev/sdc  bs=512  count=1 conv=notrunc
-rm -rf /var/lib/openstack-helm/ceph/journal0/*
-rm -rf /var/lib/openstack-helm/ceph/journal1/*
-
-#Kubernetes
-rm -rf /etc/kubernetes
-rm -rf /usr/local/bin/kubectl
-rm -rf /usr/local/bin/kubelet
-rm -rf /var/lib/kubelet
-rm -rf /etc/systemd/system/kubelet
-rm -rf /etc/systemd/system/kubelet.service
-
-# apt-get install creates the following directory
-rm -rf /etc/systemd/system/kubelet.service.d/
-rm -rf /var/log/pods
-rm -rf /var/log/containers
-
-#etcd
-rm -rf /var/lib/auxiliary-etcd-0
-rm -rf /var/lib/auxiliary-etcd-1
-rm -rf /var/lib/auxiliary-calico-etcd-0
-rm -rf /var/lib/auxiliary-calico-etcd-1
-rm -rf /var/lib/calico-etcd
-rm -rf /var/lib/kube-etcd
-
-#nova
-rm -rf /var/lib/nova/*
-
-#ONAP
-rm -rf /dockerdata-nfs/onap/
-rm -rf /etc/dnsmasq.d
-rm -rf /opt/cni
-rm -rf /usr/local/bin/bootstrap
-rm -rf /usr/local/bin/helm
-rm -rf /var/lib/prom.done
-
-# Remove files generated by Promenade
-rm -rf /etc/cni
-rm -rf /etc/coredns
-rm -rf /etc/etcd
-rm -rf /etc/genesis
-rm -rf /var/lib/etcd
-rm -rf /var/lib/kubelet/pods
index 6aef8ba..2665e87 100755 (executable)
@@ -138,9 +138,7 @@ ENDKEY
    systemctl restart docker || true
 }
 
-cleanup() {
-   rm -rf ./tars/$SITE/configs/promenade
-   rm -rf ./tars/$SITE/configs/promenade-bundle
+create_directories() {
    mkdir -p ./tars/$SITE/configs/promenade
    mkdir -p ./tars/$SITE/configs/promenade-bundle
 }
@@ -186,7 +184,7 @@ prepare_tar(){
 }
 
 #install_docker
-cleanup
+create_directories
 get_site_config
 gen_certs
 gen_bundle
index 40e3f97..0b70cd4 100644 (file)
@@ -1,6 +1,6 @@
 #!/bin/bash
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
 # limitations under the License.                                             #
 ##############################################################################
 
+set -x
+TIMESTAMP=$(date +"%Y%m%d%H%M")
+echo "Logging to /var/log/yaml_builds/2genesis_$TIMESTAMP.log"
+exec > /var/log/yaml_builds/2genesis_$TIMESTAMP.log
+exec 2>&1
 
 source $(dirname $0)/setenv.sh
 
 if [ -z "$1" ]
 then
-  echo "Plese pass site name as command line argument"
+  echo "Please pass site name as command line argument"
   exit -2
 else
   SITE=${SITE:-$1}
   echo "SITE=$SITE"
 fi
 
+if [ -z "$YAML_BUILDS" ]
+then
+  echo "Please set YAML_BUILDS"
+  exit -3
+fi
+
 
