-
Notifications
You must be signed in to change notification settings - Fork 21
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
cb130b2
commit 2b00828
Showing
8 changed files
with
742 additions
and
203 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,191 @@ | ||
========================== | ||
Terraform All in one (aio) | ||
========================== | ||
|
||
This Terraform configuration deploys a single VM on an OpenStack cloud, to be | ||
used as an all-in-one Kayobe test environment. | ||
|
||
This configuration is used in the GitHub Actions all-in-one.yml workflow for CI | ||
testing. | ||
|
||
Usage | ||
===== | ||
|
||
These instructions show how to use this Terraform configuration manually. They | ||
assume you are running an Ubuntu host that will be used to run Terraform. The | ||
machine should have network access to the VM that will be created by this | ||
configuration. | ||
|
||
Install Terraform: | ||
|
||
.. code-block:: console | ||
wget -qO - terraform.gpg https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/terraform-archive-keyring.gpg | ||
sudo echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/terraform-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/terraform.list | ||
sudo apt update | ||
sudo apt install docker.io terraform | ||
Clone and initialise the Kayobe config: | ||
|
||
.. code-block:: console | ||
git clone https://github.com/stackhpc/stackhpc-kayobe-config | ||
cd stackhpc-kayobe-config | ||
git submodule init | ||
git submodule update | ||
Change to the terraform/aio directory: | ||
|
||
.. code-block:: console | ||
cd terraform/aio | ||
Initialise Terraform: | ||
|
||
.. code-block:: console | ||
terraform init | ||
Generate an SSH keypair: | ||
|
||
.. code-block:: console | ||
ssh-keygen -f id_rsa -N '' | ||
Create an OpenStack clouds.yaml file with your credentials to access an | ||
OpenStack cloud. Alternatively, download one from Horizon. | ||
|
||
.. code-block:: console | ||
cat << EOF > clouds.yaml | ||
--- | ||
clouds: | ||
sms-lab: | ||
auth: | ||
auth_url: https://api.sms-lab.cloud:5000 | ||
username: <username> | ||
project_name: <project> | ||
domain_name: default | ||
interface: public | ||
EOF | ||
Export environment variables to use the correct cloud and provide a password: | ||
|
||
.. code-block:: console | ||
export OS_CLOUD=sms-lab | ||
read -p OS_PASSWORD -s OS_PASSWORD | ||
export OS_PASSWORD | ||
Generate Terraform variables: | ||
|
||
.. code-block:: console | ||
cat << EOF > terraform.tfvars | ||
ssh_public_key = "id_rsa.pub" | ||
aio_vm_name = "kayobe-aio" | ||
aio_vm_image = "overcloud-centos-8-stream-yoga-20230525T095243" | ||
aio_vm_flavor = "general.v1.medium" | ||
aio_vm_network = "stackhpc-ipv4-geneve" | ||
aio_vm_subnet = "stackhpc-ipv4-geneve-subnet" | ||
EOF | ||
Generate a plan: | ||
|
||
.. code-block:: console | ||
terraform plan | ||
Apply the changes: | ||
|
||
.. code-block:: console | ||
terraform apply -auto-approve | ||
Write Terraform outputs to a Kayobe config file: | ||
|
||
.. code-block:: console | ||
terraform output -json > ../../etc/kayobe/environments/$KAYOBE_ENVIRONMENT/tf-outputs.yml | ||
Change to the repository root: | ||
|
||
.. code-block:: console | ||
cd ../../ | ||
Write Terraform network config: | ||
|
||
.. code-block:: console | ||
cat << EOF > etc/kayobe/environments/$KAYOBE_ENVIRONMENT/tf-networks.yml | ||
admin_oc_net_name: admin | ||
admin_cidr: "{{ access_cidr.value }}" | ||
admin_allocation_pool_start: 0.0.0.0 | ||
admin_allocation_pool_end: 0.0.0.0 | ||
admin_gateway: "{{ access_gw.value }}" | ||
admin_bootproto: dhcp | ||
