summaryrefslogtreecommitdiffstats
path: root/deploy/adapters/ansible/kubernetes
diff options
context:
space:
mode:
authorhu xinhui <xinhui_hu@foxmail.com>2017-08-30 15:36:13 +0800
committerhu xinhui <xinhui_hu@foxmail.com>2017-09-08 22:22:58 +0800
commit0d057d8e10fd5e29156516196ffec60ecb115087 (patch)
treecf0c2ca0caef922a1fd9e57f8c29173ba0f47aa3 /deploy/adapters/ansible/kubernetes
parentacab17c36763b7679a6d761f438412e591347902 (diff)
Add k8s support
JIRA: - Add a new k8s scenario for compass Change-Id: Ic5f58a6152315333684e4f2752aaa0d5d870d9ee Signed-off-by: hu xinhui <xinhui_hu@foxmail.com>
Diffstat (limited to 'deploy/adapters/ansible/kubernetes')
-rw-r--r--deploy/adapters/ansible/kubernetes/ansible-kubernetes.yml32
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/tasks/main.yml17
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/Debian.yml20
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/RedHat.yml19
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/main.yml14
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/kargo/files/generate_inventories.py57
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/kargo/files/mirrors.repo32
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/kargo/tasks/main.yml84
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/pre-k8s/files/centos_base.repo31
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/pre-k8s/files/modules7
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/RedHat.yml55
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/Ubuntu.yml71
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/main.yml14
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/pre-k8s/templates/hosts9
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/pre-k8s/vars/main.yml21
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/check_network.py70
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/log.py52
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/net_init24
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/setup_networks.py93
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/tasks/main.yml66
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/templates/ifcfg-eth.j211
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/templates/my_configs.debian14
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/templates/network.cfg5
23 files changed, 818 insertions, 0 deletions
diff --git a/deploy/adapters/ansible/kubernetes/ansible-kubernetes.yml b/deploy/adapters/ansible/kubernetes/ansible-kubernetes.yml
new file mode 100644
index 00000000..9f20cdbc
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/ansible-kubernetes.yml
@@ -0,0 +1,32 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- hosts: all
+ remote_user: root
+ max_fail_percentage: 0
+ roles:
+ - pre-k8s
+
+- hosts: all
+ remote_user: root
+ max_fail_percentage: 0
+ roles:
+ - setup-k8s-network
+
+- hosts: all
+ remote_user: root
+ max_fail_percentage: 0
+ roles:
+ - install-k8s-dependence
+
+- hosts: localhost
+ remote_user: root
+ max_fail_percentage: 0
+ roles:
+ - kargo
diff --git a/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/tasks/main.yml b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/tasks/main.yml
new file mode 100644
index 00000000..ae70427d
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/tasks/main.yml
@@ -0,0 +1,17 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: Install yum packages
+ yum:
+ pkg: "{{ item }}"
+ state: "present"
+ with_items: "{{ packages }}"
+ when: ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7'
diff --git a/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/Debian.yml b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/Debian.yml
new file mode 100644
index 00000000..e016b855
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/Debian.yml
@@ -0,0 +1,20 @@
+---
+packages:
+ - ubuntu-cloud-keyring
+ - python-dev
+ - openvswitch-switch
+ - openvswitch-switch-dpdk
+ - python-memcache
+ - python-iniparse
+ - python-lxml
+ - python-crypto
+
+pip_packages:
+ - crudini
+ - python-keyczar
+ - yang2tosca
+
+pip_conf: pip.conf
+
+services:
+ - ntp
diff --git a/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/RedHat.yml b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/RedHat.yml
new file mode 100644
index 00000000..3ec18e7f
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/RedHat.yml
@@ -0,0 +1,19 @@
+---
+packages:
+ - python-devel
+ - gcc
+ - redhat-lsb-core
+ - python-crypto
+ - wget
+ - yum-plugin-priorities
+ - vim
+ - lsof
+ - strace
+ - net-tools
+
+
+pip_packages:
+ - crudini
+ - python-keyczar
+
+pip_conf: pip.conf
diff --git a/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/main.yml b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/main.yml
new file mode 100644
index 00000000..713b6b5f
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/main.yml
@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+packages_noarch:
+ - python-pip
+ - ntp
+
+services_noarch: []
diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/files/generate_inventories.py b/deploy/adapters/ansible/kubernetes/roles/kargo/files/generate_inventories.py
new file mode 100644
index 00000000..62f29d84
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/kargo/files/generate_inventories.py
@@ -0,0 +1,57 @@
+import yaml
+import sys
+from jinja2 import Environment
+
