diff options
Diffstat (limited to 'deploy/adapters')
58 files changed, 871 insertions, 369 deletions
diff --git a/deploy/adapters/ansible/kubernetes/ansible-kubernetes.yml b/deploy/adapters/ansible/kubernetes/ansible-kubernetes.yml index 68dec5c2..094c6488 100755 --- a/deploy/adapters/ansible/kubernetes/ansible-kubernetes.yml +++ b/deploy/adapters/ansible/kubernetes/ansible-kubernetes.yml @@ -35,7 +35,10 @@ remote_user: root max_fail_percentage: 0 roles: - - kargo + - role: kargo + when: opencontrail is not defined + - role: install-k8s-opencontrail + when: opencontrail is defined and opencontrail == "Enable" - hosts: kube_master remote_user: root diff --git a/deploy/adapters/ansible/kubernetes/roles/ha/files/chk_k8s_master.sh b/deploy/adapters/ansible/kubernetes/roles/ha/files/chk_k8s_master.sh index 62e79b3b..db44246a 100644 --- a/deploy/adapters/ansible/kubernetes/roles/ha/files/chk_k8s_master.sh +++ b/deploy/adapters/ansible/kubernetes/roles/ha/files/chk_k8s_master.sh @@ -1,3 +1,12 @@ +############################################################################## +# Copyright (c) 2016-2018 compass4nfv and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + #!/bin/bash count=`ss -tnl | grep 6443 | wc -l` diff --git a/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/tasks/main.yml b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/tasks/main.yml index 4f8ca005..af234415 100644 --- a/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/tasks/main.yml +++ b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/tasks/main.yml @@ -25,5 +25,5 @@ pkg: "{{ item }}" state: "present" update_cache: 'yes' - with_items: "{{ packages }}" + with_items: "{{ vars['packages_' + ansible_architecture] }}" when: ansible_os_family == 'Debian' diff --git a/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/Debian.yml b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/Debian.yml index 0453dc44..6be9e06f 100644 --- a/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/Debian.yml +++ b/deploy/adapters/ansible/kubernetes/roles/install-k8s-dependence/vars/Debian.yml @@ -1,5 +1,5 @@ --- -packages: +packages_x86_64: - ubuntu-cloud-keyring - python-dev - python-pip @@ -11,6 +11,17 @@ packages: - python-crypto - git +packages_aarch64: + - ubuntu-cloud-keyring + - python-dev + - python-pip + - openvswitch-switch + - python-memcache + - python-iniparse + - python-lxml + - python-crypto + - git + pip_packages: - crudini - python-keyczar diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/files/extra-vars-aarch64.yml b/deploy/adapters/ansible/kubernetes/roles/kargo/files/extra-vars-aarch64.yml index 26e3fa75..ae3dce76 100644..100755 --- a/deploy/adapters/ansible/kubernetes/roles/kargo/files/extra-vars-aarch64.yml +++ b/deploy/adapters/ansible/kubernetes/roles/kargo/files/extra-vars-aarch64.yml @@ -3,7 +3,7 @@ # roles/download/defaults/main.yml etcd_version: v3.2.4-arm64 -flannel_version: "v0.8.0-arm64" +flannel_version: "v0.9.1-arm64" flannel_cni_image_repo: "linaro/flannel-cni-arm64" hyperkube_image_repo: "gcr.io/google-containers/hyperkube-arm64" hyperkube_image_tag: "{{ kube_version }}" @@ -14,20 +14,8 @@ dnsmasq_nanny_image_repo: "gcr.io/google_containers/k8s-dns-dnsmasq-nanny-arm64" dnsmasq_sidecar_image_repo: "gcr.io/google_containers/k8s-dns-sidecar-arm64" kubednsautoscaler_image_repo: "gcr.io/google_containers/\ cluster-proportional-autoscaler-arm64" +dashboard_image_repo: "gcr.io/google_containers/kubernetes-dashboard-arm64" # inventory/group_vars/k8s-cluster.yml kube_network_plugin: flannel helm_enabled: false -docker_options: "--insecure-registry={{ kube_service_addresses }} \ ---graph={{ docker_daemon_graph }} {{ docker_log_opts }} \ ---add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \ ---default-runtime=docker-runc \ ---exec-opt native.cgroupdriver=systemd \ ---userland-proxy-path=/usr/libexec/docker/docker-proxy-current \ ---signature-verification=false" - -# roles/docker/vars/redhat.yml -docker_package_info: - pkg_mgr: yum - pkgs: - - name: docker diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/files/extra-vars.yml b/deploy/adapters/ansible/kubernetes/roles/kargo/files/extra-vars.yml deleted file mode 100644 index e13e33ca..00000000 --- a/deploy/adapters/ansible/kubernetes/roles/kargo/files/extra-vars.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# Override default kubespray variables - -# Just a placeholder to satisfy ansible -dummy_var: 0 - -# helm_enabled: true diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/files/generate_inventories.py b/deploy/adapters/ansible/kubernetes/roles/kargo/files/generate_inventories.py deleted file mode 100755 index 2ffb4cae..00000000 --- a/deploy/adapters/ansible/kubernetes/roles/kargo/files/generate_inventories.py +++ /dev/null @@ -1,86 +0,0 @@ -import yaml
