airship/treasuremap
Code Issues Proposed changes

Update vino

Browse Source 
Signed-off-by: Andrii Ostapenko <andrii.ostapenko@att.com>
Change-Id: I907c2b86fea75446e3e4cb7af45404a7ce2d4881
This commit is contained in:
Andrii Ostapenko 2021-06-12 20:25:55 -05:00 committed by Andrii Ostapenko
parent c9847c4aaa
commit 71135d8aaa
27 changed files with 618 additions and 473 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
manifests/function/treasuremap-base-catalogues/versions-treasuremap.yaml
View File

@ -110,9 +110,9 @@ spec:
sushy-tools:
image: quay.io/metal3-io/sushy-tools:latest
manager:
image: quay.io/airshipit/vino:6480ddc3ba98fba21fd692b8489adb0177abb8b5
image: quay.io/airshipit/vino:latest
vino-builder:
image: quay.io/airshipit/vino-builder:6480ddc3ba98fba21fd692b8489adb0177abb8b5
image: quay.io/airshipit/vino-builder:latest
nodelabeler:
image: quay.io/airshipit/nodelabeler:latest
synclabeller:

8
manifests/function/vino/Kptfile
View File

@ -5,19 +5,19 @@ dependencies:
git:
repo: "https://opendev.org/airship/vino"
directory: "config/crd"
ref: "6ad6bb6d8c9b162540b689c9e8b9385e847c922a"
ref: "0e709c0d27b2052a5198f8d27d39bd25ed122dae"
- name: upstream/default
git:
repo: "https://opendev.org/airship/vino"
directory: "config/default"
ref: "6ad6bb6d8c9b162540b689c9e8b9385e847c922a"
ref: "0e709c0d27b2052a5198f8d27d39bd25ed122dae"
- name: upstream/manager
git:
repo: "https://opendev.org/airship/vino"
directory: "config/manager"
ref: "6ad6bb6d8c9b162540b689c9e8b9385e847c922a"
ref: "0e709c0d27b2052a5198f8d27d39bd25ed122dae"
- name: upstream/rbac
git:
repo: "https://opendev.org/airship/vino"
directory: "config/rbac"
ref: "6ad6bb6d8c9b162540b689c9e8b9385e847c922a"
ref: "0e709c0d27b2052a5198f8d27d39bd25ed122dae"

11
manifests/function/vino/upstream/crd/Kptfile
View File

@ -5,14 +5,7 @@ metadata:
upstream:
type: git
git:
commit: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
commit: 0e709c0d27b2052a5198f8d27d39bd25ed122dae
repo: https://opendev.org/airship/vino
directory: config/crd
ref: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
openAPI:
definitions:
io.k8s.cli.setters.replicas:
x-k8s-cli:
setter:
name: replicas
value: "3"
ref: 0e709c0d27b2052a5198f8d27d39bd25ed122dae

2
manifests/function/vino/upstream/crd/bases/airship.airshipit.org_ippools.yaml
View File

@ -1,3 +1,5 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:

33
manifests/function/vino/upstream/crd/bases/airship.airshipit.org_vinoes.yaml
View File

@ -1,3 +1,5 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -88,6 +90,12 @@ spec:
items:
type: string
type: array
instanceSubnet:
type: string
libvirtTemplate:
description: LibvirtTemplate identifies which libvirt template
to be used to create a network
type: string
macPrefix:
description: MACPrefix defines the zero-padded MAC prefix to
use for VM mac addresses, and is the first address that will
@ -98,6 +106,10 @@ spec:
name:
description: Network Parameter defined
type: string
physicalInterface:
description: PhysicalInterface identifies interface into which
to plug in libvirt network
type: string
routes:
items:
description: VMRoutes defined
@ -146,9 +158,8 @@ spec:
k8s node, that are specified in vino.NodeLabelKeysToCopy
type: object
bootInterfaceName:
description: BootInterfaceName references the interface name
in the list of NetworkInterfaces Vino will take this interface
find its mac address and use it as bootMACAddress for BMH
description: BootInterfaceName interface name to use to boot
virtual machines
type: string
count:
type: integer
@ -172,6 +183,10 @@ spec:
type: string
type: object
type: array
enableVNC:
description: EnableVNC create VNC for graphical interaction
with the VM that will be created.
type: boolean
libvirtTemplate:
description: NamespacedName to be used to spawn VMs
properties:
@ -210,8 +225,20 @@ spec:
type: string
type: object
type: array
rootDeviceName:
description: RootDeviceName is the root device for underlying
VM, /dev/vda for example default is /dev/vda
type: string
type: object
type: array
pxeBootImageHost:
description: PXEBootImageHost will be used to download the PXE boot
image
type: string
pxeBootImageHostPort:
description: PXEBootImageHostPort will be used to download the PXE
boot image
type: integer
vmBridge:
description: VMBridge defines the single interface name to be used
as a bridge for VMs

