aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-x.gitignore14
-rwxr-xr-xLICENSE.TXT38
-rwxr-xr-xREADME.md9
l---------ansible/action_plugins1
-rwxr-xr-xansible/ansible.cfg46
-rwxr-xr-xansible/application.yml89
-rwxr-xr-xansible/infrastructure.yml85
-rwxr-xr-xansible/library/kubectl_apply_manifest.py73
-rwxr-xr-xansible/requirements.yml57
-rwxr-xr-xansible/roles/ansible-vvp-bootstrap/.gitignore2
-rwxr-xr-xansible/roles/ansible-vvp-bootstrap/.travis.yml64
-rwxr-xr-xansible/roles/ansible-vvp-bootstrap/defaults/main.yml39
-rwxr-xr-xansible/roles/ansible-vvp-bootstrap/files/iceundionly.kpxebin0 -> 64340 bytes
-rwxr-xr-xansible/roles/ansible-vvp-bootstrap/meta/.galaxy_install_info39
-rwxr-xr-xansible/roles/ansible-vvp-bootstrap/meta/main.yml38
-rwxr-xr-xansible/roles/ansible-vvp-bootstrap/tasks/dnsmasq.yml103
-rwxr-xr-xansible/roles/ansible-vvp-bootstrap/tasks/main.yml183
-rwxr-xr-xansible/roles/ansible-vvp-bootstrap/tasks/matchbox.yml137
-rwxr-xr-xansible/roles/ansible-vvp-bootstrap/tasks/tls.yml150
-rwxr-xr-xansible/roles/ansible-vvp-bootstrap/templates/dnsmasq.conf.j273
-rwxr-xr-xansible/roles/ansible-vvp-bootstrap/templates/groups/group.json.j273
-rwxr-xr-xansible/roles/ansible-vvp-bootstrap/templates/groups/install.json.j251
-rwxr-xr-xansible/roles/ansible-vvp-bootstrap/templates/ignition/controller.yaml.j2872
-rwxr-xr-xansible/roles/ansible-vvp-bootstrap/templates/ignition/coreos-install.yaml.j2107
-rwxr-xr-xansible/roles/ansible-vvp-bootstrap/templates/ignition/worker.yaml.j2397
-rwxr-xr-xansible/roles/ansible-vvp-bootstrap/templates/kubeconfig.j256
-rwxr-xr-xansible/roles/ansible-vvp-bootstrap/templates/openssl.config.j273
-rwxr-xr-xansible/roles/ansible-vvp-bootstrap/templates/profiles/controller.json.j256
-rwxr-xr-xansible/roles/ansible-vvp-bootstrap/templates/profiles/install-reboot.json.j255
-rwxr-xr-xansible/roles/ansible-vvp-bootstrap/templates/profiles/worker.json.j256
-rwxr-xr-xansible/simple-deploy.yml55
-rwxr-xr-xbin/vvp-deploy42
-rwxr-xr-xbin/vvp-install-box45
-rwxr-xr-xbin/vvp-rescale45
-rwxr-xr-xboxes/vvp-empty/0.0.0/virtualbox/Vagrantfile83
-rwxr-xr-xboxes/vvp-empty/0.0.0/virtualbox/base_mac.rb41
-rwxr-xr-xboxes/vvp-empty/0.0.0/virtualbox/box.ovf257
-rwxr-xr-xboxes/vvp-empty/0.0.0/virtualbox/change_host_name.rb75
-rwxr-xr-xboxes/vvp-empty/0.0.0/virtualbox/configure_networks.rb180
-rwxr-xr-xboxes/vvp-empty/0.0.0/virtualbox/files/intel--virtio-net--pcnet32.isarombin0 -> 56832 bytes
-rwxr-xr-xboxes/vvp-empty/0.0.0/virtualbox/metadata.json1
-rwxr-xr-xexamples/unencrypted_vault.yml122
-rwxr-xr-xsetenv71
-rwxr-xr-xvagrant/prebuilt/Vagrantfile88
-rwxr-xr-xvagrant/prebuilt/config.yml75
-rwxr-xr-xvagrant/pxe/Vagrantfile121
-rwxr-xr-xvagrant/pxe/lib/vagrant_provision.rb71
-rwxr-xr-xvagrant/pxe/multi_node_config.yml127
-rwxr-xr-xvagrant/pxe/single_node_config.yml88
-rwxr-xr-xzones/development/devkit_environment_multi47
-rwxr-xr-xzones/development/devkit_environment_single47
-rwxr-xr-xzones/development/inventory/group_vars/all/all.yml88
-rwxr-xr-xzones/development/inventory/group_vars/all/rgws.yml42
-rwxr-xr-xzones/development/inventory/group_vars/all/unencrypted_vault.yml117
-rwxr-xr-xzones/development/inventory/group_vars/bootstrap.yml82
-rwxr-xr-xzones/development/inventory/group_vars/local.yml72
-rwxr-xr-xzones/development/inventory/group_vars/mons.yml66
-rwxr-xr-xzones/development/inventory/group_vars/rbdhost.yml56
-rwxr-xr-xzones/development/inventory/inventory78
59 files changed, 5318 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100755
index 0000000..750975f
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,14 @@
+.DS_Store
+.vagrant*
+ansible/roles/*
+!ansible/roles/ansible-ice-templates/
+!ansible/roles/ansible-ice-volumes/
+!ansible/roles/ansible-vvp-bootstrap/
+.vault_password
+*.retry
+*.vdi
+*.vmdk
+zones/*/fetch/*
+zones/*/k8
+fetch/*
+**/*.pyc
diff --git a/LICENSE.TXT b/LICENSE.TXT
new file mode 100755
index 0000000..19fa261
--- /dev/null
+++ b/LICENSE.TXT
@@ -0,0 +1,38 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property. \ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100755
index 0000000..5474595
--- /dev/null
+++ b/README.md
@@ -0,0 +1,9 @@
+```
+# update your hosts file with the line
+# 10.252.0.12 coreos-01.development.vvp.example.com
+. setenv
+# select the envirionment yout want from the list
+vagrant up
+watch -n5 "kubectl get po -n kube-system"
+# once all pods are running status
+`bin/vvp-deploy`
diff --git a/ansible/action_plugins b/ansible/action_plugins
new file mode 120000
index 0000000..660c351
--- /dev/null
+++ b/ansible/action_plugins
@@ -0,0 +1 @@
+./roles/ceph.ceph-common/plugins/actions/ \ No newline at end of file
diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
new file mode 100755
index 0000000..4a72589
--- /dev/null
+++ b/ansible/ansible.cfg
@@ -0,0 +1,46 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+[defaults]
+roles_path=./roles/
+vault_password_file=.vault_password
+action_plugins =./roles/ceph.ceph-common/plugins/actions
+inventory =../zones/multi-node/inventory/
+
+[ssh_connection]
+ssh_args = -o ControlPersist=60s -o ControlMaster=auto -o ServerAliveInterval=10 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
diff --git a/ansible/application.yml b/ansible/application.yml
new file mode 100755
index 0000000..7e305cc
--- /dev/null
+++ b/ansible/application.yml
@@ -0,0 +1,89 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+- hosts: localhost
+ connection: local
+ tasks:
+ - name: Set timestamp fact if it hasn't been set
+ local_action:
+ set_fact timestamp="{{lookup('pipe', 'date \"+%s\"')}}"
+ run_once: True
+ when: timestamp is not defined
+ tags:
+ - always
+
+- hosts: localhost
+ connection: local
+ gather_facts: False
+ pre_tasks:
+ - shell: cat {{fetch_directory}}/ceph_cluster_uuid.conf
+ register: ceph_uuid
+ tags:
+ - always
+
+ - shell: grep 'key' {{fetch_directory}}/{{ceph_uuid.stdout}}/etc/ceph/ceph.client.admin.keyring | awk '{print $3}'
+ register: client_key
+ tags:
+ - always
+
+ - set_fact:
+ ceph_key: "{{client_key.stdout}}"
+ tags:
+ - always
+
+- hosts: rbdhost
+ become: True
+ pre_tasks:
+ - set_fact:
+ timestamp: "{{hostvars['127.0.0.1']['timestamp']}}"
+ tags:
+ - always
+ roles:
+ - role: ansible-vvp-volumes
+
+- hosts: localhost
+ connection: local
+ gather_facts: False
+ vars:
+ rollback_deployment: []
+ sleep_in_seconds:
+ pre_deploy: "{{ pre_deploy_sleep | default(0) }}"
+ post_deploy: "{{ post_deploy_sleep | default(60) }}"
+ roles:
+ - ansible-vvp-templates
diff --git a/ansible/infrastructure.yml b/ansible/infrastructure.yml
new file mode 100755
index 0000000..0e700ca
--- /dev/null
+++ b/ansible/infrastructure.yml
@@ -0,0 +1,85 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+- hosts: localhost,rbdhost
+ tasks:
+ - name: Set timestamp fact if it hasn't been set
+ local_action:
+ set_fact timestamp="{{lookup('pipe', 'date \"+%s\"')}}"
+ run_once: True
+ when: timestamp is not defined
+ tags:
+ - always
+
+- hosts: mons
+ become: True
+ roles:
+ - ceph.ceph-mon
+
+- hosts: rgws
+ become: True
+ roles:
+ - ceph.ceph-rgw
+
+- hosts: osds
+ become: True
+ roles:
+ - ceph.ceph-osd
+
+- hosts: bootstrap
+ become: yes
+ roles:
+ - ansible-vvp-bootstrap
+
+- hosts: rbdhost
+ vars:
+ rollback_volumes: []
+ snapshot_volumes: []
+ become: True
+ roles:
+ - role: ansible-vvp-volumes
+
+# we can't do this in the earlier rgws block because we need its underlying
+# osds and volumes to be set up.
+- hosts: rgws
+ tasks:
+ - name: configure radosgw static files user
+ command: radosgw-admin user create --uid="staticfiles" --display-name="static files user" --caps="users=*;buckets=*;metadata=*" --access-key="{{ vault_aws_access_key_id }}" --secret-key="{{ vault_aws_secret_access_key }}"
+ run_once: true
+ become: true
diff --git a/ansible/library/kubectl_apply_manifest.py b/ansible/library/kubectl_apply_manifest.py
new file mode 100755
index 0000000..75c68cb
--- /dev/null
+++ b/ansible/library/kubectl_apply_manifest.py
@@ -0,0 +1,73 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#!/usr/bin/python
+import os
+from ansible.module_utils.basic import AnsibleModule
+
+
+def kubectl_apply_manifest(module, manifest, kubeconfig):
+ kubectl_path = module.get_bin_path('kubectl', required=True)
+ args = [kubectl_path, '--kubeconfig', kubeconfig, 'apply', '-f', manifest]
+ return module.run_command(args)
+
+
+def main():
+ module = AnsibleModule(
+ argument_spec=dict(
+ manifest=dict(required=True),
+ kubeconfig=dict(default=os.environ['KUBECONFIG'])
+ ),
+ )
+
+ manifest = module.params['manifest']
+ kubeconfig = module.params['kubeconfig']
+
+ if kubeconfig is None:
+ msg = "Could not apply manifest, kubeconfig not specified"
+ module.fail_json(msg=msg)
+
+ rc, stdout, stderr = kubectl_apply_manifest(module, manifest, kubeconfig)
+ if rc == 0:
+ module.exit_json(changed=True, stdout=stdout)
+ else:
+ msg = "Could not apply manifest"
+ module.fail_json(msg=msg + " " + stderr)
+
+if __name__ == "__main__":
+ main()
diff --git a/ansible/requirements.yml b/ansible/requirements.yml
new file mode 100755
index 0000000..ea1e8d0
--- /dev/null
+++ b/ansible/requirements.yml
@@ -0,0 +1,57 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+- src: https://github.com/ceph/ansible-ceph-common.git
+ version: v2.2.10
+ name: ceph.ceph-common
+
+- src: https://github.com/ceph/ansible-ceph-docker-common.git
+ version: master
+ name: ceph.ceph-docker-common
+
+- src: https://github.com/ceph/ansible-ceph-rgw.git
+ version: v2.2.10
+ name: ceph.ceph-rgw
+
+- src: https://github.com/ceph/ansible-ceph-mon.git
+ version: v2.2.10
+ name: ceph.ceph-mon
+
+- src: https://github.com/ceph/ansible-ceph-osd.git
+ version: v2.2.10
+ name: ceph.ceph-osd
diff --git a/ansible/roles/ansible-vvp-bootstrap/.gitignore b/ansible/roles/ansible-vvp-bootstrap/.gitignore
new file mode 100755
index 0000000..5109f81
--- /dev/null
+++ b/ansible/roles/ansible-vvp-bootstrap/.gitignore
@@ -0,0 +1,2 @@
+*.swp
+.sw*
diff --git a/ansible/roles/ansible-vvp-bootstrap/.travis.yml b/ansible/roles/ansible-vvp-bootstrap/.travis.yml
new file mode 100755
index 0000000..1b9ad49
--- /dev/null
+++ b/ansible/roles/ansible-vvp-bootstrap/.travis.yml
@@ -0,0 +1,64 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+language: python
+python: "2.7"
+
+# Use the new container infrastructure
+sudo: false
+
+# Install ansible
+addons:
+ apt:
+ packages:
+ - python-pip
+
+install:
+ # Install ansible
+ - pip install ansible
+
+ # Check ansible version
+ - ansible --version
+
+ # Create ansible.cfg with correct roles_path
+ - printf '[defaults]\nroles_path=../' >ansible.cfg
+
+script:
+ # Basic role syntax check
+ - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
diff --git a/ansible/roles/ansible-vvp-bootstrap/defaults/main.yml b/ansible/roles/ansible-vvp-bootstrap/defaults/main.yml
new file mode 100755
index 0000000..9d39136
--- /dev/null
+++ b/ansible/roles/ansible-vvp-bootstrap/defaults/main.yml
@@ -0,0 +1,39 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+sysdig_access_key: "{{ vault_sysdig_access_key | default('') }}"
diff --git a/ansible/roles/ansible-vvp-bootstrap/files/iceundionly.kpxe b/ansible/roles/ansible-vvp-bootstrap/files/iceundionly.kpxe
new file mode 100755
index 0000000..ccda67b
--- /dev/null
+++ b/ansible/roles/ansible-vvp-bootstrap/files/iceundionly.kpxe
Binary files differ
diff --git a/ansible/roles/ansible-vvp-bootstrap/meta/.galaxy_install_info b/ansible/roles/ansible-vvp-bootstrap/meta/.galaxy_install_info
new file mode 100755
index 0000000..0b7735f
--- /dev/null
+++ b/ansible/roles/ansible-vvp-bootstrap/meta/.galaxy_install_info
@@ -0,0 +1,39 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+{install_date: 'Thu Jul 20 18:38:57 2017', version: develop}
diff --git a/ansible/roles/ansible-vvp-bootstrap/meta/main.yml b/ansible/roles/ansible-vvp-bootstrap/meta/main.yml
new file mode 100755
index 0000000..6b0bfdd
--- /dev/null
+++ b/ansible/roles/ansible-vvp-bootstrap/meta/main.yml
@@ -0,0 +1,38 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
diff --git a/ansible/roles/ansible-vvp-bootstrap/tasks/dnsmasq.yml b/ansible/roles/ansible-vvp-bootstrap/tasks/dnsmasq.yml
new file mode 100755
index 0000000..48dad1c
--- /dev/null
+++ b/ansible/roles/ansible-vvp-bootstrap/tasks/dnsmasq.yml
@@ -0,0 +1,103 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+- name: Install nf_conntrack_tftp
+ modprobe:
+ name: nf_conntrack_tftp
+ state: present
+
+- name: Copy our pxe client
+ copy: src=iceundionly.kpxe dest="{{files_dir}}/iceundionly.kpxe"
+ when: pxe_chainload
+
+- name: Create DNSMASQ leases file
+ file: path="{{files_dir}}/leases" mode=0644 state=touch
+
+- name: DROP DNS, tftp requests from public
+ shell: iptables -I INPUT 1 -p udp --dport {{item}} -i {{ops_public_interface}} -j DROP
+ with_items:
+ - 53
+ - 69
+
+- name: DROP DNS, tftp requests to public
+ shell: iptables -I OUTPUT 1 -p udp --sport {{item}} -o {{ops_public_interface}} -j DROP
+ with_items:
+ - 53
+ - 69
+
+- name: Allow Inbound UDP DHCP Requests
+ shell: iptables -A INPUT -p udp --dport {{item}} -j ACCEPT
+ with_items:
+ - 53
+ - 67:69
+
+- name: Allow Outbound UDP DNS, DHCP
+ shell: iptables -A OUTPUT -p udp --sport {{item}} -j ACCEPT
+ with_items:
+ - 53
+ - 67:69
+
+- name: Allow TFTP file transfers on arbitrary ports.
+ shell: 'iptables -A OUTPUT -p udp -o {{ ops_management_interface }} --sport 1023: --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT'
+
+- name: Allow TFTP file transfers on arbitrary ports.
+ shell: 'iptables -A INPUT -p udp -i {{ops_management_interface}} --dport 1023: -m state --state ESTABLISHED,RELATED -j ACCEPT'
+
+- name: Render DNSMASQ configuration
+ template:
+ src: dnsmasq.conf.j2
+ dest: "{{files_dir}}/dnsmasq.conf"
+
+- name: Is dnsmasq already running?
+ shell: docker ps | grep dnsmasq | awk '{ print $1 }'
+ register: dnsmasq_id
+
+- name: Kill dnsmasq!
+ shell: docker kill "{{dnsmasq_id.stdout}}"
+ when: dnsmasq_id.stdout != ""
+
+- name: Start DNSMASQ
+ command: "docker run -d
+ --net=host
+ --cap-add=NET_ADMIN
+ -v {{files_dir}}/leases:/var/lib/misc/dnsmasq.leases:Z
+ -v {{files_dir}}/dnsmasq.conf:/etc/dnsmasq.conf:Z
+{% if pxe_chainload %}
+ -v {{files_dir}}/iceundionly.kpxe:/var/lib/tftpboot/iceundionly.kpxe:Z
+{% endif %}
+ quay.io/coreos/dnsmasq -d -q"
diff --git a/ansible/roles/ansible-vvp-bootstrap/tasks/main.yml b/ansible/roles/ansible-vvp-bootstrap/tasks/main.yml
new file mode 100755
index 0000000..48b545e
--- /dev/null
+++ b/ansible/roles/ansible-vvp-bootstrap/tasks/main.yml
@@ -0,0 +1,183 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+- name: install packages
+ yum:
+ name: "{{ item }}"
+ state: present
+ with_items:
+ - docker
+ tags:
+ - bootstrap
+
+- name: Is our management IP set?