-import sys
-import os
-from jinja2 import Environment
-try:
- import json
-except ImportError:
- import simplejson as json
-
-INVENTORY_TEMPLATE = """
-[all]
-{% for host, vales in hostvars.iteritems() %}
-{{ host }} ansible_ssh_host={{ vales['ansible_ssh_host'] }} \
-ansible_ssh_pass=root ansible_user=root
-{% endfor %}
-[kube-master]
-{% for host in kube_master %}
-{{ host }}
-{% endfor %}
-
-[etcd]
-{% for host in etcd %}
-{{ host }}
-{% endfor %}
-
-[kube-node]
-{% for host in kube_node %}
-{{ host }}
-{% endfor %}
-
-[k8s-cluster:children]
-kube-node
-kube-master
-
-[calico-rr]
-[vault]
-"""
-
-
-def _byteify(data, ignore_dicts=False):
-
- if isinstance(data, unicode):
- return data.encode('utf-8')
- if isinstance(data, list):
- return [_byteify(item, ignore_dicts=True) for item in data]
- if isinstance(data, dict) and not ignore_dicts:
- return {
- _byteify(key, ignore_dicts=True):
- _byteify(value, ignore_dicts=True)
- for key, value in data.iteritems()
- }
- return data
-
-
-def load_inventory(inventory):
- if not os.path.exists(inventory):
- raise RuntimeError('file: %s not exist' % inventory)
- with open(inventory, 'r') as fd:
- return json.load(fd, object_hook=_byteify)
-
-
-def create_inventory_file(inventories_path,
- hostvars, kube_master, etcd, kube_node):
- content = Environment().from_string(INVENTORY_TEMPLATE).render(
- hostvars=hostvars, kube_master=kube_master,
- etcd=etcd, kube_node=kube_node)
- with open(inventories_path, 'w+') as f:
- f.write(content)
-
-
-def main(inventories_path, local_inventory):
- inventory_data = load_inventory(local_inventory)
- hostvars = inventory_data['_meta']['hostvars']
- kube_node = inventory_data['kube_node']['hosts']
- kube_master = inventory_data['kube_master']['hosts']
- etcd = inventory_data['etcd']['hosts']
-
- create_inventory_file(inventories_path,
- hostvars, kube_master, etcd, kube_node)
-
-
-if __name__ == "__main__":
- path = yaml.load(sys.argv[1])
- local_inventory = yaml.load(sys.argv[2])
-
- main(path, local_inventory)
diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/files/mirrors.repo b/deploy/adapters/ansible/kubernetes/roles/kargo/files/mirrors.repo deleted file mode 100644 index 4900db69..00000000 --- a/deploy/adapters/ansible/kubernetes/roles/kargo/files/mirrors.repo +++ /dev/null @@ -1,32 +0,0 @@ -[base]
-name=CentOS-$releasever - Base
-mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
-#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
-
-#released updates
-[updates]
-name=CentOS-$releasever - Updates
-mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
-#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
-
-#additional packages that may be useful
-[extras]
-name=CentOS-$releasever - Extras
-mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
-#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
-
-#additional packages that extend functionality of existing packages
-[centosplus]
-name=CentOS-$releasever - Plus
-mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
-#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
-gpgcheck=1
-enabled=0
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
-
diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/files/mirrors_aarch64.repo b/deploy/adapters/ansible/kubernetes/roles/kargo/files/mirrors_aarch64.repo index 1d622d3c..1d622d3c 100644..100755 --- a/deploy/adapters/ansible/kubernetes/roles/kargo/files/mirrors_aarch64.repo +++ b/deploy/adapters/ansible/kubernetes/roles/kargo/files/mirrors_aarch64.repo diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/files/openssl.conf.j2 b/deploy/adapters/ansible/kubernetes/roles/kargo/files/openssl.conf.j2 deleted file mode 100644 index d998d4cb..00000000 --- a/deploy/adapters/ansible/kubernetes/roles/kargo/files/openssl.conf.j2 +++ /dev/null @@ -1,34 +0,0 @@ -[req] -req_extensions = v3_req -distinguished_name = req_distinguished_name -[req_distinguished_name] -[ v3_req ] -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -subjectAltName = @alt_names -[alt_names] -DNS.1 = kubernetes -DNS.2 = kubernetes.default -DNS.3 = kubernetes.default.svc -DNS.4 = kubernetes.default.svc.{{ dns_domain }} -DNS.5 = localhost -{% for host in groups['kube-master'] %} -DNS.{{ 5 + loop.index }} = {{ host }} -{% endfor %} -{% if loadbalancer_apiserver is defined and apiserver_loadbalancer_domain_name is defined %} -{% set idx = groups['kube-master'] | length | int + 5 + 1 %} -DNS.{{ idx | string }} = {{ apiserver_loadbalancer_domain_name }} -{% endif %} -{% for host in groups['kube-master'] %} -IP.