182
manifests/function/vino/upstream/crd/bases/bmh.yaml
View File

@ -6,42 +6,42 @@ metadata:
name: baremetalhosts.metal3.io
spec:
additionalPrinterColumns:
- JSONPath: .status.operationalStatus
description: Operational status
name: Status
type: string
- JSONPath: .status.provisioning.state
description: Provisioning status
name: Provisioning Status
type: string
- JSONPath: .spec.consumerRef.name
description: Consumer using this host
name: Consumer
type: string
- JSONPath: .spec.bmc.address
description: Address of management controller
name: BMC
type: string
- JSONPath: .status.hardwareProfile
description: The type of hardware detected
name: Hardware Profile
type: string
- JSONPath: .spec.online
description: Whether the host is online or not
name: Online
type: string
- JSONPath: .status.errorMessage
description: Most recent error
name: Error
type: string
- JSONPath: .status.operationalStatus
description: Operational status
name: Status
type: string
- JSONPath: .status.provisioning.state
description: Provisioning status
name: Provisioning Status
type: string
- JSONPath: .spec.consumerRef.name
description: Consumer using this host
name: Consumer
type: string
- JSONPath: .spec.bmc.address
description: Address of management controller
name: BMC
type: string
- JSONPath: .status.hardwareProfile
description: The type of hardware detected
name: Hardware Profile
type: string
- JSONPath: .spec.online
description: Whether the host is online or not
name: Online
type: string
- JSONPath: .status.errorMessage
description: Most recent error
name: Error
type: string
group: metal3.io
names:
kind: BareMetalHost
listKind: BareMetalHostList
plural: baremetalhosts
shortNames:
- bmh
- bmhost
- bmh
- bmhost
singular: baremetalhost
scope: Namespaced
subresources:
@ -84,8 +84,8 @@ spec:
the connection.
type: boolean
required:
- address
- credentialsName
- address
- credentialsName
type: object
bootMACAddress:
description: Which MAC address will PXE boot? This is optional for some
@ -95,8 +95,8 @@ spec:
bootMode:
description: Select the method of initializing the hardware during boot.
enum:
- UEFI
- legacy
- UEFI
- legacy
type: string
consumerRef:
description: ConsumerRef can be used to store information about something
@ -161,8 +161,8 @@ spec:
description: URL is a location of an image to deploy.
type: string
required:
- checksum
- url
- checksum
- url
type: object
networkData:
description: NetworkData holds the reference to the Secret containing
@ -206,8 +206,8 @@ spec:
key.
type: string
required:
- effect
- key
- effect
- key
type: object
type: array
userData:
@ -224,7 +224,7 @@ spec:
type: string
type: object
required:
- online
- online
type: object
status:
description: BareMetalHostStatus defines the observed state of BareMetalHost
@ -236,10 +236,10 @@ spec:
description: ErrorType indicates the type of failure encountered when
the OperationalStatus is OperationalStatusError
enum:
- registration error
- inspection error
- provisioning error
- power management error
- registration error
- inspection error
- provisioning error
- power management error
type: string
goodCredentials:
description: the last credentials we were able to validate as working
@ -279,11 +279,11 @@ spec:
model:
type: string
required:
- arch
- clockMegahertz
- count
- flags
- model
- arch
- clockMegahertz
- count
- flags
- model
type: object
firmware:
description: Firmware describes the firmware on the host.
@ -301,12 +301,12 @@ spec:
description: The version of the BIOS
type: string
required:
- date
- vendor
- version
- date
- vendor
- version
type: object
required:
- bios
- bios
type: object
hostname:
type: string
@ -349,17 +349,17 @@ spec:
name:
type: string
required:
- id
- id
type: object
type: array
required:
- ip
- mac
- model
- name
- pxe
- speedGbps
- vlanId
- ip
- mac
- model
- name
- pxe
- speedGbps
- vlanId
type: object
type: array
ramMebibytes:
@ -401,10 +401,10 @@ spec:
description: The WWN with the extension
type: string
required:
- name
- rotational
- serialNumber
- sizeBytes
- name
- rotational
- serialNumber
- sizeBytes
type: object
type: array
systemVendor:
@ -418,18 +418,18 @@ spec:
serialNumber:
type: string
required:
- manufacturer
- productName
- serialNumber
- manufacturer
- productName
- serialNumber
type: object
required:
- cpu
- firmware
- hostname
- nics
- ramMebibytes
- storage
- systemVendor
- cpu
- firmware
- hostname
- nics
- ramMebibytes
- storage
- systemVendor
type: object
hardwareProfile:
description: The name of the profile matching the hardware details.
@ -498,10 +498,10 @@ spec:
operationalStatus:
description: OperationalStatus holds the status of the host
enum:
- ""
- OK
- discovered
- error
- ""
- OK
- discovered
- error
type: string
poweredOn:
description: indicator for whether or not the host is powered on
@ -524,16 +524,16 @@ spec:
description: URL is a location of an image to deploy.
type: string
required:
- checksum
- url
- checksum
- url
type: object
state:
description: An indiciator for what the provisioner is doing with
the host.
type: string
required:
- ID
- state
- ID
- state
type: object
triedCredentials:
description: the last credentials we sent to the provisioning backend
@ -555,16 +555,16 @@ spec:
type: string
type: object
required:
- errorMessage
- hardwareProfile
- operationHistory
- operationalStatus
- poweredOn
- provisioning
- errorMessage
- hardwareProfile
- operationHistory
- operationalStatus
- poweredOn
- provisioning
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
- name: v1alpha1
served: true
storage: true

