export OPENSTACK_OSA_GIT_URL=${OPENSTACK_OSA_GIT_URL:-https://git.openstack.org/openstack/openstack-ansible}
export OPENSTACK_OSA_OPENRC_GIT_URL=${OPENSTACK_OSA_OPENRC_GIT_URL:-https://git.openstack.org/openstack/openstack-ansible-openstack_openrc}
export KUBESPRAY_GIT_URL=${KUBESPRAY_GIT_URL:-https://github.com/kubernetes-incubator/kubespray.git}
+export OSH_GIT_URL=${OSH_GIT_URL:-https://github.com/openstack/openstack-helm.git}
+export OSH_INFRA_GIT_URL=${OSH_INFRA_GIT_URL:-https://github.com/openstack/openstack-helm-infra.git}
export OPENSTACK_OSA_HAPROXY_GIT_URL=${OPENSTACK_OSA_HAPROXY_GIT_URL:-https://git.openstack.org/openstack/openstack-ansible-haproxy_server}
export KEEPALIVED_GIT_URL=${KEEPALIVED_GIT_URL:-https://github.com/evrardjp/ansible-keepalived}
+export OSH_HELM_BINARY_URL=${OSH_HELM_BINARY_URL:-https://storage.googleapis.com/kubernetes-helm}
+export OSH_HELM_BINARY_VERSION=${OSH_HELM_BINARY_VERSION:-v2.13.1}
+
+
# Configuration
export OPENSTACK_OSA_ETC_PATH=/etc/openstack_deploy
export OPNFV_HOST_IP=192.168.122.2
export NUM_NODES=6
[[ "$INSTALLER_TYPE" == "osa" ]] && export NODE_NAMES="opnfv controller00 controller01 controller02 compute00 compute01"
[[ "$INSTALLER_TYPE" == "kubespray" ]] && export NODE_NAMES="opnfv master1 master2 master3 node1 node2"
+[[ "$INSTALLER_TYPE" == "osh" ]] && export NODE_NAMES="opnfv master1 master2 master3 node1 node2"
export VM_DOMAIN_TYPE=${VM_DOMAIN_TYPE:-kvm}
export VM_CPU=${VM_CPU:-6}
export VM_DISK=${VM_DISK:-80}
export NUM_NODES=3
[[ "$INSTALLER_TYPE" == "osa" ]] && export NODE_NAMES="opnfv controller00 compute00"
[[ "$INSTALLER_TYPE" == "kubespray" ]] && export NODE_NAMES="opnfv master1 node1"
+[[ "$INSTALLER_TYPE" == "osh" ]] && export NODE_NAMES="opnfv master1 node1"
export VM_DOMAIN_TYPE=${VM_DOMAIN_TYPE:-kvm}
export VM_CPU=${VM_CPU:-6}
export VM_DISK=${VM_DISK:-80}
export NUM_NODES=4
[[ "$INSTALLER_TYPE" == "osa" ]] && export NODE_NAMES="opnfv controller00 compute00 compute01"
[[ "$INSTALLER_TYPE" == "kubespray" ]] && export NODE_NAMES="opnfv master1 node1 node2"
+[[ "$INSTALLER_TYPE" == "osh" ]] && export NODE_NAMES="opnfv master1 node1 node2"
export VM_DOMAIN_TYPE=${VM_DOMAIN_TYPE:-kvm}
export VM_CPU=${VM_CPU:-6}
export VM_DISK=${VM_DISK:-80}
export BIFROST_IRONIC_INSPECTOR_CLIENT_VERSION=${BIFROST_IRONIC_INSPECTOR_CLIENT_VERSION:-"81ae133bd570ea7359b4797ee5699d2d4233b445"}
# HEAD of osa "stable/rocky" as of 04.01.2019
export OPENSTACK_OSA_VERSION=${OPENSTACK_OSA_VERSION:-"2087cd98f28b35f655ca398d25d2a6c71e38328e"}
+# HEAD of osh "master" as of 17.07.2019
+export OSH_VERSION=${OSH_VERSION:-"dadf9946e076df2b09556f4a18107dc487788cdd"}
+# HEAD of osh-infra "master" as of 16.07.2019
+export OSH_INFRA_VERSION=${OSH_INFRA_VERSION:-"e96bdd9fb6235573acf5d4d1d019dca1e1446b7d"}
export KEEPALIVED_VERSION=$(grep -E '.*name: keepalived' -A 3 \
${XCI_PATH}/xci/installer/osa/files/ansible-role-requirements.yml \
| tail -n1 | sed -n 's/\(^.*: \)\([0-9a-z].*$\)/\2/p')
ansible_lint() {
set -eu
- local playbooks_dir=(xci/playbooks xci/installer/osa/playbooks xci/installer/kubespray/playbooks)
+ local playbooks_dir=(xci/playbooks xci/installer/osa/playbooks xci/installer/kubespray/playbooks xci/installer/osh/playbooks)
# Extract role from scenario information
local testing_role=$(sed -n "/^- scenario: ${DEPLOY_SCENARIO}$/,/^$/p" ${XCI_PATH}/xci/opnfv-scenario-requirements.yml | grep role | rev | cut -d '/' -f -1 | rev)
[[ "$INFRA_DEPLOYMENT" == "bifrost" ]] && echo "openstack/bifrost version: $OPENSTACK_BIFROST_VERSION"
[[ "$INSTALLER_TYPE" == "osa" ]] && echo "openstack/openstack-ansible version: $OPENSTACK_OSA_VERSION"
[[ "$INSTALLER_TYPE" == "kubespray" ]] && echo "kubespray version: $KUBESPRAY_VERSION"
+ [[ "$INSTALLER_TYPE" == "osh" ]] && echo "kubespray version: $KUBESPRAY_VERSION"
echo "-------------------------------------------------------------------------"
}
--- /dev/null
+Requirements:
+ 1. Performance of hosts
+ The performance settings are not required officially. I recommend the following:
+ - VM_CPU=6
+ - VM_DISK=80GB
+ - VM_MEMORY_SIZE=16GB
+
+ 2. Distributions
+ - Ubuntu 16.04
+
+ 3. Packages:
+ - Ansible v2.4 (or newer) and python-netaddr is installed on the machine that will run Ansible commands
+ - Jinja 2.9 (or newer) is required to run the Ansible Playbooks
+
+ 4. Others:
+ - The target servers must have access to the Internet in order to pull docker images.
