aboutsummaryrefslogtreecommitdiffstats
path: root/deploy/adapters
diff options
context:
space:
mode:
Diffstat (limited to 'deploy/adapters')
-rwxr-xr-xdeploy/adapters/ansible/kubernetes/ansible-kubernetes.yml5
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/ha/files/chk_k8s_master.sh9
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/tasks/main.yml2
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/Debian.yml13
-rwxr-xr-x[-rw-r--r--]deploy/adapters/ansible/kubernetes/roles/kargo/files/extra-vars-aarch64.yml16
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/kargo/files/extra-vars.yml7
-rwxr-xr-xdeploy/adapters/ansible/kubernetes/roles/kargo/files/generate_inventories.py86
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/kargo/files/mirrors.repo32
-rwxr-xr-x[-rw-r--r--]deploy/adapters/ansible/kubernetes/roles/kargo/files/mirrors_aarch64.repo0
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/kargo/files/openssl.conf.j234
-rwxr-xr-x[-rw-r--r--]deploy/adapters/ansible/kubernetes/roles/kargo/tasks/main.yml178
-rwxr-xr-xdeploy/adapters/ansible/kubernetes/roles/kargo/templates/extra-vars.yml.j240
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/kargo/templates/inventory.j226
-rwxr-xr-x[-rw-r--r--]deploy/adapters/ansible/kubernetes/roles/kargo/vars/main.yml7
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/post-k8s/defaults/main.yml11
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/post-k8s/tasks/main.yml48
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/pre-k8s/files/sources.list.official.aarch6454
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/Ubuntu.yml9
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/main.yml2
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/tasks/RedHat.yml3
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/sriov/templates/cni-sriov-rbac.yml.j24
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/sriov/templates/cni-sriov.yml.j219
-rw-r--r--deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml8
-rw-r--r--deploy/adapters/ansible/openstack_pike/README.md9
-rw-r--r--deploy/adapters/ansible/openstack_queens/README.md10
-rw-r--r--deploy/adapters/ansible/roles/config-compute/templates/compute.j210
-rwxr-xr-xdeploy/adapters/ansible/roles/config-controller/templates/controller.j213
-rw-r--r--deploy/adapters/ansible/roles/config-osa/files/chrony.conf.j22
-rw-r--r--deploy/adapters/ansible/roles/config-osa/files/lxc_cache_prestage.patch11
-rw-r--r--deploy/adapters/ansible/roles/config-osa/files/op-venv-script.sh9
-rw-r--r--deploy/adapters/ansible/roles/config-osa/tasks/fix_pip_version.yml11
-rw-r--r--deploy/adapters/ansible/roles/config-osa/tasks/fix_rescue.yml4
-rwxr-xr-xdeploy/adapters/ansible/roles/config-osa/tasks/main.yml94
-rw-r--r--deploy/adapters/ansible/roles/config-osa/tasks/meters.yml2
-rw-r--r--deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j26
-rw-r--r--deploy/adapters/ansible/roles/config-osa/vars/main.yml2
-rw-r--r--deploy/adapters/ansible/roles/post-openstack/files/manager.py.patch12
-rw-r--r--deploy/adapters/ansible/roles/post-openstack/tasks/main.yml4
-rw-r--r--deploy/adapters/ansible/roles/post-openstack/tasks/nova_patch.yml23
-rw-r--r--deploy/adapters/ansible/roles/post-openstack/vars/main.yml2
-rwxr-xr-xdeploy/adapters/ansible/roles/post-osa/files/sfc.conf2
-rw-r--r--deploy/adapters/ansible/roles/post-osa/tasks/install_networking_sfc.yml2
-rw-r--r--deploy/adapters/ansible/roles/post-osa/tasks/main.yml4
-rw-r--r--deploy/adapters/ansible/roles/post-osa/tasks/novaclient_workaround.yml6
-rw-r--r--deploy/adapters/ansible/roles/post-osa/vars/main.yml4
-rw-r--r--deploy/adapters/ansible/roles/setup-host/tasks/Ubuntu.yml6
-rw-r--r--deploy/adapters/ansible/roles/setup-openvswitch/handlers/main.yml5
-rw-r--r--deploy/adapters/ansible/roles/setup-openvswitch/tasks/compute.yml4
-rw-r--r--deploy/adapters/ansible/roles/setup-openvswitch/tasks/controller.yml22
-rw-r--r--deploy/adapters/ansible/roles/setup-openvswitch/tasks/main.yml14
-rw-r--r--deploy/adapters/ansible/roles/setup-openvswitch/tasks/odl.yml25
-rwxr-xr-xdeploy/adapters/ansible/roles/setup-openvswitch/templates/controller.j290
-rw-r--r--deploy/adapters/ansible/roles/setup-openvswitch/vars/Debian.yml13
-rw-r--r--deploy/adapters/cobbler/kickstarts/default16-aarch64.seed177
-rw-r--r--deploy/adapters/cobbler/snippets/kickstart_client.rb9
-rw-r--r--deploy/adapters/cobbler/snippets/kickstart_knife.rb9
-rw-r--r--deploy/adapters/cobbler/snippets/preseed_knife.rb9
-rw-r--r--deploy/adapters/cobbler/snippets/preseed_post_apt_repo_config2
58 files changed, 871 insertions, 369 deletions
diff --git a/deploy/adapters/ansible/kubernetes/ansible-kubernetes.yml b/deploy/adapters/ansible/kubernetes/ansible-kubernetes.yml
index 68dec5c2..094c6488 100755
--- a/deploy/adapters/ansible/kubernetes/ansible-kubernetes.yml
+++ b/deploy/adapters/ansible/kubernetes/ansible-kubernetes.yml
@@ -35,7 +35,10 @@
remote_user: root
max_fail_percentage: 0
roles:
- - kargo
+ - role: kargo
+ when: opencontrail is not defined
+ - role: install-k8s-opencontrail
+ when: opencontrail is defined and opencontrail == "Enable"
- hosts: kube_master
remote_user: root
diff --git a/deploy/adapters/ansible/kubernetes/roles/ha/files/chk_k8s_master.sh b/deploy/adapters/ansible/kubernetes/roles/ha/files/chk_k8s_master.sh
index 62e79b3b..db44246a 100644
--- a/deploy/adapters/ansible/kubernetes/roles/ha/files/chk_k8s_master.sh
+++ b/deploy/adapters/ansible/kubernetes/roles/ha/files/chk_k8s_master.sh
@@ -1,3 +1,12 @@
+##############################################################################
+# Copyright (c) 2016-2018 compass4nfv and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
#!/bin/bash
count=`ss -tnl | grep 6443 | wc -l`
diff --git a/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/tasks/main.yml b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/tasks/main.yml
index 4f8ca005..af234415 100644
--- a/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/tasks/main.yml
+++ b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/tasks/main.yml
@@ -25,5 +25,5 @@
pkg: "{{ item }}"
state: "present"
update_cache: 'yes'
- with_items: "{{ packages }}"
+ with_items: "{{ vars['packages_' + ansible_architecture] }}"
when: ansible_os_family == 'Debian'
diff --git a/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/Debian.yml b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/Debian.yml
index 0453dc44..6be9e06f 100644
--- a/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/Debian.yml
+++ b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/Debian.yml
@@ -1,5 +1,5 @@
---
-packages:
+packages_x86_64:
- ubuntu-cloud-keyring
- python-dev
- python-pip
@@ -11,6 +11,17 @@ packages:
- python-crypto
- git
+packages_aarch64:
+ - ubuntu-cloud-keyring
+ - python-dev
+ - python-pip
+ - openvswitch-switch
+ - python-memcache
+ - python-iniparse
+ - python-lxml
+ - python-crypto
+ - git
+
pip_packages:
- crudini
- python-keyczar
diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/files/extra-vars-aarch64.yml b/deploy/adapters/ansible/kubernetes/roles/kargo/files/extra-vars-aarch64.yml
index 26e3fa75..ae3dce76 100644..100755
--- a/deploy/adapters/ansible/kubernetes/roles/kargo/files/extra-vars-aarch64.yml
+++ b/deploy/adapters/ansible/kubernetes/roles/kargo/files/extra-vars-aarch64.yml
@@ -3,7 +3,7 @@
# roles/download/defaults/main.yml
etcd_version: v3.2.4-arm64
-flannel_version: "v0.8.0-arm64"
+flannel_version: "v0.9.1-arm64"
flannel_cni_image_repo: "linaro/flannel-cni-arm64"
hyperkube_image_repo: "gcr.io/google-containers/hyperkube-arm64"
hyperkube_image_tag: "{{ kube_version }}"
@@ -14,20 +14,8 @@ dnsmasq_nanny_image_repo: "gcr.io/google_containers/k8s-dns-dnsmasq-nanny-arm64"
dnsmasq_sidecar_image_repo: "gcr.io/google_containers/k8s-dns-sidecar-arm64"
kubednsautoscaler_image_repo: "gcr.io/google_containers/\
cluster-proportional-autoscaler-arm64"
+dashboard_image_repo: "gcr.io/google_containers/kubernetes-dashboard-arm64"
# inventory/group_vars/k8s-cluster.yml
kube_network_plugin: flannel
helm_enabled: false
-docker_options: "--insecure-registry={{ kube_service_addresses }} \
---graph={{ docker_daemon_graph }} {{ docker_log_opts }} \
---add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
---default-runtime=docker-runc \
---exec-opt native.cgroupdriver=systemd \
---userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
---signature-verification=false"
-
-# roles/docker/vars/redhat.yml
-docker_package_info:
- pkg_mgr: yum
- pkgs:
- - name: docker
diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/files/extra-vars.yml b/deploy/adapters/ansible/kubernetes/roles/kargo/files/extra-vars.yml
deleted file mode 100644
index e13e33ca..00000000
--- a/deploy/adapters/ansible/kubernetes/roles/kargo/files/extra-vars.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# Override default kubespray variables
-
-# Just a placeholder to satisfy ansible
-dummy_var: 0
-
-# helm_enabled: true
diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/files/generate_inventories.py b/deploy/adapters/ansible/kubernetes/roles/kargo/files/generate_inventories.py
deleted file mode 100755
index 2ffb4cae..00000000
--- a/deploy/adapters/ansible/kubernetes/roles/kargo/files/generate_inventories.py
+++ /dev/null
@@ -1,86 +0,0 @@
-import yaml
-import sys
-import os
-from jinja2 import Environment
-try:
- import json
-except ImportError:
- import simplejson as json
-
-INVENTORY_TEMPLATE = """
-[all]
-{% for host, vales in hostvars.iteritems() %}
-{{ host }} ansible_ssh_host={{ vales['ansible_ssh_host'] }} \
-ansible_ssh_pass=root ansible_user=root
-{% endfor %}
-[kube-master]
-{% for host in kube_master %}
-{{ host }}
-{% endfor %}
-
-[etcd]
-{% for host in etcd %}
-{{ host }}
-{% endfor %}
-
-[kube-node]
-{% for host in kube_node %}
-{{ host }}
-{% endfor %}
-
-[k8s-cluster:children]
