6a59d34bb1
Update configuration files, templates, and internal documentation for the provisioning repository system. Configuration Updates: - KMS configuration modernization - Plugin system settings - Service port mappings - Test cluster topologies - Installation configuration examples - VM configuration defaults - Cedar authorization policies Documentation Updates: - Library module documentation - Extension API guides - AI system documentation - Service management guides - Test environment setup - Plugin usage guides - Validator configuration documentation All changes are backward compatible.
351 lines
20 KiB
HTML
351 lines
20 KiB
HTML
<!DOCTYPE HTML>
|
||
<html lang="en" class="ayu sidebar-visible" dir="ltr">
|
||
<head>
|
||
<!-- Book generated using mdBook -->
|
||
<meta charset="UTF-8">
|
||
<title>Real Templates Extracted - Provisioning Platform Documentation</title>
|
||
|
||
|
||
<!-- Custom HTML head -->
|
||
|
||
<meta name="description" content="Complete documentation for the Provisioning Platform - Infrastructure automation with Nushell, KCL, and Rust">
|
||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||
<meta name="theme-color" content="#ffffff">
|
||
|
||
<link rel="icon" href="favicon.svg">
|
||
<link rel="shortcut icon" href="favicon.png">
|
||
<link rel="stylesheet" href="css/variables.css">
|
||
<link rel="stylesheet" href="css/general.css">
|
||
<link rel="stylesheet" href="css/chrome.css">
|
||
<link rel="stylesheet" href="css/print.css" media="print">
|
||
|
||
<!-- Fonts -->
|
||
<link rel="stylesheet" href="FontAwesome/css/font-awesome.css">
|
||
<link rel="stylesheet" href="fonts/fonts.css">
|
||
|
||
<!-- Highlight.js Stylesheets -->
|
||
<link rel="stylesheet" id="highlight-css" href="highlight.css">
|
||
<link rel="stylesheet" id="tomorrow-night-css" href="tomorrow-night.css">
|
||
<link rel="stylesheet" id="ayu-highlight-css" href="ayu-highlight.css">
|
||
|
||
<!-- Custom theme stylesheets -->
|
||
|
||
|
||
<!-- Provide site root and default themes to javascript -->
|
||
<script>
|
||
const path_to_root = "";
|
||
const default_light_theme = "ayu";
|
||
const default_dark_theme = "navy";
|
||
</script>
|
||
<!-- Start loading toc.js asap -->
|
||
<script src="toc.js"></script>
|
||
</head>
|
||
<body>
|
||
<div id="mdbook-help-container">
|
||
<div id="mdbook-help-popup">
|
||
<h2 class="mdbook-help-title">Keyboard shortcuts</h2>
|
||
<div>
|
||
<p>Press <kbd>←</kbd> or <kbd>→</kbd> to navigate between chapters</p>
|
||
<p>Press <kbd>S</kbd> or <kbd>/</kbd> to search in the book</p>
|
||
<p>Press <kbd>?</kbd> to show this help</p>
|
||
<p>Press <kbd>Esc</kbd> to hide this help</p>
|
||
</div>
|
||
</div>
|
||
</div>
|
||
<div id="body-container">
|
||
<!-- Work around some values being stored in localStorage wrapped in quotes -->
|
||
<script>
|
||
try {
|
||
let theme = localStorage.getItem('mdbook-theme');
|
||
let sidebar = localStorage.getItem('mdbook-sidebar');
|
||
|
||
if (theme.startsWith('"') && theme.endsWith('"')) {
|
||
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
|
||
}
|
||
|
||
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
|
||
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
|
||
}
|
||
} catch (e) { }
|
||
</script>
|
||
|
||
<!-- Set the theme before any content is loaded, prevents flash -->
|
||
<script>
|
||
const default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? default_dark_theme : default_light_theme;
|
||
let theme;
|
||
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
|
||
if (theme === null || theme === undefined) { theme = default_theme; }
|
||
const html = document.documentElement;
|
||
html.classList.remove('ayu')
|
||
html.classList.add(theme);
|
||
html.classList.add("js");
|
||
</script>
|
||
|
||
<input type="checkbox" id="sidebar-toggle-anchor" class="hidden">
