From a9224b1afa3b5f01663a27ad1f7895faacc39c48 Mon Sep 17 00:00:00 2001 From: scrungus Date: Thu, 13 Jul 2023 14:12:29 +0100 Subject: [PATCH 01/17] capi-image-templates review changes default to ovn dns unnecessary fields label format change dashes to underscores unnecessary underscores update requirements for new coe template ansible role default dns underscores init version of automated template generation init version of automated template generation init version of automated template generation make operation no-op when no new images are defined and stop new images being included in old image list list concat for images --- etc/openstack-config/openstack-config.yml | 6 +- examples/capi-templates-images.yml | 117 ++++++++++++++++++ examples/templates/capi-images-templates.j2 | 20 +++ examples/templates/images.j2 | 28 +++++ examples/templates/old-images.j2 | 21 ++++ examples/templates/old-templates.j2 | 26 ++++ examples/templates/templates.j2 | 36 ++++++ requirements.yml | 2 +- tools/merge_config/ansible.cfg | 2 + tools/merge_config/bin/activate | 22 ++++ tools/merge_config/bin/ensure_venv | 42 +++++++ tools/merge_config/bin/run | 9 ++ tools/merge_config/clouds.yaml | 14 +++ .../inventory/group_vars/all/variables.yml | 42 +++++++ tools/merge_config/inventory/hosts | 1 + tools/merge_config/merge_templates.yml | 46 +++++++ tools/merge_config/requirements.txt | 4 + 17 files changed, 435 insertions(+), 3 deletions(-) create mode 100644 examples/capi-templates-images.yml create mode 100644 examples/templates/capi-images-templates.j2 create mode 100644 examples/templates/images.j2 create mode 100644 examples/templates/old-images.j2 create mode 100644 examples/templates/old-templates.j2 create mode 100644 examples/templates/templates.j2 create mode 100644 tools/merge_config/ansible.cfg create mode 100755 tools/merge_config/bin/activate create mode 100755 tools/merge_config/bin/ensure_venv create mode 100755 tools/merge_config/bin/run create mode 100644 tools/merge_config/clouds.yaml create mode 100644 tools/merge_config/inventory/group_vars/all/variables.yml create mode 100644 tools/merge_config/inventory/hosts create mode 100644 tools/merge_config/merge_templates.yml create mode 100644 tools/merge_config/requirements.txt diff --git a/etc/openstack-config/openstack-config.yml b/etc/openstack-config/openstack-config.yml index fd88313..5760072 100644 --- a/etc/openstack-config/openstack-config.yml +++ b/etc/openstack-config/openstack-config.yml @@ -39,8 +39,10 @@ # Configuration of Glance software images. # List of Glance images. Format is as required by the stackhpc.os-images role. -#openstack_images: +#glance_images: +# Images to be uploaded +#openstack_images: "{{ glance_images + kubernetes_images }}" # List of Diskimage Builder (DIB) elements paths to include in image builds. #openstack_image_elements: @@ -57,4 +59,4 @@ ############################################################################### # Dummy variable to allow Ansible to accept this file. -workaround_ansible_issue_8743: yes +workaround_ansible_issue_8743: yes \ No newline at end of file diff --git a/examples/capi-templates-images.yml b/examples/capi-templates-images.yml new file mode 100644 index 0000000..750014e --- /dev/null +++ b/examples/capi-templates-images.yml @@ -0,0 +1,117 @@ +############################################################################### +# Configuration of Glance software images. + +# Flavor must have a minimum of 2 VCPUs +magnum_flavor: "m1.small" + +# Network to create tenant cluster FIPs on +magnum_external_network: "external" + +# Provider for cluster loadbalancers +magnum_octavia_provider: "ovn" + +# helm chart version to use for tenant clusters +magnum_helm_chart_version: "openstack-cluster-0.1.1-dev.0.main.221" + +ubuntu-focal-kube-v1_25_11: + name: "ubuntu-focal-kube-v1.25.11" + type: qcow2 + image_url: "https://object.arcus.openstack.hpc.cam.ac.uk/swift/v1/AUTH_f0dc9cb312144d0aa44037c9149d2513/azimuth-images/ubuntu-focal-kube-v1.25.11-230712-0939.qcow2" + is_public: True + properties: + os_distro: "ubuntu" + os_version: "20.04" + kube_version: "v1.25.11" + +ubuntu-focal-kube-v1_26_6: + name: "ubuntu-focal-kube-v1.26.6" + type: qcow2 + image_url: "https://object.arcus.openstack.hpc.cam.ac.uk/swift/v1/AUTH_f0dc9cb312144d0aa44037c9149d2513/azimuth-images/ubuntu-focal-kube-v1.26.6-230712-1010.qcow2" + is_public: True + properties: + os_distro: "ubuntu" + os_version: "20.04" + kube_version: "v1.26.6" + +ubuntu-focal-kube-v1_27_3: + name: "ubuntu-focal-kube-v1.27.3" + type: qcow2 + image_url: "https://object.arcus.openstack.hpc.cam.ac.uk/swift/v1/AUTH_f0dc9cb312144d0aa44037c9149d2513/azimuth-images/ubuntu-focal-kube-v1.27.3-230712-1021.qcow2" + is_public: True + properties: + os_distro: "ubuntu" + os_version: "20.04" + kube_version: "v1.27.3" + +# List of Glance images. Format is as required by the stackhpc.os-images role. +openstack_images: + - "{{ ubuntu-focal-kube-v1_25_11 }}" + - "{{ ubuntu-focal-kube-v1_26_6 }}" + - "{{ ubuntu-focal-kube-v1_27_3 }}" + +############################################################################### +# Configuration of Magnum container clusters. + +kube_v1_25_11: + labels: + monitoring_enabled: "false" + kube_dashboard_enabled: "true" + capi_helm_chart_version: "{{ magnum_helm_chart_version }}" + octavia_provider: "{{ magnum_octavia_provider }}" + external_network_id: "{{ magnum_external_network }}" + master_flavor: "{{ magnum_flavor }}" + flavor: "{{ magnum_flavor }}" + image: "ubuntu-focal-kube-v1.25.11" + name: "kubernetes-v1.25.11" + coe: "kubernetes" + network_driver: "calico" + master_lb_enabled: True + floating_ip_enabled: True + # Magnum’s default value for dns_nameserver is 8.8.8.8. + dns_nameserver: "1.1.1.1,8.8.8.8,8.8.4.4" + public: True + +kube_v1_26_6: + labels: + monitoring_enabled: "false" + kube_dashboard_enabled: "true" + capi_helm_chart_version: "{{ magnum_helm_chart_version }}" + octavia_provider: "{{ magnum_octavia_provider }}" + external_network_id: "{{ magnum_external_network }}" + master_flavor: "{{ magnum_flavor }}" + flavor: "{{ magnum_flavor }}" + image: "ubuntu-focal-kube-v1.26.6" + name: "kubernetes-v1.26.6" + coe: "kubernetes" + network_driver: "calico" + master_lb_enabled: True + floating_ip_enabled: True + # Magnum’s default value for dns_nameserver is 8.8.8.8. + dns_nameserver: "1.1.1.1,8.8.8.8,8.8.4.4" + public: True + +kube_v1_27_3: + labels: + monitoring_enabled: "false" + kube_dashboard_enabled: "true" + capi_helm_chart_version: "{{ magnum_helm_chart_version }}" + octavia_provider: "{{ magnum_octavia_provider }}" + external_network_id: "{{ magnum_external_network }}" + master_flavor: "{{ magnum_flavor }}" + flavor: "{{ magnum_flavor}}" + image: "ubuntu-focal-kube-v1.27.3" + name: "kubernetes-v1.27.3" + coe: "kubernetes" + network_driver: "calico" + master_lb_enabled: True + floating_ip_enabled: True + # Magnum’s default value for dns_nameserver is 8.8.8.8. + dns_nameserver: "1.1.1.1,8.8.8.8,8.8.4.4" + public: True + +# List of magnum cluster templates. Format is as required by the +# stackhpc.os-container-clusters role. +openstack_container_clusters_templates: + - "{{ kube_v1_25_11 }}" + - "{{ kube_v1_26_6 }}" + - "{{ kube_v1_27_3 }}" diff --git a/examples/templates/capi-images-templates.j2 b/examples/templates/capi-images-templates.j2 new file mode 100644 index 0000000..5bbd493 --- /dev/null +++ b/examples/templates/capi-images-templates.j2 @@ -0,0 +1,20 @@ +############################################################################### +# Magnum container clusters shared variables. + +# Flavor must have a minimum of 2 VCPUs +magnum_flavor: {{ magnum_flavor_name }} + +# Network to create tenant cluster FIPs on +magnum_external_network: {{ magnum_external_net_name }} + +# Provider for cluster loadbalancers +magnum_octavia_provider: {{ magnum_loadbalancer_provider }} + +# helm