How to add keys to access integration labs?
Integration team deals with several labs:
Orange daily/weekly labs (until Jakarta)
Azure gates/community labs
These labs are automatically installed.
Sometimes an access may be needed for troubleshooting/cleaning/...
All these labs may be access through SSH.
End user may have access to the community lab, they must create a Jira ticket and provide their public ssh key to get access.
The procedure and end points to connect to the community labs are given by the integration team.
For integration team, it may be useful to reference the keys so they are automatically pushed on each installation.
The different labs are installed thanks to the chained-ci project: https://gitlab.com/Orange-OpenSource/lfn/ci_cd/chained-ci
Integration team members may ask integration PTL to be added as team member of the different gitlab.com CI projects.
The different chains are described in the different files.
Chain | Config file | schedule | Active |
|---|---|---|---|
Orange daily master | ONAP Daily Master Legacy on Orange POD4 | yes (until jakarta) | |
Orange weekly master | ONAP Master weekly | Manual | |
Orange daily istanbul | daily istanbul onap | ONAP Istanbul Daily on Orange POD4 | yes (until jakarta) |
Azure gating3 | Not Relevant | ||
Azure gating4 | Not Relevant | ||
Azure community lab | Deploy Azure Community Lab | Manual |
The inventory files describe the CI chains. The yaml file describes the different projects that will call one after the other and precise some configuration at each step.
e.g. for daily master k8s
---jumphost:server:rebond.opnfv.fr [......]
environment:orange_pod4/k8s_masterscenario_steps:config:project:configget_artifacts:-name:orange_vim_pod4static_src:trueinfra:k8s18-onap-masterssh_access:orange.eymlinfra_deploy:project:os_infra_managerget_artifacts:configextra_parameters:ADMIN:trueCLEAN:trueTENANT_NAME:onap-master-dailyUSER_NAME:onap-master-daily-ciIDENTIFIER:-onap-masterUSE_PRIVATE_IP:TrueADD_FLOATING_IP:TrueDNS_NAME:"{{lookup('env','DNS_NAME')|default('master',true)}}"k8s_deploy:get_artifacts:infra_deployproject:kubespraybranch:helm_3ssh_access:orange.eymlextra_parameters:kubespray_version:release-2.17helm_release:v3.6.3kube_network_plugin:ciliumkubernetes_release:v1.22.2ENABLE_MONITORING:falseDOCKER_HUB_PROXY:docker.nexus.azure.onap.euGCR_PROXY:docker.nexus.azure.onap.euK8S_GCR_PROXY:docker.nexus.azure.onap.euQUAY_PROXY:docker.nexus.azure.onap.eutrigger:project:triggerk8s_test:project:functest_k8sget_artifacts:-name:infra_deploylimit_to:-inventory/infra:inventory/infra-name:configlimit_to:-vars/pdf.yml:vars/pdf.yml-vars/ssh_gateways.yml:vars/ssh_gateways.yml-vars/vaulted_ssh_credentials.yml:vars/vaulted_ssh_credentials.yml-name:k8s_deploylimit_to:-vars/kube-config:vars/kube-configextra_parameters:DEPLOYMENT:kubesprayTEST_RESULT_DB_URL:http://testresults.opnfv.org/test/api/v1/results
for the chain we can see that we chain the following projects:
config (init)
infra_deploy (VM creation)
k8s_deploy (Deployment of a kubernetes)
k8s_test: functest tests on k8s
If you want to add the keys to access the different node, it shall be done at the infra_deploy_stage..
The configuration associated with this chain indicates the config k8s18-onap-master.
If you go to the infrastructure description file associated with this configuration: https://gitlab.com/Orange-OpenSource/lfn/ci_cd/chained-ci/-/blob/master/pod_config/config/idf-k8s18-onap-master.yaml
you will see the list of public key pushed to the VM hosting the k8s nodes.
You may create a MR to add your key here.
Note for the community lab, a DNS operation is required (Digital Ocean). You shall be declared as a DO member to perform this mapping between the new IP and the DNS name declared in DO (transparent for end users)