Update with latest terraform templates from the master branch.

ci/infra/openstack/README.md

@@ -42,3 +42,14 @@ exposed by a load balancer managed by OpenStack.
 
 Copy the `terraform.tfvars.example` to `terraform.tfvars` and
 provide reasonable values.
+
+## Variables
+
+`image_name` - Name of the image to use
+`internal_net` - Name of the internal network to be created
+`stack_name` - Identifier to make all your resources unique and avoid clashes with other users of this terraform project
+`authorized_keys` - A list of ssh public keys that will be installed on all nodes
+`repositories` - Additional repositories that will be added on all nodes
+`packages` - Additional packages that will be installed on all nodes
+`caasp_registry_code` - Provide SUSE CaaSP Product Registration Code in 
+`registration.auto.tfvars` file to register product against official repositories

ci/infra/openstack/cloud-init/commands.tpl

@@ -0,0 +1 @@
+ - [ zypper, -n, install, ${packages} ]

ci/infra/openstack/cloud-init/master.tpl

@@ -16,6 +16,14 @@ chpasswd:
 ssh_authorized_keys:
 ${authorized_keys}
 
+ntp:
+ enabled: true
+ ntp_client: chrony
+ config:
+ confpath: /etc/chrony.conf
+ servers:
+${ntp_servers}
+
 # need to disable gpg checks because the cloud image has an untrusted repo
 zypper:
  repos:
@@ -28,10 +36,16 @@ ${repositories}
 # need to remove the standard docker packages that are pre-installed on the
 # cloud image because they conflict with the kubic- ones that are pulled by
 # the kubernetes packages
-packages:
-${packages}
+# WARNING!!! Do not use cloud-init packages module when SUSE CaaSP Registraion
+# Code is provided. In this case repositories will be added in runcmd module 
+# with SUSEConnect command after packages module is ran
+#packages:
 
 bootcmd:
  - ip link set dev eth0 mtu 1400
 
+runcmd:
+${registration}
+${commands}
+
 final_message: "The system is finally up, after $UPTIME seconds"

ci/infra/openstack/cloud-init/registration.tpl

@@ -0,0 +1,3 @@
+ - [ SUSEConnect, -r, ${caasp_registry_code} ]
+ - [ SUSEConnect, -p, sle-module-containers/15.1/x86_64 ]
+ - [ SUSEConnect, -p, caasp/4.0/x86_64, -r, ${caasp_registry_code} ]

ci/infra/openstack/cloud-init/worker.tpl

@@ -16,6 +16,14 @@ chpasswd:
 ssh_authorized_keys:
 ${authorized_keys}
 
+ntp:
+ enabled: true
+ ntp_client: chrony
+ config:
+ confpath: /etc/chrony.conf
+ servers:
+${ntp_servers}
+
 # need to disable gpg checks because the cloud image has an untrusted repo
 zypper:
  repos:
@@ -28,10 +36,16 @@ ${repositories}
 # need to remove the standard docker packages that are pre-installed on the
 # cloud image because they conflict with the kubic- ones that are pulled by
 # the kubernetes packages
-packages:
-${packages}
+# WARNING!!! Do not use cloud-init packages module when SUSE CaaSP Registraion
+# Code is provided. In this case repositories will be added in runcmd module
+# with SUSEConnect command after packages module is ran
+#packages:
 
 bootcmd:
  - ip link set dev eth0 mtu 1400
 
+runcmd:
+${registration}
+${commands}
+
 final_message: "The system is finally up, after $UPTIME seconds"

ci/infra/openstack/load-balancer.tf

@@ -1,16 +1,17 @@
 resource "openstack_lb_loadbalancer_v2" "lb" {
- name = "${var.stack_name}-lb"
+ name  = "${var.stack_name}-lb"
  vip_subnet_id = "${openstack_networking_subnet_v2.subnet.id}"
+
  security_group_ids = [
- "${openstack_compute_secgroup_v2.secgroup_master_lb.id}"
+ "${openstack_compute_secgroup_v2.secgroup_master_lb.id}",
  ]
 }
 
 resource "openstack_lb_listener_v2" "listener" {
- protocol = "TCP"
- protocol_port = "6443"
+ protocol  = "TCP"
+ protocol_port  = "6443"
  loadbalancer_id = "${openstack_lb_loadbalancer_v2.lb.id}"
- name = "${var.stack_name}-api-server-listener"
+ name  = "${var.stack_name}-api-server-listener"
 }
 
 resource "openstack_lb_pool_v2" "pool" {
@@ -21,15 +22,15 @@ resource "openstack_lb_pool_v2" "pool" {
 }
 