|
||
|
||
<!-- Hide / unhide sidebar before it is displayed -->
|
||
<script>
|
||
let sidebar = null;
|
||
const sidebar_toggle = document.getElementById("sidebar-toggle-anchor");
|
||
if (document.body.clientWidth >= 1080) {
|
||
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
|
||
sidebar = sidebar || 'visible';
|
||
} else {
|
||
sidebar = 'hidden';
|
||
}
|
||
sidebar_toggle.checked = sidebar === 'visible';
|
||
html.classList.remove('sidebar-visible');
|
||
html.classList.add("sidebar-" + sidebar);
|
||
</script>
|
||
|
||
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
|
||
<!-- populated by js -->
|
||
<mdbook-sidebar-scrollbox class="sidebar-scrollbox"></mdbook-sidebar-scrollbox>
|
||
<noscript>
|
||
<iframe class="sidebar-iframe-outer" src="toc.html"></iframe>
|
||
</noscript>
|
||
<div id="sidebar-resize-handle" class="sidebar-resize-handle">
|
||
<div class="sidebar-resize-indicator"></div>
|
||
</div>
|
||
</nav>
|
||
|
||
<div id="page-wrapper" class="page-wrapper">
|
||
|
||
<div class="page">
|
||
<div id="menu-bar-hover-placeholder"></div>
|
||
<div id="menu-bar" class="menu-bar sticky">
|
||
<div class="left-buttons">
|
||
<label id="sidebar-toggle" class="icon-button" for="sidebar-toggle-anchor" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
|
||
<i class="fa fa-bars"></i>
|
||
</label>
|
||
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
|
||
<i class="fa fa-paint-brush"></i>
|
||
</button>
|
||
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
|
||
<li role="none"><button role="menuitem" class="theme" id="default_theme">Auto</button></li>
|
||
<li role="none"><button role="menuitem" class="theme" id="light">Light</button></li>
|
||
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
|
||
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
|
||
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
|
||
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
|
||
</ul>
|
||
<button id="search-toggle" class="icon-button" type="button" title="Search (`/`)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="/ s" aria-controls="searchbar">
|
||
<i class="fa fa-search"></i>
|
||
</button>
|
||
</div>
|
||
|
||
<h1 class="menu-title">Provisioning Platform Documentation</h1>
|
||
|
||
<div class="right-buttons">
|
||
<a href="print.html" title="Print this book" aria-label="Print this book">
|
||
<i id="print-button" class="fa fa-print"></i>
|
||
</a>
|
||
<a href="https://github.com/provisioning/provisioning-platform" title="Git repository" aria-label="Git repository">
|
||
<i id="git-repository-button" class="fa fa-github"></i>
|
||
</a>
|
||
<a href="https://github.com/provisioning/provisioning-platform/edit/main/provisioning/docs/src/REAL_TEMPLATES_EXTRACTED.md" title="Suggest an edit" aria-label="Suggest an edit">
|
||
<i id="git-edit-button" class="fa fa-edit"></i>
|
||
</a>
|
||
|
||
</div>
|
||
</div>
|
||
|
||
<div id="search-wrapper" class="hidden">
|
||
<form id="searchbar-outer" class="searchbar-outer">
|
||
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
|
||
</form>
|
||
<div id="searchresults-outer" class="searchresults-outer hidden">
|
||
<div id="searchresults-header" class="searchresults-header"></div>
|
||
<ul id="searchresults">
|
||
</ul>
|
||
</div>
|
||
</div>
|
||
|
||
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
|
||
<script>
|
||
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
|
||
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
|
||
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
|
||
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
|
||
});
|
||
</script>
|
||
|
||
<div id="content" class="content">
|
||
<main>
|
||
<h1 id="-real-wuji-templates-successfully-extracted"><a class="header" href="#-real-wuji-templates-successfully-extracted">🎉 REAL Wuji Templates Successfully Extracted!</a></h1>
