Skip to content
Snippets Groups Projects
Commit 9069fdcd authored by František Dvořák's avatar František Dvořák
Browse files

EOSC LOT3 testing deployment based on the demo

parent a092d5cc
No related branches found
No related tags found
No related merge requests found
File moved
File moved
File moved
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
ip_pool = "public-muni-147-251-124-GROUP" ip_pool = "public-muni-147-251-124-GROUP"
net_name = "group-project-network" net_name = "group-project-network"
net6_name = "public-muni-v6-432" net6_name = "public-muni-v6-432"
site_name = "demo" site_name = "testing"
# These may need some adjustment for your provider # These may need some adjustment for your provider
master_cpus = 2 # 2 CPUs to match existing flavours master_cpus = 2 # 2 CPUs to match existing flavours
...@@ -15,7 +15,7 @@ gpu_flavor_name = "a3.32core-240ram-1t4" ...@@ -15,7 +15,7 @@ gpu_flavor_name = "a3.32core-240ram-1t4"
extra_workers = 1 extra_workers = 1
# Number of GPU workers # Number of GPU workers
gpu_workers = 1 gpu_workers = 0
# volumes for docker # volumes for docker
docker_volumes_size = 384 docker_volumes_size = 384
......
File moved
provider "openstack" {
}
terraform { terraform {
required_providers { required_providers {
local = "~> 2.0" local = "~> 2.0"
......
provider "openstack" {
}
locals { locals {
nodes = concat([ nodes = concat([
openstack_compute_instance_v2.ingress, openstack_compute_instance_v2.ingress,
...@@ -15,71 +12,99 @@ locals { ...@@ -15,71 +12,99 @@ locals {
# Security groups # Security groups
resource "openstack_compute_secgroup_v2" "ping" { resource "openstack_networking_secgroup_v2" "ping" {
name = "ping" name = "ping"
description = "ICMP for ping" description = "ICMP for ping"
rule {
from_port = 8
to_port = 0
ip_protocol = "icmp"
cidr = "0.0.0.0/0"
}
rule {
from_port = 128
to_port = 0
# initial installation (bug in terraform): ip_protocol = "icmp"
ip_protocol = "ipv6-icmp"
cidr = "::/0"
}
} }
resource "openstack_compute_secgroup_v2" "ssh" { resource "openstack_networking_secgroup_v2" "ssh" {
name = "ssh" name = "ssh"
description = "ssh connection" description = "ssh connection"
rule {
from_port = 22
to_port = 22
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}
rule {
from_port = 22
to_port = 22
ip_protocol = "tcp"
cidr = "::/0"
}
} }
resource "openstack_compute_secgroup_v2" "http" { resource "openstack_networking_secgroup_v2" "http" {
name = "http" name = "http"
description = "http/https" description = "http/https"
rule {
from_port = 80
to_port = 80
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}
rule {
from_port = 80
to_port = 80
ip_protocol = "tcp"
cidr = "::/0"
}
rule {
from_port = 443
to_port = 443
ip_protocol = "tcp"
cidr = "0.0.0.0/0"
}
rule {
from_port = 443
to_port = 443
ip_protocol = "tcp"
cidr = "::/0"
} }
resource "openstack_networking_secgroup_rule_v2" "ping4" {
direction = "ingress"
ethertype = "IPv4"
port_range_min = 8
port_range_max = 0
protocol = "icmp"
remote_ip_prefix = "0.0.0.0/0"
security_group_id = openstack_networking_secgroup_v2.ping.id
}
resource "openstack_networking_secgroup_rule_v2" "ping6" {
direction = "ingress"
ethertype = "IPv6"
port_range_min = 128
port_range_max = 0
protocol = "icmp"
remote_ip_prefix = "::/0"
security_group_id = openstack_networking_secgroup_v2.ping.id
}
resource "openstack_networking_secgroup_rule_v2" "ssh4" {
direction = "ingress"
ethertype = "IPv4"
