pxe: 172.30.2.41
ksn: 172.29.1.41
neutron: 10.0.102.41
- oob_user: root
- oob_password: calvin
- name : aknode42
oob: 192.168.41.42
host: 192.168.2.42
pxe: 172.30.2.42
ksn: 172.29.1.42
neutron: 10.0.102.42
- oob_user: root
- oob_password: calvin
#workers:
# - name : aknode43
# oob: 192.168.41.43
generation: '10'
hw_version: '3'
bios_version: '2.8'
- bios_template:
+ bios_template:
boot_template: dell_r740_g14_uefi_httpboot.xml.template
http_boot_device: NIC.Slot.2-1-1
device_aliases:
- name: boot
size: 1g
mountpoint: /boot
- - name: var_log
- size: '100g'
- mountpoint: /var/log
- name: var
- size: '>100g'
+ size: '300g'
mountpoint: /var
disks_compute:
# - name : sdg
- name: nova
size: 99%
mountpoint: /var/lib/nova
-genesis_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/n4mNLAj3XKG2fcm+8eVe0NUlNH0g8DA8KJ53rSLKccm8gm4UgLmGOJyBfUloQZMuOpU6a+hexN4ECCliqI7+KUmgJgsvLkJ3OUMNTEVu9tDX5mdXeffsufaqFkAdmbJ/9PMPiPQ3/UqbbtyEcqoZAwUWf4ggAWSp00SGE1Okg+skPSbDzPVHb4810eXZT1yoIg29HAenJNNrsVxvnMT2kw2OYmLfxgEUh1Ev4c5LnUog4GXBDHQtHAwaIoTu9s/q8VIvGav62RJVFn3U1D0jkiwDLSIFn8ezORQ4YkSidwdSrtqsqa2TJ0E5w/n5h5IVGO9neY8YlXrgynLd4Y+7 root@pocnjrsv132"
+genesis_ssh_public_key:
kubernetes:
api_service_ip: 10.96.0.1
etcd_service_ip: 10.96.0.2
regional_server:
ip: 135.16.101.85
...
-
import jinja2
import sys
import yaml
+import crypt
import netaddr
+from base64 import b64encode
def cidr_netmask(value):
if '/' in str(value):
result = "ERROR"
return result
+def crypt_sha512(value):
+ if not '$6$' in str(value):
+ if sys.hexversion < 0x3000000:
+ result = crypt.crypt(value, "$6$"+b64encode(os.urandom(16)))
+ else:
+ result = crypt.crypt(value, crypt.mksalt(crypt.METHOD_SHA512))
+ else:
+ result = value
+ return result
+
def usage(msg=None):
if not msg is None:
print(msg)
j2_env = jinja2.Environment(loader=jinja2.FileSystemLoader(os.path.dirname(j2in_name)), trim_blocks=True, lstrip_blocks=True, keep_trailing_newline=True, undefined=jinja2.make_logging_undefined())
j2_env.filters['cidr_netmask'] = cidr_netmask
j2_env.filters['cidr_subnet'] = cidr_subnet
+ j2_env.filters['crypt_sha512'] = crypt_sha512
expand_template(j2_env.get_template(name=os.path.basename(j2in_name)),yaml_out,len(j2in_name))
else:
j2_env = jinja2.Environment(loader=jinja2.FileSystemLoader(j2in_name), trim_blocks=True, lstrip_blocks=True, keep_trailing_newline=True, undefined=jinja2.make_logging_undefined())
j2_env.filters['cidr_netmask'] = cidr_netmask
j2_env.filters['cidr_subnet'] = cidr_subnet
+ j2_env.filters['crypt_sha512'] = crypt_sha512
templates=j2_env.list_templates(extensions=('j2'))
fill=len(max(templates,key=len))+len(j2in_name)
for f in templates:
schema: deckhand/PublicKey/v1
# This should match the "name" metadata of the SSH key which will be
# substituted, located in site/seaworthy/secrets folder.
- name: localadmin_ssh_public_key
+ name: airship_ssh_public_key
path: .
- dest:
path: .repositories.main_archive
name: software-versions
path: .packages.repositories.main_archive
# Second key example
- #- dest:
- # # Increment the list index
- # path: .authorized_keys[1]
- # src:
- # schema: deckhand/PublicKey/v1
- # # your ssh key
- # name: MY_USER_ssh_public_key
- # path: .