7
manifests/function/vino/upstream/crd/kustomization.yaml
View File

@ -7,6 +7,13 @@ resources:
- bases/bmh.yaml
# +kubebuilder:scaffold:crdkustomizeresource
patchesStrategicMerge:
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
# patches here are for enabling the conversion webhook for each CRD
#- patches/webhook_in_vinoes.yaml
#- patches/webhook_in_ippools.yaml
# +kubebuilder:scaffold:crdkustomizewebhookpatch
# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
# patches here are for enabling the CA injection for each CRD
#- patches/cainjection_in_vinoes.yaml

2
manifests/function/vino/upstream/crd/kustomizeconfig.yaml
View File

@ -6,10 +6,12 @@ nameReference:
- kind: CustomResourceDefinition
group: apiextensions.k8s.io
path: spec/conversion/webhookClientConfig/service/name
namespace:
- kind: CustomResourceDefinition
group: apiextensions.k8s.io
path: spec/conversion/webhookClientConfig/service/namespace
create: false
varReference:
- path: metadata/annotations

4
manifests/function/vino/upstream/default/Kptfile
View File

@ -5,7 +5,7 @@ metadata:
upstream:
type: git
git:
commit: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
commit: 0e709c0d27b2052a5198f8d27d39bd25ed122dae
repo: https://opendev.org/airship/vino
directory: config/default
ref: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
ref: 0e709c0d27b2052a5198f8d27d39bd25ed122dae

48
manifests/function/vino/upstream/default/kustomization.yaml
View File

@ -1,14 +1,17 @@
# Adds namespace to all resources.
namespace: vino-system
# Value of this field is prepended to the
# names of all resources, e.g. a deployment named
# "wordpress" becomes "alices-wordpress".
# Note that it should also match with the prefix (text before '-') of the namespace
# field above.
namePrefix: vino-
# Labels to add to all resources and selectors.
#commonLabels:
# someName: someValue
bases:
- ../crd
- ../rbac
@ -22,7 +25,46 @@ bases:
#- ../prometheus
patchesStrategicMerge:
# Protect the /metrics endpoint by putting it behind auth.
# If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, please comment the following line.
# Protect the /metrics endpoint by putting it behind auth.
# If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, please comment the following line.
- manager_auth_proxy_patch.yaml
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
# crd/kustomization.yaml
#- manager_webhook_patch.yaml
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
# 'CERTMANAGER' needs to be enabled to use ca injection
#- webhookcainjection_patch.yaml
# the following config is for teaching kustomize how to do var substitution
vars:
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
# objref:
# kind: Certificate
# group: cert-manager.io
# version: v1alpha2
# name: serving-cert # this name should match the one in certificate.yaml
# fieldref:
# fieldpath: metadata.namespace
#- name: CERTIFICATE_NAME
# objref:
# kind: Certificate
# group: cert-manager.io
# version: v1alpha2
# name: serving-cert # this name should match the one in certificate.yaml
#- name: SERVICE_NAMESPACE # namespace of the service
# objref:
# kind: Service
# version: v1
# name: webhook-service
# fieldref:
# fieldpath: metadata.namespace
#- name: SERVICE_NAME
# objref:
# kind: Service
# version: v1
# name: webhook-service

12
manifests/function/vino/upstream/manager/Kptfile
View File

@ -5,15 +5,7 @@ metadata:
upstream:
type: git
git:
commit: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
commit: 0e709c0d27b2052a5198f8d27d39bd25ed122dae
repo: https://opendev.org/airship/vino
directory: config/manager
ref: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
openAPI:
definitions:
io.k8s.cli.setters.replicas:
x-k8s-cli:
setter:
isSet: true
name: replicas
value: "3"
ref: 0e709c0d27b2052a5198f8d27d39bd25ed122dae

70
manifests/function/vino/upstream/manager/create_tls_cert.sh Executable file
View File

@ -0,0 +1,70 @@
#!/bin/bash
set -xe
set -o pipefail
echo "Target directory location = $1"
# check if certificates are already present
# TBD should validity of existing certs be checked.
if [ -f $1/ca-cert.pem ] && [ -f $1/server-cert.pem ] && [ -f $1/server-key.pem ]
then
echo "ca-cert.pem, server-cert.pem and server-key.pem already present"
exit 0
else
# create a temp dir
TMP=$(mktemp -d)
cd ${TMP}
# create ca certificate
echo ' cn = airshipit.org
ca
cert_signing_key' > ca-template.info
(umask 277 && certtool --generate-privkey > ca-key.pem)
certtool --generate-self-signed \
--template ca-template.info \
--load-privkey ca-key.pem \
--outfile ca-cert.pem
rm ca-template.info
echo ' organization = airshipit.org
cn = server
tls_www_server
encryption_key
signing_key' > server-template.info
(umask 277 && certtool --generate-privkey > server-key.pem)
# create server certificate
certtool --generate-certificate \
--template server-template.info \
--load-privkey server-key.pem \
--load-ca-certificate ca-cert.pem \
--load-ca-privkey ca-key.pem \
--outfile server-cert.pem
rm server-template.info
# copy the required certs in the target location
echo "Copy the required certs to target location : $1"
cp *.pem $1
#echo ' country = Country
# state = State
# locality = City
# organization = Name of your organization
# cn = Client Host Name
# tls_www_client
# encryption_key
# signing_key' > client-template.info
#(umask 277 && certtool --generate-privkey > client-key.pem)
#certtool --generate-certificate
# --template client-template.info
# --load-privkey client-key.pem
# --load-ca-certificate ca-cert.pem
# --load-ca-privkey ca_key.pem
# --outfile client-cert.pem
fi
exit 0