port_range_min = 22
port_range_max = 22
protocol = "tcp"
remote_ip_prefix = "0.0.0.0/0"
security_group_id = openstack_networking_secgroup_v2.ssh.id
}
resource "openstack_networking_secgroup_rule_v2" "ssh6" {
direction = "ingress"
ethertype = "IPv6"
port_range_min = 22
port_range_max = 22
protocol = "tcp"
remote_ip_prefix = "::/0"
security_group_id = openstack_networking_secgroup_v2.ssh.id
}
resource "openstack_networking_secgroup_rule_v2" "http4" {
direction = "ingress"
ethertype = "IPv4"
port_range_min = 80
port_range_max = 80
protocol = "tcp"
remote_ip_prefix = "0.0.0.0/0"
security_group_id = openstack_networking_secgroup_v2.http.id
}
resource "openstack_networking_secgroup_rule_v2" "http6" {
direction = "ingress"
ethertype = "IPv6"
port_range_min = 80
port_range_max = 80
protocol = "tcp"
remote_ip_prefix = "::/0"
security_group_id = openstack_networking_secgroup_v2.http.id
}
resource "openstack_networking_secgroup_rule_v2" "https4" {
direction = "ingress"
ethertype = "IPv4"
port_range_min = 443
port_range_max = 443
protocol = "tcp"
remote_ip_prefix = "0.0.0.0/0"
security_group_id = openstack_networking_secgroup_v2.http.id
}
resource "openstack_networking_secgroup_rule_v2" "https6" {
direction = "ingress"
ethertype = "IPv6"
port_range_min = 443
port_range_max = 443
protocol = "tcp"
remote_ip_prefix = "::/0"
security_group_id = openstack_networking_secgroup_v2.http.id
} }
resource "openstack_networking_floatingip_v2" "public_ip" { resource "openstack_networking_floatingip_v2" "public_ip" {
...@@ -108,7 +133,7 @@ resource "openstack_compute_instance_v2" "master" { ...@@ -108,7 +133,7 @@ resource "openstack_compute_instance_v2" "master" {
name = "k8s-${var.site_name}-master" name = "k8s-${var.site_name}-master"
image_id = data.openstack_images_image_v2.ubuntu.id image_id = data.openstack_images_image_v2.ubuntu.id
flavor_id = data.openstack_compute_flavor_v2.master-flavor.id flavor_id = data.openstack_compute_flavor_v2.master-flavor.id
security_groups = ["default", openstack_compute_secgroup_v2.ping.name, openstack_compute_secgroup_v2.ssh.name] security_groups = ["default", openstack_networking_secgroup_v2.ping.name, openstack_networking_secgroup_v2.ssh.name]
user_data = file("cloud-init.yaml") user_data = file("cloud-init.yaml")
tags = ["master"] tags = ["master"]
network { network {
...@@ -123,7 +148,7 @@ resource "openstack_compute_instance_v2" "nfs" { ...@@ -123,7 +148,7 @@ resource "openstack_compute_instance_v2" "nfs" {
name = "k8s-${var.site_name}-nfs" name = "k8s-${var.site_name}-nfs"
image_id = data.openstack_images_image_v2.ubuntu.id image_id = data.openstack_images_image_v2.ubuntu.id
flavor_id = data.openstack_compute_flavor_v2.worker-flavor.id flavor_id = data.openstack_compute_flavor_v2.worker-flavor.id
security_groups = ["default", openstack_compute_secgroup_v2.ping.name, openstack_compute_secgroup_v2.ssh.name] security_groups = ["default", openstack_networking_secgroup_v2.ping.name, openstack_networking_secgroup_v2.ssh.name]
user_data = file("cloud-init.yaml") user_data = file("cloud-init.yaml")
tags = ["worker"] tags = ["worker"]
network { network {
...@@ -138,7 +163,7 @@ resource "openstack_compute_instance_v2" "ingress" { ...@@ -138,7 +163,7 @@ resource "openstack_compute_instance_v2" "ingress" {
name = "k8s-${var.site_name}-w-ingress" name = "k8s-${var.site_name}-w-ingress"
image_id = data.openstack_images_image_v2.ubuntu.id image_id = data.openstack_images_image_v2.ubuntu.id
