diff --git a/tools/deployment/armada/040-armada-update-passwords.sh b/tools/deployment/armada/040-armada-update-passwords.sh new file mode 100755 index 0000000000..c04ece3212 --- /dev/null +++ b/tools/deployment/armada/040-armada-update-passwords.sh @@ -0,0 +1,54 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -xe + +# Empty previous password file contents +> /tmp/osh-passwords.env + +source ./tools/deployment/armada/generate-passwords.sh +: ${OSH_INFRA_PATH:="../openstack-helm-infra"} +: ${OSH_PATH:="./"} + +[ -s /tmp/ceph-fs-uuid.txt ] || uuidgen > /tmp/ceph-fs-uuid.txt +#NOTE(portdirect): to use RBD devices with Ubuntu kernels < 4.5 this +# should be set to 'hammer' +. /etc/os-release +if [ "x${ID}" == "xubuntu" ] && \ + [ "$(uname -r | awk -F "." '{ print $2 }')" -lt "5" ]; then + export CRUSH_TUNABLES=hammer +else + export CRUSH_TUNABLES=null +fi + +export CEPH_NETWORK=$(./tools/deployment/multinode/kube-node-subnet.sh) +export CEPH_FS_ID="$(cat /tmp/ceph-fs-uuid.txt)" +export TUNNEL_DEVICE=$(ip -4 route list 0/0 | awk '{ print $5; exit }') +export OSH_INFRA_PATH +export OSH_PATH + +# NOTE(srwilkers): We add this here due to envsubst expanding the ${tag} placeholder in +# fluentd's configuration. This ensures the placeholder value gets rendered appropriately +export tag='${tag}' + +echo "Rendering new osh manifest" +envsubst < ./tools/deployment/armada/manifests/armada-osh.yaml > /tmp/updated-password-armada-osh.yaml + +echo "Validating new osh manifest" +armada validate /tmp/updated-password-armada-osh.yaml + +echo "Applying new osh manifest" +armada apply /tmp/updated-password-armada-osh.yaml diff --git a/tools/deployment/armada/generate-osh-passwords.sh b/tools/deployment/armada/generate-osh-passwords.sh index 73ee217073..a09ea82a8a 100755 --- a/tools/deployment/armada/generate-osh-passwords.sh +++ b/tools/deployment/armada/generate-osh-passwords.sh @@ -34,6 +34,7 @@ passwords="BARBICAN_DB_PASSWORD \ KEYSTONE_AUTHTOKEN_MEMCACHED_SECRET_KEY \ KEYSTONE_DB_PASSWORD \ KEYSTONE_RABBITMQ_USER_PASSWORD \ + METADATA_PROXY_SHARED_SECRET \ NEUTRON_DB_PASSWORD \ NEUTRON_RABBITMQ_USER_PASSWORD \ NEUTRON_USER_PASSWORD \ diff --git a/tools/deployment/armada/manifests/armada-osh.yaml b/tools/deployment/armada/manifests/armada-osh.yaml index 7011e7050c..91d21a9d7d 100644 --- a/tools/deployment/armada/manifests/armada-osh.yaml +++ b/tools/deployment/armada/manifests/armada-osh.yaml @@ -1021,6 +1021,8 @@ data: formatter_default: format: "%(message)s" nova: + neutron: + metadata_proxy_shared_secret: ${METADATA_PROXY_SHARED_SECRET} libvirt: virt_type: qemu cpu_mode: none @@ -1206,6 +1208,9 @@ data: max_l3_agents_per_router: 5 l3_ha_network_type: vxlan dhcp_agents_per_network: 2 + metadata_agent: + DEFAULT: + metadata_proxy_shared_secret: ${METADATA_PROXY_SHARED_SECRET} plugins: ml2_conf: ml2_type_flat: diff --git a/tools/gate/playbooks/armada-update-uuid-deploy.yaml b/tools/gate/playbooks/armada-update-uuid-deploy.yaml deleted file mode 100644 index 3a73603591..0000000000 --- a/tools/gate/playbooks/armada-update-uuid-deploy.yaml +++ /dev/null @@ -1,84 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- hosts: primary - gather_facts: True - tasks: - - name: installing ipcalc on Ubuntu - become: true - become_user: root - when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' - apt: - name: ipcalc - state: present - - name: Install python3-pip for armada - environment: - OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}" - OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('') }}" - zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}" - shell: | - set xe; - ./tools/deployment/armada/010-armada-host-setup.sh - args: - chdir: "{{ zuul_osh_relative_path | default(zuul.project.src_dir) }}" - - name: Build armada - environment: - OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}" - OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('') }}" - zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}" - shell: | - set xe; - ./tools/deployment/armada/015-armada-build.sh - args: - chdir: "{{ zuul_osh_relative_path | default(zuul.project.src_dir) }}" - - name: Render all Armada manifests - environment: - OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}" - OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('') }}" - zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}" - shell: | - set -xe; - ./tools/deployment/armada/020-armada-render-manifests.sh - args: - chdir: "{{ zuul_osh_relative_path | default(zuul.project.src_dir) }}" - - name: Validate all Armada manifests - environment: - OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}" - OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('') }}" - zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}" - shell: | - set -xe; - ./tools/deployment/armada/025-armada-validate-manifests.sh - args: - chdir: "{{ zuul_osh_relative_path | default(zuul.project.src_dir) }}" - - name: Apply all Armada manifests - environment: - OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}" - OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('') }}" - zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}" - shell: | - set -xe; - ./tools/deployment/armada/030-armada-apply-manifests.sh - args: - chdir: "{{ zuul_osh_relative_path | default(zuul.project.src_dir) }}" - - name: Updated release uuid for all manifests and reapply - environment: - OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}" - OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('') }}" - zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}" - shell: | - set -xe; - ./tools/deployment/armada/035-armada-update-uuid.sh - args: - chdir: "{{ zuul_osh_relative_path | default(zuul.project.src_dir) }}" diff --git a/tools/gate/playbooks/gather-armada-manifests.yaml b/tools/gate/playbooks/gather-armada-manifests.yaml index 46da1ff959..a4da80c10a 100644 --- a/tools/gate/playbooks/gather-armada-manifests.yaml +++ b/tools/gate/playbooks/gather-armada-manifests.yaml @@ -30,6 +30,7 @@ - updated-armada-ceph - updated-armada-lma - updated-armada-osh + - updated-password-armada-osh args: executable: /bin/bash ignore_errors: True diff --git a/zuul.d/jobs-openstack-helm.yaml b/zuul.d/jobs-openstack-helm.yaml index 6144659ae4..23303cf347 100644 --- a/zuul.d/jobs-openstack-helm.yaml +++ b/zuul.d/jobs-openstack-helm.yaml @@ -229,6 +229,34 @@ - ./tools/deployment/armada/030-armada-apply-manifests.sh - ./tools/deployment/armada/035-armada-update-uuid.sh +- job: + timeout: 10800 + name: openstack-helm-armada-update-passwords + parent: openstack-helm-functional-temp + nodeset: openstack-helm-five-node-ubuntu + roles: + - zuul: openstack/openstack-helm-infra + pre-run: + - tools/gate/playbooks/osh-infra-upgrade-host.yaml + - tools/gate/playbooks/osh-infra-deploy-docker.yaml + - tools/gate/playbooks/osh-infra-build.yaml + - tools/gate/playbooks/osh-infra-deploy-k8s.yaml + run: tools/gate/playbooks/osh-gate-runner.yaml + post-run: + - tools/gate/playbooks/osh-infra-collect-logs.yaml + - tools/gate/playbooks/gather-armada-manifests.yaml + required-projects: + - openstack/openstack-helm-infra + vars: + zuul_osh_infra_relative_path: ../openstack-helm-infra/ + gate_scripts: + - ./tools/deployment/armada/010-armada-host-setup.sh + - ./tools/deployment/armada/015-armada-build.sh + - ./tools/deployment/armada/020-armada-render-manifests.sh + - ./tools/deployment/armada/025-armada-validate-manifests.sh + - ./tools/deployment/armada/030-armada-apply-manifests.sh + - ./tools/deployment/armada/040-armada-update-passwords.sh + - job: name: openstack-helm-multinode-temp-ubuntu parent: openstack-helm-multinode-temp diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index 4124faa71d..aa6c9a20ed 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -46,6 +46,7 @@ - openstack-helm-ironic-ubuntu - openstack-helm-armada-deploy - openstack-helm-armada-update-uuid + - openstack-helm-armada-update-passwords experimental: jobs: # - openstack-helm-multinode-temp-centos @@ -54,3 +55,4 @@ # - openstack-helm-multinode-temp-tempest - openstack-helm-armada-deploy - openstack-helm-armada-update-uuid + - openstack-helm-armada-update-passwords