chart version to use for tenant clusters +magnum_helm_chart_version: {{ magnum_helm_chart_version }} + +{% include './old-images.j2' %} +{% include './images.j2' %} + +{% include './old-templates.j2' %} +{% include './templates.j2' %} diff --git a/examples/templates/images.j2 b/examples/templates/images.j2 new file mode 100644 index 0000000..d5e1cc8 --- /dev/null +++ b/examples/templates/images.j2 @@ -0,0 +1,28 @@ +############################################################################### +# Configuration of Glance software images. + +{% for item in new_template_data %} +# Image for {{ item.key }} +{{ item.value.name }}: + name: "{{ item.value.name }}" + type: qcow2 + image_url: "{{ item.value.url }}" + is_public: True + properties: + os_distro: "ubuntu" + os_version: "20.04" + kube_version: "{{ item.value.kubernetes_version }}" + +{% endfor %} +# List of Kubernetes images. Format is as required by the stackhpc.os-images role. +kubernetes_images: +{% if matching_images is defined and matching_temps | length > 0 %} +{% for item in matching_images %} +{% if item.value.name not in new_template_data | map(attribute='value.name') %} + - "{{ '{{ ' + item.key + ' }}' }}" +{% endif %} +{% endfor %} +{% endif %} +{% for item in new_template_data %} + - "{{ '{{ ' + item.value.name + ' }}' }}" +{% endfor %} \ No newline at end of file diff --git a/examples/templates/old-images.j2 b/examples/templates/old-images.j2 new file mode 100644 index 0000000..e0920cb --- /dev/null +++ b/examples/templates/old-images.j2 @@ -0,0 +1,21 @@ +{% if matching_images is defined and matching_temps | length > 0 %} +############################################################################### +# Old magnum images - hide until out of use + +{% for item in matching_images %} +{% if item.value.name not in new_template_data | map(attribute='value.name') %} +{{ item.key }}: +{% for key, value in item.value.items() %} +{% if value is mapping %} + {{ key }}: +{% for k, v in value.items() %} + {{ k }}: "{{ v }}" +{% endfor %} +{% else %} + {{ key }}: "{{ value }}" +{% endif %} +{% endfor %} + +{% endif %} +{% endfor %} +{% endif %} \ No newline at end of file diff --git a/examples/templates/old-templates.j2 b/examples/templates/old-templates.j2 new file mode 100644 index 0000000..a99ce5b --- /dev/null +++ b/examples/templates/old-templates.j2 @@ -0,0 +1,26 @@ +{% if matching_temps is defined and matching_temps | length > 0 %} +############################################################################### +# Old magnum templates - hide until out of use + +{% for item in matching_temps %} +{% if item.key not in new_template_data | map(attribute='key') %} +{{ item.key }}: +{% for key, value in item.value.items() %} +{% if key == 'is_hidden' %} + {{ key }}: {{ value }} +{% elif value is mapping %} + {{ key }}: +{% for k, v in value.items() %} + {{ k }}: "{{ v }}" +{% endfor %} +{% else %} + {{ key }}: "{{ value }}" +{% endif %} +{% endfor %} +{% if 'is_hidden' not in item.value %} +is_hidden: True +{% endif %} + +{% endif %} +{% endfor %} +{% endif %} \ No newline at end of file diff --git a/examples/templates/templates.j2 b/examples/templates/templates.j2 new file mode 100644 index 0000000..f45870b --- /dev/null +++ b/examples/templates/templates.j2 @@ -0,0 +1,36 @@ +############################################################################### +# Configuration of Magnum container clusters. + +{% for item in new_template_data %} +{{ item.key }}: + labels: + monitoring_enabled: "true" + kube_dashboard_enabled: "true" + capi_helm_chart_version: "{{ magnum_helm_chart_version }}" + octavia_provider: {{ magnum_loadbalancer_provider }} + external_network_id: {{ magnum_external_net_name }} + master_flavor: {{ magnum_flavor_name }} + flavor: {{ magnum_flavor_name }} + image: "{{ item.value.name }}" + name: "{{ item.key }}" + coe: "kubernetes" + network_driver: "calico" + master_lb_enabled: True + floating_ip_enabled: True + dns_nameserver: "1.1.1.1,8.8.8.8,8.8.4.4" + public: True + +{% endfor %} +# List of magnum cluster templates. Format is as required by the +# stackhpc.os-container-clusters role. +openstack_container_clusters_templates: +{% if matching_temps is defined and matching_temps | length > 0 %} +{% for item in matching_temps %} +{% if item.key not in new_template_data | map(attribute='key') %} + - "{{ '{{ ' + item.key + ' }}' }}" +{% endif %} +{% endfor %} +{% endif %} +{% for item in new_template_data %} + - "{{ '{{ ' + item.key + ' }}' }}" +{% endfor %} \ No newline at end of file diff --git a/requirements.yml b/requirements.yml index fda082e..ed9b2fa 100644 --- a/requirements.yml +++ b/requirements.yml @@ -9,4 +9,4 @@ roles: collections: - name: openstack.cloud - version: '<2' + version: 2.1.0 diff --git a/tools/merge_config/ansible.cfg b/tools/merge_config/ansible.cfg new file mode 100644 index 0000000..154ac15 --- /dev/null +++ b/tools/merge_config/ansible.cfg @@ -0,0 +1,2 @@ +[defaults] +inventory = ./inventory \ No newline at end of file diff --git a/tools/merge_config/bin/activate b/tools/merge_config/bin/activate new file mode 100755 index 0000000..dd43fe7 --- /dev/null +++ b/tools/merge_config/bin/activate @@ -0,0 +1,22 @@ +##### +# This script activates the specified environment +# +# It needs to be sourced rather than just executed as it sets environment variables +# for the current shell +##### +export CONFIG_ROOT="$(dirname $(dirname $(dirname $(dirname $(realpath ${BASH_SOURCE[0]:-${(%):-%x}})))))" + +# If clouds.yaml provided in root dir, then prefer this +if [ -f "$CONFIG_ROOT/tools/merge_config/clouds.yaml" ]; then + export OS_CLOUD="${OS_CLOUD:-"openstack"}" + export OS_CLIENT_CONFIG_FILE="$CONFIG_ROOT/tools/merge_config/clouds.yaml" +fi + +# If a Python virtualenv exists, activate it +VENV="${VENV:-"$CONFIG_ROOT/tools/merge_config/.venv"}" +if [ -f "$VENV/bin/activate" ]; then + echo "Activating Python venv at $VENV" + source "$VENV/bin/activate" +fi + +echo "Activated environment" \ No newline at end of file diff --git a/tools/merge_config/bin/ensure_venv b/tools/merge_config/bin/ensure_venv new file mode 100755 index 0000000..8a09f09 --- /dev/null +++ b/tools/merge_config/bin/ensure_venv @@ -0,0 +1,42 @@ +##### +# This script creates a virtualenv (if not already in one) and installs the required dependencies +##### + +if [[ "$VIRTUAL_ENV" == "" ]]; then + # Check python version + # NOTE: Python 3.8 or newer is required for ansible 2.12 + # which is in turn required for the 'undef' ansible keyword + PY_MAJOR=3 + PY_MINOR=8 + version_check() { + python3 <&2 + echo "Please install a supported version then try again" 1>&2 + exit 1 + fi + + VENV="$CONFIG_ROOT/tools/merge_magnum_config/.venv" + if [ ! -d "$VENV" ]; then + echo "Creating virtual environment at $VENV" + python3 -m venv "$VENV" +fi + +else +VENV=$VIRTUAL_ENV +fi + +CONFIG_ROOT="$(dirname $(dirname $(dirname $(dirname $(realpath ${BASH_SOURCE[0]:-${(%):-%x}})))))" + +echo "Upgrading pip" +"$VENV/bin/python" -m pip install -U pip + +echo "Installing requirements" +"$VENV/bin/python" -m pip install -r "$CONFIG_ROOT/requirements.txt" +"$VENV/bin/python" -m pip install -r "$CONFIG_ROOT/tools/merge_config/requirements.txt" \ No newline at end of file diff --git a/tools/merge_config/bin/run b/tools/merge_config/bin/run new file mode 100755 index 0000000..804a4ff --- /dev/null +++ b/tools/merge_config/bin/run @@ -0,0 +1,9 @@ +#!