ChameleonCloud · msherman64 · Mar 5, 2025 · Mar 5, 2025 · Mar 10, 2025 · Mar 6, 2025
@@ -12,14 +12,14 @@ source $HOME/.local/bin/env
 ```
 git clone https://github.com/chameleoncloud/chi-in-a-box
 cd chi-in-a-box
-git checkout ciab_minimal/2023.1
+git checkout minimal/zed-kvm
 ```
 
 ## install the ciab tools
 ```
 uv venv .venv
 source .venv/bin/activate 
-uv pip install -r requirements.txt 
+uv pip install -r requirements.txt
 kolla-ansible install-deps
 ```
 

@@ -1,8 +1,7 @@
-# ansible version for kolla-ansible 2023.1 release
-ansible
-ansible-core>=2.13,<=2.14
+# ansible version for kolla-ansible zed release
+ansible>=4,<6
 
-git+https://github.com/openstack/kolla-ansible@unmaintained/2023.1
+git+https://github.com/chameleoncloud/kolla-ansible@backport/zed
 
 # client tools
 openstackclient

@@ -32,14 +32,69 @@ virtualenv: /opt/kolla/venv
 ####################
 
 kolla_base_distro: "ubuntu"
+kolla_install_type: "source"
+
 
-# point at the docker registry we want
-# docker_namespace: kolla
-# docker_registry: docker.chameleoncloud.org
 
 # default superadmin user and project
 keystone_admin_user: "admin"
 keystone_admin_project: "openstack"
 
 # for kvm on kvm
 nova_compute_virt_type: kvm
+
+####################################
+# Horizon config for chameleon theme
+####################################
+
+chameleon_portal_url: https://www.chameleoncloud.org
+chameleon_reference_api_url: https://api.chameleoncloud.org
+
+chameleon_site_name: "{{ openstack_region_name }}"
+
+# Whether to show a dropdown in the Horizon GUI that provides links to other
+# Chameleon testbed sites.
+enable_chameleon_multisite: yes
+
+horizon_help_url: https://www.chameleoncloud.org/user/help/
+horizon_documentation_url: https://chameleoncloud.readthedocs.io/en/latest/technical/gui.html
+
+# as of antelope/2023.1, can load theme at deploy-time
+horizon_custom_themes:
+  - name: chameleoncloud
+    label: ChameleonCloud
+
+########################
+# Federated login config
+########################
+
+enable_keystone_federation: true
+
+keystone_identity_providers:
+  - name: "chameleon_dev"
+    openstack_domain: "chameleon_dev"
+    protocol: openid
+    identifier: "https://auth.dev.chameleoncloud.org/auth/realms/chameleon"
+    public_name: Login with Chameleon Dev
+    attribute_mapping: chameleon_mapping
+
+keystone_identity_mappings:
+  - name: chameleon_mapping
+    file: "{{ node_custom_config }}/keystone/idp_mapping.json"
+
+keystone_oidc_client_id: "keystone-ciab-dev"
+keystone_oidc_client_secret: "public"
+
+identity_provider_name: "{{ keystone_identity_providers[0].name }}"
+identity_provider_url: "{{ keystone_identity_providers[0].identifier }}"
+keystone_oidc_provider_metadata_url: "{{ identity_provider_url }}/.well-known/openid-configuration"
+keystone_federation_oidc_jwks_uri: "{{ identity_provider_url }}/protocol/openid-connect/certs"
+
+# keystone must support mapping multiple projects or keycloak federation will fail
+keystone_image_full: ghcr.io/chameleoncloud/kolla/keystone:b61c66c
+keystone_fernet_image_full: ghcr.io/chameleoncloud/kolla/keystone-fernet:b61c66c
+keystone_ssh_image_full: ghcr.io/chameleoncloud/kolla/keystone-ssh:b61c66c
+horizon_image_full: ghcr.io/chameleoncloud/kolla/horizon:b61c66c
+
+# added logging to loki
+fluentd_image_full: ghcr.io/chameleoncloud/kolla/fluentd:b61c66c
@@ -182,8 +182,8 @@ control
 [zun:children]
 control
 