 resource "openstack_lb_member_v2" "member" {
- count = "${var.masters}"
- pool_id = "${openstack_lb_pool_v2.pool.id}"
- address = "${element(openstack_compute_instance_v2.master.*.access_ip_v4, count.index)}"
- subnet_id = "${openstack_networking_subnet_v2.subnet.id}"
+ count  = "${var.masters}"
+ pool_id  = "${openstack_lb_pool_v2.pool.id}"
+ address  = "${element(openstack_compute_instance_v2.master.*.access_ip_v4, count.index)}"
+ subnet_id  = "${openstack_networking_subnet_v2.subnet.id}"
  protocol_port = 6443
 }
 
 resource "openstack_networking_floatingip_v2" "lb_ext" {
- pool = "${var.external_net}"
+ pool  = "${var.external_net}"
  port_id = "${openstack_lb_loadbalancer_v2.lb.vip_port_id}"
 }
 

ci/infra/openstack/master-instance.tf

@@ -8,26 +8,48 @@ data "template_file" "master_repositories" {
  }
 }
 
+data "template_file" "master_registration" {
+ template = "${file("cloud-init/registration.tpl")}"
+ count = "${var.caasp_registry_code == "" ? 0 : 1}"
+
+ vars {
+ caasp_registry_code = "${var.caasp_registry_code}"
+ packages = "${join(", ", var.packages)}"
+ }
+}
+
+data "template_file" "master_commands" {
+ template = "${file("cloud-init/commands.tpl")}"
+
+ vars {
+ packages = "${join(", ", var.packages)}"
+ }
+}
+
 data "template_file" "master-cloud-init" {
  template = "${file("cloud-init/master.tpl")}"
 
  vars {
  authorized_keys = "${join("\n", formatlist(" - %s", var.authorized_keys))}"
  repositories = "${join("\n", data.template_file.master_repositories.*.rendered)}"
- packages = "${join("\n", formatlist(" - %s", var.packages))}"
- username = "${var.username}"
- password = "${var.password}"
+ registration = "${join("\n", data.template_file.master_registration.*.rendered)}"
+ commands = "${join("\n", data.template_file.master_commands.*.rendered)}"
+ username = "${var.username}"
+ password = "${var.password}"
+ ntp_servers = "${join("\n", formatlist (" - %s", var.ntp_servers))}"
  }
 }
 
 resource "openstack_compute_instance_v2" "master" {
  count = "${var.masters}"
  name = "caasp-master-${var.stack_name}-${count.index}"
  image_name = "${var.image_name}"
+
  depends_on = [
  "openstack_networking_network_v2.network",
- "openstack_networking_subnet_v2.subnet"
+ "openstack_networking_subnet_v2.subnet",
  ]
+
  flavor_name = "${var.master_size}"
 
  network {
@@ -55,16 +77,20 @@ resource "openstack_compute_floatingip_associate_v2" "master_ext_ip" {
 
 resource "null_resource" "master_wait_cloudinit" {
  count = "${var.masters}"
+
  connection {
  host = "${element(openstack_compute_floatingip_associate_v2.master_ext_ip.*.floating_ip, count.index)}"
  user = "${var.username}"
  password = "${var.password}"
  type = "ssh"
  }
 
+ depends_on = ["openstack_compute_instance_v2.master"]
+
  provisioner "remote-exec" {
  inline = [
- "cloud-init status --wait"
+ "cloud-init status --wait > /dev/null",
+ "sudo reboot&",
  ]
  }
 }

ci/infra/openstack/output.tf

@@ -13,6 +13,7 @@ output "ip_workers" {
 output "ip_internal_load_balancer" {
  value = "${openstack_lb_loadbalancer_v2.lb.vip_address}"
 }
+
 output "ip_ext_load_balancer" {
  value = "${openstack_networking_floatingip_v2.lb_ext.address}"
 }

ci/infra/openstack/registration.auto.tfvars

@@ -0,0 +1,3 @@
+
+# SUSE CaaSP Product Registration Code
+#caasp_registry_code = ""

ci/infra/openstack/security-groups.tf

@@ -1,6 +1,6 @@
 resource "openstack_compute_secgroup_v2" "secgroup_base" {
  name = "caasp-base-${var.stack_name}"
- description = "Basic security group for AG"
+ description = "Basic security group"
 
  rule {
  from_port = -1
@@ -33,7 +33,7 @@ resource "openstack_compute_secgroup_v2" "secgroup_base" {
 
 resource "openstack_compute_secgroup_v2" "secgroup_master" {
  name = "caasp-master-${var.stack_name}"
- description = "AG security group for masters"
+ description = "security group for masters"
 
  rule {
  from_port = 2380
@@ -73,7 +73,7 @@ resource "openstack_compute_secgroup_v2" "secgroup_master" {
 
