diff options
author | hu xinhui <xinhui_hu@foxmail.com> | 2017-08-30 15:36:13 +0800 |
---|---|---|
committer | hu xinhui <xinhui_hu@foxmail.com> | 2017-09-08 22:22:58 +0800 |
commit | 0d057d8e10fd5e29156516196ffec60ecb115087 (patch) | |
tree | cf0c2ca0caef922a1fd9e57f8c29173ba0f47aa3 /deploy/adapters/ansible/kubernetes | |
parent | acab17c36763b7679a6d761f438412e591347902 (diff) |
Add k8s support
JIRA: -
Add a new k8s scenario for compass
Change-Id: Ic5f58a6152315333684e4f2752aaa0d5d870d9ee
Signed-off-by: hu xinhui <xinhui_hu@foxmail.com>
Diffstat (limited to 'deploy/adapters/ansible/kubernetes')
23 files changed, 818 insertions, 0 deletions
diff --git a/deploy/adapters/ansible/kubernetes/ansible-kubernetes.yml b/deploy/adapters/ansible/kubernetes/ansible-kubernetes.yml new file mode 100644 index 00000000..9f20cdbc --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/ansible-kubernetes.yml @@ -0,0 +1,32 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- hosts: all + remote_user: root + max_fail_percentage: 0 + roles: + - pre-k8s + +- hosts: all + remote_user: root + max_fail_percentage: 0 + roles: + - setup-k8s-network + +- hosts: all + remote_user: root + max_fail_percentage: 0 + roles: + - install-k8s-dependence + +- hosts: localhost + remote_user: root + max_fail_percentage: 0 + roles: + - kargo diff --git a/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/tasks/main.yml b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/tasks/main.yml new file mode 100644 index 00000000..ae70427d --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/tasks/main.yml @@ -0,0 +1,17 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include_vars: "{{ ansible_os_family }}.yml" + +- name: Install yum packages + yum: + pkg: "{{ item }}" + state: "present" + with_items: "{{ packages }}" + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7' diff --git a/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/Debian.yml b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/Debian.yml new file mode 100644 index 00000000..e016b855 --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/Debian.yml @@ -0,0 +1,20 @@ +--- +packages: + - ubuntu-cloud-keyring + - python-dev + - openvswitch-switch + - openvswitch-switch-dpdk + - python-memcache + - python-iniparse + - python-lxml + - python-crypto + +pip_packages: + - crudini + - python-keyczar + - yang2tosca + +pip_conf: pip.conf + +services: + - ntp diff --git a/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/RedHat.yml b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/RedHat.yml new file mode 100644 index 00000000..3ec18e7f --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/RedHat.yml @@ -0,0 +1,19 @@ +--- +packages: + - python-devel + - gcc + - redhat-lsb-core + - python-crypto + - wget + - yum-plugin-priorities + - vim + - lsof + - strace + - net-tools + + +pip_packages: + - crudini + - python-keyczar + +pip_conf: pip.conf diff --git a/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/main.yml b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/main.yml new file mode 100644 index 00000000..713b6b5f --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/main.yml @@ -0,0 +1,14 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +packages_noarch: + - python-pip + - ntp + +services_noarch: [] diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/files/generate_inventories.py b/deploy/adapters/ansible/kubernetes/roles/kargo/files/generate_inventories.py new file mode 100644 index 00000000..62f29d84 --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/kargo/files/generate_inventories.py @@ -0,0 +1,57 @@ +import yaml
+import sys
+from jinja2 import Environment
+
+INVENTORY_TEMPLATE = """
+[all]
+{% for host, ip in hosts.iteritems() %}
+{{ host }} ansible_ssh_host={{ ip }} ansible_ssh_pass=root ansible_user=root
+{% endfor %}
+[kube-master]
+host1
+host2
+
+[etcd]
+host1
+host2
+host3
+
+[kube-node]
+host2
+host3
+host4
+host5
+
+[k8s-cluster:children]
+kube-node
+kube-master
+
+[calico-rr]
+[vault]
+"""
+
+
+def create_inventory_file(inventories_path, hosts):
+ content = Environment().from_string(INVENTORY_TEMPLATE).render(hosts=hosts)
+ with open(inventories_path, 'w+') as f:
+ f.write(content)
+
+
+def fetch_all_sorted_external_ip(ip_cfg):
+ hosts = {}
+ for host, settings in ip_cfg.iteritems():
+ external = settings["external"]["ip"]
+ hosts[host] = external
+ return hosts
+
+
+def main(inventories_path, ip_cfg):
+ hosts = fetch_all_sorted_external_ip(ip_cfg)
+ create_inventory_file(inventories_path, hosts)
+
+
+if __name__ == "__main__":
+ path = yaml.load(sys.argv[1])
+ ipv_cfg = yaml.load(sys.argv[2])
+
+ main(path, ipv_cfg)
diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/files/mirrors.repo b/deploy/adapters/ansible/kubernetes/roles/kargo/files/mirrors.repo new file mode 100644 index 00000000..4900db69 --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/kargo/files/mirrors.repo @@ -0,0 +1,32 @@ +[base]
+name=CentOS-$releasever - Base
+mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
+#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+#released updates
+[updates]
+name=CentOS-$releasever - Updates
+mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
+#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+#additional packages that may be useful
+[extras]
+name=CentOS-$releasever - Extras
+mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
+#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+#additional packages that extend functionality of existing packages
+[centosplus]
+name=CentOS-$releasever - Plus
+mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
+#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
+gpgcheck=1
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/tasks/main.yml b/deploy/adapters/ansible/kubernetes/roles/kargo/tasks/main.yml new file mode 100644 index 00000000..4e902606 --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/kargo/tasks/main.yml @@ -0,0 +1,84 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: clean local repo conf + file: + path: /etc/yum.repos.d + state: absent + run_once: "True" + +- name: create local repo conf dir + file: + path: /etc/yum.repos.d + state: directory + run_once: "True" + +- name: configure local mirror repo + copy: + src: mirrors.repo + dest: /etc/yum.repos.d/mirrors.repo + run_once: "True" + +- name: clean local pip conf to use official pip repo + file: + path: /root/.pip/pip.conf + state: absent + run_once: "True" + +- name: install dependency for ansible update + yum: + name: "{{ item }}" + state: latest + with_items: + - git + - libffi-devel + - openssl-devel + - python-devel + run_once: "True" + +- name: update python packages + pip: + name: "{{ item }}" + state: latest + with_items: + - netaddr + - jinja2 + + +- name: copy inventories generate script + copy: + src: generate_inventories.py + dest: /tmp/generate_inventories.py + tags: + - ansible + +- name: generate kargo inventories + shell: > + python /tmp/generate_inventories.py \ + "/opt/kargo_k8s/inventory/inventory.cfg" \ + "{{ ip_settings | to_json }}" + tags: + - ansible + +- name: configure target hosts + shell: | + cd /opt/kargo_k8s + ansible -i inventory/inventory.cfg -m ping all + ansible -i inventory/inventory.cfg all -m shell -a "rm /etc/yum.repos.d/*" + ansible -i inventory/inventory.cfg all -m copy -a \ + "src=/etc/yum.repos.d/mirrors.repo dest=/etc/yum.repos.d" + tags: + - ansible + +- name: run kargo playbook + shell: | + cd /opt/kargo_k8s + ansible-playbook -i inventory/inventory.cfg cluster.yml -b -v 2>&1 | tee kargo.log + tags: + - ansible diff --git a/deploy/adapters/ansible/kubernetes/roles/pre-k8s/files/centos_base.repo b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/files/centos_base.repo new file mode 100644 index 00000000..914b0a8b --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/files/centos_base.repo @@ -0,0 +1,31 @@ +[base]
+name=CentOS-$releasever - Base
+mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
+#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+#released updates
+[updates]
+name=CentOS-$releasever - Updates
+mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
+#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+#additional packages that may be useful
+[extras]
+name=CentOS-$releasever - Extras
+mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
+#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+#additional packages that extend functionality of existing packages
+[centosplus]
+name=CentOS-$releasever - Plus
+mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
+#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
+gpgcheck=1
+enabled=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
diff --git a/deploy/adapters/ansible/kubernetes/roles/pre-k8s/files/modules b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/files/modules new file mode 100644 index 00000000..7a479351 --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/files/modules @@ -0,0 +1,7 @@ +# /etc/modules: kernel modules to load at boot time.
+# This file contains the names of kernel modules that should be loaded
+# at boot time, one per line. Lines beginning with "#" are ignored.
+# Parameters can be specified after the module name.
+
+bonding
+8021q
diff --git a/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/RedHat.yml b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/RedHat.yml new file mode 100644 index 00000000..58af0f7b --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/RedHat.yml @@ -0,0 +1,55 @@ +############################################################################ +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################ +--- +- name: make sure ssh dir exist + file: + path: '{{ item.path }}' + owner: '{{ item.owner }}' + group: '{{ item.group }}' + state: directory + mode: 0755 + with_items: + - path: /root/.ssh + owner: root + group: root + +- name: write ssh config + copy: + content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no" + dest: '{{ item.dest }}' + owner: '{{ item.owner }}' + group: '{{ item.group }}' + mode: 0600 + with_items: + - dest: /root/.ssh/config + owner: root + group: root + +- name: generate ssh keys + shell: if [ ! -f ~/.ssh/id_rsa.pub ]; \ + then ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ""; \ + else echo "already gen ssh key!"; fi; + +- name: fetch ssh keys + fetch: + src: /root/.ssh/id_rsa.pub + dest: /tmp/ssh-keys-{{ ansible_hostname }} + flat: "yes" + +- authorized_key: + user: root + key: "{{ lookup('file', item) }}" + with_fileglob: + - /tmp/ssh-keys-* + - /root/.ssh/id_rsa.pub + +- name: change sources(yum) list + copy: + src: centos_base.repo + dest: /etc/yum.repos.d/centos_base.repo diff --git a/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/Ubuntu.yml b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/Ubuntu.yml new file mode 100644 index 00000000..5bb77485 --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/Ubuntu.yml @@ -0,0 +1,71 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: make sure ssh dir exist + file: + path: '{{ item.path }}' + owner: '{{ item.owner }}' + group: '{{ item.group }}' + state: directory + mode: 0755 + with_items: + - path: /root/.ssh + owner: root + group: root + +- name: write ssh config + copy: + content: "UserKnownHostsFile /dev/null\nStrictHostKeyChecking no" + dest: '{{ item.dest }}' + owner: '{{ item.owner }}' + group: '{{ item.group }}' + mode: 0600 + with_items: + - dest: /root/.ssh/config + owner: root + group: root + +- name: generate ssh keys + shell: if [ ! -f ~/.ssh/id_rsa.pub ]; \ + then ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ""; \ + else echo "already gen ssh key!"; fi; + +- name: fetch ssh keys + fetch: + src: /root/.ssh/id_rsa.pub + dest: /tmp/ssh-keys-{{ ansible_hostname }} + flat: "yes" + +- authorized_key: + user: root + key: "{{ lookup('file', item) }}" + with_fileglob: + - /tmp/ssh-keys-* + - /root/.ssh/id_rsa.pub + +- name: rm apt.conf + file: + path: /etc/apt/apt.conf + state: absent + +- name: restart ntp service + shell: "service ntp restart" + +- name: add the appropriate kernel modules + copy: + src: modules + dest: /etc/modules + +- name: change the MaxSessions + lineinfile: + dest: /etc/ssh/sshd_config + line: "MaxSessions 500" + +- name: restart ssh service + shell: service ssh restart diff --git a/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/main.yml b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/main.yml new file mode 100644 index 00000000..76203440 --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/main.yml @@ -0,0 +1,14 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- include: "{{ ansible_distribution }}.yml" + when: ansible_distribution == 'Ubuntu' + +- include: "{{ ansible_os_family }}.yml" + when: ansible_os_family == 'RedHat' and ansible_distribution_major_version == '7' diff --git a/deploy/adapters/ansible/kubernetes/roles/pre-k8s/templates/hosts b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/templates/hosts new file mode 100644 index 00000000..847c193e --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/templates/hosts @@ -0,0 +1,9 @@ +# localhost
+127.0.0.1 localhost
+# controller
+10.1.0.50 host1
+10.1.0.51 host2
+10.1.0.52 host3
+# compute
+10.1.0.53 host4
+10.1.0.54 host5
diff --git a/deploy/adapters/ansible/kubernetes/roles/pre-k8s/vars/main.yml b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/vars/main.yml new file mode 100644 index 00000000..b196bd25 --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/vars/main.yml @@ -0,0 +1,21 @@ +--- +aptpackages: +- bridge-utils +- debootstrap +- ifenslave +- ifenslave-2.6 +- lsof +- lvm2 +- ntp +- ntpdate +- sudo +- vlan +- tcpdump + +yumpackages: +- bridge-utils +- iputils +- lvm2 +- ntp +- tcpdump +- vim diff --git a/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/check_network.py b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/check_network.py new file mode 100644 index 00000000..ffdafcd3 --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/check_network.py @@ -0,0 +1,70 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +import yaml +import sys +import subprocess + +import log as logging + +LOG = logging.getLogger("net-check") + + +def is_ip_reachable(ip): + cmd = "ping -c 2 %s" % ip + process = subprocess.Popen( + cmd, + stdout=subprocess.PIPE, + stderr=None, + shell=True) + + output = process.communicate()[0] + if " 0% packet loss" in output: + LOG.info("%s is reachable", ip) + elif "100% packet loss" in output: + LOG.error("%s is unreachable" % (ip)) + return False + else: + LOG.warn("%r", output) + + return True + + +def is_host_ips_reachable(settings): + external = settings["external"]["ip"] + external_gw = settings["external"]["gw"] + # storage = settings["storage"]["ip"] + mgmt = settings["mgmt"]["ip"] + + return is_ip_reachable(external) \ + and is_ip_reachable(external_gw) \ + and is_ip_reachable(mgmt) + + +def main(hostname, config): + LOG.info("host is %s", hostname) + + result = True + + for host, settings in config.iteritems(): + LOG.info("check %s network connectivity start", host) + result = result and is_host_ips_reachable(settings) + + if result: + LOG.info("All hosts ips are reachable") + else: + LOG.error("Some hosts ips are unreachable !!!") + sys.exit(-1) + +if __name__ == "__main__": + hostname = yaml.load(sys.argv[1]) + config = yaml.load(sys.argv[2]) + config.pop(hostname, None) + + main(hostname, config) diff --git a/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/log.py b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/log.py new file mode 100644 index 00000000..422931bc --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/log.py @@ -0,0 +1,52 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +import logging +import os +loggers = {} +log_dir = "/var/log/setup_network" +try: + os.makedirs(log_dir) +except: + pass + + +def getLogger(name): + if name in loggers: + return loggers[name] + + logger = logging.getLogger(name) + logger.setLevel(logging.DEBUG) + + # create file handler which logs even debug messages + log_file = "%s/%s.log" % (log_dir, name) + try: + os.remove(log_file) + except: + pass + + fh = logging.FileHandler(log_file) + fh.setLevel(logging.DEBUG) + + # create console handler with a higher log level + ch = logging.StreamHandler() + ch.setLevel(logging.ERROR) + + # create formatter and add it to the handlers + formatter = logging.Formatter( + "%(asctime)s - %(name)s - %(levelname)s - %(message)s") + ch.setFormatter(formatter) + fh.setFormatter(formatter) + + # add the handlers to logger + logger.addHandler(ch) + logger.addHandler(fh) + + loggers[name] = logger + return logger diff --git a/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/net_init b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/net_init new file mode 100644 index 00000000..41ccb988 --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/net_init @@ -0,0 +1,24 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: anamon.init +# Required-Start: $network +# Required-Stop: +# Should-Start: +# Should-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Starts the cobbler anamon boot notification program +# Description: anamon runs the first time a machine is booted after installation. +### END INIT INFO + + + +# +# anamon.init: Starts the cobbler post-install boot notification program +# +# chkconfig: 35 0 6 +# +# description: anamon runs the first time a machine is booted after +# installation. +# +python /opt/setup_networks/setup_networks.py diff --git a/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/setup_networks.py b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/setup_networks.py new file mode 100644 index 00000000..ab13e088 --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/files/setup_networks/setup_networks.py @@ -0,0 +1,93 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +import yaml +import netaddr +import os +import log as logging + +LOG = logging.getLogger("net-init") +config_path = os.path.join(os.path.dirname(__file__), "network.cfg") + + +def setup_bondings(bond_mappings): + print bond_mappings + + +def add_vlan_link(interface, ifname, vlan_id): + LOG.info("add_vlan_link enter") + cmd = "ip link add link %s name %s type vlan id %s; " % ( + ifname, interface, vlan_id) + cmd += "ip link set %s up; ip link set %s up" % (interface, ifname) + LOG.info("add_vlan_link: cmd=%s" % cmd) + os.system(cmd) + + +def add_ovs_port(ovs_br, ifname, uplink, vlan_id=None): + LOG.info("add_ovs_port enter") + cmd = "ovs-vsctl --may-exist add-port %s %s" % (ovs_br, ifname) + if vlan_id: + cmd += " tag=%s" % vlan_id + cmd += " -- set Interface %s type=internal;" % ifname + cmd += "ip link set dev %s address \ + `ip link show %s |awk '/link\/ether/{print $2}'`;" % (ifname, uplink) + cmd += "ip link set %s up;" % ifname + LOG.info("add_ovs_port: cmd=%s" % cmd) + os.system(cmd) + + +def setup_intfs(sys_intf_mappings, uplink_map): + LOG.info("setup_intfs enter") + for intf_name, intf_info in sys_intf_mappings.items(): + if intf_info["type"] == "vlan": + add_vlan_link( + intf_name, + intf_info["interface"], + intf_info["vlan_tag"]) + elif intf_info["type"] == "ovs": + add_ovs_port( + intf_info["interface"], + intf_name, + uplink_map[intf_info["interface"]], + vlan_id=intf_info.get("vlan_tag")) + else: + pass + + +def setup_ips(ip_settings, sys_intf_mappings): + LOG.info("setup_ips enter") + for intf_info in ip_settings.values(): + network = netaddr.IPNetwork(intf_info["cidr"]) + if sys_intf_mappings[intf_info["name"]]["type"] == "ovs": + intf_name = intf_info["name"] + else: + intf_name = intf_info["alias"] + cmd = "ip addr add %s/%s brd %s dev %s;" \ + % (intf_info["ip"], intf_info["netmask"], str(network.broadcast), intf_name) # noqa + if "gw" in intf_info: + cmd += "route del default;" + cmd += "ip route add default via %s dev %s" % ( + intf_info["gw"], intf_name) + LOG.info("setup_ips: cmd=%s" % cmd) + os.system(cmd) + + +def main(config): + uplink_map = {} + setup_bondings(config["bond_mappings"]) + for provider_net in config["provider_net_mappings"]: + uplink_map[provider_net['name']] = provider_net['interface'] + + setup_intfs(config["sys_intf_mappings"], uplink_map) + setup_ips(config["ip_settings"], config["sys_intf_mappings"]) + +if __name__ == "__main__": + os.system("service openvswitch-switch status|| service openvswitch-switch start") # noqa + config = yaml.load(open(config_path)) + main(config) diff --git a/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/tasks/main.yml b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/tasks/main.yml new file mode 100644 index 00000000..c59fdfc5 --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/tasks/main.yml @@ -0,0 +1,66 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: disable NetworkManager + service: name=NetworkManager state=stopped enabled=no + when: ansible_os_family == 'RedHat' + +- name: enable network service + service: name=network state=started enabled=yes + when: ansible_os_family == 'RedHat' + +- name: ensure script dir exist + shell: mkdir -p /opt/setup_networks + +- name: copy scripts + copy: src={{ item }} dest=/opt/setup_networks + with_items: + - setup_networks/log.py + - setup_networks/setup_networks.py + - setup_networks/check_network.py + tags: + - network_check + + +- name: copy config files + template: src=network.cfg dest=/opt/setup_networks + +- name: config external nic + template: + src: ifcfg-eth.j2 + dest: /etc/sysconfig/network-scripts/ifcfg-{{sys_intf_mappings["external"]["interface"]}} + +- name: remove defualt gw + lineinfile: + dest: /etc/sysconfig/network + regexp: "^GATEWAY=*" + state: absent + +- name: restart the network + shell: systemctl restart network + +- name: make sure python lib exist + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: + - python-yaml + - python-netaddr + +- name: check basic network connectivity + shell: > + python /opt/setup_networks/check_network.py \ + "{{ inventory_hostname }}" \ + "{{ ip_settings | to_json }}" + register: result + until: result.stderr.find('unreachable')==-1 + retries: 3 + delay: 2 + tags: + - network_check + +- meta: flush_handlers diff --git a/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/templates/ifcfg-eth.j2 b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/templates/ifcfg-eth.j2 new file mode 100644 index 00000000..78afa052 --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/templates/ifcfg-eth.j2 @@ -0,0 +1,11 @@ +DEVICE={{ sys_intf_mappings["external"]["interface"]}}
+TYPE=Ethernet
+IPADDR={{ ip_settings[inventory_hostname]["external"]["ip"] }}
+PREFIX={{ ip_settings[inventory_hostname]["external"]["netmask"] }}
+GATEWAY={{ ip_settings[inventory_hostname]["external"]["gw"] }}
+BOOTPROTO=none
+ONBOOT=yes
+DELAY=0
+DEFROUTE="yes"
+DNS1=8.8.8.8
+DNS2=8.8.4.4
diff --git a/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/templates/my_configs.debian b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/templates/my_configs.debian new file mode 100644 index 00000000..5ab1519b --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/templates/my_configs.debian @@ -0,0 +1,14 @@ +{%- for alias, intf in host_ip_settings.items() %} + +auto {{ alias }} +iface {{ alias }} inet static + address {{ intf["ip"] }} + netmask {{ intf["netmask"] }} +{% if "gw" in intf %} + gateway {{ intf["gw"] }} +{% endif %} +{% if intf["name"] == alias %} + pre-up ip link set {{ sys_intf_mappings[alias]["interface"] }} up + pre-up ip link add link {{ sys_intf_mappings[alias]["interface"] }} name {{ alias }} type vlan id {{ sys_intf_mappings[alias]["vlan_tag"] }} +{% endif %} +{% endfor %} diff --git a/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/templates/network.cfg b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/templates/network.cfg new file mode 100644 index 00000000..cf271ad6 --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/templates/network.cfg @@ -0,0 +1,5 @@ +bond_mappings: {{ network_cfg["bond_mappings"] | to_json }} +ip_settings: {{ ip_settings[inventory_hostname] | to_json }} +sys_intf_mappings: {{ sys_intf_mappings | to_json }} +provider_net_mappings: {{ network_cfg["provider_net_mappings"] | to_json }} + |