 source $(dirname $0)/env_$SITE.sh
 
-scp $AIC_CLCP_MANIFESTS/tools/promenade-bundle.tar $GENESIS_HOST:/tmp/
+cd $YAML_BUILDS
+# Install OS on Genesis
+python $YAML_BUILDS/scripts/jcopy.py $SITE.yaml $YAML_BUILDS/tools/j2/serverrc.j2 $YAML_BUILDS/tools/"$GENESIS_NAME"rc
+/opt/akraino/tools/install_server_os.sh --rc /opt/akraino/yaml_builds/tools/"$GENESIS_NAME"rc --skip-confirm
+
+scp $YAML_BUILDS/tars/promenade-bundle-$SITE.tar $GENESIS_HOST:/tmp/
 ssh $GENESIS_HOST << EOF
-  mkdir -p /opt/sitename/aic-clcp-manifests/tools
-  cp /tmp/promenade-bundle.tar /opt/sitename/aic-clcp-manifests/tools/
-  cd /opt/sitename/aic-clcp-manifests/tools/
-  tar -xmf promenade-bundle.tar
-  mkdir configs/promenade
-  cp configs/promenade-bundle/*.yaml configs/promenade/
-  bash /opt/sitename/aic-clcp-manifests/tools/configs/promenade-bundle/genesis.sh
+  # TODO avoid following hard coding$
+  route add -net 192.168.41.0/24 gw 192.168.2.1 bond0.41
+  mkdir -p /root/akraino
+  cp /tmp/promenade-bundle-$SITE.tar /root/akraino/
+  cd /root/akraino/
+  tar -xmf promenade-bundle-$SITE.tar
 EOF
-
+# Update BIOS Setting
+python $YAML_BUILDS/scripts/update_bios_settings.py $SITE.yaml
index 7436496..5f30f0e 100644 (file)
@@ -1,6 +1,6 @@
 #!/bin/bash
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -22,7 +22,7 @@ source $(dirname $0)/setenv.sh
 
 if [ -z "$1" ]
 then
-  echo "Plese pass site name as command line argument"
+  echo "Please pass site name as command line argument"
   exit -2
 else
   SITE=${SITE:-$1}
@@ -31,21 +31,14 @@ fi
 
