How to add keys to access integration labs?
- Morgan Richomme
Integration team deals with several labs:
Orange daily/weekly labs (until Jakarta)
Azure gates/community labs
These labs are automatically installed.
Sometimes an access may be needed for troubleshooting/cleaning/...
All these labs may be access through SSH.
End user may have access to the community lab, they must create a Jira ticket and provide their public ssh key to get access.
The procedure and end points to connect to the community labs are given by the integration team.
For integration team, it may be useful to reference the keys so they are automatically pushed on each installation.
The different labs are installed thanks to the chained-ci project: https://gitlab.com/Orange-OpenSource/lfn/ci_cd/chained-ci
Integration team members may ask integration PTL to be added as team member of the different gitlab.com CI projects.
The different chains are described in the different files.
Chain | Config file | schedule | Active |
|---|---|---|---|
Orange daily master | ONAP Daily Master Legacy on Orange POD4 | yes (until jakarta) | |
Orange weekly master | ONAP Master weekly | Manual | |
Orange daily istanbul | daily istanbul onap | ONAP Istanbul Daily on Orange POD4 | yes (until jakarta) |
Azure gating3 | Not Relevant | ||
Azure gating4 | Not Relevant | ||
Azure community lab | Deploy Azure Community Lab | Manual |
The inventory files describe the CI chains. The yaml file describes the different projects that will call one after the other and precise some configuration at each step.
e.g. for daily master k8s
---
jumphost:
server: rebond.opnfv.fr
[......]
environment: orange_pod4/k8s_master
scenario_steps:
config:
project: config
get_artifacts:
- name: orange_vim_pod4
static_src: true
infra: k8s18-onap-master
ssh_access: orange.eyml
infra_deploy:
project: os_infra_manager
get_artifacts: config
extra_parameters:
ADMIN: true
CLEAN: true
TENANT_NAME: onap-master-daily
USER_NAME: onap-master-daily-ci
IDENTIFIER: -onap-master
USE_PRIVATE_IP: True
ADD_FLOATING_IP: True
DNS_NAME: "{{ lookup('env','DNS_NAME') | default('master', true) }}"
k8s_deploy:
get_artifacts: infra_deploy
project: kubespray
branch: helm_3
ssh_access: orange.eyml
extra_parameters:
kubespray_version: release-2.17
helm_release: v3.6.3
kube_network_plugin: cilium
kubernetes_release: v1.22.2
ENABLE_MONITORING: false
DOCKER_HUB_PROXY: docker.nexus.azure.onap.eu
GCR_PROXY: docker.nexus.azure.onap.eu
K8S_GCR_PROXY: docker.nexus.azure.onap.eu
QUAY_PROXY: docker.nexus.azure.onap.eu
trigger:
project: trigger
k8s_test:
project: functest_k8s
get_artifacts:
- name: infra_deploy
limit_to:
- inventory/infra: inventory/infra
- name: config
limit_to:
- vars/pdf.yml: vars/pdf.yml
- vars/ssh_gateways.yml: vars/ssh_gateways.yml
- vars/vaulted_ssh_credentials.yml: vars/vaulted_ssh_credentials.yml
- name: k8s_deploy
limit_to:
- vars/kube-config: vars/kube-config
extra_parameters:
DEPLOYMENT: kubespray
TEST_RESULT_DB_URL: http://testresults.opnfv.org/test/api/v1/results
for the chain we can see that we chain the following projects:
config (init)
infra_deploy (VM creation)
k8s_deploy (Deployment of a kubernetes)
k8s_test: functest tests on k8s
If you want to add the keys to access the different node, it shall be done at the infra_deploy_stage..
The configuration associated with this chain indicates the config k8s18-onap-master.
If you go to the infrastructure description file associated with this configuration: https://gitlab.com/Orange-OpenSource/lfn/ci_cd/chained-ci/-/blob/master/pod_config/config/idf-k8s18-onap-master.yaml
you will see the list of public key pushed to the VM hosting the k8s nodes.
You may create a MR to add your key here.
Note for the community lab, a DNS operation is required (Digital Ocean). You shall be declared as a DO member to perform this mapping between the new IP and the DNS name declared in DO (transparent for end users)