EOSC LOT3 testing deployment based on the demo

9069fdcd · František Dvořák · a092d5cc · 9069fdcd · 9069fdcd · 9069fdcd
Commit 9069fdcd authored 11 months ago by František Dvořák
--- a/demo/playbooks/squid.yaml
+++ b/demo/playbooks/squid.yaml
--- a/demo/playbooks/templates/etc/exports
+++ b/demo/playbooks/templates/etc/exports
--- a/demo/playbooks/templates/etc/mailutils.conf
+++ b/demo/playbooks/templates/etc/mailutils.conf
--- a/demo/playbooks/templates/etc/squid
+++ b/demo/playbooks/templates/etc/squid
--- a/demo/terraform/.gitignore
+++ b/demo/terraform/.gitignore
--- a/demo/terraform/cloud-init.yaml
+++ b/demo/terraform/cloud-init.yaml
--- a/demo/terraform/terraform.tfvars
+++ b/demo/terraform/terraform.tfvars
@@ -2,7 +2,7 @@
 ip_pool  = "public-muni-147-251-124-GROUP"
 net_name = "group-project-network"
 net6_name = "public-muni-v6-432"
-site_name = "demo"
+site_name = "testing"

 # These may need some adjustment for your provider
 master_cpus = 2    # 2 CPUs to match existing flavours
@@ -15,7 +15,7 @@ gpu_flavor_name = "a3.32core-240ram-1t4"
 extra_workers = 1

 # Number of GPU workers
-gpu_workers = 1
+gpu_workers = 0

 # volumes for docker
 docker_volumes_size = 384

--- a/demo/terraform/vars.tf
+++ b/demo/terraform/vars.tf
--- a/demo/terraform/versions.tf
+++ b/demo/terraform/versions.tf
+provider "openstack" {
+}
+
 terraform {
  required_providers {
    local = "~> 2.0"

--- a/demo/terraform/vms.tf
+++ b/demo/terraform/vms.tf
-provider "openstack" {
-}
-
 locals {
  nodes = concat([
    openstack_compute_instance_v2.ingress,
@@ -15,71 +12,99 @@ locals {

 # Security groups

-resource "openstack_compute_secgroup_v2" "ping" {
+resource "openstack_networking_secgroup_v2" "ping" {
  name        = "ping"
  description = "ICMP for ping"
-
-  rule {
-    from_port   = 8
-    to_port     = 0
-    ip_protocol = "icmp"
-    cidr        = "0.0.0.0/0"
-  }
-  rule {
-    from_port   = 128
-    to_port     = 0
-    # initial installation (bug in terraform): ip_protocol = "icmp"
-    ip_protocol = "ipv6-icmp"
-    cidr        = "::/0"
-  }
 }

-resource "openstack_compute_secgroup_v2" "ssh" {
+resource "openstack_networking_secgroup_v2" "ssh" {
  name        = "ssh"
  description = "ssh connection"
-
-  rule {
-    from_port   = 22
-    to_port     = 22
-    ip_protocol = "tcp"
-    cidr        = "0.0.0.0/0"
-  }
-  rule {
-    from_port   = 22
-    to_port     = 22
-    ip_protocol = "tcp"
-    cidr        = "::/0"
-  }
 }

-resource "openstack_compute_secgroup_v2" "http" {
+resource "openstack_networking_secgroup_v2" "http" {
  name        = "http"
  description = "http/https"
+}

-  rule {
-    from_port   = 80
-    to_port     = 80
-    ip_protocol = "tcp"
-    cidr        = "0.0.0.0/0"
-  }
-  rule {
-    from_port   = 80
-    to_port     = 80
-    ip_protocol = "tcp"
-    cidr        = "::/0"
-  }
-  rule {
-    from_port   = 443
-    to_port     = 443
-    ip_protocol = "tcp"
-    cidr        = "0.0.0.0/0"
-  }
-  rule {
-    from_port   = 443
-    to_port     = 443
-    ip_protocol = "tcp"
-    cidr        = "::/0"
-  }
+resource "openstack_networking_secgroup_rule_v2" "ping4" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  port_range_min    = 8
+  port_range_max    = 0
+  protocol          = "icmp"
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.ping.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "ping6" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  port_range_min    = 128
+  port_range_max    = 0
+  protocol          = "icmp"
+  remote_ip_prefix  = "::/0"
+  security_group_id = openstack_networking_secgroup_v2.ping.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "ssh4" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  port_range_min    = 22
+  port_range_max    = 22
+  protocol          = "tcp"
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.ssh.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "ssh6" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  port_range_min    = 22
+  port_range_max    = 22
+  protocol          = "tcp"
+  remote_ip_prefix  = "::/0"
+  security_group_id = openstack_networking_secgroup_v2.ssh.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "http4" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  port_range_min    = 80
+  port_range_max    = 80
+  protocol          = "tcp"
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.http.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "http6" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  port_range_min    = 80
+  port_range_max    = 80
+  protocol          = "tcp"
+  remote_ip_prefix  = "::/0"
+  security_group_id = openstack_networking_secgroup_v2.http.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "https4" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  port_range_min    = 443
+  port_range_max    = 443
+  protocol          = "tcp"
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = openstack_networking_secgroup_v2.http.id
+}
+
+resource "openstack_networking_secgroup_rule_v2" "https6" {
+  direction         = "ingress"
+  ethertype         = "IPv6"
+  port_range_min    = 443
+  port_range_max    = 443
+  protocol          = "tcp"
+  remote_ip_prefix  = "::/0"
+  security_group_id = openstack_networking_secgroup_v2.http.id
 }