 source $(dirname $0)/env_$SITE.sh
 
-KEYSTONE_IMAGE=$(grep "keystone_db_sync" $AIC_CLCP_MANIFESTS/global/v4.0/software/config/versions.yaml | uniq | awk '{print $2}')
-SHIPYARD_IMAGE=$(grep "shipyard_db_sync" $AIC_CLCP_MANIFESTS/global/v4.0/software/config/versions.yaml | uniq | awk '{print $2}')
-
-DRYDOCK_PASSWORD=$(grep "^data:" $AIC_CLCP_MANIFESTS/site/$SITE/secrets/passphrases/ucp_drydock_keystone_password.yaml | awk '{print $2}')
-SHIPYARD_PASSWORD=$(grep "^data:" $AIC_CLCP_MANIFESTS/site/$SITE/secrets/passphrases/ucp_shipyard_keystone_password.yaml | awk '{print $2}')
-REGION_NAME=$SITE
-
-mkdir -p $YAML_BUILDS/tools/$SITE
-cp $YAML_BUILDS/tools/deploy_site.sh $YAML_BUILDS/tools/$SITE/
-sed -i -e "s,KEYSTONE_IMAGE=,KEYSTONE_IMAGE=$KEYSTONE_IMAGE,g" $YAML_BUILDS/tools/$SITE/deploy_site.sh
-sed -i -e "s,SHIPYARD_IMAGE=,SHIPYARD_IMAGE=$SHIPYARD_IMAGE,g" $YAML_BUILDS/tools/$SITE/deploy_site.sh
-sed -i -e "s/DRYDOCK_PASSWORD=/DRYDOCK_PASSWORD=$DRYDOCK_PASSWORD/g" $YAML_BUILDS/tools/$SITE/deploy_site.sh
-sed -i -e "s/SHIPYARD_PASSWORD=/SHIPYARD_PASSWORD=$SHIPYARD_PASSWORD/g" $YAML_BUILDS/tools/$SITE/deploy_site.sh
-sed -i -e "s/REGION_NAME=/REGION_NAME=$REGION_NAME/g" $YAML_BUILDS/tools/$SITE/deploy_site.sh
-sed -i -e "s/{{yaml.genesis.host}}/$GENESIS_HOST/g" $YAML_BUILDS/tools/$SITE/deploy_site.sh
-
-scp $YAML_BUILDS/tools/$SITE/deploy_site.sh $GENESIS_HOST:/opt/sitename/aic-clcp-manifests/tools/
-ssh $GENESIS_HOST 'bash /opt/sitename/aic-clcp-manifests/tools/deploy_site.sh'
+ssh $GENESIS_HOST << EOF
+  cd /root/akraino
+  bash configs/promenade-bundle/genesis.sh
+  # Shipyard takes time to really come up and start responding.
+  date
+  sleep 900
+  # Following is a workaround, tested on dell servers.
+  # TODO to be removed when not required.
+  bash update_iptables.sh
+  bash deploy_site.sh
+EOF
diff --git a/tools/aknode30rc b/tools/aknode30rc
new file mode 100644 (file)
index 0000000..5330e71
--- /dev/null
@@ -0,0 +1,91 @@
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+# Add proxy settings if required for your environment
+# export http_proxy=http://your.proxy.com:8080/
+# export https_proxy=http://your.proxy.com:8080/
+#
+
+# host name for server
+SRV_NAME=aknode30
+
+# server oem - Dell or HPE (case sensitive)
+SRV_OEM=HPE
+
+# out of band interface information for server (idrac/ilo/etc)
+SRV_OOB_IP=192.168.41.130
+SRV_OOB_USR=Administrator
+SRV_OOB_PWD=Admin123
+
+# mac address of server to be used during the build - not required for Dell servers
+SRV_MAC=3c:fd:fe:aa:90:b0
+
+# name of network interface used during build when ipxe.efi is booted and when os is booted
+# ipxe numbers ports from 0-n in pci bus order.
+# the netx value will depend on how many nics are in the server
+# and which pci device number is assigned to the slot
+SRV_IPXE_INF=net4
+
+# the build interface is the nic used by the Ubuntu installed to load the OS
+SRV_BLD_INF=ens3f0
+
+# the boot device is the device name on which the OS will be loaded
+SRV_BOOT_DEVICE=sdj
+SRV_CEPH_DEVICE=sdk
+
+# ipxe script to use - based on the os version and kernel to install
+# valid options are script-hwe-16.04.4-amd64.ipxe or script-16.04.4-amd64.ipxe
+SRV_BLD_SCRIPT=script-hwe-16.04.5-amd64.ipxe
+
+# template xml file to set bios and raid configuration settings