+ shell: "ip addr show {{ops_management_interface}} | grep {{ops_management_ip}}"
+ register: mgmt_ip
+ tags:
+ - bootstrap
+ ignore_errors: True
+
+- name: Set interface address
+ command: ip addr add {{ops_management_ip}}/24 dev {{ops_management_interface}}
+ when: mgmt_ip.stdout == ""
+ tags:
+ - bootstrap
+
+- name: Temporarily allow all INPUT
+ shell: iptables -P INPUT ACCEPT
+ tags:
+ - always
+
+- name: Temporarily allow all OUTPUT
+ shell: iptables -P OUTPUT ACCEPT
+ tags:
+ - always
+
+- name: Flush all IPTables Rules (non nat)
+ shell: iptables -F
+ tags:
+ - always
+
+- name: Allow SSH for development environments
+ shell: iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT
+ when: ice_environment == "development"
+ tags:
+ - always
+
+- name: Allow SSH out for development environments
+ shell: iptables -A OUTPUT -p tcp -o eth0 --sport 22 -j ACCEPT
+ when: ice_environment == "development"
+ tags:
+ - always
+
+- name: Allow SSH out for development environments
+ shell: iptables -A OUTPUT -p tcp -o {{ops_management_interface}} --sport 22 -j ACCEPT
+ when: ice_environment != "development"
+ tags:
+ - always
+
+- name: Allow SSH for non-development environments
+ shell: iptables -A INPUT -p tcp -i {{ops_management_interface}} --dport 22 -j ACCEPT
+ when: ice_environment != "development"
+ tags:
+ - always
+
+- name: Allow Outbound UDP DNS
+ shell: iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
+
+- name: Allow Inbound UDP DNS replies
+ shell: iptables -A INPUT -p udp --sport 53 -j ACCEPT
+
+- name: Allow Outbound Web Requests
+ shell: iptables -A OUTPUT -p tcp --dport {{item}} -j ACCEPT
+ with_items:
+ - 443
+ - 80
+
+- name: Allow Inbound Web Replies
+ shell: iptables -A INPUT -p tcp --sport {{item}} -m state --state ESTABLISHED,RELATED -j ACCEPT
+ with_items:
+ - 443
+ - 80
+- name: Drop INPUT
+ shell: iptables -P INPUT DROP
+ tags:
+ - always
+
+- name: Drop OUTPUT
+ shell: iptables -P OUTPUT DROP
+ tags:
+ - always
+
+- name: Drop FORWARD
+ shell: iptables -P FORWARD DROP
+ tags:
+ - always
+
+- name: set additional interfaces ip
+ command: ip addr add {{item.value}} dev {{item.key}}
+ when: hostvars[inventory_hostname]["ansible_%s" % item.key] and (hostvars[inventory_hostname]["ansible_%s" % item.key]['ipv4'] is not defined or not item.value.split('/')[0] in hostvars[inventory_hostname]["ansible_%s" % item.key]['ipv4']['address'])
+ with_dict: "{{ additional_interfaces }}"
+
+- name: Bring additional interfaces up
+ command: ifup {{item.key}}
+ when: hostvars[inventory_hostname]["ansible_%s" % item.key] and (hostvars[inventory_hostname]["ansible_%s" % item.key]['ipv4'] is not defined or not item.value.split('/')[0] in hostvars[inventory_hostname]["ansible_%s" % item.key]['ipv4']['address'])
+ with_dict: "{{ additional_interfaces }}"
+
+- name: Add self to resolv.conf
+ lineinfile:
+ dest: /etc/resolv.conf
+ line: "nameserver {{ops_management_ip}}"
+ insertbefore: BOF
+
+- name: start docker
+ command: systemctl restart docker
+ tags:
+ - always
+
+- name: Disable Forwarding
+ command: "echo 0 > /proc/sys/net/ipv4/ip_forward"
+ tags:
+ - bootstrap
+
+#########################
+# FILESYSTEM
+#
+- name: Create files DIR
+ file: state=directory path="{{files_dir}}" mode=0755
+ tags:
+ - bootstrap
+ - tls
+
+- include: matchbox.yml
+ tags:
+ - bootstrap
+ - matchbox
+
+
+- include: tls.yml
+ tags:
+ - bootstrap
+ - tls
+
+- include: dnsmasq.yml
+ tags:
+ - bootstrap
+ - dnsmasq
+
diff --git a/ansible/roles/ansible-vvp-bootstrap/tasks/matchbox.yml b/ansible/roles/ansible-vvp-bootstrap/tasks/matchbox.yml
new file mode 100755
index 0000000..7e4ea87
--- /dev/null
+++ b/ansible/roles/ansible-vvp-bootstrap/tasks/matchbox.yml
@@ -0,0 +1,137 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+- name: Create assets directory
+ file: path="{{coreos_assets_dir}}" state=directory mode="0755"
+ tags:
+ - bootstrap
+ - matchbox
+
+- name: Download PXE image
+ get_url: url="http://{{coreos_channel}}.release.core-os.net/amd64-usr/{{coreos_version}}/{{item}}" dest="{{coreos_assets_dir}}/{{item}}"
+ with_items:
+ - "coreos_production_pxe.vmlinuz"
+ - "coreos_production_pxe.vmlinuz.sig"
+ - "coreos_production_pxe_image.cpio.gz"
+ - "coreos_production_pxe_image.cpio.gz.sig"
+ - "coreos_production_image.bin.bz2"
+ - "coreos_production_image.bin.bz2.sig"
+ tags:
+ - bootstrap
+ - matchbox
+
+- name: Retrieve the signing key
+ get_url: url="https://coreos.com/security/image-signing-key/CoreOS_Image_Signing_Key.asc" dest="{{coreos_assets_dir}}/CoreOS_Image_Signing_Key.asc"
+ tags:
+ - bootstrap
+ - matchbox
+
+- name: Import signing key
+ command: "gpg --import {{coreos_assets_dir}}/CoreOS_Image_Signing_Key.asc"
+ tags:
+ - bootstrap
+ - matchbox
+
+- name: Adding trust for CoreOS Signing key
+ command: 'echo "04126D0BFABEC8871FFB2CCE50E0885593D2DCB4:6:" | gpg --import-ownertrust'
+ tags:
+ - bootstrap
+ - matchbox
+
+- name: Verifying vmlinuz
+ command: "gpg --verify {{coreos_assets_dir}}/{{item}}"
+ with_items:
+ - "coreos_production_pxe.vmlinuz.sig"
+ - "coreos_production_pxe_image.cpio.gz.sig"
+ tags:
+ - bootstrap
+ - matchbox
+
+
+- name: Create matchbox directory
+ file: path="{{matchbox_dir}}" state=directory mode=0754
+ tags:
+ - bootstrap
+ - matchbox
+
+- name: Create groups, profiles and ignition directories
+ file: path="{{matchbox_dir}}/{{item}}" state=directory mode=0754
+ with_items:
+ - groups
+ - profiles
+ - ignition
+
+- name: matchbox k7 groups templates
+ template:
+ src: "groups/group.json.j2"
+ dest: "{{matchbox_dir}}/groups/{{item.name}}.json"
+ with_items: "{{hosts}}"
+ when: item.os == "coreos"
+
+- name: Allow Inbound 8080 web requests
+ shell: iptables -A INPUT -p udp --dport 8080 -i {{ops_management_interface}} -j ACCEPT
+
+- name: Allow Outbound 8080 web replies
+ shell: iptables -A OUTPUT -p udp --sport 8080 -o {{ops_management_interface}} -j ACCEPT
+
+- name: Create TLS assets directory
+ file: path="{{assets_dir}}/tls" state=directory mode=643
+
+- name: matchbox k8 other templates
+ template:
+ src: "{{item}}.j2"
+ dest: "{{matchbox_dir}}/{{item}}"
+ with_items:
+ - groups/install.json
+ - profiles/controller.json
+ - profiles/worker.json
+ - profiles/install-reboot.json
+ - ignition/controller.yaml
+ - ignition/coreos-install.yaml
+ - ignition/worker.yaml
+
+- name: Is matchbox already running?
+ shell: docker ps | grep matchbox | awk '{ print $1 }'
+ register: matchbox_id
+
+- name: Kill matchbox!
+ shell: docker kill {{matchbox_id.stdout}}
+ when: matchbox_id.stdout != ""
+
+- name: matchbox docker
+ command: docker run -d -p {{ops_management_ip}}:8080:8080 -v {{assets_dir}}:/assets:Z -v {{matchbox_dir}}:/var/lib/matchbox:Z quay.io/coreos/matchbox:v0.5.0 -address=0.0.0.0:8080 -log-level=debug -assets-path=/assets
diff --git a/ansible/roles/ansible-vvp-bootstrap/tasks/tls.yml b/ansible/roles/ansible-vvp-bootstrap/tasks/tls.yml
new file mode 100755
index 0000000..e0346cf
--- /dev/null
+++ b/ansible/roles/ansible-vvp-bootstrap/tasks/tls.yml
@@ -0,0 +1,150 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+- name: create TLS dir
+ file:
+ state: directory
+ path: "{{files_dir}}/tls"
+ mode: 0755
+ tags:
+ - bootstrap
+ - tls
+
+- name: create TLS dir
+ file:
+ state: directory
+ path: "{{assets_dir}}/tls"
+ mode: 0755
+ tags:
+ - bootstrap
+ - tls
+
+- stat: path="{{files_dir}}/tls/ca-key.pem"
+ register: ca_key
+
+- name: create root CA
+ shell: openssl genrsa -out {{files_dir}}/tls/ca-key.pem 2048
+ when: not ca_key.stat.exists
+
+- stat: path="{{files_dir}}/tls/ca.pem"
+ register: ca
+
+- name: create self signed cert
+ shell: openssl req -x509 -new -nodes -key {{files_dir}}/tls/ca-key.pem -days 10000 -out {{files_dir}}/tls/ca.pem -subj "/CN=kube-ca"
+ when: not ca.stat.exists
+
+- name: Generate Config File
+ template:
+ src: openssl.config.j2
+ dest: "{{files_dir}}/tls/{{item}}-openssl.config"
+ with_items:
+ - admin
+ - apiserver
+ - worker
+
+- stat: path={{files_dir}}/tls/{{item}}-key.pem
+ register: keyfiles
+ with_items:
+ - admin
+ - apiserver
+ - worker
+
+- name: create keyfile
+ shell: openssl genrsa -out {{files_dir}}/tls/{{item.item}}-key.pem 2048
+ with_items: "{{keyfiles.results}}"
+ when: not item.stat.exists
+
+- stat: path={{files_dir}}/tls/{{item}}.csr
+ register: csr_files
+ with_items:
+ - admin
+ - apiserver
+ - worker
+
+- name: Create csr
+ shell: openssl req -new -key {{files_dir}}/tls/{{item.item}}-key.pem -out {{files_dir}}/tls/{{item.item}}.csr -subj "/CN=kube-{{item.item}}" -config {{files_dir}}/tls/{{item.item}}-openssl.config
+ with_items: "{{csr_files.results}}"
+ when: not item.stat.exists
+
+- stat: path={{files_dir}}/tls/{{item}}.pem
+ register: pem_files
+ with_items:
+ - admin
+ - apiserver
+ - worker
+
+- name: Create pemfile
+ shell: openssl x509 -req -in {{files_dir}}/tls/{{item.item}}.csr -CA {{files_dir}}/tls/ca.pem -CAkey {{files_dir}}/tls/ca-key.pem -CAcreateserial -out {{files_dir}}/tls/{{item.item}}.pem -days 365 -extensions v3_req -extfile {{files_dir}}/tls/{{item.item}}-openssl.config
+ with_items: "{{pem_files.results}}"
+ when: not item.stat.exists
+
+- name: Copy tls related files to assets
+ copy:
+ src: "{{files_dir}}/{{item}}"
+ dest: "{{assets_dir}}/{{item}}"
+ remote_src: yes
+ backup: yes
+ with_items:
+ - tls/apiserver-key.pem
+ - tls/apiserver.pem
+ - tls/ca.pem
+ - tls/worker-key.pem
+ - tls/worker.pem
+
+- name: Encode Admin Cert
+ shell: base64 -w 0 {{files_dir}}/tls/admin.pem
+ register: ADMIN_CERT_BASE64
+
+- name: Encode Admin Key
+ shell: base64 -w 0 {{files_dir}}/tls/admin-key.pem
+ register: ADMIN_KEY_BASE64
+
+- name: Encode CA Cert
+ shell: base64 -w 0 {{files_dir}}/tls/ca.pem
+ register: CA_CERT_BASE64
+
+- name: Render kubeconfig
+ template:
+ src: kubeconfig.j2
+ dest: "{{files_dir}}/kubeconfig"
+
+- name: Fetch the new kubeconfig
+ fetch:
+ src: "{{files_dir}}/kubeconfig"
+ dest: "{{inventory_dir}}/../k8/"
+ flat: yes
diff --git a/ansible/roles/ansible-vvp-bootstrap/templates/dnsmasq.conf.j2 b/ansible/roles/ansible-vvp-bootstrap/templates/dnsmasq.conf.j2
new file mode 100755
index 0000000..2908165
--- /dev/null
+++ b/ansible/roles/ansible-vvp-bootstrap/templates/dnsmasq.conf.j2
@@ -0,0 +1,73 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+domain={{domain}}
+{% for range in dhcp_ranges %}
+dhcp-range={{range}}
+{% endfor %}
+{% if ice_environment != 'development' %}
+dhcp-option={{ops_management_interface}},121,10.252.0.0/16,{{management_gateway}}
+dhcp-option=tag:#coreos,{{ops_management_interface}},3,{{management_gateway}}
+dhcp-option=tag:coreos,{{ops_management_interface}},3
+{% endif %}
+{% for interface in additional_gateways.keys() %}
+dhcp-option={{interface}},3{% if additional_gateways[interface] != '' %},{{additional_gateways[interface]}} {% endif %}
+
+dhcp-option=#{{ops_management_interface}},6
+{% endfor %}
+enable-tftp
+tftp-root=/var/lib/tftpboot
+{% if pxe_boot %}
+ {% if pxe_chainload %}
+dhcp-userclass=set:iceundi,ICEPXE
+dhcp-boot=tag:coreos,tag:#iceundi,iceundionly.kpxe
+ {% else %}
+dhcp-userclass=set:iceundi,iPXE
+dhcp-boot=tag:coreos,tag:#iceundi,undionly.kpxe
+ {% endif %}
+dhcp-boot=tag:iceundi,http://{{ops_management_ip}}:8080/boot.ipxe
+{% endif %}
+{% for host in hosts %}
+ {% for config in host.dnsmasq_config %}
+dhcp-host={{config}}
+ {% endfor %}
+{% endfor %}
+dhcp-ignore=tag:#known
+log-queries
+log-dhcp
+bogus-priv
diff --git a/ansible/roles/ansible-vvp-bootstrap/templates/groups/group.json.j2 b/ansible/roles/ansible-vvp-bootstrap/templates/groups/group.json.j2
new file mode 100755
index 0000000..f7faa70
--- /dev/null
+++ b/ansible/roles/ansible-vvp-bootstrap/templates/groups/group.json.j2
@@ -0,0 +1,73 @@
+{#
+-*- encoding: utf-8 -*-
+============LICENSE_START=======================================================
+org.onap.vvp/engagementmgr
+===================================================================
+Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+===================================================================
+
+Unless otherwise specified, all software contained herein is licensed
+under the Apache License, Version 2.0 (the “License”);
+you may not use this software except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+
+
+Unless otherwise specified, all documentation contained herein is licensed
+under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+you may not use this documentation except in compliance with the License.
+You may obtain a copy of the License at
+
+ https://creativecommons.org/licenses/by/4.0/
+
+Unless required by applicable law or agreed to in writing, documentation
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+============LICENSE_END============================================
+
+ ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#}
+{
+ "id": "{{item.name}}",
+ "name": "k8s node",
+ "profile": "{{item.role}}",
+ "selector": {
+ "mac": "{{item.mac}}",
+ "os": "installed"
+ },
+ "metadata": {
+ "ssh_ip": "{{item.ssh_ip}}",
+ "k8s_flanneld_iface": "{{flanneld_interface}}",
+ "container_runtime": "{{container_runtime | default('rkt')}}",
+ "domain_name": "{{item.name}}.{{domain}}",
+ "etcd_initial_peers": "http://{{item.name}}.{{domain}}:2380",
+ "etcd_initial_cluster": "{% for host in hosts %}{% if host.etcd_role == "member" %}{{host.name}}=http://{{host.name}}.{{domain}}:2380,{% endif %}{% endfor %}",
+ "etcd_name": "{{item.name}}",
+ "k8s_version": "{{k8s_version}}",
+ "k8s_cert_endpoint": "http://{{ops_management_ip}}:8080/assets",
+ "k8s_dns_service_ip": "10.3.0.10",
+ "k8s_etcd_endpoints": "{% for host in hosts %}{% if host.etcd_role == "member" %}http://{{host.name}}.{{domain}}:2379,{% endif %}{% endfor %}",
+ "sysdig_access_key": "{{ sysdig_access_key| default('') }}",
+{% if item.role == "controller" %}
+ "k8s_apiserver_advertise_address": "{{k8s_apiserver_advertise_address}}",
+ "k8s_controller_port": "{{k8s_controller_port}}",
+ "k8s_pod_network": "10.2.0.0/16",
+ "k8s_service_ip_range": "10.3.0.0/24",
+{% else %}
+ "k8s_controller_endpoint": "https://{{(hosts|selectattr('role', 'equalto', 'controller')|first).name}}.{{domain}}:{{k8s_controller_port}}",
+{% endif %}
+ "ssh_authorized_keys": [{% for key in ssh_keys %}"{{key}}"{% if not loop.last %},{% endif %}{% endfor %}],
+ "ignition_endpoint": "http://{{ops_management_ip}}:8080/ignition"
+ }
+}
diff --git a/ansible/roles/ansible-vvp-bootstrap/templates/groups/install.json.j2 b/ansible/roles/ansible-vvp-bootstrap/templates/groups/install.json.j2
new file mode 100755
index 0000000..bf9284f
--- /dev/null
+++ b/ansible/roles/ansible-vvp-bootstrap/templates/groups/install.json.j2
@@ -0,0 +1,51 @@
+{#
+-*- encoding: utf-8 -*-
+============LICENSE_START=======================================================
+org.onap.vvp/engagementmgr
+===================================================================
+Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+===================================================================
+
+Unless otherwise specified, all software contained herein is licensed
+under the Apache License, Version 2.0 (the “License”);
+you may not use this software except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+
+
+Unless otherwise specified, all documentation contained herein is licensed
+under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+you may not use this documentation except in compliance with the License.
+You may obtain a copy of the License at
+
+ https://creativecommons.org/licenses/by/4.0/
+
+Unless required by applicable law or agreed to in writing, documentation
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+============LICENSE_END============================================
+
+ ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#}
+{
+ "id": "coreos-install",
+ "name": "CoreOS Install",
+ "profile": "install-reboot",
+ "metadata": {
+ "coreos_channel": "{{coreos_channel}}",
+ "coreos_version": "{{coreos_version}}",
+ "ignition_endpoint": "http://{{ops_management_ip}}:8080/ignition",
+ "ssh_authorized_keys": [{% for key in ssh_keys %}"{{key}}"{% if not loop.last %},{% endif %}{% endfor %}]
+ }
+}
diff --git a/ansible/roles/ansible-vvp-bootstrap/templates/ignition/controller.yaml.j2 b/ansible/roles/ansible-vvp-bootstrap/templates/ignition/controller.yaml.j2
new file mode 100755
index 0000000..ff8e0b8
--- /dev/null
+++ b/ansible/roles/ansible-vvp-bootstrap/templates/ignition/controller.yaml.j2
@@ -0,0 +1,872 @@
+{#
+-*- encoding: utf-8 -*-
+============LICENSE_START=======================================================
+org.onap.vvp/engagementmgr
+===================================================================
+Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+===================================================================
+
+Unless otherwise specified, all software contained herein is licensed
+under the Apache License, Version 2.0 (the “License”);
+you may not use this software except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+
+
+Unless otherwise specified, all documentation contained herein is licensed
+under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+you may not use this documentation except in compliance with the License.
