Zuul: Initial Airship-Drydock checks

This PS adds the skeleton for a set of zuul checks and gates for Airship, using the framework from OpenStack-Helm. [Fix] Zuul lint fix - Fix whitespace linting errors - Update docuemtation errors - Remove dead tests Change-Id: Id1ed3aa2321d518ed15fcbb3b698b49709bed287 Signed-off-by: Pete Birley <pete@port.direct>
2018-05-17 13:44:03 -05:00 · 2018-05-17 13:44:03 -05:00 · cd9770a979
commit cd9770a979
parent ae6a990940
24 changed files with 329 additions and 1712 deletions
--- a/.zuul.yaml
+++ b/.zuul.yaml
@ -0,0 +1,58 @@
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 - project:
    check:
      jobs:
        - airship-drydock-linter
        - airship-drydock-ubuntu:
            voting: false
            irrelevant-files:
              - ^.*\.rst$
              - ^doc/.*$
              - ^releasenotes/.*$
    gate:
      jobs:
        - airship-drydock-linter
        # NOTE(portdirect): enable when voting enabled.
        # - airship-drydock-ubuntu:
        #     irrelevant-files:
        #       - ^.*\.rst$
        #       - ^doc/.*$
        #       - ^releasenotes/.*$
 - job:
    name: airship-drydock-linter
    run: tools/gate/playbooks/zuul-linter.yaml
    nodeset: openstack-helm-single-node
 - job:
    name: airship-drydock
    roles:
      - zuul: openstack/openstack-helm-infra
    vars:
      zuul_osh_infra_relative_path: ../openstack-helm-infra/
    timeout: 7200
    pre-run:
      - tools/gate/playbooks/osh-infra-upgrade-host.yaml
      - tools/gate/playbooks/osh-infra-deploy-docker.yaml
      - tools/gate/playbooks/osh-infra-build.yaml
      - tools/gate/playbooks/osh-infra-deploy-k8s.yaml
    run: tools/gate/playbooks/airship-drydock-check.yaml
    post-run: tools/gate/playbooks/osh-infra-collect-logs.yaml
    required-projects:
      - openstack/openstack-helm-infra
 - job:
    name: airship-drydock-ubuntu
    parent: airship-drydock
    nodeset: openstack-helm-single-node
--- a/README.md
+++ b/README.md
@ -3,14 +3,14 @@
 A python REST orchestrator to translate a YAML host topology to a provisioned
 set of hosts and provide a set of post-provisioning instructions.
-See full documentation in [docs/source/index.rst](docs/source/index.rst).
+See full documentation at [http://att-comdev-drydock.readthedocs.io/](http://att-comdev-drydock.readthedocs.io/).
 ## Required
 * Python 3.5+
 * A running instance of Postgres v9.5+
 * A running instance of Openstack Keystone w/ the v3 API enabled
-* A running instance of Canonical MaaS v2.2+
+* A running instance of Canonical MaaS v2.3+
 ## Recommended
@ -47,7 +47,7 @@ to deploy Drydock into a Kubernetes cluster. Additionally use of
 the rest of the UCP services provides additional functionality
 for deploying (Armada) and using (Promenade, Deckhand) Drydock.
-You can see an example of a full UCP deployment in the [UCP Integration](https://github.comatt-comdev/ucp-integration) repository.
+You can see an example of a full UCP deployment in the [UCP Integration](https://github.com/att-comdev/ucp-integration) repository.
 ### Stand up Kubernetes
--- a/examples/designparts_v1.0.yaml
+++ b/examples/designparts_v1.0.yaml
@ -1,349 +0,0 @@
 # Copyright 2017 AT&T Intellectual Property.  All other rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
 # Site/Region wide definitions. Each design part will be a constituent
 # of the design for exactly one Region
 apiVersion: 'v1.0'
 kind: Region
 metadata:
  name: sitename
  date: 17-FEB-2017
  description: Sample site design
  author: sh8121@att.com
 spec:
  # List of query-based definitions for applying tags to deployed nodes
  tag_definitions:
  - tag: 'high_memory'
    # Tag to apply to nodes that qualify for the query
    definition_type: 'lshw_xpath'
    # Only support on type for now - 'lshw_xpath' used by MaaS
    definition: //node[@id="memory"]/'size units="bytes"' > 137438953472
    # an xpath query that is run against the output of 'lshw -xml' from the node
  # Image and package repositories needed by Drydock drivers. Needs to be defined
  repositories:
  - name: 'ubuntu-main'
  authorized_keys:
    - |
      valid ssh key string
    - |
      valid ssh key string
 ---
 apiVersion: 'v1.0'
 kind: NetworkLink
 metadata:
  name: oob
  region: sitename
  date: 17-FEB-2017
  author: sh8121@att.com
  description: Describe layer 1 attributes. Primary key is 'name'. These settings will generally be things the switch and server have to agree on
 spec:
  bonding:
    # Mode can be 'disabled', '802.3ad', 'balanced-rr', 'active-backup'. Defaults to disabled
    mode: '802.3ad'
    # The below apply to 802.3ad (LACP
    # Link selection hash. Supports 'layer3+4', 'layer2', 'layer2+3'. Defaults to 'layer3+4'
    hash: 'layer3+4'
    # LACP peering rate. Supports 'slow', 'fast'. Defaults to 'fast'
    peer_rate: 'fast'
    # LACP link monitor rate in milliseconds. Defaults to 100ms
    mon_rate: 100
    # LACP delay for marking link up in milliseconds. Must be greater than mon_rate.  Defaults to 200ms
    up_delay: 200
    # LACP dleay for marking link down in milliseconds. Must be greater than mon_rate. Defaults to 200ms
    down_delay: 200
  # Physical link default MTU size. No default
  mtu: 1500
  # Physical link speed. Supports 'auto', '100full'. Gigabit+ speeds require auto. No default
  linkspeed: 'auto'
  # Settings for using a link for multiple L2 networks
  trunking:
    # Trunking mode. Supports 'disabled', '802.1q'. Defaults to disabled
    mode: disabled
    # If disabled, what network is this port on. If '802.1q' what is the default network for the port. No default.
    default_network: oob
  # List of Network names that are supported on this link. A Network can be listed on only one NetworkLink
  allowed_networks:
  - 'oob'
 ---
 apiVersion: 'v1.0'
 kind: Network
 metadata:
  name: oob
  region: sitename
  date: 17-FEB-2017
  author: sh8121@att.com
  description: Describe layer 2 and 3 attributes. Primary key is 'name'.
 spec:
  # CIDR representation of network number and netmask
  cidr: '172.16.1.0/24'
  # How addresses are allocated on the network. Supports 'static', 'dhcp'. Defaults to 'static'
  allocation: 'static'
  # VLAN of this network. Defaults to None
  vlan: 100
  # MTU of this network. Defaults to the MTU specified for the NetworkLink used for this network
  dns:
    # Domain name used to register addresses assigned from this network. Defaults to 'local'
    domain: 'aic.att.com'
    # Comma-separated list of DNS server IP addresses. These will be configured on the node if
    # this network is identified as the node's primary network
    servers: '8.8.8.8, 4.4.4.4'
  # Defined IP address ranges. All node IP address assignments must fall into a defined range
  # of the correct type
  ranges:
    # Type of range. Supports 'reserved', 'static' or 'dhcp'. No default
  - type: 'dhcp'
    # Start of the address range, inclusive. No default
    start: '172.16.1.100'
    # End of the address range, inclusive. No default
    end: '172.16.1.254'
  # Routes defined for this network, including the default route (i.e. default gateway)
  routes:
    # The network being routed to in CIDR notation. Default gateway is 0.0.0.0/0.
  - subnet: '0.0.0.0/0'
    # Next hop for traffic using this route
    gateway: '172.16.1.3'
    # Selection metric for the host selecting this route. No default
    metric: 10
 ---
 apiVersion: 'v1.0'
 kind: HardwareProfile
 metadata:
  name: DellR720v2
  region: sitename
  date: 17-FEB-2017
  author: sh8121@att.com
  description: Describe server hardware attributes. Not a specific server, but profile adopted by a server defintion.
