diff options
| author |   James Gu <james.gu@att.com> | 2020-05-04 13:57:29 -0700 |
|---|---|---|
| committer | James Gu <james.gu@att.com> | 2020-10-05 21:25:18 +0000 |
| commit | da4f1540dec64779c01f7d0258b1a748ace9b131 (patch) | |
| tree | 47856f75607849dc848dadcbcb1a7d048f91f7f7 /tools/deploy.sh | |
| parent | 05686a28172cd3e79c71987cf495e0e67e064eb1 (diff) | |
Treasuremap 1.8 integration
Upgrade pod 17 to Treasuremap 1.8 prime for CNTT RI-1.
Added deploy script enhancement to include pregenesis, certs, and wrapper
for shipyard cli command.
Added clean-genesis script to properly clean genesis node for redeployment.
Signed-off-by: James Gu <james.gu@att.com>
Change-Id: I4c150ef216d5eb631a0980c72b3c6c80a55788d0
Signed-off-by: James Gu <james.gu@att.com>
Diffstat (limited to 'tools/deploy.sh')
| -rwxr-xr-x | tools/deploy.sh | 159 |
1 files changed, 125 insertions, 34 deletions
diff --git a/tools/deploy.sh b/tools/deploy.sh index 7fb5273..7a940a6 100755 --- a/tools/deploy.sh +++ b/tools/deploy.sh @@ -1,6 +1,6 @@ #!/bin/bash -set -x +set -ex export OS_USERNAME=${OS_USERNAME:-shipyard} export OS_PASSWORD=${OS_PASSWORD:-password123} @@ -15,10 +15,10 @@ export TERM_OPTS=${TERM_OPTS:-" "} ## Source Environment Variables. help() { - echo "Usage: deploy.sh <site_name> <deploy_site|update_site>" + echo "Usage: deploy.sh <site_name> <deploy_site|update_site|update_software>" } -if [[ $# -ne 2 ]] +if [[ $# -lt 2 ]] then help exit 1 @@ -35,6 +35,8 @@ fi cd ${WORK_DIR} +AIRSHIP_CMD=treasuremap/tools/airship + ## Deps pkg_check() { @@ -42,20 +44,15 @@ pkg_check() { sudo dpkg -s $pkg &> /dev/null || sudo apt -y install $pkg done } -pkg_check docker.io git ipmitool python3-yaml +pkg_check docker.io git ipmitool python3-yaml ## Cleanup genesis_cleanup() { - ssh $GEN_SSH sudo systemctl disable kubelet - ssh $GEN_SSH sudo systemctl disable docker - ssh $GEN_SSH sudo touch /forcefsck - # reset bare-metal servers - ALL_NODES="${GEN_IPMI} ${NODES_IPMI}" for node in $ALL_NODES; do ipmitool -I lanplus -H $node -U $IPMI_USER -P $IPMI_PASS chassis power off @@ -66,17 +63,9 @@ genesis_cleanup() { while ! ssh $GEN_SSH hostname; do :; done - # cleanup previous k8s/airship install - - ssh $GEN_SSH rm -rf promenade genesis.sh - ssh $GEN_SSH git clone https://review.opendev.org/airship/promenade - ssh $GEN_SSH sudo promenade/tools/cleanup.sh -f > /dev/null - - ssh $GEN_SSH sudo parted -s /dev/sdb mklabel gpt - ssh $GEN_SSH sudo rm -rf /var/lib/ceph - ssh $GEN_SSH sudo rm -rf /var/lib/docker - - ssh $GEN_SSH sudo /etc/init.d/docker restart + scp $WORK_DIR/airship/tools/clean-genesis.sh $GEN_SSH: + ssh $GEN_SSH chmod a+x clean-genesis.sh + ssh $GEN_SSH sudo ./clean-genesis.sh -fk } @@ -87,7 +76,6 @@ read_yaml() { } git_checkout() { - git clone $1 cd ${1##*/} @@ -100,7 +88,7 @@ git_checkout() { fi git log -1 - cd $WORK_DIR + cd .. } clone_repos() { @@ -127,19 +115,89 @@ clone_repos() { ## Deployment pegleg_collect() { - sudo -E treasuremap/tools/airship pegleg site \ - -r /target/airship collect -s collect $SITE_NAME + if [ -d "collect/${SITE_NAME}" ]; then + sudo rm -rf collect/${SITE_NAME} + fi + sudo mkdir -p collect/${SITE_NAME} + sudo -E ${AIRSHIP_CMD} pegleg site -r /target/airship collect -s collect/${SITE_NAME} $SITE_NAME + +# sudo mkdir -p render/${SITE_NAME} +# sudo -E ${AIRSHIP_CMD} pegleg site -r /target/treasuremap render $SITE_NAME \ +# -s /target/render/${SITE_NAME}/manifest.yaml +} + +pre_genesis() { + + scp $WORK_DIR/airship/tools/files/seccomp_default $GEN_SSH: + ssh $GEN_SSH 'sudo mkdir -p /var/lib/kubelet/seccomp' + ssh $GEN_SSH 'sudo chown root:root /var/lib/kubelet/seccomp' + ssh $GEN_SSH 'sudo chown root:root ~/seccomp_default' + ssh $GEN_SSH 'sudo mv ~/seccomp_default /var/lib/kubelet/seccomp' + + scp $WORK_DIR/airship/tools/files/sources.list $GEN_SSH: + + ssh $GEN_SSH 'sudo cp -n /etc/apt/sources.list /etc/apt/sources.list.orig' + ssh $GEN_SSH 'sudo chown root:root ~/sources.list' + ssh $GEN_SSH 'sudo mv ~/sources.list /etc/apt/sources.list' + + ssh $GEN_SSH 'wget -qO - http://mirror.mirantis.com/testing/kubernetes-extra/bionic/archive-kubernetes-extra.key | sudo apt-key add -' + # thsi fails but appaerntly not required. + # ssh $GEN_SSH 'wget -qO - http://linux.dell.com/repo/community/openmanage/930/bionic/dists/bionic/Release.gpg | sudo apt-key add -' + ssh $GEN_SSH 'sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32' + ssh $GEN_SSH 'sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 1285491434D8786F' + + if [ -d "render/${SITE_NAME}" ]; then + sudo rm -rf render/${SITE_NAME} + fi + + ssh $GEN_SSH 'sudo cp /etc/default/grub /etc/default/grub.orig' + ssh $GEN_SSH 'sudo sed -i "/GRUB_CMDLINE_LINUX=\"/c GRUB_CMDLINE_LINUX=\"hugepagesz=1G hugepages=12 transparent_hugepage=never default_hugepagesz=1G dpdk-socket-mem=4096,4096 iommu=pt intel_iommu=on amd_iommu=on cgroup_disable=hugetlb console=ttyS1,115200n8\"" /etc/default/grub' + ssh $GEN_SSH 'sudo update-grub' + + # upstream pre-geneis is not ready to be used directly yet + # sudo mkdir -p render/${SITE_NAME} + # sudo -E ${AIRSHIP_CMD} pegleg site -r /target/treasuremap render $SITE_NAME \ + # -s /target/render/${SITE_NAME}/manifest.yaml + # sudo -E treasuremap/tools/genesis-setup/pre-genesis.sh render/${SITE_NAME}/manifest.yaml +} + +generate_certs() { + # create certificates based on PKI catalogs + + if [ -d "certs/${SITE_NAME}" ]; then + sudo rm -rf certs/${SITE_NAME} + fi + + sudo mkdir -p certs/${SITE_NAME} + + # remove old certificates before collect + sudo rm -f airship/site/${SITE_NAME}/secrets/certificates/certificates.yaml + + pegleg_collect + + sudo -E ${AIRSHIP_CMD} promenade generate-certs -o /target/certs/${SITE_NAME} collect/${SITE_NAME}/*.yaml + + # copy certs + mkdir -p airship/site/${SITE_NAME}/secrets/certificates + sudo cp certs/${SITE_NAME}/certificates.yaml \ + airship/site/${SITE_NAME}/secrets/certificates/certificates.yaml } promenade_bundle() { - mkdir bundle - sudo -E treasuremap/tools/airship promenade build-all \ - --validators -o /target/bundle /target/collect/*.yaml + + if [ -d "bundle/${SITE_NAME}" ]; then + sudo rm -rf bundle/${SITE_NAME} + fi + sudo mkdir -p bundle/${SITE_NAME} + + PROMENADE_KEY=$(sudo -E ${AIRSHIP_CMD} promenade build-all \ + --validators -o /target/bundle/${SITE_NAME} /target/collect/${SITE_NAME}/*.yaml | \ + sed -n '/Copy this decryption key for use during script execution:/{n;p;d;}; x') } genesis_deploy() { - scp bundle/genesis.sh $GEN_SSH: - ssh $GEN_SSH 'sudo ./genesis.sh' && sleep 120 + scp bundle/${SITE_NAME}/genesis.sh $GEN_SSH: + ssh $GEN_SSH PROMENADE_ENCRYPTION_KEY=$PROMENADE_KEY sudo -E ./genesis.sh } site_action() { @@ -147,16 +205,25 @@ site_action() { # Site deployment with Shipyard, see more details here # https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#deploy-site-with-shipyard - sudo -E treasuremap/tools/airship shipyard create configdocs \ - $SITE_NAME --directory=/target/collect --replace - sudo -E treasuremap/tools/airship shipyard commit configdocs + sudo -E ${AIRSHIP_CMD} shipyard create configdocs \ + $SITE_NAME --directory=/target/collect/$SITE_NAME --replace + sudo -E ${AIRSHIP_CMD} shipyard commit configdocs - sudo -E treasuremap/tools/airship shipyard create action \ + sudo -E ${AIRSHIP_CMD} shipyard create action \ --allow-intermediate-commits $1 sudo -E treasuremap/tools/gate/wait-for-shipyard.sh } +shipyard_action() { + + # Site deployment with Shipyard, see more details here + # https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#deploy-site-with-shipyard + + sudo -E ${AIRSHIP_CMD} shipyard $1 $2 $3 +} + + create_public_network() { export OS_AUTH_URL=${OS_AUTH_URL_IDENTITY} sudo -E treasuremap/tools/openstack stack create --wait \ @@ -165,11 +232,22 @@ create_public_network() { } case "$2" in +'pre_genesis') + pre_genesis + ;; 'deploy_site') - genesis_cleanup + read -n 1 -p "This script will clean up the genesis node. Continue (Y/N) ?" input + case $input in + [Yy] ) break;; + [Nn] ) exit 1;; + * ) echo "Please answer yes or no."; exit 1; + esac + clone_repos pegleg_collect promenade_bundle + genesis_cleanup + pre_genesis genesis_deploy site_action $2 create_public_network @@ -179,7 +257,20 @@ case "$2" in pegleg_collect site_action $2 ;; +'update_software') + clone_repos + pegleg_collect + site_action $2 + ;; +'generate_certs') + clone_repos + generate_certs + ;; +'shipyard') + shipyard_action $3 $4 $5 + ;; *) help + echo "*** $2" exit 1 ;; esac |