+ - The target servers are configured to allow IPv4 forwarding.
+ - Your ssh key must be copied to all the servers part of your inventory.
+ - The firewalls are not managed, you'll need to implement your own rules the way you used to. In order to avoid any issue during the deployment you should disable your firewall.
+
+Flavors:
+ 1. mini: One deployment host, 1 master host and 1 node host.
+ 2. noha: One deployment host, 1 master host and 2 node hosts.
+
+Components Installed:
+ 1. etcd
+ 2. network plugins:
+ - calico
+ 3. kubernetes
+ 4. docker
+
+How to use:
+
+Clone the OPNFV Releng repository
+
+ git clone https://gerrit.opnfv.org/gerrit/releng-xci.git
+
+Change into the directory where the sandbox script is located
+
+ cd releng-xci/xci
+
+Set the variable to run openstack-helm
+
+ export INSTALLER_TYPE=osh
+ export DEPLOY_SCENARIO=k8-calico-nofeature
+ export XCI_FLAVOR=mini
+
+Execute sandbox script
+
+ ./xci-deploy.sh
--- /dev/null
+#!/bin/bash
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2017 Huawei
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+set -o errexit
+set -o nounset
+set -o pipefail
+
+OSH_XCI_PLAYBOOKS="$(dirname $(realpath ${BASH_SOURCE[0]}))/playbooks"
+export ANSIBLE_ROLES_PATH=$HOME/.ansible/roles:/etc/ansible/roles:${XCI_PATH}/xci/playbooks/roles
+
+#-------------------------------------------------------------------------------
+# Configure localhost
+#-------------------------------------------------------------------------------
+# This playbook
+# - removes directories that were created by the previous xci run
+# - clones opnfv/releng-xci repository
+# - clones kubernetes-incubator/kubespray repository
+# - creates log directory
+#-------------------------------------------------------------------------------
+
+echo "Info: Configuring localhost for kubespray"
+echo "-----------------------------------------------------------------------"
+cd $XCI_PLAYBOOKS
+ansible-playbook ${XCI_ANSIBLE_PARAMS} -e XCI_PATH="${XCI_PATH}" \
+ -i dynamic_inventory.py configure-localhost.yml
+echo "-----------------------------------------------------------------------"
+echo "Info: Configured localhost for kubespray"
+
+#-------------------------------------------------------------------------------
+# Configure deployment host, opnfv
+#-------------------------------------------------------------------------------
+# This playbook
+# - removes directories that were created by the previous xci run
+# - synchronize opnfv/releng-xci and kubernetes-incubator/kubespray repositories
+# - generates/prepares ssh keys
+# - copies flavor files to be used by kubespray
+# - install packages required by kubespray
+#-------------------------------------------------------------------------------
+echo "Info: Configuring opnfv deployment host for kubespray"
+echo "-----------------------------------------------------------------------"
+cd $OSH_XCI_PLAYBOOKS
+ansible-playbook ${XCI_ANSIBLE_PARAMS} \
+ -i ${XCI_PLAYBOOKS}/dynamic_inventory.py configure-opnfvhost.yml
+echo "-----------------------------------------------------------------------"
+echo "Info: Configured opnfv deployment host for kubespray"
+
+#-------------------------------------------------------------------------------
+# Configure target hosts for kubespray
+#-------------------------------------------------------------------------------
+# This playbook is only run for the all flavors except aio since aio is configured by the configure-opnfvhost.yml
+# This playbook
+# - adds public keys to target hosts
+# - install packages required by kubespray
+# - configures haproxy service
+#-------------------------------------------------------------------------------
+if [ $XCI_FLAVOR != "aio" ]; then
+ echo "Info: Configuring target hosts for kubespray"
+ echo "-----------------------------------------------------------------------"
+ cd $OSH_XCI_PLAYBOOKS
+ ansible-playbook ${XCI_ANSIBLE_PARAMS} \
+ -i ${XCI_PLAYBOOKS}/dynamic_inventory.py configure-targethosts.yml
+ echo "-----------------------------------------------------------------------"
+ echo "Info: Configured target hosts for kubespray"
+fi
+
+
+echo "Info: Using kubespray to deploy the kubernetes cluster"
+echo "-----------------------------------------------------------------------"
+ssh root@$OPNFV_HOST_IP "set -o pipefail; export XCI_FLAVOR=$XCI_FLAVOR; export INSTALLER_TYPE=$INSTALLER_TYPE; \
+ export IDF=/root/releng-xci/xci/var/idf.yml; export PDF=/root/releng-xci/xci/var/pdf.yml; \
+ cd releng-xci/.cache/repos/kubespray/; ansible-playbook \
+ -i opnfv_inventory/dynamic_inventory.py cluster.yml -b | tee setup-kubernetes.log"
+scp root@$OPNFV_HOST_IP:~/releng-xci/.cache/repos/kubespray/setup-kubernetes.log \
+ $LOG_PATH/setup-kubernetes.log
+
+
+cd $OSH_XCI_PLAYBOOKS
+ansible-playbook ${XCI_ANSIBLE_PARAMS} \
+ -i ${XCI_PLAYBOOKS}/dynamic_inventory.py configure-kubenet.yml
+echo
+echo "-----------------------------------------------------------------------"
+echo "Info: Kubernetes installation is successfully completed!"