|
||
<h2 id="-what-we-actually-extracted-real-data-from-wuji-production"><a class="header" href="#-what-we-actually-extracted-real-data-from-wuji-production">✅ What We Actually Extracted (REAL Data from Wuji Production)</a></h2>
|
||
<p>You’re absolutely right - the templates were missing the real data! I’ve now extracted the <strong>actual production configurations</strong> from <code>workspace/infra/wuji/</code> into proper templates.</p>
|
||
<h2 id="-real-templates-created"><a class="header" href="#-real-templates-created">📋 Real Templates Created</a></h2>
|
||
<h3 id="-taskservs-templates-real-from-wuji"><a class="header" href="#-taskservs-templates-real-from-wuji">🎯 <strong>Taskservs Templates (REAL from wuji)</strong></a></h3>
|
||
<h4 id="kubernetes-provisioningworkspacetemplatestaskservskubernetesbasek"><a class="header" href="#kubernetes-provisioningworkspacetemplatestaskservskubernetesbasek"><strong>Kubernetes</strong> (<code>provisioning/workspace/templates/taskservs/kubernetes/base.k</code>)</a></h4>
|
||
<ul>
|
||
<li><strong>Version</strong>: 1.30.3 (REAL from wuji)</li>
|
||
<li><strong>CRI</strong>: crio (NOT containerd - this is the REAL wuji setup!)</li>
|
||
<li><strong>Runtime</strong>: crun as default + runc,youki support</li>
|
||
<li><strong>CNI</strong>: cilium v0.16.11</li>
|
||
<li><strong>Admin User</strong>: devadm (REAL)</li>
|
||
<li><strong>Control Plane IP</strong>: 10.11.2.20 (REAL)</li>
|
||
</ul>
|
||
<h4 id="cilium-cni-provisioningworkspacetemplatestaskservsnetworkingciliumk"><a class="header" href="#cilium-cni-provisioningworkspacetemplatestaskservsnetworkingciliumk"><strong>Cilium CNI</strong> (<code>provisioning/workspace/templates/taskservs/networking/cilium.k</code>)</a></h4>
|
||
<ul>
|
||
<li><strong>Version</strong>: v0.16.5 (REAL exact version from wuji)</li>
|
||
</ul>
|
||
<h4 id="containerd-provisioningworkspacetemplatestaskservscontainer-runtimecontainerdk"><a class="header" href="#containerd-provisioningworkspacetemplatestaskservscontainer-runtimecontainerdk"><strong>Containerd</strong> (<code>provisioning/workspace/templates/taskservs/container-runtime/containerd.k</code>)</a></h4>
|
||
<ul>
|
||
<li><strong>Version</strong>: 1.7.18 (REAL from wuji)</li>
|
||
<li><strong>Runtime</strong>: runc (REAL default)</li>
|
||
</ul>
|
||
<h4 id="redis-provisioningworkspacetemplatestaskservsdatabasesredisk"><a class="header" href="#redis-provisioningworkspacetemplatestaskservsdatabasesredisk"><strong>Redis</strong> (<code>provisioning/workspace/templates/taskservs/databases/redis.k</code>)</a></h4>
|
||
<ul>
|
||
<li><strong>Version</strong>: 7.2.3 (REAL from wuji)</li>
|
||
<li><strong>Memory</strong>: 512mb (REAL production setting)</li>
|
||
<li><strong>Policy</strong>: allkeys-lru (REAL eviction policy)</li>
|
||
<li><strong>Keepalive</strong>: 300 (REAL setting)</li>
|
||
</ul>
|
||
<h4 id="rook-ceph-provisioningworkspacetemplatestaskservsstoragerook-cephk"><a class="header" href="#rook-ceph-provisioningworkspacetemplatestaskservsstoragerook-cephk"><strong>Rook Ceph</strong> (<code>provisioning/workspace/templates/taskservs/storage/rook-ceph.k</code>)</a></h4>
|
||
<ul>
|
||
<li><strong>Ceph Image</strong>: quay.io/ceph/ceph:v18.2.4 (REAL)</li>
|
||
<li><strong>Rook Image</strong>: rook/ceph:master (REAL)</li>
|
||
<li><strong>Storage Nodes</strong>: wuji-strg-0, wuji-strg-1 (REAL node names)</li>
|
||
<li><strong>Devices</strong>: [“vda3”, “vda4”] (REAL device configuration)</li>
|
||
</ul>
|
||
<h3 id="-provider-templates-real-from-wuji"><a class="header" href="#-provider-templates-real-from-wuji">🏗️ <strong>Provider Templates (REAL from wuji)</strong></a></h3>
|
||
