Get infra model + CMR configured

README.md

@@ -5,12 +5,16 @@ This my working deployment for lab for a customer that I support
 # What works
 
 * bionic queens
-* CIS hardening level2 for bionic
+  * no CIS
+  * CIS hardening level2 for bionic
+* focal ussuri
+  * infra models
+  * cross model relations
 
 # WIP
 
-* focal ussuri
-* CIS hardening custom as per solQA
+* CIS hardening custom as per solQA for focal
+* contrail
 
 # TODO
 

config/bundle_infra.yaml

@@ -0,0 +1,124 @@
+series: focal
+variables:
+  # This is Management network, unrelated to OpenStack and other applications
+  # OAM - Operations, Administration and Maintenance
+  oam-space:           &oam-space      oam
+saas:
+  graylog:
+    url: admin/cpe-focal.graylog-beats
+  prometheus:
+    url: admin/cpe-focal.prometheus-target
+  nagios:
+    url: admin/cpe-focal.nagios-monitors
+machines:
+  "0": {}
+  "1": {}
+  "2": {}
+applications:
+  filebeat:
+    charm: cs:filebeat-33
+    bindings:
+      "": *oam-space
+    options:
+      logpath: "/var/log/*.log /var/log/*/*.log /var/log/syslog"
+      install_keys: |-
+        - |
+          -----BEGIN PGP PUBLIC KEY BLOCK-----
+          Version: SKS 1.1.6
+          Comment: Hostname: keyserver.ubuntu.com
+
+          mQENBFI3HsoBCADXDtbNJnxbPqB1vDNtCsqhe49vFYsZN9IOZsZXgp7aHjh6CJBDA+bGFOwy
+          hbd7at35jQjWAw1O3cfYsKAmFy+Ar3LHCMkV3oZspJACTIgCrwnkic/9CUliQe324qvObU2Q
+          RtP4Fl0zWcfb/S8UYzWXWIFuJqMvE9MaRY1bwUBvzoqavLGZj3SF1SPO+TB5QrHkrQHBsmX+
+          Jda6d4Ylt8/t6CvMwgQNlrlzIO9WT+YN6zS+sqHd1YK/aY5qhoLNhp9G/HxhcSVCkLq8SStj
+          1ZZ1S9juBPoXV1ZWNbxFNGwOh/NYGldD2kmBf3YgCqeLzHahsAEpvAm8TBa7Q9W21C8vABEB
+          AAG0RUVsYXN0aWNzZWFyY2ggKEVsYXN0aWNzZWFyY2ggU2lnbmluZyBLZXkpIDxkZXZfb3Bz
+          QGVsYXN0aWNzZWFyY2gub3JnPokBOAQTAQIAIgUCUjceygIbAwYLCQgHAwIGFQgCCQoLBBYC
+          AwECHgECF4AACgkQ0n1mbNiOQrRzjAgAlTUQ1mgo3nK6BGXbj4XAJvuZDG0HILiUt+pPnz75
+          nsf0NWhqR4yGFlmpuctgCmTD+HzYtV9fp9qW/bwVuJCNtKXk3sdzYABY+Yl0Cez/7C2GuGCO
+          lbn0luCNT9BxJnh4mC9h/cKI3y5jvZ7wavwe41teqG14V+EoFSn3NPKmTxcDTFrV7SmVPxCB
+          cQze00cJhprKxkuZMPPVqpBS+JfDQtzUQD/LSFfhHj9eD+Xe8d7sw+XvxB2aN4gnTlRzjL1n
+          TRp0h2/IOGkqYfIG9rWmSLNlxhB2t+c0RsjdGM4/eRlPWylFbVMc5pmDpItrkWSnzBfkmXL3
+          vO2X3WvwmSFiQbkBDQRSNx7KAQgA5JUlzcMW5/cuyZR8alSacKqhSbvoSqqbzHKcUQZmlzNM
+          KGTABFG1yRx9r+wa/fvqP6OTRzRDvVS/cycws8YX7Ddum7x8uI95b9ye1/Xy5noPEm8cD+hp
+          lnpU+PBQZJ5XJ2I+1l9Nixx47wPGXeClLqcdn0ayd+v+Rwf3/XUJrvccG2YZUiQ4jWZkoxsA
+          07xx7Bj+Lt8/FKG7sHRFvePFU0ZS6JFx9GJqjSBbHRRkam+4emW3uWgVfZxuwcUCn1ayNgRt
+          KiFv9jQrg2TIWEvzYx9tywTCxc+FFMWAlbCzi+m4WD+QUWWfDQ009U/WM0ks0KwwEwSk/UDu
+          ToxGnKU2dQARAQABiQEfBBgBAgAJBQJSNx7KAhsMAAoJENJ9ZmzYjkK0c3MIAIE9hAR20mqJ
+          WLcsxLtrRs6uNF1VrpB+4n/55QU7oxA1iVBO6IFu4qgsF12JTavnJ5MLaETlggXY+zDef9sy
+          TPXoQctpzcaNVDmedwo1SiL03uMoblOvWpMR/Y0j6rm7IgrMWUDXDPvoPGjMl2q1iTeyHkMZ
+          EyUJ8SKsaHh4jV9wp9KmC8C+9CwMukL7vM5w8cgvJoAwsp3Fn59AxWthN3XJYcnMfStkIuWg
+          R7U2r+a210W6vnUxU4oN0PmMcursYPyeV0NX/KQeUeNMwGTFB6QHS/anRaGQewijkrYYoTNt
+          fllxIu9XYmiBERQ/qPDlGRlOgVTd9xUfHFkzB52c70E=
+          =92oX
+          -----END PGP PUBLIC KEY BLOCK-----
+      install_sources: |
