apiVersion: v1 data: 55-nova-extra.conf: | # Additional overrides that can be set in environment-specific cases kind: ConfigMap metadata: name: nova-custom-config namespace: openstack --- apiVersion: v1 data: authorized_keys: ZWNkc2Etc2hhMi1uaXN0cDUyMSBBQUFBRTJWalpITmhMWE5vWVRJdGJtbHpkSEExTWpFQUFBQUlibWx6ZEhBMU1qRUFBQUNGQkFDTmNsSy9kYWRnRGhMM3FmNU9Ka3ljSEk0eFNPeEdxcnNZZkM0TUR5eWtYeEQ4Vk5WZ2NjNmRKdnJrSldmazNPTmVIWmthVkF2UEpOaDNDbzhwYjJLYTJBRzNSdy9KYmNmcjB2UHM3Z1pMemgzV2lQYjc5NFBreS8zMDFjVWYweU8xRW8xS21FKzRtUVFidXNWVlQ1ZktZc1YyUXRNRXNaZXo0bXNSZWIxRnBaa2UxUT09IEVEUE0gZGVwbG95IGtleQo= ssh-privatekey: LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFyQUFBQUJObFkyUnpZUwoxemFHRXlMVzVwYzNSd05USXhBQUFBQ0c1cGMzUndOVEl4QUFBQWhRUUFqWEpTdjNXbllBNFM5Nm4rVGlaTW5CeU9NVWpzClJxcTdHSHd1REE4c3BGOFEvRlRWWUhIT25TYjY1Q1ZuNU56alhoMlpHbFFMenlUWWR3cVBLVzlpbXRnQnQwY1B5VzNINjkKTHo3TzRHUzg0ZDFvajIrL2VENU12OTlOWEZIOU1qdFJLTlNwaFB1SmtFRzdyRlZVK1h5bUxGZGtMVEJMR1hzK0pyRVhtOQpSYVdaSHRVQUFBRVF3S3VJUDhDcmlEOEFBQUFUWldOa2MyRXRjMmhoTWkxdWFYTjBjRFV5TVFBQUFBaHVhWE4wY0RVeU1RCkFBQUlVRUFJMXlVcjkxcDJBT0V2ZXAvazRtVEp3Y2pqRkk3RWFxdXhoOExnd1BMS1JmRVB4VTFXQnh6cDBtK3VRbForVGMKNDE0ZG1ScFVDODhrMkhjS2p5bHZZcHJZQWJkSEQ4bHR4K3ZTOCt6dUJrdk9IZGFJOXZ2M2crVEwvZlRWeFIvVEk3VVNqVQpxWVQ3aVpCQnU2eFZWUGw4cGl4WFpDMHdTeGw3UGlheEY1dlVXbG1SN1ZBQUFBUWdHejV4eUpMUjZPM2FNTHAzL2IyZlNaCklPK2VVb1ZSb2RkY1UvcEFGQU01eW1tZTlmeGg2YStVWHgzWndnUlVsOEtPMFUrMkFzUUVoS25jTWRhUFVXOVFJUUFBQUEKOUZSRkJOSUdSbGNHeHZlU0JyWlhrQkFnTT0KLS0tLS1FTkQgT1BFTlNTSCBQUklWQVRFIEtFWS0tLS0tCg== ssh-publickey: ZWNkc2Etc2hhMi1uaXN0cDUyMSBBQUFBRTJWalpITmhMWE5vWVRJdGJtbHpkSEExTWpFQUFBQUlibWx6ZEhBMU1qRUFBQUNGQkFDTmNsSy9kYWRnRGhMM3FmNU9Ka3ljSEk0eFNPeEdxcnNZZkM0TUR5eWtYeEQ4Vk5WZ2NjNmRKdnJrSldmazNPTmVIWmthVkF2UEpOaDNDbzhwYjJLYTJBRzNSdy9KYmNmcjB2UHM3Z1pMemgzV2lQYjc5NFBreS8zMDFjVWYweU8xRW8xS21FKzRtUVFidXNWVlQ1ZktZc1YyUXRNRXNaZXo0bXNSZWIxRnBaa2UxUT09IEVEUE0gZGVwbG95IGtleQo= kind: Secret metadata: name: dataplane-ansible-ssh-private-key-secret namespace: openstack type: Opaque --- apiVersion: v1 data: LibvirtPassword: MTIzNDU2Nzg= kind: Secret metadata: name: libvirt-secret namespace: openstack type: Opaque --- apiVersion: v1 data: ssh-privatekey: LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFyQUFBQUJObFkyUnpZUwoxemFHRXlMVzVwYzNSd05USXhBQUFBQ0c1cGMzUndOVEl4QUFBQWhRUUFxZ2huOFVOYmZUZTlVM3NtazA1RnhqSHBHU3dNCnVKZHprZlVtVkZGS0E1cGl2SkpHMGN0UEs4c3hTSHJiV1RLbHZXODN5bDlzaGhIb3ZNTjNKaXBBUUNjQXdTSHJKc2VnbDYKZ3ppamE2UElFSTdPM3BRdzM5Y0Z1WEtKTi9TNHU0dGtkWWFGTEVMZVNRWWEvSGZlYnFuYVFYcWFMUWZ5aFIybUdYT2lHSApuWnZkQUdFQUFBRVFNREtXSHpBeWxoOEFBQUFUWldOa2MyRXRjMmhoTWkxdWFYTjBjRFV5TVFBQUFBaHVhWE4wY0RVeU1RCkFBQUlVRUFLb0laL0ZEVzMwM3ZWTjdKcE5PUmNZeDZSa3NETGlYYzVIMUpsUlJTZ09hWXJ5U1J0SExUeXZMTVVoNjIxa3kKcGIxdk44cGZiSVlSNkx6RGR5WXFRRUFuQU1FaDZ5YkhvSmVvTTRvMnVqeUJDT3p0NlVNTi9YQmJseWlUZjB1THVMWkhXRwpoU3hDM2trR0d2eDMzbTZwMmtGNm1pMEg4b1VkcGhsem9oaDUyYjNRQmhBQUFBUWdFMU93V0JNTnd5WHUrK2NWRWlFLy9ICnFmejN2WkkwaEZYQmFrRzRQcHpQNW94Z3ROU1BxMllLdU9YMElESHYzRWdTUWZMYnhEeTU4Z0JnL3I1c29aaXpyZ0FBQUEKNU9iM1poSUcxcFozSmhkR2x2YmdFQ0F3UT0KLS0tLS1FTkQgT1BFTlNTSCBQUklWQVRFIEtFWS0tLS0tCg== ssh-publickey: ZWNkc2Etc2hhMi1uaXN0cDUyMSBBQUFBRTJWalpITmhMWE5vWVRJdGJtbHpkSEExTWpFQUFBQUlibWx6ZEhBMU1qRUFBQUNGQkFDcUNHZnhRMXQ5TjcxVGV5YVRUa1hHTWVrWkxBeTRsM09SOVNaVVVVb0RtbUs4a2tiUnkwOHJ5ekZJZXR0Wk1xVzliemZLWDJ5R0VlaTh3M2NtS2tCQUp3REJJZXNteDZDWHFET0tOcm84Z1FqczdlbEREZjF3VzVjb2szOUxpN2kyUjFob1VzUXQ1SkJocjhkOTV1cWRwQmVwb3RCL0tGSGFZWmM2SVllZG05MEFZUT09IE5vdmEgbWlncmF0aW9uCg== kind: Secret metadata: name: nova-migration-ssh-key namespace: openstack type: kubernetes.io/ssh-auth --- apiVersion: dataplane.openstack.org/v1beta1 kind: OpenStackDataPlaneNodeSet metadata: name: openstack-edpm namespace: openstack spec: env: - name: ANSIBLE_FORCE_COLOR value: "True" networkAttachments: - ctlplane nodeTemplate: ansible: ansiblePort: 22 ansibleUser: zuul ansibleVars: edpm_fips_mode: check edpm_network_config_hide_sensitive_logs: false edpm_network_config_os_net_config_mappings: edpm-compute-0: nic2: "52:54:00:17:05:43" edpm-compute-1: nic2: "52:54:00:17:05:44" edpm-compute-2: nic2: "52:54:00:17:05:46" edpm_network_config_template: | --- {% set mtu_list = [ctlplane_mtu] %} {% for network in nodeset_networks %} {% set _ = mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) %} {%- endfor %} {% set min_viable_mtu = mtu_list | max %} network_config: - type: ovs_bridge name: {{ neutron_physical_bridge_name }} mtu: {{ min_viable_mtu }} use_dhcp: false dns_servers: {{ ctlplane_dns_nameservers }} domain: {{ dns_search_domains }} addresses: - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_cidr }} routes: {{ ctlplane_host_routes }} members: - type: interface name: nic2 mtu: {{ min_viable_mtu }} primary: true {% for network in nodeset_networks %} - type: vlan mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} addresses: - ip_netmask: >- {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} {% endfor %} edpm_nodes_validation_validate_controllers_icmp: false edpm_nodes_validation_validate_gateway_icmp: false edpm_ovn_bridge_mappings: - datacentre:br-ex - seg1:br-ex-100 - seg2:br-ex-101 edpm_sshd_allowed_ranges: - 192.168.122.0/24 edpm_sshd_configure_firewall: true gather_facts: false neutron_physical_bridge_name: br-ex neutron_public_interface_name: eth0 timesync_ntp_servers: - hostname: pool.ntp.org ansibleSSHPrivateKeySecret: dataplane-ansible-ssh-private-key-secret managementNetwork: ctlplane networks: - defaultRoute: true name: ctlplane subnetName: subnet1 - name: internalapi subnetName: subnet1 - name: storage subnetName: subnet1 - name: tenant subnetName: subnet1 nodes: edpm-compute-0: ansible: ansibleHost: 192.168.122.100 hostName: compute-0 networks: - defaultRoute: true fixedIP: 192.168.122.100 name: ctlplane subnetName: subnet1 - fixedIP: 172.17.0.100 name: internalapi subnetName: subnet1 - fixedIP: 172.18.0.100 name: storage subnetName: subnet1 - fixedIP: 172.19.0.100 name: tenant subnetName: subnet1 edpm-compute-1: ansible: ansibleHost: 192.168.122.101 hostName: compute-1 networks: - defaultRoute: true fixedIP: 192.168.122.101 name: ctlplane subnetName: subnet1 - fixedIP: 172.17.0.101 name: internalapi subnetName: subnet1 - fixedIP: 172.18.0.101 name: storage subnetName: subnet1 - fixedIP: 172.19.0.101 name: tenant subnetName: subnet1 edpm-compute-2: ansible: ansibleHost: 192.168.122.102 hostName: compute-2 networks: - defaultRoute: true fixedIP: 192.168.122.102 name: ctlplane subnetName: subnet1 - fixedIP: 172.17.0.102 name: internalapi subnetName: subnet1 - fixedIP: 172.18.0.102 name: storage subnetName: subnet1 - fixedIP: 172.19.0.102 name: tenant subnetName: subnet1 preProvisioned: true services: - bootstrap - download-cache - configure-network - validate-network - install-os - configure-os - ssh-known-hosts - run-os - reboot-os - install-certs - ovn - neutron-ovn - libvirt - nova-custom --- apiVersion: dataplane.openstack.org/v1beta1 kind: OpenStackDataPlaneService metadata: name: nova-custom namespace: openstack spec: caCerts: combined-ca-bundle containerImageFields: - NovaComputeImage - EdpmIscsidImage dataSources: - configMapRef: name: nova-custom-config - secretRef: name: nova-cell1-compute-config - secretRef: name: nova-migration-ssh-key edpmServiceType: nova label: dataplane-deployment-nova-custom playbook: osp.edpm.nova tlsCerts: default: contents: - dnsnames - ips edpmRoleServiceName: nova issuer: osp-rootca-issuer-internal networks: - ctlplane