diff --git a/docs/install-understack-ubuntu-k3s.md b/docs/install-understack-ubuntu-k3s.md index 1e57a0726..c44b092f3 100644 --- a/docs/install-understack-ubuntu-k3s.md +++ b/docs/install-understack-ubuntu-k3s.md @@ -302,4 +302,92 @@ nautobot job.batch/nautobot-backup-sg6f 1/1 2m48s [https://github.com/rackerlabs/understack/blob/main/components/10-keystone/README.md](https://github.com/rackerlabs/understack/blob/main/components/10-keystone/README.md) +### OpenStack Pre-requisites + +```bash +# clone the two repos because they reference the infra one as a relative path +# so you can't use real helm commands +git clone https://github.com/openstack/openstack-helm +git clone https://github.com/openstack/openstack-helm-infra +# update the dependencies cause we can't use real helm references +./scripts/openstack-helm-depend-sync.sh keystone +./scripts/openstack-helm-depend-sync.sh ironic +``` + +Label the kubernetes nodes as being openstack enabled: +```bash +kubectl label node $(kubectl get nodes -o 'jsonpath={.items[*].metadata.name}') openstack-control-plane=enabled +``` + ### Keystone + +Install keystone: + +```bash +helm --namespace openstack template \ + keystone \ + ./openstack-helm/keystone/ \ + -f components/10-keystone/aio-values.yaml \ + --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.keystone.password="$(kubectl --namespace openstack get secret keystone-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_messaging.auth.keystone.password="$(kubectl --namespace openstack get secret keystone-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ + --post-renderer $(git rev-parse --show-toplevel)/scripts/openstack-helm-sealed-secrets.sh \ + | kubectl -n openstack apply -f - +``` + +Install the openstack admin client: + +```bash +kubectl -n openstack apply -f https://raw.githubusercontent.com/rackerlabs/genestack/main/manifests/utils/utils-openstack-client-admin.yaml +``` + +Test if it's working: + +```bash +kubectl exec -it openstack-admin-client -n openstack -- openstack catalog list +kubectl exec -it openstack-admin-client -n openstack -- openstack service list +``` + +References: + +* [https://github.com/rackerlabs/understack/blob/main/components/10-keystone/README.md](https://github.com/rackerlabs/understack/blob/main/components/10-keystone/README.md) + +### Ironic + +First we need to update the `./components/13-ironic/aio-values.yaml` file and adjust a +setting to match our environment. + +Change the network.pxe.device to be the network device on the physical host you'll +use for pxe network, for example a different network layout may use `eno2` for pxe. + +```yaml +network: + pxe: + device: ens1f0 +``` + +Install the OpenStack Ironic helm chart using our custom aio-values.yaml overrides: + +```bash +helm --namespace openstack template \ + ironic \ + ./openstack-helm/ironic/ \ + -f components/13-ironic/aio-values.yaml \ + --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_db.auth.ironic.password="$(kubectl --namespace openstack get secret ironic-db-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.oslo_messaging.auth.ironic.password="$(kubectl --namespace openstack get secret ironic-rabbitmq-password -o jsonpath='{.data.password}' | base64 -d)" \ + --set endpoints.identity.auth.ironic.password="$(kubectl --namespace openstack get secret ironic-keystone-password -o jsonpath='{.data.password}' | base64 -d)" \ + --post-renderer $(git rev-parse --show-toplevel)/scripts/openstack-helm-sealed-secrets.sh \ + | kubectl -n openstack apply -f - +``` + +Check if it's working: + +```bash +kubectl exec -it openstack-admin-client -n openstack -- openstack baremetal driver list +kubectl exec -it openstack-admin-client -n openstack -- openstack baremetal conductor list +``` + +References: + +* [https://github.com/rackerlabs/understack/blob/main/components/13-ironic/README.md](https://github.com/rackerlabs/understack/blob/main/components/13-ironic/README.md) \ No newline at end of file