admin_ips: | ||
controller0: "{{ access_ip_v4.value }}" | ||
EOF | ||
Write Terraform network interface config: | ||
|
||
.. code-block:: console | ||
cat << EOF > etc/kayobe/environments/$KAYOBE_ENVIRONMENT/inventory/group_vars/controllers/tf-network-interfaces | ||
admin_interface: "{{ access_interface.value }}" | ||
EOF | ||
Build a Kayobe image: | ||
|
||
.. code-block:: console | ||
sudo DOCKER_BUILDKIT=1 docker build --file .automation/docker/kayobe/Dockerfile --tag kayobe:latest . | ||
Use the ci-aio environment: | ||
|
||
.. code-block:: console | ||
export KAYOBE_ENVIRONMENT=ci-aio | ||
Set the Kayobe Vault password env var: | ||
|
||
.. code-block:: console | ||
read -p KAYOBE_VAULT_PASSWORD -s KAYOBE_VAULT_PASSWORD | ||
export KAYOBE_VAULT_PASSWORD | ||
Set the Kayobe SSH private key env var: | ||
|
||
.. code-block:: console | ||
export KAYOBE_AUTOMATION_SSH_PRIVATE_KEY=$(cat terraform/aio/id_rsa) | ||
Host configure: | ||
|
||
.. code-block:: console | ||
sudo -E docker run -it --rm -v $(pwd):/stack/kayobe-automation-env/src/kayobe-config -e KAYOBE_ENVIRONMENT -e KAYOBE_VAULT_PASSWORD -e KAYOBE_AUTOMATION_SSH_PRIVATE_KEY kayobe:latest /stack/kayobe-automation-env/src/kayobe-config/.automation/pipeline/overcloud-host-configure.sh | ||
Service deploy: | ||
|
||
.. code-block:: console | ||
sudo -E docker run -it --rm -v $(pwd):/stack/kayobe-automation-env/src/kayobe-config -e KAYOBE_ENVIRONMENT -e KAYOBE_VAULT_PASSWORD -e KAYOBE_AUTOMATION_SSH_PRIVATE_KEY kayobe:latest /stack/kayobe-automation-env/src/kayobe-config/.automation/pipeline/overcloud-service-deploy.sh | ||
Configure aio resources: | ||
|
||
.. code-block:: console | ||
sudo -E docker run -it --rm -v $(pwd):/stack/kayobe-automation-env/src/kayobe-config -e KAYOBE_ENVIRONMENT -e KAYOBE_VAULT_PASSWORD -e KAYOBE_AUTOMATION_SSH_PRIVATE_KEY kayobe:latest /stack/kayobe-automation-env/src/kayobe-config/.automation/pipeline/playbook-run.sh etc/kayobe/ansible/configure-aio-resources.yml | ||
Run Tempest: | ||
|
||
.. code-block:: console | ||
mkdir -p tempest-artifacts | ||
sudo -E docker run -it --rm -v $(pwd):/stack/kayobe-automation-env/src/kayobe-config -v $(pwd)/tempest-artifacts:/stack/tempest-artifacts -e KAYOBE_ENVIRONMENT -e KAYOBE_VAULT_PASSWORD -e KAYOBE_AUTOMATION_SSH_PRIVATE_KEY kayobe:latest /stack/kayobe-automation-env/src/kayobe-config/.automation/pipeline/tempest.sh -e ansible_user=stack | ||
Tempest results are in tempest-artifacts. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
output "access_ip_v4" { | ||
value = openstack_compute_instance_v2.kayobe-host-image-builder.access_ip_v4 | ||
} | ||
|
||
output "access_cidr" { | ||
value = data.openstack_networking_subnet_v2.network.cidr | ||
} | ||
|
||
output "access_gw" { | ||
value = data.openstack_networking_subnet_v2.network.gateway_ip | ||
} | ||
|
||
output "access_interface" { | ||
value = var.host_image_builder_interface | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
#provider "openstack" { | ||
# use environment variables | ||
#} | ||
|
||
terraform { | ||
required_version = ">= 0.14" | ||
backend "local" { | ||
} | ||
required_providers { | ||
openstack = { | ||
source = "terraform-provider-openstack/openstack" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
#cloud-config | ||
# Don't automatically mount ephemeral disk | ||
mounts: | ||
- [/dev/vdb, null] | ||
# WORKAROUND: internal DNS missing from SMS lab. | ||
runcmd: | ||
- 'echo "10.0.0.34 pelican pelican.service.compute.sms-lab.cloud" >> /etc/hosts' | ||
- 'echo "10.205.3.187 pulp-server pulp-server.internal.sms-cloud" >> /etc/hosts' | ||