 resource "openstack_networking_floatingip_v2" "public_ip" {
@@ -108,7 +133,7 @@ resource "openstack_compute_instance_v2" "master" {
  name     = "k8s-${var.site_name}-master"
  image_id = data.openstack_images_image_v2.ubuntu.id
  flavor_id       = data.openstack_compute_flavor_v2.master-flavor.id
-  security_groups = ["default", openstack_compute_secgroup_v2.ping.name, openstack_compute_secgroup_v2.ssh.name]
+  security_groups = ["default", openstack_networking_secgroup_v2.ping.name, openstack_networking_secgroup_v2.ssh.name]
  user_data       = file("cloud-init.yaml")
  tags            = ["master"]
  network {
@@ -123,7 +148,7 @@ resource "openstack_compute_instance_v2" "nfs" {
  name            = "k8s-${var.site_name}-nfs"
  image_id        = data.openstack_images_image_v2.ubuntu.id
  flavor_id       = data.openstack_compute_flavor_v2.worker-flavor.id
-  security_groups = ["default", openstack_compute_secgroup_v2.ping.name, openstack_compute_secgroup_v2.ssh.name]
+  security_groups = ["default", openstack_networking_secgroup_v2.ping.name, openstack_networking_secgroup_v2.ssh.name]
  user_data       = file("cloud-init.yaml")
  tags            = ["worker"]
  network {
@@ -138,7 +163,7 @@ resource "openstack_compute_instance_v2" "ingress" {
  name            = "k8s-${var.site_name}-w-ingress"
  image_id        = data.openstack_images_image_v2.ubuntu.id
  flavor_id       = data.openstack_compute_flavor_v2.worker-flavor.id
-  security_groups = ["default", openstack_compute_secgroup_v2.ping.name, openstack_compute_secgroup_v2.ssh.name, openstack_compute_secgroup_v2.http.name]
+  security_groups = ["default", openstack_networking_secgroup_v2.ping.name, openstack_networking_secgroup_v2.ssh.name, openstack_networking_secgroup_v2.http.name]
  user_data       = file("cloud-init.yaml")
  tags            = ["worker"]
  network {
@@ -154,7 +179,7 @@ resource "openstack_compute_instance_v2" "worker" {
  name            = "k8s-${var.site_name}-worker-${count.index}"
  image_id        = data.openstack_images_image_v2.ubuntu.id
  flavor_id       = data.openstack_compute_flavor_v2.worker-flavor.id
-  security_groups = ["default", openstack_compute_secgroup_v2.ping.name, openstack_compute_secgroup_v2.ssh.name]
+  security_groups = ["default", openstack_networking_secgroup_v2.ping.name, openstack_networking_secgroup_v2.ssh.name]
  user_data       = file("cloud-init.yaml")
  tags            = ["worker"]
  network {
@@ -170,7 +195,7 @@ resource "openstack_compute_instance_v2" "gpu" {
  name            = "k8s-${var.site_name}-gpu-${count.index}"
  image_id        = data.openstack_images_image_v2.ubuntu.id
  flavor_id       = data.openstack_compute_flavor_v2.gpu-flavor.id
-  security_groups = ["default", openstack_compute_secgroup_v2.ping.name, openstack_compute_secgroup_v2.ssh.name]
+  security_groups = ["default", openstack_networking_secgroup_v2.ping.name, openstack_networking_secgroup_v2.ssh.name]
  user_data       = file("cloud-init.yaml")
  tags = ["worker"]
  network {
@@ -237,12 +262,15 @@ if ! dumpe2fs -h "$device" >/dev/null 2>&1; then
 	mkfs.ext4 -L DOCKER "$device"
 	grep -q 'LABEL=DOCKER' /etc/fstab || /bin/echo -e "LABEL=DOCKER\t/var/lib/docker/overlay2\text4\tdefaults,x-systemd.before=local-fs.target\t0\t0" | tee -a /etc/fstab
 	mkdir -p /var/lib/docker/overlay2 2>/dev/null || true
-	service docker stop >/dev/null 2>&1 || true
+	systemctl stop docker kubelet >/dev/null 2>&1 || true
 	sleep 10
+	systemctl stop docker kubelet >/dev/null 2>&1 || true
+	umount /var/lib/docker/overlay2 2>&1 || true
 	mount "$device" /mnt
 	mv /var/lib/docker/overlay2/* /mnt >/dev/null 2>&1 || true
 	umount /mnt
 	mount -a
+	systemctl start docker kubelet >/dev/null 2>&1 || true
 fi
 EOT
 }