 spec:
  # Chassis vendor
  vendor: 'Dell'
  # Chassis model generation
  generation: '1'
  # Chassis model version
  hw_version: '2'
  # Certified BIOS version for this chassis
  bios_version: '2.2.3'
  # Boot mode. Supports 'bios' or 'uefi'
  boot_mode: 'bios'
  # How the node should be initially bootstrapped. Supports 'pxe'
  bootstrap_protocol: 'pxe'
  # What network interface to use for PXE booting
  # for chassis that support selection
  pxe_interface: '0'
  # Mapping of hardware alias/role to physical address
  device_aliases:
    # the device alias that will be referenced in HostProfile or BaremetalNode design parts
  - alias: 'pnic01'
    # The hardware bus the device resides on. Supports 'pci' and 'scsi'. No default
    bus_type: 'pci'
    # The type of device as reported by lshw. Can be used to validate hardware manifest. No default
    dev_type: 'Intel 10Gbps NIC'
    # Physical address on the bus
    address: '0000:00:03.0'
 ---
 apiVersion: 'v1.0'
 kind: HostProfile
 metadata:
  name: lcp_node
  region: sitename
  date: 17-FEB-2017
  author: sh8121@att.com
  description: Describe server configuration attributes. Not a specific server, but profile adopted by a server definition
 spec:
  # The HostProfile this profile adopts initial state from. No default.
  # See drydock_provisioner/objects/readme.md for information on how HostProfile and BaremetalNode inheritance works
  host_profile: 'defaults'
  # The HardwareProfile describing the node hardware. No default.
  hardware_profile: 'DellR720v1'
  # OOB access to node
  oob:
    # Type of OOB access. Supports 'ipmi'
    type: 'ipmi'
    # Which network - as defined in a Network design part - to access the OOB interface on
    network: 'oob'
    # Account name for authenticating on the OOB interface
    account: 'admin'
    # Credential for authentication on the OOB interface. The OOB driver will interpret this. 
    credential: 'admin'
  # How local node storage is configured
  storage:
    # How storage is laid out. Supports 'lvm' and 'flat'. Defaults to 'lvm'
    layout: 'lvm'
    # Configuration for the boot disk
    bootdisk:
      # Hardware disk (or hardware RAID device) used for booting. Can refer to a
      # HardwareProfile device alias or a explicit device name
      device: 'bootdisk'
      # Size of the root volume. Can be specified by percentage or explicit size in
      # megabytes or gigabytes. Defaults to 100% of boot device.
      root_size: '100g'
      # If a separate boot volume is needed, specify size. Defaults to 0 where /boot goes on root.
      boot_size: '0'
    # Non-boot volumes that should be carved out of local storage
    partitions:
      # Name of the volume. Doesn't translate to any operating system config
      name: 'logs'
      # Hardware device the volume should go on
      device: 'bootdisk'
      # Partition UUID. Defaults to None. A value of 'generate' means Drydock will generate a UUID
      part_uuid:
      # Size of the volume in megabytes or gigabytes
      size: '10g'
      # Filesystem mountpoint if volume should be a filesystem
      mountpoint: '/var/logs'
      # The below are ignored if mountpoint is None
      # Format of filesystem. Defaults to ext4
      fstype: 'ext4'
      # Mount options of the file system as used in /etc/fstab. Defaults to 'defaults'
      mount_options: 'defaults'
      # Filesystem UUID. Defaults to None. A value of 'generate' means Drydock will generate a UUID
      fs_uuid:
      # A filesystem label. Defaults to None
      fs_label:
    # Network name of the primary network (default gateway, DNS, etc...)
    primary_network: 'mgmt'
    # Physical and logical network interfaces
    interfaces:
      # What the interface should be named in the operating system. May not match a hardware device name
      device_name: bond0
      # The NetworkLink connected to this interface. Must be the name of a NetworkLink design part
      device_link: 'gp'
      # Hardware devices that support this interface. For configurating a physical device, this would be a list of one
      # For bonds, this would be a list of all the physical devices in the bond. These can refer to HardwareProfile device aliases
      # or explicit device names
      slaves:
      - 'pnic01'
      - 'pnic02'
      # Network that will be accessed on this interface. These should each be to the name of a Network design part
      # Multiple networks listed here assume that this interface is attached to a NetworkLink supporting trunking
      networks:
      - 'mgmt'
      - 'admin'
    # Settings for the platform (operating system)
    platform:
      # Which image to deploy on the node, must be available in the provisioner. Defaults to 'ubuntu/xenial'
      image: 
      # Which kernel to enable. Defaults to generic, can also be hwe (hardware enablement)
      kernel: generic
      # K/V list of kernel parameters to configure on boot. No default. Use value of true for params that are just flags
      kernel_params:
        console: tty1
        quiet: true
    # Metadata about the node
    metadata:
      # Explicit tags to propagate to Kubernetes. Simple strings of any value
      tags:
      - 'lcp_node'
      # Key/value mapping that will propagate to the node for next-step bootstrapping
      owner_data:
        nic_access: 'sriov'
      # The rack a node sits in. Simple string
      rack: r1
 ---
 apiVersion: 'v1.0'
 kind: BaremetalNode
 metadata:
  name: lcp_controller01
  region: sitename
  date: 17-FEB-2017
  author: sh8121@att.com
  description: Specify a physical server. 
 spec:
  # The HostProfile this server adopts initial state from. No default.
  # See drydock_provisioner/objects/readme.md for information on how HostProfile and BaremetalNode inheritance works
  host_profile: 'defaults'
  # The HardwareProfile describing the node hardware. No default.
  hardware_profile: 'DellR720v1'
  # OOB access to node
  oob:
    # Type of OOB access. Supports 'ipmi'
    type: 'ipmi'
    # Which network - as defined in a Network design part - to access the OOB interface on
    network: 'oob'
    # Account name for authenticating on the OOB interface
    account: 'admin'
    # Credential for authentication on the OOB interface. The OOB driver will interpret this. 
    credential: 'admin'
  # How local node storage is configured
  storage:
    # How storage is laid out. Supports 'lvm' and 'flat'. Defaults to 'lvm'
    layout: 'lvm'
    # Configuration for the boot disk
    bootdisk:
      # Hardware disk (or hardware RAID device) used for booting. Can refer to a
      # HardwareProfile device alias or a explicit device name
      device: 'bootdisk'
      # Size of the root volume. Can be specified by percentage or explicit size in
      # megabytes or gigabytes. Defaults to 100% of boot device.
      root_size: '100g'
      # If a separate boot volume is needed, specify size. Defaults to 0 where /boot goes on root.
      boot_size: '0'
    # Non-boot volumes that should be carved out of local storage
    partitions:
      # Name of the volume. Doesn't translate to any operating system config
      name: 'logs'
      # Hardware device the volume should go on
      device: 'bootdisk'
      # Partition UUID. Defaults to None. A value of 'generate' means Drydock will generate a UUID
      part_uuid:
      # Size of the volume in megabytes or gigabytes
      size: '10g'
      # Filesystem mountpoint if volume should be a filesystem
      mountpoint: '/var/logs'
      # The below are ignored if mountpoint is None
      # Format of filesystem. Defaults to ext4
      fstype: 'ext4'
      # Mount options of the file system as used in /etc/fstab. Defaults to 'defaults'
      mount_options: 'defaults'
      # Filesystem UUID. Defaults to None. A value of 'generate' means Drydock will generate a UUID
      fs_uuid:
      # A filesystem label. Defaults to None
      fs_label:
    # Physical and logical network interfaces
    interfaces:
      # What the interface should be named in the operating system. May not match a hardware device name
    - device_name: bond0
      # The NetworkLink connected to this interface. Must be the name of a NetworkLink design part
      device_link: 'gp'
      # Whether this interface is considered the primary interface on the server. Supports true and false. Defaults to false
      primary: true
      # Hardware devices that support this interface. For configurating a physical device, this would be a list of one
      # For bonds, this would be a list of all the physical devices in the bond. These can refer to HardwareProfile device aliases
      # or explicit device names
      slaves:
      - 'pnic01'
      - 'pnic02'
      # Network that will be accessed on this interface. These should each be to the name of a Network design part
      # Multiple networks listed here assume that this interface is attached to a NetworkLink supporting trunking
      networks:
      - 'mgmt'
      - 'admin'
    # Metadata about the node
    metadata:
      # Explicit tags to propagate to Kubernetes. Simple strings of any value
      tags:
      - 'lcp_node'
      # Key/value mapping that will propagate to the node for next-step bootstrapping
      owner_data:
        nic_access: 'sriov'
      # The rack a node sits in. Simple string
      rack: r1
    # How each attached network is accessed by this node
    addressing:
      # The name of a defined Network design part also listed in the 'networks' section of a interface definition
    - network: 'pxe'
      # Address should be an explicit IP address assignment or 'dhcp'
      address: 'dhcp'
    - network: 'mgmt'
      address: '172.16.1.83'
 ...
--- a/examples/drydock.conf.keystone
+++ b/examples/drydock.conf.keystone
@ -1,347 +0,0 @@
 [DEFAULT]
 #
 # From drydock_provisioner
 #
 # Polling interval in seconds for checking subtask or downstream status (integer
 # value)
 #poll_interval = 10
 [authentication]
 #
 # From drydock_provisioner
 #
 # Client request authentication strategy (string value)
 #auth_strategy = keystone
 # X-Auth-Token value to bypass backend authentication (string value)
 #admin_token = bigboss
 # Can backend authentication be bypassed? (boolean value)
 #bypass_enabled = false
 [bootdata]
 #
 # From drydock_provisioner
 #
 # Path to file to distribute for prom_init.sh (string value)
 #prom_init = /etc/drydock/bootdata/join.sh
 [keystone_authtoken]
 #
 # From keystonemiddleware.auth_token
 #
 # Complete "public" Identity API endpoint. This endpoint should not be an
 # "admin" endpoint, as it should be accessible by all end users. Unauthenticated
 # clients are redirected to this endpoint to authenticate. Although this
 # endpoint should  ideally be unversioned, client support in the wild varies.
 # If you're using a versioned v2 endpoint here, then this  should *not* be the
 # same endpoint the service user utilizes  for validating tokens, because normal
 # end users may not be  able to reach that endpoint. (string value)
 auth_uri = http://172.20.0.3:5000/v3
 # API version of the admin Identity API endpoint. (string value)
 auth_version = 3
 # Do not handle authorization requests within the middleware, but delegate the
 # authorization decision to downstream WSGI components. (boolean value)
 delay_auth_decision = true
 # Request timeout value for communicating with Identity API server. (integer
 # value)
 #http_connect_timeout = <None>
 # How many times are we trying to reconnect when communicating with Identity API
 # Server. (integer value)
 #http_request_max_retries = 3
 # Request environment key where the Swift cache object is stored. When
 # auth_token middleware is deployed with a Swift cache, use this option to have
 # the middleware share a caching backend with swift. Otherwise, use the
 # ``memcached_servers`` option instead. (string value)
 #cache = <None>
 # Required if identity server requires client certificate (string value)
 #certfile = <None>
 # Required if identity server requires client certificate (string value)
 #keyfile = <None>
 # A PEM encoded Certificate Authority to use when verifying HTTPs connections.
 # Defaults to system CAs. (string value)
 #cafile = <None>
 # Verify HTTPS connections. (boolean value)
 #insecure = false
 # The region in which the identity server can be found. (string value)
 #region_name = <None>
 # Directory used to cache files related to PKI tokens. (string value)
 #signing_dir = <None>
 # Optionally specify a list of memcached server(s) to use for caching. If left
 # undefined, tokens will instead be cached in-process. (list value)
 # Deprecated group/name - [keystone_authtoken]/memcache_servers
 #memcached_servers = <None>
 # In order to prevent excessive effort spent validating tokens, the middleware
 # caches previously-seen tokens for a configurable duration (in seconds). Set to
 # -1 to disable caching completely. (integer value)
 #token_cache_time = 300
 # Determines the frequency at which the list of revoked tokens is retrieved from
 # the Identity service (in seconds). A high number of revocation events combined
 # with a low cache duration may significantly reduce performance. Only valid for
 # PKI tokens. (integer value)
 #revocation_cache_time = 10
 # (Optional) If defined, indicate whether token data should be authenticated or
 # authenticated and encrypted. If MAC, token data is authenticated (with HMAC)
 # in the cache. If ENCRYPT, token data is encrypted and authenticated in the
 # cache. If the value is not one of these options or empty, auth_token will
 # raise an exception on initialization. (string value)
 # Allowed values: None, MAC, ENCRYPT
 #memcache_security_strategy = None
 # (Optional, mandatory if memcache_security_strategy is defined) This string is
 # used for key derivation. (string value)
 #memcache_secret_key = <None>
 # (Optional) Number of seconds memcached server is considered dead before it is
 # tried again. (integer value)
 #memcache_pool_dead_retry = 300
 # (Optional) Maximum total number of open connections to every memcached server.
 # (integer value)
 #memcache_pool_maxsize = 10
 # (Optional) Socket timeout in seconds for communicating with a memcached
 # server. (integer value)
 #memcache_pool_socket_timeout = 3
 # (Optional) Number of seconds a connection to memcached is held unused in the
 # pool before it is closed. (integer value)
 #memcache_pool_unused_timeout = 60
 # (Optional) Number of seconds that an operation will wait to get a memcached
 # client connection from the pool. (integer value)
 #memcache_pool_conn_get_timeout = 10
 # (Optional) Use the advanced (eventlet safe) memcached client pool. The
 # advanced pool will only work under python 2.x. (boolean value)
 #memcache_use_advanced_pool = false
 # (Optional) Indicate whether to set the X-Service-Catalog header. If False,
 # middleware will not ask for service catalog on token validation and will not
 # set the X-Service-Catalog header. (boolean value)
 #include_service_catalog = true
 # Used to control the use and type of token binding. Can be set to: "disabled"
 # to not check token binding. "permissive" (default) to validate binding
 # information if the bind type is of a form known to the server and ignore it if
 # not. "strict" like "permissive" but if the bind type is unknown the token will
 # be rejected. "required" any form of token binding is needed to be allowed.
 # Finally the name of a binding method that must be present in tokens. (string
 # value)
 #enforce_token_bind = permissive
 # If true, the revocation list will be checked for cached tokens. This requires
 # that PKI tokens are configured on the identity server. (boolean value)
 #check_revocations_for_cached = false
 # Hash algorithms to use for hashing PKI tokens. This may be a single algorithm
 # or multiple. The algorithms are those supported by Python standard
 # hashlib.new(). The hashes will be tried in the order given, so put the
 # preferred one first for performance. The result of the first hash will be
 # stored in the cache. This will typically be set to multiple values only while
 # migrating from a less secure algorithm to a more secure one. Once all the old
 # tokens are expired this option should be set to a single value for better
 # performance. (list value)
 #hash_algorithms = md5
 # Authentication type to load (string value)
 # Deprecated group/name - [keystone_authtoken]/auth_plugin
 auth_type = password
 # Config Section from which to load plugin specific options (string value)
 auth_section = keystone_authtoken_password
 [keystone_authtoken_password]