{{ 2 * loop.index - 1 }} = {{ hostvars[host]['access_ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }} -IP.{{ 2 * loop.index }} = {{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }} -{% endfor %} -{% set idx = groups['kube-master'] | length | int * 2 + 1 %} -IP.{{ idx }} = {{ kube_apiserver_ip }} -IP.{{ idx + 1 }} = 127.0.0.1 -{% if supplementary_addresses_in_ssl_keys is defined %} -{% set is = idx + 1 %} -{% for addr in supplementary_addresses_in_ssl_keys %} -IP.{{ is + loop.index }} = {{ addr }} -{% endfor %} -{% endif %} diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/tasks/main.yml b/deploy/adapters/ansible/kubernetes/roles/kargo/tasks/main.yml index b9d9c234..512121e2 100644..100755 --- a/deploy/adapters/ansible/kubernetes/roles/kargo/tasks/main.yml +++ b/deploy/adapters/ansible/kubernetes/roles/kargo/tasks/main.yml @@ -7,153 +7,39 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## --- -- name: clean local repo conf - file: - path: /etc/yum.repos.d - state: absent - run_once: "True" - when: ansible_os_family == 'RedHat' - -- name: create local repo conf dir - file: - path: /etc/yum.repos.d - state: directory - run_once: "True" - when: ansible_os_family == 'RedHat' - -- name: configure local mirror repo - copy: - src: "{{ item }}" - dest: /etc/yum.repos.d/mirrors.repo - with_first_found: - - mirrors_{{ ansible_architecture }}.repo - - mirrors.repo - run_once: "True" - when: ansible_os_family == 'RedHat' - -- name: clean local pip conf to use official pip repo - file: - path: /root/.pip/pip.conf - state: absent - run_once: "True" - -- name: install dependency for ansible update - yum: - name: "{{ item }}" - state: latest - with_items: - - git - - libffi-devel - - openssl-devel - - python-devel - run_once: "True" - when: ansible_os_family == 'RedHat' - -- name: update python packages - pip: - name: "{{ item }}" - state: latest - with_items: - - netaddr - - jinja2 - -- name: copy inventories generate script - copy: - src: generate_inventories.py - dest: /tmp/generate_inventories.py +- name: check the kubespray sample path + stat: path=/opt/kargo_k8s/inventory/sample + register: sample_stat + +- name: Move kubespray group_vars folder + command: mv /opt/kargo_k8s/inventory/sample/group_vars /opt/kargo_k8s/inventory/ + when: sample_stat.stat.exists + +- name: generate kubespray inventory configure file + template: + src: "inventory.j2" + dest: "/opt/kargo_k8s/inventory/inventory.cfg" tags: - ansible -- name: copy inventoriy.json file - copy: - src: "{{ run_dir }}/inventories/inventory.json" - dest: /tmp/inventory.json - tags: - - ansible - -- name: generate kargo inventories - shell: > - python /tmp/generate_inventories.py \ - "/opt/kargo_k8s/inventory/inventory.cfg" \ - "/tmp/inventory.json" - tags: - - ansible - -- name: configure target hosts - shell: | - cd /opt/kargo_k8s - ansible -i inventory/inventory.cfg -m ping all - ansible -i inventory/inventory.cfg all -m shell -a "rm /etc/yum.repos.d/*" - ansible -i inventory/inventory.cfg all -m copy -a \ - "src=/etc/yum.repos.d/mirrors.repo dest=/etc/yum.repos.d" - tags: - - ansible - -- name: enable helm - lineinfile: - dest: /opt/kargo_k8s/inventory/group_vars/k8s-cluster.yml - regexp: '^helm_enabled:' - line: 'helm_enabled: {{ helm_flag }}' - -- name: enable external lb | set lb domain_nam - lineinfile: - dest: /opt/kargo_k8s/inventory/group_vars/all.yml - regexp: '^## apiserver_loadbalancer_domain_name:' - line: 'apiserver_loadbalancer_domain_name: {{ apiserver_loadbalancer_domain_name }}' - -- name: enable external lb | - lineinfile: - dest: /opt/kargo_k8s/inventory/group_vars/all.yml - regexp: '^#loadbalancer_apiserver:' - line: 'loadbalancer_apiserver:' - -- name: enable external lb | set vip address - lineinfile: - dest: /opt/kargo_k8s/inventory/group_vars/all.yml - regexp: '^# address: 1.2.3.4' - line: ' address: {{ vipaddress }}' - -- name: enable external lb | set vip port - lineinfile: - dest: /opt/kargo_k8s/inventory/group_vars/all.yml - regexp: '^# port: 1234' - line: ' port: {{ exlb_port }}' - -- name: enable internal lb - lineinfile: - dest: /opt/kargo_k8s/inventory/group_vars/all.yml - regexp: '^#loadbalancer_apiserver_localhost: true' - line: 'loadbalancer_apiserver_localhost: true' - -- name: use the user name and password login the dashboard - lineinfile: - dest: /opt/kargo_k8s/inventory/group_vars/k8s-cluster.yml - regexp: '^#kube_basic_auth: false' - line: 'kube_basic_auth: true' - - -- name: add vip to ssl keys - lineinfile: - dest: /opt/kargo_k8s/inventory/group_vars/k8s-cluster.yml - line: 'supplementary_addresses_in_ssl_keys: [{{ vipaddress }}]' - -- name: rm openssl file - file: - path: /opt/kargo_k8s/roles/kubernetes/secrets/templates/openssl.conf.j2 - state: absent - -- name: copy openssl.conf.j2 - copy: - src: openssl.conf.j2 - dest: /opt/kargo_k8s/roles/kubernetes/secrets/templates/openssl.conf.j2 - -- name: copy overrided variables +- name: copy overrided variables for arm architecture copy: src: "{{ item }}" dest: /opt/kargo_k8s/extra-vars.yml with_first_found: - extra-vars-{{ ansible_architecture }}.yml - extra-vars.yml + - skip: true + +- name: copy overrided variables for kubespray + template: + src: "{{ item }}" + dest: "/opt/kargo_k8s/extra-vars.yml" + with_first_found: + - extra-vars-{{ ansible_architecture }}.yml.j2 + - extra-vars.yml.j2 + tags: + - ansible - name: copy 2flannel playbook to kargo copy: @@ -264,8 +150,22 @@ kube-controller-manager.manifest.j2", - name: run kargo playbook shell: | - cd /opt/kargo_k8s ansible-playbook -i inventory/inventory.cfg cluster.yml \ -e "@extra-vars.yml" -b -v 2>&1 | tee kargo.log + args: + chdir: "/opt/kargo_k8s" tags: - ansible + +- name: read the ansible log file + shell: "cat /opt/kargo_k8s/kargo.log | tail -n 1000" + register: setup_kargo_result + +- fail: + msg: "some task failed when setup kargo." + when: setup_kargo_result.stdout.find('failed=1') != -1 + +- fail: + msg: "some host are unreachable." + when: setup_kargo_result.stdout.find('unreachable=1') != -1 + run_once: true diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/templates/extra-vars.yml.j2 b/deploy/adapters/ansible/kubernetes/roles/kargo/templates/extra-vars.yml.j2 new file mode 100755 index 00000000..1d7a2fa2 --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/kargo/templates/extra-vars.yml.j2 @@ -0,0 +1,40 @@ +--- +# Override default kubespray variables + +#dashboard_port: "{{dashboard_port|default('31746')}}" + +# kubespray configure +apiserver_loadbalancer_domain_name: "{{ public_vip.ip }}" +loadbalancer_apiserver: + address: "{{ public_vip.ip }}" + port: {{ loadbalancer_apiserver_port|default(8383) }} +loadbalancer_apiserver_localhost: {{ loadbalancer_apiserver_localhost|default(true) }} + +kube_basic_auth: {{ kube_basic_auth |default(true) }} +kube_network_plugin: {{ kube_network_plugin|default('calico') }} +# Monitoring apps for k8s +efk_enabled: {{ efk_enabled |default(true)}} +# Helm deployment +helm_enabled: {{ helm_enabled |default(true)}} +# Istio deployment +istio_enabled: {{ istio_enabled |default(false)}} +supplementary_addresses_in_ssl_keys: ["{{ public_vip.ip }}"] +#storage +local_volume_provisioner_enabled: {{local_volume_provisioner_enabled |default(false) }} +# local_volume_provisioner_namespace: "system_namespace" +# local_volume_provisioner_base_dir: /mnt/disks +# local_volume_provisioner_mount_dir: /mnt/disks +# local_volume_provisioner_storage_class: local-storage + +# CephFS provisioner deployment +cephfs_provisioner_enabled: {{ cephfs_provisioner_enabled |default(false)}} +# cephfs_provisioner_namespace: "cephfs-provisioner" +# cephfs_provisioner_cluster: ceph +# cephfs_provisioner_monitors: "172.24.0.1:6789,172.24.0.2:6789,172.24.0.3:6789" +# cephfs_provisioner_admin_id: admin +# cephfs_provisioner_secret: secret +# cephfs_provisioner_storage_class: cephfs +# cephfs_provisioner_reclaim_policy: Delete +# cephfs_provisioner_claim_root: /volumes +# cephfs_provisioner_deterministic_names: true + diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/templates/inventory.j2 b/deploy/adapters/ansible/kubernetes/roles/kargo/templates/inventory.j2 new file mode 100644 index 00000000..0120ae18 --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/kargo/templates/inventory.j2 @@ -0,0 +1,26 @@ +[all] +{% for host, vales in hostvars.iteritems() %} +{{ host }} ansible_ssh_host={{ vales['ansible_ssh_host'] }} ansible_ssh_pass=root ansible_user=root +{% endfor %} + +[kube-master] +{% for host in hostvars[inventory_hostname]['groups']['kube_master'] %} +{{ host }} +{% endfor %} + +[etcd] +{% for host in hostvars[inventory_hostname]['groups']['etcd'] %} +{{ host }} +{% endfor %} + +[kube-node] +{% for host in hostvars[inventory_hostname]['groups']['kube_node'] %} +{{ host }} +{% endfor %} + +[k8s-cluster:children] +kube-node +kube-master + +[calico-rr] +[vault] diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/vars/main.yml b/deploy/adapters/ansible/kubernetes/roles/kargo/vars/main.yml index 21287b02..af9c9675 100644..100755 --- a/deploy/adapters/ansible/kubernetes/roles/kargo/vars/main.yml +++ b/deploy/adapters/ansible/kubernetes/roles/kargo/vars/main.yml @@ -1,6 +1,3 @@ --- -helm_flag: true -apiserver_loadbalancer_domain_name: "{{ public_vip.ip }}" -vipaddress: "{{ public_vip.ip }}" -exlb_port: 8383 -kubelet_fail_swap_on: false +http_proxy: "{{ proxy }}" +https_proxy: "{{ proxy }}" diff --git a/deploy/adapters/ansible/kubernetes/roles/post-k8s/defaults/main.yml b/deploy/adapters/ansible/kubernetes/roles/post-k8s/defaults/main.yml new file mode 100644 index 00000000..aa9fd8a0 --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/post-k8s/defaults/main.yml @@ -0,0 +1,11 @@ +--- + +local_release_dir: "/tmp/releases" +heapster_enable: true +retry_stagger: 5 +heapster: + enabled: true + owner: "root" + mode: "0755" + version: "1.5.2" +heapster_download_url: https://github.com/kubernetes/heapster/archive/v{{ heapster.version }}.tar.gz diff --git a/deploy/adapters/ansible/kubernetes/roles/post-k8s/tasks/main.yml b/deploy/adapters/ansible/kubernetes/roles/post-k8s/tasks/main.yml index 3feca3e5..d382a5e1 100644 --- a/deploy/adapters/ansible/kubernetes/roles/post-k8s/tasks/main.yml +++ b/deploy/adapters/ansible/kubernetes/roles/post-k8s/tasks/main.yml @@ -14,3 +14,51 @@ dest: /opt/admin.conf flat: "yes" when: inventory_hostname == groups['kube_master'][0] + +- name: Create heapster dest directory + file: + path: "{{local_release_dir}}/heapster" + state: directory + recurse: "yes" + when: + - heapster.enabled + - inventory_hostname == groups['kube_master'][0] + +- name: get the package of heapster + get_url: + url: "{{heapster_download_url}}" + dest: "{{local_release_dir}}/heapster" + owner: "{{ heapster.owner|default(omit) }}" + mode: "{{ heapster.mode|default(omit) }}" + register: get_url_result + until: "'OK' in get_url_result.msg or 'file already exists' in get_url_result.msg" + retries: 4 + delay: "{{ retry_stagger | random + 3 }}" + when: + - heapster.enabled + - inventory_hostname == groups['kube_master'][0] + +- name: untar the file of heapster + shell: | + cd "{{ local_release_dir }}/heapster"; + tar zxvf "heapster-{{ heapster.version }}.tar.gz" + when: + - heapster.enabled + - inventory_hostname == groups['kube_master'][0] + +- name: replace the cpu architecture for aarch64 + shell: | + cd "{{ local_release_dir }}/heapster/heapster-{{ heapster.version }}/deploy/"; + find ./kube-config -name "*.yaml" -exec sed -i "s/amd64/arm64/g" {} \; + when: + - heapster.enabled + - inventory_hostname == groups['kube_master'][0] + - ansible_architecture == "aarch64" + +- name: install the heapster + shell: | + cd "{{ local_release_dir }}/heapster/heapster-{{ heapster.version }}/deploy/"; + ./kube.sh start + when: + - heapster.enabled + - inventory_hostname == groups['kube_master'][0] diff --git a/deploy/adapters/ansible/kubernetes/roles/pre-k8s/files/sources.list.official.aarch64 b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/files/sources.list.official.aarch64 new file mode 100644 index 00000000..f4a3f5e9 --- /dev/null +++ b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/files/sources.list.official.aarch64 @@ -0,0 +1,54 @@ +# deb http://us.ports.ubuntu.com/ubuntu-ports/ xenial main restricted + +# deb http://us.ports.ubuntu.com/ubuntu-ports/ xenial-updates main restricted +# deb http://ports.ubuntu.com/ubuntu-ports xenial-security main restricted + +# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to +# newer versions of the distribution. +deb http://us.ports.ubuntu.com/ubuntu-ports/ xenial main restricted +deb-src http://us.ports.ubuntu.com/ubuntu-ports/ xenial main restricted + +## Major bug fix updates produced after the final release of the +## distribution. +deb http://us.ports.ubuntu.com/ubuntu-ports/ xenial-updates main restricted +deb-src http://us.ports.ubuntu.com/ubuntu-ports/ xenial-updates main restricted + +## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu +## team. Also, please note that software in universe WILL NOT receive any +## review or updates from the Ubuntu security team. +deb http://us.ports.ubuntu.com/ubuntu-ports/ xenial universe +deb-src http://us.ports.ubuntu.com/ubuntu-ports/ xenial universe +deb http://us.ports.ubuntu.com/ubuntu-ports/ xenial-updates universe +deb-src http://us.ports.ubuntu.com/ubuntu-ports/ xenial-updates universe + +## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu +## team, and may not be under a free licence. Please satisfy yourself as to +## your rights to use the software. Also, please note that software in +## multiverse WILL NOT receive any review or updates from the Ubuntu +## security team. +deb http://us.ports.ubuntu.com/ubuntu-ports/ xenial multiverse +deb-src http://us.ports.ubuntu.com/ubuntu-ports/ xenial multiverse +deb http://us.ports.ubuntu.com/ubuntu-ports/ xenial-updates multiverse +deb-src http://us.ports.ubuntu.com/ubuntu-ports/ xenial-updates multiverse + +## N.B. software from this repository may not have been tested as +## extensively as that contained in the main release, although