/bin/bash + +CONFIG_ROOT="$(dirname $(dirname $(dirname $(dirname $(realpath ${BASH_SOURCE[0]:-${(%):-%x}})))))" + +source $CONFIG_ROOT/tools/merge_config/bin/activate + +export ANSIBLE_CONFIG=$CONFIG_ROOT/tools/merge_config/ansible.cfg + +ansible-playbook $CONFIG_ROOT/tools/merge_config/merge_templates.yml \ No newline at end of file diff --git a/tools/merge_config/clouds.yaml b/tools/merge_config/clouds.yaml new file mode 100644 index 0000000..a026cd3 --- /dev/null +++ b/tools/merge_config/clouds.yaml @@ -0,0 +1,14 @@ +# This clouds.yaml is used to connect to the OpenStack project for the environment +# It should contain an application credential +# +# WARNING: This file should be encrypted +clouds: + openstack: + auth: + auth_url: https://auth.os-api.cci1.ecmwf.int:443 + application_credential_id: "2351c754c2684860beb4e8dbdcf63f37" + application_credential_secret: "MhssM5w-n2u_YvSI9c2L52u3bZ1kcSE9MZZoiZ-7v1FflhMizSzAxch3HCNKZ3gEOJzRuqsodP6KHszU5znMmw" + region_name: "RegionOne" + interface: "public" + identity_api_version: 3 + auth_type: "v3applicationcredential" \ No newline at end of file diff --git a/tools/merge_config/inventory/group_vars/all/variables.yml b/tools/merge_config/inventory/group_vars/all/variables.yml new file mode 100644 index 0000000..703f142 --- /dev/null +++ b/tools/merge_config/inventory/group_vars/all/variables.yml @@ -0,0 +1,42 @@ + +_magnum_flavor_name: >- + {{ + lookup('pipe', 'openstack flavor list -f json') | + from_json | + selectattr('Disk', '>=', 20) | + selectattr('VCPUs', '>=', 2) | + selectattr('VCPUs', '<=', 8) | + selectattr('RAM','>=',2048) | + selectattr('RAM','<=',8192) | + first | + json_query('Name') + }} + +magnum_flavor_name: "{{ _magnum_flavor_name }}" + +_magnum_external_net_name: >- + {{ + lookup('pipe', 'openstack network list --external -f json') | + from_json | + reject('search','^ceph$') | + first | + default(undef(hint = 'Unable to find external network')) | + json_query('Name') + }} + +magnum_external_net_name: "{{ _magnum_external_net_name }}" + +_magnum_loadbalancer_provider: >- + {{- + lookup('pipe', 'openstack loadbalancer provider list -f json') | + from_json | + map(attribute = 'name') | + reject('equalto', 'octavia') | + select('match','ovn') | + default('amphora') | + first + }} + +magnum_loadbalancer_provider: "{{ _magnum_loadbalancer_provider }}" + +magnum_helm_chart_version: "openstack-cluster-0.1.1-dev.0.main.221" \ No newline at end of file diff --git a/tools/merge_config/inventory/hosts b/tools/merge_config/inventory/hosts new file mode 100644 index 0000000..4cf0cae --- /dev/null +++ b/tools/merge_config/inventory/hosts @@ -0,0 +1 @@ +localhost ansible_connection=local ansible_python_interpreter="{{ ansible_playbook_python }}" \ No newline at end of file diff --git a/tools/merge_config/merge_templates.yml b/tools/merge_config/merge_templates.yml new file mode 100644 index 0000000..528e69b --- /dev/null +++ b/tools/merge_config/merge_templates.yml @@ -0,0 +1,46 @@ +--- +- hosts: localhost + vars: + root_dir: "{{ lookup('env','CONFIG_ROOT') }}" + site_vars_file: "{{ root_dir }}/etc/openstack-config/container-clusters.yml" + + tasks: + - name: Check if cluster containers file exists + stat: + path: "{{ site_vars_file }}" + register: file_stat + + - name: Load site_vars from file if it exists, otherwise set to an empty dictionary + set_fact: + site_vars: "{{ lookup('file', site_vars_file) | from_yaml }}" + when: file_stat.stat.exists + + - name: Set site_vars to an empty dictionary if the file doesn't exist + set_fact: + site_vars: {} + when: not file_stat.stat.exists + + - name: Find old templates + set_fact: + matching_temps: "{{ site_vars | dict2items | selectattr('key', 'match', 'kube*') | list }}" + when: site_vars is defined and site_vars | length > 0 + + - name: Find old images + set_fact: + matching_images: "{{ site_vars | dict2items | selectattr('key', 'match', 'ubuntu*') | list }}" + when: site_vars is defined and site_vars | length > 0 + + - name: Fetch manifest.json using wget + shell: "wget -O - 'https://github.com/stackhpc/azimuth-images/releases/download/0.1.2/manifest.json'" + register: manifest_response + changed_when: false + + - name: Parse JSON response + set_fact: + new_template_data: "{{ manifest_response.stdout | from_json | dict2items | selectattr('key', 'match', 'kubernetes*') | list }}" + + - name: Template images & templates + template: + src: "{{ root_dir }}/examples/templates/capi-images-templates.j2" + dest: "{{ root_dir }}/etc/openstack-config/container-clusters.yml" + diff --git a/tools/merge_config/requirements.txt b/tools/merge_config/requirements.txt new file mode 100644 index 0000000..6b0d995 --- /dev/null +++ b/tools/merge_config/requirements.txt @@ -0,0 +1,4 @@ +jmespath +python-openstackclient +python-octaviaclient +munch \ No newline at end of file From a66254427b613ae4ceee0ab9e5288d624585c41e Mon Sep 17 00:00:00 2001 From: scrungus <33693738+scrungus@users.noreply.github.com> Date: Fri, 11 Aug 2023 16:54:48 +0100 Subject: [PATCH 02/17] Delete clouds.yaml --- tools/merge_config/clouds.yaml | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100644 tools/merge_config/clouds.yaml diff --git a/tools/merge_config/clouds.yaml b/tools/merge_config/clouds.yaml deleted file mode 100644 index a026cd3..0000000 --- a/tools/merge_config/clouds.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# This clouds.yaml is used to connect to the OpenStack project for the environment -# It should contain an application credential -# -# WARNING: This file should be encrypted -clouds: - openstack: - auth: - auth_url: https://auth.os-api.cci1.ecmwf.int:443 - application_credential_id: "2351c754c2684860beb4e8dbdcf63f37" - application_credential_secret: "MhssM5w-n2u_YvSI9c2L52u3bZ1kcSE9MZZoiZ-7v1FflhMizSzAxch3HCNKZ3gEOJzRuqsodP6KHszU5znMmw" - region_name: "RegionOne" - interface: "public" - identity_api_version: 3 - auth_type: "v3applicationcredential" \ No newline at end of file From 58e01e6f4710fef997550ae83bed35a9e4cefd67 Mon Sep 17 00:00:00 2001 From: scrungus Date: Fri, 11 Aug 2023 18:24:01 +0100 Subject: [PATCH 03/17] reject image list --- tools/merge_config/bin/run | 2 +- tools/merge_config/merge_templates.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/merge_config/bin/run b/tools/merge_config/bin/run index 804a4ff..b06427c 100755 --- a/tools/merge_config/bin/run +++ b/tools/merge_config/bin/run @@ -6,4 +6,4 @@ source $CONFIG_ROOT/tools/merge_config/bin/activate export ANSIBLE_CONFIG=$CONFIG_ROOT/tools/merge_config/ansible.cfg -ansible-playbook $CONFIG_ROOT/tools/merge_config/merge_templates.yml \ No newline at end of file +ansible-playbook $CONFIG_ROOT/tools/merge_config/merge_templates.yml \ No newline at end of file diff --git a/tools/merge_config/merge_templates.yml b/tools/merge_config/merge_templates.yml index 528e69b..d9dcd91 100644 --- a/tools/merge_config/merge_templates.yml +++ b/tools/merge_config/merge_templates.yml @@ -22,7 +22,7 @@ - name: Find old templates set_fact: - matching_temps: "{{ site_vars | dict2items | selectattr('key', 'match', 'kube*') | list }}" + matching_temps: "{{ site_vars | dict2items | selectattr('key', 'match', 'kube*') | rejectattr('key','match','kubernetes_images') | list }}" when: site_vars is defined and site_vars | length > 0 - name: Find old images From d31b96e52e6986ee8be090528c934a9a4544b799 Mon Sep 17 00:00:00 2001 From: Kayobe deployment user Date: Mon, 14 Aug 2023 13:25:01 +0000 Subject: [PATCH 04/17] templating corrections --- examples/templates/images.j2 | 8 ++++---- examples/templates/old-images.j2 | 4 ++-- examples/templates/old-templates.j2 | 4 ++-- examples/templates/templates.j2 | 8 ++++---- tools/merge_config/bin/activate | 7 ++++++- tools/merge_config/bin/run | 2 +- 6 files changed, 19 insertions(+), 14 deletions(-) diff --git a/examples/templates/images.j2 b/examples/templates/images.j2 index d5e1cc8..4886ea7 100644 --- a/examples/templates/images.j2 +++ b/examples/templates/images.j2 @@ -3,7 +3,7 @@ {% for item in new_template_data %} # Image for {{ item.key }} -{{ item.value.name }}: +{{ item.value.name | replace('-', '_') | replace('.', '_') }}: name: "{{ item.value.name }}" type: qcow2 image_url: "{{ item.value.url }}" @@ -18,11 +18,11 @@ kubernetes_images: {% if matching_images is defined and matching_temps | length > 0 %} {% for item in matching_images %} -{% if item.value.name not in new_template_data | map(attribute='value.name') %} +{% if (item.value.name | replace('_', '-')) not in (new_template_data | map(attribute='value.name')) %} - "{{ '{{ ' + item.key + ' }}' }}" {% endif %} {% endfor %} {% endif %} {% for item in new_template_data %} - - "{{ '{{ ' + item.value.name + ' }}' }}" -{% endfor %} \ No newline at end of file + - "{{ '{{ ' + (item.value.name | replace('-', '_')) | replace('.', '_') + ' }}' }}" +{% endfor %} diff --git a/examples/templates/old-images.j2 b/examples/templates/old-images.j2 index e0920cb..d85b836 100644 --- a/examples/templates/old-images.j2 +++ b/examples/templates/old-images.j2 @@ -3,7 +3,7 @@ # Old magnum images - hide until out of use {% for item in matching_images %} -{% if item.value.name not in new_template_data | map(attribute='value.name') %} +{% if item.value.name not in new_template_data | map(attribute='value.name') | replace('-', '_') %} {{ item.key }}: {% for key, value in item.value.items() %} {% if value is mapping %} @@ -18,4 +18,4 @@ {% endif %} {% endfor %} -{% endif %} \ No newline at end of file +{% endif %} diff --git a/examples/templates/old-templates.j2 b/examples/templates/old-templates.j2 index a99ce5b..616017d 100644 --- a/examples/templates/old-templates.j2 +++ b/examples/templates/old-templates.j2 @@ -3,7 +3,7 @@ # Old magnum templates - hide until out of use {% for item in matching_temps %} -{% if item.key not in new_template_data | map(attribute='key') %} +{% if item.key not in new_template_data | map(attribute='key') | replace('-', '_') %} {{ item.key }}: {% for key, value in item.value.items() %} {% if key == 'is_hidden' %} @@ -23,4 +23,4 @@ is_hidden: True {% endif %} {% endfor %} -{% endif %} \ No newline at end of file +{% endif %} diff --git a/examples/templates/templates.j2 b/examples/templates/templates.j2 index f45870b..64ebda0 100644 --- a/examples/templates/templates.j2 +++ b/examples/templates/templates.j2 @@ -2,7 +2,7 @@ # Configuration of Magnum container clusters. {% for item in new_template_data %} -{{ item.key }}: +{{ item.key | replace('-', '_') }}: labels: monitoring_enabled: "true" kube_dashboard_enabled: "true" @@ -26,11 +26,11 @@ openstack_container_clusters_templates: {% if matching_temps is defined and matching_temps | length > 0 %} {% for item in matching_temps %} -{% if item.key not in new_template_data | map(attribute='key') %} +{% if (item.key| replace('_', '-')) not in (new_template_data | map(attribute='key')) %} - "{{ '{{ ' + item.key + ' }}' }}" {% endif %} {% endfor %} {% endif %} {% for item in new_template_data %} - - "{{ '{{ ' + item.key + ' }}' }}" -{% endfor %} \ No newline at end of file + - "{{ '{{ ' + (item.key| replace('-', '_')) + ' }}' }}" +{% endfor %} diff --git a/tools/merge_config/bin/activate b/tools/merge_config/bin/activate index dd43fe7..7c8854b 100755 --- a/tools/merge_config/bin/activate +++ b/tools/merge_config/bin/activate @@ -13,10 +13,15 @@ if [ -f "$CONFIG_ROOT/tools/merge_config/clouds.yaml" ]; then fi # If a Python virtualenv exists, activate it +if [[ "$VIRTUAL_ENV" != "" ]]; then + VENV=$VIRTUAL_ENV +fi + VENV="${VENV:-"$CONFIG_ROOT/tools/merge_config/.venv"}" + if [ -f "$VENV/bin/activate" ]; then echo "Activating Python venv at $VENV" source "$VENV/bin/activate" fi -echo "Activated environment" \ No newline at end of file +echo "Activated environment" diff --git a/tools/merge_config/bin/run b/tools/merge_config/bin/run index b06427c..d725d7f 100755 --- a/tools/merge_config/bin/run +++ b/tools/merge_config/bin/run @@ -6,4 +6,4 @@ source $CONFIG_ROOT/tools/merge_config/bin/activate export ANSIBLE_CONFIG=$CONFIG_ROOT/tools/merge_config/ansible.cfg -ansible-playbook $CONFIG_ROOT/tools/merge_config/merge_templates.yml \ No newline at end of file +ansible-playbook $CONFIG_ROOT/tools/merge_config/merge_templates.yml From 65f312640c719d5296395953a8e4fa9001308cdd Mon Sep 17 00:00:00 2001 From: scrungus Date: Mon, 14 Aug 2023 14:42:49 +0100 Subject: [PATCH 05/17] fix old image discovery --- examples/templates/old-images.j2 | 2 +- examples/templates/old-templates.j2 | 2 +- examples/templates/templates.j2 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/templates/old-images.j2 b/examples/templates/old-images.j2 index d85b836..718e8a2 100644 --- a/examples/templates/old-images.j2 +++ b/examples/templates/old-images.j2 @@ -3,7 +3,7 @@ # Old magnum images - hide until out of use {% for item in matching_images %} -{% if item.value.name not in new_template_data | map(attribute='value.name') | replace('-', '_') %} +{% if (item.value.name | replace('_', '-')) not in new_template_data | map(attribute='value.name') %} {{ item.key }}: {% for key, value in item.value.items() %} {% if value is mapping %} diff --git a/examples/templates/old-templates.j2 b/examples/templates/old-templates.j2 index 616017d..58bfbce 100644 --- a/examples/templates/old-templates.j2 +++ b/examples/templates/old-templates.j2 @@ -3,7 +3,7 @@ # Old magnum templates - hide until out of use {% for item in matching_temps %} -{% if item.key not in new_template_data | map(attribute='key') | replace('-', '_') %} +{% if (item.key | replace('_', '-')) not in new_template_data | map(attribute='key') %} {{ item.key }}: {% for key, value in item.value.items() %} {% if key == 'is_hidden' %} diff --git a/examples/templates/templates.j2 b/examples/templates/templates.j2 index 64ebda0..3bb9038 100644 --- a/examples/templates/templates.j2 +++ b/examples/templates/templates.j2 @@ -26,7 +26,7 @@ openstack_container_clusters_templates: {% if matching_temps is defined and matching_temps | length > 0 %} {% for item in matching_temps %} -{% if (item.key| replace('_', '-')) not in (new_template_data | map(attribute='key')) %} +{% if (item.key | replace('_', '-')) not in (new_template_data | map(attribute='key')) %} - "{{ '{{ ' + item.key + ' }}' }}" {% endif %} {% endfor %} From aeac1040cd43627b4e29b268cb1d453ed30ce46a Mon Sep 17 00:00:00 2001 From: scrungus Date: Mon, 14 Aug 2023 15:34:39 +0100 Subject: [PATCH 06/17] change chart name --- tools/merge_config/inventory/group_vars/all/variables.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/merge_config/inventory/group_vars/all/variables.yml b/tools/merge_config/inventory/group_vars/all/variables.yml index 703f142..d6d2232 100644 --- a/tools/merge_config/inventory/group_vars/all/variables.yml +++ b/tools/merge_config/inventory/group_vars/all/variables.yml @@ -39,4 +39,4 @@ _magnum_loadbalancer_provider: >- magnum_loadbalancer_provider: "{{ _magnum_loadbalancer_provider }}" -magnum_helm_chart_version: "openstack-cluster-0.1.1-dev.0.main.221" \ No newline at end of file +magnum_helm_chart_version: "0.1.1-dev.0.main.221" \ No newline at end of file From acdc3f28414ae5afc67cd01fc2742b791be8b948 Mon Sep 17 00:00:00 2001 From: scrungus Date: Mon, 14 Aug 2023 16:58:42 +0100 Subject: [PATCH 07/17] change to visibility parameter --- examples/templates/images.