+You may obtain a copy of the License at
+
+ https://creativecommons.org/licenses/by/4.0/
+
+Unless required by applicable law or agreed to in writing, documentation
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+============LICENSE_END============================================
+
+ ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#}
+---
+systemd:
+ units:
+{% for mount in mounts %}
+ - name: {{mount.name}}.mount
+ enable: true
+ contents: |
+ [Mount]
+ What={{mount.dev}}
+ Where={{mount.dest}}
+ Type={{mount.type}}
+ [Install]
+ WantedBy=local-fs.target
+{% endfor %}
+ - name: ice-filesystems.service
+ enable: true
+ contents: |
+ [Unit]
+ After=systemd-tmpfiles-setup.service
+ [Service]
+ Type=oneshot
+ {% if manually_grow_root %}
+ ExecStart=/usr/bin/cgpt resize /dev/sda9
+ ExecStart=/usr/sbin/xfs_growfs /dev/sda9
+ {% endif %}
+ ExecStart=/usr/bin/cp -r --preserve=all /usr/share/coreos /etc/coreos
+ ExecStart=/usr/bin/systemctl disable ice-filesystems.service
+ [Install]
+ WantedBy=multi-user.target {% raw %}
+ - name: sshd.socket
+ enable: true
+ contents: |
+ [Unit]
+ Description=OpenSSH Server Socket
+ Conflicts=sshd.service
+
+ [Socket]
+ ListenStream={{.ssh_ip}}:22
+ FreeBind=true
+ Accept=yes
+
+ [Install]
+ WantedBy=sockets.target
+ - name: etcd2.service
+ enable: true
+ dropins:
+ - name: 40-etcd-cluster.conf
+ contents: |
+ [Service]
+ Environment="ETCD_NAME={{.etcd_name}}"
+ Environment="ETCD_ADVERTISE_CLIENT_URLS=http://{{.domain_name}}:2379"
+ Environment="ETCD_INITIAL_ADVERTISE_PEER_URLS={{.etcd_initial_peers}}"
+ Environment="ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379"
+ Environment="ETCD_LISTEN_PEER_URLS=http://0.0.0.0:2380"
+ Environment="ETCD_INITIAL_CLUSTER={{.etcd_initial_cluster}}"
+ Environment="ETCD_STRICT_RECONFIG_CHECK=true"
+ - name: flanneld.service
+ dropins:
+ - name: 40-ExecStartPre-symlink.conf
+ contents: |
+ [Service]
+ EnvironmentFile=-/etc/flannel/options.env
+ ExecStartPre=/opt/init-flannel
+ - name: docker.service
+ dropins:
+ - name: 40-flannel.conf
+ contents: |
+ [Unit]
+ Requires=flanneld.service
+ After=flanneld.service
+ [Service]
+ EnvironmentFile=/etc/kubernetes/cni/docker_opts_cni.env
+ - name: locksmithd.service
+ dropins:
+ - name: 40-etcd-lock.conf
+ contents: |
+ [Service]
+ Environment="REBOOT_STRATEGY=off"
+ - name: k8s-certs@.service
+ contents: |
+ [Unit]
+ Description=Fetch Kubernetes certificate assets
+ Requires=network-online.target
+ After=network-online.target
+ [Service]
+ ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/ssl
+ ExecStart=/usr/bin/bash -c "[ -f /etc/kubernetes/ssl/%i ] || curl {{.k8s_cert_endpoint}}/tls/%i -o /etc/kubernetes/ssl/%i"
+ - name: k8s-assets.target
+ contents: |
+ [Unit]
+ Description=Load Kubernetes Assets
+ Requires=k8s-certs@apiserver.pem.service
+ After=k8s-certs@apiserver.pem.service
+ Requires=k8s-certs@apiserver-key.pem.service
+ After=k8s-certs@apiserver-key.pem.service
+ Requires=k8s-certs@ca.pem.service
+ After=k8s-certs@ca.pem.service
+ - name: kubelet.service
+ enable: true
+ contents: |
+ [Unit]
+ Description=Kubelet via Hyperkube ACI
+ Wants=flanneld.service
+ Requires=k8s-assets.target
+ After=k8s-assets.target
+ [Service]
+ Environment=KUBELET_VERSION={{.k8s_version}}
+ Environment="RKT_OPTS=--uuid-file-save=/var/run/kubelet-pod.uuid \
+ --volume dns,kind=host,source=/etc/resolv.conf \
+ --mount volume=dns,target=/etc/resolv.conf \
+ {{ if eq .container_runtime "rkt" -}}
+ --volume rkt,kind=host,source=/opt/bin/host-rkt \
+ --mount volume=rkt,target=/usr/bin/rkt \
+ --volume var-lib-rkt,kind=host,source=/var/lib/rkt \
+ --mount volume=var-lib-rkt,target=/var/lib/rkt \
+ --volume stage,kind=host,source=/tmp \
+ --mount volume=stage,target=/tmp \
+ {{ end -}}
+ --volume modprobe,kind=host,source=/usr/sbin/modprobe \
+ --mount volume=modprobe,target=/usr/sbin/modprobe \
+ --volume lib-modules,kind=host,source=/lib/modules \
+ --mount volume=lib-modules,target=/lib/modules \
+ --volume mkfsxfs,kind=host,source=/usr/sbin/mkfs.xfs \
+ --mount volume=mkfsxfs,target=/usr/sbin/mkfs.xfs \
+ --volume libxfs,kind=host,source=/lib64/libxfs.so.0 \
+ --mount volume=libxfs,target=/lib64/libxfs.so.0 \
+ --volume var-log,kind=host,source=/var/log \
+ --mount volume=var-log,target=/var/log"
+ ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/manifests
+ ExecStartPre=/usr/bin/mkdir -p /var/log/containers
+ ExecStartPre=/usr/bin/systemctl is-active flanneld.service
+ ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/run/kubelet-pod.uuid
+ ExecStart=/usr/lib/coreos/kubelet-wrapper \
+ --api-servers=http://127.0.0.1:8080 \
+ --register-schedulable=true \
+ --cni-conf-dir=/etc/kubernetes/cni/net.d \
+ --network-plugin=cni \
+ --container-runtime={{.container_runtime}} \
+ --rkt-path=/usr/bin/rkt \
+ --rkt-stage1-image=coreos.com/rkt/stage1-coreos \
+ --allow-privileged=true \
+ --pod-manifest-path=/etc/kubernetes/manifests \
+ --hostname-override={{.domain_name}} \
+ --cluster_dns={{.k8s_dns_service_ip}} \
+ --cluster_domain=cluster.local
+ ExecStop=-/usr/bin/rkt stop --uuid-file=/var/run/kubelet-pod.uuid
+ Restart=always
+ RestartSec=10
+ [Install]
+ WantedBy=multi-user.target
+ - name: k8s-addons.service
+ enable: true
+ contents: |
+ [Unit]
+ Description=Kubernetes Addons
+ [Service]
+ Type=oneshot
+ ExecStart=/opt/k8s-addons
+ [Install]
+ WantedBy=multi-user.target
+ {{ if eq .container_runtime "rkt" }}
+ - name: rkt-api.service
+ enable: true
+ contents: |
+ [Unit]
+ Before=kubelet.service
+ [Service]
+ ExecStart=/usr/bin/rkt api-service
+ Restart=always
+ RestartSec=10
+ [Install]
+ RequiredBy=kubelet.service
+ - name: load-rkt-stage1.service
+ enable: true
+ contents: |
+ [Unit]
+ Description=Load rkt stage1 images
+ Documentation=http://github.com/coreos/rkt
+ Requires=network-online.target
+ After=network-online.target
+ Before=rkt-api.service
+ [Service]
+ Type=oneshot
+ RemainAfterExit=yes
+ ExecStart=/usr/bin/rkt fetch /usr/lib/rkt/stage1-images/stage1-coreos.aci /usr/lib/rkt/stage1-images/stage1-fly.aci --insecure-options=image
+ [Install]
+ RequiredBy=rkt-api.service
+ {{ end }}
+ {{if ne .sysdig_access_key "" }}
+ - name: sysdig.service
+ enable: true
+ contents: |
+ [Unit]
+ Description=Sysdig Cloud Agent
+ After=docker.service
+ Requires=docker.service
+ [Service]
+ TimeoutStartSec=0
+ ExecStartPre=-/usr/bin/docker kill sysdig-agent
+ ExecStartPre=-/usr/bin/docker rm sysdig-agent
+ ExecStartPre=-/usr/bin/docker rmi sysdig-agent
+ ExecStartPre=/usr/bin/docker pull sysdig/agent
+{% endraw %}
+ ExecStart=/usr/bin/docker run --name sysdig-agent --privileged --net host --pid host -e ADDITIONAL_CONF="app_checks:\n - name: nginx\n enabled: false" -e ACCESS_KEY={{sysdig_access_key}} -e TAGS=deploy_environment:staging -v /var/lib/rkt:/host/var/lib/rkt:ro -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro sysdig/agent {% raw %}
+ ExecStop=/usr/bin/docker stop sysdig-agent
+ [Install]
+ WantedBy=multi-user.target
+ RequiredBy=k8-addons.service
+ {{ end }}
+storage:
+ filesystems:
+{% endraw %}
+{% for fs in filesystems %}
+ - name: {{fs.device}}
+ mount:
+ device: {{fs.device}}
+ format: {{fs.format}}
+ create:
+ force: {{fs.create.force}}
+{% if "options" in fs.create.keys() %}
+ options:
+{% for option in fs.create.options %}
+ - {{option}}
+{% endfor %}
+{% endif %}
+{% endfor %}{% raw %}
+ files:
+ - path: /etc/kubernetes/cni/net.d/10-flannel.conf
+ filesystem: root
+ contents:
+ inline: |
+ {
+ "name": "podnet",
+ "type": "flannel",
+ "delegate": {
+ "isDefaultGateway": true
+ }
+ }
+ - path: /etc/kubernetes/cni/docker_opts_cni.env
+ filesystem: root
+ contents:
+ inline: |
+ DOCKER_OPT_BIP=""
+ DOCKER_OPT_IPMASQ=""
+ - path: /etc/sysctl.d/max-user-watches.conf
+ filesystem: root
+ contents:
+ inline: |
+ fs.inotify.max_user_watches=16184
+ - path: /etc/kubernetes/manifests/kube-proxy.yaml
+ filesystem: root
+ contents:
+ inline: |
+ apiVersion: v1
+ kind: Pod
+ metadata:
+ name: kube-proxy
+ namespace: kube-system
+ annotations:
+ rkt.alpha.kubernetes.io/stage1-name-override: coreos.com/rkt/stage1-fly
+ spec:
+ hostNetwork: true
+ containers:
+ - name: kube-proxy
+ image: quay.io/coreos/hyperkube:{{.k8s_version}}
+ command:
+ - /hyperkube
+ - proxy
+ - --master=http://127.0.0.1:8080
+ - --cluster-cidr={{.k8s_service_ip_range}}
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - mountPath: /etc/ssl/certs
+ name: ssl-certs-host
+ readOnly: true
+ - mountPath: /var/run/dbus
+ name: dbus
+ readOnly: false
+ volumes:
+ - hostPath:
+ path: /usr/share/ca-certificates
+ name: ssl-certs-host
+ - hostPath:
+ path: /var/run/dbus
+ name: dbus
+ - path: /etc/kubernetes/manifests/kube-apiserver.yaml
+ filesystem: root
+ contents:
+ inline: |
+ apiVersion: v1
+ kind: Pod
+ metadata:
+ name: kube-apiserver
+ namespace: kube-system
+ spec:
+ hostNetwork: true
+ containers:
+ - name: kube-apiserver
+ image: quay.io/coreos/hyperkube:{{.k8s_version}}
+ command:
+ - /hyperkube
+ - apiserver
+ - --bind-address=0.0.0.0
+ - --advertise-address={{.k8s_apiserver_advertise_address}}
+ - --etcd-servers={{.k8s_etcd_endpoints}}
+ - --allow-privileged=true
+ - --service-cluster-ip-range={{.k8s_service_ip_range}}
+ - --secure-port={{.k8s_controller_port}}
+ - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota
+ - --tls-cert-file=/etc/kubernetes/ssl/apiserver.pem
+ - --tls-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
+ - --client-ca-file=/etc/kubernetes/ssl/ca.pem
+ - --service-account-key-file=/etc/kubernetes/ssl/apiserver-key.pem
+ - --runtime-config=extensions/v1beta1/networkpolicies=true
+ - --anonymous-auth=false
+ livenessProbe:
+ httpGet:
+ host: 127.0.0.1
+ port: 8080
+ path: /healthz
+ initialDelaySeconds: 15
+ timeoutSeconds: 15
+ ports:
+ - containerPort: {{.k8s_controller_port}}
+ hostPort: {{.k8s_controller_port}}
+ name: https
+ - containerPort: 8080
+ hostPort: 8080
+ name: local
+ volumeMounts:
+ - mountPath: /etc/kubernetes/ssl
+ name: ssl-certs-kubernetes
+ readOnly: true
+ - mountPath: /etc/ssl/certs
+ name: ssl-certs-host
+ readOnly: true
+ volumes:
+ - hostPath:
+ path: /etc/kubernetes/ssl
+ name: ssl-certs-kubernetes
+ - hostPath:
+ path: /usr/share/ca-certificates
+ name: ssl-certs-host
+ - path: /etc/flannel/options.env
+ filesystem: root
+ contents:
+ inline: |
+ FLANNELD_ETCD_ENDPOINTS={{.k8s_etcd_endpoints}}
+ FLANNELD_IFACE={{.k8s_flanneld_iface}}
+ - path: /etc/kubernetes/manifests/kube-controller-manager.yaml
+ filesystem: root
+ contents:
+ inline: |
+ apiVersion: v1
+ kind: Pod
+ metadata:
+ name: kube-controller-manager
+ namespace: kube-system
+ spec:
+ containers:
+ - name: kube-controller-manager
+ image: quay.io/coreos/hyperkube:{{.k8s_version}}
+ command:
+ - /hyperkube
+ - controller-manager
+ - --master=http://127.0.0.1:8080
+ - --leader-elect=true
+ - --service-account-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
+ - --root-ca-file=/etc/kubernetes/ssl/ca.pem
+ resources:
+ requests:
+ cpu: 200m
+ livenessProbe:
+ httpGet:
+ host: 127.0.0.1
+ path: /healthz
+ port: 10252
+ initialDelaySeconds: 15
+ timeoutSeconds: 15
+ volumeMounts:
+ - mountPath: /etc/kubernetes/ssl
+ name: ssl-certs-kubernetes
+ readOnly: true
+ - mountPath: /etc/ssl/certs
+ name: ssl-certs-host
+ readOnly: true
+ hostNetwork: true
+ volumes:
+ - hostPath:
+ path: /etc/kubernetes/ssl
+ name: ssl-certs-kubernetes
+ - hostPath:
+ path: /usr/share/ca-certificates
+ name: ssl-certs-host
+ - path: /etc/kubernetes/manifests/kube-scheduler.yaml
+ filesystem: root
+ contents:
+ inline: |
+ apiVersion: v1
+ kind: Pod
+ metadata:
+ name: kube-scheduler
+ namespace: kube-system
+ spec:
+ hostNetwork: true
+ containers:
+ - name: kube-scheduler
+ image: quay.io/coreos/hyperkube:{{.k8s_version}}
+ command:
+ - /hyperkube
+ - scheduler
+ - --master=http://127.0.0.1:8080
+ - --leader-elect=true
+ resources:
+ requests:
+ cpu: 100m
+ livenessProbe:
+ httpGet:
+ host: 127.0.0.1
+ path: /healthz
+ port: 10251
+ initialDelaySeconds: 15
+ timeoutSeconds: 15
+ - path: /srv/kubernetes/manifests/kube-dns-deployment.yaml
+ filesystem: root
+ contents:
+ inline: |
+ apiVersion: extensions/v1beta1
+ kind: Deployment
+ metadata:
+ name: kube-dns
+ namespace: kube-system
+ labels:
+ k8s-app: kube-dns
+ kubernetes.io/cluster-service: "true"
+ spec:
+ strategy:
+ rollingUpdate:
+ maxSurge: 10%
+ maxUnavailable: 0
+ selector:
+ matchLabels:
+ k8s-app: kube-dns
+ template:
+ metadata:
+ labels:
+ k8s-app: kube-dns
+ annotations:
+ scheduler.alpha.kubernetes.io/critical-pod: ''
+ scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
+ spec:
+ containers:
+ - name: kubedns
+ image: gcr.io/google_containers/kubedns-amd64:1.9
+ livenessProbe:
+ httpGet:
+ path: /healthz-kubedns
+ port: 8080
+ scheme: HTTP
+ initialDelaySeconds: 60
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 5
+ readinessProbe:
+ httpGet:
+ path: /readiness
+ port: 8081
+ scheme: HTTP
+ initialDelaySeconds: 3
+ timeoutSeconds: 5
+ args:
+ - --domain=cluster.local
+ - --dns-port=10053
+ - --config-map=kube-dns
+ - --v=2
+ env:
+ - name: PROMETHEUS_PORT
+ value: "10055"
+ ports:
+ - containerPort: 10053
+ name: dns-local
+ protocol: UDP
+ - containerPort: 10053
+ name: dns-tcp-local
+ protocol: TCP
+ - containerPort: 10055
+ name: metrics
+ protocol: TCP
+ - name: dnsmasq
+ image: gcr.io/google_containers/kube-dnsmasq-amd64:1.4
+ livenessProbe:
+ httpGet:
+ path: /healthz-dnsmasq
+ port: 8080
+ scheme: HTTP
+ initialDelaySeconds: 60
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 5
+ args:
+ - --cache-size=1000
+ - --no-resolv
+ - --server=127.0.0.1#10053
+ - --log-facility=-
+ ports:
+ - containerPort: 53
+ name: dns
+ protocol: UDP
+ - containerPort: 53
+ name: dns-tcp
+ protocol: TCP
+ - name: dnsmasq-metrics
+ image: gcr.io/google_containers/dnsmasq-metrics-amd64:1.0
+ livenessProbe:
+ httpGet:
+ path: /metrics
+ port: 10054
+ scheme: HTTP
+ initialDelaySeconds: 60
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 5
+ args:
+ - --v=2
+ - --logtostderr
+ ports:
+ - containerPort: 10054
+ name: metrics
+ protocol: TCP
+ - name: healthz
+ image: gcr.io/google_containers/exechealthz-amd64:1.2
+ args:
+ - --cmd=nslookup kubernetes.default.svc.cluster.local 127.0.0.1 >/dev/null
+ - --url=/healthz-dnsmasq
+ - --cmd=nslookup kubernetes.default.svc.cluster.local 127.0.0.1:10053 >/dev/null
+ - --url=/healthz-kubedns
+ - --port=8080
+ - --quiet
+ ports:
+ - containerPort: 8080
+ protocol: TCP
+ dnsPolicy: Default
+ - path: /srv/kubernetes/manifests/kube-dns-svc.yaml
+ filesystem: root
+ contents:
+ inline: |
+ apiVersion: v1
+ kind: Service
+ metadata:
+ name: kube-dns
+ namespace: kube-system
+ labels:
+ k8s-app: kube-dns
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "KubeDNS"
+ spec:
+ selector:
+ k8s-app: kube-dns
+ clusterIP: {{.k8s_dns_service_ip}}
+ ports:
+ - name: dns
+ port: 53
+ protocol: UDP
+ - name: dns-tcp
+ port: 53
+ protocol: TCP
+ - path: /srv/kubernetes/manifests/heapster-deployment.yaml
+ filesystem: root
+ contents:
+ inline: |
+ apiVersion: extensions/v1beta1
+ kind: Deployment
+ metadata:
+ name: heapster-v1.2.0
+ namespace: kube-system
+ labels:
+ k8s-app: heapster
+ kubernetes.io/cluster-service: "true"
+ version: v1.2.0
+ spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ k8s-app: heapster
+ version: v1.2.0
+ template:
+ metadata:
+ labels:
+ k8s-app: heapster
+ version: v1.2.0
+ annotations:
+ scheduler.alpha.kubernetes.io/critical-pod: ''
+ scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
+ spec:
+ containers:
+ - image: gcr.io/google_containers/heapster:v1.2.0
+ name: heapster
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 8082
+ scheme: HTTP
+ initialDelaySeconds: 180
+ timeoutSeconds: 5
+ command:
+ - /heapster
+ - --source=kubernetes.summary_api:''
+ - image: gcr.io/google_containers/addon-resizer:1.6
+ name: heapster-nanny
+ resources:
+ limits:
+ cpu: 50m
+ memory: 90Mi
+ requests:
+ cpu: 50m
+ memory: 90Mi
+ env:
+ - name: MY_POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: MY_POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ command:
+ - /pod_nanny
+ - --cpu=80m
+ - --extra-cpu=4m
+ - --memory=200Mi
+ - --extra-memory=4Mi
+ - --threshold=5
+ - --deployment=heapster-v1.2.0
+ - --container=heapster
+ - --poll-period=300000
+ - --estimator=exponential
+ - path: /srv/kubernetes/manifests/heapster-svc.yaml
+ filesystem: root
+ contents:
+ inline: |
+ kind: Service
+ apiVersion: v1
+ metadata:
+ name: heapster
+ namespace: kube-system
+ labels:
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "Heapster"
+ spec:
+ ports:
+ - port: 80
+ targetPort: 8082
+ selector:
+ k8s-app: heapster
+ - path: /srv/kubernetes/manifests/kube-dashboard-deployment.yaml
+ filesystem: root
+ contents:
+ inline: |
+ apiVersion: extensions/v1beta1
+ kind: Deployment
+ metadata:
+ name: kubernetes-dashboard
+ namespace: kube-system
+ labels:
+ k8s-app: kubernetes-dashboard
+ kubernetes.io/cluster-service: "true"
+ spec:
+ selector:
+ matchLabels:
+ k8s-app: kubernetes-dashboard
+ template:
+ metadata:
+ labels:
+ k8s-app: kubernetes-dashboard
+ annotations:
+ scheduler.alpha.kubernetes.io/critical-pod: ''
+ scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
+ spec:
+ containers:
+ - name: kubernetes-dashboard
+ image: gcr.io/google_containers/kubernetes-dashboard-amd64:v1.5.0
+ resources:
+ # keep request = limit to keep this container in guaranteed class
+ limits:
+ cpu: 100m
+ memory: 50Mi
+ requests:
+ cpu: 100m
+ memory: 50Mi
+ ports:
+ - containerPort: 9090
+ livenessProbe:
+ httpGet:
+ path: /
+ port: 9090
+ initialDelaySeconds: 30
+ timeoutSeconds: 30
+ - path: /srv/kubernetes/manifests/kube-dashboard-svc.yaml
+ filesystem: root
+ contents:
+ inline: |
+ apiVersion: v1
+ kind: Service
+ metadata:
+ name: kubernetes-dashboard
+ namespace: kube-system
+ labels:
+ k8s-app: kubernetes-dashboard
+ kubernetes.io/cluster-service: "true"
+ spec:
+ selector:
+ k8s-app: kubernetes-dashboard
+ ports:
+ - port: 80
+ targetPort: 9090
+ - path: /opt/init-flannel
+ filesystem: root
+ mode: 0544
+ contents:
+ inline: |
+ #!/bin/bash -ex
+ function init_flannel {
+ echo "Waiting for etcd..."
