diff --git a/README.md b/README.md index 8a00b43..ec91812 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,7 @@ ├── overlays/ │ └── vr0-dc0-testcloud.yaml # 4-VM lab specifics; num_units=1 + hacluster ├── runbooks/ -│ ├── 00-pre-deploy.md # backups, capi-mgmt graceful teardown +│ # (deprecated; see runbooks/deprecated/ - superseded by D-017 + D-018 + v1-do-doc-NN set) │ ├── 01-destroy-model.md # destroy openstack model + verify │ ├── 02-deploy.md # juju deploy + settle wait │ ├── 03-vault-init.md # vault unseal + cert auth @@ -64,25 +64,28 @@ │ ├── ipv4-prefixes-import.py # adds IPv4 prefixes + IPv4 tenant pool │ └── ipv6-mark-reserved.py # marks IPv6 entries as Reservation (Q3) └── docs/ - └── design-decisions.md # architectural record (D-001 through D-016) + ├── design-decisions.md # architectural record (D-001 through D-019) + └── netbox-vip-queue.md # post-deploy NetBox imports (workstream 2) ``` ## v1 deployment order -1. Verify NetBox state — run NetBox imports if not already applied - - `netbox/ipv4-prefixes-import.py` — required - - `netbox/ipv6-mark-reserved.py` — required (Q3: tag existing IPv6 entries) -2. Run pre-flight checks (`scripts/pre-flight-checks.sh`) -3. Backup current cloud state (`runbooks/00-pre-deploy.md`) -4. Destroy existing OpenStack model (`runbooks/01-destroy-model.md`) -5. Deploy new bundle (`runbooks/02-deploy.md`) -6. Initialize Vault (`runbooks/03-vault-init.md`) -7. Set up Magnum domain (`runbooks/04-magnum-domain.md`) -8. Stand up CAPI bootstrap cluster on `capi-mgmt.maas` (`runbooks/04a-capi-bootstrap-cluster.md`) -9. Install Magnum CAPI Helm driver (`runbooks/05-magnum-capi-driver.md`) -10. Recreate tenant resources (`runbooks/06-tenant-setup.md`) -11. Populate DNS zones (`runbooks/07-dns-zones.md`) -12. Run validation (`runbooks/08-validate.md` + `scripts/validate.sh`) +The deploy is executed via the `runbooks/v1-do-doc-NN-*.md` execution documents in numeric order: + +| Doc | Purpose | +|---|---| +| `v1-do-doc-01-prep.md` | Pre-flight state check (repo, openrc, MAAS state of 5 VMs) | +| `v1-do-doc-02-pki.md` | Octavia PKI overlay generation | +| `v1-do-doc-03-destroy.md` | Conditional model + MAAS teardown (clean state for rebuild) | +| `v1-do-doc-04-deploy.md` | `juju deploy` + settle wait + on-disk PKI verification | +| `v1-do-doc-05-vault-init.md` | Vault initialization + cert cascade + admin-openrc regeneration | +| `v1-do-doc-06-magnum-domain.md` | Magnum Keystone domain setup | +| `v1-do-doc-07-capi-bootstrap.md` | CAPI bootstrap cluster + workload pivot | +| `v1-do-doc-08-magnum-driver.md` | Magnum CAPI Helm driver graft | +| `v1-do-doc-09-tenant.md` | Tenant project/user/openrc + Snapshot 2 | +| `v1-do-doc-10-validate.md` | D-011 acceptance criteria + Snapshot 3 | + +NetBox imports are run separately (gated on external NetBox engineer review; see `netbox/README.md`). ## v1-specific design decisions (summary; see docs/design-decisions.md for full record) @@ -96,8 +99,11 @@ - **D-005 Ceph Squid** — matches Caracal default; rehearses Roosevelt - **D-006 Vault HA backend = etcd + easyrsa** - **D-007 Magnum from day one** — charm in bundle + CAPI Helm driver graft -- **D-008 DNS via Designate from day one** — static /etc/hosts for bootstrap; - Designate handles tenant-level resolution (A records only for v1) +- **D-019 (supersedes D-008) DNS scope reduction for v1** — Designate deferred + to v2 alongside corporate DNS / NS-delegation work. Tenant subnets use public + DNS (`1.1.1.1` / `1.0.0.1`) directly via `--dns-nameserver`. + `*.cloud.neumatrix.local` FQDN tree remains internal-only, resolved via static + `/etc/hosts` on bootstrap-relevant hosts. - **D-009 Hacluster relations included at num_units=1** — decorative on testcloud; documents the relation pattern for Roosevelt scale-up - **No OVN pinning on testcloud** — Roosevelt bare-metal will pin via `ovn-source`