 resource "openstack_compute_secgroup_v2" "secgroup_worker" {
  name = "caasp-worker-${var.stack_name}"
- description = "AG security group for workers"
+ description = "security group for workers"
 
  rule {
  from_port = 80
@@ -141,7 +141,7 @@ resource "openstack_compute_secgroup_v2" "secgroup_worker" {
 
 resource "openstack_compute_secgroup_v2" "secgroup_master_lb" {
  name = "caasp-master-lb-${var.stack_name}"
- description = "AG security group for master load balancers"
+ description = "security group for master load balancers"
 
  rule {
  from_port = 6443

ci/infra/openstack/terraform.tfvars.example

@@ -1,20 +1,99 @@
+# Name of the image to use
+# EXAMPLE:
+# image_name = "SLE-15-SP1-JeOS-GMC"
+image_name = ""
+
 # Name of the internal network to be created
-internal_net = "testing"
+# EXAMPLE:
+# internal_net = "testing"
+internal_net = ""
+
+# Name of the external network to be used, the one used to allocate floating IPs
+# EXAMPLE:
+# external_net = "floating"
+external_net = ""
+
+# Identifier to make all your resources unique and avoid clashes with other users of this terraform project
+stack_name = "my-caasp-cluster"
+
+# CIDR of the subnet for the internal network
+# EXAMPLE:
+# subnet_cidr = "172.28.0.0/24"
+subnet_cidr = ""
+
+# DNS servers for the nodes
+# EXAMPLE:
+# "dns_nameservers" = [
+# "172.28.0.2",
+# "8.8.8.8"
+# ]
+"dns_nameservers" = []
+
+# Number of master nodes
+masters = 1
+
+# Number of worker nodes
+workers = 2
+
+# Size of the master nodes
+# EXAMPLE:
+# master_size = "m1.medium"
+master_size = ""
 
-# identifier to make all your resources unique and avoid clashes with other users of this terraform project
-stack_name = "testing"
+# Size of the worker nodes
+# EXAMPLE:
+# worker_size = "m1.medium"
+worker_size = ""
 
-# define which image to use
-# image_name = ""
+# Attach persistent volumes to workers
+workers_vol_enabled = 0
+
+# Size of the worker volumes in GB
+workers_vol_size = 5
+
+# Name of DNS domain
+# dnsdomain = "my.domain.com"
+dnsdomain = ""
+
+# Set DNS Entry (0 is false, 1 is true)
+dnsentry = 0
+
+# Username for the cluster nodes
+# EXAMPLE:
+# username = "sles"
+username = ""
+
+# Password for the cluster nodes
+# EXAMPLE:
+# password = "linux"
+password = ""
 
 # define the repositories to use
+# EXAMPLE:
 # repositories = [
-# {
-# caasp_devel_leap15 = "https://download.opensuse.org/repositories/devel:/CaaSP:/Head:/ControllerNode/openSUSE_Leap_15.0"
-# }
+# { repository1 = "http://example.my.repo.com/repository1/" },
+# { repository2 = "http://example.my.repo.com/repository2/" }
 # ]
+repositories = []
+
+# Minimum required packages. Do not remove them.
+# Feel free to add more packages
+packages = [
+ "kernel-default",
+ "-kernel-default-base",
+ "kubernetes-kubeadm",
+ "kubernetes-kubelet",
+ "kubernetes-client"
+]
 
 # ssh keys to inject into all the nodes
+# EXAMPLE:
+# authorized_keys = [
+# "ssh-rsa <key-content>"
+# ]
 authorized_keys = [
  ""
 ]
+
+# IMPORTANT: Replace these ntp servers with ones from your infrastructure
+ntp_servers = ["0.novell.pool.ntp.org", "1.novell.pool.ntp.org", "2.novell.pool.ntp.org", "3.novell.pool.ntp.org"]

ci/infra/openstack/terraform.tfvars.sles.example

@@ -8,7 +8,7 @@ stack_name = "testing"
 username = "sles"
 
 # define which image to use
-image_name = "SLES15-SP1-JeOS-RC1-with-fixed-kernel-default"
+image_name = "SLE-15-SP1-JeOS-GMC"
 
 # Number of master nodes
 masters = 1
@@ -39,6 +39,8 @@ repositories = [
 ]
 
 packages = [
+ "kernel-default",
+ "-kernel-default-base",
  "ca-certificates-suse",
  "kubernetes-kubeadm",
  "kubernetes-kubelet",
@@ -49,3 +51,6 @@ packages = [
 authorized_keys = [
  ""
 ]
+
+# IMPORTANT: Replace these ntp servers with ones from your infrastructure
+ntp_servers = ["0.novell.pool.ntp.org", "1.novell.pool.ntp.org", "2.novell.pool.ntp.org", "3.novell.pool.ntp.org"]