+ while true
+ do
+ IFS=',' read -ra ES <<< "{{.k8s_etcd_endpoints}}"
+ for ETCD in "${ES[@]}"; do
+ echo "Trying: $ETCD"
+ if [ -n "$(curl --silent "$ETCD/v2/machines")" ]; then
+ local ACTIVE_ETCD=$ETCD
+ break
+ fi
+ sleep 1
+ done
+ if [ -n "$ACTIVE_ETCD" ]; then
+ break
+ fi
+ done
+ RES=$(curl --silent -X PUT -d "value={\"Network\":\"{{.k8s_pod_network}}\",\"Backend\":{\"Type\":\"vxlan\"}}" "$ACTIVE_ETCD/v2/keys/coreos.com/network/config?prevExist=false")
+ if [ -z "$(echo $RES | grep '"action":"create"')" ] && [ -z "$(echo $RES | grep 'Key already exists')" ]; then
+ echo "Unexpected error configuring flannel pod network: $RES"
+ fi
+ }
+ init_flannel
+ {{ if eq .container_runtime "rkt" }}
+ - path: /opt/bin/host-rkt
+ filesystem: root
+ mode: 0544
+ contents:
+ inline: |
+ #!/bin/sh
+ # This is bind mounted into the kubelet rootfs and all rkt shell-outs go
+ # through this rkt wrapper. It essentially enters the host mount namespace
+ # (which it is already in) only for the purpose of breaking out of the chroot
+ # before calling rkt. It makes things like rkt gc work and avoids bind mounting
+ # in certain rkt filesystem dependancies into the kubelet rootfs. This can
+ # eventually be obviated when the write-api stuff gets upstream and rkt gc is
+ # through the api-server. Related issue:
+ # https://github.com/coreos/rkt/issues/2878
+ exec nsenter -m -u -i -n -p -t 1 -- /usr/bin/rkt "$@"
+ {{ end }}
+ - path: /opt/k8s-addons
+ filesystem: root
+ mode: 0544
+ contents:
+ inline: |
+ #!/bin/bash -ex
+ echo "Waiting for Kubernetes API..."
+ until curl --silent "http://127.0.0.1:8080/version"
+ do
+ sleep 5
+ done
+ echo "K8S: DNS addon"
+ curl --silent -H "Content-Type: application/yaml" -XPOST -d"$(cat /srv/kubernetes/manifests/kube-dns-deployment.yaml)" "http://127.0.0.1:8080/apis/extensions/v1beta1/namespaces/kube-system/deployments"
+ curl --silent -H "Content-Type: application/yaml" -XPOST -d"$(cat /srv/kubernetes/manifests/kube-dns-svc.yaml)" "http://127.0.0.1:8080/api/v1/namespaces/kube-system/services"
+ echo "K8S: Heapster addon"
+ curl --silent -H "Content-Type: application/yaml" -XPOST -d"$(cat /srv/kubernetes/manifests/heapster-deployment.yaml)" "http://127.0.0.1:8080/apis/extensions/v1beta1/namespaces/kube-system/deployments"
+ curl --silent -H "Content-Type: application/yaml" -XPOST -d"$(cat /srv/kubernetes/manifests/heapster-svc.yaml)" "http://127.0.0.1:8080/api/v1/namespaces/kube-system/services"
+ echo "K8S: Dashboard addon"
+ curl --silent -H "Content-Type: application/yaml" -XPOST -d"$(cat /srv/kubernetes/manifests/kube-dashboard-deployment.yaml)" "http://127.0.0.1:8080/apis/extensions/v1beta1/namespaces/kube-system/deployments"
+ curl --silent -H "Content-Type: application/yaml" -XPOST -d"$(cat /srv/kubernetes/manifests/kube-dashboard-svc.yaml)" "http://127.0.0.1:8080/api/v1/namespaces/kube-system/services"
+ - path: "/etc/modules-load.d/rbd.conf"
+ filesystem: root
+ contents:
+ inline: |
+ rbd
+ - path: "/opt/bin/ceph-rbdnamer"
+ filesystem: root
+ mode: 0755
+ contents:
+ inline: |
+ #!/bin/sh
+ DEV=$1
+ NUM=`echo $DEV | sed 's#p.*##g' | tr -d 'a-z'`
+ POOL=`cat /sys/devices/rbd/$NUM/pool`
+ IMAGE=`cat /sys/devices/rbd/$NUM/name`
+ SNAP=`cat /sys/devices/rbd/$NUM/current_snap`
+ if [ "$SNAP" = "-" ]; then
+ echo -n "$POOL $IMAGE"
+ else
+ echo -n "$POOL $IMAGE@$SNAP"
+ fi
+ - path: "/etc/udev/rules.d/50-rbd.rules"
+ filesystem: root
+ contents:
+ inline: |
+ KERNEL=="rbd[0-9]*", ENV{DEVTYPE}=="disk", PROGRAM="/opt/bin/ceph-rbdnamer %k", SYMLINK+="rbd/%c{1}/%c{2}"
+ KERNEL=="rbd[0-9]*", ENV{DEVTYPE}=="partition", PROGRAM="/opt/bin/ceph-rbdnamer %k", SYMLINK+="rbd/%c{1}/%c{2}-part%n"
+ - path: /etc/ssh/sshd_config
+ filesystem: root
+ mode: 0600
+ user:
+ id: 0
+ group:
+ id: 0
+ contents:
+ inline: |
+ UsePrivilegeSeparation sandbox
+ Subsystem sftp internal-sftp
+ ClientAliveInterval 180
+ UseDNS no
+ ListenAddress {{.ssh_ip}}
+{{ if index . "ssh_authorized_keys" }}
+passwd:
+ users:
+ - name: core
+ ssh_authorized_keys:
+ {{ range $element := .ssh_authorized_keys }}
+ - {{$element}}
+ {{end}}
+{{end}}{% endraw %}
diff --git a/ansible/roles/ansible-vvp-bootstrap/templates/ignition/coreos-install.yaml.j2 b/ansible/roles/ansible-vvp-bootstrap/templates/ignition/coreos-install.yaml.j2
new file mode 100755
index 0000000..30cd838
--- /dev/null
+++ b/ansible/roles/ansible-vvp-bootstrap/templates/ignition/coreos-install.yaml.j2
@@ -0,0 +1,107 @@
+{#
+-*- encoding: utf-8 -*-
+============LICENSE_START=======================================================
+org.onap.vvp/engagementmgr
+===================================================================
+Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+===================================================================
+
+Unless otherwise specified, all software contained herein is licensed
+under the Apache License, Version 2.0 (the “License”);
+you may not use this software except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+
+
+Unless otherwise specified, all documentation contained herein is licensed
+under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+you may not use this documentation except in compliance with the License.
+You may obtain a copy of the License at
+
+ https://creativecommons.org/licenses/by/4.0/
+
+Unless required by applicable law or agreed to in writing, documentation
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+============LICENSE_END============================================
+
+ ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#}
+---
+storage:
+ disks:
+{% for disk in disks %}
+ - device: {{disk.device}}
+ wipe_table: {{disk.wipe_table}}
+{% for partition in disk.partitions %}
+ partitions:
+ - label: {{partition.label}}
+ number: {{partition.number}}
+{% endfor %}
+{% endfor %}
+ filesystems:
+{% for fs in filesystems if not "sda" in fs.device %}
+ - name: {{fs.name}}
+ mount:
+ device: "{{fs.device}}"
+ format: "{{fs.format}}"
+ create:
+ force: {{fs.create.force}}
+{% if "options" in fs.create.keys() %}
+ options:
+{% for option in fs.create.options %}
+ - "{{option}}"
+{% endfor %}
+{% endif %}
+{% endfor %}
+systemd:
+ units:
+{% for mount in mounts %}
+ - name: {{mount.name}}.mount
+ enable: true
+ contents: |
+ [Mount]
+ What={{mount.dev}}
+ Where={{mount.dest}}
+ Type={{mount.type}}
+ [Install]
+ WantedBy=local-fs.target
+{% endfor %}
+ - name: install.service
+ enable: true
+ contents: |
+ [Unit]
+ Requires=network-online.target
+ After=network-online.target
+ Requires=systemd-networkd.socket
+ After=systemd-networkd.socket
+ [Service]
+ Type=oneshot
+ ExecStartPre=/usr/lib/systemd/systemd-networkd-wait-online {% raw %}
+ ExecStart=/usr/bin/curl {{.ignition_endpoint}}?{{.request.raw_query}}&os=installed -o ignition.json
+ ExecStart=/usr/bin/coreos-install -d /dev/sda -C {{.coreos_channel}} -V {{.coreos_version}} -b http://{% endraw %}{{ops_management_ip}}{% raw %}:8080/assets/coreos -i ignition.json
+ ExecStart=/usr/bin/udevadm settle
+ ExecStart=/usr/bin/systemctl reboot
+ [Install]
+ WantedBy=multi-user.target
+{{ if .ssh_authorized_keys }}
+passwd:
+ users:
+ - name: core
+ ssh_authorized_keys:
+ {{ range $element := .ssh_authorized_keys }}
+ - {{$element}}
+ {{end}}
+{{end}}
+{% endraw %}
diff --git a/ansible/roles/ansible-vvp-bootstrap/templates/ignition/worker.yaml.j2 b/ansible/roles/ansible-vvp-bootstrap/templates/ignition/worker.yaml.j2
new file mode 100755
index 0000000..701559b
--- /dev/null
+++ b/ansible/roles/ansible-vvp-bootstrap/templates/ignition/worker.yaml.j2
@@ -0,0 +1,397 @@
+{#
+-*- encoding: utf-8 -*-
+============LICENSE_START=======================================================
+org.onap.vvp/engagementmgr
+===================================================================
+Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+===================================================================
+
+Unless otherwise specified, all software contained herein is licensed
+under the Apache License, Version 2.0 (the “License”);
+you may not use this software except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+
+
+Unless otherwise specified, all documentation contained herein is licensed
+under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+you may not use this documentation except in compliance with the License.