+SRV_BIOS_TEMPLATE=hpe_dl380_g10_uefi_base.json.template
+SRV_BOOT_TEMPLATE=hpe_dl380_g10_uefi_httpboot.json.template
+SRV_HTTP_BOOT_DEV=NIC.Slot.3-1-1
+
+# tempalte to run to configure OS after first boot
+# current options are: firstboot.sh.template, firstboot-genesis.sh.tempate or firstboot-airship-iab.sh.template
+SRV_FIRSTBOOT_TEMPLATE=firstboot-genesis.sh.template
+
+# VLAN to use during build and for final network configuration
+SRV_VLAN=41
+SRV_STORAGE_VLAN=42
+SRV_CALICO_VLAN=44
+SRV_NEUTRON_VLAN=45
+SRV_PXE_INF=eno1
+
+# basic network information for dhcp config and final server network settings
+SRV_MTU=9000
+SRV_IP=192.168.2.30
+SRV_STORAGE_IP=172.31.1.30
+SRV_CALICO_IP=172.29.1.30
+SRV_NEUTRON_IP=10.0.101.30
+SRV_PXE_IP=172.30.1.30
+SRV_SUBNET=192.168.2.0
+SRV_NETMASK=255.255.255.0
+SRV_GATEWAY=192.168.2.200
+SRV_DNS="192.168.2.85 8.8.8.8 8.8.4.4"
+SRV_DOMAIN=lab.akraino.org
+SRV_DNSSEARCH=lab.akraino.org
+SRV_NTP=ntp.ubuntu.org
+
+# root password for server being built
+SRV_PWD=akraino,d
+
+# network bond information
+SRV_BOND=bond0
+SRV_SLAVE1=ens3f0
+SRV_SLAVE2=ens3f1
+
diff --git a/tools/aknode40rc b/tools/aknode40rc
new file mode 100644 (file)
index 0000000..6b79c88
--- /dev/null
@@ -0,0 +1,91 @@
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+# Add proxy settings if required for your environment
+# export http_proxy=http://your.proxy.com:8080/
+# export https_proxy=http://your.proxy.com:8080/
+#
+
+# host name for server
+SRV_NAME=aknode40
+
+# server oem - Dell or HPE (case sensitive)
+SRV_OEM=Dell
+
+# out of band interface information for server (idrac/ilo/etc)
+SRV_OOB_IP=192.168.41.40
+SRV_OOB_USR=root
+SRV_OOB_PWD=calvin
+
+# mac address of server to be used during the build - not required for Dell servers
+SRV_MAC=
+
+# name of network interface used during build when ipxe.efi is booted and when os is booted
+# ipxe numbers ports from 0-n in pci bus order.
+# the netx value will depend on how many nics are in the server
+# and which pci device number is assigned to the slot
+SRV_IPXE_INF=net4
+
+# the build interface is the nic used by the Ubuntu installed to load the OS
+SRV_BLD_INF=enp94s0f0
+
+# the boot device is the device name on which the OS will be loaded
+SRV_BOOT_DEVICE=sdg
+SRV_CEPH_DEVICE=sdh
+
+# ipxe script to use - based on the os version and kernel to install
+# valid options are script-hwe-16.04.4-amd64.ipxe or script-16.04.4-amd64.ipxe
+SRV_BLD_SCRIPT=script-hwe-16.04.5-amd64.ipxe
+
+# template xml file to set bios and raid configuration settings
+SRV_BIOS_TEMPLATE=dell_r740_g14_uefi_base.xml.template
+SRV_BOOT_TEMPLATE=dell_r740_g14_uefi_httpboot.xml.template
+SRV_HTTP_BOOT_DEV=NIC.Slot.2-1-1
+
+# tempalte to run to configure OS after first boot
+# current options are: firstboot.sh.template, firstboot-genesis.sh.tempate or firstboot-airship-iab.sh.template
+SRV_FIRSTBOOT_TEMPLATE=firstboot-genesis.sh.template
+
+# VLAN to use during build and for final network configuration
+SRV_VLAN=41
+SRV_STORAGE_VLAN=42
+SRV_CALICO_VLAN=44
+SRV_NEUTRON_VLAN=45
+SRV_PXE_INF=eno3
+
+# basic network information for dhcp config and final server network settings
+SRV_MTU=9000
+SRV_IP=192.168.2.40
+SRV_STORAGE_IP=172.31.2.40
+SRV_CALICO_IP=172.29.1.40