-kube-node
-kube-master
-
-[calico-rr]
-[vault]
-"""
-
-
-def _byteify(data, ignore_dicts=False):
-
- if isinstance(data, unicode):
- return data.encode('utf-8')
- if isinstance(data, list):
- return [_byteify(item, ignore_dicts=True) for item in data]
- if isinstance(data, dict) and not ignore_dicts:
- return {
- _byteify(key, ignore_dicts=True):
- _byteify(value, ignore_dicts=True)
- for key, value in data.iteritems()
- }
- return data
-
-
-def load_inventory(inventory):
- if not os.path.exists(inventory):
- raise RuntimeError('file: %s not exist' % inventory)
- with open(inventory, 'r') as fd:
- return json.load(fd, object_hook=_byteify)
-
-
-def create_inventory_file(inventories_path,
- hostvars, kube_master, etcd, kube_node):
- content = Environment().from_string(INVENTORY_TEMPLATE).render(
- hostvars=hostvars, kube_master=kube_master,
- etcd=etcd, kube_node=kube_node)
- with open(inventories_path, 'w+') as f:
- f.write(content)
-
-
-def main(inventories_path, local_inventory):
- inventory_data = load_inventory(local_inventory)
- hostvars = inventory_data['_meta']['hostvars']
- kube_node = inventory_data['kube_node']['hosts']
- kube_master = inventory_data['kube_master']['hosts']
- etcd = inventory_data['etcd']['hosts']
-
- create_inventory_file(inventories_path,
- hostvars, kube_master, etcd, kube_node)
-
-
-if __name__ == "__main__":
- path = yaml.load(sys.argv[1])
- local_inventory = yaml.load(sys.argv[2])
-
- main(path, local_inventory)
diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/files/mirrors.repo b/deploy/adapters/ansible/kubernetes/roles/kargo/files/mirrors.repo
deleted file mode 100644
index 4900db69..00000000
--- a/deploy/adapters/ansible/kubernetes/roles/kargo/files/mirrors.repo
+++ /dev/null
@@ -1,32 +0,0 @@
-[base]
-name=CentOS-$releasever - Base
-mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
-#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
-
-#released updates
-[updates]
-name=CentOS-$releasever - Updates
-mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
-#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
-
-#additional packages that may be useful
-[extras]
-name=CentOS-$releasever - Extras
-mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
-#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
-
-#additional packages that extend functionality of existing packages
-[centosplus]
-name=CentOS-$releasever - Plus
-mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
-#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
-gpgcheck=1
-enabled=0
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
-
diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/files/mirrors_aarch64.repo b/deploy/adapters/ansible/kubernetes/roles/kargo/files/mirrors_aarch64.repo
index 1d622d3c..1d622d3c 100644..100755
--- a/deploy/adapters/ansible/kubernetes/roles/kargo/files/mirrors_aarch64.repo
+++ b/deploy/adapters/ansible/kubernetes/roles/kargo/files/mirrors_aarch64.repo
diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/files/openssl.conf.j2 b/deploy/adapters/ansible/kubernetes/roles/kargo/files/openssl.conf.j2
deleted file mode 100644
index d998d4cb..00000000
--- a/deploy/adapters/ansible/kubernetes/roles/kargo/files/openssl.conf.j2
+++ /dev/null
@@ -1,34 +0,0 @@
-[req]
-req_extensions = v3_req
-distinguished_name = req_distinguished_name
-[req_distinguished_name]
-[ v3_req ]
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-subjectAltName = @alt_names
-[alt_names]
-DNS.1 = kubernetes
-DNS.2 = kubernetes.default
-DNS.3 = kubernetes.default.svc
-DNS.4 = kubernetes.default.svc.{{ dns_domain }}
-DNS.5 = localhost
-{% for host in groups['kube-master'] %}
-DNS.{{ 5 + loop.index }} = {{ host }}
-{% endfor %}
-{% if loadbalancer_apiserver is defined and apiserver_loadbalancer_domain_name is defined %}
-{% set idx = groups['kube-master'] | length | int + 5 + 1 %}
-DNS.{{ idx | string }} = {{ apiserver_loadbalancer_domain_name }}
-{% endif %}
-{% for host in groups['kube-master'] %}
-IP.{{ 2 * loop.index - 1 }} = {{ hostvars[host]['access_ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}
-IP.{{ 2 * loop.index }} = {{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}
-{% endfor %}
-{% set idx = groups['kube-master'] | length | int * 2 + 1 %}
-IP.{{ idx }} = {{ kube_apiserver_ip }}
-IP.{{ idx + 1 }} = 127.0.0.1
-{% if supplementary_addresses_in_ssl_keys is defined %}
-{% set is = idx + 1 %}
-{% for addr in supplementary_addresses_in_ssl_keys %}
-IP.{{ is + loop.index }} = {{ addr }}
-{% endfor %}
-{% endif %}
diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/tasks/main.yml b/deploy/adapters/ansible/kubernetes/roles/kargo/tasks/main.yml
index b9d9c234..512121e2 100644..100755
--- a/deploy/adapters/ansible/kubernetes/roles/kargo/tasks/main.yml
+++ b/deploy/adapters/ansible/kubernetes/roles/kargo/tasks/main.yml
@@ -7,153 +7,39 @@
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
---
-- name: clean local repo conf
- file:
- path: /etc/yum.repos.d
- state: absent
- run_once: "True"
- when: ansible_os_family == 'RedHat'
-
-- name: create local repo conf dir
- file:
- path: /etc/yum.repos.d
- state: directory
- run_once: "True"
- when: ansible_os_family == 'RedHat'
-
-- name: configure local mirror repo
- copy:
- src: "{{ item }}"
- dest: /etc/yum.repos.d/mirrors.repo
- with_first_found:
- - mirrors_{{ ansible_architecture }}.repo
- - mirrors.repo
- run_once: "True"
- when: ansible_os_family == 'RedHat'
-
-- name: clean local pip conf to use official pip repo
- file:
- path: /root/.pip/pip.conf
- state: absent
- run_once: "True"
-
-- name: install dependency for ansible update
- yum:
- name: "{{ item }}"
- state: latest
- with_items:
- - git
- - libffi-devel
- - openssl-devel
- - python-devel
- run_once: "True"
- when: ansible_os_family == 'RedHat'
-
-- name: update python packages
- pip:
- name: "{{ item }}"
- state: latest
- with_items:
- - netaddr
- - jinja2
-
-- name: copy inventories generate script
- copy:
- src: generate_inventories.py
- dest: /tmp/generate_inventories.py
+- name: check the kubespray sample path
+ stat: path=/opt/kargo_k8s/inventory/sample
+ register: sample_stat
+
+- name: Move kubespray group_vars folder
+ command: mv /opt/kargo_k8s/inventory/sample/group_vars /opt/kargo_k8s/inventory/
+ when: sample_stat.stat.exists
+
+- name: generate kubespray inventory configure file
+ template:
+ src: "inventory.j2"
+ dest: "/opt/kargo_k8s/inventory/inventory.cfg"
tags:
- ansible
-- name: copy inventoriy.json file
- copy:
- src: "{{ run_dir }}/inventories/inventory.json"
- dest: /tmp/inventory.json
- tags:
- - ansible
-
-- name: generate kargo inventories
- shell: >
- python /tmp/generate_inventories.py \
- "/opt/kargo_k8s/inventory/inventory.cfg" \
- "/tmp/inventory.json"
- tags:
- - ansible
-
-- name: configure target hosts
- shell: |
- cd /opt/kargo_k8s
- ansible -i inventory/inventory.cfg -m ping all
- ansible -i inventory/inventory.cfg all -m shell -a "rm /etc/yum.repos.d/*"
- ansible -i inventory/inventory.cfg all -m copy -a \
- "src=/etc/yum.repos.d/mirrors.repo dest=/etc/yum.repos.d"
- tags:
- - ansible
-
-- name: enable helm
- lineinfile:
- dest: /opt/kargo_k8s/inventory/group_vars/k8s-cluster.yml
- regexp: '^helm_enabled:'
- line: 'helm_enabled: {{ helm_flag }}'
-
-- name: enable external lb | set lb domain_nam
- lineinfile:
- dest: /opt/kargo_k8s/inventory/group_vars/all.yml
- regexp: '^## apiserver_loadbalancer_domain_name:'
- line: 'apiserver_loadbalancer_domain_name: {{ apiserver_loadbalancer_domain_name }}'
-
-- name: enable external lb |
- lineinfile:
- dest: /opt/kargo_k8s/inventory/group_vars/all.yml
- regexp: '^#loadbalancer_apiserver:'
- line: 'loadbalancer_apiserver:'
-
-- name: enable external lb | set vip address
- lineinfile:
- dest: /opt/kargo_k8s/inventory/group_vars/all.yml
- regexp: '^# address: 1.2.3.4'
- line: ' address: {{ vipaddress }}'
-
-- name: enable external lb | set vip port
- lineinfile:
- dest: /opt/kargo_k8s/inventory/group_vars/all.yml
- regexp: '^# port: 1234'
- line: ' port: {{ exlb_port }}'
-
-- name: enable internal lb
- lineinfile:
- dest: /opt/kargo_k8s/inventory/group_vars/all.yml
- regexp: '^#loadbalancer_apiserver_localhost: true'
- line: 'loadbalancer_apiserver_localhost: true'
-
-- name: use the user name and password login the dashboard
- lineinfile:
- dest: /opt/kargo_k8s/inventory/group_vars/k8s-cluster.yml
- regexp: '^#kube_basic_auth: false'
- line: 'kube_basic_auth: true'
-
-
-- name: add vip to ssl keys
- lineinfile:
- dest: /opt/kargo_k8s/inventory/group_vars/k8s-cluster.yml
- line: 'supplementary_addresses_in_ssl_keys: [{{ vipaddress }}]'
-
-- name: rm openssl file
- file:
- path: /opt/kargo_k8s/roles/kubernetes/secrets/templates/openssl.conf.j2
- state: absent
-
-- name: copy openssl.conf.j2
- copy:
- src: openssl.conf.j2
- dest: /opt/kargo_k8s/roles/kubernetes/secrets/templates/openssl.conf.j2
-
-- name: copy overrided variables
+- name: copy overrided variables for arm architecture
copy:
src: "{{ item }}"
dest: /opt/kargo_k8s/extra-vars.yml
with_first_found:
- extra-vars-{{ ansible_architecture }}.yml
- extra-vars.yml
+ - skip: true
+
+- name: copy overrided variables for kubespray
+ template:
+ src: "{{ item }}"
+ dest: "/opt/kargo_k8s/extra-vars.yml"
+ with_first_found:
+ - extra-vars-{{ ansible_architecture }}.yml.j2
+ - extra-vars.yml.j2
+ tags:
+ - ansible
- name: copy 2flannel playbook to kargo
copy:
@@ -264,8 +150,22 @@ kube-controller-manager.manifest.j2",
- name: run kargo playbook
shell: |
- cd /opt/kargo_k8s
ansible-playbook -i inventory/inventory.cfg cluster.yml \
-e "@extra-vars.yml" -b -v 2>&1 | tee kargo.log
+ args:
+ chdir: "/opt/kargo_k8s"
tags:
- ansible
+
+- name: read the ansible log file
+ shell: "cat /opt/kargo_k8s/kargo.log | tail -n 1000"
+ register: setup_kargo_result
+
+- fail:
+ msg: "some task failed when setup kargo."
+ when: setup_kargo_result.stdout.find('failed=1') != -1
+
+- fail:
+ msg: "some host are unreachable."
+ when: setup_kargo_result.stdout.find('unreachable=1') != -1
+ run_once: true
diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/templates/extra-vars.yml.j2 b/deploy/adapters/ansible/kubernetes/roles/kargo/templates/extra-vars.yml.j2
new file mode 100755
index 00000000..1d7a2fa2
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/kargo/templates/extra-vars.yml.j2
@@ -0,0 +1,40 @@
+---
+# Override default kubespray variables
+
+#dashboard_port: "{{dashboard_port|default('31746')}}"
+
+# kubespray configure
+apiserver_loadbalancer_domain_name: "{{ public_vip.ip }}"
+loadbalancer_apiserver:
+ address: "{{ public_vip.ip }}"
+ port: {{ loadbalancer_apiserver_port|default(8383) }}
+loadbalancer_apiserver_localhost: {{ loadbalancer_apiserver_localhost|default(true) }}
+
+kube_basic_auth: {{ kube_basic_auth |default(true) }}
+kube_network_plugin: {{ kube_network_plugin|default('calico') }}
+# Monitoring apps for k8s
+efk_enabled: {{ efk_enabled |default(true)}}
+# Helm deployment
+helm_enabled: {{ helm_enabled |default(true)}}
+# Istio deployment
+istio_enabled: {{ istio_enabled |default(false)}}
+supplementary_addresses_in_ssl_keys: ["{{ public_vip.ip }}"]
+#storage
+local_volume_provisioner_enabled: {{local_volume_provisioner_enabled |default(false) }}
+# local_volume_provisioner_namespace: "system_namespace"
+# local_volume_provisioner_base_dir: /mnt/disks
+# local_volume_provisioner_mount_dir: /mnt/disks
+# local_volume_provisioner_storage_class: local-storage
+
+# CephFS provisioner deployment
+cephfs_provisioner_enabled: {{ cephfs_provisioner_enabled |default(false)}}
+# cephfs_provisioner_namespace: "cephfs-provisioner"
+# cephfs_provisioner_cluster: ceph
+# cephfs_provisioner_monitors: "172.24.0.1:6789,172.24.0.2:6789,172.24.0.3:6789"
+# cephfs_provisioner_admin_id: admin
+# cephfs_provisioner_secret: secret
+# cephfs_provisioner_storage_class: cephfs
+# cephfs_provisioner_reclaim_policy: Delete
+# cephfs_provisioner_claim_root: /volumes
+# cephfs_provisioner_deterministic_names: true
+
diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/templates/inventory.j2 b/deploy/adapters/ansible/kubernetes/roles/kargo/templates/inventory.j2
new file mode 100644
index 00000000..0120ae18
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/kargo/templates/inventory.j2
@@ -0,0 +1,26 @@
+[all]
+{% for host, vales in hostvars.iteritems() %}
+{{ host }} ansible_ssh_host={{ vales['ansible_ssh_host'] }} ansible_ssh_pass=root ansible_user=root
+{% endfor %}
+
+[kube-master]
+{% for host in hostvars[inventory_hostname]['groups']['kube_master'] %}
+{{ host }}
+{% endfor %}
+
+[etcd]
+{% for host in hostvars[inventory_hostname]['groups']['etcd'] %}
+{{ host }}
+{% endfor %}
+
+[kube-node]
+{% for host in hostvars[inventory_hostname]['groups']['kube_node'] %}
+{{ host }}
+{% endfor %}
+
+[k8s-cluster:children]
+kube-node
+kube-master
+
+[calico-rr]
+[vault]
diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/vars/main.yml b/deploy/adapters/ansible/kubernetes/roles/kargo/vars/main.yml
index 21287b02..af9c9675 100644..100755
--- a/deploy/adapters/ansible/kubernetes/roles/kargo/vars/main.yml
+++ b/deploy/adapters/ansible/kubernetes/roles/kargo/vars/main.yml
@@ -1,6 +1,3 @@
---
-helm_flag: true
-apiserver_loadbalancer_domain_name: "{{ public_vip.ip }}"
-vipaddress: "{{ public_vip.ip }}"
-exlb_port: 8383
-kubelet_fail_swap_on: false
+http_proxy: "{{ proxy }}"
+https_proxy: "{{ proxy }}"
diff --git a/deploy/adapters/ansible/kubernetes/roles/post-k8s/defaults/main.yml b/deploy/adapters/ansible/kubernetes/roles/post-k8s/defaults/main.yml
new file mode 100644
index 00000000..aa9fd8a0
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/post-k8s/defaults/main.yml
@@ -0,0 +1,11 @@
+---
+
+local_release_dir: "/tmp/releases"
+heapster_enable: true
+retry_stagger: 5
+heapster:
+ enabled: true
+ owner: "root"
+ mode: "0755"
+ version: "1.5.2"
+heapster_download_url: https://github.com/kubernetes/heapster/archive/v{{ heapster.version }}.tar.gz
diff --git a/deploy/adapters/ansible/kubernetes/roles/post-k8s/tasks/main.yml b/deploy/adapters/ansible/kubernetes/roles/post-k8s/tasks/main.yml
index 3feca3e5..d382a5e1 100644
--- a/deploy/adapters/ansible/kubernetes/roles/post-k8s/tasks/main.yml
+++ b/deploy/adapters/ansible/kubernetes/roles/post-k8s/tasks/main.yml
@@ -14,3 +14,51 @@
dest: /opt/admin.conf
flat: "yes"
when: inventory_hostname == groups['kube_master'][0]
+
+- name: Create heapster dest directory
+ file:
+ path: "{{local_release_dir}}/heapster"
+ state: directory
+ recurse: "yes"
+ when:
+ - heapster.enabled
+ - inventory_hostname == groups['kube_master'][0]
+
+- name: get the package of heapster
+ get_url:
+ url: "{{heapster_download_url}}"
+ dest: "{{local_release_dir}}/heapster"
+ owner: "{{ heapster.owner|default(omit) }}"
+ mode: "{{ heapster.mode|default(omit) }}"
+ register: get_url_result
+ until: "'OK' in get_url_result.msg or 'file already exists' in get_url_result.msg"
+ retries: 4
+ delay: "{{ retry_stagger | random + 3 }}"
+ when:
+ - heapster.enabled
+ - inventory_hostname == groups['kube_master'][0]
+
+- name: untar the file of heapster
+ shell: |
+ cd "{{ local_release_dir }}/heapster";
+ tar zxvf "heapster-{{ heapster.version }}.tar.gz"
+ when:
+ - heapster.enabled
+ - inventory_hostname == groups['kube_master'][0]
+
+- name: replace the cpu architecture for aarch64
+ shell: |
+ cd "{{ local_release_dir }}/heapster/heapster-{{ heapster.version }}/deploy/";
+ find ./kube-config -name "*.yaml" -exec sed -i "s/amd64/arm64/g" {} \;
+ when:
+ - heapster.enabled
+ - inventory_hostname == groups['kube_master'][0]
+ - ansible_architecture == "aarch64"
+
+- name: install the heapster
+ shell: |
+ cd "{{ local_release_dir }}/heapster/heapster-{{ heapster.version }}/deploy/";
+ ./kube.sh start
+ when:
+ - heapster.enabled
+ - inventory_hostname == groups['kube_master'][0]
diff --git a/deploy/adapters/ansible/kubernetes/roles/pre-k8s/files/sources.list.official.aarch64 b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/files/sources.list.official.aarch64
new file mode 100644
index 00000000..f4a3f5e9
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/files/sources.list.official.aarch64
@@ -0,0 +1,54 @@
+# deb http://us.ports.ubuntu.com/ubuntu-ports/ xenial main restricted
+
+# deb http://us.ports.ubuntu.com/ubuntu-ports/ xenial-updates main restricted
+# deb http://ports.ubuntu.com/ubuntu-ports xenial-security main restricted
+
+# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
+# newer versions of the distribution.
+deb http://us.ports.ubuntu.com/ubuntu-ports/ xenial main restricted
+deb-src http://us.ports.ubuntu.com/ubuntu-ports/ xenial main restricted
+
+## Major bug fix updates produced after the final release of the
+## distribution.
+deb http://us.ports.ubuntu.com/ubuntu-ports/ xenial-updates main restricted
+deb-src http://us.ports.ubuntu.com/ubuntu-ports/ xenial-updates main restricted
+
+## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
+## team. Also, please note that software in universe WILL NOT receive any
+## review or updates from the Ubuntu security team.
+deb http://us.ports.ubuntu.com/ubuntu-ports/ xenial universe
+deb-src http://us.ports.ubuntu.com/ubuntu-ports/ xenial universe
+deb http://us.ports.ubuntu.com/ubuntu-ports/ xenial-updates universe
+deb-src http://us.ports.ubuntu.com/ubuntu-ports/ xenial-updates universe
+
+## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
+## team, and may not be under a free licence. Please satisfy yourself as to
+## your rights to use the software. Also, please note that software in
+## multiverse WILL NOT receive any review or updates from the Ubuntu
+## security team.
+deb http://us.ports.ubuntu.com/ubuntu-ports/ xenial multiverse
+deb-src http://us.ports.ubuntu.com/ubuntu-ports/ xenial multiverse
+deb http://us.ports.ubuntu.com/ubuntu-ports/ xenial-updates multiverse
+deb-src http://us.ports.ubuntu.com/ubuntu-ports/ xenial-updates multiverse
+
+## N.B. software from this repository may not have been tested as
+## extensively as that contained in the main release, although it includes
+## newer versions of some applications which may provide useful features.
+## Also, please note that software in backports WILL NOT receive any review
+## or updates from the Ubuntu security team.
+deb http://us.ports.ubuntu.com/ubuntu-ports/ xenial-backports main restricted universe multiverse
+deb-src http://us.ports.ubuntu.com/ubuntu-ports/ xenial-backports main restricted universe multiverse
+
+## Uncomment the following two lines to add software from Canonical's
+## 'partner' repository.
+## This software is not part of Ubuntu, but is offered by Canonical and the
+## respective vendors as a service to Ubuntu users.
+# deb http://archive.canonical.com/ubuntu xenial partner
+# deb-src http://archive.canonical.com/ubuntu xenial partner
+
+deb http://ports.ubuntu.com/ubuntu-ports xenial-security main restricted
+deb-src http://ports.ubuntu.com/ubuntu-ports xenial-security main restricted
+deb http://ports.ubuntu.com/ubuntu-ports xenial-security universe
+deb-src http://ports.ubuntu.com/ubuntu-ports xenial-security universe
+deb http://ports.ubuntu.com/ubuntu-ports xenial-security multiverse
+deb-src http://ports.ubuntu.com/ubuntu-ports xenial-security multiverse
diff --git a/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/Ubuntu.yml b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/Ubuntu.yml
index 44e3b1f6..b4ef9278 100644
--- a/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/Ubuntu.yml
+++ b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/Ubuntu.yml
@@ -62,10 +62,17 @@
- name: remove the space end of the line in the resolv.conf
shell: "sed -i 's/ *$//' /etc/resolv.conf"
+- name: remove estuary overlay and update apt cache
+ shell: rm -f /etc/apt/sources.list.d/estuary.list && apt-get update
+ when: ansible_architecture == "aarch64"
+
- name: change sources list
copy:
- src: sources.list.official
+ src: "{{ item }}"
dest: /etc/apt/sources.list
+ with_first_found:
+ - sources.list.official.{{ ansible_architecture }}
+ - sources.list.official
- name: restart ntp service
shell: "service ntp restart"
diff --git a/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/main.yml b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/main.yml
index c915ec09..844d76a3 100644
--- a/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/main.yml
+++ b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/main.yml
@@ -15,4 +15,6 @@
- name: close the swap partition
shell: |
+ systemctl disable swap.target
+ systemctl mask swap.target
swapoff -a
diff --git a/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/tasks/RedHat.yml b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/tasks/RedHat.yml
index 5b434dbe..d32cf238 100644
--- a/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/tasks/RedHat.yml
+++ b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/tasks/RedHat.yml
@@ -56,6 +56,9 @@
- name: restart the network
shell: systemctl restart network
+- name: install python lib
+ shell: yum install -y python-yaml python-netaddr
+
- name: make sure python lib exist
action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
with_items:
diff --git a/deploy/adapters/ansible/kubernetes/roles/sriov/templates/cni-sriov-rbac.yml.j2 b/deploy/adapters/ansible/kubernetes/roles/sriov/templates/cni-sriov-rbac.yml.j2
index 1298aeaa..0ce663b1 100644
--- a/deploy/adapters/ansible/kubernetes/roles/sriov/templates/cni-sriov-rbac.yml.j2
+++ b/deploy/adapters/ansible/kubernetes/roles/sriov/templates/cni-sriov-rbac.yml.j2
@@ -11,7 +11,7 @@ metadata:
namespace: "{{system_namespace}}"
---
kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: sriov
rules:
@@ -36,7 +36,7 @@ rules:
- patch
---
kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: sriov
roleRef:
diff --git a/deploy/adapters/ansible/kubernetes/roles/sriov/templates/cni-sriov.yml.j2 b/deploy/adapters/ansible/kubernetes/roles/sriov/templates/cni-sriov.yml.j2
index 90c7f28c..3a9e819b 100644
--- a/deploy/adapters/ansible/kubernetes/roles/sriov/templates/cni-sriov.yml.j2
+++ b/deploy/adapters/ansible/kubernetes/roles/sriov/templates/cni-sriov.yml.j2
@@ -4,13 +4,20 @@
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
---
-apiVersion: extensions/v1beta1
-kind: ThirdPartyResource
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
metadata:
name: network.kubernetes.com
-description: "A specification of a Network obj in the kubernetes"
-versions:
-- name: v1
+spec:
+ group: kubernetes.com
+ version: v1
+ scope: Namespaced
+ names:
+ plural: networks
+ singular: network
+ kind: Network
+ shortNames:
+ - net
---
apiVersion: v1
kind: ServiceAccount
@@ -43,7 +50,7 @@ data:
}
}
---
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-flannel-ds
diff --git a/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml b/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml
index c14f958e..152a7dc0 100644
--- a/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml
+++ b/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml
@@ -107,6 +107,7 @@
- utility_all[0]
- network_hosts[0]
- horizon
+ - compute
remote_user: root
roles:
- post-openstack
@@ -120,3 +121,10 @@
remote_user: root
roles:
- moon
+
+- hosts:
+ - ceph_adm
+ - ceph-mon
+ remote_user: root
+ roles:
+ - os-stor4nfv
diff --git a/deploy/adapters/ansible/openstack_pike/README.md b/deploy/adapters/ansible/openstack_pike/README.md
index 7682d325..8a5b5765 100644
--- a/deploy/adapters/ansible/openstack_pike/README.md
+++ b/deploy/adapters/ansible/openstack_pike/README.md
@@ -1 +1,10 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
# keep for openstack pike
diff --git a/deploy/adapters/ansible/openstack_queens/README.md b/deploy/adapters/ansible/openstack_queens/README.md
new file mode 100644
index 00000000..bea43534
--- /dev/null
+++ b/deploy/adapters/ansible/openstack_queens/README.md
@@ -0,0 +1,10 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+# keep for openstack queens
diff --git a/deploy/adapters/ansible/roles/config-compute/templates/compute.j2 b/deploy/adapters/ansible/roles/config-compute/templates/compute.j2
index b23550f9..e7b79436 100644
--- a/deploy/adapters/ansible/roles/config-compute/templates/compute.j2
+++ b/deploy/adapters/ansible/roles/config-compute/templates/compute.j2
@@ -64,13 +64,13 @@ iface br-external inet static
gateway {{ ip_settings[inventory_hostname]["external"]["gw"] }}
offload-sg off
# Create veth pair, don't bomb if already exists
- pre-up ip link add br-vlan-veth type veth peer name eth12 || true
+ pre-up ip link add external-veth type veth peer name external-nic || true
# Set both ends UP
- pre-up ip link set br-vlan-veth up
- pre-up ip link set eth12 up
+ pre-up ip link set external-veth up
+ pre-up ip link set external-nic up
# Delete veth pair on DOWN
- post-down ip link del br-vlan-veth || true
- bridge_ports br-vlan-veth
+ post-down ip link del external-veth || true
+ bridge_ports external-veth
# VXLAN (tunnel/overlay) bridge config
auto br-tenant
diff --git a/deploy/adapters/ansible/roles/config-controller/templates/controller.j2 b/deploy/adapters/ansible/roles/config-controller/templates/controller.j2
index 4e444eca..99d62876 100755
--- a/deploy/adapters/ansible/roles/config-controller/templates/controller.j2
+++ b/deploy/adapters/ansible/roles/config-controller/templates/controller.j2
@@ -62,6 +62,15 @@ iface br-external inet static
address {{ ip_settings[inventory_hostname]["external"]["ip"] }}
netmask 255.255.255.0
gateway {{ ip_settings[inventory_hostname]["external"]["gw"] }}
+ offload-sg off
+ # Create veth pair, don't bomb if already exists
+ pre-up ip link add external-veth type veth peer name external-nic || true
+ # Set both ends UP
+ pre-up ip link set external-veth up
+ pre-up ip link set external-nic up
+ # Delete veth pair on DOWN
+ post-down ip link del external-veth || true
+ bridge_ports external-veth
# OpenStack Networking VXLAN (tunnel/overlay) bridge
#
@@ -71,11 +80,13 @@ iface br-external inet static
# bridge.
#
auto br-tenant
-iface br-tenant inet manual
+iface br-tenant inet static
bridge_stp off
bridge_waitport 0
bridge_fd 0
bridge_ports {{ intf_tenant }}
+ address {{ ip_settings[inventory_hostname]["tenant"]["ip"] }}
+ netmask 255.255.255.0
# Storage bridge
auto br-storage
diff --git a/deploy/adapters/ansible/roles/config-osa/files/chrony.conf.j2 b/deploy/adapters/ansible/roles/config-osa/files/chrony.conf.j2
index 1c2443e0..d58f9115 100644
--- a/deploy/adapters/ansible/roles/config-osa/files/chrony.conf.j2
+++ b/deploy/adapters/ansible/roles/config-osa/files/chrony.conf.j2
@@ -98,7 +98,5 @@ rtconutc
# Listen for NTP requests only on local interfaces.
port 0
bindcmdaddress 127.0.0.1
-{% if not security_disable_ipv6 | bool %}
bindcmdaddress ::1
{% endif %}
-{% endif %}
diff --git a/deploy/adapters/ansible/roles/config-osa/files/lxc_cache_prestage.patch b/deploy/adapters/ansible/roles/config-osa/files/lxc_cache_prestage.patch
new file mode 100644
index 00000000..14f5f5f0
--- /dev/null
+++ b/deploy/adapters/ansible/roles/config-osa/files/lxc_cache_prestage.patch
@@ -0,0 +1,11 @@
+--- lxc_cache_prestage.yml 2018-07-24 07:56:22.480369360 +0000
++++ /tmp/lxc_cache_prestage.yml 2018-07-24 08:17:44.665880308 +0000
+@@ -66,7 +66,7 @@
+ --dir=/tmp
+ --out=rootfs.tar.xz
+ --check-certificate={{ (lxc_hosts_validate_certs | bool) | lower }}
+- {% for server in lxc_image_cache_server_mirrors %}{{ server }}{{ lxc_images[0].split(';')[-1] }}rootfs.tar.xz {% endfor %}
++ http://192.168.137.222/download/rootfs.tar.xz
+ > /var/log/aria2c-image-prestage.log 2>&1
+ args:
+ warn: no
diff --git a/deploy/adapters/ansible/roles/config-osa/files/op-venv-script.sh b/deploy/adapters/ansible/roles/config-osa/files/op-venv-script.sh
index fb197555..3fcab155 100644
--- a/deploy/adapters/ansible/roles/config-osa/files/op-venv-script.sh
+++ b/deploy/adapters/ansible/roles/config-osa/files/op-venv-script.sh
@@ -1,3 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
#!/usr/local/env bash
set -ev
diff --git a/deploy/adapters/ansible/roles/config-osa/tasks/fix_pip_version.yml b/deploy/adapters/ansible/roles/config-osa/tasks/fix_pip_version.yml
index 61d263b4..6ec8425b 100644
--- a/deploy/adapters/ansible/roles/config-osa/tasks/fix_pip_version.yml
+++ b/deploy/adapters/ansible/roles/config-osa/tasks/fix_pip_version.yml
@@ -18,8 +18,15 @@
regexp: '^ - python-ldap'
line: ' - python-ldap==2.5.2'
-- name: add pkgconfig in gnocchi requires pip packages
+- name: add pbr in gnocchi requires pip packages
lineinfile:
dest: /etc/ansible/roles/repo_build/defaults/main.yml
insertafter: "repo_pip_packages:"
- line: ' - pkgconfig'
+ line: ' - pbr'
+
+- name: create user config file to control pip version
+ copy:
+ content: |
+ pip_packages:
+ - pip==9.0.1
+ dest: /etc/openstack_deploy/user_fixpip.yml
diff --git a/deploy/adapters/ansible/roles/config-osa/tasks/fix_rescue.yml b/deploy/adapters/ansible/roles/config-osa/tasks/fix_rescue.yml
index ff7d4250..c73aceb7 100644
--- a/deploy/adapters/ansible/roles/config-osa/tasks/fix_rescue.yml
+++ b/deploy/adapters/ansible/roles/config-osa/tasks/fix_rescue.yml
@@ -28,7 +28,7 @@
- name: fix rescue problem for lxc-hosts-setup
blockinfile:
- dest: "/opt/openstack-ansible/playbooks/lxc-hosts-setup.yml"
+ dest: "/opt/openstack-ansible/playbooks/containers-lxc-host.yml"
block: |
- hosts: localhost
user: root
@@ -38,7 +38,7 @@
- name: delete max_fail_percentage for lxc-hosts-setup
lineinfile:
- dest: "/opt/openstack-ansible/playbooks/lxc-hosts-setup.yml"
+ dest: "/opt/openstack-ansible/playbooks/containers-lxc-host.yml"
regexp: "max_fail_percentage*"
state: absent
diff --git a/deploy/adapters/ansible/roles/config-osa/tasks/main.yml b/deploy/adapters/ansible/roles/config-osa/tasks/main.yml
index 74d930e2..ab2714a9 100755
--- a/deploy/adapters/ansible/roles/config-osa/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/config-osa/tasks/main.yml
@@ -163,7 +163,7 @@
- name: remove repo_build_pip_no_binary
lineinfile:
- dest: /opt/openstack-ansible/group_vars/repo_all.yml
+ dest: /opt/openstack-ansible/inventory/group_vars/repo_all.yml
state: absent
regexp: "{{ item }}"
with_items: ['^repo_build_pip_no_binary:', '^ - libvirt-python']
@@ -348,21 +348,89 @@
# insertafter: "^- include: repo_post_build.yml"
# line: "- include: repo_fix_pandas.yml"
-- include: meters.yml
+- include: fix_rescue.yml
-# upstream has fix this issue so somments it
-# maybe will use in the furture
-- include: fix_pip_version.yml
+- name: rm command "rm -f /etc/resolv.conf" in cache_prep_commands
+ lineinfile:
+ dest: /etc/ansible/roles/lxc_hosts/vars/ubuntu-16.04.yml
+ regexp: 'rm -f /etc/resolv.conf$'
+ line: ' echo "ok"'
+ backrefs: 'yes'
-- include: fix_rescue.yml
+- name: add command "rm /etc/resolv.conf || true" in cache_prep_commands
+ lineinfile:
+ dest: /etc/ansible/roles/lxc_hosts/vars/ubuntu-16.04.yml
+ insertafter: '^ cache_prep_commands:'
+ line: ' rm /etc/resolv.conf || true'
-- name: include tacker in setup-openstack
+- name: fix apt prompt issue
lineinfile:
- dest: /opt/openstack-ansible/playbooks/setup-openstack.yml
- insertafter: "^- include: os-trove"
- line: "- include: os-tacker-install.yml"
+ dest: /etc/ansible/roles/lxc_hosts/vars/ubuntu-16.04.yml
+ state: absent
+ regexp: "apt-get upgrade -y"
-- name: add variables file of tacker for centos
+- name: set pre-staged retry to 120
+ replace:
+ dest: /etc/ansible/roles/lxc_hosts/tasks/lxc_cache_preparation_systemd_new.yml
+ regexp: '^ retries: 60'
+ replace: ' retries: 120'
+
+- name: copy lxc_cache_prestage.patch
copy:
- src: redhat-7.yml
- dest: /etc/ansible/roles/os_tacker/vars/redhat-7.yml
+ src: lxc_cache_prestage.patch
+ dest: /etc/ansible/roles/lxc_hosts/tasks/lxc_cache_prestage.patch
+ when:
+ - checkresult.rc == 0
+ - offline_deployment is defined and offline_deployment == "Disable"
+
+- name: patch lxc_cache_prestage.yml
+ shell:
+ patch -p0 < lxc_cache_prestage.patch
+ args:
+ chdir: /etc/ansible/roles/lxc_hosts/tasks/
+ when:
+ - checkresult.rc == 0
+ - offline_deployment is defined and offline_deployment == "Disable"
+ ignore_errors: "true"
+
+- name: add cache refresh
+ blockinfile:
+ dest: /opt/openstack-ansible/playbooks/setup-infrastructure.yml
+ insertbefore: '^- include: unbound-install.yml'
+ block: |
+ - hosts: all
+ user: root
+ tasks:
+ - name: refresh
+ setup:
+
+- name: create openstack git directory
+ file:
+ path: /opt/git/openstack
+ state: directory
+ when:
+ - checkresult.rc == 0
+ - offline_deployment is defined and offline_deployment == "Disable"
+
+- name: download openstack git package
+ get_url:
+ url: "http://192.168.137.222/download/openstack-queens-git.tar.gz"
+ dest: "/opt/git/openstack"
+ when:
+ - checkresult.rc == 0
+ - offline_deployment is defined and offline_deployment == "Disable"
+
+- name: extract openstack git repo
+ shell:
+ tar zxf openstack-queens-git.tar.gz
+ args:
+ chdir: "/opt/git/openstack"
+ when:
+ - checkresult.rc == 0
+ - offline_deployment is defined and offline_deployment == "Disable"
+
+- name: fix keepalived
+ lineinfile:
+ dest: /opt/openstack-ansible/inventory/group_vars/haproxy/keepalived.yml
+ regexp: 'check_script: "/bin/kill -0 `cat /var/run/haproxy.pid`"'
+ line: ' check_script: "/bin/kill -0 `cat /var/run/haproxy.pid` || true"'
diff --git a/deploy/adapters/ansible/roles/config-osa/tasks/meters.yml b/deploy/adapters/ansible/roles/config-osa/tasks/meters.yml
index 2b3bce5f..ca85f440 100644
--- a/deploy/adapters/ansible/roles/config-osa/tasks/meters.yml
+++ b/deploy/adapters/ansible/roles/config-osa/tasks/meters.yml
@@ -9,7 +9,7 @@
---
- name: modify the aodh haproxy config
copy:
- dest: /opt/openstack-ansible/group_vars/all/haproxy.yml
+ dest: /opt/openstack-ansible/inventory/group_vars/all/haproxy.yml
src: haproxy.yml
mode: 0664
diff --git a/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 b/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2
index 4f1ea8d5..dd45bd1a 100644
--- a/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2
+++ b/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2
@@ -26,11 +26,16 @@ haproxy_keepalived_internal_vip_cidr: "{{ internal_vip.ip }}/32"
haproxy_keepalived_external_interface: br-external
haproxy_keepalived_internal_interface: br-mgmt
keepalived_ping_address: "{{ ntp_server }}"
+lxc_host_machine_volume_size: 16
cinder_cinder_conf_overrides:
oslo_middleware:
enable_proxy_headers_parsing: True
+neutron_neutron_conf_overrides:
+ oslo_middleware:
+ enable_proxy_headers_parsing: True
+
nfs_file_gw: False
{% if "openvswitch" == NEUTRON_MECHANISM_DRIVERS[0] or
@@ -73,3 +78,4 @@ security_ntp_servers:
- {{ ntp_server }}
tacker_etc_dir: "/etc/tacker"
+nova_spicehtml5_git_repo: https://gitlab.freedesktop.org/spice/spice-html5.git
diff --git a/deploy/adapters/ansible/roles/config-osa/vars/main.yml b/deploy/adapters/ansible/roles/config-osa/vars/main.yml
index 65f67c18..7daf40c9 100644
--- a/deploy/adapters/ansible/roles/config-osa/vars/main.yml
+++ b/deploy/adapters/ansible/roles/config-osa/vars/main.yml
@@ -12,5 +12,5 @@ ceph_host: "{{ hostvars[inventory_hostname]['groups']['ceph_osd'][0] }}"
repo_dest_path: "/var/www/repo/os-releases/15.1.4/ubuntu-16.04-x86_64/"
networking_sfc_version: 4.0.0
# yamllint disable rule:line-length
-openstack_release: "{{ lookup('yamlfile', '/opt/openstack-ansible/group_vars/all/all.yml key=openstack_release') }}"
+openstack_release: "{{ lookup('yamlfile', '/opt/openstack-ansible/inventory/group_vars/all/all.yml key=openstack_release') }}"
# yamllint enable rule:line-length
diff --git a/deploy/adapters/ansible/roles/post-openstack/files/manager.py.patch b/deploy/adapters/ansible/roles/post-openstack/files/manager.py.patch
new file mode 100644
index 00000000..198ff5be
--- /dev/null
+++ b/deploy/adapters/ansible/roles/post-openstack/files/manager.py.patch
@@ -0,0 +1,12 @@
+--- manager.py 2018-11-07 03:51:22.764685289 -0800
++++ manager.py.new 2018-11-07 03:58:21.014139558 -0800
+@@ -314,8 +314,7 @@
+ if self._events is None:
+ # NOTE(danms): We really should have a more specific error
+ # here, but this is what we use for our default error case
+- raise exception.NovaException('In shutdown, no new events '
+- 'can be scheduled')
++ self._events = {}
+
+ @utils.synchronized(self._lock_name(instance))
+ def _create_or_get_event():
diff --git a/deploy/adapters/ansible/roles/post-openstack/tasks/main.yml b/deploy/adapters/ansible/roles/post-openstack/tasks/main.yml
index 0bd9aeff..2a63acf0 100644
--- a/deploy/adapters/ansible/roles/post-openstack/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/post-openstack/tasks/main.yml
@@ -86,3 +86,7 @@
state: restarted
when:
- inventory_hostname in groups['horizon']
+
+- include: nova_patch.yml
+ when:
+ - inventory_hostname in groups['compute']
diff --git a/deploy/adapters/ansible/roles/post-openstack/tasks/nova_patch.yml b/deploy/adapters/ansible/roles/post-openstack/tasks/nova_patch.yml
new file mode 100644
index 00000000..d9cfad9c
--- /dev/null
+++ b/deploy/adapters/ansible/roles/post-openstack/tasks/nova_patch.yml
@@ -0,0 +1,23 @@
+##############################################################################
+# Copyright (c) 2016-2018 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: copy manager.py.patch
+ copy:
+ src: manager.py.patch
+ dest: /openstack/venvs/nova-{{ openstack_release }}/lib/python2.7/site-packages/nova/compute
+
+- name: patch manager.py.patch
+ shell:
+ patch -p0 < manager.py.patch
+ args:
+ chdir: /openstack/venvs/nova-{{ openstack_release }}/lib/python2.7/site-packages/nova/compute
+
+- name: restart nova-compute
+ shell:
+ systemctl restart nova-compute
diff --git a/deploy/adapters/ansible/roles/post-openstack/vars/main.yml b/deploy/adapters/ansible/roles/post-openstack/vars/main.yml
index ed64c8db..1fc2cc27 100644
--- a/deploy/adapters/ansible/roles/post-openstack/vars/main.yml
+++ b/deploy/adapters/ansible/roles/post-openstack/vars/main.yml
@@ -45,5 +45,5 @@ flavors:
disk: 160
# yamllint disable rule:line-length
-openstack_release: "{{ lookup('yamlfile', '/opt/openstack-ansible/group_vars/all/all.yml key=openstack_release') }}"
+openstack_release: "{{ lookup('yamlfile', '/opt/openstack-ansible/inventory/group_vars/all/all.yml key=openstack_release') }}"
# yamllint enable rule:line-length
diff --git a/deploy/adapters/ansible/roles/post-osa/files/sfc.conf b/deploy/adapters/ansible/roles/post-osa/files/sfc.conf
index ce42c9e1..b200f254 100755
--- a/deploy/adapters/ansible/roles/post-osa/files/sfc.conf
+++ b/deploy/adapters/ansible/roles/post-osa/files/sfc.conf
@@ -1,6 +1,6 @@
[DEFAULT]
-service_plugins = router,metering,flow_classifier,sfc
+service_plugins = router,metering,flow_classifier,sfc,trunk
[sfc]
drivers = ovs
diff --git a/deploy/adapters/ansible/roles/post-osa/tasks/install_networking_sfc.yml b/deploy/adapters/ansible/roles/post-osa/tasks/install_networking_sfc.yml
index d5a04e78..684d05cb 100644
--- a/deploy/adapters/ansible/roles/post-osa/tasks/install_networking_sfc.yml
+++ b/deploy/adapters/ansible/roles/post-osa/tasks/install_networking_sfc.yml
@@ -2,7 +2,7 @@
- name: install networking-sfc
pip:
- name: networking-sfc
+ name: networking-sfc==6.0.0.0rc1
virtualenv: /openstack/venvs/neutron-{{ os_ver }}
when:
- inventory_hostname in groups['neutron_server']
diff --git a/deploy/adapters/ansible/roles/post-osa/tasks/main.yml b/deploy/adapters/ansible/roles/post-osa/tasks/main.yml
index fed3842f..e7e4c37d 100644
--- a/deploy/adapters/ansible/roles/post-osa/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/post-osa/tasks/main.yml
@@ -11,6 +11,7 @@
when:
- inventory_hostname in groups['compute']
- ansible_distribution == 'Ubuntu'
+ - NEUTRON_MECHANISM_DRIVERS[0] == "openvswitch"
# install networking-sfc for non odl scenarios
- include: install_networking_sfc.yml
@@ -29,3 +30,6 @@
- include: tacker_horizon.yml
when: inventory_hostname in groups['horizon_all']
+
+- include: novaclient_workaround.yml
+ when: inventory_hostname in groups['utility']
diff --git a/deploy/adapters/ansible/roles/post-osa/tasks/novaclient_workaround.yml b/deploy/adapters/ansible/roles/post-osa/tasks/novaclient_workaround.yml
new file mode 100644
index 00000000..40ec608d
--- /dev/null
+++ b/deploy/adapters/ansible/roles/post-osa/tasks/novaclient_workaround.yml
@@ -0,0 +1,6 @@
+---
+
+- name: use python-novaclient version 9.0.0 to replace 10.2.0
+ pip:
+ name: python-novaclient
+ version: 9.0.0
diff --git a/deploy/adapters/ansible/roles/post-osa/vars/main.yml b/deploy/adapters/ansible/roles/post-osa/vars/main.yml
index f5ffa335..7aed0472 100644
--- a/deploy/adapters/ansible/roles/post-osa/vars/main.yml
+++ b/deploy/adapters/ansible/roles/post-osa/vars/main.yml
@@ -1,9 +1,9 @@
---
# yamllint disable rule:line-length
-os_ver: "{{ lookup('yamlfile', '/opt/openstack-ansible/group_vars/all/all.yml key=openstack_release') }}"
+os_ver: "{{ lookup('yamlfile', '/opt/openstack-ansible/inventory/group_vars/all/all.yml key=openstack_release') }}"
# yamllint enable rule:line-length
-os_name: pike
+os_name: queens
# yamllint disable rule:line-length
tacker_horizon_repo: https://github.com/openstack/tacker-horizon.git
diff --git a/deploy/adapters/ansible/roles/setup-host/tasks/Ubuntu.yml b/deploy/adapters/ansible/roles/setup-host/tasks/Ubuntu.yml
index 00675d9c..5d9cded0 100644
--- a/deploy/adapters/ansible/roles/setup-host/tasks/Ubuntu.yml
+++ b/deploy/adapters/ansible/roles/setup-host/tasks/Ubuntu.yml
@@ -8,7 +8,7 @@
# #############################################################################
---
- name: setup hosts
- shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \
+ shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_queens-opnfv2/ansible.log; \
export ANSIBLE_SCP_IF_SSH=y; \
cd /opt/openstack-ansible/playbooks; \
openstack-ansible setup-hosts.yml \
@@ -19,7 +19,7 @@
register: failed_container
- name: destroy the failed_container
- shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \
+ shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_queens-opnfv2/ansible.log; \
export ANSIBLE_SCP_IF_SSH=y; \
cd /opt/openstack-ansible/playbooks; \
openstack-ansible lxc-containers-destroy.yml \
@@ -30,7 +30,7 @@
ignore_errors: "True"
- name: retry to setup failed_container
- shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \
+ shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_queens-opnfv2/ansible.log; \
export ANSIBLE_SCP_IF_SSH=y; \
cd /opt/openstack-ansible/playbooks; \
openstack-ansible setup-hosts.yml --limit {{item}} \
diff --git a/deploy/adapters/ansible/roles/setup-openvswitch/handlers/main.yml b/deploy/adapters/ansible/roles/setup-openvswitch/handlers/main.yml
index fb7814b7..58a1710c 100644
--- a/deploy/adapters/ansible/roles/setup-openvswitch/handlers/main.yml
+++ b/deploy/adapters/ansible/roles/setup-openvswitch/handlers/main.yml
@@ -6,6 +6,11 @@
# http://www.apache.org/licenses/LICENSE-2.0
############################################################################
---
+- name: restart network service
+ service:
+ name: networking
+ state: restarted
+
- name: restart neutron-openvswitch-agent
service:
name: neutron-openvswitch-agent
diff --git a/deploy/adapters/ansible/roles/setup-openvswitch/tasks/compute.yml b/deploy/adapters/ansible/roles/setup-openvswitch/tasks/compute.yml
index 43c6689f..670eea75 100644
--- a/deploy/adapters/ansible/roles/setup-openvswitch/tasks/compute.yml
+++ b/deploy/adapters/ansible/roles/setup-openvswitch/tasks/compute.yml
@@ -50,7 +50,7 @@
when:
- compute in item["role"]
-- name: start neutron-openvswitch-agent
+- name: restart neutron-openvswitch-agent
service:
name: neutron-openvswitch-agent
- state: started
+ state: restarted
diff --git a/deploy/adapters/ansible/roles/setup-openvswitch/tasks/controller.yml b/deploy/adapters/ansible/roles/setup-openvswitch/tasks/controller.yml
index 3637d1db..726cb545 100644
--- a/deploy/adapters/ansible/roles/setup-openvswitch/tasks/controller.yml
+++ b/deploy/adapters/ansible/roles/setup-openvswitch/tasks/controller.yml
@@ -50,7 +50,27 @@
when:
- controller in item["role"]
+- name: configure interfaces ubuntu
+ template:
+ src: controller.j2
+ dest: /etc/network/interfaces
+ notify:
+ - restart network service
+
- name: start neutron-openvswitch-agent
service:
name: neutron-openvswitch-agent
- state: started
+ state: restarted
+
+- name: update keepalived
+ replace:
+ dest: /etc/keepalived/keepalived.conf
+ regexp: 'br-external'
+ replace: 'br-provider'
+
+- meta: flush_handlers
+
+- name: restart keepalived
+ service:
+ name: keepalived
+ state: restarted
diff --git a/deploy/adapters/ansible/roles/setup-openvswitch/tasks/main.yml b/deploy/adapters/ansible/roles/setup-openvswitch/tasks/main.yml
index 87e508ca..0ad47d3c 100644
--- a/deploy/adapters/ansible/roles/setup-openvswitch/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/setup-openvswitch/tasks/main.yml
@@ -10,9 +10,19 @@
- include: controller.yml
when:
- inventory_hostname not in groups['nova_compute']
- - NEUTRON_MECHANISM_DRIVERS[0] == "openvswitch" or "opendaylight"
+ - NEUTRON_MECHANISM_DRIVERS[0] == "openvswitch"
- include: compute.yml
when:
- inventory_hostname in groups['nova_compute']
- - NEUTRON_MECHANISM_DRIVERS[0] == "openvswitch" or "opendaylight"
+ - NEUTRON_MECHANISM_DRIVERS[0] == "openvswitch"
+
+- include_vars: "{{ ansible_os_family }}.yml"
+ when:
+ - odl_sfc is not defined or odl_sfc != "Enable"
+ - NEUTRON_MECHANISM_DRIVERS[0] == "opendaylight"
+
+- include: odl.yml
+ when:
+ - odl_sfc is not defined or odl_sfc != "Enable"
+ - NEUTRON_MECHANISM_DRIVERS[0] == "opendaylight"
diff --git a/deploy/adapters/ansible/roles/setup-openvswitch/tasks/odl.yml b/deploy/adapters/ansible/roles/setup-openvswitch/tasks/odl.yml
new file mode 100644
index 00000000..9c96a46a
--- /dev/null
+++ b/deploy/adapters/ansible/roles/setup-openvswitch/tasks/odl.yml
@@ -0,0 +1,25 @@
+#############################################################################
+# Copyright (c) 2017-2018 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+#############################################################################
+---
+- name: uninstall ovs for odl
+ apt:
+ name: "{{ item.name }}"
+ state: absent
+ with_items: "{{ ovs_pkgs }}"
+
+- name: download ovs pkgs
+ get_url:
+ url: "{{ item.url }}"
+ dest: "/tmp/{{ item.package }}"
+ with_items: "{{ ovs_pkgs }}"
+
+- name: install ovs pkgs
+ shell:
+ dpkg -i "/tmp/{{ item.package }}"
+ with_items: "{{ ovs_pkgs }}"
diff --git a/deploy/adapters/ansible/roles/setup-openvswitch/templates/controller.j2 b/deploy/adapters/ansible/roles/setup-openvswitch/templates/controller.j2
new file mode 100755
index 00000000..bdc4d447
--- /dev/null
+++ b/deploy/adapters/ansible/roles/setup-openvswitch/templates/controller.j2
@@ -0,0 +1,90 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# Physical interface
+auto eth0
+iface eth0 inet manual
+
+# external interface
+{% set intf_external = contr_sys_mappings["external"]["interface"] %}
+{% if contr_sys_mappings["external"]["vlan_tag"] | int %}
+{% set intf_external = intf_external + '.' + contr_sys_mappings["external"]["vlan_tag"]|string %}
+{% endif %}
+auto {{ intf_external }}
+iface {{ intf_external }} inet manual
+{% if contr_sys_mappings["external"]["vlan_tag"] | int %}
+ vlan-raw-device {{ intf_external }}
+{% endif %}
+
+# tenant interface
+{% set intf_tenant = contr_sys_mappings["tenant"]["interface"] %}
+{% if contr_sys_mappings["tenant"]["vlan_tag"] | int %}
+{% set intf_tenant = intf_tenant + '.' + contr_sys_mappings["tenant"]["vlan_tag"]|string %}
+{% endif %}
+auto {{ intf_tenant }}
+iface {{ intf_tenant }} inet manual
+{% if contr_sys_mappings["tenant"]["vlan_tag"] | int %}
+ vlan-raw-device {{ intf_tenant }}
+{% endif %}
+
+# storage interface
+{% set intf_storage = contr_sys_mappings["storage"]["interface"] %}
+{% if contr_sys_mappings["storage"]["vlan_tag"] | int %}
+{% set intf_storage = intf_storage + '.' + contr_sys_mappings["storage"]["vlan_tag"]|string %}
+{% endif %}
+auto {{ intf_storage }}
+iface {{ intf_storage }} inet manual
+{% if contr_sys_mappings["storage"]["vlan_tag"] | int %}
+ vlan-raw-device {{ intf_storage }}
+{% endif %}
+
+# Container/Host management bridge
+auto br-mgmt
+iface br-mgmt inet static
+ bridge_stp off
+ bridge_waitport 0
+ bridge_fd 0
+ bridge_ports eth0
+ address {{ ip_settings[inventory_hostname]["mgmt"]["ip"] }}
+ netmask 255.255.255.0
+
+# OpenStack Networking VLAN bridge
+auto br-provider
+iface br-provider inet static
+ address {{ ip_settings[inventory_hostname]["external"]["ip"] }}
+ netmask 255.255.255.0
+ gateway {{ ip_settings[inventory_hostname]["external"]["gw"] }}
+ pre-up ifconfig br-external down || true
+ pre-up brctl delbr br-external || true
+
+# OpenStack Networking VXLAN (tunnel/overlay) bridge
+#
+# Only the COMPUTE and NETWORK nodes must have an IP address
+# on this bridge. When used by infrastructure nodes, the
+# IP addresses are assigned to containers which use this
+# bridge.
+#
+auto br-tenant
+iface br-tenant inet static
+ bridge_stp off
+ bridge_waitport 0
+ bridge_fd 0
+ bridge_ports {{ intf_tenant }}
+ address {{ ip_settings[inventory_hostname]["tenant"]["ip"] }}
+ netmask 255.255.255.0
+
+# Storage bridge
+auto br-storage
+iface br-storage inet static
+ bridge_stp off
+ bridge_waitport 0
+ bridge_fd 0
+ bridge_ports {{ intf_storage }}
+ address {{ ip_settings[inventory_hostname]["storage"]["ip"] }}
+ netmask 255.255.255.0
+
+source /etc/network/interfaces.d/*.cfg
diff --git a/deploy/adapters/ansible/roles/setup-openvswitch/vars/Debian.yml b/deploy/adapters/ansible/roles/setup-openvswitch/vars/Debian.yml
index b6bd95a8..72c410ca 100644
--- a/deploy/adapters/ansible/roles/setup-openvswitch/vars/Debian.yml
+++ b/deploy/adapters/ansible/roles/setup-openvswitch/vars/Debian.yml
@@ -1,3 +1,16 @@
---
ovs_service: openvswitch-switch
+
+# yamllint disable rule:line-length
+ovs_pkgs:
+ - openvswitch-common:
+ name: openvswitch-common
+ package: openvswitch-common.deb
+ url: http://archive.ubuntu.com/ubuntu/pool/main/o/openvswitch/openvswitch-common_2.8.0-0ubuntu2_amd64.deb
+
+ - openvswitch-switch:
+ name: openvswitch-switch
+ package: openvswitch-switch.deb
+ url: http://archive.ubuntu.com/ubuntu/pool/main/o/openvswitch/openvswitch-switch_2.8.0-0ubuntu2_amd64.deb
+# yamllint enable rule:line-length
diff --git a/deploy/adapters/cobbler/kickstarts/default16-aarch64.seed b/deploy/adapters/cobbler/kickstarts/default16-aarch64.seed
new file mode 100644
index 00000000..e3e11f36
--- /dev/null
+++ b/deploy/adapters/cobbler/kickstarts/default16-aarch64.seed
@@ -0,0 +1,177 @@
+# Mostly based on the Ubuntu installation guide
+# https://help.ubuntu.com/12.04/installation-guide/
+
+## Figure out if we're kickstarting a system or a profile
+#if $getVar('system_name','') != ''
+#set $what = "system"
+#else
+#set $what = "profile"
+#end if
+
+# Preseeding only locale sets language, country and locale.
+d-i debian-installer/locale string en_US
+d-i debian-installer/country string US
+d-i debian-installer/language string en
+
+d-i debian-installer/splash boolean false
+d-i debian-installer/quiet boolean false
+d-i debian-installer/framebuffer boolean true
+d-i hw-detect/load_firmware boolean true
+
+# Keyboard selection.
+# Disable automatic (interactive) keymap detection.
+d-i console-setup/ask_detect boolean false
+d-i console-setup/layoutcode string us
+d-i console-setup/modelcode string SKIP
+d-i keyboard-configuration/variantcode string us
+d-i keyboard-configuration/layoutcode string us
+d-i keyboard-configuration/model select Generic 105-key (Intl) PC
+d-i console-keymaps-at/keymap select us
+d-i keyboard-configuration/xkb-keymap select us
+
+d-i preseed/early_command string \
+wget -O- \
+http://$http_server/cblr/svc/op/script/$what/$name/?script=preseed_early_default | /bin/sh -s; \
+debconf-set-selections /tmp/pre_install_network_config
+
+$SNIPPET('preseed_network_config')
+
+# Partition disk manually
+d-i partman-auto/disk string /dev/sda
+d-i partman-auto/method string regular
+d-i partman-lvm/device_remove_lvm boolean true
+d-i partman-md/device_remove_md boolean true
+d-i partman-lvm/confirm boolean true
+d-i partman-lvm/confirm_nooverwrite boolean true
+
+d-i partman-auto/choose_recipe select efi-root
+d-i partman-auto/expert_recipe string \
+ efi-root :: \
+ 512 512 512 fat32 \
+ $primary{ } $lvmignore{ } \
+ method{ efi } format{ } \
+ . \
+ 4096 4096 -1 ext4 \
+ method{ format } format{ } \
+ use_filesystem{ } filesystem{ ext4 } \
+ mountpoint{ / } \
+ .
+
+d-i partman-basicfilesystems/no_swap boolean false
+
+d-i partman/confirm_write_new_label boolean true
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+
+# NTP/Time Setup
+#if $getVar('timezone', '') != ""
+d-i time/zone string $timezone
+#else
+d-i time/zone string US/Pacific
+#end if
+d-i clock-setup/utc boolean true
+d-i clock-setup/ntp boolean true
+#if $getVar('ntp_server', '') == ""
+d-i clock-setup/ntp-server string 0.ubuntu.pool.ntp.org
+#else
+d-i clock-setup/ntp-server string $ntp_server
+#end if
+
+# Setup the installation source
+d-i mirror/country string manual
+d-i mirror/http/hostname string $http_server
+d-i mirror/http/directory string $install_source_directory
+d-i mirror/http/proxy string
+d-i mirror/http/mirror select $http_server
+d-i mirror/protocol select http
+d-i mirror/udeb/components multiselect main, restricted
+
+#set $os_v = $getVar('os_version','')
+#if $os_v and $os_v.lower()[0] > 'p'
+# Required at least for 12.10+
+d-i live-installer/net-image string http://$http_server/cobbler/ks_mirror/$distro_name/install/filesystem.squashfs
+#end if
+
+# root account and password
+#if $getVar('username', 'root') != "root"
+d-i passwd/root-login boolean false
+d-i passwd/make-user boolean true
+d-i user-setup/allow-password-weak boolean true
+d-i passwd/root-password password root
+d-i passwd/root-password-again password root
+ #set username = $getVar('username', 'root')
+d-i passwd/user-fullname string $username
+d-i passwd/username string $username
+ #if $getVar('password', '') != ""
+d-i passwd/user-password-crypted password $password
+ #else
+d-i passwd/user-password password $username
+d-i passwd/user-password-again password $username
+ #end if
+#else
+d-i passwd/root-login boolean true
+d-i passwd/make-user boolean false
+d-i user-setup/allow-password-weak boolean true
+ #if $getVar('password', '') != ""
+d-i passwd/root-password-crypted password $password
+ #else
+d-i passwd/root-password password root
+d-i passwd/root-password-again password root
+ #end if
+#end if
+
+$SNIPPET('preseed_apt_repo_config')
+
+# Individual additional packages to install
+# wget is REQUIRED otherwise quite a few things won't work
+# later in the build (like late-command scripts)
+#if $getVar('tool', '') != ''
+ #set $preseed_software = "preseed_software_%s" % $tool
+$SNIPPET($preseed_software)
+#else
+d-i pkgsel/include string ntp ssh openssh-server wget vim bridge-utils ifenslave vlan
+#end if
+
+# Whether to upgrade packages after debootstrap.
+# Allowed values: none, safe-upgrade, full-upgrade
+d-i pkgsel/upgrade select none
+d-i popularity-contest/participate boolean false
+d-i lilo-installer/skip boolean true
+d-i grub-installer/only_debian boolean true
+
+# Use the following option to add additional boot parameters for the
+# installed system (if supported by the bootloader installer).
+# Note: options passed to the installer will be added automatically.
+d-i debian-installer/add-kernel-opts string $kernel_options_post
+d-i debian-installer/allow_unauthenticated string true
+
+d-i finish-install/late_command string update-grub
+# Avoid that last message about the install being complete.
+d-i finish-install/reboot_in_progress note
+
+# This will prevent the installer from ejecting the CD during the reboot,
+# which is useful in some situations.
+d-i cdrom-detect/eject boolean false
+
+# This command is run just before the install finishes, but when there is
+# still a usable /target directory. You can chroot to /target and use it
+# directly, or use the apt-install and in-target commands to easily install
+# packages and run commands in the target system.
+# d-i preseed/late_command string [command]
+d-i preseed/late_command string \
+in-target sed -i '$a UseDNS no' /etc/ssh/sshd_config; \
+in-target sed -i 's/.*GSSAPIAuthentication.*/GSSAPIAuthentication no/g' /etc/ssh/sshd_config; \
+in-target sed -i '$d' /usr/share/initramfs-tools/scripts/local-top/lvm2; \
+in-target echo "lvm vgchange -ay" >> /usr/share/initramfs-tools/scripts/local-top/lvm2; \
+in-target echo "exit 0" >> /usr/share/initramfs-tools/scripts/local-top/lvm2; \
+in-target touch /etc/initramfs-tools/scripts/local-top/lvm2; \
+in-target chmod 777 /etc/initramfs-tools/scripts/local-top/lvm2; \
+in-target echo "vgchange -a y" >> /etc/initramfs-tools/scripts/local-top/lvm2; \
+wget -O- \
+ http://$http_server/cblr/svc/op/script/$what/$name/?script=preseed_late_default | \
+ chroot /target /bin/sh -s; cp /target/etc/network/interfaces /etc/network/interfaces; \
+in-target update-initramfs -k `uname -r` -c; \
+in-target update-grub; \
+in-target apt-get install python2.7; \
+in-target ln -s /usr/bin/python2.7 /usr/bin/python
diff --git a/deploy/adapters/cobbler/snippets/kickstart_client.rb b/deploy/adapters/cobbler/snippets/kickstart_client.rb
index 568ba46a..a890272a 100644
--- a/deploy/adapters/cobbler/snippets/kickstart_client.rb
+++ b/deploy/adapters/cobbler/snippets/kickstart_client.rb
@@ -1,3 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
mkdir -p /etc/chef
cat << EOL > /etc/chef/client.rb
log_level :info
diff --git a/deploy/adapters/cobbler/snippets/kickstart_knife.rb b/deploy/adapters/cobbler/snippets/kickstart_knife.rb
index e4ab081b..aca3d5c0 100644
--- a/deploy/adapters/cobbler/snippets/kickstart_knife.rb
+++ b/deploy/adapters/cobbler/snippets/kickstart_knife.rb
@@ -1,3 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
mkdir -p /root/.chef
cat << EOL > /root/.chef/knife.rb
log_level :info
diff --git a/deploy/adapters/cobbler/snippets/preseed_knife.rb b/deploy/adapters/cobbler/snippets/preseed_knife.rb
index 32047bbc..fa9a808d 100644
--- a/deploy/adapters/cobbler/snippets/preseed_knife.rb
+++ b/deploy/adapters/cobbler/snippets/preseed_knife.rb
@@ -1,3 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
mkdir -p /root/.chef
cat << EOL > /root/.chef/knife.rb
log_level :info
diff --git a/deploy/adapters/cobbler/snippets/preseed_post_apt_repo_config b/deploy/adapters/cobbler/snippets/preseed_post_apt_repo_config
index 6ea56c56..591313b5 100644
--- a/deploy/adapters/cobbler/snippets/preseed_post_apt_repo_config
+++ b/deploy/adapters/cobbler/snippets/preseed_post_apt_repo_config
@@ -29,6 +29,8 @@ $SNIPPET($repos_snippet)
#if $arch == "x86_64"
#set $rarch = "[arch=amd64]"
+#elif $arch == "arm"
+ #set $rarch = "[arch=arm64]"
#else
#set $rarch = "[arch=%s]" % $arch
#end if