+You may obtain a copy of the License at
+
+ https://creativecommons.org/licenses/by/4.0/
+
+Unless required by applicable law or agreed to in writing, documentation
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+============LICENSE_END============================================
+
+ ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#}
+---
+{% raw %}
+systemd:
+ units:
+ - name: sshd.socket
+ enable: true
+ contents: |
+ [Unit]
+ Description=OpenSSH Server Socket
+ Conflicts=sshd.service
+
+ [Socket]
+ ListenStream={{.ssh_ip}}:22
+ FreeBind=true
+ Accept=yes
+
+ [Install]
+ WantedBy=sockets.target
+ - name: etcd2.service
+ enable: true
+ dropins:
+ - name: 40-etcd-cluster.conf
+ contents: |
+ [Service]
+ Environment="ETCD_NAME={{.etcd_name}}"
+ Environment="ETCD_ADVERTISE_CLIENT_URLS=http://{{.domain_name}}:2379"
+ Environment="ETCD_INITIAL_ADVERTISE_PEER_URLS={{.etcd_initial_peers}}"
+ Environment="ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379"
+ Environment="ETCD_LISTEN_PEER_URLS=http://0.0.0.0:2380"
+ Environment="ETCD_INITIAL_CLUSTER={{.etcd_initial_cluster}}"
+ Environment="ETCD_STRICT_RECONFIG_CHECK=true"
+ - name: flanneld.service
+ dropins:
+ - name: 40-add-options.conf
+ contents: |
+ [Service]
+ EnvironmentFile=-/etc/flannel/options.env
+ - name: docker.service
+ dropins:
+ - name: 40-flannel.conf
+ contents: |
+ [Unit]
+ Requires=flanneld.service
+ After=flanneld.service
+ [Service]
+ EnvironmentFile=/etc/kubernetes/cni/docker_opts_cni.env
+ - name: locksmithd.service
+ dropins:
+ - name: 40-etcd-lock.conf
+ contents: |
+ [Service]
+ Environment="REBOOT_STRATEGY=off"
+ - name: k8s-certs@.service
+ contents: |
+ [Unit]
+ Description=Fetch Kubernetes certificate assets
+ Requires=network-online.target
+ After=network-online.target
+ [Service]
+ ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/ssl
+ ExecStart=/usr/bin/bash -c "[ -f /etc/kubernetes/ssl/%i ] || curl {{.k8s_cert_endpoint}}/tls/%i -o /etc/kubernetes/ssl/%i"
+ - name: k8s-assets.target
+ contents: |
+ [Unit]
+ Description=Load Kubernetes Assets
+ Requires=k8s-certs@worker.pem.service
+ After=k8s-certs@worker.pem.service
+ Requires=k8s-certs@worker-key.pem.service
+ After=k8s-certs@worker-key.pem.service
+ Requires=k8s-certs@ca.pem.service
+ After=k8s-certs@ca.pem.service
+ - name: kubelet.service
+ enable: true
+ contents: |
+ [Unit]
+ Description=Kubelet via Hyperkube ACI
+ Requires=k8s-assets.target
+ After=k8s-assets.target
+ [Service]
+ Environment=KUBELET_VERSION={{.k8s_version}}
+ Environment="RKT_OPTS=--uuid-file-save=/var/run/kubelet-pod.uuid \
+ --volume dns,kind=host,source=/etc/resolv.conf \
+ --mount volume=dns,target=/etc/resolv.conf \
+ {{ if eq .container_runtime "rkt" -}}
+ --volume rkt,kind=host,source=/opt/bin/host-rkt \
+ --mount volume=rkt,target=/usr/bin/rkt \
+ --volume var-lib-rkt,kind=host,source=/var/lib/rkt \
+ --mount volume=var-lib-rkt,target=/var/lib/rkt \
+ --volume stage,kind=host,source=/tmp \
+ --mount volume=stage,target=/tmp \
+ {{ end -}}
+ --volume modprobe,kind=host,source=/usr/sbin/modprobe \
+ --mount volume=modprobe,target=/usr/sbin/modprobe \
+ --volume lib-modules,kind=host,source=/lib/modules \
+ --mount volume=lib-modules,target=/lib/modules \
+ --volume mkfsxfs,kind=host,source=/usr/sbin/mkfs.xfs \
+ --mount volume=mkfsxfs,target=/usr/sbin/mkfs.xfs \
+ --volume libxfs,kind=host,source=/lib64/libxfs.so.0 \
+ --mount volume=libxfs,target=/lib64/libxfs.so.0 \
+ --volume var-log,kind=host,source=/var/log \
+ --mount volume=var-log,target=/var/log"
+ ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/manifests
+ ExecStartPre=/usr/bin/mkdir -p /var/log/containers
+ ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/run/kubelet-pod.uuid
+ ExecStart=/usr/lib/coreos/kubelet-wrapper \
+ --api-servers={{.k8s_controller_endpoint}} \
+ --cni-conf-dir=/etc/kubernetes/cni/net.d \
+ --network-plugin=cni \
+ --container-runtime={{.container_runtime}} \
+ --rkt-path=/usr/bin/rkt \
+ --rkt-stage1-image=coreos.com/rkt/stage1-coreos \
+ --register-node=true \
+ --allow-privileged=true \
+ --pod-manifest-path=/etc/kubernetes/manifests \
+ --hostname-override={{.domain_name}} \
+ --cluster_dns={{.k8s_dns_service_ip}} \
+ --cluster_domain=cluster.local \
+ --kubeconfig=/etc/kubernetes/worker-kubeconfig.yaml \
+ --tls-cert-file=/etc/kubernetes/ssl/worker.pem \
+ --tls-private-key-file=/etc/kubernetes/ssl/worker-key.pem
+ ExecStop=-/usr/bin/rkt stop --uuid-file=/var/run/kubelet-pod.uuid
+ Restart=always
+ RestartSec=10
+ [Install]
+ WantedBy=multi-user.target
+ {{ if eq .container_runtime "rkt" }}
+ - name: rkt-api.service
+ enable: true
+ contents: |
+ [Unit]
+ Before=kubelet.service
+ [Service]
+ ExecStart=/usr/bin/rkt api-service
+ Restart=always
+ RestartSec=10
+ [Install]
+ RequiredBy=kubelet.service
+ - name: load-rkt-stage1.service
+ enable: true
+ contents: |
+ [Unit]
+ Description=Load rkt stage1 images
+ Documentation=http://github.com/coreos/rkt
+ Requires=network-online.target
+ After=network-online.target
+ Before=rkt-api.service
+ [Service]
+ Type=oneshot
+ RemainAfterExit=yes
+ ExecStart=/usr/bin/rkt fetch /usr/lib/rkt/stage1-images/stage1-coreos.aci /usr/lib/rkt/stage1-images/stage1-fly.aci --insecure-options=image
+ [Install]
+ RequiredBy=rkt-api.service
+ {{ end }}
+ {{if ne .sysdig_access_key "" }}
+ - name: sysdig.service
+ enable: true
+ contents: |
+ [Unit]
+ Description=Sysdig Cloud Agent
+ After=docker.service
+ Requires=docker.service
+ [Service]
+ TimeoutStartSec=0
+ ExecStartPre=-/usr/bin/docker kill sysdig-agent
+ ExecStartPre=-/usr/bin/docker rm sysdig-agent
+ ExecStartPre=-/usr/bin/docker rmi sysdig-agent
+ ExecStartPre=/usr/bin/docker pull sysdig/agent
+{% endraw %}
+ ExecStart=/usr/bin/docker run --name sysdig-agent --privileged --net host --pid host -e ADDITIONAL_CONF="app_checks:\n - name: nginx\n enabled: false" -e ACCESS_KEY={{sysdig_access_key}} -e TAGS=deploy_environment:{{ice_environment}} -v /var/lib/rkt:/host/var/lib/rkt:ro -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro sysdig/agent {% raw %}
+ ExecStop=/usr/bin/docker stop sysdig-agent
+ [Install]
+ WantedBy=multi-user.target
+ RequiredBy=k8-addons.service
+ {{ end }}
+storage:
+ filesystems:
+{% endraw %}
+{% for fs in filesystems %}
+ - name: {{fs.device}}
+ mount:
+ device: {{fs.device}}
+ format: {{fs.format}}
+ create:
+ force: {{fs.create.force}}
+{% if "options" in fs.create.keys() %}
+ options:
+{% for option in fs.create.options %}
+ - {{option}}
+{% endfor %}
+{% endif %}
+{% endfor %}{% raw %}
+ files:
+ - path: /etc/kubernetes/cni/net.d/10-flannel.conf
+ filesystem: root
+ contents:
+ inline: |
+ {
+ "name": "podnet",
+ "type": "flannel",
+ "delegate": {
+ "isDefaultGateway": true
+ }
+ }
+ - path: /etc/kubernetes/cni/docker_opts_cni.env
+ filesystem: root
+ contents:
+ inline: |
+ DOCKER_OPT_BIP=""
+ DOCKER_OPT_IPMASQ=""
+ - path: /etc/sysctl.d/max-user-watches.conf
+ filesystem: root
+ contents:
+ inline: |
+ fs.inotify.max_user_watches=16184
+ - path: /etc/kubernetes/worker-kubeconfig.yaml
+ filesystem: root
+ contents:
+ inline: |
+ apiVersion: v1
+ kind: Config
+ clusters:
+ - name: local
+ cluster:
+ certificate-authority: /etc/kubernetes/ssl/ca.pem
+ users:
+ - name: kubelet
+ user:
+ client-certificate: /etc/kubernetes/ssl/worker.pem
+ client-key: /etc/kubernetes/ssl/worker-key.pem
+ contexts:
+ - context:
+ cluster: local
+ user: kubelet
+ name: kubelet-context
+ current-context: kubelet-context
+ - path: /etc/kubernetes/manifests/kube-proxy.yaml
+ filesystem: root
+ contents:
+ inline: |
+ apiVersion: v1
+ kind: Pod
+ metadata:
+ name: kube-proxy
+ namespace: kube-system
+ annotations:
+ rkt.alpha.kubernetes.io/stage1-name-override: coreos.com/rkt/stage1-fly
+ spec:
+ hostNetwork: true
+ containers:
+ - name: kube-proxy
+ image: quay.io/coreos/hyperkube:{{.k8s_version}}
+ command:
+ - /hyperkube
+ - proxy
+ - --master={{.k8s_controller_endpoint}}
+ - --kubeconfig=/etc/kubernetes/worker-kubeconfig.yaml
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - mountPath: /etc/ssl/certs
+ name: "ssl-certs"
+ - mountPath: /etc/kubernetes/worker-kubeconfig.yaml
+ name: "kubeconfig"
+ readOnly: true
+ - mountPath: /etc/kubernetes/ssl
+ name: "etc-kube-ssl"
+ readOnly: true
+ - mountPath: /var/run/dbus
+ name: dbus
+ readOnly: false
+ volumes:
+ - name: "ssl-certs"
+ hostPath:
+ path: "/usr/share/ca-certificates"
+ - name: "kubeconfig"
+ hostPath:
+ path: "/etc/kubernetes/worker-kubeconfig.yaml"
+ - name: "etc-kube-ssl"
+ hostPath:
+ path: "/etc/kubernetes/ssl"
+ - hostPath:
+ path: /var/run/dbus
+ name: dbus
+ - path: /etc/flannel/options.env
+ filesystem: root
+ contents:
+ inline: |
+ FLANNELD_ETCD_ENDPOINTS={{.k8s_etcd_endpoints}}
+ FLANNELD_IFACE={{.k8s_flanneld_iface}}
+ {{ if eq .container_runtime "rkt" }}
+ - path: /opt/bin/host-rkt
+ filesystem: root
+ mode: 0544
+ contents:
+ inline: |
+ #!/bin/sh
+ # This is bind mounted into the kubelet rootfs and all rkt shell-outs go
+ # through this rkt wrapper. It essentially enters the host mount namespace
+ # (which it is already in) only for the purpose of breaking out of the chroot
+ # before calling rkt. It makes things like rkt gc work and avoids bind mounting
+ # in certain rkt filesystem dependancies into the kubelet rootfs. This can
+ # eventually be obviated when the write-api stuff gets upstream and rkt gc is
+ # through the api-server. Related issue:
+ # https://github.com/coreos/rkt/issues/2878
+ exec nsenter -m -u -i -n -p -t 1 -- /usr/bin/rkt "$@"
+ {{ end }}
+ - path: "/etc/modules-load.d/rbd.conf"
+ filesystem: root
+ contents:
+ inline: |
+ rbd
+ - path: "/opt/bin/ceph-rbdnamer"
+ filesystem: root
+ mode: 0755
+ contents:
+ inline: |
+ #!/bin/sh
+ DEV=$1
+ NUM=`echo $DEV | sed 's#p.*##g' | tr -d 'a-z'`
+ POOL=`cat /sys/devices/rbd/$NUM/pool`
+ IMAGE=`cat /sys/devices/rbd/$NUM/name`
+ SNAP=`cat /sys/devices/rbd/$NUM/current_snap`
+ if [ "$SNAP" = "-" ]; then
+ echo -n "$POOL $IMAGE"
+ else
+ echo -n "$POOL $IMAGE@$SNAP"
+ fi
+ - path: "/etc/udev/rules.d/50-rbd.rules"
+ filesystem: root
+ contents:
+ inline: |
+ KERNEL=="rbd[0-9]*", ENV{DEVTYPE}=="disk", PROGRAM="/opt/bin/ceph-rbdnamer %k", SYMLINK+="rbd/%c{1}/%c{2}"
+ KERNEL=="rbd[0-9]*", ENV{DEVTYPE}=="partition", PROGRAM="/opt/bin/ceph-rbdnamer %k", SYMLINK+="rbd/%c{1}/%c{2}-part%n"
+ - path: /etc/ssh/sshd_config
+ filesystem: root
+ mode: 0600
+ user:
+ id: 0
+ group:
+ id: 0
+ contents:
+ inline: |
+ # Use most defaults for sshd configuration.
+ UsePrivilegeSeparation sandbox
+ Subsystem sftp internal-sftp
+ ClientAliveInterval 180
+ UseDNS no
+ ListenAddress {{.ssh_ip}}
+{{ if index . "ssh_authorized_keys" }}
+passwd:
+ users:
+ - name: core
+ ssh_authorized_keys:
+ {{ range $element := .ssh_authorized_keys }}
+ - {{$element}}
+ {{end}}
+{{end}}{% endraw %}
diff --git a/ansible/roles/ansible-vvp-bootstrap/templates/kubeconfig.j2 b/ansible/roles/ansible-vvp-bootstrap/templates/kubeconfig.j2
new file mode 100755
index 0000000..a8e03bf
--- /dev/null
+++ b/ansible/roles/ansible-vvp-bootstrap/templates/kubeconfig.j2
@@ -0,0 +1,56 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+apiVersion: v1
+kind: Config
+users:
+- name: bootcfg-user
+ user:
+ client-certificate-data: {{ADMIN_CERT_BASE64.stdout}}
+ client-key-data: {{ADMIN_KEY_BASE64.stdout}}
+clusters:
+- name: bootcfg-cluster
+ cluster:
+ certificate-authority-data: {{CA_CERT_BASE64.stdout}}
+ server: https://{{(hosts|selectattr('role', 'equalto', 'controller')|first).name}}.{{domain}}:{{k8s_controller_port}}
+contexts:
+- context:
+ cluster: bootcfg-cluster
+ user: bootcfg-user
+ name: bootcfg-context
+current-context: bootcfg-context
diff --git a/ansible/roles/ansible-vvp-bootstrap/templates/openssl.config.j2 b/ansible/roles/ansible-vvp-bootstrap/templates/openssl.config.j2
new file mode 100755
index 0000000..3d44c5b
--- /dev/null
+++ b/ansible/roles/ansible-vvp-bootstrap/templates/openssl.config.j2
@@ -0,0 +1,73 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+[req]
+req_extensions = v3_req
+distinguished_name = req_distinguished_name
+
+[req_distinguished_name]
+
+[ v3_req ]
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.101 = kubernetes
+DNS.102 = kubernetes.default
+DNS.103 = kubernetes.default.svc
+DNS.104 = kubernetes.default.svc.cluster.local
+{% if item == "apiserver" %}
+IP.200 = 10.3.0.1
+ {% for controller in hosts|selectattr('role', 'equalto', 'controller') %}
+ {%- set count = loop.index %}
+ {%- for entry in controller.dnsmasq_config %}
+IP.{{count}}{{loop.index}} = {{entry.split(',')[1]}}
+DNS.{{count}}{{loop.index}} = {{entry.split(',')[2]}}.{{domain}}
+{% endfor %}
+ {%- endfor %}
+{%- elif item == "worker" %}
+ {%- for worker in hosts|selectattr('role', 'equalto', 'worker') %}
+ {%- set count = loop.index %}
+ {%- for entry in worker.dnsmasq_config %}
+IP.{{count}}{{loop.index }} = {{entry.split(',')[1]}}
+DNS.{{count}}{{loop.index }} = {{entry.split(',')[2]}}.{{domain}}
+{% endfor %}
+ {%- endfor %}
+# workers
+{% endif %}
diff --git a/ansible/roles/ansible-vvp-bootstrap/templates/profiles/controller.json.j2 b/ansible/roles/ansible-vvp-bootstrap/templates/profiles/controller.json.j2
new file mode 100755
index 0000000..11b8cd0
--- /dev/null
+++ b/ansible/roles/ansible-vvp-bootstrap/templates/profiles/controller.json.j2
@@ -0,0 +1,56 @@
+{#
+-*- encoding: utf-8 -*-
+============LICENSE_START=======================================================
+org.onap.vvp/engagementmgr
+===================================================================
+Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+===================================================================
+
+Unless otherwise specified, all software contained herein is licensed
+under the Apache License, Version 2.0 (the “License”);
+you may not use this software except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+
+
+Unless otherwise specified, all documentation contained herein is licensed
+under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+you may not use this documentation except in compliance with the License.
+You may obtain a copy of the License at
+
+ https://creativecommons.org/licenses/by/4.0/
+
+Unless required by applicable law or agreed to in writing, documentation
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+============LICENSE_END============================================
+
+ ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#}
+{
+ "id": "controller",
+ "name": "Kubernetes Controller",
+ "boot": {
+ "kernel": "/assets/coreos/{{coreos_version}}/coreos_production_pxe.vmlinuz",
+ "initrd": ["/assets/coreos/{{coreos_version}}/coreos_production_pxe_image.cpio.gz"],
+ "cmdline": {
+ "root": "/dev/sda1",
+ "coreos.config.url": "http://{{ops_management_ip}}:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}&os=installed",
+ "coreos.autologin": "",
+ "coreos.first_boot": ""
+ }
+ },
+ "cloud_id": "",
+ "ignition_id": "controller.yaml"
+}
diff --git a/ansible/roles/ansible-vvp-bootstrap/templates/profiles/install-reboot.json.j2 b/ansible/roles/ansible-vvp-bootstrap/templates/profiles/install-reboot.json.j2
new file mode 100755
index 0000000..ed4d0df
--- /dev/null
+++ b/ansible/roles/ansible-vvp-bootstrap/templates/profiles/install-reboot.json.j2
@@ -0,0 +1,55 @@
+{#
+-*- encoding: utf-8 -*-
+============LICENSE_START=======================================================
+org.onap.vvp/engagementmgr
+===================================================================
+Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+===================================================================
+
+Unless otherwise specified, all software contained herein is licensed
+under the Apache License, Version 2.0 (the “License”);
+you may not use this software except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+
+
+Unless otherwise specified, all documentation contained herein is licensed
+under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+you may not use this documentation except in compliance with the License.
+You may obtain a copy of the License at
+
+ https://creativecommons.org/licenses/by/4.0/
+
+Unless required by applicable law or agreed to in writing, documentation
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+============LICENSE_END============================================
+
+ ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#}
+{
+ "id": "install-reboot",
+ "name": "Install CoreOS and Reboot",
+ "boot": {
+ "kernel": "/assets/coreos/{{coreos_version}}/coreos_production_pxe.vmlinuz",
+ "initrd": ["/assets/coreos/{{coreos_version}}/coreos_production_pxe_image.cpio.gz"],
+ "cmdline": {
+ "coreos.config.url": "http://{{ops_management_ip}}:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
+ "coreos.autologin": "",
+ "coreos.first_boot": ""
+ }
+ },
+ "cloud_id": "",
+ "ignition_id": "coreos-install.yaml"
+}
diff --git a/ansible/roles/ansible-vvp-bootstrap/templates/profiles/worker.json.j2 b/ansible/roles/ansible-vvp-bootstrap/templates/profiles/worker.json.j2
new file mode 100755
index 0000000..6eb3f24
--- /dev/null
+++ b/ansible/roles/ansible-vvp-bootstrap/templates/profiles/worker.json.j2
@@ -0,0 +1,56 @@
+{#
+-*- encoding: utf-8 -*-
+============LICENSE_START=======================================================
+org.onap.vvp/engagementmgr
+===================================================================
+Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+===================================================================
+
+Unless otherwise specified, all software contained herein is licensed
+under the Apache License, Version 2.0 (the “License”);
+you may not use this software except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+
+
+Unless otherwise specified, all documentation contained herein is licensed
+under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+you may not use this documentation except in compliance with the License.
+You may obtain a copy of the License at
+
+ https://creativecommons.org/licenses/by/4.0/
+
+Unless required by applicable law or agreed to in writing, documentation
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+============LICENSE_END============================================
+
+ ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#}
+{
+ "id": "worker",
+ "name": "Kubernetes Worker",
+ "boot": {
+ "kernel": "/assets/coreos/{{coreos_version}}/coreos_production_pxe.vmlinuz",
+ "initrd": ["/assets/coreos/{{coreos_version}}/coreos_production_pxe_image.cpio.gz"],
+ "cmdline": {
+ "root": "/dev/sda1",
+ "coreos.config.url": "http://{{ops_management_ip}}:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}",
+ "coreos.autologin": "",
+ "coreos.first_boot": ""
+ }
+ },
+ "cloud_id": "",
+ "ignition_id": "worker.yaml"
+}
diff --git a/ansible/simple-deploy.yml b/ansible/simple-deploy.yml
new file mode 100755
index 0000000..6d43884
--- /dev/null
+++ b/ansible/simple-deploy.yml
@@ -0,0 +1,55 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+- hosts: localhost
+ connection: local
+ gather_facts: False
+ tasks:
+ - name: Deploy Secrets, configmaps, and Services | Deploy
+ kubectl_apply_manifest:
+ manifest: "{{item}}"
+ with_fileglob:
+ - "{{k8_config_dir}}/secrets/*"
+ - "{{k8_config_dir}}/configmaps/*"
+ - "{{k8_config_dir}}/services/*"
+ - "{{k8_config_dir}}/jobs/*"
+
+ - name: Create deployment | Create Deployment
+ kubectl_apply_manifest:
+ manifest: "{{item}}"
+ with_fileglob: "{{k8_config_dir}}/deployments/*"
diff --git a/bin/vvp-deploy b/bin/vvp-deploy
new file mode 100755
index 0000000..af41d91
--- /dev/null
+++ b/bin/vvp-deploy
@@ -0,0 +1,42 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+set -e
+ansible-playbook ${DEVKIT_DIR}/ansible/application.yml -i ${DEVKIT_ZONE_DIR}/inventory -v
+ansible-playbook ${DEVKIT_DIR}/ansible/simple-deploy.yml -i ${DEVKIT_ZONE_DIR}/inventory -v
+
diff --git a/bin/vvp-install-box b/bin/vvp-install-box
new file mode 100755
index 0000000..5b05cb8
--- /dev/null
+++ b/bin/vvp-install-box
@@ -0,0 +1,45 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#! /bin/bash
+
+vagrant box remove vvp-empty
+cd ${DEVKIT_DIR}/boxes/vvp-empty/0.0.0/virtualbox/ &&
+tar -czvf vvp-empty.box * && vagrant box add `pwd`/vvp-empty.box --name vvp-empty
+rm vvp-empty.box
+cd $OLDPWD
diff --git a/bin/vvp-rescale b/bin/vvp-rescale
new file mode 100755
index 0000000..fa292d0
--- /dev/null
+++ b/bin/vvp-rescale
@@ -0,0 +1,45 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#!/bin/bash
+
+for deployment in `kubectl get deployments | awk '{print $1}'`
+ do
+ kubectl scale --replicas=0 deployment $deployment
+ kubectl scale --replicas=1 deployment $deployment
+done
diff --git a/boxes/vvp-empty/0.0.0/virtualbox/Vagrantfile b/boxes/vvp-empty/0.0.0/virtualbox/Vagrantfile
new file mode 100755
index 0000000..0e079f8
--- /dev/null
+++ b/boxes/vvp-empty/0.0.0/virtualbox/Vagrantfile
@@ -0,0 +1,83 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+# -*- mode: ruby -*-
+# # vi: set ft=ruby :
+
+if Vagrant::VERSION < "1.6.0"
+ raise "Need at least vagrant version 1.6.0, please update"
+end
+
+require_relative 'change_host_name.rb'
+require_relative 'configure_networks.rb'
+require_relative 'base_mac.rb'
+
+Vagrant.configure("2") do |config|
+ # always use Vagrants insecure key
+ config.ssh.insert_key = false
+
+ # SSH in as the default 'core' user, it has the vagrant ssh key.
+ config.ssh.username = "core"
+
+ # Disable the base shared folder, guest additions are unavailable.
+ config.vm.synced_folder ".", "/vagrant", disabled: true
+
+ config.vm.provider :virtualbox do |vb|
+ # Guest Additions are unavailable.
+ vb.check_guest_additions = false
+ vb.functional_vboxsf = false
+
+ # Fix docker not being able to resolve private registry in VirtualBox
+ vb.customize ["modifyvm", :id, "--natdnshostresolver1", "off"]
+ vb.customize ["modifyvm", :id, "--natdnsproxy1", "off"]
+ vb.customize ['modifyvm', :id, "--boot1", "disk"]
+ vb.customize ['modifyvm', :id, "--boot2", "net"]
+ vb.customize ['setextradata', :id, "VBoxInternal/Devices/pcbios/0/Config/LanBootRom", File.join(File.dirname(__FILE__),"/files/intel--virtio-net--pcnet32.isarom")]
+
+ end
+
+ config.vm.provider :vmware_fusion do |vf|
+ vf.functional_hgfs = false
+ end
+
+ config.vm.provider :parallels do |prl|
+ # Guest Tools are unavailable.
+ prl.check_guest_tools = false
+ prl.functional_psf = false
+ end
+ end
diff --git a/boxes/vvp-empty/0.0.0/virtualbox/base_mac.rb b/boxes/vvp-empty/0.0.0/virtualbox/base_mac.rb
new file mode 100755
index 0000000..6877374
--- /dev/null
+++ b/boxes/vvp-empty/0.0.0/virtualbox/base_mac.rb
@@ -0,0 +1,41 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+Vagrant.configure("2") do |config|
+ config.vm.base_mac = "080027DBFA4A"
+end
diff --git a/boxes/vvp-empty/0.0.0/virtualbox/box.ovf b/boxes/vvp-empty/0.0.0/virtualbox/box.ovf
new file mode 100755
index 0000000..1cbc01e
--- /dev/null
+++ b/boxes/vvp-empty/0.0.0/virtualbox/box.ovf
@@ -0,0 +1,257 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+<?xml version="1.0"?>
+<Envelope ovf:version="1.0" xml:lang="en-US" xmlns="http://schemas.dmtf.org/ovf/envelope/1" xmlns:ovf="http://schemas.dmtf.org/ovf/envelope/1" xmlns:rasd="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_ResourceAllocationSettingData" xmlns:vssd="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_VirtualSystemSettingData" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:vbox="http://www.virtualbox.org/ovf/machine">
+ <References>
+ <File ovf:href="vvp_empty_vagrant_image.vmdk" ovf:id="file1"/>
+ </References>
+ <DiskSection>
+ <Info>List of the virtual disks used in the package</Info>
+ <Disk ovf:capacity="19818086400" ovf:diskId="vmdisk1" ovf:fileRef="file1" ovf:format="http://www.vmware.com/interfaces/specifications/vmdk.html#streamOptimized" vbox:uuid="80707dc6-2f5b-4c66-aa82-9c0873514edd"/>
+ </DiskSection>
+ <NetworkSection>
+ <Info>Logical networks used in the package</Info>
+ <Network ovf:name="NAT">
+ <Description>Logical network used by this appliance.</Description>
+ </Network>
+ </NetworkSection>
+ <VirtualSystem ovf:id="vvp_empty_vagrant-0-0-0">
+ <Info>A virtual machine</Info>
+ <OperatingSystemSection ovf:id="100">
+ <Info>The kind of installed guest operating system</Info>
+ <Description>Linux26_64</Description>
+ <vbox:OSType ovf:required="false">Linux26_64</vbox:OSType>
+ </OperatingSystemSection>
+ <VirtualHardwareSection>
+ <Info>Virtual hardware requirements for a virtual machine</Info>
+ <System>
+ <vssd:ElementName>Virtual Hardware Family</vssd:ElementName>
+ <vssd:InstanceID>0</vssd:InstanceID>
+ <vssd:VirtualSystemIdentifier>vvp_empty_vagrant-0-0-0</vssd:VirtualSystemIdentifier>
+ <vssd:VirtualSystemType>virtualbox-2.2</vssd:VirtualSystemType>
+ </System>
+ <Item>
+ <rasd:Caption>1 virtual CPU</rasd:Caption>
+ <rasd:Description>Number of virtual CPUs</rasd:Description>
+ <rasd:ElementName>1 virtual CPU</rasd:ElementName>
+ <rasd:InstanceID>1</rasd:InstanceID>
+ <rasd:ResourceType>3</rasd:ResourceType>
+ <rasd:VirtualQuantity>1</rasd:VirtualQuantity>
+ </Item>
+ <Item>
+ <rasd:AllocationUnits>MegaBytes</rasd:AllocationUnits>
+ <rasd:Caption>1024 MB of memory</rasd:Caption>
+ <rasd:Description>Memory Size</rasd:Description>
+ <rasd:ElementName>1024 MB of memory</rasd:ElementName>
+ <rasd:InstanceID>2</rasd:InstanceID>
+ <rasd:ResourceType>4</rasd:ResourceType>
+ <rasd:VirtualQuantity>1024</rasd:VirtualQuantity>
+ </Item>
+ <Item>
+ <rasd:Address>0</rasd:Address>
+ <rasd:Caption>ideController0</rasd:Caption>
+ <rasd:Description>IDE Controller</rasd:Description>
+ <rasd:ElementName>ideController0</rasd:ElementName>
+ <rasd:InstanceID>3</rasd:InstanceID>
+ <rasd:ResourceSubType>PIIX4</rasd:ResourceSubType>
+ <rasd:ResourceType>5</rasd:ResourceType>
+ </Item>
+ <Item>
+ <rasd:Address>1</rasd:Address>
+ <rasd:Caption>ideController1</rasd:Caption>
+ <rasd:Description>IDE Controller</rasd:Description>
+ <rasd:ElementName>ideController1</rasd:ElementName>
+ <rasd:InstanceID>4</rasd:InstanceID>
+ <rasd:ResourceSubType>PIIX4</rasd:ResourceSubType>
+ <rasd:ResourceType>5</rasd:ResourceType>
+ </Item>
+ <Item>
+ <rasd:AutomaticAllocation>true</rasd:AutomaticAllocation>
+ <rasd:Caption>Ethernet adapter on 'NAT'</rasd:Caption>
+ <rasd:Connection>NAT</rasd:Connection>
+ <rasd:ElementName>Ethernet adapter on 'NAT'</rasd:ElementName>
+ <rasd:InstanceID>5</rasd:InstanceID>
+ <rasd:ResourceSubType>E1000</rasd:ResourceSubType>
+ <rasd:ResourceType>10</rasd:ResourceType>
+ </Item>
+ <Item>
+ <rasd:AddressOnParent>0</rasd:AddressOnParent>
+ <rasd:Caption>disk1</rasd:Caption>
+ <rasd:Description>Disk Image</rasd:Description>
+ <rasd:ElementName>disk1</rasd:ElementName>
+ <rasd:HostResource>/disk/vmdisk1</rasd:HostResource>
+ <rasd:InstanceID>6</rasd:InstanceID>
+ <rasd:Parent>3</rasd:Parent>
+ <rasd:ResourceType>17</rasd:ResourceType>
+ </Item>
+ </VirtualHardwareSection>
+ <vbox:Machine ovf:required="false" version="1.12-linux" uuid="{265e4a05-3032-499e-a0dd-c7036457c569}" name="vvp_empty_vagrant-0-0-0" OSType="Linux26_64" snapshotFolder="Snapshots" lastStateChange="2017-02-28T01:20:23Z">
+ <ovf:Info>Complete VirtualBox machine configuration in VirtualBox format</ovf:Info>
+ <Hardware version="2">
+ <CPU count="1" hotplug="false">
+ <HardwareVirtEx enabled="true" exclusive="true"/>
+ <HardwareVirtExNestedPaging enabled="true"/>
+ <HardwareVirtExVPID enabled="true"/>
+ <PAE enabled="true"/>
+ <HardwareVirtExLargePages enabled="false"/>
+ <HardwareVirtForce enabled="false"/>
+ </CPU>
+ <Memory RAMSize="1024" PageFusion="false"/>
+ <HID Pointing="PS2Mouse" Keyboard="PS2Keyboard"/>
+ <HPET enabled="false"/>
+ <Chipset type="PIIX3"/>
+ <Boot>
+ <Order position="1" device="HardDisk"/>
+ <Order position="2" device="DVD"/>
+ <Order position="3" device="None"/>
+ <Order position="4" device="None"/>
+ </Boot>
+ <Display VRAMSize="8" monitorCount="1" accelerate3D="false" accelerate2DVideo="false"/>
+ <VideoRecording enabled="false" file="Test.webm" horzRes="640" vertRes="480"/>
+ <RemoteDisplay enabled="false" authType="Null"/>
+ <BIOS>
+ <ACPI enabled="true"/>
+ <IOAPIC enabled="true"/>
+ <Logo fadeIn="true" fadeOut="true" displayTime="0"/>
+ <BootMenu mode="MessageAndMenu"/>
+ <TimeOffset value="0"/>
+ <PXEDebug enabled="false"/>
+ </BIOS>
+ <USBController enabled="false" enabledEhci="false"/>
+ <Network>
+ <Adapter slot="0" enabled="true" MACAddress="080027DBFA4A" cable="true" speed="0" type="virtio">
+ <DisabledModes/>
+ <NAT>
+ <DNS pass-domain="true" use-proxy="false" use-host-resolver="false"/>
+ <Alias logging="false" proxy-only="false" use-same-ports="false"/>
+ </NAT>
+ </Adapter>
+ <Adapter slot="1" enabled="false" MACAddress="080027A7BBCD" cable="true" speed="0" type="virtio">
+ <DisabledModes>
+ <NAT>
+ <DNS pass-domain="true" use-proxy="false" use-host-resolver="false"/>
+ <Alias logging="false" proxy-only="false" use-same-ports="false"/>
+ </NAT>
+ </DisabledModes>
+ </Adapter>
+ <Adapter slot="2" enabled="false" MACAddress="080027F87C5E" cable="true" speed="0" type="virtio">
+ <DisabledModes>
+ <NAT>
+ <DNS pass-domain="true" use-proxy="false" use-host-resolver="false"/>
+ <Alias logging="false" proxy-only="false" use-same-ports="false"/>
+ </NAT>
+ </DisabledModes>
+ </Adapter>
+ <Adapter slot="3" enabled="false" MACAddress="0800276EC0C1" cable="true" speed="0" type="virtio">
+ <DisabledModes>
+ <NAT>
+ <DNS pass-domain="true" use-proxy="false" use-host-resolver="false"/>
+ <Alias logging="false" proxy-only="false" use-same-ports="false"/>
+ </NAT>
+ </DisabledModes>
+ </Adapter>
+ <Adapter slot="4" enabled="false" MACAddress="080027239019" cable="true" speed="0" type="virtio">
+ <DisabledModes>
+ <NAT>
+ <DNS pass-domain="true" use-proxy="false" use-host-resolver="false"/>
+ <Alias logging="false" proxy-only="false" use-same-ports="false"/>
+ </NAT>
+ </DisabledModes>
+ </Adapter>
+ <Adapter slot="5" enabled="false" MACAddress="0800278EB5EB" cable="true" speed="0" type="virtio">
+ <DisabledModes>
+ <NAT>
+ <DNS pass-domain="true" use-proxy="false" use-host-resolver="false"/>
+ <Alias logging="false" proxy-only="false" use-same-ports="false"/>
+ </NAT>
+ </DisabledModes>
+ </Adapter>
+ <Adapter slot="6" enabled="false" MACAddress="080027471B4A" cable="true" speed="0" type="virtio">
+ <DisabledModes>
+ <NAT>
+ <DNS pass-domain="true" use-proxy="false" use-host-resolver="false"/>
+ <Alias logging="false" proxy-only="false" use-same-ports="false"/>
+ </NAT>
+ </DisabledModes>
+ </Adapter>
+ <Adapter slot="7" enabled="false" MACAddress="080027DB9457" cable="true" speed="0" type="virtio">
+ <DisabledModes>
+ <NAT>
+ <DNS pass-domain="true" use-proxy="false" use-host-resolver="false"/>
+ <Alias logging="false" proxy-only="false" use-same-ports="false"/>
+ </NAT>
+ </DisabledModes>
+ </Adapter>
+ </Network>
+ <UART>
+ <Port slot="0" enabled="false" IOBase="0x3f8" IRQ="4" hostMode="Disconnected"/>
+ <Port slot="1" enabled="false" IOBase="0x2f8" IRQ="3" hostMode="Disconnected"/>
+ </UART>
+ <LPT>
+ <Port slot="0" enabled="false" IOBase="0x378" IRQ="7"/>
+ <Port slot="1" enabled="false" IOBase="0x378" IRQ="7"/>
+ </LPT>
+ <AudioAdapter controller="AC97" driver="Pulse" enabled="false"/>
+ <RTC localOrUTC="local"/>
+ <SharedFolders/>
+ <Clipboard mode="Disabled"/>
+ <DragAndDrop mode="Disabled"/>
+ <IO>
+ <IoCache enabled="true" size="5"/>
+ <BandwidthGroups/>
+ </IO>
+ <HostPci>
+ <Devices/>
+ </HostPci>
+ <EmulatedUSB>
+ <CardReader enabled="false"/>
+ </EmulatedUSB>
+ <Guest memoryBalloonSize="0"/>
+ <GuestProperties/>
+ </Hardware>
+ <StorageControllers>
+ <StorageController name="IDE Controller" type="PIIX4" PortCount="2" useHostIOCache="true" Bootable="true">
+ <AttachedDevice type="HardDisk" port="0" device="0">
+ <Image uuid="{80707dc6-2f5b-4c66-aa82-9c0873514edd}"/>
+ </AttachedDevice>
+ </StorageController>
+ </StorageControllers>
+ </vbox:Machine>
+ </VirtualSystem>
+</Envelope>
diff --git a/boxes/vvp-empty/0.0.0/virtualbox/change_host_name.rb b/boxes/vvp-empty/0.0.0/virtualbox/change_host_name.rb
new file mode 100755
index 0000000..d8d81ad
--- /dev/null
+++ b/boxes/vvp-empty/0.0.0/virtualbox/change_host_name.rb
@@ -0,0 +1,75 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+# -*- mode: ruby -*-
+# # vi: set ft=ruby :
+
+# NOTE: This monkey-patching of the coreos guest plugin is a terrible
+# hack that needs to be removed once the upstream plugin works with
+# alpha CoreOS images.
+
+require 'tempfile'
+require Vagrant.source_root.join("plugins/guests/coreos/cap/change_host_name.rb")
+
+CLOUD_CONFIG = <<EOF
+#cloud-config
+
+hostname: %s
+EOF
+
+module VagrantPlugins
+ module GuestCoreOS
+ module Cap
+ class ChangeHostName
+ def self.change_host_name(machine, name)
+ machine.communicate.tap do |comm|
+ temp = Tempfile.new("coreos-vagrant")
+ temp.binmode
+ temp.write(CLOUD_CONFIG % [name])
+ temp.close
+
+ path = "/var/tmp/hostname.yml"
+ path_esc = path.gsub("/", "-")[1..-1]
+ comm.upload(temp.path, path)
+ comm.sudo("systemctl start system-cloudinit@#{path_esc}.service")
+ end
+ end
+ end
+ end
+ end
+end
diff --git a/boxes/vvp-empty/0.0.0/virtualbox/configure_networks.rb b/boxes/vvp-empty/0.0.0/virtualbox/configure_networks.rb
new file mode 100755
index 0000000..dc81ea3
--- /dev/null
+++ b/boxes/vvp-empty/0.0.0/virtualbox/configure_networks.rb
@@ -0,0 +1,180 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+# -*- mode: ruby -*-
+# # vi: set ft=ruby :
+
+# NOTE: This monkey-patching of the coreos guest plugin is a terrible
+# hack that needs to be removed once the upstream plugin works with
+# alpha CoreOS images.
+
+require 'tempfile'
+require 'ipaddr'
+require 'log4r'
+require Vagrant.source_root.join("plugins/guests/coreos/cap/configure_networks.rb")
+
+BASE_CLOUD_CONFIG = <<EOF
+#cloud-config
+
+write_files:
+ - path: /etc/environment
+ content: |
+ COREOS_PUBLIC_IPV4=%s
+ COREOS_PRIVATE_IPV4=%s
+coreos:
+ units:
+EOF
+
+NETWORK_UNIT = <<EOF
+ - name: %s
+ runtime: no
+ content: |
+ [Match]
+ %s
+
+ [Network]
+ Address=%s
+EOF
+
+# Borrowed from http://stackoverflow.com/questions/1825928/netmask-to-cidr-in-ruby
+IPAddr.class_eval do
+ def to_cidr
+ self.to_i.to_s(2).count("1")
+ end
+end
+
+module VagrantPlugins
+ module GuestCoreOS
+ module Cap
+ class ConfigureNetworks
+ @@logger = Log4r::Logger.new("vagrant::guest::coreos::configure_networks")
+
+ def self.configure_networks(machine, networks)
+ public_ipv4, private_ipv4 = get_environment_ips(machine, "127.0.0.1")
+ cfg = BASE_CLOUD_CONFIG % [public_ipv4, private_ipv4]
+
+ # Define network units by mac address if possible.
+ match_rules = {}
+ if false
+ #if machine.provider.capability?(:nic_mac_addresses)
+ # untested, required feature hasn't made it into a release yet
+ match_rules = match_by_mac(machine)
+ else
+ match_rules = match_by_name(machine)
+ end
+
+ @@logger.debug("Networks: #{networks.inspect}")
+ @@logger.debug("Interfaces: #{match_rules.inspect}")
+
+ # Generate any static networks, let DHCP handle the rest
+ networks.each do |network|
+ next if network[:type].to_sym != :static
+ interface = network[:interface].to_i
+ unit_name = "50-vagrant%d.network" % [interface]
+
+ match = match_rules[interface]
+ if match.nil?
+ @@logger.warn("Could not find match rule for network #{network.inspect}")
+ next
+ end
+
+ cidr = IPAddr.new(network[:netmask]).to_cidr
+ address = "%s/%s" % [network[:ip], cidr]
+ cfg << NETWORK_UNIT % [unit_name, match, address]
+ end
+
+ machine.communicate.tap do |comm|
+ temp = Tempfile.new("coreos-vagrant")
+ temp.binmode
+ temp.write(cfg)
+ temp.close
+
+ path = "/var/tmp/networks.yml"
+ path_esc = path.gsub("/", "-")[1..-1]
+ comm.upload(temp.path, path)
+ comm.sudo("systemctl start system-cloudinit@#{path_esc}.service")
+ end
+ end
+
+ # Find IP addresses to export in /etc/environment. This only works
+ # for static addresses defined in the user's Vagrantfile.
+ def self.get_environment_ips(machine, default)
+ public_ipv4 = nil
+ private_ipv4 = nil
+
+ machine.config.vm.networks.each do |type, options|
+ next if !options[:ip]
+ if type == :public_network
+ public_ipv4 = options[:ip]
+ elsif type == :private_network
+ private_ipv4 = options[:ip]
+ end
+ end
+
+ # Fall back to localhost if no static networks are configured.
