Created
February 24, 2025 03:46
-
-
Save cloudnull/074d0c87af88eea2b603ba0a0c3b3d6e to your computer and use it in GitHub Desktop.
installs steps genestack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo git clone --recurse-submodules -j4 https://github.com/rackerlabs/genestack /opt/genestack | |
| sudo /opt/genestack/bootstrap.sh | |
| sudo chown ubuntu:ubuntu -R /etc/genestack | |
| # | |
| # Setup inventory, this is manual. | |
| # RE: https://raw.githubusercontent.com/cloudnull/genestack-baseline/refs/heads/main/inventory/inventory.yaml | |
| # | |
| source /opt/genestack/scripts/genestack.rc | |
| ansible-playbook /opt/genestack/ansible/playbooks/host-setup.yml --become | |
| cd /opt/genestack/submodules/kubespray | |
| ansible-playbook cluster.yml --become | |
| # OpenStack specific setup for MetalLB VIP | |
| # | |
| METAL_LB_IP=$(openstack --os-cloud rxt-dfw-mine port create --network tenant-net metallb-vip-0 -f json | jq -r '.fixed_ips[0].ip_address') | |
| METAL_LB_PORT_ID=$(openstack --os-cloud rxt-dfw-mine port show metallb-vip-0 -f value -c ID) | |
| WORKER_0_PORT=$(openstack --os-cloud rxt-dfw-mine port list --server test-lab-1 -f json | jq -r '.[0].ID') | |
| WORKER_1_PORT=$(openstack --os-cloud rxt-dfw-mine port list --server test-lab-2 -f json | jq -r '.[0].ID') | |
| WORKER_2_PORT=$(openstack --os-cloud rxt-dfw-mine port list --server test-lab-3 -f json | jq -r '.[0].ID') | |
| openstack --os-cloud rxt-dfw-mine port set --allowed-address ip-address=${METAL_LB_IP} ${WORKER_0_PORT} | |
| openstack --os-cloud rxt-dfw-mine port set --allowed-address ip-address=${METAL_LB_IP} ${WORKER_1_PORT} | |
| openstack --os-cloud rxt-dfw-mine port set --allowed-address ip-address=${METAL_LB_IP} ${WORKER_2_PORT} | |
| openstack --os-cloud rxt-dfw-mine floating ip create PUBLICNET --port ${METAL_LB_PORT_ID} | |
| echo "This is the VIP address internally ${METAL_LB_IP}" | |
| # Label the openstack controllers | |
| sudo kubectl label node --all openstack-control-plane=enabled openstack-compute-node=enabled \ | |
| openstack-network-node=enabled openstack-storage-node=enabled \ | |
| node-role.kubernetes.io/worker=worker | |
| sudo kubectl taint nodes -l node-role.kubernetes.io/control-plane node-role.kubernetes.io/control-plane:NoSchedule- | |
| curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" | |
| sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl | |
| curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl-convert" | |
| sudo install -o root -g root -m 0755 kubectl-convert /usr/local/bin/kubectl-convert | |
| curl -LO https://raw.githubusercontent.com/kubeovn/kube-ovn/release-1.12/dist/images/kubectl-ko | |
| sudo install -o root -g root -m 0755 kubectl-ko /usr/local/bin/kubectl-ko | |
| sudo kubectl label node -l beta.kubernetes.io/os=linux kubernetes.io/os=linux | |
| sudo kubectl label node -l node-role.kubernetes.io/control-plane kube-ovn/role=master | |
| sudo kubectl label node -l ovn.kubernetes.io/ovs_dp_type!=userspace ovn.kubernetes.io/ovs_dp_type=kernel | |
| sudo /opt/genestack/bin/install-kube-ovn.sh | |
| cd /opt/genestack/submodules/openstack-helm && sudo make all | |
| cd /opt/genestack/submodules/openstack-helm-infra && sudo make all | |
| sudo kubectl label node -l node-role.kubernetes.io/control-plane longhorn.io/storage-node=enabled | |
| cat > /etc/genestack/helm-configs/longhorn/longhorn.yaml <<EOF | |
| --- | |
| longhornDriver: | |
| nodeSelector: | |
| longhorn.io/storage-node: "enabled" | |
| longhornUI: | |
| nodeSelector: | |
| longhorn.io/storage-node: "enabled" | |
| longhornConversionWebhook: | |
| nodeSelector: | |
| longhorn.io/storage-node: "enabled" | |
| longhornAdmissionWebhook: | |