+SRV_NEUTRON_IP=10.0.102.40
+SRV_PXE_IP=172.30.2.40
+SRV_SUBNET=192.168.2.0
+SRV_NETMASK=255.255.255.0
+SRV_GATEWAY=192.168.2.200
+SRV_DNS="192.168.2.85 8.8.8.8 8.8.4.4"
+SRV_DOMAIN=lab.akraino.org
+SRV_DNSSEARCH=lab.akraino.org
+SRV_NTP=ntp.ubuntu.org
+
+# root password for server being built
+SRV_PWD=akraino,d
+
+# network bond information
+SRV_BOND=bond0
+SRV_SLAVE1=enp94s0f0
+SRV_SLAVE2=enp94s0f1
+
diff --git a/tools/cleanup.sh b/tools/cleanup.sh
new file mode 100755 (executable)
index 0000000..6af99a4
--- /dev/null
@@ -0,0 +1,153 @@
+#!/bin/bash
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+set -eux
+
+log () {
+printf "$(date)\t%s\n" "${1}"
+}
+
+
+TO_RM=(
+"/etc/apt/apt.conf.d/20-proxy.conf"
+"/etc/apt/sources.list.d/promenade-sources.list"
+"/etc/cni"
+"/etc/coredns"
+"/etc/docker/daemon.json"
+"/etc/etcd"
+"/etc/genesis"
+"/etc/kubernetes"
+"/etc/logrotate.d/json-logrotate"
+"/etc/systemd/system/kubelet.service"
+"/etc/systemd/system/docker.service.d/http-proxy.conf"
+"/home/ceph"
+"/usr/local/bin/armada"
+"/usr/local/bin/helm"
+"/usr/local/bin/kubectl"
+"/usr/local/bin/promenade-teardown"
+"/var/lib/anchor/calico-etcd-bootstrap"
+"/var/lib/etcd"
+"/var/lib/kubelet/pods"
+"/var/lib/openstack-helm"
+"/var/log/armada"
+"/var/log/containers"
+"/var/log/pods"
+)
+
+TO_LEAVE=(
+"/etc/hosts"
+"/etc/resolv.conf"
+)
+
+prune_docker() {
+log "Docker prune"
+docker volume prune -f
+docker system prune -a -f
+}
+
+remove_containers() {
+log "Remove all Docker containers"
+docker ps -aq 2> /dev/null | xargs --no-run-if-empty docker rm -fv
+}
+
+remove_files() {
+for item in "${TO_RM[@]}"; do
+log "Removing ${item}"
+rm -rf "${item}"
+done
+}
+
+leave_files() {
+for item in "${TO_LEAVE[@]}"; do
+log "WARNING: === ${item} === has been modified, but we didn't revert changes."
+done
+}
+
+reset_docker() {
+log "Remove all local Docker images"
+docker images -qa | xargs --no-run-if-empty docker rmi -f
+
+log "Remove remaining Docker files"
+systemctl stop docker
+if ! rm -rf /var/lib/docker/*; then
+log "Failed to cleanup some files in /var/lib/docker"
+find /var/lib/docker
+fi
+systemctl start docker
+}
+
+stop_kubelet() {
+log "Stop Kubelet and clean pods"
+systemctl stop kubelet || true
+
+# Issue with orhan PODS
+# https://github.com/kubernetes/kubernetes/issues/38498
+find var/lib/kubelet/pods 2> dev/null | while read orphan_pod; do
+if [[ ${orphan_pod} == io~secret ]] || [[ ${orphan_pod} == empty-dir ]]; then
+umount "${orphan_pod}" || true
+rm -rf "${orphan_pod}"
+fi
+done
+}
+
+
+FORCE=0
+RESET_DOCKER=0
+
+while getopts "fk" opt; do
+case "${opt}" in
+f)
+FORCE=1
+;;
+k)
+RESET_DOCKER=1
+;;
+*)
+echo "Unknown option"
+exit 1
+;;
+esac
+done
+
+if [[ $FORCE == "0" ]]; then
+echo Warning: This cleanup script is very aggressive. Run with -f to avoid this prompt.
+while true; do
+read -p "Are you sure you wish to proceed with aggressive cleanup?" yn
+case $yn in
+[Yy]*)
+RESET_DOCKER=1
+break
+;;
+*)
+echo Exiting.
+exit 1
+esac
+done
+fi
+
+stop_kubelet
+remove_containers
+remove_files
+prune_docker
+
+systemctl daemon-reload
+
+if [[ $RESET_DOCKER == "1" ]]; then
+reset_docker
+fi
+
+leave_files
index 2db8214..26ce52a 100755 (executable)
@@ -1,6 +1,6 @@
 #!/bin/bash
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
 
