-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathedpm-nodeset-values.yml.j2
More file actions
171 lines (166 loc) · 6.54 KB
/
Copy pathedpm-nodeset-values.yml.j2
File metadata and controls
171 lines (166 loc) · 6.54 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
# yamllint disable rule:line-length
# local-config: referenced, but not emitted by kustomize
---
apiVersion: v1
kind: ConfigMap
metadata:
name: edpm-nodeset-values
annotations:
config.kubernetes.io/local-config: "true"
data:
root_password: cmVkaGF0Cg==
preProvisioned: true
baremetalSetTemplate:
ctlplaneInterface: {{ iface_1 }}
cloudUserName: cloud-admin
ssh_keys:
# Authorized keys that will have access to the dataplane computes via SSH
# pre-provisioned node don't need this field, it will be removed later.
authorized: removed
# The private key that will have access to the dataplane computes via SSH
private: {{ ssh_private_key }}
# The public key that will have access to the dataplane computes via SSH
public: {{ ssh_public_key }}
nodeset:
ansible:
ansibleUser: {{ ssh_username }}
ansiblePort: 22
ansibleVars:
edpm_bootstrap_release_version_package: []
edpm_bootstrap_command: |
# root CA
cd /etc/pki/ca-trust/source/anchors/
curl -LOk https://certs.corp.redhat.com/RH-IT-Root-CA.crt
curl -LOk https://certs.corp.redhat.com/certs/2022-IT-Root-CA.pem
update-ca-trust
# install rhos-release repos
dnf --nogpgcheck --repofrompath=rhos-release,http://download.devel.redhat.com/rcm-guest/puddles/OpenStack/rhos-release/ --repo=rhos-release install -y rhos-release
{%- if puddle != '' %}
rhos-release {{ rhos_release }} -p {{ puddle }} -r {{ rhel_release }}
{%- else %}
rhos-release ceph-7.1-rhel-9 -r 9.4
{%- endif %}
# Issue #2 - edpm_bootstrap fails if we don't update 'container-selinux'
dnf update -y
rpm -ivh --nosignature http://download.devel.redhat.com/rcm-guest/puddles/OpenStack/rhos-release/rhos-release-latest.noarch.rpm
curl -o /etc/yum.repos.d/delorean.repo https://osp-trunk.hosted.upshift.rdu2.redhat.com/rhel9-osp18/current-podified/delorean.repo
echo "[osptrunk-candidate-deps]" >> "/etc/yum.repos.d/osptrunk-candidate-deps.repo"
echo "name=osptrunk-candidate-deps" >> "/etc/yum.repos.d/osptrunk-candidate-deps.repo"
echo "baseurl=https://download-01.beak-001.prod.iad2.dc.redhat.com/brewroot/repos/rhos-18.0-rhel-9-trunk-candidate/latest/x86_64/" >> "/etc/yum.repos.d/osptrunk-candidate-deps.repo"
echo "gpgcheck=0" >> /etc/yum.repos.d/osptrunk-candidate-deps.repo
echo "enabled=1" >> /etc/yum.repos.d/osptrunk-candidate-deps.repo
echo "priority=1" >> /etc/yum.repos.d/osptrunk-candidate-deps.repo
# sets up rhoso release repo
echo "[rhoso-18.0-rhel-9-nightly-compose]" >> /etc/yum.repos.d/rhosotrunk-compose-deps.repo
echo "name=rhoso-18.0-rhel-9-nightly-compose" >> /etc/yum.repos.d/rhosotrunk-compose-deps.repo
echo "baseurl=http://download.hosts.prod.upshift.rdu2.redhat.com/rhel-9/nightly/RHOSO/RHOSO-18.0-trunk/latest-RHOSO_TRUNK-18-RHEL-9/compose/OpenStack/x86_64/os/" >> /etc/yum.repos.d/rhosotrunk-compose-deps.repo
echo "gpgcheck=0" >> /etc/yum.repos.d/rhosotrunk-compose-deps.repo
echo "enabled=1" >> /etc/yum.repos.d/rhosotrunk-compose-deps.repo
echo "priority=1" >> /etc/yum.repos.d/rhosotrunk-compose-deps.repo
echo "includepkgs=rhoso-release-18*" >> /etc/yum.repos.d/rhosotrunk-compose-deps.repo
sudo dnf install python3-pyroute2 --disableexcludes=all --disablerepo="*" --enablerepo="rhoso-18.0-rhel-9-nightly-compose" -y
timesync_ntp_servers:
- hostname: pool.ntp.org
# edpm_network_config
# These vars are edpm_network_config role vars
edpm_network_config_hide_sensitive_logs: false
edpm_network_config_nonconfigured_cleanup: false
edpm_network_config_template: |
---
network_config:
- type: vlan
device: {{ iface_1 }}
vlan_id: 17
addresses:
{%- raw %}
- ip_netmask: {{ internalapi_ip }}/{{ internalapi_cidr }}
{% endraw %}
- type: vlan
device: {{ iface_2 }}
vlan_id: 20
addresses:
{%- raw %}
- ip_netmask: {{ storage_ip }}/{{ storage_cidr }}
{% endraw %}
- type: vlan
device: {{ iface_1 }}
vlan_id: 18
addresses:
{%- raw %}
- ip_netmask: {{ tenant_ip }}/{{ tenant_cidr }}
- type: ovs_bridge
name: br-ex
use_dhcp: false
dns_servers: {{ ctlplane_dns_nameservers }}
domain: {{ dns_search_domains }}
{% endraw %}
members:
- type: interface
name: {{ iface_2 }}
primary: true
- type: vlan
vlan_id: 19
addresses:
{%- raw %}
- ip_netmask: {{ external_ip }}/{{ external_cidr }}
{% endraw %}
# These vars are for the network config templates themselves and are
# considered EDPM network defaults.
neutron_physical_bridge_name: br-ex
neutron_public_interface_name: {{ iface_2 }}
# edpm_nodes_validation
edpm_nodes_validation_validate_controllers_icmp: false
edpm_nodes_validation_validate_gateway_icmp: false
dns_search_domains: []
gather_facts: false
# edpm firewall, change the allowed CIDR if needed
edpm_sshd_configure_firewall: true
edpm_sshd_allowed_ranges:
- 172.16.0.0/16
networks:
- defaultRoute: true
name: ctlplane
subnetName: subnet1
- name: internalapi
subnetName: subnet1
- name: storage
subnetName: subnet1
- name: tenant
subnetName: subnet1
- name: external
subnetName: subnet1
nodes:
{% for node in edpm_node_list %}
edpm-{{ node.hostname }}:
hostName: {{ node.hostname }}
ansible:
ansibleHost: {{ node.ip_address }}
ansibleUser: {{ ssh_username }}
ansibleVars:
fqdn_internal_api: {{ node.hostname }}.example.com
{% endfor %}
services:
- bootstrap
- download-cache
- configure-network
- reboot-os
- validate-network
- install-os
- configure-os
- ssh-known-hosts
- run-os
- install-certs
- ovn
- neutron-ovn
- neutron-metadata
- libvirt
- nova
{% if telemetry | default(true) %}
- telemetry
- telemetry-power-monitoring
{% endif %}
nova:
migration:
ssh_keys:
private: {{ nova_migration_private_key }}
public: {{ nova_migration_public_key }}