| nodeSelector: | |
| longhorn.io/storage-node: "enabled" | |
| longhornRecoveryBackend: | |
| nodeSelector: | |
| longhorn.io/storage-node: "enabled" | |
| EOF | |
| sudo kubectl apply -f /etc/genestack/manifests/longhorn/longhorn-namespace.yaml | |
| sudo /opt/genestack/bin/install-longhorn.sh | |
| sudo kubectl apply -f /etc/genestack/manifests/longhorn/longhorn-general-storageclass.yaml | |
| sudo kubectl apply -k /etc/genestack/kustomize/openstack | |
| sudo /opt/genestack/bin/create-secrets.sh | |
| sudo kubectl create -f /etc/genestack/kubesecrets.yaml | |
| sudo kubectl apply -f /etc/genestack/manifests/metallb/metallb-namespace.yaml | |
| sudo /opt/genestack/bin/install-metallb.sh | |
| # | |
| # Edit /etc/genestack/manifests/metallb/metallb-openstack-service-lb.yml with the VIP address defined by ${METAL_LB_IP} | |
| # | |
| sudo kubectl apply -f /etc/genestack/manifests/metallb/metallb-openstack-service-lb.yml | |
| sudo kubectl apply -f /opt/genestack/manifests/nginx-gateway/nginx-gateway-namespace.yaml | |
| sudo kubectl kustomize "https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/standard?ref=v1.4.0" | sudo kubectl apply -f - | |
| pushd /opt/genestack/submodules/nginx-gateway-fabric/charts || exit 1 | |
| sudo helm upgrade --install nginx-gateway-fabric ./nginx-gateway-fabric \ | |
| --namespace=nginx-gateway \ | |
| --create-namespace \ | |
| -f /opt/genestack/base-helm-configs/nginx-gateway-fabric/helm-overrides.yaml \ | |
| -f /etc/genestack/helm-configs/nginx-gateway-fabric/helm-overrides.yaml \ | |
| --post-renderer /etc/genestack/kustomize/kustomize.sh \ | |
| --post-renderer-args gateway/overlay | |
| popd | |
| sudo kubectl rollout restart deployment cert-manager --namespace cert-manager | |
| sudo kubectl kustomize /etc/genestack/kustomize/gateway/nginx-gateway-fabric | sudo kubectl apply -f - | |
| # Enter in the Email address | |
| read -p "Enter a valid email address for use with ACME: " ACME_EMAIL; \ | |
| cat <<EOF | sudo kubectl apply -f - | |
| apiVersion: cert-manager.io/v1 | |
| kind: ClusterIssuer | |
| metadata: | |
| name: letsencrypt-prod | |
| spec: | |
| acme: | |
| server: https://acme-v02.api.letsencrypt.org/directory | |
| email: ${ACME_EMAIL} | |
| privateKeySecretRef: | |
| name: letsencrypt-prod | |
| solvers: | |
| - http01: | |
| gatewayHTTPRoute: | |
| parentRefs: | |
| - group: gateway.networking.k8s.io | |
| kind: Gateway | |
| name: flex-gateway | |
| namespace: nginx-gateway | |
| EOF | |
| mkdir -p /etc/genestack/gateway-api/listeners | |
| for listener in $(ls -1 /opt/genestack/etc/gateway-api/listeners); do | |
| sed 's/your.domain.tld/cloud.oshied.com/g' /opt/genestack/etc/gateway-api/listeners/$listener > /etc/genestack/gateway-api/listeners/$listener | |
| done | |
| sudo kubectl patch -n nginx-gateway gateway flex-gateway \ | |
| --type='json' \ | |
| --patch="$(jq -s 'flatten | .' /etc/genestack/gateway-api/listeners/*)" | |
| mkdir -p /etc/genestack/gateway-api/routes | |
| for route in $(ls -1 /opt/genestack/etc/gateway-api/routes); do | |
| sed 's/your.domain.tld/cloud.oshied.com/g' /opt/genestack/etc/gateway-api/routes/$route > /etc/genestack/gateway-api/routes/$route | |
| done | |
| sudo kubectl apply -f /etc/genestack/gateway-api/routes | |
| sudo kubectl patch --namespace nginx-gateway \ | |
| --type merge \ | |
| --patch-file /etc/genestack/gateway-api/gateway-letsencrypt.yaml \ | |
| gateway flex-gateway | |
| cluster_name=`sudo kubectl config view --minify -o jsonpath='{.clusters[0].name}'` | |
| echo $cluster_name | |
| sudo /opt/genestack/bin/install-mariadb-operator.sh | |
| sudo kubectl --namespace openstack apply -k /etc/genestack/kustomize/mariadb-cluster/overlay | |