 
 set -x
+TIMESTAMP=$(date +"%Y%m%d%H%M")
+echo "logging to /var/log/deploy_site_$TIMESTAMP.log"
+exec > /var/log/deploy_site_$TIMESTAMP.log
+exec 2>&1
 
 # Regional Server specific variables
 KEYSTONE_IMAGE=
@@ -67,13 +71,14 @@ getactions(){
   sleep 5
 }
 
-#clean_configdocs
-#create_configdocs
-#commit_configdocs
+sleep 900
+clean_configdocs
+create_configdocs
+commit_configdocs
 renderedconfigdocs
 
-#deploy_site
-getactions
+deploy_site
+#getactions
 #update_site
 
 ##
diff --git a/tools/j2/serverrc.j2 b/tools/j2/serverrc.j2
new file mode 100644 (file)
index 0000000..873442a
--- /dev/null
@@ -0,0 +1,91 @@
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+# Add proxy settings if required for your environment
+# export http_proxy=http://your.proxy.com:8080/
+# export https_proxy=http://your.proxy.com:8080/
+#
+
+# host name for server
+SRV_NAME={{yaml.genesis.name}}
+
+# server oem - Dell or HPE (case sensitive)
+SRV_OEM={{yaml.genesis.oem}}
+
+# out of band interface information for server (idrac/ilo/etc)
+SRV_OOB_IP={{yaml.genesis.oob}}
+SRV_OOB_USR={{yaml.ipmi_admin.username}}
+SRV_OOB_PWD={{yaml.ipmi_admin.password}}
+
+# mac address of server to be used during the build - not required for Dell servers
+SRV_MAC={{yaml.genesis.mac_address}}
+
+# name of network interface used during build when ipxe.efi is booted and when os is booted
+# ipxe numbers ports from 0-n in pci bus order.
+# the netx value will depend on how many nics are in the server
+# and which pci device number is assigned to the slot
+SRV_IPXE_INF={{yaml.networks.pxe.inf}}
+
+# the build interface is the nic used by the Ubuntu installed to load the OS
+SRV_BLD_INF={{yaml.networks.slaves[0].name}}
+
+# the boot device is the device name on which the OS will be loaded
+SRV_BOOT_DEVICE={{yaml.disks[0].name}}
+SRV_CEPH_DEVICE={{yaml.disks[1].name}}
+
+# ipxe script to use - based on the os version and kernel to install
+# valid options are script-hwe-16.04.4-amd64.ipxe or script-16.04.4-amd64.ipxe
+SRV_BLD_SCRIPT=script-hwe-16.04.5-amd64.ipxe
+
+# template xml file to set bios and raid configuration settings
+SRV_BIOS_TEMPLATE={{yaml.genesis.bios_template}}
+SRV_BOOT_TEMPLATE={{yaml.genesis.boot_template}}
+SRV_HTTP_BOOT_DEV={{yaml.genesis.http_boot_device}}
+
+# tempalte to run to configure OS after first boot
+# current options are: firstboot.sh.template, firstboot-genesis.sh.tempate or firstboot-airship-iab.sh.template
+SRV_FIRSTBOOT_TEMPLATE=firstboot-genesis.sh.template
+
+# VLAN to use during build and for final network configuration
+SRV_VLAN={{yaml.networks.host.vlan}}
+SRV_STORAGE_VLAN={{yaml.networks.storage.vlan}}
+SRV_CALICO_VLAN={{yaml.networks.ksn.vlan}}
+SRV_NEUTRON_VLAN={{yaml.networks.neutron.vlan}}
+SRV_PXE_INF={{yaml.networks.pxe.interface}}
+
+# basic network information for dhcp config and final server network settings
+SRV_MTU=9000
+SRV_IP={{yaml.genesis.host}}
+SRV_STORAGE_IP={{yaml.genesis.storage}}
+SRV_CALICO_IP={{yaml.genesis.ksn}}
+SRV_NEUTRON_IP={{yaml.genesis.neutron}}
+SRV_PXE_IP={{yaml.genesis.pxe}}
+SRV_SUBNET={{yaml.networks.host.subnet}}
+SRV_NETMASK={{yaml.networks.host.netmask}}
+SRV_GATEWAY={{yaml.networks.host.routes.gateway}}
+SRV_DNS="{{yaml.networks.host.dns.servers}}"
+SRV_DOMAIN={{yaml.networks.host.dns.domain}}
+SRV_DNSSEARCH={{yaml.networks.host.dns.domain}}
+SRV_NTP=ntp.ubuntu.org
+
+# root password for server being built
+SRV_PWD={{yaml.genesis.root_password}}
+
+# network bond information
+SRV_BOND={{yaml.networks.primary}}
+{% for slave in yaml.networks.slaves %}
+SRV_SLAVE{{loop.index}}={{slave.name}}
+{% endfor %}
diff --git a/tools/j2/serverrc_raid.j2 b/tools/j2/serverrc_raid.j2
new file mode 100644 (file)
index 0000000..f7d2975
--- /dev/null
@@ -0,0 +1,30 @@
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+# Add proxy settings if required for your environment
+# export http_proxy=http://your.proxy.com:8080/
+# export https_proxy=http://your.proxy.com:8080/
+#
+# Set the ip and port to use when creating the web server
+BUILD_WEBIP=192.168.2.5
+
+# host name for server
+SRV_NAME={{yaml.name}}
+
+# out of band interface information for server (idrac/ilo/etc)
+SRV_OOB_IP={{yaml.oob}}
+SRV_OOB_USR={{yaml.oob_user}}
+SRV_OOB_PWD={{yaml.oob_password}}
similarity index 78%
rename from templates/yaml_builds/set_site_env.sh
rename to tools/j2/set_site_env.sh
index b420961..1639808 100644 (file)
@@ -1,6 +1,6 @@
 #!/bin/bash
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
 # limitations under the License.                                             #
 ##############################################################################
 