+echo "-----------------------------------------------------------------------"
+
+# Configure the kubernetes authentication in opnfv host. In future releases
+# kubectl is no longer an artifact so we should not fail if it's not available.
+# This needs to be removed in the future
+ssh root@$OPNFV_HOST_IP "mkdir -p ~/.kube/;\
+ cp -f ~/admin.conf ~/.kube/config; \
+ cp -f ~/kubectl /usr/local/bin || true"
+
+#-------------------------------------------------------------------------------
+# Execute post-installation tasks
+#-------------------------------------------------------------------------------
+# Playbook post.yml is used in order to execute any post-deployment tasks that
+# are required for the scenario under test.
+#-------------------------------------------------------------------------------
+echo "-----------------------------------------------------------------------"
+echo "Info: Running post-deployment scenario role"
+echo "-----------------------------------------------------------------------"
+cd $OSH_XCI_PLAYBOOKS
+ansible-playbook ${XCI_ANSIBLE_PARAMS} -i ${XCI_PLAYBOOKS}/dynamic_inventory.py \
+ post-deployment.yml
+echo "-----------------------------------------------------------------------"
+echo "Info: Post-deployment scenario role execution done"
+echo "-----------------------------------------------------------------------"
+echo
+echo "Login opnfv host ssh root@$OPNFV_HOST_IP
+according to the user-guide to create a service
+https://kubernetes.io/docs/user-guide/walkthrough/k8s201/"
+echo
+echo "-----------------------------------------------------------------------"
+echo "Info: Kubernetes login details"
+echo "-----------------------------------------------------------------------"
+echo
+# Get the dashborad URL
+DASHBOARD_SERVICE=$(ssh root@$OPNFV_HOST_IP "kubectl get service -n kube-system |grep kubernetes-dashboard")
+DASHBOARD_PORT=$(echo ${DASHBOARD_SERVICE} | awk '{print $5}' |awk -F "[:/]" '{print $2}')
+KUBER_SERVER_URL=$(ssh root@$OPNFV_HOST_IP "grep -r server ~/.kube/config")
+echo "Info: Kubernetes Dashboard URL:"
+echo $KUBER_SERVER_URL | awk '{print $2}'| sed -n "s#:[0-9]*\$#:$DASHBOARD_PORT#p"
+
+# Get the dashborad user and password
+MASTER_IP=$(echo ${KUBER_SERVER_URL} | awk '{print $2}' |awk -F "[:/]" '{print $4}')
+USER_CSV=$(ssh root@$MASTER_IP " cat /etc/kubernetes/users/known_users.csv")
+USERNAME=$(echo $USER_CSV |awk -F ',' '{print $2}')
+PASSWORD=$(echo $USER_CSV |awk -F ',' '{print $1}')
+echo "Info: Dashboard username: ${USERNAME}"
+echo "Info: Dashboard password: ${PASSWORD}"
+
+echo "-----------------------------------------------------------------------"
+echo "Info: Continue with running the openstack-helm installation"
+echo "-----------------------------------------------------------------------"
+cd $OSH_XCI_PLAYBOOKS
+ansible-playbook ${XCI_ANSIBLE_PARAMS} -v -i ${XCI_PLAYBOOKS}/dynamic_inventory.py \
+ install-openstack-helm.yml
+echo "-----------------------------------------------------------------------"
+echo "Info: Openstack-helm installation execution done"
+echo "-----------------------------------------------------------------------"
+echo
+
+
+# vim: set ts=4 sw=4 expandtab:
--- /dev/null
+---
+loadbalancer_apiserver:
+ address: 192.168.122.222
+ port: 8383
+
+apiserver_loadbalancer_domain_name: 192.168.122.222
+supplementary_addresses_in_ssl_keys:
+ - 192.168.122.222
--- /dev/null
+---
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2018 SUSE LINUX GmbH and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+# NOTE(hwoarang) Kubenet expects networking to be prepared by the administrator so it's necessary
+# to do that as part of the node configuration. All we need is to add static routes on every node
+# so cbr0 interfaces can talk to each other.