413
manifests/function/vino/upstream/manager/daemonset-template.yaml
View File

@ -15,199 +15,224 @@ spec:
hostNetwork: true
hostPID: true
hostIPC: true
initContainers:
- name: create-libvirt-vnc-certs
image: quay.io/airshipit/gnu-tls:latest-minideb
imagePullPolicy: IfNotPresent
command: ["/usr/local/bin/create_tls_cert.sh"]
args: [ "/etc/pki/libvirt-vnc"]
volumeMounts:
- name: etc-pki-libvirt-vnc
mountPath: "/etc/pki/libvirt-vnc"
- name: usr-local-bin
mountPath: "/usr/local/bin"
containers:
- name: libvirt
command:
- /tmp/libvirt.sh
image: quay.io/airshipit/libvirt:latest-ubuntu_bionic
securityContext:
privileged: true
runAsUser: 0
readOnlyRootFilesystem: false
volumeMounts:
- mountPath: /lib/modules
name: libmodules
readOnly: true
- name: var-lib-libvirt
mountPath: /var/lib/libvirt
mountPropagation: Bidirectional
- name: run
mountPath: /run
- name: dev
mountPath: /dev
- name: cgroup
mountPath: /sys/fs/cgroup
- name: logs
mountPath: /var/log/libvirt
- mountPath: /var/lib/libvirt/vino-pool
name: var-lib-vino-pool
- mountPath: /etc/libvirt/qemu
name: etc-qemu
- mountPath: /etc/libvirt/nwfilter
name: etc-nwfilter
- mountPath: /etc/libvirt/hooks
name: etc-hooks
- mountPath: /etc/libvirt/storage
name: etc-storage
- mountPath: /var/lib/vino
name: var-lib-vino
- name: sushy
image: quay.io/metal3-io/sushy-tools
imagePullPolicy: IfNotPresent
command: ["/usr/local/bin/sushy-emulator", "-i", "::", "--debug", "--port",
"8000"]
volumeMounts:
- name: var-run-libvirt
mountPath: /var/run/libvirt
- mountPath: /var/lib/libvirt
name: var-lib-libvirt
livenessProbe:
httpGet:
host: 127.0.0.1
path: /redfish/v1/Systems
port: 8000
initialDelaySeconds: 10
periodSeconds: 20
readinessProbe:
httpGet:
host: 127.0.0.1
path: /redfish/v1/Systems
port: 8000
initialDelaySeconds: 5
periodSeconds: 10
# - name: vino-reverse-proxy
# image: quay.io/airshipit/vino-reverse-proxy
# ports:
# - containerPort: 8000
# hostPort: 8000
# readinessProbe:
# tcpSocket:
# port: 8000
# host: 127.0.0.1
# initialDelaySeconds: 10
# periodSeconds: 5
# livenessProbe:
# tcpSocket:
# port: 8000
# host: 127.0.0.1
# initialDelaySeconds: 30
# periodSeconds: 30
- name: labeler
image: quay.io/airshipit/nodelabeler
imagePullPolicy: IfNotPresent
env:
- name: NODE
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- image: quay.io/airshipit/vino-builder
imagePullPolicy: IfNotPresent
name: vino-builder
ports:
- containerPort: 8001
hostPort: 8001
readinessProbe:
exec:
command:
- cat
- /tmp/healthy
initialDelaySeconds: 20
periodSeconds: 5
securityContext:
privileged: true
readOnlyRootFilesystem: false
runAsUser: 0
volumeMounts:
- mountPath: /var/lib/vino-builder/flavors
name: flavors
- mountPath: /var/lib/vino-builder/flavor-templates
name: flavor-templates
- mountPath: /var/lib/vino-builder/network-templates
name: network-templates
- mountPath: /var/lib/vino-builder/storage-templates
name: storage-templates
- mountPath: /tmp
name: pod-tmp
- mountPath: /lib/modules
name: libmodules
readOnly: true
- mountPath: /var/lib/libvirt
name: var-lib-libvirt
- mountPath: /var/run/libvirt
name: var-run-libvirt
- mountPath: /var/lib/libvirt/vino-pool
name: var-lib-vino-pool
- mountPath: /run
name: run
- mountPath: /dev
name: dev
- mountPath: /sys/fs/cgroup
name: cgroup
- mountPath: /var/log/libvirt
name: logs
- name: libvirt
command:
- /tmp/libvirt.sh
image: quay.io/airshipit/libvirt:latest-ubuntu_bionic
securityContext:
privileged: true
runAsUser: 0
readOnlyRootFilesystem: false
volumeMounts:
- mountPath: /lib/modules
name: libmodules
readOnly: true
- name: var-lib-libvirt
mountPath: /var/lib/libvirt
mountPropagation: Bidirectional
- name: run
mountPath: /run
- name: dev
mountPath: /dev
- name: cgroup
mountPath: /sys/fs/cgroup
- name: logs
mountPath: /var/log/libvirt
- name: var-lib-vino-pool
mountPath: /var/lib/libvirt/vino-pool
- name: etc-qemu
mountPath: /etc/libvirt/qemu
- name: etc-nwfilter
mountPath: /etc/libvirt/nwfilter
- name: etc-hooks
mountPath: /etc/libvirt/hooks
- name: etc-storage
mountPath: /etc/libvirt/storage
- name: var-lib-vino
mountPath: /var/lib/vino
- name: etc-libvirt
mountPath: /etc/libvirt
- name: etc-pki-libvirt-vnc
mountPath: /etc/pki/libvirt-vnc
- name: sushy
image: quay.io/metal3-io/sushy-tools
imagePullPolicy: IfNotPresent
command: ["/usr/local/bin/sushy-emulator", "-i", "::", "--debug", "--port", "8000"]
volumeMounts:
- name: var-run-libvirt
mountPath: /var/run/libvirt
- name: var-lib-libvirt
mountPath: /var/lib/libvirt
readinessProbe:
httpGet:
path: /redfish/v1/Systems
host: 127.0.0.1
port: 8000
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
httpGet:
path: /redfish/v1/Systems
host: 127.0.0.1
port: 8000
initialDelaySeconds: 10
periodSeconds: 20
# - name: vino-reverse-proxy
# image: quay.io/airshipit/vino-reverse-proxy
# ports:
# - containerPort: 8000
# hostPort: 8000
# readinessProbe:
# tcpSocket:
# port: 8000
# host: 127.0.0.1
# initialDelaySeconds: 10
# periodSeconds: 5
# livenessProbe:
# tcpSocket:
# port: 8000
# host: 127.0.0.1
# initialDelaySeconds: 30
# periodSeconds: 30
- name: labeler
image: quay.io/airshipit/nodelabeler
imagePullPolicy: IfNotPresent
env:
- name: NODE
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: vino-builder
readinessProbe:
initialDelaySeconds: 20
periodSeconds: 5
exec:
command:
- cat
- /tmp/healthy
securityContext:
privileged: true
runAsUser: 0
readOnlyRootFilesystem: false
ports:
- containerPort: 8001
hostPort: 8001
image: quay.io/airshipit/vino-builder
imagePullPolicy: IfNotPresent
volumeMounts:
- name: flavors
mountPath: /var/lib/vino-builder/flavors
- name: flavor-templates
mountPath: /var/lib/vino-builder/flavor-templates
- name: network-templates
mountPath: /var/lib/vino-builder/network-templates
- name: storage-templates
mountPath: /var/lib/vino-builder/storage-templates
- name: pod-tmp
mountPath: /tmp
- mountPath: /lib/modules
name: libmodules
readOnly: true
- name: var-lib-libvirt
mountPath: /var/lib/libvirt
- name: var-run-libvirt
mountPath: /var/run/libvirt
- name: var-lib-vino-pool
mountPath: /var/lib/libvirt/vino-pool
- name: run
mountPath: /run
- name: dev
mountPath: /dev
- name: cgroup
mountPath: /sys/fs/cgroup
- name: logs
mountPath: /var/log/libvirt
volumes:
- name: libmodules
hostPath:
path: /lib/modules
- name: var-lib-libvirt
hostPath:
path: /var/lib/libvirt
- hostPath: {}
name: var-lib-libvirt-images
- name: run
hostPath:
path: /run
- name: dev
hostPath:
path: /dev
- name: logs
hostPath:
path: /var/log/libvirt
- name: cgroup
hostPath:
path: /sys/fs/cgroup
- name: var-run-libvirt
hostPath:
path: /var/run/libvirt
- configMap:
defaultMode: 0555
name: vino-flavors
name: flavors
- configMap:
defaultMode: 0555
name: vino-flavor-templates
name: flavor-templates
- configMap:
defaultMode: 0555
name: vino-network-templates
name: network-templates
- configMap:
defaultMode: 0555
name: vino-storage-templates
name: storage-templates
- emptyDir: {}
name: pod-tmp
- hostPath:
path: /var/lib/vino-pool
type: DirectoryOrCreate
name: var-lib-vino-pool
- hostPath:
path: /etc/vino-qemu
type: DirectoryOrCreate
name: etc-qemu
- hostPath:
path: /etc/vino-storage
type: DirectoryOrCreate
name: etc-storage
- hostPath:
path: /etc/vino-nwfilter
type: DirectoryOrCreate
name: etc-nwfilter
- hostPath:
path: /etc/vino-hooks
type: DirectoryOrCreate
name: etc-hooks
- hostPath:
path: /var/lib/vino
type: DirectoryOrCreate
name: var-lib-vino
- name: libmodules
hostPath:
path: /lib/modules
- name: var-lib-libvirt
hostPath:
path: /var/lib/libvirt
- name: run
hostPath:
path: /run
- name: dev
hostPath:
path: /dev
- name: logs
hostPath:
path: /var/log/libvirt
- name: cgroup
hostPath:
path: /sys/fs/cgroup
- name: var-run-libvirt
hostPath:
path: /var/run/libvirt
- name: flavors
configMap:
name: vino-flavors
defaultMode: 0555
- name: flavor-templates
configMap:
name: vino-flavor-templates
defaultMode: 0555
- name: network-templates
configMap:
name: vino-network-templates
defaultMode: 0555
- name: storage-templates
configMap:
name: vino-storage-templates
defaultMode: 0555
- name: pod-tmp
emptyDir: {}
- name: var-lib-vino-pool
hostPath:
path: /var/lib/vino-pool
type: DirectoryOrCreate
- name: etc-qemu
hostPath:
path: /etc/vino-qemu
type: DirectoryOrCreate
- name: etc-storage
hostPath:
path: /etc/vino-storage
type: DirectoryOrCreate
- name: etc-nwfilter
hostPath:
path: /etc/vino-nwfilter
type: DirectoryOrCreate
- name: etc-hooks
hostPath:
path: /etc/vino-hooks
type: DirectoryOrCreate
- name: var-lib-vino
hostPath:
path: /var/lib/vino
type: DirectoryOrCreate
- name: etc-libvirt
configMap:
name: vino-libvirt-qemu-conf
defaultMode: 0555
- name: etc-pki-libvirt-vnc
hostPath:
path: /etc/pki/libvirt-vnc
- name: usr-local-bin
configMap:
name: vino-create-libvirt-vnc-cert
defaultMode: 0777