+          - 'deb http://192.168.1.12/artifacts.elastic.co/packages/6.x/apt stable main'
+  landscape-client:
+    charm: cs:landscape-client-35
+    options:
+      account-name: "standalone"
+      disable-unattended-upgrades: True
+  nrpe:
+    charm: cs:nrpe-73
+    bindings:
+      "": *oam-space
+  telegraf:
+    charm: cs:telegraf-41
+    bindings:
+      "": *oam-space
+      # overrides private-address exposed to prometheus
+      prometheus-client: *oam-space
+    options:
+      # Contrail services are listening on 8094
+      socket_listener_port: '8095'
+      install_sources: |
+        - 'deb http://192.168.1.12/ppa.launchpad.net/telegraf-devs/ppa/ubuntu focal main'
+      install_keys: |-
+        - |
+          -----BEGIN PGP PUBLIC KEY BLOCK-----
+          Version: SKS 1.1.6
+          Comment: Hostname: keyserver.ubuntu.com
+
+          mQINBFcVSuIBEAC80aj0tAQ6+NhGV/bkSwu6Oj+BpDR50Be3uBv7ttdtvChL5zHTnaxjdK3h
+          LKSyrDLlmSOkffQ2uO7CxvqeF09MsHhyvrDDx0EY54//xxoAB++PoB2OQqmqldg3Al5Hp4Dz
+          rllV5CIX5PD8NGX8UpO3HXk5wEwn9G81l8cia3vPveU82EIkHMiJGpk6+L86OMlwXzxkSI3M
+          xXgNFKQc+ELDYLvGSseYC9vPN3kdmFoo/UjznPPE4fxr4bXit3N8Abl1jYjBa0x6SWkK1BAb
+          s8w3BXtvyk90z9Oyme69wPD4zAYfFp+kN2nDmTDBMtNCyMu9oatdI5SukMNK4Lcm8eAE6VNs
+          04j7BKvGk9+17M8WP9Pw8nIisOwScS9gUlJlLUpnBaJ+sxoOvGQ4mzZxYMKzJh0E58aEX3bS
+          AyzQfsae8bZLNOTcgotyzzIDJFF9npzu3wmKjeOt/706p4LiDqKUbQK6cI+QcJ/y80ZUK8pB
+          M043ttSHWLmTBFX2drp6zQGae9+02fX89ZD+5c+MPlubJMYCCKkvQT4OssHfC+dVDQ66rwUy
+          OObrzsVgikdpIxQVitL3J+Dms56xAkdFfoo+qdxxdv9S/eakc5mfavc/4WVvmFDaJiqJnJRR
+          Ryw1zApRtuweEEdVn8niy1mahoKpWaw1pTI4AazjWI6xJH1JyQARAQABtB9MYXVuY2hwYWQg
+          UFBBIGZvciBUZWxlZ3JhZiBEZXZziQI4BBMBAgAiBQJXFUriAhsDBgsJCAcDAgYVCAIJCgsE
+          FgIDAQIeAQIXgAAKCRDxDL4ByUQG9UgbEACa4IzdeYxH/S5I6MrZfvWNo/JTZ/MZWDD+QlMW
+          60ThAemCUSE+NJvZZ1q7ovGFpYnHJT9GQXOwJAX1quDUqyM1uXNmLlOyIVNnmjUTINoLhw2V
+          iC8E7dMWC9w4Na2fKezmNHH00kNl43ncstIjjZ3pLnDGYm1y0ItiCUcTRgHhx2cUZ/vStz1S
+          Pdqj4P3i8vuspoYJ2T3VPlM/0G+u9Yjuy3Uzu9RugOyO3UJPoi3+4O2VTNosSBy5MILVCp49
+          eigyFVGpq5sT/c86qd1zqmsNWEubrlzDfETS4LMj9epr46ZKPXGQkeryt1m2Oe0HkIdNZ+IQ
+          5p+i9fnEy7/1uKTXWQYsg2UWsLA2PvTvwY8JxxMhUFgv12q2w7STntqJyi9PLItYNtbtKoS3
+          XZCCMqQLCWMXHY+2ol6rRSfs06H/wzlR8LjDaEXkDVuDmqMtcbgTboZYblsGxst7I/Y4Wgfi
+          J52uiIyobQ69uJbG0XeRTLZ3WyrBkopEsTX/+sQjVqbADXYU4hBVDgnCf2uN/5dcwSEvDj8/
+          +WsToAfEJkscRBsQjTLVzf+eFqHLrbqz/yoYIqBc//IJMBSbxIf5mrOHHLdbOuMCB6PVwpTI
+          vLFOSDNPuVDX+S1goA8KJTnXpm8jWDynn3XaXx3AlYw4iZ0ETSgQLQLRd6JuPOEGXsGdBA==
+          =ufaX
+          -----END PGP PUBLIC KEY BLOCK-----
+  infra-server:
+    charm: cs:ubuntu-18
+    bindings:
+      "": *oam-space
+    num_units: 3
+    to:
+    - "0"
+    - "1"
+    - "2"
+relations:
+  - [ "infra-server:juju-info", "landscape-client:container" ]
+  - [ "infra-server:juju-info", "telegraf:juju-info" ]
+  - [ "infra-server:juju-info", "nrpe:general-info" ]
+  - [ "infra-server:juju-info", "filebeat:beats-host" ]
+
+  # via CMR
+  - [ "filebeat:logstash", "graylog:beats" ]
+  - [ "telegraf:prometheus-client", "prometheus:target" ]
+  - [ "nrpe:monitors", "nagios:monitors" ]