-
 export GENESIS_HOST={{yaml.genesis.host}}
 echo GENESIS_HOST=$GENESIS_HOST
-export GENESIS_PXE={{yaml.genesis.pxe}}
-echo GENESIS_PXE=$GENESIS_PXE
-export REGIONAL_SERVER_IP={{yaml.regional_server.ip}}
-echo REGIONAL_SERVER_IP=$REGIONAL_SERVER_IP
+export PXE_INTERFACE={{yaml.networks.pxe.interface}}
+echo PXE_INTERFACE=$PXE_INTERFACE
+export HOST_INTERFACE={{yaml.networks.host.interface}}
+echo HOST_INTERFACE=$HOST_INTERFACE
+export GENESIS_NAME={{yaml.genesis.name}}
+echo GENESIS_NAME=$GENESIS_NAME
diff --git a/tools/pegleg.sh b/tools/pegleg.sh
new file mode 100755 (executable)
index 0000000..b0fb2f6
--- /dev/null
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+set -x
+
+PEGLEG_IMAGE=${PEGLEG_IMAGE:-quay.io/airshipit/pegleg:09d85465827f1468d3469e5bbcf6b48f25338e7c}
+
+echo
+echo "== NOTE: Workspace $WORKSPACE  is available as /workspace in container context =="
+echo
+
+docker run --rm -t \
+    --net=none \
+    --workdir="/site" \
+    -v "${WORKSPACE}:/site" \
+    -v "${AIRSHIP_TREASUREMAP}:/global" \
+    "${PEGLEG_IMAGE}" \
+        pegleg "${@}"
index 7e0e99d..f345e0d 100644 (file)
@@ -1,6 +1,6 @@
 #!/bin/bash
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
@@ -16,9 +16,7 @@
 ##############################################################################
 
