Added OCFP, bumped stemcell, added cloud-config

MANUAL.md

@@ -6,9 +6,10 @@ credentials used elsewhere in deployments and applications.
 
 # Base Parameters
 
-- `vault_disk_pool` - The persistent disk pool that Vault VMs will
-  use.  This pool must exist in your cloud config.  Defaults to
-  `default`.
+- `vault_disk_type` - The persistent disk type that the Vault VMs will use.
+  This replaces `vault_disk_pool`, which will still work if vault_disk_type
+  is not specified.  This vm type must exist in your cloud config.  Defaults
+  to `default`
 
 - `vault_vm_type` - What type of VM to deploy.  This type must
   exist in your cloud config.  Defaults to `default`.
@@ -67,6 +68,30 @@ params:
   vault_vm_type:   default # VMs should have at least 1 CPU, and 1GB of memory
 ```
 
+# Features
+
+The following features are supported by this kit:
+
+- `ocfp` - Uses the config generated by the OCFP scripts that initialize the
+  infrastructure, and sets opinionated configurations.  This has the following
+  effects:
+
+  * sets the network, vm_type and disk_type to unique name specific to this
+    environment, so no chance of conflict or inadvertent changes.
+
+  * provides the ips and azs that will be used by the network.  Setting
+    `params.ocfp-instances` will allow a subset of these ips.
+
+  * Provide a generated cloud config to specify the above values that will be
+    uploaded prior to deployment.
+
+## `ocfp`-specific Parameters
+
+- `ocfp-subnet-prefix` - specifies the subnet prefix for subnets that will be used
+  to populate the network components on this environment.  Defaults to `ocfp`
+
+- `ocfp-instances` - specify how many instances to use out of the total provided
+  by the OCFP configuration.
 
 # Available Addons
 

hooks/blueprint.pm

@@ -0,0 +1,114 @@
+package Genesis::Hook::Blueprint::Vault v4.0.0;
+
+use strict;
+use warnings;
+
+# Only needed for development
+BEGIN {push @INC, $ENV{GENESIS_LIB} ? $ENV{GENESIS_LIB} : $ENV{HOME}.'/.genesis/lib'}
+
+use parent qw(Genesis::Hook::Blueprint);
+
+sub init {
+	my $class = shift;
+	my $obj = $class->SUPER::init(@_);
+	$obj->check_minimum_genesis_version('3.1.0-rc.9');
+	return $obj;
+}
+
+sub perform {
+	my ($self) = @_;
+	return 1 if $self->completed;
+
+  $self->add_files(
+    'manifests/vault.yml',
+    'manifests/releases/safe.yml'
+  );
+
+  my $iaas = $self->iaas;
+  my $ips = $self->env->lookup('params.ips', []);
+
+  my $dynamic_static_fragment = '';
+  if ($want_feature 'ocfp') {
+    # Determine instance count and IPs from ocfp config
+    my $subnets = $self->env->ocfp_config_lookup('vpc.subnets');
+    my $prefix = $self->env->ocfp_subnet_prefix;
+    my $az_map = $self->director_exodus_lookup('/network')->{azs};
+    my (@ips, @azs) = ();
+    for my $subnet (sort grep {/^$prefix/} keys %$sn) {
+      my $ip = $sn->{$_}{'reserved-ips'}{'vault_ip'};
+      next unless $ip;
+      push @ips, $ip;
+      push @azs, $az_map->{$sn->{$_}{az}}->{name};
+    }
+
+    my $instances = $self->env->lookup('params.ocfp_instances');
+    bail(
+      "Only %s instances available under OCFP; environment requested %s",
+      @ips, $instances
+    ) if ($instances > @ips);
+    $instances ||= @ips;
+
+    @ips = @ips[0..$instances-1];
+    @azs = @azs[0..$instances-1];
+    my $network_name = "$GENESIS_ENV.$GENESIS_TYPE.net-vault";
+
+    my $dynamic_static_fragment = << "EOF";
+exodus:
+  ips: $(\(join ',',@ips))
+
+instance_groups:
+- name: vault
+  azs:${\(join "\n  - ", '','(( replace ))', @azs)}
+  instances: $instances
+  networks:
+  - (( replace ))
+  - name: $network_name
+    static_ips:${\(join "\n  - ", '', @ips)}
+EOF
+
+  } elsif (my $instances = @$ips) {
+    my $dynamic-static-ips = <<"EOF";
+exodus:
+  ips: $ips 
+
+instance_groups:
+- name: vault
+  instances: $instance
+  networks:
+  - name: vault
+    static_ips:${\(join '\n    - ', '', $ips)}
+EOF
+  }
+
+  if ($dynamic_static_fragment) {
+    my $satics_file = "manifests/network.dynamic.yml";
+    mkfile_or_fail($self->env->kit->workpath($statics_file), 0644, $contents);
+    $self->add_files($statics_file);
