Add controller model LMA + extras
* Test initial LMA stuff for controller model * Add a script to add tags in Landscape based on juju AZs * Sync certs and update landscape-client config on all units
This commit is contained in:
126
config/bundle_controller.yaml
Normal file
126
config/bundle_controller.yaml
Normal file
@@ -0,0 +1,126 @@
|
||||
series: bionic
|
||||
variables:
|
||||
# This is Management network, unrelated to OpenStack and other applications
|
||||
# OAM - Operations, Administration and Maintenance
|
||||
oam-space: &oam-space oam
|
||||
saas:
|
||||
graylog:
|
||||
url: admin/cpe-focal.graylog-beats
|
||||
prometheus:
|
||||
url: admin/cpe-focal.prometheus-target
|
||||
nagios:
|
||||
url: admin/cpe-focal.nagios-monitors
|
||||
machines:
|
||||
"0": {}
|
||||
"1": {}
|
||||
"2": {}
|
||||
applications:
|
||||
filebeat:
|
||||
charm: cs:filebeat-33
|
||||
bindings:
|
||||
"": *oam-space
|
||||
options:
|
||||
logpath: "/var/log/*.log /var/log/*/*.log /var/log/syslog"
|
||||
install_keys: |-
|
||||
- |
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: SKS 1.1.6
|
||||
Comment: Hostname: keyserver.ubuntu.com
|
||||
|
||||
mQENBFI3HsoBCADXDtbNJnxbPqB1vDNtCsqhe49vFYsZN9IOZsZXgp7aHjh6CJBDA+bGFOwy
|
||||
hbd7at35jQjWAw1O3cfYsKAmFy+Ar3LHCMkV3oZspJACTIgCrwnkic/9CUliQe324qvObU2Q
|
||||
RtP4Fl0zWcfb/S8UYzWXWIFuJqMvE9MaRY1bwUBvzoqavLGZj3SF1SPO+TB5QrHkrQHBsmX+
|
||||
Jda6d4Ylt8/t6CvMwgQNlrlzIO9WT+YN6zS+sqHd1YK/aY5qhoLNhp9G/HxhcSVCkLq8SStj
|
||||
1ZZ1S9juBPoXV1ZWNbxFNGwOh/NYGldD2kmBf3YgCqeLzHahsAEpvAm8TBa7Q9W21C8vABEB
|
||||
AAG0RUVsYXN0aWNzZWFyY2ggKEVsYXN0aWNzZWFyY2ggU2lnbmluZyBLZXkpIDxkZXZfb3Bz
|
||||
QGVsYXN0aWNzZWFyY2gub3JnPokBOAQTAQIAIgUCUjceygIbAwYLCQgHAwIGFQgCCQoLBBYC
|
||||
AwECHgECF4AACgkQ0n1mbNiOQrRzjAgAlTUQ1mgo3nK6BGXbj4XAJvuZDG0HILiUt+pPnz75
|
||||
nsf0NWhqR4yGFlmpuctgCmTD+HzYtV9fp9qW/bwVuJCNtKXk3sdzYABY+Yl0Cez/7C2GuGCO
|
||||
lbn0luCNT9BxJnh4mC9h/cKI3y5jvZ7wavwe41teqG14V+EoFSn3NPKmTxcDTFrV7SmVPxCB
|
||||
cQze00cJhprKxkuZMPPVqpBS+JfDQtzUQD/LSFfhHj9eD+Xe8d7sw+XvxB2aN4gnTlRzjL1n
|
||||
TRp0h2/IOGkqYfIG9rWmSLNlxhB2t+c0RsjdGM4/eRlPWylFbVMc5pmDpItrkWSnzBfkmXL3
|
||||
vO2X3WvwmSFiQbkBDQRSNx7KAQgA5JUlzcMW5/cuyZR8alSacKqhSbvoSqqbzHKcUQZmlzNM
|
||||
KGTABFG1yRx9r+wa/fvqP6OTRzRDvVS/cycws8YX7Ddum7x8uI95b9ye1/Xy5noPEm8cD+hp
|
||||
lnpU+PBQZJ5XJ2I+1l9Nixx47wPGXeClLqcdn0ayd+v+Rwf3/XUJrvccG2YZUiQ4jWZkoxsA
|
||||
07xx7Bj+Lt8/FKG7sHRFvePFU0ZS6JFx9GJqjSBbHRRkam+4emW3uWgVfZxuwcUCn1ayNgRt
|
||||
KiFv9jQrg2TIWEvzYx9tywTCxc+FFMWAlbCzi+m4WD+QUWWfDQ009U/WM0ks0KwwEwSk/UDu
|
||||
ToxGnKU2dQARAQABiQEfBBgBAgAJBQJSNx7KAhsMAAoJENJ9ZmzYjkK0c3MIAIE9hAR20mqJ
|
||||
WLcsxLtrRs6uNF1VrpB+4n/55QU7oxA1iVBO6IFu4qgsF12JTavnJ5MLaETlggXY+zDef9sy
|
||||
TPXoQctpzcaNVDmedwo1SiL03uMoblOvWpMR/Y0j6rm7IgrMWUDXDPvoPGjMl2q1iTeyHkMZ
|
||||
EyUJ8SKsaHh4jV9wp9KmC8C+9CwMukL7vM5w8cgvJoAwsp3Fn59AxWthN3XJYcnMfStkIuWg
|
||||
R7U2r+a210W6vnUxU4oN0PmMcursYPyeV0NX/KQeUeNMwGTFB6QHS/anRaGQewijkrYYoTNt
|
||||
fllxIu9XYmiBERQ/qPDlGRlOgVTd9xUfHFkzB52c70E=
|
||||
=92oX
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
install_sources: |
|
||||
- 'deb http://192.168.1.12/artifacts.elastic.co/packages/6.x/apt stable main'
