Merge "[ha] Take out class with backports repo" into stable/hunter

[fuel.git] / mcp / scripts / lib_jump_common.sh

#!/bin/bash -e
##############################################################################
# Copyright (c) 2018 Mirantis Inc., Enea AB and others.
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Apache License, Version 2.0
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
#
# Library of shell functions used by build / deploy scripts on jumpserver:
# - distro package requirements installation (e.g. DEB, RPM);
# - other package requirements from custom sources (e.g. docker);
# - jumpserver prerequisites validation (e.g. network bridges);
# - distro configuration (e.g. udev, sysctl);
# etc.

##############################################################################
# private helper functions
##############################################################################

function __parse_yaml {
  local prefix=$2
  local s
  local w
  local fs
  s='[[:space:]]*'
  w='[a-zA-Z0-9_]*'
  fs="$(echo @|tr @ '\034')"
  sed -e 's|---||g' -ne "s|^\($s\)\($w\)$s:$s\"\(.*\)\"$s\$|\1$fs\2$fs\3|p" \
      -e "s|^\($s\)\($w\)$s[:-]$s\(.*\)$s\$|\1$fs\2$fs\3|p" "$1" |
  awk -F"$fs" '{
  indent = length($1)/2;
  vname[indent] = $2;
  for (i in vname) {if (i > indent) {delete vname[i]}}
      if (length($3) > 0) {
          vn=""; for (i=0; i<indent; i++) {vn=(vn)(vname[i])("_")}
          printf("%s%s%s=(\"%s\")\n", "'"$prefix"'",vn, $2, $3);
      }
  }' | sed 's/_=/+=/g'
}

##############################################################################
# public functions
##############################################################################

function jumpserver_pkg_install {
  local req_type=$1
  if [ -n "$(command -v apt-get)" ]; then
    pkg_type='deb'; pkg_cmd='sudo apt-get install -y'
  else
    pkg_type='rpm'; pkg_cmd='sudo yum install -y --skip-broken'
  fi
  eval "$(__parse_yaml "./requirements_${pkg_type}.yaml")"
  for section in 'common' "$(uname -i)"; do
    section_var="${req_type}_${section}[*]"
    pkg_list+=" ${!section_var}"
  done
  # shellcheck disable=SC2086
  ${pkg_cmd} ${pkg_list}
}

function jumpserver_check_requirements {
  # shellcheck disable=SC2178
  local states=$1; shift
  # shellcheck disable=SC2178
  local vnodes=$1; shift
  local br=("$@")
  local err_br_not_found='Linux bridge not found!'
  local err_br_virsh_net='is a virtual network, Linux bridge expected!'
  local warn_br_endpoint="Endpoints might be inaccessible from external hosts!"
  # MaaS requires a Linux bridge for PXE/admin
  if [[ "${states}" =~ maas ]]; then
    if ! brctl showmacs "${br[0]}" >/dev/null 2>&1; then
      notify_e "[ERROR] PXE/admin (${br[0]}) ${err_br_not_found}"
    fi
    # Assume virsh network name matches bridge name (true if created by us)
    if ${VIRSH} net-info "${br[0]}" >/dev/null 2>&1; then
      notify_e "[ERROR] ${br[0]} ${err_br_virsh_net}"
    fi
  fi
  # If virtual nodes are present, public should be a Linux bridge
  if [ -n "${vnodes}" ]; then
    if ! brctl showmacs "${br[3]}" >/dev/null 2>&1; then
      if [[ "${states}" =~ maas ]]; then
        # Baremetal nodes *require* a proper public network
        notify_e "[ERROR] Public (${br[3]}) ${err_br_not_found}"
      else
        notify_n "[WARN] Public (${br[3]}) ${err_br_not_found}" 3
        notify_n "[WARN] ${warn_br_endpoint}" 3
      fi
    fi
    if ${VIRSH} net-info "${br[3]}" >/dev/null 2>&1; then
      if [[ "${states}" =~ maas ]]; then
        notify_e "[ERROR] ${br[3]} ${err_br_virsh_net}"
      else
        notify_n "[WARN] ${br[3]} ${err_br_virsh_net}" 3
        notify_n "[WARN] ${warn_br_endpoint}" 3
      fi
    fi
    # https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1797332
    if lsb_release -d | grep -q -e 'Ubuntu 16.04'; then
      if uname -r | grep -q -e '^4\.4\.'; then
        notify_n "[WARN] Host kernel too old; nested virtualization issues!" 3
        notify_n "[WARN] apt install linux-generic-hwe-16.04 && reboot" 3
        notify_e "[ERROR] Please upgrade the kernel and reboot!"
      fi
    fi
  fi
}