 #
 # From drydock_provisioner
 #
 # Authentication URL (string value)
 auth_url = http://172.20.0.3:5000/
 # Domain ID to scope to (string value)
 #domain_id = <None>
 # Domain name to scope to (string value)
 domain_name = ucp
 # Project ID to scope to (string value)
 # Deprecated group/name - [keystone_authtoken_password]/tenant_id
 #project_id = <None>
 # Project name to scope to (string value)
 # Deprecated group/name - [keystone_authtoken_password]/tenant_name
 project_name = service
 # Domain ID containing project (string value)
 #project_domain_id = <None>
 # Domain name containing project (string value)
 project_domain_name = ucp
 # Trust ID (string value)
 #trust_id = <None>
 # Optional domain ID to use with v3 and v2 parameters. It will be used for both
 # the user and project domain in v3 and ignored in v2 authentication. (string
 # value)
 #default_domain_id = <None>
 # Optional domain name to use with v3 API and v2 parameters. It will be used for
 # both the user and project domain in v3 and ignored in v2 authentication.
 # (string value)
 default_domain_name = ucp
 # User id (string value)
 #user_id = <None>
 # Username (string value)
 # Deprecated group/name - [keystone_authtoken_password]/user_name
 #username = <None>
 user_name = drydock
 # User's domain id (string value)
 #user_domain_id = <None>
 # User's domain name (string value)
 user_domain_name = ucp
 # User's password (string value)
 password = drydock
 [logging]
 #
 # From drydock_provisioner
 #
 # Global log level for Drydock (string value)
 #log_level = INFO
 # Logger name for the top-level logger (string value)
 #global_logger_name = drydock
 # Logger name for OOB driver logging (string value)
 #oobdriver_logger_name = ${global_logger_name}.oobdriver
 # Logger name for Node driver logging (string value)
 #nodedriver_logger_name = ${global_logger_name}.nodedriver
 # Logger name for API server logging (string value)
 #control_logger_name = ${global_logger_name}.control
 [maasdriver]
 #
 # From drydock_provisioner
 #
 # The API key for accessing MaaS (string value)
 #maas_api_key = <None>
 # The URL for accessing MaaS API (string value)
 #maas_api_url = <None>
 # Polling interval for querying MaaS status in seconds (integer value)
 #poll_interval = 10
 [oslo_policy]
 #
 # From oslo.policy
 #
 # The file that defines policies. (string value)
 #policy_file = policy.json
 # Default rule. Enforced when a requested rule is not found. (string value)
 #policy_default_rule = default
 # Directories where policy configuration files are stored. They can be relative
 # to any directory in the search path defined by the config_dir option, or
 # absolute paths. The file defined by policy_file must exist for these
 # directories to be searched.  Missing or empty directories are ignored. (multi
 # valued)
 #policy_dirs = policy.d
 [plugins]
 #
 # From drydock_provisioner
 #
 # Module path string of a input ingester to enable (multi valued)
 #ingester = drydock_provisioner.ingester.plugins.yaml.YamlIngester
 # Module path string of a OOB driver to enable (multi valued)
 #oob_driver = drydock_provisioner.drivers.oob.pyghmi_driver.PyghmiDriver
 # Module path string of the Node driver to enable (string value)
 #node_driver = drydock_provisioner.drivers.node.maasdriver.driver.MaasNodeDriver
 # Module path string of the Network driver enable (string value)
 #network_driver = <None>
 [timeouts]
 #
 # From drydock_provisioner
 #
 # Fallback timeout when a specific one is not configured (integer value)
 #drydock_timeout = 5
 # Timeout in minutes for creating site network templates (integer value)
 #create_network_template = 2
 # Timeout in minutes for creating user credentials (integer value)
 #configure_user_credentials = 2
 # Timeout in minutes for initial node identification (integer value)
 #identify_node = 10
 # Timeout in minutes for node commissioning and hardware configuration (integer
 # value)
 #configure_hardware = 30
 # Timeout in minutes for configuring node networking (integer value)
 #apply_node_networking = 5
 # Timeout in minutes for configuring node platform (integer value)
 #apply_node_platform = 5
 # Timeout in minutes for deploying a node (integer value)
 #deploy_node = 45
--- a/examples/readme.md
+++ b/examples/readme.md
@ -1,7 +0,0 @@
 # File Definition Examples
 ## designparts_v1.0.yaml
 This is a reference file for the YAML schema supported by the Drydock YAML 
 ingester. Each design part currently supported is listed with all supported
 attributes and comments on attribute use and restrictions.
--- a/tests/functional/armada.yaml.sub
+++ b/tests/functional/armada.yaml.sub
@ -1,354 +0,0 @@
 ---
 schema: armada/Chart/v1
 metadata:
  schema: metadata/Document/v1
  name: helm-toolkit
 data:
  chart_name: helm-toolkit
  release: helm-toolkit
  namespace: helm-toolkit
  timeout: 100
  values: {}
  source:
    type: git
    location: https://git.openstack.org/openstack/openstack-helm
    subpath: helm-toolkit
    reference: master
  dependencies: []
 ---
 schema: armada/Chart/v1
 metadata:
  schema: metadata/Document/v1
  name: ceph
 data:
  chart_name: ceph
  release: ceph
  namespace: ceph
  timeout: 3600
  install:
    no_hooks: false
  upgrade:
    no_hooks: false
  values:
    manifests_enabled:
      client_secrets: false
    bootstrap:
      enabled: true
    network:
      public: ${CEPH_PUBLIC_NET}
      cluster: ${CEPH_CLUSTER_NET}
    endpoints:
      fqdn: ceph.svc.cluster.local
    conf:
      ceph:
        config:
          global:
            mon_host: ceph-mon.ceph.svc.cluster.local
  source:
    type: git
    location: ${CEPH_CHART_REPO}
    subpath: ceph
    reference: ${CEPH_CHART_BRANCH}
  dependencies:
    - helm-toolkit
 ---
 schema: armada/Chart/v1
 metadata:
  schema: metadata/Document/v1
  name: ucp-ceph-config
 data:
  chart_name: ucp-ceph-config
  release: ucp-ceph-config
  namespace: ucp
  timeout: 3600
  install:
    no_hooks: false
  upgrade:
    no_hooks: false
  values:
    ceph:
      namespace: ceph
    manifests_enabled:
      deployment: False
      storage_secrets: False
      rbd_provisioner: False
    network:
      public: ${CEPH_PUBLIC_NET}
      cluster: ${CEPH_CLUSTER_NET}
    endpoints:
      fqdn: ceph.svc.cluster.local
    conf:
      ceph:
        config:
          global:
            mon_host: ceph-mon.ceph.svc.cluster.local
  source:
    type: git
    location: ${CEPH_CHART_REPO}
    subpath: ceph
    reference: ${CEPH_CHART_BRANCH}
  dependencies:
    - helm-toolkit
 ---
 schema: armada/Chart/v1
 metadata:
  schema: metadata/Document/v1
  name: ucp-mariadb
 data:
  chart_name: ucp-mariadb
  release: ucp-mariadb
  namespace: ucp
  install:
    no_hooks: false
  upgrade:
    no_hooks: false
  values:
    labels:
      node_selector_key: ucp-control-plane
      node_selector_value: enabled
  source:
    type: git
    location: https://git.openstack.org/openstack/openstack-helm
    subpath: mariadb
  dependencies:
    - helm-toolkit
 ---
 schema: armada/Chart/v1
 metadata:
  schema: metadata/Document/v1
  name: ucp-memcached
 data:
  chart_name: ucp-memcached
  release: ucp-memcached
  namespace: ucp
  install:
    no_hooks: false
  upgrade:
    no_hooks: false
  values:
    labels:
      node_selector_key: ucp-control-plane
      node_selector_value: enabled
  source:
    type: git
    location: https://git.openstack.org/openstack/openstack-helm
    subpath: memcached
  dependencies:
    - helm-toolkit
 ---
 schema: armada/Chart/v1
 metadata:
  schema: metadata/Document/v1
  name: ucp-keystone
 data:
  chart_name: ucp-keystone
  release: keystone
  namespace: ucp
  install:
    no_hooks: false
  upgrade:
    no_hooks: false
  pre:
    delete:
      - name: keystone-db-sync
        type: job
        labels:
          - job-name: keystone-db-sync
      - name: keystone-db-init
        type: job
        labels:
          - job-name: keystone-db-init
  post:
    delete: []
    create: []
  values:
    conf:
      keystone:
        override:
      paste:
        override:
    replicas: 2
    labels:
      node_selector_key: ucp-control-plane
      node_selector_value: enabled
  source:
    type: git
    location: https://git.openstack.org/openstack/openstack-helm
    subpath: keystone
  dependencies:
    - helm-toolkit
 ---
 schema: armada/Chart/v1
 metadata:
  schema: metadata/Document/v1
  name: maas-postgresql
 data:
  chart_name: maas-postgresql
  release: maas-postgresql
  namespace: ucp 
  install:
    no_hooks: false
  upgrade:
    no_hooks: false
  pre:
    delete: []
    create: []
  post:
    delete: []
    create: []
  values:
    development:
      enabled: false
    labels:
      node_selector_key: ucp-control-plane
      node_selector_value: enabled
  source:
    type: git
    location: https://git.openstack.org/openstack/openstack-helm-addons
    subpath: postgresql
    reference: master
  dependencies: []
 ---
 schema: armada/Chart/v1
 metadata:
  schema: metadata/Document/v1
  name: maas
 data:
  chart_name: maas
  release: maas
  namespace: ucp
  install:
    no_hooks: false
  upgrade:
    no_hooks: false
  values:
    bootdata_url: http://${DRYDOCK_NODE_IP}:${DRYDOCK_NODE_PORT}/api/v1.0/bootdata/
    labels:
      rack:
        node_selector_key: ucp-control-plane
        node_selector_value: enabled
      region:
        node_selector_key: ucp-control-plane
        node_selector_value: enabled
    network:
      proxy:
        node_port:
          enabled: true
          port: 31800
      gui:
        node_port:
          enabled: true
          port: 31900
    conf:
      maas:
        credentials:
          secret:
            namespace: ucp
        url:
          maas_url: http://${MAAS_NODE_IP}:${MAAS_NODE_PORT}/MAAS
        proxy:
          enabled: '${PROXY_ENABLED}'
          server: ${PROXY_ADDRESS}
        ntp:
          servers: ntp.ubuntu.com
        dns:
          upstream_servers: 8.8.8.8
    secrets:
      maas_region:
        value: 3858a12230ac3c915f300c664f12063f
  source:
    type: git
    location: ${MAAS_CHART_REPO}
    subpath: maas
    reference: ${MAAS_CHART_BRANCH}
  dependencies:
    - helm-toolkit
 ---
 schema: armada/Chart/v1
 metadata:
  schema: metadata/Document/v1
  name: drydock
 data:
  chart_name: drydock
  release: drydock
  namespace: ucp
  install:
    no_hooks: false
  upgrade:
    no_hooks: false
  values:
    images:
      drydock: ${DRYDOCK_IMAGE}
    labels:
      node_selector_key: ucp-control-plane
      node_selector_value: enabled
    network:
      drydock:
        node_port:
          enabled: true
          port: ${DRYDOCK_NODE_PORT}
    conf:
      drydock:
        maasdriver:
          drydock_provisioner:
            maas_api_url: http://${MAAS_NODE_IP}:${MAAS_NODE_PORT}/MAAS/api/2.0/
  source:
    type: git
    location: ${DRYDOCK_CHART_REPO}
    subpath: drydock
    reference: ${DRYDOCK_CHART_BRANCH}
  dependencies:
    - helm-toolkit
 ---
 schema: armada/Manifest/v1
 metadata:
  schema: metadata/Document/v1
  name: ucp-basic
 data:
  release_prefix: armada-ucp
  chart_groups:
    - ceph
    - ceph-bootstrap
    - ucp-infra
    - ucp-services
 ---
 schema: armada/ChartGroup/v1
 metadata:
  schema: metadata/Document/v1
  name: ceph
 data:
  description: 'Storage Backend'
  chart_group:
    - ceph
 ---
 schema: armada/ChartGroup/v1
 metadata:
  schema: metadata/Document/v1
  name: ceph-bootstrap
 data:
  description: 'Storage Backend Config'
  chart_group:
    - ucp-ceph-config
 ---
 schema: armada/ChartGroup/v1
 metadata:
  schema: metadata/Document/v1
  name: ucp-infra
 data:
  description: 'UCP Infrastructure'
  chart_group:
    - ucp-mariadb
    - ucp-memcached
    - maas-postgresql
 ---
 schema: armada/ChartGroup/v1
 metadata:
  schema: metadata/Document/v1
  name: ucp-services
 data:
  description: 'UCP Services'
  chart_group:
    - maas
    - drydock
    - ucp-keystone
 ...
--- a/tests/functional/drydock.yaml.sub
+++ b/tests/functional/drydock.yaml.sub
@ -1,349 +0,0 @@
 #Copyright 2017 AT&T Intellectual Property.  All other rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
 # Site/Region wide definitions. Each design part will be a constituent
 # of the design for exactly one Region
 apiVersion: 'drydock/v1'
 kind: Region
 metadata:
  name: atl_foundry
  date: 17-FEB-2017
  description: Sample site design
  author: sh8121@att.com
 spec:
  # List of query-based definitions for applying tags to deployed nodes
  tag_definitions:
  - tag: 'high_memory'
    # Tag to apply to nodes that qualify for the query
    definition_type: 'lshw_xpath'
    # Only support on type for now - 'lshw_xpath' used by MaaS
    definition: //node[@id="memory"]/'size units="bytes"' > 137438953472
    # an xpath query that is run against the output of 'lshw -xml' from the node
  # Image and package repositories needed by Drydock drivers. Needs to be defined
  repositories:
  - name: 'ubuntu-main'
  authorized_keys:
    - |
      ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAgqUTJwZEMjZCWOnXQw+FFdvnf/lYrGXm01
      rf/ZYUanoymkMWIK1/c8a3Ez9/HY3dyfWBcuzlIV4bNCvJcMg4UPuh6NQBJWAlfp7wfW9O
      8ZyDE3x1FYno5u3OB4rRDcvKe6J0ygPcu4Uec5ASsd58yGnE4zTl1D/J30rNa00si+s= r
      sa-key-20120124
 ---
 apiVersion: 'drydock/v1'
 kind: NetworkLink
 metadata:
  name: oob
  region: atl_foundry
  date: 17-FEB-2017
  author: sh8121@att.com
  description: Describe layer 1 attributes. Primary key is 'name'. These settings will generally be things the switch and server have to agree on
  labels:
    - 'noconfig'
 spec:
  bonding:
    # Mode can be 'disabled', '802.3ad', 'balanced-rr', 'active-backup'. Defaults to disabled
    mode: 'disabled'
  # Physical link default MTU size. No default
  mtu: 1500
  # Physical link speed. Supports 'auto', '100full'. Gigabit+ speeds require auto. No default
  linkspeed: 'auto'
  # Settings for using a link for multiple L2 networks
  trunking:
    # Trunking mode. Supports 'disabled', '802.1q'. Defaults to disabled
    mode: disabled
    # If disabled, what network is this port on. If '802.1q' what is the default network for the port. No default.
    default_network: oob
  allowed_networks:
  - 'oob'
 ---
 apiVersion: 'drydock/v1'
 kind: NetworkLink
 metadata:
  name: pxe
  region: atl_foundry
  date: 17-FEB-2017
  author: sh8121@att.com
  description: Describe layer 1 attributes. Primary key is 'name'. These settings will generally be things the switch and server have to agree on
 spec:
  bonding:
    # Mode can be 'disabled', '802.3ad', 'balanced-rr', 'active-backup'. Defaults to disabled
    mode: 'disabled'
  # Physical link default MTU size. No default
  mtu: 1500
  # Physical link speed. Supports 'auto', '100full'. Gigabit+ speeds require auto. No default
  linkspeed: 'auto'
  # Settings for using a link for multiple L2 networks
  trunking:
    # Trunking mode. Supports 'disabled', '802.1q'. Defaults to disabled
    mode: disabled
    # If disabled, what network is this port on. If '802.1q' what is the default network for the port. No default.
    default_network: pxe
  allowed_networks:
  - 'pxe'
 ---
 apiVersion: 'drydock/v1'
 kind: Network
 metadata:
  name: oob
  region: atl_foundry
  date: 17-FEB-2017
  author: sh8121@att.com
  description: Describe layer 2 and 3 attributes. Primary key is 'name'.
  labels:
    - 'noconfig'
 spec:
  # CIDR representation of network number and netmask
  cidr: '172.24.10.0/24'
  # How addresses are allocated on the network. Supports 'static', 'dhcp'. Defaults to 'static'
  allocation: 'static'
 ---
 apiVersion: 'drydock/v1'
 kind: Network
 metadata:
  name: pxe-rack1
  region: atl_foundry
  date: 17-FEB-2017
  author: sh8121@att.com
  description: Describe layer 2 and 3 attributes. Primary key is 'name'.
 spec:
  # CIDR representation of network number and netmask
  cidr: '172.24.1.0/24'
  # How addresses are allocated on the network. Supports 'static', 'dhcp'. Defaults to 'static'
  allocation: 'static'
  routes:
    # The network being routed to in CIDR notation. Default gateway is 0.0.0.0/0.
  - subnet: '0.0.0.0/0'
    # Next hop for traffic using this route
    gateway: '172.24.1.1'
    # Selection metric for the host selecting this route. No default
    metric: 100
  ranges:
    # Type of range. Supports 'reserved', 'static' or 'dhcp'. No default
  - type: 'reserved'
    # Start of the address range, inclusive. No default
    start: '172.24.1.1'
    # End of the address range, inclusive. No default
    end: '172.24.1.100'
  - type: 'dhcp'
    start: '172.24.1.200'
    end: '172.24.1.250'
 ---
 apiVersion: 'drydock/v1'
 kind: Network
 metadata:
  name: pxe-rack2
  region: atl_foundry
  date: 17-FEB-2017
  author: sh8121@att.com
  description: Describe layer 2 and 3 attributes. Primary key is 'name'.
 spec:
  # CIDR representation of network number and netmask
  cidr: '172.24.2.0/24'
  # How addresses are allocated on the network. Supports 'static', 'dhcp'. Defaults to 'static'
  allocation: 'static'
  routes:
    # The network being routed to in CIDR notation. Default gateway is 0.0.0.0/0.
  - subnet: '0.0.0.0/0'
    # Next hop for traffic using this route
    gateway: '172.24.2.1'
    # Selection metric for the host selecting this route. No default
    metric: 100
  ranges:
    # Type of range. Supports 'reserved', 'static' or 'dhcp'. No default
  - type: 'reserved'
    # Start of the address range, inclusive. No default
    start: '172.24.2.1'
    # End of the address range, inclusive. No default
    end: '172.24.2.100'
  - type: 'dhcp'
    start: '172.24.2.200'
    end: '172.24.2.250'
 ---
 apiVersion: 'drydock/v1'
 kind: HardwareProfile
 metadata:
  name: DellR820v1
  region: atl_foundry
  date: 17-FEB-2017
  author: sh8121@att.com
  description: Describe server hardware attributes. Not a specific server, but profile adopted by a server defintion.
 spec:
  # Chassis vendor
  vendor: 'Dell'
  # Chassis model generation
  generation: '1'
  # Chassis model version
  hw_version: '2'
  # Certified BIOS version for this chassis
  bios_version: '2.2.3'
  # Boot mode. Supports 'bios' or 'uefi'
  boot_mode: 'bios'
  # How the node should be initially bootstrapped. Supports 'pxe'
  bootstrap_protocol: 'pxe'
  # What network interface to use for PXE booting
  # for chassis that support selection
  pxe_interface: '0'
  # Mapping of hardware alias/role to physical address
  device_aliases:
    # the device alias that will be referenced in HostProfile or BaremetalNode design parts
  - alias: 'pnic01'
    # The hardware bus the device resides on. Supports 'pci' and 'scsi'. No default
    bus_type: 'pci'
    # The type of device as reported by lshw. Can be used to validate hardware manifest. No default
    dev_type: 'Intel 10Gbps NIC'
    # Physical address on the bus
    address: '0000:00:03.0'
 ---
 apiVersion: 'drydock/v1'
 kind: HostProfile
 metadata:
  name: defaults
  region: atl_foundry
  date: 17-FEB-2017
  author: sh8121@att.com
  description: Specify a physical server. 
 spec:
  # The HardwareProfile describing the node hardware. No default.
  hardware_profile: 'DellR820v1'
  primary_network: 'pxe'
  # OOB access to node
  oob:
    # Type of OOB access. Supports 'ipmi'
    type: 'ipmi'
    # Which network - as defined in a Network design part - to access the OOB interface on
    network: 'oob'
    # Account name for authenticating on the OOB interface
    account: 'root'
    # Credential for authentication on the OOB interface. The OOB driver will interpret this. 
    credential: 'calvin'
  # How local node storage is configured
  storage:
    # How storage is laid out. Supports 'lvm' and 'flat'. Defaults to 'lvm'
    layout: 'lvm'
    # Configuration for the boot disk
    bootdisk:
      # Hardware disk (or hardware RAID device) used for booting. Can refer to a
      # HardwareProfile device alias or a explicit device name
      device: 'bootdisk'
      # Size of the root volume. Can be specified by percentage or explicit size in
      # megabytes or gigabytes. Defaults to 100% of boot device.
      root_size: '100g'
      # If a separate boot volume is needed, specify size. Defaults to 0 where /boot goes on root.
      boot_size: '0'
    # Non-boot volumes that should be carved out of local storage
    partitions:
      # Name of the volume. Doesn't translate to any operating system config
    - name: 'logs'
      # Hardware device the volume should go on
      device: 'bootdisk'
      # Partition UUID. Defaults to None. A value of 'generate' means Drydock will generate a UUID
      part_uuid:
      # Size of the volume in megabytes or gigabytes
      size: '10g'
      # Filesystem mountpoint if volume should be a filesystem
      mountpoint: '/var/logs'
      # The below are ignored if mountpoint is None
      # Format of filesystem. Defaults to ext4
      fstype: 'ext4'
      # Mount options of the file system as used in /etc/fstab. Defaults to 'defaults'
      mount_options: 'defaults'
      # Filesystem UUID. Defaults to None. A value of 'generate' means Drydock will generate a UUID
      fs_uuid:
      # A filesystem label. Defaults to None
      fs_label:
    # Physical and logical network interfaces
  interfaces:
      # What the interface should be named in the operating system. May not match a hardware device name
  - device_name: 'eno1'
      # The NetworkLink connected to this interface. Must be the name of a NetworkLink design part
    device_link: 'pxe'
      # Hardware devices that support this interface. For configurating a physical device, this would be a list of one
      # For bonds, this would be a list of all the physical devices in the bond. These can refer to HardwareProfile device aliases
      # or explicit device names
    slaves:
    - 'eno1'
      # Network that will be accessed on this interface. These should each be to the name of a Network design part
      # Multiple networks listed here assume that this interface is attached to a NetworkLink supporting trunking
    networks:
    - 'pxe'
  platform:
      # Which image to deploy on the node, must be available in the provisioner. Defaults to 'ubuntu/xenial'
      image: 'ubuntu/xenial'
      # Which kernel to enable. Defaults to generic, can also be hwe (hardware enablement)
      kernel: 'generic'
      # K/V list of kernel parameters to configure on boot. No default. Use value of true for params that are just flags
  metadata:
      # Explicit tags to propagate to Kubernetes. Simple strings of any value
    rack: cab23 
 ---
 apiVersion: 'drydock/v1'
 kind: BaremetalNode
 metadata:
  name: cab23-r720-16 
  region: atl_foundry
  date: 17-FEB-2017
  author: sh8121@att.com
  description: Specify a physical server. 
 spec:
  host_profile: defaults
  addressing:
      # The name of a defined Network design part also listed in the 'networks' section of a interface definition
  - network: 'pxe'
      # Address should be an explicit IP address assignment or 'dhcp'
    address: '10.23.19.116'
  - network: 'oob'
    address: '10.23.104.16'
  metadata:
    tags:
      - 'masters'
 ---
 apiVersion: 'drydock/v1'
 kind: BaremetalNode
 metadata:
  name: cab23-r720-17
  region: atl_foundry
  date: 17-FEB-2017
  author: sh8121@att.com
  description: Specify a physical server. 
 spec:
  host_profile: defaults
  addressing:
      # The name of a defined Network design part also listed in the 'networks' section of a interface definition
  - network: 'pxe'
      # Address should be an explicit IP address assignment or 'dhcp'
    address: '10.23.19.117'
  - network: 'oob'
    address: '10.23.104.17'
  metadata:
    tags:
      - 'masters'
 ---
 apiVersion: 'drydock/v1'
 kind: BaremetalNode
 metadata:
  name: cab23-r720-19 
  region: atl_foundry
  date: 17-FEB-2017
  author: sh8121@att.com
  description: Specify a physical server. 
 spec:
  host_profile: defaults
  addressing:
      # The name of a defined Network design part also listed in the 'networks' section of a interface definition
  - network: 'pxe'
      # Address should be an explicit IP address assignment or 'dhcp'
    address: '10.23.19.119'
  - network: 'oob'
    address: '10.23.104.19'
 ...
--- a/tests/functional/multirack_prep.sh
+++ b/tests/functional/multirack_prep.sh
@ -1,62 +0,0 @@
 # Setup fake IPMI network
 ip link add oob-br type bridge
 ip link set dev oob-br up
 # Setup rack 1 PXE network
 ip link add pxe1-br type bridge
 ip link set dev pxe1-br up
 # Setup rack 2 PXE network
 ip link add pxe2-br type bridge
 ip link set dev pxe2-br up
 # Setup interface to hold all IP addresses for vbmc instances
 ip link add dev oob-if type veth peer name oob-ifp
 ip link set dev oob-ifp up master oob-br
 ip link set dev oob-if up arp on
 # Setup rack 1 PXE gateway
 ip link add dev pxe1-if type veth peer name pxe1-ifp
 ip link set dev pxe1-ifp up master pxe1-br
 ip link set dev pxe1-if up arp on
 ip addr add 172.24.1.1/24 dev pxe1-if
 # Setup rack 2 PXE gateway
 ip link add dev pxe2-if type veth peer name pxe2-ifp
 ip link set dev pxe2-ifp up master pxe2-br
 ip link set dev pxe2-if up arp on
 ip addr add 172.24.2.1/24 dev pxe2-if
 # Setup fake IPMI interfaces and vbmc instances
 ip addr add 172.24.10.101/24 dev oob-if
 vbmc add --address 172.24.10.101 node2
 ip addr add 172.24.10.102/24 dev oob-if
 vbmc add --address 172.24.10.102 node3
 vbmc start
 # Setup rules for IP forwarding on PXE networks
 echo 1 > /proc/sys/net/ipv4/ip_forward
 iptables -t nat -A POSTROUTING -o extbr -j MASQUERADE
 iptables -A FORWARD -i extbr -o pxe1-if -m state --state RELATED,ESTABLISHED -j ACCEPT
 iptables -A FORWARD -i pxe1-if -o extbr -j ACCEPT
 iptables -A FORWARD -i extbr -o pxe2-if -m state --state RELATED,ESTABLISHED -j ACCEPT
 iptables -A FORWARD -i pxe2-if -o extbr -j ACCEPT
 # Setup external ssh access to genesis VM
 iptables -t nat -A PREROUTING -p tcp -d 10.23.19.16 --dport 2222 -j DNAT --to-destination 172.24.1.100:22
 # Node1 - Genesis
 # PXE1 - 172.24.1.100/24
 # OOB - 172.24.10.100/24
 # Node2 - Master
 # PXE1 - 172.24.1.101/24
 # vbmc - 172.24.10.101/24
 # Node3 - Master
 # PXE2 - 172.24.2.101/24
 # vbmc - 172.24.10.102/24
--- a/tests/functional/promenade.yaml.sub
+++ b/tests/functional/promenade.yaml.sub
@ -1,82 +0,0 @@
 ---
 apiVersion: promenade/v1
 kind: Cluster
 metadata:
  name: example
  target: none
 spec:
  nodes:
    ${GENESIS_NODE_NAME}:
      ip: ${GENESIS_NODE_IP}
      roles:
        - master
        - genesis
      additional_labels:
        - beta.kubernetes.io/arch=amd64
        - ucp-control-plane=enabled
        - ceph-mon=enabled
        - ceph-osd=enabled
        - ceph-mds=enabled
    ${MASTER_NODE_NAME}:
      ip: ${MASTER_NODE_IP}
      roles:
        - master
      additional_labels:
        - beta.kubernetes.io/arch=amd64
        - ucp-control-plane=enabled
        - ceph-mon=enabled
        - ceph-osd=enabled
        - ceph-mds=enabled
 ---
 apiVersion: promenade/v1
 kind: Network
 metadata:
  cluster: example
  name: example
  target: all
 spec:
  cluster_domain: cluster.local
  cluster_dns: 10.96.0.10
  kube_service_ip: 10.96.0.1
  pod_ip_cidr: 10.97.0.0/16
  service_ip_cidr: 10.96.0.0/16
  calico_etcd_service_ip: 10.96.232.136
  calico_interface: ${NODE_NET_IFACE}
  dns_servers:
    - 8.8.8.8
    - 8.8.4.4
 ---
 apiVersion: promenade/v1
 kind: Versions
 metadata:
  cluster: example
  name: example
  target: all
 spec:
  images:
    armada: ${ARMADA_IMAGE}
    calico:
      cni: quay.io/calico/cni:v1.9.1
      etcd: quay.io/coreos/etcd:v3.2.1
      node: quay.io/calico/node:v1.3.0
      policy-controller: quay.io/calico/kube-policy-controller:v0.6.0
    kubernetes:
      apiserver: gcr.io/google_containers/hyperkube-amd64:v1.6.7
      controller-manager: quay.io/attcomdev/kube-controller-manager:v1.6.7
      dns:
        dnsmasq: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.2
        kubedns: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.2
        sidecar: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.2
      etcd: quay.io/coreos/etcd:v3.2.1
      kubectl: gcr.io/google_containers/hyperkube-amd64:v1.6.7
      proxy: gcr.io/google_containers/hyperkube-amd64:v1.6.7
      scheduler: gcr.io/google_containers/hyperkube-amd64:v1.6.7
    promenade: ${PROMENADE_IMAGE}
    tiller: gcr.io/kubernetes-helm/tiller:v2.5.0
  packages:
    docker: docker.io=1.12.6-0ubuntu1~16.04.1
    dnsmasq: dnsmasq=2.75-1ubuntu0.16.04.2
    socat: socat=1.7.3.1-1
  additional_packages:
    - ceph-common=10.2.7-0ubuntu0.16.04.1
 ...
--- a/tests/functional/rbac-generous-permissions.yaml
+++ b/tests/functional/rbac-generous-permissions.yaml
@ -1,16 +0,0 @@
 ---
 apiVersion: rbac.authorization.k8s.io/v1alpha1
 kind: ClusterRoleBinding
 metadata:
  name: generous-permissions
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
 subjects:
 - kind: Group
  name: system:masters
 - kind: Group
  name: system:authenticated
 - kind: Group
  name: system:unauthenticated
--- a/tests/functional/set-env.sh
+++ b/tests/functional/set-env.sh
@ -1,9 +0,0 @@
 export CEPH_CLUSTER_NET=172.24.1.0/24
 export CEPH_PUBLIC_NET=172.24.1.0/24
 export GENESIS_NODE_IP=172.24.1.100
 export MASTER_NODE_IP=172.24.1.101
 export NODE_NET_IFACE=ens3
 export CEPH_CHART_REPO=https://github.com/sh8121att/helm_charts
 export DRYDOCK_CHART_REPO=https://github.com/sh8121att/helm_charts
 export MAAS_CHART_REPO=https://github.com/sh8121att/helm_charts
 export DRYDOCK_IMAGE=docker.io/sthussey/drydock:latest
--- a/tests/functional/test_basic_integration.sh
+++ b/tests/functional/test_basic_integration.sh
@ -1,128 +0,0 @@
 #/bin/bash
 set -x
 # Check that we are root
 if [[ $(whoami) != "root" ]]
 then
  echo "Must be root to run $0"
  exit -1
 fi
 # Install docker
 apt -qq update
 apt -y install docker.io jq
 # Setup environmental variables
 # with stable defaults
 # Network
 export CEPH_CLUSTER_NET=${CEPH_CLUSTER_NET:-"NA"}
 export CEPH_PUBLIC_NET=${CEPH_PUBLIC_NET:-"NA"}
 export GENESIS_NODE_IP=${GENESIS_NODE_IP:-"NA"}
 export DRYDOCK_NODE_IP=${DRYDOCK_NODE_IP:-${GENESIS_NODE_IP}}
 export DRYDOCK_NODE_PORT=${DRYDOCK_NODE_PORT:-31000}
 export MAAS_NODE_IP=${MAAS_NODE_IP:-${GENESIS_NODE_IP}}
 export MAAS_NODE_PORT=${MAAS_NODE_PORT:-31900}
 export MASTER_NODE_IP=${MASTER_NODE_IP:-"NA"}
 export NODE_NET_IFACE=${NODE_NET_IFACE:-"eth0"}
 export PROXY_ADDRESS=${PROXY_ADDRESS:-"http://one.proxy.att.com:8080"}
 export PROXY_ENABLED=${PROXY_ENABLED:-"false"}
 # Hostnames
 export GENESIS_NODE_NAME=${GENESIS_NODE_NAME:-"node1"}
 export MASTER_NODE_NAME=${MASTER_NODE_NAME:-"node2"}
 # Charts
 export CEPH_CHART_REPO=${CEPH_CHART_REPO:-"https://github.com/openstack/openstack-helm"}
 export CEPH_CHART_BRANCH=${CEPH_CHART_BRANCH:-"master"}
 export DRYDOCK_CHART_REPO=${DRYDOCK_CHART_REPO:-"https://github.com/att-comdev/aic-helm"}
 export DRYDOCK_CHART_BRANCH=${DRYDOCK_CHART_BRANCH:-"master"}
 export MAAS_CHART_REPO=${MAAS_CHART_REPO:-"https://github.com/openstack/openstack-helm-addons"}
 export MAAS_CHART_BRANCH=${MAAS_CHART_BRANCH:-"master"}
 # Images
 export DRYDOCK_IMAGE=${DRYDOCK_IMAGE:-"quay.io/attcomdev/drydock:0.2.0-a1"}
 export ARMADA_IMAGE=${ARMADA_IMAGE:-"quay.io/attcomdev/armada:v0.6.0"}
 export PROMENADE_IMAGE=${PROMENADE_IMAGE:-"quay.io/attcomdev/promenade:master"}
 # Filenames
 export ARMADA_CONFIG=${ARMADA_CONFIG:-"armada.yaml"}
 export PROMENADE_CONFIG=${PROMENADE_CONFIG:-"promenade.yaml"}
 export UP_SCRIPT_FILE=${UP_SCRIPT_FILE:-"up.sh"}
 # Validate environment
 if [[ $GENESIS_NODE_IP == "NA" || $MASTER_NODE_IP == "NA" ]]
 then
  echo "GENESIS_NODE_IP and MASTER_NODE_IP env vars must be set to correct IP addresses."
  exit -1
 fi
 if [[ $CEPH_CLUSTER_NET == "NA" || $CEPH_PUBLIC_NET == "NA" ]]
 then
  echo "CEPH_CLUSTER_NET and CEPH_PUBLIC_NET en vars must be set to correct IP subnet CIDRs."
  exit -1
 fi
 # Required inputs
 #   Promenade input-config.yaml
 #   Armada Manifest for integrated UCP services
 cat promenade.yaml.sub | envsubst > ${PROMENADE_CONFIG}
 cat armada.yaml.sub | envsubst > ${ARMADA_CONFIG}
 rm -rf configs
 mkdir configs
 # Generate Promenade configuration
 docker run -t -v $(pwd):/target ${PROMENADE_IMAGE} promenade generate -c /target/${PROMENADE_CONFIG} -o /target/configs
 # Do Promenade genesis process
 cd configs
 sudo bash ${UP_SCRIPT_FILE} ./${GENESIS_NODE_NAME}.yaml
 cd ..
 # Setup kubeconfig
 mkdir ~/.kube
 cp -r /etc/kubernetes/admin/pki ~/.kube/pki
 cat /etc/kubernetes/admin/kubeconfig.yaml | sed -e 's/\/etc\/kubernetes\/admin/./' > ~/.kube/config
 # Polling to ensure genesis is complete
 while [[ -z $(kubectl get pods -n kube-system | grep 'kube-dns' | grep -e '3/3') ]]
 do
  sleep 5
 done
 # Squash Kubernetes RBAC to be compatible w/ OSH
 kubectl update -f ./rbac-generous-permissions.yaml
 # Do Armada deployment of UCP integrated services
 docker run -t -v ~/.kube:/root/.kube -v $(pwd):/target --net=host \
  ${ARMADA_IMAGE} apply --debug-logging /target/${ARMADA_CONFIG} --tiller-host=${GENESIS_NODE_IP} --tiller-port=44134
 # Polling for UCP service deployment
 while [[ -z $(kubectl get pods -n ucp | grep drydock | grep Running) ]]
 do
  sleep 5
 done
 # Run Gabbi tests
 TOKEN=$(docker run --rm --net=host -e 'OS_AUTH_URL=http://keystone-api.ucp.svc.cluster.local:80/v3' -e 'OS_PASSWORD=password' -e 'OS_PROJECT_DOMAIN_NAME=default' -e 'OS_PROJECT_NAME=service' -e 'OS_REGION_NAME=RegionOne' -e 'OS_USERNAME=drydock' -e 'OS_USER_DOMAIN_NAME=default' -e 'OS_IDENTITY_API_VERSION=3' kolla/ubuntu-source-keystone:3.0.3 openstack token issue -f shell | grep ^id | cut -d'=' -f2 | tr -d '"')
 DESIGN_ID=$(docker run  --rm --net=host -e "DD_TOKEN=$TOKEN" -e "DD_URL=http://drydock-api.ucp.svc.cluster.local:9000" -e "LC_ALL=C.UTF-8" -e "LANG=C.UTF-8" --entrypoint /usr/local/bin/drydock $DRYDOCK_IMAGE design create)
 TASK_ID=$(docker run  --rm --net=host -e "DD_TOKEN=$TOKEN" -e "DD_URL=http://drydock-api.ucp.svc.cluster.local:9000" -e "LC_ALL=C.UTF-8" -e "LANG=C.UTF-8" --entrypoint /usr/local/bin/drydock $DRYDOCK_IMAGE task create -d $DESIGN_ID -a verify_site)
 sleep 15
 TASK_STATUS=$(docker run --rm --net=host -e "DD_TOKEN=$TOKEN" -e "DD_URL=http://drydock-api.ucp.svc.cluster.local:9000" -e "LC_ALL=C.UTF-8" -e "LANG=C.UTF-8" --entrypoint /usr/local/bin/drydock $DRYDOCK_IMAGE task show -t $TASK_ID | tr "'" '"'  | sed -e 's/None/null/g')
 if [[ $(echo $TASK_STATUS | jq -r .result) == "success" ]]
 then
  echo "Action verify_site successful."
  exit 0
 else
  echo "Action verify_site failed."
  echo $TASK_STATUS
  exit -1
 fi
--- a/tools/gate/playbooks/airship-drydock-check.yaml
+++ b/tools/gate/playbooks/airship-drydock-check.yaml
@ -0,0 +1,22 @@
 # Copyright 2017 The Openstack-Helm Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 - hosts: primary
  tasks:
    - name: Build Charts
      shell: |
        set -xe;
        ./tools/gate/scripts/010-build-charts.sh
      args:
        chdir: "{{ zuul_osh_relative_path | default(zuul.project.src_dir) }}"
--- a/tools/gate/playbooks/osh-infra-build.yaml
+++ b/tools/gate/playbooks/osh-infra-build.yaml
@ -0,0 +1,36 @@
 # Copyright 2017 The Openstack-Helm Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 - hosts: primary
  vars_files:
    - vars.yaml
  vars:
    work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
  gather_facts: True
  roles:
    - build-helm-packages
  tags:
    - build-helm-packages
 - hosts: all
  vars_files:
    - vars.yaml
  vars:
    work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
  gather_facts: False
  become: yes
  roles:
    - build-images
  tags:
    - build-images
--- a/tools/gate/playbooks/osh-infra-collect-logs.yaml
+++ b/tools/gate/playbooks/osh-infra-collect-logs.yaml
@ -0,0 +1,30 @@
 # Copyright 2017 The Openstack-Helm Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 - hosts: all
  vars:
    work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
    logs_dir: "/tmp/logs"
  roles:
    - gather-host-logs
    - helm-release-status
    - describe-kubernetes-objects
    - gather-pod-logs
    - gather-prom-metrics
  tags:
    - gather-host-logs
    - helm-release-status
    - describe-kubernetes-objects
    - gather-pod-logs
    - gather-prom-metrics
--- a/tools/gate/playbooks/osh-infra-deploy-docker.yaml
+++ b/tools/gate/playbooks/osh-infra-deploy-docker.yaml
@ -0,0 +1,43 @@
 # Copyright 2017 The Openstack-Helm Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 - hosts: all
  vars_files:
    - vars.yaml
  vars:
    work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
  gather_facts: False
  become: yes
  roles:
    - deploy-python
  tags:
    - deploy-python
 - hosts: all
  vars_files:
    - vars.yaml
  vars:
    work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
  gather_facts: True
  become: yes
  roles:
    - setup-firewall
    - deploy-python-pip
    - deploy-docker
    - deploy-yq
  tags:
    - setup-firewall
    - deploy-python-pip
    - deploy-docker
    - deploy-yq
--- a/tools/gate/playbooks/osh-infra-deploy-k8s.yaml
+++ b/tools/gate/playbooks/osh-infra-deploy-k8s.yaml
@ -0,0 +1,36 @@
 # Copyright 2017 The Openstack-Helm Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 - hosts: primary
  vars_files:
    - vars.yaml
  vars:
    work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
  gather_facts: True
  roles:
    - build-helm-packages
    - deploy-kubeadm-aio-master
  tags:
    - build-helm-packages
    - deploy-kubeadm-aio-master
 - hosts: nodes
  vars_files:
    - vars.yaml
  vars:
    work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
  roles:
    - deploy-kubeadm-aio-node
  tags:
    - deploy-kubeadm-aio-node
--- a/tools/gate/playbooks/osh-infra-upgrade-host.yaml
+++ b/tools/gate/playbooks/osh-infra-upgrade-host.yaml
@ -0,0 +1,41 @@
 # Copyright 2017 The Openstack-Helm Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 - hosts: all
  vars_files:
    - vars.yaml
  vars:
    work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
  gather_facts: False
  become: yes
  roles:
    - deploy-python
  tags:
    - deploy-python
 - hosts: all
  vars_files:
    - vars.yaml
  vars:
    work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
  gather_facts: True
  become: yes
  roles:
    - upgrade-host
    - start-zuul-console
    - disable-local-nameserver
  tags:
    - upgrade-host
    - start-zuul-console
    - disable-local-nameserver
--- a/tools/gate/playbooks/vars.yaml
+++ b/tools/gate/playbooks/vars.yaml
@ -0,0 +1,15 @@
 # Copyright 2017 The Openstack-Helm Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 null: null
--- a/tools/gate/playbooks/zuul-linter.yaml
+++ b/tools/gate/playbooks/zuul-linter.yaml
@ -0,0 +1,20 @@
 # Copyright 2017 The Openstack-Helm Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 - hosts: primary
  tasks:
    - name: Execute a Whitespace Linter check
      command: find . -not -path "*/\.*" -not -path "*/doc/build/*" -not -name "*.tgz" -type f -exec egrep -l " +$" {} \;
      register: result
      failed_when: result.stdout != ""
--- a/tools/gate/scripts/010-build-charts.sh
+++ b/tools/gate/scripts/010-build-charts.sh
@ -0,0 +1,19 @@
 #!/bin/bash
 # Copyright 2017 The Openstack-Helm Authors.
 #
 #    Licensed under the Apache License, Version 2.0 (the "License"); you may
 #    not use this file except in compliance with the License. You may obtain
 #    a copy of the License at
 #
 #         http://www.apache.org/licenses/LICENSE-2.0
 #
 #    Unless required by applicable law or agreed to in writing, software
 #    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 #    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 #    License for the specific language governing permissions and limitations
 #    under the License.
 set -xe
 make charts