|
||||
landscape-client:
|
||||
charm: cs:landscape-client-35
|
||||
options:
|
||||
account-name: "standalone"
|
||||
disable-unattended-upgrades: True
|
||||
nrpe:
|
||||
charm: cs:nrpe-73
|
||||
bindings:
|
||||
"": *oam-space
|
||||
telegraf:
|
||||
charm: cs:telegraf-41
|
||||
bindings:
|
||||
"": *oam-space
|
||||
# overrides private-address exposed to prometheus
|
||||
prometheus-client: *oam-space
|
||||
options:
|
||||
# Contrail services are listening on 8094
|
||||
hostname: '{unit}'
|
||||
tags: juju_model=controller
|
||||
socket_listener_port: '8095'
|
||||
install_sources: |
|
||||
- 'deb http://192.168.1.12/ppa.launchpad.net/telegraf-devs/ppa/ubuntu bionic main'
|
||||
install_keys: |-
|
||||
- |
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: SKS 1.1.6
|
||||
Comment: Hostname: keyserver.ubuntu.com
|
||||
|
||||
mQINBFcVSuIBEAC80aj0tAQ6+NhGV/bkSwu6Oj+BpDR50Be3uBv7ttdtvChL5zHTnaxjdK3h
|
||||
LKSyrDLlmSOkffQ2uO7CxvqeF09MsHhyvrDDx0EY54//xxoAB++PoB2OQqmqldg3Al5Hp4Dz
|
||||
rllV5CIX5PD8NGX8UpO3HXk5wEwn9G81l8cia3vPveU82EIkHMiJGpk6+L86OMlwXzxkSI3M
|
||||
xXgNFKQc+ELDYLvGSseYC9vPN3kdmFoo/UjznPPE4fxr4bXit3N8Abl1jYjBa0x6SWkK1BAb
|
||||
s8w3BXtvyk90z9Oyme69wPD4zAYfFp+kN2nDmTDBMtNCyMu9oatdI5SukMNK4Lcm8eAE6VNs
|
||||
04j7BKvGk9+17M8WP9Pw8nIisOwScS9gUlJlLUpnBaJ+sxoOvGQ4mzZxYMKzJh0E58aEX3bS
|
||||
AyzQfsae8bZLNOTcgotyzzIDJFF9npzu3wmKjeOt/706p4LiDqKUbQK6cI+QcJ/y80ZUK8pB
|
||||
M043ttSHWLmTBFX2drp6zQGae9+02fX89ZD+5c+MPlubJMYCCKkvQT4OssHfC+dVDQ66rwUy
|
||||
OObrzsVgikdpIxQVitL3J+Dms56xAkdFfoo+qdxxdv9S/eakc5mfavc/4WVvmFDaJiqJnJRR
|
||||
Ryw1zApRtuweEEdVn8niy1mahoKpWaw1pTI4AazjWI6xJH1JyQARAQABtB9MYXVuY2hwYWQg
|
||||
UFBBIGZvciBUZWxlZ3JhZiBEZXZziQI4BBMBAgAiBQJXFUriAhsDBgsJCAcDAgYVCAIJCgsE
|
||||
FgIDAQIeAQIXgAAKCRDxDL4ByUQG9UgbEACa4IzdeYxH/S5I6MrZfvWNo/JTZ/MZWDD+QlMW
|
||||
60ThAemCUSE+NJvZZ1q7ovGFpYnHJT9GQXOwJAX1quDUqyM1uXNmLlOyIVNnmjUTINoLhw2V
|
||||
iC8E7dMWC9w4Na2fKezmNHH00kNl43ncstIjjZ3pLnDGYm1y0ItiCUcTRgHhx2cUZ/vStz1S
|
||||
Pdqj4P3i8vuspoYJ2T3VPlM/0G+u9Yjuy3Uzu9RugOyO3UJPoi3+4O2VTNosSBy5MILVCp49
|
||||
eigyFVGpq5sT/c86qd1zqmsNWEubrlzDfETS4LMj9epr46ZKPXGQkeryt1m2Oe0HkIdNZ+IQ
|
||||
5p+i9fnEy7/1uKTXWQYsg2UWsLA2PvTvwY8JxxMhUFgv12q2w7STntqJyi9PLItYNtbtKoS3
|
||||
XZCCMqQLCWMXHY+2ol6rRSfs06H/wzlR8LjDaEXkDVuDmqMtcbgTboZYblsGxst7I/Y4Wgfi
|
||||
J52uiIyobQ69uJbG0XeRTLZ3WyrBkopEsTX/+sQjVqbADXYU4hBVDgnCf2uN/5dcwSEvDj8/
|
||||
+WsToAfEJkscRBsQjTLVzf+eFqHLrbqz/yoYIqBc//IJMBSbxIf5mrOHHLdbOuMCB6PVwpTI
|
||||
vLFOSDNPuVDX+S1goA8KJTnXpm8jWDynn3XaXx3AlYw4iZ0ETSgQLQLRd6JuPOEGXsGdBA==
|
||||
=ufaX
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
controller-server:
|
||||
charm: cs:~jameinel/ubuntu-lite
|
||||
bindings:
|
||||
"": *oam-space
|
||||
num_units: 3
|
||||
to:
|
||||
- "0"
|
||||
- "1"
|
||||
- "2"
|
||||
relations:
|
||||
- [ "controller-server:juju-info", "landscape-client:container" ]
|
||||
- [ "controller-server:juju-info", "telegraf:juju-info" ]
|
||||
- [ "controller-server:juju-info", "nrpe:general-info" ]
|
||||
- [ "controller-server:juju-info", "filebeat:beats-host" ]
|
||||
|
||||
# via CMR
|
||||