 
-export YAML_BUILDS=/opt/yaml_builds
+export YAML_BUILDS=/opt/akraino/yaml_builds
 echo YAML_BUILDS=$YAML_BUILDS
-export AIC_CLCP_MANIFESTS=/opt/yaml_builds/aic-clcp-manifests
-echo AIC_CLCP_MANIFESTS=$AIC_CLCP_MANIFESTS
-export AIC_CLCP_SECURITY_MANIFESTS=/opt/yaml_builds/aic-clcp-security-manifests
-echo AIC_CLCP_SECURITY_MANIFESTS=$AIC_CLCP_SECURITY_MANIFESTS
+export AIRSHIP_TREASUREMAP=/root/airship-treasuremap
+echo AIRSHIP_TREASUREMAP=$AIRSHIP_TREASUREMAP
index 8fe225d..cc16b70 100644 (file)
@@ -1,6 +1,6 @@
 #!/bin/bash
 ##############################################################################
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.          #
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.          #
 #                                                                            #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may    #
 # not use this file except in compliance with the License.                   #
 # limitations under the License.                                             #
 ##############################################################################
 
+set -x
 
 if [ -z "$1" ]
 then
-  echo "Plese pass site name as command line argument"
+  echo "Please pass site name as command line argument"
   exit -2
 else
   export SITE=${SITE:-$1}
diff --git a/tools/transfer.sh b/tools/transfer.sh
new file mode 100644 (file)
index 0000000..d4993df
--- /dev/null
@@ -0,0 +1,54 @@
+#!/bin/bash
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+set -x
+TIMESTAMP=$(date +"%Y%m%d%H%M")
+echo "Logging to /var/log/yaml_builds/transfer_$TIMESTAMP.log"
+exec > /var/log/yaml_builds/transfer_$TIMESTAMP.log
+exec 2>&1
+
+source $(dirname $0)/setenv.sh
+
+if [ -z "$1" ]
+then
+  echo "Please pass site name as command line argument"
+  exit -2
+else
+  SITE=${SITE:-$1}
+  echo "SITE=$SITE"
+fi
+
+if [ -z "$YAML_BUILDS" ]
+then
+  echo "Please set YAML_BUILDS"
+  exit -3
+fi
+
+
+source $(dirname $0)/env_$SITE.sh
+
+cd $YAML_BUILDS
+
+scp $YAML_BUILDS/tars/promenade-bundle-$SITE.tar $GENESIS_HOST:/tmp/
+ssh $GENESIS_HOST << EOF
+  # TODO avoid following hard coding$
+  cp /tmp/promenade-bundle-$SITE.tar /root/akraino/
+  cd /root/akraino/
+  tar -xmf promenade-bundle-$SITE.tar
+EOF
+# Update BIOS Setting
+python $YAML_BUILDS/scripts/update_bios_settings.py $SITE.yaml
diff --git a/tools/update_iptables.sh b/tools/update_iptables.sh
new file mode 100644 (file)
index 0000000..3abf9cc
--- /dev/null
@@ -0,0 +1,25 @@
+#!/bin/bash
+##############################################################################
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.        #
+#                                                                            #
+# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
+# not use this file except in compliance with the License.                   #
+#                                                                            #
+# You may obtain a copy of the License at                                    #
+#       http://www.apache.org/licenses/LICENSE-2.0                           #
+#                                                                            #
+# Unless required by applicable law or agreed to in writing, software        #
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT  #
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.           #
+# See the License for the specific language governing permissions and        #
+# limitations under the License.                                             #
+##############################################################################
+
+HOST_INTERFACE=
+PXE_INTERFACE=
+
+echo 1 > /proc/sys/net/ipv4/ip_forward
+iptables -t nat -A POSTROUTING -o $HOST_INTERFACE -j MASQUERADE
+iptables -A FORWARD -i $HOST_INTERFACE -o $PXE_INTERFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
+iptables -A FORWARD -i $PXE_INTERFACE -o $HOST_INTERFACE -j ACCEPT
+
index d997f6e..a91194b 100644 (file)
@@ -14,4 +14,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-export VERSION=0.0.1-SNAPSHOT
+export VERSION=0.0.2-SNAPSHOT