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/templates/images.j2 b/examples/templates/images.j2 index 4886ea7..f716203 100644 --- a/examples/templates/images.j2 +++ b/examples/templates/images.j2 @@ -7,7 +7,7 @@ name: "{{ item.value.name }}" type: qcow2 image_url: "{{ item.value.url }}" - is_public: True + visibility: "community" properties: os_distro: "ubuntu" os_version: "20.04" From c76e7e4cf496a09af910f30a0dd26525953b0da3 Mon Sep 17 00:00:00 2001 From: scrungus Date: Mon, 14 Aug 2023 18:23:10 +0100 Subject: [PATCH 08/17] hide images and templates when old --- ansible/openstack-images.yml | 2 +- examples/templates/old-images.j2 | 3 +++ examples/templates/old-templates.j2 | 6 ++---- examples/templates/templates.j2 | 8 ++++---- 4 files changed, 10 insertions(+), 9 deletions(-) diff --git a/ansible/openstack-images.yml b/ansible/openstack-images.yml index 3c89df6..2798f37 100644 --- a/ansible/openstack-images.yml +++ b/ansible/openstack-images.yml @@ -5,7 +5,7 @@ - images roles: - role: stackhpc.os-images - os_images_venv: "{{ openstack_venv }}" + os_images_venv: "{{ ansible_env.PWD }}/openstack-images-venv" os_images_cache: "{{ ansible_env.PWD }}/openstack-config-image-cache" os_images_auth_type: "{{ openstack_auth_type }}" os_images_auth: "{{ openstack_auth }}" diff --git a/examples/templates/old-images.j2 b/examples/templates/old-images.j2 index 718e8a2..992db29 100644 --- a/examples/templates/old-images.j2 +++ b/examples/templates/old-images.j2 @@ -15,6 +15,9 @@ {{ key }}: "{{ value }}" {% endif %} {% endfor %} +{% if 'hide_image' not in item.value %} + hide_image: "True" +{% endif %} {% endif %} {% endfor %} diff --git a/examples/templates/old-templates.j2 b/examples/templates/old-templates.j2 index 58bfbce..2315317 100644 --- a/examples/templates/old-templates.j2 +++ b/examples/templates/old-templates.j2 @@ -6,9 +6,7 @@ {% if (item.key | replace('_', '-')) not in new_template_data | map(attribute='key') %} {{ item.key }}: {% for key, value in item.value.items() %} -{% if key == 'is_hidden' %} - {{ key }}: {{ value }} -{% elif value is mapping %} +{% if value is mapping %} {{ key }}: {% for k, v in value.items() %} {{ k }}: "{{ v }}" @@ -18,7 +16,7 @@ {% endif %} {% endfor %} {% if 'is_hidden' not in item.value %} -is_hidden: True + is_hidden: True {% endif %} {% endif %} diff --git a/examples/templates/templates.j2 b/examples/templates/templates.j2 index 3bb9038..2e068b2 100644 --- a/examples/templates/templates.j2 +++ b/examples/templates/templates.j2 @@ -4,8 +4,8 @@ {% for item in new_template_data %} {{ item.key | replace('-', '_') }}: labels: - monitoring_enabled: "true" - kube_dashboard_enabled: "true" + monitoring_enabled: "True" + kube_dashboard_enabled: "True" capi_helm_chart_version: "{{ magnum_helm_chart_version }}" octavia_provider: {{ magnum_loadbalancer_provider }} external_network_id: {{ magnum_external_net_name }} @@ -15,8 +15,8 @@ name: "{{ item.key }}" coe: "kubernetes" network_driver: "calico" - master_lb_enabled: True - floating_ip_enabled: True + master_lb_enabled: "True" + floating_ip_enabled: "True" dns_nameserver: "1.1.1.1,8.8.8.8,8.8.4.4" public: True From 7b269c95b4e5d1b7483911b32df2a9b4eaae8ae4 Mon Sep 17 00:00:00 2001 From: scrungus Date: Thu, 24 Aug 2023 15:33:54 +0100 Subject: [PATCH 09/17] underscores --- examples/capi-templates-images.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/examples/capi-templates-images.yml b/examples/capi-templates-images.yml index 750014e..3410b4e 100644 --- a/examples/capi-templates-images.yml +++ b/examples/capi-templates-images.yml @@ -11,9 +11,9 @@ magnum_external_network: "external" magnum_octavia_provider: "ovn" # helm chart version to use for tenant clusters -magnum_helm_chart_version: "openstack-cluster-0.1.1-dev.0.main.221" +magnum_helm_chart_version: "0.1.1-dev.0.main.221" -ubuntu-focal-kube-v1_25_11: +ubuntu_focal_kube_v1_25_11: name: "ubuntu-focal-kube-v1.25.11" type: qcow2 image_url: "https://object.arcus.openstack.hpc.cam.ac.uk/swift/v1/AUTH_f0dc9cb312144d0aa44037c9149d2513/azimuth-images/ubuntu-focal-kube-v1.25.11-230712-0939.qcow2" @@ -23,7 +23,7 @@ ubuntu-focal-kube-v1_25_11: os_version: "20.04" kube_version: "v1.25.11" -ubuntu-focal-kube-v1_26_6: +ubuntu_focal_kube_v1_26_6: name: "ubuntu-focal-kube-v1.26.6" type: qcow2 image_url: "https://object.arcus.openstack.hpc.cam.ac.uk/swift/v1/AUTH_f0dc9cb312144d0aa44037c9149d2513/azimuth-images/ubuntu-focal-kube-v1.26.6-230712-1010.qcow2" @@ -33,7 +33,7 @@ ubuntu-focal-kube-v1_26_6: os_version: "20.04" kube_version: "v1.26.6" -ubuntu-focal-kube-v1_27_3: +ubuntu_focal_kube_v1_27_3: name: "ubuntu-focal-kube-v1.27.3" type: qcow2 image_url: "https://object.arcus.openstack.hpc.cam.ac.uk/swift/v1/AUTH_f0dc9cb312144d0aa44037c9149d2513/azimuth-images/ubuntu-focal-kube-v1.27.3-230712-1021.qcow2" @@ -45,9 +45,9 @@ ubuntu-focal-kube-v1_27_3: # List of Glance images. Format is as required by the stackhpc.os-images role. openstack_images: - - "{{ ubuntu-focal-kube-v1_25_11 }}" - - "{{ ubuntu-focal-kube-v1_26_6 }}" - - "{{ ubuntu-focal-kube-v1_27_3 }}" + - "{{ ubuntu_focal_kube_v1_25_11 }}" + - "{{ ubuntu_focal_kube_v1_26_6 }}" + - "{{ ubuntu_focal_kube_v1_27_3 }}" ############################################################################### # Configuration of Magnum container clusters. From df06cc760ffb9398cda7b364a3a7e6139a8e3c99 Mon Sep 17 00:00:00 2001 From: scrungus Date: Thu, 24 Aug 2023 15:35:23 +0100 Subject: [PATCH 10/17] separate venv for different sdk / openstackclient versions --- ansible/group_vars/all/venv | 2 ++ ansible/openstack-container-clusters.yml | 2 +- ansible/openstack-images.yml | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ansible/group_vars/all/venv b/ansible/group_vars/all/venv index c729e5e..cee2bbd 100644 --- a/ansible/group_vars/all/venv +++ b/ansible/group_vars/all/venv @@ -1,3 +1,5 @@ --- # Path to create virtualenv in which to install python dependencies. openstack_venv: "{{ ansible_env.PWD }}/openstack-config-venv" +# Separate venv for roles that require sdk>=1.0 in case it breaks anything +openstack_sdk_1_0_venv: "{{ ansible_env.PWD }}/openstack-1.0-venv" \ No newline at end of file diff --git a/ansible/openstack-container-clusters.yml b/ansible/openstack-container-clusters.yml index 0194742..0fa4d8e 100644 --- a/ansible/openstack-container-clusters.yml +++ b/ansible/openstack-container-clusters.yml @@ -5,7 +5,7 @@ - container-clusters-templates roles: - role: stackhpc.os-container-clusters - os_container_clusters_venv: "{{ openstack_venv }}" + os_container_clusters_venv: "{{ openstack_sdk_1_0_venv }}" os_container_clusters_auth_type: "{{ openstack_auth_type }}" os_container_clusters_auth: "{{ openstack_auth }}" os_container_clusters_cacert: "{{ openstack_cacert }}" diff --git a/ansible/openstack-images.yml b/ansible/openstack-images.yml index 2798f37..afba1ab 100644 --- a/ansible/openstack-images.yml +++ b/ansible/openstack-images.yml @@ -5,7 +5,7 @@ - images roles: - role: stackhpc.os-images - os_images_venv: "{{ ansible_env.PWD }}/openstack-images-venv" + os_images_venv: "{{ openstack_sdk_1_0_venv }}" os_images_cache: "{{ ansible_env.PWD }}/openstack-config-image-cache" os_images_auth_type: "{{ openstack_auth_type }}" os_images_auth: "{{ openstack_auth }}" From d9257e0764976be14783e94ae9a5b09fc2500b2b Mon Sep 17 00:00:00 2001 From: scrungus Date: Thu, 24 Aug 2023 15:35:38 +0100 Subject: [PATCH 11/17] filter out ceph network --- tools/merge_config/inventory/group_vars/all/variables.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/tools/merge_config/inventory/group_vars/all/variables.yml b/tools/merge_config/inventory/group_vars/all/variables.yml index d6d2232..aedd602 100644 --- a/tools/merge_config/inventory/group_vars/all/variables.yml +++ b/tools/merge_config/inventory/group_vars/all/variables.yml @@ -18,10 +18,9 @@ _magnum_external_net_name: >- {{ lookup('pipe', 'openstack network list --external -f json') | from_json | - reject('search','^ceph$') | - first | - default(undef(hint = 'Unable to find external network')) | - json_query('Name') + map(attribute='Name') | + reject('search', 'ceph') | + first }} magnum_external_net_name: "{{ _magnum_external_net_name }}" From d0e92080d462af51fb928ed34ce2b017eeb7d719 Mon Sep 17 00:00:00 2001 From: scrungus Date: Thu, 24 Aug 2023 15:50:08 +0100 Subject: [PATCH 12/17] docs --- doc/magnum-template-generation.rst | 35 ++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 doc/magnum-template-generation.rst diff --git a/doc/magnum-template-generation.rst b/doc/magnum-template-generation.rst new file mode 100644 index 0000000..d483dc5 --- /dev/null +++ b/doc/magnum-template-generation.rst @@ -0,0 +1,35 @@ +# Automatic Template Generation for CAPI Driver + +1. `git cherry-pick XXXXXX` if necessary (will replace this with final commit hash before this