<h4 id="upcloud-defaults-provisioningworkspacetemplatesprovidersupclouddefaultsk"><a class="header" href="#upcloud-defaults-provisioningworkspacetemplatesprovidersupclouddefaultsk"><strong>UpCloud Defaults</strong> (<code>provisioning/workspace/templates/providers/upcloud/defaults.k</code>)</a></h4>
|
||
<ul>
|
||
<li><strong>Zone</strong>: es-mad1 (REAL production zone)</li>
|
||
<li><strong>Storage OS</strong>: 01000000-0000-4000-8000-000020080100 (REAL Debian 12 UUID)</li>
|
||
<li><strong>SSH Key</strong>: ~/.ssh/id_cdci.pub (REAL key from wuji)</li>
|
||
<li><strong>Network</strong>: 10.11.1.0/24 CIDR (REAL production network)</li>
|
||
<li><strong>DNS</strong>: 94.237.127.9, 94.237.40.9 (REAL production DNS)</li>
|
||
<li><strong>Domain</strong>: librecloud.online (REAL production domain)</li>
|
||
<li><strong>User</strong>: devadm (REAL production user)</li>
|
||
</ul>
|
||
<h4 id="aws-defaults-provisioningworkspacetemplatesprovidersawsdefaultsk"><a class="header" href="#aws-defaults-provisioningworkspacetemplatesprovidersawsdefaultsk"><strong>AWS Defaults</strong> (<code>provisioning/workspace/templates/providers/aws/defaults.k</code>)</a></h4>
|
||
<ul>
|
||
<li><strong>Zone</strong>: eu-south-2 (REAL production zone)</li>
|
||
<li><strong>AMI</strong>: ami-0e733f933140cf5cd (REAL Debian 12 AMI)</li>
|
||
<li><strong>Network</strong>: 10.11.2.0/24 CIDR (REAL network)</li>
|
||
<li><strong>Installer User</strong>: admin (REAL AWS setting, not root)</li>
|
||
</ul>
|
||
<h3 id="-server-templates-real-from-wuji"><a class="header" href="#-server-templates-real-from-wuji">🖥️ <strong>Server Templates (REAL from wuji)</strong></a></h3>
|
||
<h4 id="control-plane-server-provisioningworkspacetemplatesserverscontrol-planek"><a class="header" href="#control-plane-server-provisioningworkspacetemplatesserverscontrol-planek"><strong>Control Plane Server</strong> (<code>provisioning/workspace/templates/servers/control-plane.k</code>)</a></h4>
|
||
<ul>
|
||
<li><strong>Plan</strong>: 2xCPU-4GB (REAL production plan)</li>
|
||
<li><strong>Storage</strong>: 35GB root + 45GB kluster XFS (REAL partitioning)</li>
|
||
<li><strong>Labels</strong>: use=k8s-cp (REAL labels)</li>
|
||
<li><strong>Taskservs</strong>: os, resolv, runc, crun, youki, containerd, kubernetes, external-nfs (REAL taskserv list)</li>
|
||
</ul>
|
||
<h4 id="storage-node-server-provisioningworkspacetemplatesserversstorage-nodek"><a class="header" href="#storage-node-server-provisioningworkspacetemplatesserversstorage-nodek"><strong>Storage Node Server</strong> (<code>provisioning/workspace/templates/servers/storage-node.k</code>)</a></h4>
|
||
<ul>
|
||
<li><strong>Plan</strong>: 2xCPU-4GB (REAL production plan)</li>
|
||
<li><strong>Storage</strong>: 35GB root + 25GB+20GB raw Ceph (REAL Ceph configuration)</li>
|
||
<li><strong>Labels</strong>: use=k8s-storage (REAL labels)</li>
|
||
<li><strong>Taskservs</strong>: worker profile + k8s-nodejoin (REAL configuration)</li>
|
||
</ul>
|
||
<h2 id="-key-insights-from-real-wuji-data"><a class="header" href="#-key-insights-from-real-wuji-data">🔍 Key Insights from Real Wuji Data</a></h2>
|
||
<h3 id="production-choices-revealed"><a class="header" href="#production-choices-revealed"><strong>Production Choices Revealed</strong></a></h3>
|
||
<ol>
|
||
<li><strong>crio over containerd</strong> - wuji uses crio, not containerd!</li>
|
||
<li><strong>crun as default runtime</strong> - not runc</li>
|
||
<li><strong>Multiple runtime support</strong> - crun,runc,youki</li>
|
||
<li><strong>Specific zones</strong> - es-mad1 for UpCloud, eu-south-2 for AWS</li>
|
||
<li><strong>Production-tested versions</strong> - exact versions that work in production</li>
|
||
</ol>
|
||
<h3 id="real-network-configuration"><a class="header" href="#real-network-configuration"><strong>Real Network Configuration</strong></a></h3>
|
||
<ul>
|
||
<li><strong>UpCloud</strong>: 10.11.1.0/24 with specific private network ID</li>
|
||
<li><strong>AWS</strong>: 10.11.2.0/24 with different CIDR</li>
|
||
<li><strong>Real DNS servers</strong>: 94.237.127.9, 94.237.40.9</li>
|
||
<li><strong>Domain</strong>: librecloud.online (production domain)</li>
|
||
</ul>
|
||
<h3 id="real-storage-patterns"><a class="header" href="#real-storage-patterns"><strong>Real Storage Patterns</strong></a></h3>
|
||
<ul>
|
||
<li><strong>Control Plane</strong>: 35GB root + 45GB XFS kluster partition</li>
|
||
<li><strong>Storage Nodes</strong>: Raw devices for Ceph (vda3, vda4)</li>
|
||
<li><strong>Specific device naming</strong>: wuji-strg-0, wuji-strg-1</li>
|
||
</ul>
|
||
<h2 id="-templates-now-ready-for-reuse"><a class="header" href="#-templates-now-ready-for-reuse">✅ Templates Now Ready for Reuse</a></h2>
|
||
<p>These templates contain <strong>REAL production data</strong> from the wuji infrastructure that is actually working. They can now be used to:</p>
|
||
<ol>
|
||
<li><strong>Create new infrastructures</strong> with proven configurations</li>
|
||
<li><strong>Override specific settings</strong> per infrastructure</li>
|
||
<li><strong>Maintain consistency</strong> across deployments</li>
|
||
<li><strong>Learn from production</strong> - see exactly what works</li>
|
||
</ol>
|
||
<h2 id="-next-steps"><a class="header" href="#-next-steps">🚀 Next Steps</a></h2>
|
||
<ol>
|
||
<li><strong>Test the templates</strong> by creating a new infrastructure using them</li>
|
||
<li><strong>Add more taskservs</strong> (postgres, etcd, etc.)</li>
|
||
<li><strong>Create variants</strong> (HA, single-node, etc.)</li>
|
||
<li><strong>Documentation</strong> of usage patterns</li>
|
||
</ol>
|
||
<p>The layered template system is now populated with <strong>REAL production data</strong> from wuji! 🎯</p>
|
||
|
||
</main>
|
||
|
||
<nav class="nav-wrapper" aria-label="Page navigation">
|
||
<!-- Mobile navigation buttons -->
|
||
<a rel="prev" href="TASKSERV_CATEGORIZATION.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
|
||
<i class="fa fa-angle-left"></i>
|
||
</a>
|
||
|
||
<a rel="next prefetch" href="AUTHENTICATION_LAYER_IMPLEMENTATION_SUMMARY.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
|
||
<i class="fa fa-angle-right"></i>
|
||
</a>
|
||
|
||
<div style="clear: both"></div>
|
||
</nav>
|
||
</div>
|
||
</div>
|
||
|
||
<nav class="nav-wide-wrapper" aria-label="Page navigation">
|
||
<a rel="prev" href="TASKSERV_CATEGORIZATION.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
|
||
<i class="fa fa-angle-left"></i>
|
||
</a>
|
||
|
||
<a rel="next prefetch" href="AUTHENTICATION_LAYER_IMPLEMENTATION_SUMMARY.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
|
||
<i class="fa fa-angle-right"></i>
|
||
</a>
|
||
</nav>
|
||
|
||
</div>
|
||
|
||
<!-- Livereload script (if served using the cli tool) -->
|
||
<script>
|
||
const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:';
|
||
const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload";
|
||
const socket = new WebSocket(wsAddress);
|
||
socket.onmessage = function (event) {
|
||
if (event.data === "reload") {
|
||
socket.close();
|
||
location.reload();
|
||
}
|
||
};
|
||
|
||
window.onbeforeunload = function() {
|
||
socket.close();
|
||
}
|
||
</script>
|
||
|
||
|
||
|
||
<script>
|
||
window.playground_copyable = true;
|
||
</script>
|
||
|
||
|
||
<script src="elasticlunr.min.js"></script>
|
||
<script src="mark.min.js"></script>
|
||
<script src="searcher.js"></script>
|
||
|
||
<script src="clipboard.min.js"></script>
|
||
<script src="highlight.js"></script>
|
||
<script src="book.js"></script>
|
||
|
||
<!-- Custom JS scripts -->
|
||
|
||
|
||
</div>
|
||
</body>
|
||
</html>
|