# Configure SSH keys here, to avoid creating an ephemeral keypair. | ||
# This means only the instance needs to be cleaned up if the destroy fails. | ||
ssh_authorized_keys: | ||
- ${ssh_public_key} | ||
|
||
write_files: | ||
# WORKAROUND: https://bugs.launchpad.net/kolla-ansible/+bug/1995409 | ||
- content: | | ||
#!/bin/bash | ||
docker exec openvswitch_vswitchd ovs-vsctl "$@" | ||
owner: root:root | ||
path: /usr/bin/ovs-vsctl | ||
permissions: '0755' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
ssh_public_key = "id_rsa.pub" | ||
ssh_username = "cloud-user" | ||
host_image_builder_name = "skc-ci-host-image-builder" | ||
host_image_builder_image = "overcloud-rocky-9-yoga-20240124T094316" | ||
host_image_builder_flavor = "en1.medium" | ||
host_image_builder_network = "stackhpc-ci" | ||
host_image_builder_subnet = "stackhpc-ci" | ||
host_image_builder_tags = ["skc-ci-host-image-builder", "alex-testo"] | ||
host_image_builder_interface = "ens3" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,98 @@ | ||
variable "ssh_public_key" { | ||
type = string | ||
} | ||
|
||
variable "ssh_username" { | ||
type = string | ||
} | ||
|
||
variable "host_image_builder_name" { | ||
type = string | ||
default = "kayobe-host-image-builder" | ||
} | ||
|
||
variable "host_image_builder_image" { | ||
type = string | ||
default = "CentOS-stream8" | ||
} | ||
|
||
variable "host_image_builder_interface" { | ||
type = string | ||
default = "ens3" | ||
} | ||
|
||
variable "host_image_builder_flavor" { | ||
type = string | ||
} | ||
|
||
variable "host_image_builder_network" { | ||
type = string | ||
} | ||
|
||
variable "host_image_builder_subnet" { | ||
type = string | ||
} | ||
|
||
variable "host_image_builder_volume_size" { | ||
type = number | ||
default = 60 | ||
} | ||
|
||
variable "host_image_builder_tags" { | ||
type = list(string) | ||
default = [] | ||
} | ||
|
||
locals { | ||
image_is_uuid = length(regexall("^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$", var.host_image_builder_image)) > 0 | ||
} | ||
|
||
data "openstack_images_image_v2" "image" { | ||
name = var.host_image_builder_image | ||
most_recent = true | ||
count = local.image_is_uuid ? 0 : 1 | ||
} | ||
|
||
data "openstack_networking_subnet_v2" "network" { | ||
name = var.host_image_builder_subnet | ||
} | ||
|
||
resource "openstack_compute_instance_v2" "kayobe-host-image-builder" { | ||
name = var.host_image_builder_name | ||
flavor_name = "en1.medium" | ||
config_drive = true | ||
user_data = templatefile("templates/userdata.cfg.tpl", {ssh_public_key = file(var.ssh_public_key)}) | ||
network { | ||
name = var.host_image_builder_network | ||
} | ||
|
||
block_device { | ||
uuid = local.image_is_uuid ? var.host_image_builder_image: data.openstack_images_image_v2.image[0].id | ||
source_type = "image" | ||
volume_size = var.host_image_builder_volume_size | ||
boot_index = 0 | ||
destination_type = "volume" | ||
delete_on_termination = true | ||
} | ||
|
||
tags = var.host_image_builder_tags | ||
} | ||
|
||
# Wait for the instance to be accessible via SSH before progressing. | ||
resource "null_resource" "kayobe-host-image-builder" { | ||
provisioner "remote-exec" { | ||
connection { | ||
host = openstack_compute_instance_v2.kayobe-host-image-builder.access_ip_v4 | ||
user = var.ssh_username | ||
private_key = file("id_rsa") | ||
# Terraform will run the start script from /tmp by default. For the | ||
# current images, /tmp is noexec, so the path must be changed | ||
script_path = "/home/${var.ssh_username}/start.sh" | ||
} | ||
|
||
inline = [ | ||
"#!/bin/sh", | ||
"echo 'connected!'" | ||
] | ||
} | ||
} |