| sudo kubectl apply -k /etc/genestack/kustomize/rabbitmq-operator | |
| sudo kubectl apply -k /etc/genestack/kustomize/rabbitmq-topology-operator | |
| sudo kubectl apply -k /etc/genestack/kustomize/rabbitmq-cluster/overlay | |
| sudo /opt/genestack/bin/install-memcached.sh | |
| sudo kubectl --namespace openstack \ | |
| create secret generic os-memcached \ | |
| --type Opaque \ | |
| --from-literal=memcache_secret_key="$(< /dev/urandom tr -dc _A-Za-z0-9 | head -c${1:-32};echo;)" | |
| sudo /opt/genestack/bin/install-libvirt.sh | |
| sudo kubectl annotate \ | |
| nodes \ | |
| -l openstack-compute-node=enabled -l openstack-network-node=enabled \ | |
| ovn.openstack.org/int_bridge='br-int' | |
| sudo kubectl annotate \ | |
| nodes \ | |
| -l openstack-compute-node=enabled -l openstack-network-node=enabled \ | |
| ovn.openstack.org/bridges='br-ex' | |
| sudo kubectl annotate \ | |
| nodes \ | |
| -l openstack-compute-node=enabled -l openstack-network-node=enabled \ | |
| ovn.openstack.org/ports='br-ex:veth0' | |
| sudo kubectl annotate \ | |
| nodes \ | |
| -l openstack-compute-node=enabled -l openstack-network-node=enabled \ | |
| ovn.openstack.org/mappings='physnet1:br-ex' | |
| sudo kubectl annotate \ | |
| nodes \ | |
| -l openstack-compute-node=enabled -l openstack-network-node=enabled \ | |
| ovn.openstack.org/availability_zones='az1' | |
| sudo kubectl annotate \ | |
| nodes \ | |
| -l openstack-network-node=enabled \ | |
| ovn.openstack.org/gateway='enabled' | |
| sudo kubectl apply -k /etc/genestack/kustomize/ovn | |
| sudo /opt/genestack/bin/install-keystone.sh | |
| sudo /opt/genestack/bin/install-glance.sh & | |
| sudo /opt/genestack/bin/install-heat.sh & | |
| sudo /opt/genestack/bin/install-barbican.sh & | |
| sudo /opt/genestack/bin/install-cinder.sh & | |
| sudo /opt/genestack/bin/install-placement.sh & | |
| sudo /opt/genestack/bin/install-nova.sh & | |
| sudo /opt/genestack/bin/install-neutron.sh & | |
| sudo /opt/genestack/bin/install-magnum.sh & | |
| sudo /opt/genestack/bin/install-octavia.sh & | |
| sudo kubectl --namespace openstack apply -k /etc/genestack/kustomize/skyline/overlay | |
| mkdir ~/.config/openstack | |
| cat > ~/.config/openstack/clouds.yaml <<EOF | |
| cache: | |
| auth: true | |
| expiration_time: 3600 | |
| clouds: | |
| default: | |
| auth: | |
| auth_url: $(sudo kubectl --namespace openstack get secret keystone-keystone-admin -o jsonpath='{.data.OS_AUTH_URL}' | base64 -d) | |
| project_name: $(sudo kubectl --namespace openstack get secret keystone-keystone-admin -o jsonpath='{.data.OS_PROJECT_NAME}' | base64 -d) | |
| tenant_name: $(sudo kubectl --namespace openstack get secret keystone-keystone-admin -o jsonpath='{.data.OS_USER_DOMAIN_NAME}' | base64 -d) | |
| project_domain_name: $(sudo kubectl --namespace openstack get secret keystone-keystone-admin -o jsonpath='{.data.OS_PROJECT_DOMAIN_NAME}' | base64 -d) | |
| username: $(sudo kubectl --namespace openstack get secret keystone-keystone-admin -o jsonpath='{.data.OS_USERNAME}' | base64 -d) | |
| password: $(sudo kubectl --namespace openstack get secret keystone-keystone-admin -o jsonpath='{.data.OS_PASSWORD}' | base64 -d) | |
| user_domain_name: $(sudo kubectl --namespace openstack get secret keystone-keystone-admin -o jsonpath='{.data.OS_USER_DOMAIN_NAME}' | base64 -d) | |
| region_name: $(sudo kubectl --namespace openstack get secret keystone-keystone-admin -o jsonpath='{.data.OS_REGION_NAME}' | base64 -d) | |
| interface: $(sudo kubectl --namespace openstack get secret keystone-keystone-admin -o jsonpath='{.data.OS_INTERFACE}' | base64 -d) | |
| identity_api_version: "3" | |
| EOF |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment