Skip to content

Latest commit

 

History

History
100 lines (71 loc) · 4.39 KB

File metadata and controls

100 lines (71 loc) · 4.39 KB

Prerequisites

The following resources are required before deployment can proceed:

Terraform/OpenTofu

Terraform is used to provision resources on an Openstack cloud. See the resources definitions in terraform.

Note: Terraform no longer has an open-source license. OpenTofu is a drop-in replacement supported by CNCF, the terraform command can be replaced by tofu wherever it appears in external documentation.

Python environment

Ansible requires a Python environment. These instructions assume the use of the uv tool for managing both Python and the virtual environments. See uv installation & installing Python guides.

  • Create a virtual environment in the <repo_root>/infra/ansible directory
cd <repo_root>/infra/ansible
uv venv
  • Install the Python requirements & Ansible Galaxy requirements
uv pip install -r requirements-python.txt
uv run ansible-galaxy role install --roles-path galaxy_roles -r requirements-ansible-galaxy.yml

Openstack API & VM credentials

Interacting with the Openstack API requires access credentials configured in a ~/.config/openstack/clouds.yaml file. See the SCD cloud documentation for details on how to configure this file.

An ssh key is required in order to access the VMs. See the SCD cloud documentation for details on how to configure your SSH key.

Vault access

The project secrets are stored by Hashicorp Vault. Running Ansible requires a Vault token to access the secrets. Login to the vault, click on the person icon on the left and select copy token.

Manila share

Used for: Persistent storage for running system services, e.g. database data. Not used for user data.

A Manila/CephFS share of at least 5TB is required. Once a quota has been assigned to the project:

  • Create a new share, under Project->Share->Shares, and mark it private.
  • Click on the share, make note of the Export locations.Path value.
  • Edit the vault_cephfs_export_path variable to match the value from the previous step.
  • On the main Shares page click the down arrow on the side of the EDIT SHARE button and go to Manage Rules.
  • Add a new rule and once created make note of the _Access Key` value.
  • Edit the vault_cephfs_access_secret variable to match the value from the previous step.

Object store

Used for: Persistent storage of user data.

This is currently expected to be configured to use the Echo object store. The S3 endpoint is configured through the s3_endpoint ansible variable in infra/ansible.

An access key and secret are configured in the vault. They cannot be managed through the Openstack web interface, instead new keys and secrets are created using the openstack ec2 credentials command.

In the infra/ansible directory run uv run openstack --os-cloud=<cloud_name> ec2 credentials create to create a new access key/secret pair. Update the Ansible vault accordingly.

Networking

Requirements:

  • floating IP:
    • Using the web interface create one from Project->Network->Floating IPs, using ALLOCATE IP TO PROJECT, ensuring a description is provided.
    • Place the value in the Terraform environments tf vars file.
  • DNS record pointing at the above floating IP