74
manifests/function/vino/upstream/manager/flavor-templates.yaml
View File

@ -1,18 +1,16 @@
flavorTemplates:
master:
domainTemplate: |
{% set nodename = 'master-' + item|string %}
{% if domains[nodename] is defined %}
{% set domain = domains[nodename] %}
{% if domain is defined %}
<domain type="kvm">
<name>{{ nodename }}</name>
<uuid>{{ nodename | hash('md5') }}</uuid>
<name>{{ domain.name }}</name>
<uuid>{{ domain.name | hash('md5') }}</uuid>
<metadata>
<vino:flavor>master</vino:flavor>
<vino:creationTime>{{ ansible_date_time.date }}</vino:creationTime>
</metadata>
<memory unit="GiB">{{ flavors.master.memory }}</memory>
{% if flavors.worker.hugepages is defined and flavors.worker.hugepages == true %}
{% if flavors.master.hugepages is defined and flavors.master.hugepages == true %}
<memoryBacking>
<hugepages>
<page size='1' unit='GiB' />
@ -20,14 +18,14 @@ flavorTemplates:
</memoryBacking>
{% endif %}
<vcpu placement="static">{{ flavors.master.vcpus }}</vcpu>
{% if node_core_map[nodename] is defined %}
{% if domain.name in node_core_map %}
# function to produce list of cpus, in same numa (controled by bool), state will need to be tracked via file on hypervisor host. gotpl psudo:
<cputune>
<shares>8192</shares>
{% for core in node_core_map[nodename] %}
{% for core in node_core_map[domain.name] %}
<vcpupin vcpu="{{ loop.index0 }}" cpuset="{{ core }}"/>
{% endfor %}
<emulatorpin cpuset="{{ node_core_map[nodename]|join(',') }}"/>
<emulatorpin cpuset="{{ node_core_map[domain.name]|join(',') }}"/>
</cputune>
{% endif %}
<resource>
@ -56,7 +54,7 @@ flavorTemplates:
# for each disk requested
<disk type='volume' device='disk'>
<driver name="qemu" type="qcow2" cache="none" discard="unmap"/>
<source pool='vino-default' volume='{{ nodename }}'/>
<source pool='vino-default' volume='{{ domain.name }}'/>
<target dev='vde' bus='virtio'/>
</disk>
@ -71,26 +69,26 @@ flavorTemplates:
</controller>
# for each interface defined in vino, e.g.
{% for if_name, if_values in domain.interfaces.items() %}
<interface type='bridge'>
<mac address='{{ if_values.macAddress }}'/>
<source bridge='{{ if_name }}'/>
{% for interface in domain.interfaces %}
<interface type='{{ interface.type }}'>
<mac address='{{ interface.macAddress }}'/>
<source {{ interface.type }}='{{ interface.network }}'/>
<model type='virtio'/>
</interface>
{% endfor %}
<serial type='file'>
<source path='/var/lib/libvirt/{{ nodename }}-console.log'/>
<source path='/var/lib/libvirt/{{ domain.name }}-console.log'/>
</serial>
<serial type='pty'/>
<console type='file'>
<source path='/var/lib/libvirt/{{ nodename }}-console.log'/>
<source path='/var/lib/libvirt/{{ domain.name }}-console.log'/>
<target type='serial'/>
</console>
{% if domain.enable_vnc | default(false) %}
<graphics type='vnc' autoport='yes' listen='0.0.0.0'>
{% if domain.enableVNC | default(false) %}
<graphics type='vnc' autoport='yes' passwd='{{ domain.vncPassword }}' listen='0.0.0.0'>
<listen type='address' address='0.0.0.0'/>
</graphics>
{% endif %}
@ -107,9 +105,8 @@ flavorTemplates:
</domain>
{% endif %}
volumeTemplate: |
{% set nodename = 'master-' + item|string %}
<volume>
<name>{{ nodename }}</name>
<name>{{ domain.name }}</name>
<allocation>0</allocation>
<capacity unit='G'>{{ flavors.master.rootSize }}</capacity>
<target>
@ -118,12 +115,10 @@ flavorTemplates:
</volume>
worker:
domainTemplate: |
{% set nodename = 'worker-' + item|string %}
{% if domains[nodename] is defined %}
{% set domain = domains[nodename] %}
{% if domain is defined %}
<domain type="kvm">
<name>{{ nodename }}</name>
<uuid>{{ nodename | hash('md5') }}</uuid>
<name>{{ domain.name }}</name>
<uuid>{{ domain.name | hash('md5') }}</uuid>
<metadata>
<vino:flavor>worker</vino:flavor>
<vino:creationTime>{{ ansible_date_time.date }}</vino:creationTime>
@ -137,14 +132,14 @@ flavorTemplates:
</memoryBacking>
{% endif %}
<vcpu placement="static">{{ flavors.worker.vcpus }}</vcpu>
{% if node_core_map[nodename] is defined %}
{% if domain.name in node_core_map %}
# function to produce list of cpus, in same numa (controled by bool), state will need to be tracked via file on hypervisor host. gotpl psudo:
<cputune>
<shares>8192</shares>
{% for core in node_core_map[nodename] %}
{% for core in node_core_map[domain.name] %}
<vcpupin vcpu="{{ loop.index0 }}" cpuset="{{ core }}"/>
{% endfor %}
<emulatorpin cpuset="{{ node_core_map[nodename]|join(',') }}"/>
<emulatorpin cpuset="{{ node_core_map[domain.name]|join(',') }}"/>
</cputune>
{% endif %}
<resource>
@ -173,7 +168,7 @@ flavorTemplates:
# for each disk requested
<disk type='volume' device='disk'>
<driver name="qemu" type="qcow2" cache="none" discard="unmap"/>
<source pool='vino-default' volume='{{ nodename }}'/>
<source pool='vino-default' volume='{{ domain.name }}'/>
<target dev='vde' bus='virtio'/>
</disk>
@ -187,25 +182,31 @@ flavorTemplates:
<alias name="ide"/>
</controller>
{% for if_name, if_values in domain.interfaces.items() %}
<interface type='network'>
<source network='pxe'/>
<model type='virtio'/>
</interface>
# for each interface defined in vino, e.g.
{% for interface in domain.interfaces %}
<interface type='bridge'>
<mac address='{{ if_values.macAddress }}'/>
<source bridge='{{ if_name }}'/>
<mac address='{{ interface.macAddress }}'/>
<source bridge='{{ interface.network }}'/>
<model type='virtio'/>
</interface>
{% endfor %}
<serial type='file'>
<source path='/var/lib/libvirt/{{ nodename }}-console.log'/>
<source path='/var/lib/libvirt/{{ domain.name }}-console.log'/>
</serial>
<serial type='pty'/>
<console type='file'>
<source path='/var/lib/libvirt/{{ nodename }}-console.log'/>
<source path='/var/lib/libvirt/{{ domain.name }}-console.log'/>
<target type='serial'/>
</console>
{% if domain.enable_vnc | default(false) %}
{% if domain.enableVNC | default(false) %}
<graphics type='vnc' autoport='yes' listen='0.0.0.0'>
<listen type='address' address='0.0.0.0'/>
</graphics>
@ -223,9 +224,8 @@ flavorTemplates:
</domain>
{% endif %}
volumeTemplate: |
{% set nodename = 'worker-' + item|string %}
<volume>
<name>{{ nodename }}</name>
<name>{{ domain.name }}</name>
<allocation>0</allocation>
<capacity unit='G'>{{ flavors.worker.rootSize }}</capacity>
<target>