- [ "filebeat:logstash", "graylog:beats" ]
|
||||
- [ "telegraf:prometheus-client", "prometheus:target" ]
|
||||
- [ "nrpe:monitors", "nagios:monitors" ]
|
||||
11
config/juju_deploy_controller.sh
Executable file
11
config/juju_deploy_controller.sh
Executable file
@@ -0,0 +1,11 @@
|
||||
#!/bin/bash
|
||||
|
||||
series=bionic
|
||||
|
||||
#juju model-config juju-model-default.yaml
|
||||
|
||||
juju model-config -m controller default-series=${series}
|
||||
|
||||
juju deploy -m controller ./bundle_controller.yaml \
|
||||
--map-machines=existing $*
|
||||
|
||||
25
scripts/arif-scripts/do_landscape_tags.sh
Executable file
25
scripts/arif-scripts/do_landscape_tags.sh
Executable file
@@ -0,0 +1,25 @@
|
||||
#!/bin/bash
|
||||
|
||||
. landscape_rc
|
||||
|
||||
juju_machines=$(mktemp)
|
||||
|
||||
juju machines > ${juju_machines}
|
||||
|
||||
for az in $(cat ${juju_machines} | awk '{print $6}' | tail +2 | sort | uniq)
|
||||
do
|
||||
for host in $(cat ${juju_machines} | grep ${az} | awk '{print $4}')
|
||||
do
|
||||
landscape-api add-tags-to-computers title:${host} "${az}"
|
||||
landscape-api add-tags-to-computers title:${host} "asrock"
|
||||
done
|
||||
done
|
||||
|
||||
landscape-api add-tags-to-computers "lxd-" "lxd"
|
||||
landscape-api add-tags-to-computers "kvm-" "kvm"
|
||||
landscape-api add-tags-to-computers title:asrock01 "asrock01"
|
||||
landscape-api add-tags-to-computers title:asrock02 "asrock02"
|
||||
landscape-api add-tags-to-computers title:asrock03 "asrock03"
|
||||
landscape-api add-tags-to-computers title:asrock01 "physical"
|
||||
landscape-api add-tags-to-computers title:asrock02 "physical"
|
||||
landscape-api add-tags-to-computers title:asrock03 "physical"
|
||||
@@ -1,7 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
# This is when landscape-haproxy the cert is SELFSIGNED. This will ensure that landscape will work
|
||||
landscape_crt=$(juju run --application landscape-haproxy 'sudo openssl x509 -in /var/lib/haproxy/default.pem' | base64)
|
||||
juju run --application landscape-haproxy 'sudo openssl x509 -in /var/lib/haproxy/default.pem' > landscape_cert.crt
|
||||
landscape_crt=$(base64 < landscape_cert.crt)
|
||||
|
||||
# And yes, this needs to use the IP address, otherwise the the registration will fail
|
||||
landscape_ip=$(juju run --application landscape-haproxy 'unit-get private-address')
|
||||
@@ -21,3 +22,18 @@ for client in ${clients} ; do
|
||||
|
||||
juju run -a ${client} 'sudo systemctl restart landscape-client.service'
|
||||
done
|
||||
|
||||
# for the infra model
|
||||
models="infra controller"
|
||||
client="landscape-client"
|
||||
|
||||
for model in ${models}
|
||||
do
|
||||
juju config -m ${model} ${client} --reset ssl-public-key,url,ping-url
|
||||
|
||||
juju config -m ${model} ${client} ssl-public-key="base64:${landscape_crt}" \
|
||||
url="https://${landscape_ip}/message-system" \
|
||||
ping-url="http://${landscape_ip}/ping"
|
||||
|
||||
juju run -m ${model} -a ${client} 'sudo systemctl restart landscape-client.service'
|
||||
done
|
||||
|
||||
Reference in New Issue
Block a user