+  }
+
+  $self->add_files('manifests/azure.yml') if ($self->iaas eq 'azure');
+
+  my @invalid_features = ();
+  for my $feature ($self->features) {
+    if ($feature eq 'ocfp') {
+      # TODO: Check if iaas-specific ocfp file is present, and error if not.
+      $self->add_files(
+        'manifests/ocfp.yml',
+      );
+    } elsif (-f "$ENV{GENESIS_ROOT}/${feature}.yml") {
+      $self->add_files("$ENV{GENESIS_ROOT}/${feature}.yml")
+    } else {
+      push @invalid_features, $feature;
+    }
+  }
+
+  bail(
+    "Invalid %s encountered: %s",
+    count_nouns(scalar(@invalid_features), 'feature', suppress_count => 1),
+    join(', ', @invalid_features)
+  ) if @invalid_features;
+
+  $self->done(1);
+}
+
+1;

hooks/cloud-config.pm

@@ -0,0 +1,80 @@
+package Genesis::Hook::CloudConfig::Bosh v3.2.0;
+
+use strict;
+use warnings;
+
+# Only needed for development
+BEGIN {push @INC, $ENV{GENESIS_LIB} ? $ENV{GENESIS_LIB} : $ENV{HOME}.'/.genesis/lib'}
+
+use parent qw(Genesis::Hook::CloudConfig);
+
+use Genesis::Hook::CloudConfig::Helpers qw/gigabytes megabytes/;
+
+use Genesis qw//;
+use JSON::PP;
+
+sub init {
+	my $class = shift;
+	my $obj = $class->SUPER::init(@_);
+	$obj->check_minimum_genesis_version('3.1.0-rc.4');
+	return $obj;
+}
+
+sub perform {
+	my ($self) = @_;
+	return 1 if $self->completed;
+
+	my $config = $self->build_cloud_config({
+		'networks' => [
+			$self->network_definition('vault', strategy => 'ocfp',
+				dynamic_subnets => {
+					allocation => {
+						size => 0,
+						statics => 0,
+					},
+					cloud_properties_for_iaas => {
+						openstack => {
+							'net_id' => $self->network_reference('id'), # TODO: $self->subnet_reference('net_id'),
+							'security_groups' => ['default'] #$self->subnet_reference('sgs', 'get_security_groups'),
+						},
+					},
+				},
+			)
+		],
+		'vm_types' => [
+			$self->vm_type_definition('vault',
+				cloud_properties_for_iaas => {
+					openstack => {
+						'instance_type' => $self->for_scale({
+							dev => 'm1.2',
+							prod => 'm1.3'
+						}, 'm1.2'),
+						'boot_from_volume' => $self->TRUE,
+						'root_disk' => {
+							'size' => 32 # in gigabytes
+						},
+					},
+				},
+			),
+		],
+		'disk_types' => [
+			$self->disk_type_definition('vault',
+				common => {
+					disk_size => $self->for_scale({ # add $self->for_feature('internal-blobstore')
+						dev => gigabytes(64),
+						prod => gigabytes(128)
+					}, gigabytes(96)),
+				},
+				cloud_properties_for_iaas => {
+					openstack => {
+						'type' => 'storage_premium_perf6',
+					},
+				},
+			),
+		],
+	});
+
+	$self->done($config);
+}
+
+1;

kit.yml

@@ -1,12 +1,15 @@
 ---
 name:   vault
-version: 1.6.0
+version: 2.0.0
 
-author: James Hunt <[email protected]>
+author:
+  - James Hunt   <[email protected]>
+  - Dennis Bell  <[email protected]>
+  - Kevin Rutten <krutten@fivetwenty>
 code:   https://github.com/genesis-community/vault-genesis-kit
 docs:   https://genesisproject.io/docs/
 
-genesis_version_min: 2.7.0
+genesis_version_min: 3.1.0-rc.9
 
 certificates:
   base:

manifests/ocfp.yml

@@ -0,0 +1,11 @@
+---
+
+params:
+  vault_network:       (( concat meta.ocfp.env.cloud "net-bosh" ))
+  vault_vm_type:       (( concat meta.ocfp.env.cloud "vm-bosh" ))
+  vault_disk_type:     (( concat meta.ocfp.env.cloud "disk-bosh" ))
+
+meta:
+  ocfp:
+    env:
+      cloud: (( concat genesis.env "." genesis.type "." ))

manifests/vault.yml

@@ -27,7 +27,7 @@ instance_groups:
   instances: 3
   azs:       (( grab params.availability_zones || meta.default.azs ))
 
-  persistent_disk_type: (( grab params.vault_disk_pool || "default" ))
+  persistent_disk_type: (( grab params.vault_disk_type || params.vault_disk_pool || "default" ))
   vm_type:              (( grab params.vault_vm_type   || "default" ))
 
   stemcell: default
@@ -44,5 +44,5 @@ update:
 
 stemcells:
   - alias:   default
-    os:      (( grab params.stemcell_os      || "ubuntu-bionic" ))
+    os:      (( grab params.stemcell_os      || "ubuntu-jammy" ))
     version: (( grab params.stemcell_version || "latest"        ))