config/juju_deploy_focal.sh

@@ -13,6 +13,7 @@ juju deploy ./bundle_${series}.yaml \
     --overlay ./overlays/ldap.yaml \
     --overlay ./overlays/resources.yaml \
     --overlay ./overlays/openstack_versioned_overlay_${series}.yaml \
+    --overlay ./overlays/lma_offers.yaml \
     --overlay ./overlays/stsstack.yaml $*
 
 #    --overlay ./overlays/contrail.yaml \

config/juju_deploy_infra.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+series=focal
+
+#juju model-config juju-model-default.yaml
+
+juju model-config -m infra default-series=${series}
+
+juju deploy -m infra ./bundle_infra.yaml \
+    --map-machines=existing $*
+

config/overlays/lma_offers.yaml

@@ -0,0 +1,19 @@
+applications:
+  graylog:
+    offers:
+      graylog-info:
+        endpoints:
+          - juju-info
+      graylog-beats:
+        endpoints:
+          - beats
+  nagios:
+    offers:
+      nagios-monitors:
+        endpoints:
+          - monitors
+  prometheus:
+    offers:
+      prometheus-target:
+        endpoints:
+          - target

docs/infra_nodes.md

@@ -0,0 +1,24 @@
+# Infra Model Notes
+
+
+First we need to add the infra mode
+
+```
+juju add-model infra
+```
+
+
+Then we need to add the machines manually, as they would be installed by MAAS directly
+
+```bash
+for i in asrock01 asrock02 asrock03
+do
+    juju add-machine -m infra ssh:$i
+done
+
+Once the machines have been added, we can deploy the infra model
+
+```bash
+cd config
+./juju_deploy_infra.sh
+```