-[skyline:children]
-control
+[skydive:children]
+monitoring
 
 [redis:children]
 control
@@ -194,9 +194,6 @@ control
 [venus:children]
 monitoring
 
-[letsencrypt:children]
-loadbalancer
-
 # Additional control implemented here. These groups allow you to control which
 # services run on which hosts at a per-service level.
 #
@@ -220,6 +217,10 @@ common
 [opensearch:children]
 control
 
+# TODO: This is used for cleanup and can be removed in the Antelope cycle.
+[elasticsearch-curator:children]
+opensearch
+
 # Opensearch dashboards
 [opensearch-dashboards:children]
 opensearch
@@ -282,10 +283,6 @@ neutron
 [ironic-neutron-agent:children]
 neutron
 
-[neutron-ovn-agent:children]
-compute
-network
-
 # Cinder
 [cinder-api:children]
 cinder
@@ -335,9 +332,6 @@ network
 [manila-data:children]
 manila
 
-[manila-nfs-ganesha:children]
-manila
-
 # Swift
 [swift-proxy-server:children]
 swift
@@ -614,12 +608,13 @@ compute
 [zun-cni-daemon:children]
 compute
 
-# Skyline
-[skyline-apiserver:children]
-skyline
+# Skydive
+[skydive-analyzer:children]
+skydive
 
-[skyline-console:children]
-skyline
+[skydive-agent:children]
+compute
+network
 
 # Tacker
 [tacker-server:children]
@@ -659,9 +654,6 @@ compute
 network
 storage
 
-[prometheus-pushgateway:children]
-monitoring
-
 [prometheus-mysqld-exporter:children]
 mariadb
 
@@ -696,9 +688,6 @@ compute
 [prometheus-msteams:children]
 prometheus-alertmanager
 
-[prometheus-snmp-exporter:children]
-monitoring
-
 [masakari-api:children]
 control
 
@@ -738,24 +727,3 @@ venus
 
 [venus-manager:children]
 venus
-
-[letsencrypt-webserver:children]
-letsencrypt
-
-[letsencrypt-lego:children]
-letsencrypt
-
-[doni:children]
-control
-
-[doni-api:children]
-doni
-
-[doni-worker:children]
-doni
-
-[tunelo:children]
-control
-
-[tunelo-api:children]
-tunelo
@@ -0,0 +1,35 @@
+# This is a clouds.yaml file, which can be used by OpenStack tools as a source
+# of configuration on how to connect to Chameleon.
+#
+# If you are only a member of one project, just put this file in
+# ~/.config/openstack/clouds.yaml and tools like the CLI will just work with no
+# further config. (You will need to add your password to the auth section)
+#
+# If you are a member of multiple projects, when invoking the CLI, provide
+# either the env variable OS_CLOUD=<project> or flag --os-cloud=<project> to
+# target your operation to the desired project, where <project> is the name
+# (or nickname, if set) of your project.
+
+clouds:
+{% raw %}
+  {{ cloud_name }}:
+    auth:
+      auth_url: {{ auth_url }}
+      username: {{ user.username }}
+      project_id: {{ tenant_id }}
+      project_name: {{ tenant_name }}
+  {% if user.is_federated %}
+      protocol: openid
+{% endraw %}
+      identity_provider: {{ identity_provider_name }}
+      discovery_endpoint: {{ identity_provider_url }}/.well-known/openid-configuration
+      client_id: {{ keystone_oidc_client_id }}
+{% raw %}
+      access_token_type: access_token
+      client_secret: none
+      project_domain_name: {{ user_domain_name }}
+    auth_type: v3oidcpassword
+  {% else %}
+    auth_type: v3password
+  {% endif %}
+{% endraw %}