function docker_install {
  local image_dir=$1
  # Mininum effort attempt at installing Docker if missing
  if ! docker --version; then
    curl -fsSL https://get.docker.com -o get-docker.sh
    sudo sh get-docker.sh
    rm get-docker.sh
    # On RHEL distros, the Docker service should be explicitly started
    sudo systemctl start docker
  else
    DOCKER_VER=$(docker version --format '{{.Server.Version}}')
    if [ "${DOCKER_VER%%.*}" -lt 2 ]; then
      notify_e "[ERROR] Docker version ${DOCKER_VER} is too old, please upgrade it."
    fi
  fi
  # Distro-provided docker-compose might be simply broken (Ubuntu 16.04, CentOS 7)
  if ! docker-compose --version > /dev/null 2>&1 || \
      [ "$(docker-compose version --short | tr -d '.')" -lt 1220 ] && \
      [ "$(uname -m)" = 'x86_64' ]; then
    COMPOSE_BIN="${image_dir}/docker-compose"
    COMPOSE_VERSION='1.22.0'
    notify_n "[WARN] Using docker-compose ${COMPOSE_VERSION} in ${COMPOSE_BIN}" 3
    if [ ! -e "${COMPOSE_BIN}" ]; then
      COMPOSE_URL="https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}"
      sudo curl -L "${COMPOSE_URL}/docker-compose-$(uname -s)-$(uname -m)" -o "${COMPOSE_BIN}"
      sudo chmod +x "${COMPOSE_BIN}"
    fi
  fi
}

function virtinst_install {
  local image_dir=$1
  VIRT_VER=$(virt-install --version 2>&1)
  if [ "${VIRT_VER//./}" -lt 140 ]; then
    VIRT_TGZ="${image_dir}/virt-manager.tar.gz"
    VIRT_VER='1.4.3'
    VIRT_URL="https://github.com/virt-manager/virt-manager/archive/v${VIRT_VER}.tar.gz"
    notify_n "[WARN] Using virt-install ${VIRT_VER} from ${VIRT_TGZ}" 3
    if [ ! -e "${VIRT_TGZ}" ]; then
      curl -L "${VIRT_URL}" -o "${VIRT_TGZ}"
      mkdir -p "${image_dir}/virt-manager"
      tar xzf "${VIRT_TGZ}" -C "${image_dir}/virt-manager" --strip-components=1
    fi
  fi
}

function do_udev_cfg {
  local _conf='/etc/udev/rules.d/99-opnfv-fuel-vnet-mtu.rules'
  # http://linuxaleph.blogspot.com/2013/01/how-to-network-jumbo-frames-to-kvm-guest.html
  echo 'SUBSYSTEM=="net", ACTION=="add|change", KERNEL=="vnet*", RUN+="/bin/sh -c '"'/bin/sleep 1; /sbin/ip link set %k mtu 9000'\"" |& sudo tee "${_conf}"
  echo 'SUBSYSTEM=="net", ACTION=="add|change", KERNEL=="*-nic", RUN+="/bin/sh -c '"'/bin/sleep 1; /sbin/ip link set %k mtu 9000'\"" |& sudo tee -a "${_conf}"
  sudo udevadm control --reload
  sudo udevadm trigger
}

function do_sysctl_cfg {
  local _conf='/etc/sysctl.d/99-opnfv-fuel-bridge.conf'
  # https://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf
  if modprobe br_netfilter bridge; then
    echo 'net.bridge.bridge-nf-call-arptables = 0' |& sudo tee "${_conf}"
    echo 'net.bridge.bridge-nf-call-iptables = 0'  |& sudo tee -a "${_conf}"
    echo 'net.bridge.bridge-nf-call-ip6tables = 0' |& sudo tee -a "${_conf}"
    # Some distros / sysadmins explicitly blacklist br_netfilter
    sudo sysctl -q -p "${_conf}" || true
  fi
}

function generate_ssh_key {
  # shellcheck disable=SC2155
  local mcp_ssh_key=$(basename "${SSH_KEY}")
  local user=${USER}
  if [ -n "${SUDO_USER}" ] && [ "${SUDO_USER}" != 'root' ]; then
    user=${SUDO_USER}
  fi

  if [ -f "${SSH_KEY}" ]; then
    cp "${SSH_KEY}" .
    ssh-keygen -f "${mcp_ssh_key}" -y > "${mcp_ssh_key}.pub"
  fi

  [ -f "${mcp_ssh_key}" ] || ssh-keygen -f "${mcp_ssh_key}" -N ''
  sudo install -D -o "${user}" -m 0600 "${mcp_ssh_key}" "${SSH_KEY}"
}