+- name: Prepare networking for kubenet
+ hosts: k8s-cluster
+ remote_user: root
+ gather_facts: True
+ become: yes
+ vars_files:
+ - "{{ xci_path }}/xci/var/opnfv.yml"
+ tasks:
+ - name: Configure static routes
+ block:
+ - name: Collect cbr0 information from the nodes
+ set_fact:
+ kubenet_xci_static_routes: |-
+ {% set static_routes = [] %}
+ {% for host in groups['k8s-cluster']|select("ne", inventory_hostname) %}
+ {%- set _ = static_routes.append(
+ {'network': (hostvars[host]['ansible_cbr0']['ipv4']['network']+'/'+
+ hostvars[host]['ansible_cbr0']['ipv4']['netmask'])|ipaddr('net'),
+ 'gateway': hostvars[host]['ansible_default_ipv4']['address']}) -%}
+ {% endfor %}
+ {{ static_routes }}
+
+ - name: Add static routes on each node
+ shell: "ip route show | grep -q {{ item.network }} || ip route add {{ item.network }} via {{ item.gateway }}"
+ with_items: "{{ kubenet_xci_static_routes }}"
+ loop_control:
+ label: "{{ item.network }}"
+ when: deploy_scenario.find('k8-nosdn-') != -1
+
+ - name: Ensure rp_filter is disabled on localhost
+ sysctl:
+ name: net.ipv4.conf.all.rp_filter
+ sysctl_set: yes
+ state: present
+ value: "{{ (kubenet_xci_static_routes is defined) | ternary(0, 1) }}"
+ reload: yes
+ delegate_to: localhost
+ run_once: True
--- /dev/null
+---
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+- hosts: opnfv
+ remote_user: root
+ vars_files:
+ - "{{ xci_path }}/xci/var/opnfv.yml"
+
+ pre_tasks:
+ - name: Load distribution variables
+ include_vars:
+ file: "{{ item }}"
+ with_items:
+ - "{{ xci_path }}/xci/var/{{ ansible_os_family }}.yml"
+ - name: Set facts for remote deployment
+ set_fact:
+ remote_xci_path: "{{ ansible_env.HOME }}/releng-xci"
+ remote_xci_flavor_files: "{{ ansible_env.HOME }}/releng-xci/xci/installer/{{ installer_type }}/files/{{ xci_flavor }}"
+ remote_xci_playbooks: "{{ ansible_env.HOME }}/releng-xci/xci/playbooks"
+
+ roles:
+ - role: bootstrap-host
+ configure_network: xci_flavor != 'aio'
+
+ tasks:
+ - name: Create list of files to copy
+ shell: |
+ git ls-tree -r --name-only HEAD > {{ xci_cache }}/releng-xci.files
+ echo ".git/" >> {{ xci_cache }}/releng-xci.files
+ echo ".cache/repos/" >> {{ xci_cache }}/releng-xci.files
+ echo ".cache/xci.env" >> {{ xci_cache }}/releng-xci.files
+ args:
+ executable: /bin/bash
+ chdir: "{{ xci_path }}"
+ changed_when: False
+ delegate_to: 127.0.0.1
+ tags:
+ - skip_ansible_lint
+
+ - name: Copy releng-xci to remote host
+ synchronize:
+ archive: yes
+ src: "{{ xci_path }}/"
+ dest: "{{ remote_xci_path }}"
+ delete: yes
+ rsync_opts:
+ - "--recursive"
+ - "--files-from={{ xci_cache }}/releng-xci.files"
+
+ - name: delete the opnfv_inventory directory
+ file:
+ path: "{{ remote_xci_path }}/.cache/repos/kubespray/opnfv_inventory"
+ state: absent
+
+ - name: make sure kubespray/opnfv_inventory/group_vars/ exist
+ file:
+ path: "{{ remote_xci_path }}/.cache/repos/kubespray/opnfv_inventory/group_vars"
+ state: directory
+
+ - name: copy kubespray inventory directory
+ file:
+ src: "{{ remote_xci_playbooks }}/dynamic_inventory.py"
+ path: "{{ remote_xci_path }}/.cache/repos/kubespray/opnfv_inventory/dynamic_inventory.py"
+ state: link
+
+ - name: Reload XCI deployment host facts
+ setup:
+ filter: ansible_local
+ gather_subset: "!all"
+ delegate_to: 127.0.0.1
+
+ - name: Prepare everything to run the {{ deploy_scenario }} role
+ include_role:
+ name: "{{ hostvars['opnfv'].ansible_local.xci.scenarios.role }}"
+
+ - name: Install required packages
+ package:
+ name: "{{ (ansible_pkg_mgr == 'zypper') | ternary('dbus-1', 'dbus') }}"
+ state: present
+ update_cache: "{{ (ansible_pkg_mgr in ['apt', 'zypper']) | ternary('yes', omit) }}"
+ when: xci_flavor == 'aio'
+
+ - name: change dashboard server type to NodePort
+ lineinfile:
+ path: "{{ remote_xci_path }}/.cache/repos/kubespray/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2"
+ insertafter: 'targetPort'
+ line: " type: NodePort"
+
+ - name: pip install required packages
+ pip:
+ name: "{{ item.name }}"
+ version: "{{ item.version | default(omit) }}"
+ with_items:
+ - { name: 'ansible', version: "{{ xci_kube_ansible_pip_version }}" }
+ - { name: 'netaddr' }
+ - { name: 'ansible-modules-hashivault' }
+
+ - name: fetch xci environment
+ copy:
+ src: "{{ xci_path }}/.cache/xci.env"
+ dest: /root/xci.env
+
+ - name: Manage SSH keys
+ include_tasks: "{{ xci_path }}/xci/playbooks/manage-ssh-keys.yml"
--- /dev/null
+---
+- hosts: k8s-cluster
+ remote_user: root
+ vars_files:
+ - "{{ xci_path }}/xci/var/opnfv.yml"
+
+ pre_tasks:
+ - name: Load distribution variables
+ include_vars:
+ file: "{{ item }}"
+ with_items:
+ - "{{ xci_path }}/xci/var/{{ ansible_os_family }}.yml"
+
+ roles:
+ - role: bootstrap-host
+
+ tasks:
+ - name: Manage SSH keys
+ include_tasks: "{{ xci_path }}/xci/playbooks/manage-ssh-keys.yml"
+
+ - name: Install dbus
+ package:
+ name: "{{ (ansible_pkg_mgr == 'zypper') | ternary('dbus-1', 'dbus') }}"
+ state: present
+ update_cache: "{{ (ansible_pkg_mgr in ['apt', 'zypper']) | ternary('yes', omit) }}"
+
+- hosts: kube-master
+ remote_user: root
+ vars_files:
+ - "{{ xci_path }}/xci/var/opnfv.yml"
+ pre_tasks:
+ - name: Load distribution variables
+ include_vars:
+ file: "{{ xci_path }}/xci/var/{{ ansible_os_family }}.yml"
+ roles:
+ - role: "keepalived"
+ when: xci_flavor == 'ha'
+ - role: "haproxy_server"
+ haproxy_service_configs: "{{ haproxy_default_services}}"
+ when: xci_flavor == 'ha'
--- /dev/null
+keepalived_ubuntu_src: "uca"
+keepalived_uca_apt_repo_url: "{{ uca_apt_repo_url | default('http://ubuntu-cloud.archive.canonical.com/ubuntu') }}"
+
+keepalived_sync_groups:
+ haproxy:
+ instances:
+ - external
+
+haproxy_keepalived_external_interface: "{{ ansible_default_ipv4.interface }}"
+haproxy_keepalived_authentication_password: 'keepalived'
+keepalived_instances:
+ external:
+ interface: "{{ haproxy_keepalived_external_interface }}"
+ state: "BACKUP"
+ virtual_router_id: "{{ haproxy_keepalived_external_virtual_router_id | default ('10') }}"
+ priority: "{{ ((ansible_play_hosts|length-ansible_play_hosts.index(inventory_hostname))*100)-((ansible_play_hosts|length-ansible_play_hosts.index(inventory_hostname))*50) }}"
+ authentication_password: "{{ haproxy_keepalived_authentication_password }}"
+ vips:
+ - "{{ haproxy_keepalived_external_vip_cidr | default('192.168.122.222/32') }} dev {{ haproxy_keepalived_external_interface }}"
+
+haproxy_default_services:
+ - service:
+ haproxy_service_name: proxy-apiserver
+ haproxy_backend_nodes: "{{ groups['kube-master'] | default([]) }}"
+ haproxy_port: 8383
+ haproxy_backend_port: 6443
+ haproxy_balance_type: tcp
+
+haproxy_bind_on_non_local: "True"
+haproxy_use_keepalived: "True"
+keepalived_selinux_compile_rules:
+ - keepalived_ping
+ - keepalived_haproxy_pid_file
+
+# Ensure that the package state matches the global setting
+haproxy_package_state: "latest"
+
+haproxy_whitelist_networks:
+ - 192.168.0.0/16
+ - 172.16.0.0/12
+ - 10.0.0.0/8
+
+haproxy_galera_whitelist_networks: "{{ haproxy_whitelist_networks }}"
+haproxy_glance_registry_whitelist_networks: "{{ haproxy_whitelist_networks }}"
+haproxy_keystone_admin_whitelist_networks: "{{ haproxy_whitelist_networks }}"
+haproxy_nova_metadata_whitelist_networks: "{{ haproxy_whitelist_networks }}"
+haproxy_rabbitmq_management_whitelist_networks: "{{ haproxy_whitelist_networks }}"
+haproxy_repo_git_whitelist_networks: "{{ haproxy_whitelist_networks }}"
+haproxy_repo_cache_whitelist_networks: "{{ haproxy_whitelist_networks }}"
+haproxy_octavia_whitelist_networks: "{{ haproxy_whitelist_networks }}"
+haproxy_ssl: false
+
+internal_lb_vip_address: "192.168.122.222"
+external_lb_vip_address: "{{ internal_lb_vip_address }}"
--- /dev/null
+---
+- hosts: kube-node
+ remote_user: root
+ vars_files:
+ - "{{ xci_path }}/xci/var/opnfv.yml"
+
+ roles:
+ - role: prepare-kube-nodes-osh
+
+- hosts: opnfv
+ remote_user: root
+ vars_files:
+ - "{{ xci_path }}/xci/var/opnfv.yml"
+
+ roles:
+ - role: prepare-opnfvhost-osh
+ - role: prepare-osh
+ - role: install-osh-mini
+ when: xci_flavor == 'mini'
+ - role: install-osh-noha
+ when: xci_flavor == 'noha'
--- /dev/null
+---
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2018 Ericsson AB and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+- hosts: opnfv
+ remote_user: root
+ vars_files:
+ - "{{ xci_path }}/xci/var/opnfv.yml"
+
+ pre_tasks:
+ - name: Load distribution variables
+ include_vars:
+ file: "{{ item }}"
+ with_items:
+ - "{{ xci_path }}/xci/var/{{ ansible_os_family }}.yml"
+ - name: Set facts for remote deployment
+ set_fact:
+ remote_xci_scenario_path: "{{ ansible_env.HOME }}/releng-xci/.cache/repos/scenarios/{{ deploy_scenario }}/scenarios/{{ deploy_scenario }}"
+
+ tasks:
+ - name: Reload XCI deployment host facts
+ setup:
+ filter: ansible_local
+ gather_subset: "!all"
+ delegate_to: 127.0.0.1
+
+ - name: Check if any post-deployment task defined for {{ deploy_scenario }} role
+ stat:
+ path: "{{ remote_xci_scenario_path }}/role/{{ deploy_scenario }}/tasks/post-deployment.yml"
+ register: post_deployment_yml
+
+ - name: Execute post-deployment tasks of {{ deploy_scenario }} role
+ include_role:
+ name: "{{ hostvars['opnfv'].ansible_local.xci.scenarios.role }}"
+ tasks_from: post-deployment
+ when:
+ - post_deployment_yml.stat.exists
--- /dev/null
+- name: Setup Clients
+ command: ./tools/deployment/common/setup-client.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Deploy the ingress controller
+ command: ./tools/deployment/component/common/ingress.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Deploy MariaDB
+ command: ./tools/deployment/component/common/mariadb.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Deploy memcached
+ command: ./tools/deployment/component/common/memcached.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Deploy RabbitMQ
+ command: ./tools/deployment/component/common/rabbitmq.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Update nfs-provisioner helm-chart
+ shell: helm dependency update nfs-provisioner
+ args:
+ chdir: /root/repos/openstack-helm-infra
+ executable: /bin/bash
+ tags:
+ - skip_ansible_lint
+
+- name: Deploy nfs-provisioner
+ command: ./tools/deployment/component/nfs-provisioner/nfs-provisioner.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Deploy Keystone
+ command: ./tools/deployment/component/keystone/keystone.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Deploy Heat
+ command: ./tools/deployment/component/heat/heat.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Deploy Glance
+ command: ./tools/deployment/component/glance/glance.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Deploy OpenvSwitch
+ command: ./tools/deployment/component/compute-kit/openvswitch.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Deploy Libvirt
+ command: ./tools/deployment/component/compute-kit/libvirt.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Deploy Compute Kit (Nova and Neutron)
+ command: ./tools/deployment/component/compute-kit/compute-kit.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Copy script to the worker node
+ command: "scp -o \"StrictHostKeyChecking no\" tools/deployment/developer/ceph/170-setup-gateway.sh root@192.168.122.4:170-setup-gateway.sh"
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Setup the gateway to the public network at worker node
+ command: /root/170-setup-gateway.sh
+ changed_when: false
+ delegate_to: 192.168.122.4
+
+- name: Add a route from opnfv to worker node for the public network
+ command: ip route add 172.24.4.0/24 via 192.168.122.4
+ changed_when: false
+
+# Deployment validation
+- name: Exercise the cloud
+ command: ./tools/deployment/developer/common/900-use-it.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
--- /dev/null
+- name: Setup Clients
+ command: ./tools/deployment/multinode/010-setup-client.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Deploy the ingress controller
+ command: ./tools/deployment/multinode/020-ingress.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Deploy Ceph
+ command: ./tools/deployment/multinode/030-ceph.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Activate the openstack namespace to be able to use Ceph
+ command: ./tools/deployment/multinode/040-ceph-ns-activate.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Deploy MariaDB
+ command: ./tools/deployment/multinode/050-mariadb.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Deploy RabbitMQ
+ command: ./tools/deployment/multinode/060-rabbitmq.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Deploy memcached
+ command: ./tools/deployment/multinode/070-memcached.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Deploy Keystone
+ command: ./tools/deployment/multinode/080-keystone.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Deploy Horizon
+ command: ./tools/deployment/multinode/085-horizon.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Deploy Rados Gateway for object store
+ command: ./tools/deployment/multinode/090-ceph-radosgateway.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Deploy Glance
+ command: ./tools/deployment/multinode/100-glance.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Deploy Cinder
+ command: ./tools/deployment/multinode/110-cinder.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Deploy OpenvSwitch
+ command: ./tools/deployment/multinode/120-openvswitch.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Deploy Libvirt
+ command: ./tools/deployment/multinode/130-libvirt.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Deploy Compute Kit (Nova and Neutron)
+ command: ./tools/deployment/multinode/140-compute-kit.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Deploy Heat