PR is merged) +2. change `openstack_images` list to `glance images` in `etc/openstack/openstack-config.yml` if necessary +3. ensure that `openstack_images` looks like: +``` +# Images to be uploaded  +openstack_images: "{{ glance_images + kubernetes_images }}" +``` +4. source the openstack-config venv you have set up +5. source the rc.sh file that points to the appropriate cloud, or provide a `clouds.yaml` under `./tools/merge_config` +6. ensure `wget`, `python-octaviaclient` and `python-magnumclient` are installed +7. If you have existing `openstack_container_clusters_templates` defined, move them to `etc/openstack/container-clusters.yml` +8. run `./tools/merge_config/bin/run` +9. check output at `etc/openstack-config/container-clusters.yml` +10. If it all checks out, run: +``` +tools/openstack-config -p ansible/openstack-container-clusters.yml -- --vault-password-file ~/.vault-secret -e@etc/openstack-config/container-clusters.yml +``` +Or include the same `-e@etc/openstack-config/container-clusters.yml` when you run the entire openstack-config suite. + +This must be ran before `os-images` is, if any kubernetes images/templates are being hidden/retired, because the cluster template cannot be hidden after the corresponding image is hidden. + +If you run the above command, you can run: +``` +tools/openstack-config -p ansible/openstack-images.yml -- --vault-password-file ~/.vault-secret  -e@etc/openstack-config/container-clusters.yml +``` +afterwards, to upload/hide any of the kubernetes images. + +Note: If you run out of space to store images on the control host, you may need to run this in sections - comment out blocks of images, making sure to remove any cached images under `~/openstack-config/ansible/openstack-config-image-cache/` before moving onto the next block. + +Note: If the image cache has been cleared (i.e. the old images being set to hidden no longer exist in the cache), then `openstack.cloud.image` will not recognise that it is the same image and will upload a new one, so you should comment these images out from the list. + +Note: Container template hiding does not no-op, due to the current state of the magnum API. If the template is already hidden and you rerun this, you will get the error `ClusterTemplate 4ce13776-da1e-42c9-b6f3-1249363d7a4e is referenced by one or multiple clusters (HTTP 400)` +You may also get an error like `Image ubuntu-focal-kube-v1 (HTTP 400)` , which is because the image has been hidden. If your template is already hidden, this is not a problem, but if it isn't hidden, you will need to unhide the images before the template hiding can run. \ No newline at end of file From 730bc64dbe8a2f5ed2ad1cafc878ac8c13f378ae Mon Sep 17 00:00:00 2001 From: scrungus Date: Thu, 24 Aug 2023 15:51:21 +0100 Subject: [PATCH 13/17] update requirements --- tools/merge_config/requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/merge_config/requirements.txt b/tools/merge_config/requirements.txt index 6b0d995..54a82f5 100644 --- a/tools/merge_config/requirements.txt +++ b/tools/merge_config/requirements.txt @@ -1,4 +1,5 @@ jmespath python-openstackclient +python-magnumclient python-octaviaclient munch \ No newline at end of file From b46846c55d184542cfa1e501543fcfe1a412bcbc Mon Sep 17 00:00:00 2001 From: scrungus Date: Mon, 27 Nov 2023 17:32:53 +0000 Subject: [PATCH 14/17] semver included in key name, dependencies + helm chart version injected --- examples/templates/images.j2 | 2 ++ examples/templates/old-templates.j2 | 4 +++- examples/templates/templates.j2 | 10 +++++--- requirements.yml | 4 ++++ tools/merge_config/bin/ensure_venv | 12 +++++----- .../inventory/group_vars/all/variables.yml | 2 +- tools/merge_config/merge_templates.yml | 24 ++++++++++++++++++- 7 files changed, 46 insertions(+), 12 deletions(-) diff --git a/examples/templates/images.j2 b/examples/templates/images.j2 index f716203..2d58b19 100644 --- a/examples/templates/images.j2 +++ b/examples/templates/images.j2 @@ -17,12 +17,14 @@ # List of Kubernetes images. Format is as required by the stackhpc.os-images role. kubernetes_images: {% if matching_images is defined and matching_temps | length > 0 %} +# Old Images {% for item in matching_images %} {% if (item.value.name | replace('_', '-')) not in (new_template_data | map(attribute='value.name')) %} - "{{ '{{ ' + item.key + ' }}' }}" {% endif %} {% endfor %} {% endif %} +# New Images {% for item in new_template_data %} - "{{ '{{ ' + (item.value.name | replace('-', '_')) | replace('.', '_') + ' }}' }}" {% endfor %} diff --git a/examples/templates/old-templates.j2 b/examples/templates/old-templates.j2 index 2315317..56c3767 100644 --- a/examples/templates/old-templates.j2 +++ b/examples/templates/old-templates.j2 @@ -2,8 +2,10 @@ ############################################################################### # Old magnum templates - hide until out of use +{% set versions_to_check = new_template_data | map(attribute='value.kubernetes_version') | map('replace', '.', '-') %} +{% set keys_and_versions = new_template_data | map(attribute='key') | zip(versions_to_check) %} {% for item in matching_temps %} -{% if (item.key | replace('_', '-')) not in new_template_data | map(attribute='key') %} +{% if (item.key | replace('_', '-')) not in keys_and_versions | map('join', '-') %} {{ item.key }}: {% for key, value in item.value.items() %} {% if value is mapping %} diff --git a/examples/templates/templates.j2 b/examples/templates/templates.j2 index 2e068b2..fa627e7 100644 --- a/examples/templates/templates.j2 +++ b/examples/templates/templates.j2 @@ -2,7 +2,7 @@ # Configuration of Magnum container clusters. {% for item in new_template_data %} -{{ item.key | replace('-', '_') }}: +{{ item.key | replace('-', '_') }}_{{ item.value.kubernetes_version | replace('.', '_') }}: labels: monitoring_enabled: "True" kube_dashboard_enabled: "True" @@ -25,12 +25,16 @@ # stackhpc.os-container-clusters role. openstack_container_clusters_templates: {% if matching_temps is defined and matching_temps | length > 0 %} +# Old Templates +{% set versions_to_check = new_template_data | map(attribute='value.kubernetes_version') | map('replace', '.', '-') %} +{% set keys_and_versions = new_template_data | map(attribute='key') | zip(versions_to_check) %} {% for item in matching_temps %} -{% if (item.key | replace('_', '-')) not in (new_template_data | map(attribute='key')) %} +{% if (item.key | replace('_', '-')) not in keys_and_versions | map('join', '-') %} - "{{ '{{ ' + item.key + ' }}' }}" {% endif %} {% endfor %} {% endif %} +# New Templates {% for item in new_template_data %} - - "{{ '{{ ' + (item.key| replace('-', '_')) + ' }}' }}" + - "{{ '{{ ' + (item.key| replace('-', '_')) + '_' + (item.value.kubernetes_version | replace('.', '_')) + ' }}' }}" {% endfor %} diff --git a/requirements.yml b/requirements.yml index ed9b2fa..2a4e9a0 100644 --- a/requirements.yml +++ b/requirements.yml @@ -2,10 +2,14 @@ roles: - name: stackhpc.os-flavors - name: stackhpc.os-images + src: https://github.com/stackhpc/ansible-role-os-images.git + version: 1b076df89c6f0ac8e77b03572aa398aab89b7e23 - name: stackhpc.os-networks - name: stackhpc.os-projects - name: stackhpc.os_host_aggregates - name: stackhpc.os-container-clusters + src: https://github.com/stackhpc/ansible-role-os-container-clusters.git + version: 67c098434dad6b02087b76286b5d23b411e24917 collections: - name: openstack.cloud diff --git a/tools/merge_config/bin/ensure_venv b/tools/merge_config/bin/ensure_venv index 8a09f09..e6b71c5 100755 --- a/tools/merge_config/bin/ensure_venv +++ b/tools/merge_config/bin/ensure_venv @@ -2,6 +2,8 @@ # This script creates a virtualenv (if not already in one) and installs the required dependencies ##### +CONFIG_ROOT="$(dirname $(dirname $(dirname $(dirname $(realpath ${BASH_SOURCE[0]:-${(%):-%x}})))))" + if [[ "$VIRTUAL_ENV" == "" ]]; then # Check python version # NOTE: Python 3.8 or newer is required for ansible 2.12 @@ -10,9 +12,9 @@ if [[ "$VIRTUAL_ENV" == "" ]]; then PY_MINOR=8 version_check() { python3 <- magnum_loadbalancer_provider: "{{ _magnum_loadbalancer_provider }}" -magnum_helm_chart_version: "0.1.1-dev.0.main.221" \ No newline at end of file +magnum_helm_chart_version: "{{ helm_chart_version.stdout }}" \ No newline at end of file diff --git a/tools/merge_config/merge_templates.yml b/tools/merge_config/merge_templates.yml index d9dcd91..9e9b0b9 100644 --- a/tools/merge_config/merge_templates.yml +++ b/tools/merge_config/merge_templates.yml @@ -30,8 +30,27 @@ matching_images: "{{ site_vars | dict2items | selectattr('key', 'match', 'ubuntu*') | list }}" when: site_vars is defined and site_vars | length > 0 + - name: Fetch capi-helm-charts version + shell: "curl -s --url \"https://api.github.com/repos/stackhpc/capi-helm-charts/releases/latest\" --header \"Authorization: Bearer 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\" | grep tag_name | awk -F '\"' '{print $4}' " + register: helm_chart_version + changed_when: false + + - name: Fetch dependencies.json using wget + shell: 'wget -O - "https://github.com/stackhpc/capi-helm-charts/releases/download/{{ helm_chart_version.stdout }}/dependencies.json" ' + register: dependencies_response + changed_when: false + + - name: Parse JSON response + set_fact: + dependencies: "{{ dependencies_response.stdout | from_json | dict2items | list }}" + + # - name: Fetch manifest.json using wget + # shell: "wget -O - https://github.com/stackhpc/azimuth-images/releases/download/0.1.2/manifest.json" + # register: manifest_response + # changed_when: false + - name: Fetch manifest.json using wget - shell: "wget -O - 'https://github.com/stackhpc/azimuth-images/releases/download/0.1.2/manifest.json'" + shell: "wget -O - https://github.com/stackhpc/azimuth-images/releases/download/{{ dependencies | json_query('[?key==`azimuth-images`].value | [0]') }}/manifest.json" register: manifest_response changed_when: false @@ -39,6 +58,9 @@ set_fact: new_template_data: "{{ manifest_response.stdout | from_json | dict2items | selectattr('key', 'match', 'kubernetes*') | list }}" + - debug: + var: new_template_data + - name: Template images & templates template: src: "{{ root_dir }}/examples/templates/capi-images-templates.j2" From e6f652691edd9417dc253a97cf9b1820843c840c Mon Sep 17 00:00:00 2001 From: scrungus Date: Tue, 28 Nov 2023 10:58:11 +0000 Subject: [PATCH 15/17] removed auth token --- tools/merge_config/merge_templates.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/merge_config/merge_templates.yml b/tools/merge_config/merge_templates.yml index 9e9b0b9..e50b9cb 100644 --- a/tools/merge_config/merge_templates.yml +++ b/tools/merge_config/merge_templates.yml @@ -31,7 +31,7 @@ when: site_vars is defined and site_vars | length > 0 - name: Fetch capi-helm-charts version - shell: "curl -s --url \"https://api.github.com/repos/stackhpc/capi-helm-charts/releases/latest\" --header \"Authorization: Bearer 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\" | grep tag_name | awk -F '\"' '{print $4}' " + shell: "curl -s --url \"https://api.github.com/repos/stackhpc/capi-helm-charts/releases/latest\" | grep tag_name | awk -F '\"' '{print $4}' " register: helm_chart_version changed_when: false From 78726b754cf2a8c8cc284b7c4ab12ad49928d354 Mon Sep 17 00:00:00 2001 From: scrungus Date: Thu, 8 Feb 2024 13:01:41 +0000 Subject: [PATCH 16/17] Squashed commit of the following: commit bcab111885feed177694c212558458627dfa2f56 Author: scrungus <33693738+scrungus@users.noreply.github.com> Date: Wed Dec 6 17:32:04 2023 +0000 role install no longer needed commit 16aacaa773b6f55fdae4116129969932094a6da0 Author: scrungus <33693738+scrungus@users.noreply.github.com> Date: Mon Dec 4 17:07:10 2023 +0000 comments commit 5d0900487b5b078cc6d35729a9181ef121f42f8c Author: scrungus Date: Mon Dec 4 17:02:35 2023 +0000 change to official collection commit 4a7350e36d3f8a0e455463fc2a9723fa911ebf95 Author: scrungus Date: Thu Nov 30 16:01:12 2023 +0000 separate venv is unnecessary now as all roles updated to new sdk commit f652f137903cdf5dd7b6569e30f09e8bee22304d Author: scrungus Date: Thu Nov 30 16:08:32 2023 +0000 changes for ansible-collection-openstack commit 8429a578540fe89338f8879e59e79ea06c086701 Merge: 961f102 8ea98a4 Author: Bartosz Bezak Date: Tue Sep 5 14:18:13 2023 +0200 Merge pull request #18 from stackhpc/domains add domains commit 8ea98a4a2ce3dfd9e2873a66930b07c9bc285339 Author: Bartosz Bezak Date: Tue Sep 5 11:27:17 2023 +0200 add domains commit 961f102f37571bbe5982f082c42058c3f201e0f9 Merge: 382918a 2f32964 Author: Mark Goddard Date: Mon Sep 4 10:06:27 2023 +0100 Merge pull request #16 from stackhpc/octavia-quotas Prevent load balancer creation errors commit 382918a73875320b12b35fc17dc31fcca86efdda Merge: ebab9f7 8c5c7c4 Author: Matt Crees Date: Thu Aug 24 09:26:12 2023 +0100 Merge pull request #17 from stackhpc/os-networks-rbac Add RBAC support into openstack-networks.yml commit 8c5c7c48daebdbb49e9b5965f08fd93fcb0f8cb9 Author: Matt Crees Date: Wed Aug 23 17:31:59 2023 +0100 Add RBAC support into openstack-networks.yml commit 2f32964e0c8ba23bfa27fc7855a6cf04965851e9 Author: Pierre Riteau Date: Wed Aug 16 15:39:36 2023 +0200 Prevent load balancer creation errors Octavia load balancers are launched using the service project. With default quotas, load balancer creation can quickly fail: Quota exceeded for instances: Requested 1, but already used 10 of 10 instances (HTTP 403) Add a new example setting required service project quotas to unlimited to avoid these failures. commit ebab9f74989de75e43b92c73aa6cf6d41ed8785b Merge: 798f72a 4c23c55 Author: Mark Goddard Date: Thu Aug 10 09:53:11 2023 +0100 Merge pull request #15 from stackhpc/noeol Wrap lines and add missing new line at end of file commit 4c23c55f5d008a98d072c274aca90ef55a57e034 Author: Pierre Riteau Date: Thu Aug 10 09:06:54 2023 +0200 Wrap lines and add missing new line at end of file --- README.rst | 7 +----- ansible/group_vars/all/openstack | 8 +++++++ ansible/openstack-container-clusters.yml | 4 ++-- ansible/openstack-flavors.yml | 2 +- ansible/openstack-host-aggregates.yml | 2 +- ansible/openstack-images.yml | 4 ++-- ansible/openstack-networks.yml | 3 ++- ansible/openstack-project.yml | 3 ++- ansible/roles/.keep | 0 etc/openstack-config/openstack-config.yml | 8 +++++++ examples/projects-octavia.yml | 29 +++++++++++++++++++++++ requirements.txt | 5 ++-- requirements.yml | 14 ++--------- 13 files changed, 61 insertions(+), 28 deletions(-) delete mode 100644 ansible/roles/.keep create mode 100644 examples/projects-octavia.yml diff --git a/README.rst b/README.rst index a459010..ad0d4a5 100644 --- a/README.rst +++ b/README.rst @@ -17,17 +17,12 @@ packages. For example: $ virtualenv venv $ source venv/bin/activate - $ pip install -U pip + $ python -m pip install --upgrade pip $ pip install -r requirements.txt Install Ansible role and collection dependencies from Ansible Galaxy: .. code-block:: - - $ ansible-galaxy role install \ - -p ansible/roles \ - -r requirements.yml - $ ansible-galaxy collection install \ -p ansible/collections \ -r requirements.yml diff --git a/ansible/group_vars/all/openstack b/ansible/group_vars/all/openstack index 690572b..462f3eb 100644 --- a/ansible/group_vars/all/openstack +++ b/ansible/group_vars/all/openstack @@ -2,6 +2,10 @@ ############################################################################### # Configuration of OpenStack user environment for OpenStack. +# List of OpenStack domains. Format is as required by the stackhpc.os-projects +# role. +openstack_domains: [] + # List of OpenStack projects. Format is as required by the stackhpc.os-projects # role. openstack_projects: [] @@ -21,6 +25,10 @@ openstack_routers: [] # stackhpc.os-networks role. openstack_security_groups: [] +# List of RBAC definitions in the openstack projct. Format is as required by the +# stackhpc.os-networks role. +openstack_networks_rbac: [] + ############################################################################### # Configuration of nova flavors for OpenStack. diff --git a/ansible/openstack-container-clusters.yml b/ansible/openstack-container-clusters.yml index 0fa4d8e..5df9a4c 100644 --- a/ansible/openstack-container-clusters.yml +++ b/ansible/openstack-container-clusters.yml @@ -4,8 +4,8 @@ tags: - container-clusters-templates roles: - - role: stackhpc.os-container-clusters - os_container_clusters_venv: "{{ openstack_sdk_1_0_venv }}" + - role: stackhpc.openstack.os_container_clusters + os_container_clusters_venv: "{{ openstack_venv }}" os_container_clusters_auth_type: "{{ openstack_auth_type }}" os_container_clusters_auth: "{{ openstack_auth }}" os_container_clusters_cacert: "{{ openstack_cacert }}" diff --git a/ansible/openstack-flavors.yml b/ansible/openstack-flavors.yml index 16a06b3..69b94f2 100644 --- a/ansible/openstack-flavors.yml +++ b/ansible/openstack-flavors.yml @@ -4,7 +4,7 @@ tags: - flavors roles: - - role: stackhpc.os-flavors + - role: stackhpc.openstack.os_flavors os_flavors_venv: "{{ openstack_venv }}" os_flavors_auth_type: "{{ openstack_auth_type }}" os_flavors_auth: "{{ openstack_auth }}" diff --git a/ansible/openstack-host-aggregates.yml b/ansible/openstack-host-aggregates.yml index 3826904..f37449e 100644 --- a/ansible/openstack-host-aggregates.yml +++ b/ansible/openstack-host-aggregates.yml @@ -4,7 +4,7 @@ tags: - host_aggregates roles: - - role: stackhpc.os_host_aggregates + - role: stackhpc.openstack.os_host_aggregates os_host_aggregates_venv: "{{ openstack_venv }}" os_host_aggregates_auth_type: "{{ openstack_auth_type }}" os_host_aggregates_auth: "{{ openstack_auth }}" diff --git a/ansible/openstack-images.yml b/ansible/openstack-images.yml index afba1ab..8fafc3c 100644 --- a/ansible/openstack-images.yml +++ b/ansible/openstack-images.yml @@ -4,8 +4,8 @@ tags: - images roles: - - role: stackhpc.os-images - os_images_venv: "{{ openstack_sdk_1_0_venv }}" + - role: stackhpc.openstack.os_images + os_images_venv: "{{ openstack_venv }}" os_images_cache: "{{ ansible_env.PWD }}/openstack-config-image-cache" os_images_auth_type: "{{ openstack_auth_type }}" os_images_auth: "{{ openstack_auth }}" diff --git a/ansible/openstack-networks.yml b/ansible/openstack-networks.yml index 525712d..5f175d0 100644 --- a/ansible/openstack-networks.yml +++ b/ansible/openstack-networks.yml @@ -4,7 +4,7 @@ tags: - networks roles: - - role: stackhpc.os-networks + - role: stackhpc.openstack.os_networks os_networks_venv: "{{ openstack_venv }}" os_networks_auth_type: "{{ openstack_auth_type }}" os_networks_auth: "{{ openstack_auth }}" @@ -12,3 +12,4 @@ os_networks: "{{ openstack_networks }}" os_networks_routers: "{{ openstack_routers }}" os_networks_security_groups: "{{ openstack_security_groups }}" + os_networks_rbac: "{{ openstack_networks_rbac }}" diff --git a/ansible/openstack-project.yml b/ansible/openstack-project.yml index f18334b..2de1fb9 100644 --- a/ansible/openstack-project.yml +++ b/ansible/openstack-project.yml @@ -4,9 +4,10 @@ tags: - project roles: - - role: stackhpc.os-projects + - role: stackhpc.openstack.os_projects os_projects_venv: "{{ openstack_venv }}" os_projects_auth_type: "{{ openstack_auth_type }}" os_projects_admin_auth: "{{ openstack_auth }}" os_projects_cacert: "{{ openstack_cacert }}" os_projects: "{{ openstack_projects }}" + os_projects_domains: "{{ openstack_domains }}" diff --git a/ansible/roles/.keep b/ansible/roles/.keep deleted file mode 100644 index e69de29..0000000 diff --git a/etc/openstack-config/openstack-config.yml b/etc/openstack-config/openstack-config.yml index 5760072..b4b2731 100644 --- a/etc/openstack-config/openstack-config.yml +++ b/etc/openstack-config/openstack-config.yml @@ -2,6 +2,10 @@ ############################################################################### # Configuration of OpenStack projects and users user environment. +# List of OpenStack domains. Format is as required by the stackhpc.os-projects +# role. +#openstack_domains: + # List of OpenStack projects. Format is as required by the stackhpc.os-projects # role. #openstack_projects: @@ -21,6 +25,10 @@ # Format is as required by the stackhpc.os-networks role. #openstack_security_groups: +# List of RBAC definitions in the openstack projct. Format is as required by the +# stackhpc.os-networks role. +#openstack_networks_rbac: + ############################################################################### # Configuration of nova flavors. diff --git a/examples/projects-octavia.yml b/examples/projects-octavia.yml new file mode 100644 index 0000000..f116b18 --- /dev/null +++ b/examples/projects-octavia.yml @@ -0,0 +1,29 @@ +--- +############################################################################### +# Configuration of OpenStack user environment for OpenStack. + +# List of OpenStack projects. Format is as required by the stackhpc.os-projects +# role. +openstack_projects: + - "{{ openstack_service_project }}" + +# Definition of the openstack service project. Format is as required by the +# stackhpc.os-projects role. Quotas are set to unlimited to avoid Octavia load +# balancer creation failing on quota limits. +openstack_service_project: + name: service + project_domain: default + user_domain: default + quotas: "{{ openstack_octavia_unlimited_quotas }}" + +# Dict of quotas to set for service project when Octavia is used. +openstack_octavia_unlimited_quotas: + cores: -1 + fixed_ips: -1 + floatingip: -1 + injected_file_size: -1 + injected_files: -1 + instances: -1 + ram: -1 + security_group: -1 + security_group_rule: -1 diff --git a/requirements.txt b/requirements.txt index bcefbee..0c0c0b4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,4 @@ -# Use Ansible 5 for consistent Rocky 9 behaviour when available, otherwise use Ansible 4 +# Use Ansible 5 for consistent Rocky 9 behaviour when available, otherwise use +# Ansible 4 ansible>=4,<5; python_version<"3.7" -ansible>=5,<6; python_version>="3.7" \ No newline at end of file +ansible>=5,<6; python_version>="3.7" diff --git a/requirements.yml b/requirements.yml index 2a4e9a0..99026c8 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,16 +1,6 @@ --- -roles: - - name: stackhpc.os-flavors - - name: stackhpc.os-images - src: https://github.com/stackhpc/ansible-role-os-images.git - version: 1b076df89c6f0ac8e77b03572aa398aab89b7e23 - - name: stackhpc.os-networks - - name: stackhpc.os-projects - - name: stackhpc.os_host_aggregates - - name: stackhpc.os-container-clusters - src: https://github.com/stackhpc/ansible-role-os-container-clusters.git - version: 67c098434dad6b02087b76286b5d23b411e24917 - collections: - name: openstack.cloud version: 2.1.0 + - name: stackhpc.openstack + version: 0.0.1 From 290d0ec0e1164749cbf8b37dc307cf00f4d2e44c Mon Sep 17 00:00:00 2001 From: scrungus Date: Thu, 8 Feb 2024 13:24:53 +0000 Subject: [PATCH 17/17] removed old hardcoded manifest.json --- tools/merge_config/merge_templates.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/tools/merge_config/merge_templates.yml b/tools/merge_config/merge_templates.yml index e50b9cb..0a8579b 100644 --- a/tools/merge_config/merge_templates.yml +++ b/tools/merge_config/merge_templates.yml @@ -44,11 +44,6 @@ set_fact: dependencies: "{{ dependencies_response.stdout | from_json | dict2items | list }}" - # - name: Fetch manifest.json using wget - # shell: "wget -O - https://github.com/stackhpc/azimuth-images/releases/download/0.1.2/manifest.json" - # register: manifest_response - # changed_when: false - - name: Fetch manifest.json using wget shell: "wget -O - https://github.com/stackhpc/azimuth-images/releases/download/{{ dependencies | json_query('[?key==`azimuth-images`].value | [0]') }}/manifest.json" register: manifest_response