34
manifests/function/vino/upstream/manager/inventory-template.yaml
View File

@ -1,34 +0,0 @@
# NOTE: auto-generated. Some fields should NOT be modified.
# Date: 2021-03-16 10:05:35 UTC
#
# Contains the "inventory object" template ConfigMap.
# When this object is applied, it is handled specially,
# storing the metadata of all the other objects applied.
# This object and its stored inventory is subsequently
# used to calculate the set of objects to automatically
# delete (prune), when an object is omitted from further
# applies. When applied, this "inventory object" is also
# used to identify the entire set of objects to delete.
#
# NOTE: The name of this inventory template file
# does NOT have any impact on group-related functionality
# such as deletion or pruning.
#
apiVersion: v1
kind: ConfigMap
metadata:
# DANGER: Do not change the inventory object namespace.
# Changing the namespace will cause a loss of continuity
# with previously applied grouped objects. Set deletion
# and pruning functionality will be impaired.
namespace: default
# NOTE: The name of the inventory object does NOT have
# any impact on group-related functionality such as
# deletion or pruning.
name: inventory-15862452
labels:
# DANGER: Do not change the value of this label.
# Changing this value will cause a loss of continuity
# with previously applied grouped objects. Set deletion
# and pruning functionality will be impaired.
cli-utils.sigs.k8s.io/inventory-id: 6e088520-63c2-4b5d-82ea-4f2cb089920f

19
manifests/function/vino/upstream/manager/kustomization.yaml
View File

@ -1,5 +1,6 @@
resources:
- manager.yaml
configMapGenerator:
- name: daemonset-template
options:
@ -10,19 +11,29 @@ configMapGenerator:
options:
disableNameSuffixHash: true
files:
- flavors.yaml
- flavors.yaml
- name: flavor-templates
options:
disableNameSuffixHash: true
files:
- flavor-templates.yaml
- flavor-templates.yaml
- name: network-templates
options:
disableNameSuffixHash: true
files:
- network-templates.yaml
- network-templates.yaml
- name: storage-templates
options:
disableNameSuffixHash: true
files:
- storage-templates.yaml
- storage-templates.yaml
- name: libvirt-qemu-conf
options:
disableNameSuffixHash: true
files:
- qemu.conf
- name: create-libvirt-vnc-cert
options:
disableNameSuffixHash: true
files:
- create_tls_cert.sh

8
manifests/function/vino/upstream/manager/manager.yaml
View File

@ -38,8 +38,8 @@ spec:
cpu: 100m
memory: 20Mi
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
terminationGracePeriodSeconds: 10

30
manifests/function/vino/upstream/manager/network-templates.yaml
View File

@ -1,17 +1,15 @@
libvirtNetworks:
- name: management
libvirtTemplate: |
<network>
<name>management</name>
<forward mode='route'/>
<bridge name='management' stp='off' delay='0'/>
<ip address='{{ networks[0].routes[0].gateway }}' netmask='255.255.240.0'>
<!-- <tftp root='/srv/tftp'/> -->
<dhcp>
<range start='{{ networks[0].allocationStart }}' end='{{ networks[0].allocationStop }}'/>
<bootp file=''/>
</dhcp>
</ip>
</network>
# - name: mobility-gn
# libvirtTemplate:
management:
libvirtTemplate: |
<network>
<name>{{ network.name }}</name>
<forward mode='route'/>
<bridge name='vm-infra-bridge' stp='off' delay='0' {% if network.physicalInterface is defined %} dev='{{ network.physicalInterface }}' {% endif %}/>
<ip address='{{ ipam.bridge_ip | default(omit) }}' netmask='{{ ipam.bridge_subnet_netmask }}'>
<!-- <tftp root='/srv/tftp'/> -->
<dhcp>
<range start='{{ ipam.instance_ips[0] }}' end='{{ ipam.instance_ips[-1] }}'/>
<bootp file='http://{{ pxeBootImageHost | default(ansible_default_ipv4.address) }}:{{ pxeBootImageHostPort | default(80) }}/dualboot.ipxe'/>
</dhcp>
</ip>
</network>

6
manifests/function/vino/upstream/manager/qemu.conf Normal file
View File

@ -0,0 +1,6 @@
stdio_handler = "file"
user = "root"
group = "root"
security_driver = "none"
vnc_tls = 1
#vnc_tls_x509_verify = 1

26
manifests/function/vino/upstream/manager/storage-templates.yaml
View File

@ -1,14 +1,14 @@
libvirtStorage:
- name: vino-default
libvirtTemplate: |-
<pool type='dir'>
<name>vino-default</name>
<target>
<path>/var/lib/libvirt/vino-pool</path>
<permissions>
<mode>0711</mode>
<owner>0</owner>
<group>0</group>
</permissions>
</target>
</pool>
- name: vino-default
libvirtTemplate: |
<pool type='dir'>
<name>vino-default</name>
<target>
<path>/var/lib/libvirt/vino-pool</path>
<permissions>
<mode>0711</mode>
<owner>0</owner>
<group>0</group>
</permissions>
</target>
</pool>

4
manifests/function/vino/upstream/rbac/Kptfile
View File

@ -5,7 +5,7 @@ metadata:
upstream:
type: git
git:
commit: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
commit: 0e709c0d27b2052a5198f8d27d39bd25ed122dae
repo: https://opendev.org/airship/vino
directory: config/rbac
ref: 6ad6bb6d8c9b162540b689c9e8b9385e847c922a
ref: 0e709c0d27b2052a5198f8d27d39bd25ed122dae

2
manifests/function/vino/upstream/rbac/kustomization.yaml
View File

@ -13,4 +13,4 @@ resources:
- auth_proxy_role_binding.yaml
- auth_proxy_client_clusterrole.yaml
- vino_manager_role.yaml
- vino_manager_role_binding.yaml
- vino_manager_role_binding.yaml

2
manifests/function/vino/upstream/rbac/leader_election_role.yaml
View File

@ -41,4 +41,4 @@ rules:
- create
- update
- patch
- delete
- delete

3
manifests/function/vino/upstream/rbac/role.yaml
View File

@ -1,6 +1,9 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: manager-role
rules:
- apiGroups:

2
manifests/function/vino/upstream/rbac/vino_daemonset_controller_role_binding.yaml
View File

@ -9,4 +9,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: default
namespace: vino-system
namespace: vino-system

83
manifests/function/vino/upstream/rbac/vino_manager_role.yaml
View File

@ -1,46 +1,47 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cluster-manager-role
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
- watch
- list
- delete
- update
- apiGroups:
- airship.airshipit.org
resources:
- vinoes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- airship.airshipit.org
resources:
- vinoes/status
verbs:
- get
- patch
- update
- apiGroups:
- metal3.io
resources:
- baremetalhosts
verbs:
- create
- get
- list
- patch
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
- watch
- list
- delete
- update
- apiGroups:
- airship.airshipit.org
resources:
- vinoes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- airship.airshipit.org
resources:
- vinoes/status
verbs:
- get
- patch
- update
- apiGroups:
- metal3.io
resources:
- baremetalhosts
verbs:
- create
- get
- list
- patch
- update

2
manifests/function/vino/upstream/rbac/vino_manager_role_binding.yaml
View File

@ -9,4 +9,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: default
namespace: vino-system
namespace: vino-system