+ command: ./tools/deployment/multinode/150-heat.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+- name: Deploy Barbican
+ command: ./tools/deployment/multinode/160-barbican.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
+# Deployment validation
+- name: Deploy tempest
+ command: ./tools/deployment/multinode/900-tempest.sh
+ changed_when: false
+ args:
+ chdir: /root/repos/openstack-helm
+
--- /dev/null
+- name: Install packages in kubernetes nodes
+ package:
+ name: "{{ packages }}"
+ state: present
+ changed_when: false
+ vars:
+ packages:
+ - ceph-common
+ - rbd-nbd
+ - apparmor
+ - nfs-common
--- /dev/null
+[Unit]
+Description=Helm Server
+After=network.target
+
+[Service]
+User=root
+Restart=always
+ExecStart=/usr/bin/helm serve
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+- name: Set kubernetes service account permissions
+ command: "kubectl create clusterrolebinding add-on-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default"
+ changed_when: false
+
+- name: Set kubernetes node labels
+ shell: "for x in `kubectl get nodes --show-labels | grep 'node-role.kubernetes.io/node=true' | awk '{print $1}'`; do kubectl label nodes $x {{ item }}; done"
+ args:
+ executable: /bin/bash
+ changed_when: false
+ with_items:
+ - openstack-control-plane=enabled
+ - openstack-compute-node=enabled
+ - openstack-helm-node-class=primary
+ - openvswitch=enabled
+ - linuxbridge=enabled
+ - ceph-mon=enabled
+ - ceph-osd=enabled
+ - ceph-mds=enabled
+ - ceph-mgr=enabled
+ - ceph-rgw=enabled
+
+- name: Create directories
+ file:
+ path: /root/{{ item }}
+ state: directory
+ with_items:
+ ['repos','tmp', '.helm/repository/local']
+
+- name: Rename bifrost clouds file to get it out of precedence
+ command: "mv .config/openstack/clouds.yaml .config/openstack/clouds.yaml.bifrost"
+ changed_when: false
+
+- name: Clone openstack-helm
+ git:
+ repo: "{{ osh_git_url }}"
+ dest: /root/repos/openstack-helm
+ version: "{{ osh_version }}"
+ update: true
+ force: true
+ register: git_clone
+ until: git_clone is success
+ retries: 2
+ delay: 5
+
+- name: Fix dns nameserver for openstack installation (mini flavor)
+ lineinfile:
+ path: /root/repos/openstack-helm/tools/gate/files/heat-public-net-deployment.yaml
+ regexp: '10\.96\.0\.10'
+ line: " - 10.233.0.3"
+
+- name: Fix dns nameserver for openstack installation (noha flavor)
+ lineinfile:
+ path: /root/repos/openstack-helm/tempest/values.yaml
+ regexp: 'dns_servers'
+ line: " dns_servers: 10.233.0.3"
+
+- name: Clone openstack-helm-infra
+ git:
+ repo: "{{ osh_infra_git_url }}"
+ dest: /root/repos/openstack-helm-infra
+ version: "{{ osh_infra_version }}"
+ update: true
+ force: true
+ register: git_clone
+ until: git_clone is success
+ retries: 2
+ delay: 5
+
+- name: Get helm
+ get_url:
+ url: "{{ osh_helm_binary_url }}/helm-{{ osh_helm_binary_version }}-linux-amd64.tar.gz"
+ dest: tmp
+
+- name: Uncompress helm package
+ command: "tar zxvf tmp/helm-{{ osh_helm_binary_version }}-linux-amd64.tar.gz --strip-components=1 -C tmp/"
+ changed_when: false
+ tags:
+ - skip_ansible_lint
+
+- name: Put helm in system binaries
+ copy:
+ src: tmp/helm
+ dest: /usr/bin/helm
+ remote_src: yes
+ mode: 0755
+
+- name: Create helm-serve service file
+ copy:
+ src: helm-serve.service
+ dest: "/etc/systemd/system/helm-serve.service"
+ mode: 0640
+
+- name: Start helm-serve service
+ service:
+ name: helm-serve
+ state: started
+ enabled: yes
+
+- name: Wait for helm-serve service to start
+ wait_for:
+ port: 8879
+ host: 127.0.0.1
+
+- name: Install pyhelm
+ pip:
+ name: pyhelm
+
+- name: Init helm
+ command: "helm init"
+ changed_when: false
+
+- name: Remove stable (external) service from helm
+ command: "helm repo remove stable"
+ changed_when: false
+
+- name: Add local repositories service to helm
+ command: "helm repo add local http://localhost:8879/charts"
+ changed_when: false
+
+- name: Make charts from infra
+ make:
+ chdir: /root/repos/openstack-helm-infra
+ target: "{{ item }}"
+ with_items:
+ - helm-toolkit
+ - ingress
+ - mariadb
+ - rabbitmq
+ - memcached
+ - ceph-mon
+ - ceph-osd
+ - ceph-client
+ - ceph-provisioners
+ - ceph-rgw
+ - openvswitch
+ - libvirt
+
+- name: Install packages
+ package:
+ name: "{{ required_packages }}"
+ state: present
--- /dev/null
+required_packages:
+- patch
+- ipcalc
+- jq
+- nmap
+- bc
+
--- /dev/null
+- name: Write new resolv.conf file
+ template:
+ src: resolv.conf.j2
+ dest: /etc/resolv.conf
+
+- name: Make resolv.conf immutable
+ shell: "chattr +i /etc/resolv.conf"
+ changed_when: false
+ args:
+ executable: /bin/bash
+ tags:
+ - skip_ansible_lint
+
+#TODO Fetch the value from a file generated by k8s deployer
+- name: Get kube service addresses
+ shell: "grep -r 'kube_service_addresses:' /root/releng-xci/.cache/repos/kubespray/opnfv_inventory/group_vars/k8s-cluster.yml | awk '{print $2}'"
+ changed_when: false
+ args:
+ executable: /bin/bash
+ register: kube_service_addresses
+ tags:
+ - skip_ansible_lint
+
+#This rule allows openstack client in OPNFV VM to reach openstack
+- name: Update routing table with kube service addresses
+ shell: "ip route add {{ kube_service_addresses.stdout }} via 192.168.122.3 dev br-vlan onlink"
+ changed_when: false
+ args:
+ executable: /bin/bash
+ tags:
+ - skip_ansible_lint
+
--- /dev/null
+{{ dns_var }}
+{% for nameserver in external_dns_nameservers %}
+nameserver {{ nameserver }}
+{% endfor %}
--- /dev/null
+kube_dns_ip: "10.233.0.3"
+external_dns_nameservers:
+- '{{kube_dns_ip}}'
+- '192.168.122.1'
+dns_var: "search svc.cluster.local cluster.local"
+
- ubuntu
- centos
- opensuse
+ - installer: osh
+ flavors:
+ - mini
+ - noha
+ distros:
+ - ubuntu
- scenario: k8-flannel-nofeature
scm: git
repo: "{{ kubespray_git_url }}"
dest: "{{ xci_cache }}/repos/kubespray"
version: "{{ kubespray_version }}"
- when: installer_type == "kubespray"
+ when: installer_type in ["kubespray", "osh"]
- role: clone-repository
project: "openstack/openstack-ansible-haproxy_server"
repo: "{{ openstack_osa_haproxy_git_url }}"
dest: roles/haproxy_server
version: "{{ haproxy_version }}"
when:
- - installer_type == "kubespray"
+ - installer_type == "kubespray" or installer_type == "osh"
- role: clone-repository
project: "ansible-keepalived"
repo: "{{ keepalived_git_url }}"
dest: roles/keepalived
version: "{{ keepalived_version }}"
when:
- - installer_type == "kubespray"
+ - installer_type == "kubespray" or installer_type == "osh"
tasks:
- name: create log directory {{log_path}}
--- /dev/null
+osa
\ No newline at end of file
block:
- set_fact:
- node_name: "{{ ('kubespray' in installer_type) | ternary(idf.kubespray.hostnames[item.name], idf.osa.hostnames[item.name]) }}"
+ node_name: idf.kubespray.hostnames[item.name]
+ when: installer_type == "kubespray"
+
+ - set_fact:
+ node_name: idf.osa.hostnames[item.name]
+ when: installer_type == "osa"
+
+ - set_fact:
+ node_name: idf.osh.hostnames[item.name]
+ when: installer_type == "osh"
- set_fact:
host_group: "{{ node_default_groups }}"
- name: "Creating VM"
block:
- set_fact:
- vm_name: "{{ ('kubespray' in installer_type) | ternary(idf.kubespray.hostnames[item.1.name], idf.osa.hostnames[item.1.name]) }}"
+ vm_name: "{{ idf.kubespray.hostnames[item.1.name] }}"
+ when: installer_type == "kubespray"
+
+ - set_fact:
+ vm_name: "{{ idf.osa.hostnames[item.1.name] }}"
+ when: installer_type == "osa"
+
+ - set_fact:
+ vm_name: "{{ idf.osh.hostnames[item.1.name] }}"
+ when: installer_type == "osh"
- set_fact:
vm_log_file: "{{ node_logdir }}/{{ vm_name }}_console.log"
net-internal: private
# Public network for VNF remote acces (ext-net in Openstack)
net-vnf: public
+ osh: &idf_osh
+ nodes_roles:
+ opnfv: [opnfv]
+ node1: [kube-master, etcd, vault]
+ node2: [kube-node]
+ node3: [kube-node]
+ node4: [kube-master, etcd, vault]
+ node5: [kube-master, etcd, vault]
+ groups:
+ k8s-cluster:
+ - kube-node
+ - kube-master
+ hostnames:
+ opnfv: opnfv
+ node1: master1
+ node2: node1
+ node3: node2
+ node4: master2
+ node5: master3
+ network:
+ # network mapping
+ network_mapping:
+ # Management network used by installer components to communicate
+ net-mgmt: mgmt
+ # Storage Network
+ net-storage: storage
+ # Internal network for communication between VNF
+ net-internal: private
+ # Public network for VNF remote acces (ext-net in Openstack)
+ net-vnf: public
xci:
pod_name: vpod1
net_config: *net_config
installers:
osa: *idf_osa
kubespray: *idf_kubespray
+ osh: *idf_osh
kubespray_version: "{{ lookup('env','KUBESPRAY_VERSION') }}"
xci_kube_ansible_pip_version: "{{ lookup('env','XCI_KUBE_ANSIBLE_PIP_VERSION') }}"
+# openstack-helm variables
+osh_git_url: "{{ lookup('env','OSH_GIT_URL') }}"
+osh_version: "{{ lookup('env','OSH_VERSION') }}"
+osh_infra_git_url: "{{ lookup('env','OSH_INFRA_GIT_URL') }}"
+osh_infra_version: "{{ lookup('env','OSH_INFRA_VERSION') }}"
+osh_helm_binary_url: "{{ lookup('env','OSH_HELM_BINARY_URL') }}"
+osh_helm_binary_version: "{{ lookup('env','OSH_HELM_BINARY_VERSION') }}"
+
# variables for other components
keepalived_git_url: "{{ lookup('env','KEEPALIVED_GIT_URL') }}"
haproxy_version: "{{ lookup('env','HAPROXY_VERSION') }}"
Code Review / releng-xci.git / commitdiff