flavor_id = data.openstack_compute_flavor_v2.worker-flavor.id flavor_id = data.openstack_compute_flavor_v2.worker-flavor.id
security_groups = ["default", openstack_compute_secgroup_v2.ping.name, openstack_compute_secgroup_v2.ssh.name, openstack_compute_secgroup_v2.http.name] security_groups = ["default", openstack_networking_secgroup_v2.ping.name, openstack_networking_secgroup_v2.ssh.name, openstack_networking_secgroup_v2.http.name]
user_data = file("cloud-init.yaml") user_data = file("cloud-init.yaml")
tags = ["worker"] tags = ["worker"]
network { network {
...@@ -154,7 +179,7 @@ resource "openstack_compute_instance_v2" "worker" { ...@@ -154,7 +179,7 @@ resource "openstack_compute_instance_v2" "worker" {
name = "k8s-${var.site_name}-worker-${count.index}" name = "k8s-${var.site_name}-worker-${count.index}"
image_id = data.openstack_images_image_v2.ubuntu.id image_id = data.openstack_images_image_v2.ubuntu.id
flavor_id = data.openstack_compute_flavor_v2.worker-flavor.id flavor_id = data.openstack_compute_flavor_v2.worker-flavor.id
security_groups = ["default", openstack_compute_secgroup_v2.ping.name, openstack_compute_secgroup_v2.ssh.name] security_groups = ["default", openstack_networking_secgroup_v2.ping.name, openstack_networking_secgroup_v2.ssh.name]
user_data = file("cloud-init.yaml") user_data = file("cloud-init.yaml")
tags = ["worker"] tags = ["worker"]
network { network {
...@@ -170,7 +195,7 @@ resource "openstack_compute_instance_v2" "gpu" { ...@@ -170,7 +195,7 @@ resource "openstack_compute_instance_v2" "gpu" {
name = "k8s-${var.site_name}-gpu-${count.index}" name = "k8s-${var.site_name}-gpu-${count.index}"
image_id = data.openstack_images_image_v2.ubuntu.id image_id = data.openstack_images_image_v2.ubuntu.id
flavor_id = data.openstack_compute_flavor_v2.gpu-flavor.id flavor_id = data.openstack_compute_flavor_v2.gpu-flavor.id
security_groups = ["default", openstack_compute_secgroup_v2.ping.name, openstack_compute_secgroup_v2.ssh.name] security_groups = ["default", openstack_networking_secgroup_v2.ping.name, openstack_networking_secgroup_v2.ssh.name]
user_data = file("cloud-init.yaml") user_data = file("cloud-init.yaml")
tags = ["worker"] tags = ["worker"]
network { network {
...@@ -237,12 +262,15 @@ if ! dumpe2fs -h "$device" >/dev/null 2>&1; then ...@@ -237,12 +262,15 @@ if ! dumpe2fs -h "$device" >/dev/null 2>&1; then
mkfs.ext4 -L DOCKER "$device" mkfs.ext4 -L DOCKER "$device"
grep -q 'LABEL=DOCKER' /etc/fstab || /bin/echo -e "LABEL=DOCKER\t/var/lib/docker/overlay2\text4\tdefaults,x-systemd.before=local-fs.target\t0\t0" | tee -a /etc/fstab grep -q 'LABEL=DOCKER' /etc/fstab || /bin/echo -e "LABEL=DOCKER\t/var/lib/docker/overlay2\text4\tdefaults,x-systemd.before=local-fs.target\t0\t0" | tee -a /etc/fstab
mkdir -p /var/lib/docker/overlay2 2>/dev/null || true mkdir -p /var/lib/docker/overlay2 2>/dev/null || true
service docker stop >/dev/null 2>&1 || true systemctl stop docker kubelet >/dev/null 2>&1 || true
sleep 10 sleep 10
systemctl stop docker kubelet >/dev/null 2>&1 || true
umount /var/lib/docker/overlay2 2>&1 || true
mount "$device" /mnt mount "$device" /mnt
mv /var/lib/docker/overlay2/* /mnt >/dev/null 2>&1 || true mv /var/lib/docker/overlay2/* /mnt >/dev/null 2>&1 || true
umount /mnt umount /mnt
mount -a mount -a
systemctl start docker kubelet >/dev/null 2>&1 || true
fi fi
EOT EOT
} }
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment