Tip
The Undercloud Platform is part of the AIC CP (AT&T Integrated Cloud Containerized Platform). More details may be found by using the Treasuremap
Building this Documentation¶
Use of tox -e docs will build an HTML version of this documentation that
can be viewed using a browser at docs/build/index.html on the local filesystem.
Conventions and Standards¶
Getting Started¶
What is Pegleg?¶
Pegleg is a document aggregator that will aggregate all the documents in a repository and pack them into a single YAML file. This allows for operators to structure their site definitions in a maintainable directory layout, while providing them with the automation and tooling needed to aggregate, lint, and render those documents for deployment.
For more information on the documents that Pegleg works on see Document Fundamentals.
Basic Usage¶
Before using Pegleg, you must:
Clone the Pegleg repository
git clone https://github.com/att-comdev/pegleg
and install the required packages in pegleg/src/bin/pegleg
pip3 install -r pegleg/src/bin/pegleg/requirements.txt -r pegleg/src/bin/pegleg/test-requirements.txt
Next, add your repos containing your site definition libraries into your local system where Pegleg is running, as Pegleg can only work on files available in the local directory.
You will then be able to use all of Pegleg’s features through the CLI. See CLI for more information.
Document Fundamentals¶
The definition of a site consists of a set of small YAML documents that
are managed by Deckhand. Each document is identified by a schema top-level
key and the metadata.name value that uniquely identifies a particular
document of the type schema. Deckhand provides functionality allowing
documents to be authored such that data from multiple documents can be merged.
- Abstact vs Concrete - Documents define a value in
metadata.layeringDefinition.abstractto determine if a document is abstract (a value oftrue) or concrete (a value offalse). When calling the/revisions/{id}/rendered-documentsAPI, only concrete documents are returned.- Layering - Document layering is used for whole documents that have known defaults but may need to be transformed in specific instances.
- Substitution - Data substitution is used for extracting particular values from a document’s data section (whole or in-part) and inserting that data into a destination document (at the root of the data section or deeper into a document).
Definition Artifact Layout¶
The definition artifacts are stored in the below directory structure. This structure is used only to assist humans in maintaining the data. When the documents are consumed by the UCP services, they are viewed as a flat set of all documents.:
deployment_files/deployment_files
|- /global
| |- /common
| | |- {definition library}
| |- /v1.0
| |- {definition library}
|- /type
| |- /production
| | |- /v1.0
| | |- {definition library}
| |- /cicd
| | |- /v1.0
| | |- {definition library}
| |- /labs
| |- /v1.0
| |- {definition library}
|- /site
|- /{sitename}
|- site_definition.yaml
|- {definition library}
The root-level listings of global, type and site
are the layers as listed in the Deckhand
_LayeringPolicy http://deckhand.readthedocs.io/en/latest/layering.html
document. The process of choosing the definition libraries
to compose the actual design for a site is described below.
site_definition.yaml¶
The site_definition.yaml file is what selects the definition libraries to use for a site. Additional metadata can be added to this file as needed to meet requirements.:
---
schema: pegleg/SiteDefinition/v1
metadata:
layeringDefinition:
abstract: false
layer: 'site'
name: 'mtn13b.1'
schema: metadata/Document/v1
storagePolicy: cleartext
data:
platform_name: 'integration'
revision: 'v1.0'
site_type: 'cicd'
The revision field is used
to select the definition libraries in the global layer. This
layer will be composed of a union of documents in the common
definition library and the definition library
for the revision. The revision field and
the site_type fields select the definition library from the
type layer. And the site layer is defined by the single
defintion library under the sitename.
Definition Library Layout¶
The definition library layout is replicated in each location that the site definition contains a set of documents.:
{library root}
|- /schemas
| |- /{namespace}
| |- /{kind}
| |- {version}.yaml
|
|- /profiles
| |- /hardware
| |- /host
|
|- /pki
| |- kubernetes-nodes.yaml
|
|- /secrets
| |- /certifcate-authorities
| |- /certificates
| |- /keypairs
| |- /passphrases
|
|- /software
| |- /charts
| | |- /{chart collection}
| | | |- dependencies.yaml
| | | |- /{chartgroup}
| | | |- chart-group.yaml
| | | |- {chart1}.yaml
| | | |- {chart2}.yaml
| | |
| | |- /{chart collection}
| | |- dependencies.yaml
| | |- /{chartgroup}
| | |- chart-group.yaml
| | |- {chart1}.yaml
| | |- {chart2}.yaml
| |
| |- /config
| | |- Docker.yaml
| | |- Kubelet.yaml
| | |- versions.yaml
| |
| |- /manifests
| |- bootstrap.yaml
| |- site.yaml
|
|- /networks
| |- /physical
| | |- sitewide.yaml
| | |- rack1.yaml
| |
| |- KubernetesNetwork.yaml
| |- common-addresses.yaml
|
|- /baremetal
|- rack1.yaml
|- rack2.yaml
* Schemas - The schemas should all be sourced from the UCP
service repositories. Care should be taken that the schemas
included in the site definition are taken from the version of
the service being deployed in the site.
* Software
* /config/versions.yaml will contain a manifest of all the
chart, image and package versions. These should be substituted
into all other documents that define version information.
* dependencies.yaml - Contains Armada chart definitions that are
only utilized as dependencies for other charts (e.g. helm-toolkit)
* Chart collection - Loose organization of chart groups
such as 'kubernetes', 'ucp', 'osh'
* Physical networks and baremetal nodes can be split into files
in whatever way makes sense. The best practice here to define
them by racks is only a suggestion.
Pegleg CLI¶
The Pegleg CLI is used in conjunction with the script located in pegleg/tools called pegleg.sh.
$WORKSPACE = Location of the folder that holds the repositories containing
the site definition libraries. Pegleg makes no assumptions about the root
directory. $WORKSPACE is /workspace in the container context.
Example: $WORKSPACE=/home/ubuntu/all_repos
$IMAGE = Location of pegleg docker image.
Example: $IMAGE=quay.io/attcomdev/pegleg:latest
To run:
export WORKSPACE=<repo_location>
export IMAGE=<docker_image>
./pegleg.sh <command> <options>
CLI Options¶
-v / –verbose
Enable debug logging.
Site¶
This allows you to set the primary and auxiliary repositories.
-p / –primary
Path to the root of the primary (containing site_definition.yaml) repo. (Required).
-a / –auxiliary
Path to the root of an auxiliary repo.
./pegleg.sh site -p <primary_repo> -a <auxiliary_repo> <command> <options>
Example:
./pegleg.sh site -p /workspace/repo_1 -a /workspace/repo_2
<command> <options>
Collect¶
Output complete config for one site. It is assumed that all lint errors have been corrected already.
site_name
Name of the site. (Required).
-s / –save-location
Where to output.
./pegleg.sh <command> <options> collect site_name -s save_location
Example:
./pegleg.sh site -p /workspace/repo_1 -a /workspace/repo_2
collect site_name -s /workspace
Impacted¶
Find sites impacted by changed files.
-i / –input
List of impacted files.
-o / –output
Where to output.
./pegleg impacted -i <input_stream> -o <output_stream>
List¶
List known sites.
-o/–output
Where to output.
./pegleg <command> <options> list
Example:
./pegleg site -p /workspace/repo_1 list -o /workspace
Show¶
Show details for one site.
site_name
Name of site. (Required).
-o /–output
Where to output.
./pegleg <command> <options> show site_name
Example:
./pegleg site -p /workspace/repo_1 show site_name -o /workspace
Lint¶
Sanity checks for repository content. Validations for linting are done utilizing Deckhand Validations.
./pegleg.sh lint -p <primary_repo> -a <auxiliary_repo>
-f -x <lint_code> -w <lint_code>
Example:
./pegleg.sh lint -p /workspace/site-repo -a /workspace/secondary-repo
-x P001 -x P002 -w P003
-p / –primary
Path to the root of the primary (containing site_definition.yaml) repo. (Required).
-a / –auxiliary
Path to the root of an auxiliary repo.
-f / –fail-on-missing-sub-src
Raise Deckhand exception on missing substitution sources. Defaults to True.
-x <code>
Will excluded the specified lint option. -w takes priority over -x.
-w <code>
Will warn of lint failures from the specified lint options.
If you expect certain lint failures, then those lint options can be
excluded or you can choose to be warned about those failures using the
codes below.
P001 - Document has storagePolicy cleartext (expected is encrypted) yet
its schema is a mandatory encrypted type.
Where mandatory encrypted schema type is one of:
* deckhand/CertificateAuthorityKey/v1
* deckhand/CertificateKey/v1
* deckhand/Passphrase/v1
* deckhand/PrivateKey/v1
P002 - Deckhand rendering is expected to complete without errors.
P003 - All repos contain expected directories.