+ private_ipv4 ||= default
+ public_ipv4 ||= private_ipv4
+ return [public_ipv4, private_ipv4]
+ end
+
+ def self.match_by_name(machine)
+ match = {}
+ machine.communicate.tap do |comm|
+ comm.sudo("ifconfig -a | grep '^en\\|^eth' | cut -f1 -d:") do |_, result|
+ result.split("\n").each_with_index do |name, interface|
+ match[interface] = "Name=#{name}"
+ end
+ end
+ end
+ match
+ end
+
+ def self.match_by_mac(machine)
+ match = {}
+ macs = machine.provider.capability(:nic_mac_addresses)
+ macs.each do |adapter, address|
+ # The adapter list from VirtualBox is 1 indexed instead of 0
+ interface = adapter.to_i - 1
+ match[interface] = "MACAddress=#{address}"
+ end
+ match
+ end
+ end
+ end
+ end
+end
diff --git a/boxes/vvp-empty/0.0.0/virtualbox/files/intel--virtio-net--pcnet32.isarom b/boxes/vvp-empty/0.0.0/virtualbox/files/intel--virtio-net--pcnet32.isarom
new file mode 100755
index 0000000..945bb35
--- /dev/null
+++ b/boxes/vvp-empty/0.0.0/virtualbox/files/intel--virtio-net--pcnet32.isarom
Binary files differ
diff --git a/boxes/vvp-empty/0.0.0/virtualbox/metadata.json b/boxes/vvp-empty/0.0.0/virtualbox/metadata.json
new file mode 100755
index 0000000..4fc99bd
--- /dev/null
+++ b/boxes/vvp-empty/0.0.0/virtualbox/metadata.json
@@ -0,0 +1 @@
+{"provider": "virtualbox"}
diff --git a/examples/unencrypted_vault.yml b/examples/unencrypted_vault.yml
new file mode 100755
index 0000000..d7275ab
--- /dev/null
+++ b/examples/unencrypted_vault.yml
@@ -0,0 +1,122 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+# cert for secure https
+# https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl#10176685
+# site_pem_cert:
+# site_pem_key:
+# site_pem: |
+# {{site_pem_cert}}
+# {{site_pem_key}}
+site_pem:
+
+# EM database
+vault_em_postgresql_user: em_postgresuser
+vault_em_postgresql_password: em_postgrespass
+
+# CMS database
+vault_cms_postgresql_user: cms_postgresuser
+vault_cms_postgresql_password: cms_postgrespass
+
+# EM Secret Key
+# >>> from django.core.management.utils import get_random_secret_key
+# >>> get_random_secret_key()
+vault_em_secret_key: "#91e__w3k=781@y(e_#6hu6t&h254#u)&bj+m9thx%k!6^*06r"
+
+# Information for sending email from the platform
+vault_email_host: 'localhost'
+vault_email_host_user:
+vault_email_host_password:
+
+# authentication for image hosting service
+# TODO: Debrand
+vault_quay_user:
+vault_quay_password:
+
+# pwgen -1 32
+vault_engagementmgr_webhook_token: Aip7ohx1eiHaeshoh9shailu9eex7tha
+
+# pwgen -1 20
+vault_gitlab_authentication_token: jadu6yohjaiy8Wob0IeK
+
+#pwget -1 16
+vault_jenkins_admin_password: koiyeBaiTh3kaiNg
+vault_gitlab_admin_password: ao6ij6wohWeiqu4e
+
+# python3 -c 'import bcrypt as b;print(b.hashpw(b"<password>",b.gensalt(rounds=10, prefix=b"2a")).decode())'
+vault_jenkins_admin_password_hash: $10$n2WJZasbQkd8PdySxQDo1uB67Wv7QfG0tvKuidbLC4w1Ss6p3eZEq
+
+# ssh-keygen -t ed25519
+vault_jenkins_deploy_key: |
+ -----BEGIN OPENSSH PRIVATE KEY-----
+ b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+ QyNTUxOQAAACCD10jzo4iRf1xm63IlLHJFy5T+AhRufzvKvgi0HpgTUAAAAJjWwJd91sCX
+ fQAAAAtzc2gtZWQyNTUxOQAAACCD10jzo4iRf1xm63IlLHJFy5T+AhRufzvKvgi0HpgTUA
+ AAAEAWFKMWLl6FgEBug971+atNYBt8GduWzCYgt/j9Tu4Sh4PXSPOjiJF/XGbrciUsckXL
+ lP4CFG5/O8q+CLQemBNQAAAAE3BhdWxAUGF1bCdzIE1hYyBQcm8BAg==
+ -----END OPENSSH PRIVATE KEY-----
+vault_jenkins_deploy_key_pub: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPXSPOjiJF/XGbrciUsckXLlP4CFG5/O8q+CLQemBNQ
+
+#CI application
+vault_ci_sqlite_user: cidbuser
+vault_ci_postgresql_password: cidbpass
+vault_ci_admin_user: ciadminuser
+vault_ci_admin_mail: ciadminmail@example.com
+vault_ci_admin_password: ciadminpass
+
+vault_cms_secret_key: (+dm_rj(005=^evzesd3#xpy$-$c^j#clzilbx&_=0lh7o-34#
+vault_cms_nevercache_key: a_j-g5h+3)o@2wiasmbg(huxpujh=95(p-$vz1xj&t+m)+-u84
+
+#CMS application
+vault_cms_app_user: cmsappuser
+vault_cms_app_user_password: cmsappuserpassword
+vault_cms_app_user_mail: cmsappuser@example.com
+# pwgen -1 40
+vault_cms_app_client_id: EeB4Xeimooc6xieSeeKah8dae1eipae4otaeshee
+# pwgen -1 128
+vault_cms_app_client_secret: haiMoopieZee1wei3lef4gaeyia2vahwohth0maid9ith2pheeshaithuToor2Johshei5baey7Eiquaetheib8quaiquee7phiath7eub2aiNaic3ou9vaizebeiF5u
+vault_haproxy_user: haproxyuser
+vault_haproxy_pass: haproxypass
+
+# simplifies conditionals that check for e.g. 'vault_slack_tokens.notifications is defined'
+vault_slack_tokens:
+
+# Rados Gateway (Amazon S3-protocol Ceph interface)
+vault_aws_access_key_id: 2ZB19U9D8K6XVJG75VX0
+vault_aws_secret_access_key: 7xVWeqsLIotKOua0xvhapIsCt1VU0x6M2E4fTRKO
diff --git a/setenv b/setenv
new file mode 100755
index 0000000..440ceb3
--- /dev/null
+++ b/setenv
@@ -0,0 +1,71 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+# Get the current devkit directory
+pushd $(dirname $BASH_SOURCE[0]) > /dev/null
+export DEVKIT_DIR=`pwd -P`
+popd > /dev/null
+
+# Make sure we have ansible installed
+REQUIREMENTS="ansible vagrant"
+for req in $REQUIREMENTS
+do
+ if [[ -z $(which ${req}) ]]
+ then
+ (>&2 echo "${req} is required for the use of vvp-devkit, but is not installed.")
+ return 1
+ fi
+done
+
+# Make sure we have the vvp-empty box installed
+if [[ -z $(vagrant box list | grep vvp-empty) ]]
+then
+ bin/vvp-install-box
+fi
+
+select ENVFILE in `find ./zones/ -name devkit_environment_*`;
+do
+ source $ENVFILE
+ break
+done
+
+# Grab ansible requirements
+echo "Installing devkit's required ansible roles"
+ansible-galaxy install -r ${DEVKIT_DIR}/ansible/requirements.yml
+
+echo "Devkit zone setup complete"
diff --git a/vagrant/prebuilt/Vagrantfile b/vagrant/prebuilt/Vagrantfile
new file mode 100755
index 0000000..f771763
--- /dev/null
+++ b/vagrant/prebuilt/Vagrantfile
@@ -0,0 +1,88 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+# -*- mode: ruby -*-
+# # vi: set ft=ruby :
+Vagrant.require_version ">= 1.6.0"
+yaml_conf = YAML.load_file('config.yml')
+
+Vagrant.configure("2") do |config|
+
+ # always use Vagrant's insecure key
+ config.ssh.insert_key = false
+
+ # plugin conflict
+ if Vagrant.has_plugin?("vagrant-vbguest") then
+ config.vbguest.auto_update = false
+ end
+
+ yaml_conf["boxen"].each do |box|
+ config.vm.define box["name"] do |conf|
+ conf.vm.box = box["box"]
+ conf.vm.box_version = ">= 1151.0.0"
+ conf.vm.box_url = "http://stable.release.core-os.net/amd64-usr/current/coreos_production_vagrant.json"
+
+ ["vmware_fusion", "vmware_workstation"].each do |vmware|
+ conf.vm.provider vmware do |v, override|
+ v.vmx['numvcpus'] = box["cpus"]
+ v.vmx['memsize'] = box["memory"]
+ v.gui = false
+
+ override.vm.box_url = "http://%s.release.core-os.net/amd64-usr/current/coreos_production_vagrant_vmware_fusion.json" % $update_channel
+ end # vmware
+ end # override
+
+ conf.vm.provider :virtualbox do |v|
+ v.cpus = box["cpus"]
+ v.gui = false
+ v.memory = box["memory"]
+
+ # On VirtualBox, we don't have guest additions or a functional vboxsf
+ # in CoreOS, so tell Vagrant that so it can be smarter.
+ v.check_guest_additions = false
+ v.functional_vboxsf = false
+ end # v
+
+ conf.vm.network :private_network, :ip => box["ips"][0]
+ conf.vm.provision "ansible" do |ansible|
+ ansible.extra_vars = { hosts: yaml_conf["hosts"]}
+ ansible.playbook = "../../ansible/infrastructure.yml"
+ end # ansible
+ end # conf
+ end # box
+end # config
diff --git a/vagrant/prebuilt/config.yml b/vagrant/prebuilt/config.yml
new file mode 100755
index 0000000..5cb0ad9
--- /dev/null
+++ b/vagrant/prebuilt/config.yml
@@ -0,0 +1,75 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+boxen:
+ - name: ceph-01
+ box: centos/7
+ ips: ["10.252.0.21", "10.220.220.21"]
+ cpus: 2
+ cpu: 50
+ memory: 1024
+ macs: ["0800276695A1","0800276695A2"]
+ groups: ["ceph", "osds", "mons", "rgws", "rbdhost", "centos"]
+
+ - name: coreos-01
+ box: coreos-stable
+ cpus: 1
+ cpu: 50
+ memory: 2048
+ macs: ["08002766959E","08002766958E"]
+ ips: ["10.252.0.12", "10.220.220.12"]
+ groups: ["coreos", "container-hosts", "fleetctl-host"]
+
+hosts:
+ - name: coreos-01
+ ssh_ip: 10.0.2.15
+ mac: 08:00:27:66:95:9E
+ dnsmasq_config:
+ - "08:00:27:66:95:9E,10.252.0.12,coreos-01,infinite,set:coreos"
+ - "08:00:27:66:95:8E,10.220.220.12,coreos-01,infinite,set:coreos"
+ os: coreos
+ role: controller
+ etcd_role: member
+
+ - name: ceph-01
+ ssh_ip: 10.0.2.15
+ dnsmasq_config:
+ - "08:00:27:66:95:A1,10.252.0.21,ceph-01,infinite"
+ os: centos
+ role: ""
+ etcd_role: ""
diff --git a/vagrant/pxe/Vagrantfile b/vagrant/pxe/Vagrantfile
new file mode 100755
index 0000000..bd860f9
--- /dev/null
+++ b/vagrant/pxe/Vagrantfile
@@ -0,0 +1,121 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+# -*- mode: ruby -*-
+# # vi: set ft=ruby :
+require_relative 'lib/vagrant_provision.rb'
+
+Vagrant.require_version ">= 1.6.0"
+if ENV["VVP_DEVKIT"].nil? or ENV["VVP_DEVKIT"].downcase == "single"
+ yaml_conf = YAML.load_file(File.join(File.dirname(__FILE__),'single_node_config.yml'))
+else
+ yaml_conf = YAML.load_file(File.join(File.dirname(__FILE__),'multi_node_config.yml'))
+end
+
+Vagrant.configure("2") do |config|
+
+ # always use Vagrant's insecure key
+ config.ssh.insert_key = false
+
+ # plugin conflict
+ if Vagrant.has_plugin?("vagrant-vbguest") then
+ config.vbguest.auto_update = false
+ end
+
+ yaml_conf["boxen"].each do |box|
+ config.vm.define box["name"] do |conf|
+ conf.vm.box = box["box"]
+ conf.vm.network :forwarded_port, guest: 22, host: box["vagrant_ssh_port"], id: "ssh"
+ conf.vm.box_check_update = false
+ conf.vm.synced_folder '.', '/vagrant', disabled: true
+ ["vmware_fusion", "vmware_workstation"].each do |vmware|
+ conf.vm.provider vmware do |v, override|
+ v.vmx['numvcpus'] = box["cpus"]
+ v.vmx['memsize'] = box["memory"]
+ v.gui = false
+
+ override.vm.box_url = "http://%s.release.core-os.net/amd64-usr/current/coreos_production_vagrant_vmware_fusion.json" % $update_channel
+ end # vmware
+ end # override
+
+ conf.vm.provider :virtualbox do |v|
+ v.cpus = box["cpus"]
+ v.gui = false
+ v.memory = box["memory"]
+
+ # On VirtualBox, we don't have guest additions or a functional vboxsf
+ # in CoreOS, so tell Vagrant that so it can be smarter.
+ v.check_guest_additions = false
+ v.functional_vboxsf = false
+
+ if box["groups"].include? "coreos" then
+ # Vagrant overrides Virtualbox's default which causes 5-10s slowdown for
+ # dns queries in kubernetes containers. Turn it back off!
+ v.customize ["modifyvm", :id, "--natdnsproxy1", "off"]
+ v.customize ["modifyvm", :id, "--natdnshostresolver1", "off"]
+ end
+
+ # TODO: move to custom ceph image if possible
+ ceph_disk = File.join(File.dirname(__FILE__), 'files', 'ceph_disk.vdi')
+ if box["groups"].include? "osds" then
+ v.customize ['createhd', '--filename', ceph_disk, '--size', 500 * 1024] unless File.exists? ceph_disk
+ v.customize ['storageattach', :id, '--storagectl', "IDE", '--port', 1, '--device', 0, '--type', 'hdd', '--medium', ceph_disk]
+ end
+
+ end # v
+
+ conf.vm.network :private_network,
+ :adapter => 2,
+ :ip => box["ips"][0],
+ :mac => box["macs"][0],
+ :nic_type => "virtio"
+
+ conf.vm.network :private_network,
+ :adapter => 3,
+ :ip => box["ips"][1],
+ :mac => box["macs"][1],
+ :nic_type => "virtio",
+ :type => :static
+
+ if box["groups"].include? "centos" then
+ conf.vm.provision "shell", inline: "systemctl restart NetworkManager; ifdown eth1; ifup eth1"
+ end
+ provision(box, yaml_conf["boxen"], yaml_conf["hosts"], conf)
+ end # conf
+ end # box
+end # config
diff --git a/vagrant/pxe/lib/vagrant_provision.rb b/vagrant/pxe/lib/vagrant_provision.rb
new file mode 100755
index 0000000..67ccb63
--- /dev/null
+++ b/vagrant/pxe/lib/vagrant_provision.rb
@@ -0,0 +1,71 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+require "pathname"
+
+def provision(box, boxen, hosts, conf)
+
+ ansible_groups = Hash.new { |h,k| h[k] = [] }
+ boxen.each do |box|
+ box["groups"].each do |group|
+ ansible_groups[group] << box["name"]
+ end
+ end
+
+ defined_vms = boxen.map {|b| b["name"]}
+
+ requested_vms = defined_vms & ARGV
+ if requested_vms.empty?
+ requested_vms = defined_vms
+ end
+
+ provisioning_groups = [ 'bootstrap', 'ceph', 'container-hosts' ]
+ provisioning_group = (box["groups"] & provisioning_groups).last
+ return unless provisioning_group
+ return unless box["name"] == (requested_vms & ansible_groups[provisioning_group]).last
+
+ conf.vm.provision "ansible" do |ansible|
+ # note: ansible is launched from root_path, so paths specified here are relative to that.