+ - dest:
+ # Increment the list index
+ path: .authorized_keys[1]
+ src:
+ schema: deckhand/PublicKey/v1
+ # your ssh key
+ name: localadmin_ssh_public_key
+ path: .
data:
tag_definitions: []
# This is the list of SSH keys which MaaS will register for the built-in
layer: site
storagePolicy: cleartext
# Pass: password123
-data: {{yaml.genesis.root_password}}
+data: {{yaml.genesis.root_password | crypt_sha512}}
...
peers:
{% for peer in yaml.networks.ksn.peers %}
- apiVersion: projectcalico.org/v3
- kind: bgpPeer
+ kind: BGPPeer
metadata:
name: peer-{{loop.index-1}}
spec:
- src:
schema: deckhand/CertificateKey/v1
name: kubernetes-etcd-{{server.name}}-peer
+{% if loop.first %}
path: .
+{% else %}
+ path: $
+{% endif %}
dest:
path: .values.nodes[{{loop.index}}].tls.peer.key
{% endfor %}
tar cvf $YAML_BUILDS/tars/promenade-bundle-$SITE.tar -C $AIRSHIP_TREASUREMAP/${SITE}_bundle .
)
+echo "#######################################"
+echo "# $0 finished"
+echo "#######################################"
+
exec 2>&-
exec 1>&-
exit 0
python $YAML_BUILDS/scripts/jcopy.py $SITE.yaml $YAML_BUILDS/tools/j2/serverrc.j2 $YAML_BUILDS/tools/"$GENESIS_NAME"rc
/opt/akraino/redfish/install_server_os.sh --rc /opt/akraino/yaml_builds/tools/"$GENESIS_NAME"rc --skip-confirm
+# Stage Airship files on Genesis
scp $YAML_BUILDS/tars/promenade-bundle-$SITE.tar $GENESIS_HOST:/tmp/
ssh $GENESIS_HOST << EOF
# TODO avoid following hard coding$
route add -net 192.168.41.0/24 gw 192.168.2.1 bond0.41
- mkdir -p /root/akraino
- cp /tmp/promenade-bundle-$SITE.tar /root/akraino/
+ mkdir -p /root/akraino/configs/promenade-bundle
+ mv /tmp/promenade-bundle-$SITE.tar /root/akraino/
cd /root/akraino/
tar -xmf promenade-bundle-$SITE.tar
+ # MOVE TO LOCATION EXPECTED BY WORKFLOW
+ mv genesis.sh /root/akraino/configs/promenade-bundle/
EOF
-# Update BIOS Setting
-#python $YAML_BUILDS/scripts/update_bios_settings.py $SITE.yaml
+
+# Update BIOS settings on master and worker nodes
+python $YAML_BUILDS/scripts/update_bios_settings.py $SITE.yaml
+
+echo "#######################################"
+echo "# $0 finished"
+echo "#######################################"
exec 2>&-
exec 1>&-
ssh $GENESIS_HOST << EOF
cd /root/akraino
+ echo "#######################################################"
+ echo "# Running genesis.sh script "
+ echo "#######################################################"
bash genesis.sh
# Shipyard takes time to really come up and start responding.
date
sleep 900
# Following is a workaround, tested on dell servers.
# TODO to be removed when not required.
+ echo "#######################################################"
+ echo "# Updating iptables "
+ echo "#######################################################"
bash update_iptables.sh
+ echo "#######################################################"
+ echo "# Running deploy_site.sh script "
+ echo "#######################################################"
#bash deploy_site.sh
EOF
sed -E 's/(^.*password:).*/\1 ###PASSWORD REMOVED####/g' ${YAML_BUILDS}/${SITE}.yaml
echo "#######################################"
+echo "# NOTE: root ssh key will be used for genesis_ssh_public_key if no key is provided"
+RCKEY=$(cat ~/.ssh/id_rsa.pub | sed -e 's/[\/&]/\\&/g')
+sed -i -e "s/genesis_ssh_public_key\: */genesis_ssh_public_key: \'$RCKEY\'/" $SITE.yaml
+
python ./scripts/jcopy.py $SITE.yaml ./tools/j2/set_site_env.sh ./tools/env_$SITE.sh
source ./tools/env_$SITE.sh
echo "# Created site $AIRSHIP_TREASUREMAP/site/$SITE with $CONFIG_COUNT config files"
echo "#######################################"
-(
-echo "# Linting config files in $AIRSHIP_TREASUREMAP/site/$SITE"
-cd $AIRSHIP_TREASUREMAP
-$AIRSHIP_TREASUREMAP/tools/airship pegleg site -r /target lint $SITE -x P001 -x P005 || true
-)
+# UNCOMMENT TO DEBUG/LINT GENERATED YAML FILES
+#(
+#echo "# Linting config files in $AIRSHIP_TREASUREMAP/site/$SITE"
+#cd $AIRSHIP_TREASUREMAP
+#$AIRSHIP_TREASUREMAP/tools/airship pegleg site -r /target lint $SITE -x P001 -x P005 || true
+#)
echo "#######################################"
+echo "# $0 finished"
+echo "#######################################"
Code Review / yaml_builds.git / commitdiff