+INVENTORY_TEMPLATE = """
+[all]
+{% for host, ip in hosts.iteritems() %}
+{{ host }} ansible_ssh_host={{ ip }} ansible_ssh_pass=root ansible_user=root
+{% endfor %}
+[kube-master]
+host1
+host2
+
+[etcd]
+host1
+host2
+host3
+
+[kube-node]
+host2
+host3
+host4
+host5
+
+[k8s-cluster:children]
+kube-node
+kube-master
+
+[calico-rr]
+[vault]
+"""
+
+
+def create_inventory_file(inventories_path, hosts):
+ content = Environment().from_string(INVENTORY_TEMPLATE).render(hosts=hosts)
+ with open(inventories_path, 'w+') as f:
+ f.write(content)
+
+
+def fetch_all_sorted_external_ip(ip_cfg):
+ hosts = {}
+ for host, settings in ip_cfg.iteritems():
+ external = settings["external"]["ip"]
+ hosts[host] = external
+ return hosts
+
+
+def main(inventories_path, ip_cfg):
+ hosts = fetch_all_sorted_external_ip(ip_cfg)
+ create_inventory_file(inventories_path, hosts)
+
+
+if __name__ == "__main__":
+ path = yaml.load(sys.argv[1])
+ ipv_cfg = yaml.load(sys.argv[2])
+
+ main(path, ipv_cfg)
diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/files/mirrors.repo b/deploy/adapters/ansible/kubernetes/roles/kargo/files/mirrors.repo
new file mode 100644
index 00000000..4900db69
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/kargo/files/mirrors.repo
@@ -0,0 +1,32 @@
+[base]
+name=CentOS-$releasever - Base
+mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
+#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+#released updates
+[updates]
+name=CentOS-$releasever - Updates
+mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
+#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+#additional packages that may be useful
+[extras]
+name=CentOS-$releasever - Extras
+mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
+#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+#additional packages that extend functionality of existing packages
+[centosplus]
+name=CentOS-$releasever - Plus
+mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
+#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
+gpgcheck=1
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/tasks/main.yml b/deploy/adapters/ansible/kubernetes/roles/kargo/tasks/main.yml
new file mode 100644
index 00000000..4e902606
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/kargo/tasks/main.yml
@@ -0,0 +1,84 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: clean local repo conf
+ file:
+ path: /etc/yum.repos.d
+ state: absent
+ run_once: "True"
+
+- name: create local repo conf dir
+ file:
+ path: /etc/yum.repos.d
+ state: directory
+ run_once: "True"
+
+- name: configure local mirror repo
+ copy:
+ src: mirrors.repo
+ dest: /etc/yum.repos.d/mirrors.repo
+ run_once: "True"
+
+- name: clean local pip conf to use official pip repo
+ file:
+ path: /root/.pip/pip.conf
+ state: absent
+ run_once: "True"
+
+- name: install dependency for ansible update
+ yum:
+ name: "{{ item }}"
+ state: latest
+ with_items:
+ - git
+ - libffi-devel
+ - openssl-devel
+ - python-devel
+ run_once: "True"
+
+- name: update python packages
+ pip:
+ name: "{{ item }}"
+ state: latest
+ with_items:
+ - netaddr
+ - jinja2
+
+
+- name: copy inventories generate script
+ copy:
+ src: generate_inventories.py
+ dest: /tmp/generate_inventories.py
+ tags:
+ - ansible
+
+- name: generate kargo inventories
+ shell: >
+ python /tmp/generate_inventories.py \
+ "/opt/kargo_k8s/inventory/inventory.cfg" \
+ "{{ ip_settings | to_json }}"
+ tags:
+ - ansible
+
+- name: configure target hosts
+ shell: |
+ cd /opt/kargo_k8s
+ ansible -i inventory/inventory.cfg -m ping all
+ ansible -i inventory/inventory.cfg all -m shell -a "rm /etc/yum.repos.d/*"
+ ansible -i inventory/inventory.cfg all -m copy -a \
+ "src=/etc/yum.repos.d/mirrors.repo dest=/etc/yum.repos.d"
+ tags:
+ - ansible
+
+- name: run kargo playbook
+ shell: |
+ cd /opt/kargo_k8s
+ ansible-playbook -i inventory/inventory.cfg cluster.yml -b -v 2>&1 | tee kargo.log
+ tags:
+ - ansible
diff --git a/deploy/adapters/ansible/kubernetes/roles/pre-k8s/files/centos_base.repo b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/files/centos_base.repo
new file mode 100644
index 00000000..914b0a8b
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/files/centos_base.repo
@@ -0,0 +1,31 @@
+[base]
+name=CentOS-$releasever - Base
+mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
+#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+#released updates
+[updates]
+name=CentOS-$releasever - Updates
+mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
+#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+#additional packages that may be useful
+[extras]
+name=CentOS-$releasever - Extras
+mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
+#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+#additional packages that extend functionality of existing packages
+[centosplus]
+name=CentOS-$releasever - Plus
+mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
+#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
+gpgcheck=1
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
diff --git a/deploy/adapters/ansible/kubernetes/roles/pre-k8s/files/modules b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/files/modules
new file mode 100644
index 00000000..7a479351
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/files/modules
@@ -0,0 +1,7 @@
+# /etc/modules: kernel modules to load at boot time.
+# This file contains the names of kernel modules that should be loaded
+# at boot time, one per line. Lines beginning with "#" are ignored.
+# Parameters can be specified after the module name.
+
+bonding
+8021q
diff --git a/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/RedHat.yml b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/RedHat.yml
new file mode 100644
index 00000000..58af0f7b
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/RedHat.yml
@@ -0,0 +1,55 @@
+############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+############################################################################
+---
+- name: make sure ssh dir exist
+ file:
+ path: '{{ item.path }}'
+ owner: '{{ item.owner }}'
+ group: '{{ item.group }}'
+ state: directory
+ mode: 0755
+ with_items:
+ - path: /root/.ssh
+ owner: root
+ group: root
+
+- name: write ssh config
+ copy:
+ content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no"
+ dest: '{{ item.dest }}'
+ owner: '{{ item.owner }}'
+ group: '{{ item.group }}'
+ mode: 0600
+ with_items:
+ - dest: /root/.ssh/config
+ owner: root
+ group: root
+
+- name: generate ssh keys
+ shell: if [ ! -f ~/.ssh/id_rsa.pub ]; \
+ then ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ""; \
+ else echo "already gen ssh key!"; fi;
+
+- name: fetch ssh keys
+ fetch:
+ src: /root/.ssh/id_rsa.pub
+ dest: /tmp/ssh-keys-{{ ansible_hostname }}
+ flat: "yes"
+
+- authorized_key:
+ user: root
+ key: "{{ lookup('file', item) }}"
+ with_fileglob:
+ - /tmp/ssh-keys-*
+ - /root/.ssh/id_rsa.pub
+
+- name: change sources(yum) list
+ copy:
+ src: centos_base.repo
+ dest: /etc/yum.repos.d/centos_base.repo
diff --git a/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/Ubuntu.yml b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/Ubuntu.yml
new file mode 100644
index 00000000..5bb77485
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/Ubuntu.yml
@@ -0,0 +1,71 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: make sure ssh dir exist
+ file:
+ path: '{{ item.path }}'
+ owner: '{{ item.owner }}'
+ group: '{{ item.group }}'
+ state: directory
+ mode: 0755
+ with_items:
+ - path: /root/.ssh
+ owner: root
+ group: root
+
+- name: write ssh config
+ copy:
+ content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no"
+ dest: '{{ item.dest }}'
+ owner: '{{ item.owner }}'
+ group: '{{ item.group }}'
+ mode: 0600
+ with_items:
+ - dest: /root/.ssh/config
+ owner: root
+ group: root
+
+- name: generate ssh keys
+ shell: if [ ! -f ~/.ssh/id_rsa.pub ]; \
+ then ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ""; \
+ else echo "already gen ssh key!"; fi;
+
+- name: fetch ssh keys
+ fetch:
+ src: /root/.ssh/id_rsa.pub
+ dest: /tmp/ssh-keys-{{ ansible_hostname }}
+ flat: "yes"
+
+- authorized_key:
+ user: root
+ key: "{{ lookup('file', item) }}"
+ with_fileglob:
+ - /tmp/ssh-keys-*
+ - /root/.ssh/id_rsa.pub
+
+- name: rm apt.conf
+ file:
+ path: /etc/apt/apt.conf
+ state: absent
+
+- name: restart ntp service
+ shell: "service ntp restart"
+
+- name: add the appropriate kernel modules
+ copy:
+ src: modules
+ dest: /etc/modules
+
+- name: change the MaxSessions
+ lineinfile:
+ dest: /etc/ssh/sshd_config
+ line: "MaxSessions 500"
+
+- name: restart ssh service
+ shell: service ssh restart
diff --git a/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/main.yml b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/main.yml
new file mode 100644
index 00000000..76203440
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/main.yml
@@ -0,0 +1,14 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- include: "{{ ansible_distribution }}.yml"
+ when: ansible_distribution == 'Ubuntu'
+
+- include: "{{ ansible_os_family }}.yml"
+ when: ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7'
diff --git a/deploy/adapters/ansible/kubernetes/roles/pre-k8s/templates/hosts b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/templates/hosts
new file mode 100644
index 00000000..847c193e
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/templates/hosts
@@ -0,0 +1,9 @@
+# localhost
+127.0.0.1 localhost
+# controller
+10.1.0.50 host1
+10.1.0.51 host2
+10.1.0.52 host3
+# compute
+10.1.0.53 host4
+10.1.0.54 host5
diff --git a/deploy/adapters/ansible/kubernetes/roles/pre-k8s/vars/main.yml b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/vars/main.yml
new file mode 100644
index 00000000..b196bd25
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/vars/main.yml
@@ -0,0 +1,21 @@
+---
+aptpackages:
+- bridge-utils
+- debootstrap
+- ifenslave
+- ifenslave-2.6
+- lsof
+- lvm2
+- ntp
+- ntpdate
+- sudo
+- vlan
+- tcpdump
+
+yumpackages:
+- bridge-utils
+- iputils
+- lvm2
+- ntp
+- tcpdump
+- vim
diff --git a/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/check_network.py b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/check_network.py
new file mode 100644
index 00000000..ffdafcd3
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/check_network.py
@@ -0,0 +1,70 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+import yaml
+import sys
+import subprocess
+
+import log as logging
+
+LOG = logging.getLogger("net-check")
+
+
+def is_ip_reachable(ip):
+ cmd = "ping -c 2 %s" % ip
+ process = subprocess.Popen(
+ cmd,
+ stdout=subprocess.PIPE,
+ stderr=None,
+ shell=True)
+
+ output = process.communicate()[0]
+ if " 0% packet loss" in output:
+ LOG.info("%s is reachable", ip)
+ elif "100% packet loss" in output:
+ LOG.error("%s is unreachable" % (ip))
+ return False
+ else:
+ LOG.warn("%r", output)
+
+ return True
+
+
+def is_host_ips_reachable(settings):
+ external = settings["external"]["ip"]
+ external_gw = settings["external"]["gw"]
+ # storage = settings["storage"]["ip"]
+ mgmt = settings["mgmt"]["ip"]
+
+ return is_ip_reachable(external) \
+ and is_ip_reachable(external_gw) \
+ and is_ip_reachable(mgmt)
+
+
+def main(hostname, config):
+ LOG.info("host is %s", hostname)
+
+ result = True
+
+ for host, settings in config.iteritems():
+ LOG.info("check %s network connectivity start", host)
+ result = result and is_host_ips_reachable(settings)
+
+ if result:
+ LOG.info("All hosts ips are reachable")
+ else:
+ LOG.error("Some hosts ips are unreachable !!!")
+ sys.exit(-1)
+
+if __name__ == "__main__":
+ hostname = yaml.load(sys.argv[1])
+ config = yaml.load(sys.argv[2])
+ config.pop(hostname, None)
+
+ main(hostname, config)
diff --git a/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/log.py b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/log.py
new file mode 100644
index 00000000..422931bc
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/log.py
@@ -0,0 +1,52 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+import logging
+import os
+loggers = {}
+log_dir = "/var/log/setup_network"
+try:
+ os.makedirs(log_dir)
+except:
+ pass
+
+
+def getLogger(name):
+ if name in loggers:
+ return loggers[name]
+
+ logger = logging.getLogger(name)
+ logger.setLevel(logging.DEBUG)
+
+ # create file handler which logs even debug messages
+ log_file = "%s/%s.log" % (log_dir, name)
+ try:
+ os.remove(log_file)
+ except:
+ pass
+
+ fh = logging.FileHandler(log_file)
+ fh.setLevel(logging.DEBUG)
+
+ # create console handler with a higher log level
+ ch = logging.StreamHandler()
+ ch.setLevel(logging.ERROR)
+
+ # create formatter and add it to the handlers
+ formatter = logging.Formatter(
+ "%(asctime)s - %(name)s - %(levelname)s - %(message)s")
+ ch.setFormatter(formatter)
+ fh.setFormatter(formatter)
+
+ # add the handlers to logger
+ logger.addHandler(ch)
+ logger.addHandler(fh)
+
+ loggers[name] = logger
+ return logger
diff --git a/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/net_init b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/net_init
new file mode 100644
index 00000000..41ccb988
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/net_init
@@ -0,0 +1,24 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: anamon.init
+# Required-Start: $network
+# Required-Stop:
+# Should-Start:
+# Should-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Starts the cobbler anamon boot notification program
+# Description: anamon runs the first time a machine is booted after installation.
+### END INIT INFO
+
+
+
+#
+# anamon.init: Starts the cobbler post-install boot notification program
+#
+# chkconfig: 35 0 6
+#
+# description: anamon runs the first time a machine is booted after
+# installation.
+#
+python /opt/setup_networks/setup_networks.py
diff --git a/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/setup_networks.py b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/setup_networks.py
new file mode 100644
index 00000000..ab13e088
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/setup_networks.py
@@ -0,0 +1,93 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+import yaml
+import netaddr
+import os
+import log as logging
+
+LOG = logging.getLogger("net-init")
+config_path = os.path.join(os.path.dirname(__file__), "network.cfg")
+
+
+def setup_bondings(bond_mappings):
+ print bond_mappings
+
+
+def add_vlan_link(interface, ifname, vlan_id):
+ LOG.info("add_vlan_link enter")
+ cmd = "ip link add link %s name %s type vlan id %s; " % (
+ ifname, interface, vlan_id)
+ cmd += "ip link set %s up; ip link set %s up" % (interface, ifname)
+ LOG.info("add_vlan_link: cmd=%s" % cmd)
+ os.system(cmd)
+
+
+def add_ovs_port(ovs_br, ifname, uplink, vlan_id=None):
+ LOG.info("add_ovs_port enter")
+ cmd = "ovs-vsctl --may-exist add-port %s %s" % (ovs_br, ifname)
+ if vlan_id:
+ cmd += " tag=%s" % vlan_id
+ cmd += " -- set Interface %s type=internal;" % ifname
+ cmd += "ip link set dev %s address \
+ `ip link show %s |awk '/link\/ether/{print $2}'`;" % (ifname, uplink)
+ cmd += "ip link set %s up;" % ifname
+ LOG.info("add_ovs_port: cmd=%s" % cmd)
+ os.system(cmd)
+
+
+def setup_intfs(sys_intf_mappings, uplink_map):
+ LOG.info("setup_intfs enter")
+ for intf_name, intf_info in sys_intf_mappings.items():
+ if intf_info["type"] == "vlan":
+ add_vlan_link(
+ intf_name,
+ intf_info["interface"],
+ intf_info["vlan_tag"])
+ elif intf_info["type"] == "ovs":
+ add_ovs_port(
+ intf_info["interface"],
+ intf_name,
+ uplink_map[intf_info["interface"]],
+ vlan_id=intf_info.get("vlan_tag"))
+ else:
+ pass
+
+
+def setup_ips(ip_settings, sys_intf_mappings):
+ LOG.info("setup_ips enter")
+ for intf_info in ip_settings.values():
+ network = netaddr.IPNetwork(intf_info["cidr"])
+ if sys_intf_mappings[intf_info["name"]]["type"] == "ovs":
+ intf_name = intf_info["name"]
+ else:
+ intf_name = intf_info["alias"]
+ cmd = "ip addr add %s/%s brd %s dev %s;" \
+ % (intf_info["ip"], intf_info["netmask"], str(network.broadcast), intf_name) # noqa
+ if "gw" in intf_info:
+ cmd += "route del default;"
+ cmd += "ip route add default via %s dev %s" % (
+ intf_info["gw"], intf_name)
+ LOG.info("setup_ips: cmd=%s" % cmd)
+ os.system(cmd)
+
+
+def main(config):
+ uplink_map = {}
+ setup_bondings(config["bond_mappings"])
+ for provider_net in config["provider_net_mappings"]:
+ uplink_map[provider_net['name']] = provider_net['interface']
+
+ setup_intfs(config["sys_intf_mappings"], uplink_map)
+ setup_ips(config["ip_settings"], config["sys_intf_mappings"])
+
+if __name__ == "__main__":
+ os.system("service openvswitch-switch status|| service openvswitch-switch start") # noqa
+ config = yaml.load(open(config_path))
+ main(config)
diff --git a/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/tasks/main.yml b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/tasks/main.yml
new file mode 100644
index 00000000..c59fdfc5
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/tasks/main.yml
@@ -0,0 +1,66 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: disable NetworkManager
+ service: name=NetworkManager state=stopped enabled=no
+ when: ansible_os_family == 'RedHat'
+
+- name: enable network service
+ service: name=network state=started enabled=yes
+ when: ansible_os_family == 'RedHat'
+
+- name: ensure script dir exist
+ shell: mkdir -p /opt/setup_networks
+
+- name: copy scripts
+ copy: src={{ item }} dest=/opt/setup_networks
+ with_items:
+ - setup_networks/log.py
+ - setup_networks/setup_networks.py
+ - setup_networks/check_network.py
+ tags:
+ - network_check
+
+
+- name: copy config files
+ template: src=network.cfg dest=/opt/setup_networks
+
+- name: config external nic
+ template:
+ src: ifcfg-eth.j2
+ dest: /etc/sysconfig/network-scripts/ifcfg-{{sys_intf_mappings["external"]["interface"]}}
+
+- name: remove defualt gw
+ lineinfile:
+ dest: /etc/sysconfig/network
+ regexp: "^GATEWAY=*"
+ state: absent
+
+- name: restart the network
+ shell: systemctl restart network
+
+- name: make sure python lib exist
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items:
+ - python-yaml
+ - python-netaddr
+
+- name: check basic network connectivity
+ shell: >
+ python /opt/setup_networks/check_network.py \
+ "{{ inventory_hostname }}" \
+ "{{ ip_settings | to_json }}"
+ register: result
+ until: result.stderr.find('unreachable')==-1
+ retries: 3
+ delay: 2
+ tags:
+ - network_check
+
+- meta: flush_handlers
diff --git a/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/templates/ifcfg-eth.j2 b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/templates/ifcfg-eth.j2
new file mode 100644
index 00000000..78afa052
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/templates/ifcfg-eth.j2
@@ -0,0 +1,11 @@
+DEVICE={{ sys_intf_mappings["external"]["interface"]}}
+TYPE=Ethernet
+IPADDR={{ ip_settings[inventory_hostname]["external"]["ip"] }}
+PREFIX={{ ip_settings[inventory_hostname]["external"]["netmask"] }}
+GATEWAY={{ ip_settings[inventory_hostname]["external"]["gw"] }}
+BOOTPROTO=none
+ONBOOT=yes
+DELAY=0
+DEFROUTE="yes"
+DNS1=8.8.8.8
+DNS2=8.8.4.4
diff --git a/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/templates/my_configs.debian b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/templates/my_configs.debian
new file mode 100644
index 00000000..5ab1519b
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/templates/my_configs.debian
@@ -0,0 +1,14 @@
+{%- for alias, intf in host_ip_settings.items() %}
+
+auto {{ alias }}
+iface {{ alias }} inet static
+ address {{ intf["ip"] }}
+ netmask {{ intf["netmask"] }}
+{% if "gw" in intf %}
+ gateway {{ intf["gw"] }}
+{% endif %}
+{% if intf["name"] == alias %}
+ pre-up ip link set {{ sys_intf_mappings[alias]["interface"] }} up
+ pre-up ip link add link {{ sys_intf_mappings[alias]["interface"] }} name {{ alias }} type vlan id {{ sys_intf_mappings[alias]["vlan_tag"] }}
+{% endif %}
+{% endfor %}
diff --git a/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/templates/network.cfg b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/templates/network.cfg
new file mode 100644
index 00000000..cf271ad6
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/templates/network.cfg
@@ -0,0 +1,5 @@
+bond_mappings: {{ network_cfg["bond_mappings"] | to_json }}
+ip_settings: {{ ip_settings[inventory_hostname] | to_json }}
+sys_intf_mappings: {{ sys_intf_mappings | to_json }}
+provider_net_mappings: {{ network_cfg["provider_net_mappings"] | to_json }}
+