+ ansible.extra_vars = {hosts: hosts}
+ ansible.groups = ansible_groups
+ ansible.limit = [provisioning_group,"127.0.0.1"]
+ ansible.playbook = Pathname(ENV["ANSIBLE_CONFIG"]).parent.join("infrastructure.yml").to_path
+ ansible.vault_password_file = ENV["ANSIBLE_VAULT_PASSWORD_FILE"]
+ ansible.inventory_path = Pathname(ENV["DEVKIT_ZONE_DIR"]).join("inventory").to_path
+ end
+end # ansible
diff --git a/vagrant/pxe/multi_node_config.yml b/vagrant/pxe/multi_node_config.yml
new file mode 100755
index 0000000..2f92e52
--- /dev/null
+++ b/vagrant/pxe/multi_node_config.yml
@@ -0,0 +1,127 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+boxen:
+ - name: ops-01
+ box: centos/7
+ ips: ['10.252.0.2', "10.220.220.2"]
+ macs: []
+ cpus: 2
+ cpu: "50"
+ memory: "1024"
+ groups: ["bootstrap", "centos",]
+ vagrant_ssh_port: 2502
+
+ - name: ceph-01
+ box: centos/7
+ ips: ["10.252.0.21", "10.220.220.21"]
+ cpus: 2
+ cpu: 50
+ memory: 1024
+ macs: ["0800276695A1","0800276695A2"]
+ groups: ["ceph", "osds", "mons", "rgws", "rbdhost", "centos"]
+ vagrant_ssh_port: 2521
+
+ - name: coreos-01
+ box: vvp-empty
+ cpus: 1
+ cpu: 50
+ memory: 2048
+ macs: ["08002766959E","08002766958E"]
+ ips: ["10.252.0.12", "10.220.220.12"]
+ groups: ["coreos", "container-hosts", "fleetctl-host"]
+ vagrant_ssh_port: 2512
+
+ - name: coreos-02
+ box: vvp-empty
+ cpus: 1
+ cpu: "50"
+ memory: "2048"
+ macs: ["08002766959F", "08002766958F"]
+ ips: ["10.252.0.13", "10.220.220.13"]
+ groups: ["coreos", "container-hosts",]
+ vagrant_ssh_port: 2513
+
+ - name: coreos-03
+ box: vvp-empty
+ cpus: 1
+ cpu: "50"
+ memory: "2048"
+ macs: ["0800276695A0","0800276695A3"]
+ ips: ["10.252.0.14", "10.220.220.14"]
+ groups: ["coreos", "container-hosts",]
+ vagrant_ssh_port: 2514
+
+hosts:
+ - name: "coreos-01"
+ ssh_ip: 10.0.2.15
+ mac: "08:00:27:66:95:9E"
+ dnsmasq_config:
+ - "08:00:27:66:95:9E,10.252.0.12,coreos-01,infinite,set:coreos"
+ - "08:00:27:66:95:8E,10.220.220.12,coreos-01,infinite,set:coreos"
+ os: coreos
+ role: controller
+ etcd_role: member
+
+ - name: "coreos-02"
+ ssh_ip: 10.0.2.15
+ mac: "08:00:27:66:95:9F"
+ dnsmasq_config:
+ - "08:00:27:66:95:9F,10.252.0.13,coreos-02,infinite,set:coreos"
+ - "08:00:27:66:95:8F,10.220.220.13,coreos-02,infinite,set:coreos"
+ os: coreos
+ role: worker
+ etcd_role: member
+
+ - name: "coreos-03"
+ ssh_ip: 10.0.2.15
+ mac: "08:00:27:66:95:A0"
+ dnsmasq_config:
+ - "08:00:27:66:95:A0,10.252.0.14,coreos-03,infinite,set:coreos"
+ - "08:00:27:66:95:A3,10.220.220.14,coreos-03,infinite,set:coreos"
+ os: coreos
+ role: worker
+ etcd_role: member
+
+ - name: "ceph-01"
+ ssh_ip: 10.0.2.15
+ dnsmasq_config:
+ - "08:00:27:66:95:A1,10.252.0.21,ceph-01,infinite"
+ os: centos
+ role: ""
+ etcd_role: ""
diff --git a/vagrant/pxe/single_node_config.yml b/vagrant/pxe/single_node_config.yml
new file mode 100755
index 0000000..17ff408
--- /dev/null
+++ b/vagrant/pxe/single_node_config.yml
@@ -0,0 +1,88 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+boxen:
+ - name: ops-01
+ box: centos/7
+ ips: ['10.252.0.2', "10.220.220.2"]
+ macs: []
+ cpus: 1
+ cpu: "50"
+ memory: "1024"
+ groups: ["bootstrap", "centos",]
+ vagrant_ssh_port: 2502
+
+ - name: ceph-01
+ box: centos/7
+ ips: ["10.252.0.21", "10.220.220.21"]
+ cpus: 2
+ cpu: 50
+ memory: 1024
+ macs: ["0800276695A1","0800276695A2"]
+ groups: ["ceph", "osds", "mons", "rgws", "rbdhost", "centos"]
+ vagrant_ssh_port: 2521
+
+ - name: coreos-01
+ box: vvp-empty
+ cpus: 1
+ cpu: 50
+ memory: 4096
+ macs: ["08002766959E","08002766958E"]
+ ips: ["10.252.0.12", "10.220.220.12"]
+ groups: ["coreos", "container-hosts", "fleetctl-host"]
+ vagrant_ssh_port: 2512
+
+
+hosts:
+ - name: "coreos-01"
+ ssh_ip: 10.0.2.15
+ mac: "08:00:27:66:95:9E"
+ dnsmasq_config:
+ - "08:00:27:66:95:9E,10.252.0.12,coreos-01,infinite,set:coreos"
+ - "08:00:27:66:95:8E,10.220.220.12,coreos-01,infinite,set:coreos"
+ os: coreos
+ role: controller
+ etcd_role: member
+
+ - name: "ceph-01"
+ ssh_ip: 10.0.2.15
+ dnsmasq_config:
+ - "08:00:27:66:95:A1,10.252.0.21,ceph-01,infinite"
+ os: centos
+ role: ""
+ etcd_role: ""
diff --git a/zones/development/devkit_environment_multi b/zones/development/devkit_environment_multi
new file mode 100755
index 0000000..a6bde88
--- /dev/null
+++ b/zones/development/devkit_environment_multi
@@ -0,0 +1,47 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+export DEVKIT_NAME="Vagrant Multi"
+export VVP_DEVKIT=multi
+export DEVKIT_ZONE_DIR=${DEVKIT_DIR}/zones/development
+export VVP_DEVKIT_VAGRANT_PROVISION=true
+export VAGRANT_CWD=${DEVKIT_DIR}/vagrant/pxe
+export ANSIBLE_INVENTORY_DIR=${DEVKIT_ZONE_DIR}/inventory
+export ANSIBLE_VAULT_PASSWORD_FILE=${DEVKIT_ZONE_DIR}/.vault_password
+export ANSIBLE_CONFIG=${DEVKIT_DIR}/ansible/ansible.cfg
+export KUBECONFIG=${DEVKIT_ZONE_DIR}/k8/kubeconfig
diff --git a/zones/development/devkit_environment_single b/zones/development/devkit_environment_single
new file mode 100755
index 0000000..28eef6f
--- /dev/null
+++ b/zones/development/devkit_environment_single
@@ -0,0 +1,47 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+export DEVKIT_NAME="Vagrant Single"
+export VVP_DEVKIT=single
+export DEVKIT_ZONE_DIR=${DEVKIT_DIR}/zones/development
+export VVP_DEVKIT_VAGRANT_PROVISION=true
+export VAGRANT_CWD=${DEVKIT_DIR}/vagrant/pxe
+export ANSIBLE_INVENTORY_DIR=${DEVKIT_ZONE_DIR}/inventory
+export ANSIBLE_VAULT_PASSWORD_FILE=${DEVKIT_ZONE_DIR}/.vault_password
+export ANSIBLE_CONFIG=${DEVKIT_DIR}/ansible/ansible.cfg
+export KUBECONFIG=${DEVKIT_ZONE_DIR}/k8/kubeconfig
diff --git a/zones/development/inventory/group_vars/all/all.yml b/zones/development/inventory/group_vars/all/all.yml
new file mode 100755
index 0000000..905d7f6
--- /dev/null
+++ b/zones/development/inventory/group_vars/all/all.yml
@@ -0,0 +1,88 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+hosts:
+ - name: "coreos-01"
+ ssh_ip: 10.0.2.15
+ mac: "08:00:27:66:95:9E"
+ dnsmasq_config:
+ - "08:00:27:66:95:9E,10.252.0.12,coreos-01,infinite,set:coreos"
+ - "08:00:27:66:95:8E,10.220.220.12,coreos-01,infinite,set:coreos"
+ os: coreos
+ role: controller
+ etcd_role: member
+
+ - name: "coreos-02"
+ ssh_ip: 10.0.2.15
+ mac: "08:00:27:66:95:9F"
+ dnsmasq_config:
+ - "08:00:27:66:95:9F,10.252.0.13,coreos-02,infinite,set:coreos"
+ - "08:00:27:66:95:8F,10.220.220.13,coreos-02,infinite,set:coreos"
+ os: coreos
+ role: worker
+ etcd_role: member
+
+ - name: "coreos-03"
+ ssh_ip: 10.0.2.15
+ mac: "08:00:27:66:95:A0"
+ dnsmasq_config:
+ - "08:00:27:66:95:A0,10.252.0.14,coreos-03,infinite,set:coreos"
+ - "08:00:27:66:95:A3,10.220.220.14,coreos-03,infinite,set:coreos"
+ os: coreos
+ role: worker
+ etcd_role: member
+
+ - name: "ceph-01"
+ ssh_ip: 10.0.2.15
+ dnsmasq_config:
+ - "08:00:27:66:95:A1,10.252.0.21,ceph-01,infinite"
+ os: centos
+ role: ""
+ etcd_role: ""
+ice_environment: development
+domain: development.vvp.example.com
+k8s_controller_port: 8443
+
+fetch_directory: "{{inventory_dir}}/../fetch"
+mon_ips:
+ - 10.252.0.21
+rgws:
+ - name: ceph-01
+ ip: 10.252.0.21
+radosgw_civetweb_port: "8080"
diff --git a/zones/development/inventory/group_vars/all/rgws.yml b/zones/development/inventory/group_vars/all/rgws.yml
new file mode 100755
index 0000000..5835a49
--- /dev/null
+++ b/zones/development/inventory/group_vars/all/rgws.yml
@@ -0,0 +1,42 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+# Note this will break if facts on rgws hosts are not collected. But we shouldn't need this for rendering anymore.
+radosgw_civetweb_bind_ip: "{{ hostvars[inventory_hostname]['ansible_' + monitor_interface]['ipv4']['address'] }}"
+radosgw_s3_auth_use_keystone: false
diff --git a/zones/development/inventory/group_vars/all/unencrypted_vault.yml b/zones/development/inventory/group_vars/all/unencrypted_vault.yml
new file mode 100755
index 0000000..d967071
--- /dev/null
+++ b/zones/development/inventory/group_vars/all/unencrypted_vault.yml
@@ -0,0 +1,117 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+---
+# cert for secure https
+# https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl#10176685
+# site_pem_cert:
+# site_pem_key:
+# site_pem: |
+# {{site_pem_cert}}
+# {{site_pem_key}}
+site_pem:
+
+# EM database
+vault_em_postgresql_user: em_postgresuser
+vault_em_postgresql_password: em_postgrespass
+
+# CMS database
+vault_cms_postgresql_user: cms_postgresuser
+vault_cms_postgresql_password: cms_postgrespass
+
+# EM Secret Key
+# >>> from django.core.management.utils import get_random_secret_key
+# >>> get_random_secret_key()
+vault_em_secret_key: "#91e__w3k=781@y(e_#6hu6t&h254#u)&bj+m9thx%k!6^*06r"
+
+# Information for sending email from the platform
+vault_email_host: 'localhost'
+vault_email_host_user:
+vault_email_host_password:
+
+# pwgen -1 32
+vault_engagementmgr_webhook_token: Aip7ohx1eiHaeshoh9shailu9eex7tha
+
+# pwgen -1 20
+vault_gitlab_authentication_token: jadu6yohjaiy8Wob0IeK
+
+#pwget -1 16
+vault_jenkins_admin_password: koiyeBaiTh3kaiNg
+vault_gitlab_admin_password: ao6ij6wohWeiqu4e
+
+# python3 -c 'import bcrypt as b;print(b.hashpw(b"<password>",b.gensalt(rounds=10, prefix=b"2a")).decode())'
+vault_jenkins_admin_password_hash: $10$n2WJZasbQkd8PdySxQDo1uB67Wv7QfG0tvKuidbLC4w1Ss6p3eZEq
+
+# ssh-keygen -t ed25519
+vault_jenkins_deploy_key: |
+ -----BEGIN OPENSSH PRIVATE KEY-----
+ b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+ QyNTUxOQAAACCD10jzo4iRf1xm63IlLHJFy5T+AhRufzvKvgi0HpgTUAAAAJjWwJd91sCX
+ fQAAAAtzc2gtZWQyNTUxOQAAACCD10jzo4iRf1xm63IlLHJFy5T+AhRufzvKvgi0HpgTUA
+ AAAEAWFKMWLl6FgEBug971+atNYBt8GduWzCYgt/j9Tu4Sh4PXSPOjiJF/XGbrciUsckXL
+ lP4CFG5/O8q+CLQemBNQAAAAE3BhdWxAUGF1bCdzIE1hYyBQcm8BAg==
+ -----END OPENSSH PRIVATE KEY-----
+vault_jenkins_deploy_key_pub: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPXSPOjiJF/XGbrciUsckXLlP4CFG5/O8q+CLQemBNQ
+
+#CI application
+vault_ci_sqlite_user: cidbuser
+vault_ci_postgresql_password: cidbpass
+vault_ci_admin_user: ciadminuser
+vault_ci_admin_mail: ciadminmail@example.com
+vault_ci_admin_password: ciadminpass
+
+vault_cms_secret_key: (+dm_rj(005=^evzesd3#xpy$-$c^j#clzilbx&_=0lh7o-34#
+vault_cms_nevercache_key: a_j-g5h+3)o@2wiasmbg(huxpujh=95(p-$vz1xj&t+m)+-u84
+
+#CMS application
+vault_cms_app_user: cmsappuser
+vault_cms_app_user_password: cmsappuserpassword
+vault_cms_app_user_mail: cmsappuser@example.com
+# pwgen -1 40
+vault_cms_app_client_id: EeB4Xeimooc6xieSeeKah8dae1eipae4otaeshee
+# pwgen -1 128
+vault_cms_app_client_secret: haiMoopieZee1wei3lef4gaeyia2vahwohth0maid9ith2pheeshaithuToor2Johshei5baey7Eiquaetheib8quaiquee7phiath7eub2aiNaic3ou9vaizebeiF5u
+vault_haproxy_user: haproxyuser
+vault_haproxy_pass: haproxypass
+
+# simplifies conditionals that check for e.g. 'vault_slack_tokens.notifications is defined'
+vault_slack_tokens:
+
+# Rados Gateway (Amazon S3-protocol Ceph interface)
+vault_aws_access_key_id: 2ZB19U9D8K6XVJG75VX0
+vault_aws_secret_access_key: 7xVWeqsLIotKOua0xvhapIsCt1VU0x6M2E4fTRKO
diff --git a/zones/development/inventory/group_vars/bootstrap.yml b/zones/development/inventory/group_vars/bootstrap.yml
new file mode 100755
index 0000000..e1b4d77
--- /dev/null
+++ b/zones/development/inventory/group_vars/bootstrap.yml
@@ -0,0 +1,82 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+coreos_channel: "stable"
+coreos_version: "1409.7.0"
+k8s_version: "v1.5.2_coreos.2"
+container_runtime: docker
+ops_public_interface: eth2
+ops_management_interface: eth1
+ops_management_ip: 10.252.0.2
+
+flanneld_interface: eth1
+dhcp_ranges:
+ - 10.252.0.10,10.252.0.200,255.255.255.0,12h
+ - 10.220.220.10,10.220.220.200,255.255.255.0,12h
+additional_interfaces:
+ eth2: 10.220.220.2/24
+additional_gateways:
+ eth1: ""
+ eth2: ""
+manually_grow_root: false
+pxe_boot: true
+pxe_chainload: true
+mounts: []
+disks:
+ - device: /dev/sda
+ wipe_table: true
+ partitions:
+ - label: ROOT
+ number: 0
+
+filesystems:
+ - device: "/dev/sda9"
+ format: "ext4"
+ create:
+ force: true
+ options:
+ - "-LROOT"
+
+deploy_jeeves: False
+ssh_keys:
+ - "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
+k8s_apiserver_advertise_address: 10.252.0.12
+matchbox_dir: "{{files_dir}}/matchbox"
+files_dir: /opt/ice-devkit
+assets_dir: "{{files_dir}}/assets"
+coreos_assets_dir: "{{assets_dir}}/coreos/{{coreos_version}}"
diff --git a/zones/development/inventory/group_vars/local.yml b/zones/development/inventory/group_vars/local.yml
new file mode 100755
index 0000000..5e42769
--- /dev/null
+++ b/zones/development/inventory/group_vars/local.yml
@@ -0,0 +1,72 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+enable_liveness_probes: false
+container_uri: example.com/vvp
+container_tag: develop
+k8_config_dir: "{{inventory_dir}}/../k8"
+external_ips:
+- 10.220.220.12
+- 10.220.220.13
+- 10.220.220.14
+internal_ips:
+ - 10.252.0.12
+ - 10.252.0.13
+ - 10.252.0.14
+git_dns_name: dev-git.vvp.example.com
+ci_dns_name: dev-ci.vvp.example.com
+s3_dns_name: dev-s3.vvp.example.com
+cms_dns_name: dev-cms.vvp.example.com
+em_domain_name: development.vvp.example.com
+django_debug_mode: True
+livenessProbe_initialDelaySeconds:
+ gitlab: 300
+ postgresql: 240
+ em: 120
+em_internal_dns_name: dev-em.vvp.example.com
+jenkins_admin_config_xml: |
+ <?xml version='1.0' encoding='UTF-8'?>
+ <user>
+ <fullName>admin</fullName>
+ <description></description>
+ <properties>
+ <hudson.security.HudsonPrivateSecurityRealm_-Details>
+ <passwordHash>#jbcrypt:{{vault_jenkins_admin_password_hash}}</passwordHash>
+ </hudson.security.HudsonPrivateSecurityRealm_-Details>
+ </properties>
+ </user>
diff --git a/zones/development/inventory/group_vars/mons.yml b/zones/development/inventory/group_vars/mons.yml
new file mode 100755
index 0000000..a41ca48
--- /dev/null
+++ b/zones/development/inventory/group_vars/mons.yml
@@ -0,0 +1,66 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ceph_release: jewel
+ceph_stable_release: jewel
+upgrade_ceph_packages: true
+ceph_origin: 'upstream' # or 'distro'
+ceph_stable: true # use ceph stable branch
+ceph_stable_redhat_distro: el7
+generate_fsid: true
+monitor_interface: eth1
+mon_use_fqdn: false # if set to true, the MON name used will be the fqdn in the ceph.conf
+journal_size: 10240
+public_network: 10.252.0.0/24
+cluster_network: "{{ public_network }}"
+osd_mkfs_type: xfs
+osd_mkfs_options_xfs: -f -i size=2048
+osd_mount_options_xfs: noatime,largeio,inode64,swalloc
+# ceph osds.yml
+fsid: "{{ cluster_uuid.stdout }}"
+devices:
+ - /dev/sdb
+osd_auto_discovery: false
+journal_collocation: true
+raw_multi_journal: false
+osd_directory: false
+bluestore: false
+ceph_conf_overrides:
+ global:
+ osd pool default size: 2
+ osd pool default min size: 1
diff --git a/zones/development/inventory/group_vars/rbdhost.yml b/zones/development/inventory/group_vars/rbdhost.yml
new file mode 100755
index 0000000..3ec55e2
--- /dev/null
+++ b/zones/development/inventory/group_vars/rbdhost.yml
@@ -0,0 +1,56 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+rbd_volumes:
+ - mount: "jenkins"
+ size: 25000
+ type: xfs
+ directories:
+ - name: /
+ owner: 1000
+ group: 1000
+ - mount: "gitlab"
+ size: 25000
+ type: xfs
+ directories:
+ - var/opt/gitlab
+ - var/log/gitlab
+ - etc/gitlab
+ - mount: "em_postgresql"
+ size: 25000
+ type: xfs
diff --git a/zones/development/inventory/inventory b/zones/development/inventory/inventory
new file mode 100755
index 0000000..fc7eaed
--- /dev/null
+++ b/zones/development/inventory/inventory
@@ -0,0 +1,78 @@
+# -*- encoding: utf-8 -*-
+# ============LICENSE_START=======================================================
+# org.onap.vvp/engagementmgr
+# ===================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ===================================================================
+#
+# Unless otherwise specified, all software contained herein is licensed
+# under the Apache License, Version 2.0 (the “License”);
+# you may not use this software except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ============LICENSE_END============================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ceph-01 ansible_ssh_host=127.0.0.1 ansible_ssh_port=2521 ansible_ssh_user='vagrant' ansible_ssh_private_key_file='~/.vagrant.d/insecure_private_key'
+ops-01 ansible_ssh_host=127.0.0.1 ansible_ssh_port=2502 ansible_ssh_user='vagrant' ansible_ssh_private_key_file='~/.vagrant.d/insecure_private_key'
+coreos-01 ansible_ssh_host=127.0.0.1 ansible_ssh_port=2512 ansible_ssh_user='vagrant' ansible_ssh_private_key_file='../vagrant/multi-node/.vagrant/machines/coreos-01/virtualbox/private_key'
+coreos-02 ansible_ssh_host=127.0.0.1 ansible_ssh_port=2513 ansible_ssh_user='vagrant' ansible_ssh_private_key_file='../vagrant/multi-node/.vagrant/machines/coreos-02/virtualbox/private_key'
+coreos-03 ansible_ssh_host=127.0.0.1 ansible_ssh_port=2514 ansible_ssh_user='vagrant' ansible_ssh_private_key_file='../vagrant/multi-node/.vagrant/machines/coreos-03/virtualbox/private_key'
+
+[local]
+localhost
+
+[bootstrap]
+ops-01
+
+[centos]
+ops-01
+ceph-01
+
+[ceph]
+ceph-01
+
+[osds]
+ceph-01
+
+[mons]
+ceph-01
+
+[rgws]
+ceph-01
+
+[rbdhost]
+ceph-01
+
+[coreos]
+coreos-01
+coreos-02
+coreos-03
+
+[container-hosts]
+coreos-01
+coreos-02
+coreos-03