it includes +## newer versions of some applications which may provide useful features. +## Also, please note that software in backports WILL NOT receive any review +## or updates from the Ubuntu security team. +deb http://us.ports.ubuntu.com/ubuntu-ports/ xenial-backports main restricted universe multiverse +deb-src http://us.ports.ubuntu.com/ubuntu-ports/ xenial-backports main restricted universe multiverse + +## Uncomment the following two lines to add software from Canonical's +## 'partner' repository. +## This software is not part of Ubuntu, but is offered by Canonical and the +## respective vendors as a service to Ubuntu users. +# deb http://archive.canonical.com/ubuntu xenial partner +# deb-src http://archive.canonical.com/ubuntu xenial partner + +deb http://ports.ubuntu.com/ubuntu-ports xenial-security main restricted +deb-src http://ports.ubuntu.com/ubuntu-ports xenial-security main restricted +deb http://ports.ubuntu.com/ubuntu-ports xenial-security universe +deb-src http://ports.ubuntu.com/ubuntu-ports xenial-security universe +deb http://ports.ubuntu.com/ubuntu-ports xenial-security multiverse +deb-src http://ports.ubuntu.com/ubuntu-ports xenial-security multiverse diff --git a/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/Ubuntu.yml b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/Ubuntu.yml index 44e3b1f6..b4ef9278 100644 --- a/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/Ubuntu.yml +++ b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/Ubuntu.yml @@ -62,10 +62,17 @@ - name: remove the space end of the line in the resolv.conf shell: "sed -i 's/ *$//' /etc/resolv.conf" +- name: remove estuary overlay and update apt cache + shell: rm -f /etc/apt/sources.list.d/estuary.list && apt-get update + when: ansible_architecture == "aarch64" + - name: change sources list copy: - src: sources.list.official + src: "{{ item }}" dest: /etc/apt/sources.list + with_first_found: + - sources.list.official.{{ ansible_architecture }} + - sources.list.official - name: restart ntp service shell: "service ntp restart" diff --git a/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/main.yml b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/main.yml index c915ec09..844d76a3 100644 --- a/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/main.yml +++ b/deploy/adapters/ansible/kubernetes/roles/pre-k8s/tasks/main.yml @@ -15,4 +15,6 @@ - name: close the swap partition shell: | + systemctl disable swap.target + systemctl mask swap.target swapoff -a diff --git a/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/tasks/RedHat.yml b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/tasks/RedHat.yml index 5b434dbe..d32cf238 100644 --- a/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/tasks/RedHat.yml +++ b/deploy/adapters/ansible/kubernetes/roles/setup-k8s-network/tasks/RedHat.yml @@ -56,6 +56,9 @@ - name: restart the network shell: systemctl restart network +- name: install python lib + shell: yum install -y python-yaml python-netaddr + - name: make sure python lib exist action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" with_items: diff --git a/deploy/adapters/ansible/kubernetes/roles/sriov/templates/cni-sriov-rbac.yml.j2 b/deploy/adapters/ansible/kubernetes/roles/sriov/templates/cni-sriov-rbac.yml.j2 index 1298aeaa..0ce663b1 100644 --- a/deploy/adapters/ansible/kubernetes/roles/sriov/templates/cni-sriov-rbac.yml.j2 +++ b/deploy/adapters/ansible/kubernetes/roles/sriov/templates/cni-sriov-rbac.yml.j2 @@ -11,7 +11,7 @@ metadata: namespace: "{{system_namespace}}" --- kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: sriov rules: @@ -36,7 +36,7 @@ rules: - patch --- kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: sriov roleRef: diff --git a/deploy/adapters/ansible/kubernetes/roles/sriov/templates/cni-sriov.yml.j2 b/deploy/adapters/ansible/kubernetes/roles/sriov/templates/cni-sriov.yml.j2 index 90c7f28c..3a9e819b 100644 --- a/deploy/adapters/ansible/kubernetes/roles/sriov/templates/cni-sriov.yml.j2 +++ b/deploy/adapters/ansible/kubernetes/roles/sriov/templates/cni-sriov.yml.j2 @@ -4,13 +4,20 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 --- -apiVersion: extensions/v1beta1 -kind: ThirdPartyResource +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition metadata: name: network.kubernetes.com -description: "A specification of a Network obj in the kubernetes" -versions: -- name: v1 +spec: + group: kubernetes.com + version: v1 + scope: Namespaced + names: + plural: networks + singular: network + kind: Network + shortNames: + - net --- apiVersion: v1 kind: ServiceAccount @@ -43,7 +50,7 @@ data: } } --- -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: DaemonSet metadata: name: kube-flannel-ds diff --git a/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml b/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml index c14f958e..152a7dc0 100644 --- a/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml +++ b/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml @@ -107,6 +107,7 @@ - utility_all[0] - network_hosts[0] - horizon + - compute remote_user: root roles: - post-openstack @@ -120,3 +121,10 @@ remote_user: root roles: - moon + +- hosts: + - ceph_adm + - ceph-mon + remote_user: root + roles: + - os-stor4nfv diff --git a/deploy/adapters/ansible/openstack_pike/README.md b/deploy/adapters/ansible/openstack_pike/README.md index 7682d325..8a5b5765 100644 --- a/deploy/adapters/ansible/openstack_pike/README.md +++ b/deploy/adapters/ansible/openstack_pike/README.md @@ -1 +1,10 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + # keep for openstack pike diff --git a/deploy/adapters/ansible/openstack_queens/README.md b/deploy/adapters/ansible/openstack_queens/README.md new file mode 100644 index 00000000..bea43534 --- /dev/null +++ b/deploy/adapters/ansible/openstack_queens/README.md @@ -0,0 +1,10 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +# keep for openstack queens diff --git a/deploy/adapters/ansible/roles/config-compute/templates/compute.j2 b/deploy/adapters/ansible/roles/config-compute/templates/compute.j2 index b23550f9..e7b79436 100644 --- a/deploy/adapters/ansible/roles/config-compute/templates/compute.j2 +++ b/deploy/adapters/ansible/roles/config-compute/templates/compute.j2 @@ -64,13 +64,13 @@ iface br-external inet static gateway {{ ip_settings[inventory_hostname]["external"]["gw"] }} offload-sg off # Create veth pair, don't bomb if already exists - pre-up ip link add br-vlan-veth type veth peer name eth12 || true + pre-up ip link add external-veth type veth peer name external-nic || true # Set both ends UP - pre-up ip link set br-vlan-veth up - pre-up ip link set eth12 up + pre-up ip link set external-veth up + pre-up ip link set external-nic up # Delete veth pair on DOWN - post-down ip link del br-vlan-veth || true - bridge_ports br-vlan-veth + post-down ip link del external-veth || true + bridge_ports external-veth # VXLAN (tunnel/overlay) bridge config auto br-tenant diff --git a/deploy/adapters/ansible/roles/config-controller/templates/controller.j2 b/deploy/adapters/ansible/roles/config-controller/templates/controller.j2 index 4e444eca..99d62876 100755 --- a/deploy/adapters/ansible/roles/config-controller/templates/controller.j2 +++ b/deploy/adapters/ansible/roles/config-controller/templates/controller.j2 @@ -62,6 +62,15 @@ iface br-external inet static address {{ ip_settings[inventory_hostname]["external"]["ip"] }} netmask 255.255.255.0 gateway {{ ip_settings[inventory_hostname]["external"]["gw"] }} + offload-sg off + # Create veth pair, don't bomb if already exists + pre-up ip link add external-veth type veth peer name external-nic || true + # Set both ends UP + pre-up ip link set external-veth up + pre-up ip link set external-nic up + # Delete veth pair on DOWN + post-down ip link del external-veth || true + bridge_ports external-veth # OpenStack Networking VXLAN (tunnel/overlay) bridge # @@ -71,11 +80,13 @@ iface br-external inet static # bridge. # auto br-tenant -iface br-tenant inet manual +iface br-tenant inet static bridge_stp off bridge_waitport 0 bridge_fd 0 bridge_ports {{ intf_tenant }} + address {{ ip_settings[inventory_hostname]["tenant"]["ip"] }} + netmask 255.255.255.0 # Storage bridge auto br-storage diff --git a/deploy/adapters/ansible/roles/config-osa/files/chrony.conf.j2 b/deploy/adapters/ansible/roles/config-osa/files/chrony.conf.j2 index 1c2443e0..d58f9115 100644 --- a/deploy/adapters/ansible/roles/config-osa/files/chrony.conf.j2 +++ b/deploy/adapters/ansible/roles/config-osa/files/chrony.conf.j2 @@ -98,7 +98,5 @@ rtconutc # Listen for NTP requests only on local interfaces. port 0 bindcmdaddress 127.0.0.1 -{% if not security_disable_ipv6 | bool %} bindcmdaddress ::1 {% endif %} -{% endif %} diff --git a/deploy/adapters/ansible/roles/config-osa/files/lxc_cache_prestage.patch b/deploy/adapters/ansible/roles/config-osa/files/lxc_cache_prestage.patch new file mode 100644 index 00000000..14f5f5f0 --- /dev/null +++ b/deploy/adapters/ansible/roles/config-osa/files/lxc_cache_prestage.patch @@ -0,0 +1,11 @@ +--- lxc_cache_prestage.yml 2018-07-24 07:56:22.480369360 +0000 ++++ /tmp/lxc_cache_prestage.yml 2018-07-24 08:17:44.665880308 +0000 +@@ -66,7 +66,7 @@ + --dir=/tmp + --out=rootfs.tar.xz + --check-certificate={{ (lxc_hosts_validate_certs | bool) | lower }} +- {% for server in lxc_image_cache_server_mirrors %}{{ server }}{{ lxc_images[0].split(';')[-1] }}rootfs.tar.xz {% endfor %} ++ http://192.168.137.222/download/rootfs.tar.xz + > /var/log/aria2c-image-prestage.log 2>&1 + args: + warn: no diff --git a/deploy/adapters/ansible/roles/config-osa/files/op-venv-script.sh b/deploy/adapters/ansible/roles/config-osa/files/op-venv-script.sh index fb197555..3fcab155 100644 --- a/deploy/adapters/ansible/roles/config-osa/files/op-venv-script.sh +++ b/deploy/adapters/ansible/roles/config-osa/files/op-venv-script.sh @@ -1,3 +1,12 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + #!/usr/local/env bash set -ev diff --git a/deploy/adapters/ansible/roles/config-osa/tasks/fix_pip_version.yml b/deploy/adapters/ansible/roles/config-osa/tasks/fix_pip_version.yml index 61d263b4..6ec8425b 100644 --- a/deploy/adapters/ansible/roles/config-osa/tasks/fix_pip_version.yml +++ b/deploy/adapters/ansible/roles/config-osa/tasks/fix_pip_version.yml @@ -18,8 +18,15 @@ regexp: '^ - python-ldap' line: ' - python-ldap==2.5.2' -- name: add pkgconfig in gnocchi requires pip packages +- name: add pbr in gnocchi requires pip packages lineinfile: dest: /etc/ansible/roles/repo_build/defaults/main.yml insertafter: "repo_pip_packages:" - line: ' - pkgconfig' + line: ' - pbr' + +- name: create user config file to control pip version + copy: + content: | + pip_packages: + - pip==9.0.1 + dest: /etc/openstack_deploy/user_fixpip.yml diff --git a/deploy/adapters/ansible/roles/config-osa/tasks/fix_rescue.yml b/deploy/adapters/ansible/roles/config-osa/tasks/fix_rescue.yml index ff7d4250..c73aceb7 100644 --- a/deploy/adapters/ansible/roles/config-osa/tasks/fix_rescue.yml +++ b/deploy/adapters/ansible/roles/config-osa/tasks/fix_rescue.yml @@ -28,7 +28,7 @@ - name: fix rescue problem for lxc-hosts-setup blockinfile: - dest: "/opt/openstack-ansible/playbooks/lxc-hosts-setup.yml" + dest: "/opt/openstack-ansible/playbooks/containers-lxc-host.yml" block: | - hosts: localhost user: root @@ -38,7 +38,7 @@ - name: delete max_fail_percentage for lxc-hosts-setup lineinfile: - dest: "/opt/openstack-ansible/playbooks/lxc-hosts-setup.yml" + dest: "/opt/openstack-ansible/playbooks/containers-lxc-host.yml" regexp: "max_fail_percentage*" state: absent diff --git a/deploy/adapters/ansible/roles/config-osa/tasks/main.yml b/deploy/adapters/ansible/roles/config-osa/tasks/main.yml index 74d930e2..ab2714a9 100755 --- a/deploy/adapters/ansible/roles/config-osa/tasks/main.yml +++ b/deploy/adapters/ansible/roles/config-osa/tasks/main.yml @@ -163,7 +163,7 @@ - name: remove repo_build_pip_no_binary lineinfile: - dest: /opt/openstack-ansible/group_vars/repo_all.yml + dest: /opt/openstack-ansible/inventory/group_vars/repo_all.yml state: absent regexp: "{{ item }}" with_items: ['^repo_build_pip_no_binary:', '^ - libvirt-python'] @@ -348,21 +348,89 @@ # insertafter: "^- include: repo_post_build.yml" # line: "- include: repo_fix_pandas.yml" -- include: meters.yml +- include: fix_rescue.yml -# upstream has fix this issue so somments it -# maybe will use in the furture -- include: fix_pip_version.yml +- name: rm command "rm -f /etc/resolv.conf" in cache_prep_commands + lineinfile: + dest: /etc/ansible/roles/lxc_hosts/vars/ubuntu-16.04.yml + regexp: 'rm -f /etc/resolv.conf$' + line: ' echo "ok"' + backrefs: 'yes' -- include: fix_rescue.yml +- name: add command "rm /etc/resolv.conf || true" in cache_prep_commands + lineinfile: + dest: /etc/ansible/roles/lxc_hosts/vars/ubuntu-16.04.yml + insertafter: '^ cache_prep_commands:' + line: ' rm /etc/resolv.conf || true' -- name: include tacker in setup-openstack +- name: fix apt prompt issue lineinfile: - dest: /opt/openstack-ansible/playbooks/setup-openstack.yml - insertafter: "^- include: os-trove" - line: "- include: os-tacker-install.yml" + dest: /etc/ansible/roles/lxc_hosts/vars/ubuntu-16.04.yml + state: absent + regexp: "apt-get upgrade -y" -- name: add variables file of tacker for centos +- name: set pre-staged retry to 120 + replace: + dest: /etc/ansible/roles/lxc_hosts/tasks/lxc_cache_preparation_systemd_new.yml + regexp: '^ retries: 60' + replace: ' retries: 120' + +- name: copy lxc_cache_prestage.patch copy: - src: redhat-7.yml - dest: /etc/ansible/roles/os_tacker/vars/redhat-7.yml + src: lxc_cache_prestage.patch + dest: /etc/ansible/roles/lxc_hosts/tasks/lxc_cache_prestage.patch + when: + - checkresult.rc == 0 + - offline_deployment is defined and offline_deployment == "Disable" + +- name: patch lxc_cache_prestage.yml + shell: + patch -p0 < lxc_cache_prestage.patch + args: + chdir: /etc/ansible/roles/lxc_hosts/tasks/ + when: + - checkresult.rc == 0 + - offline_deployment is defined and offline_deployment == "Disable" + ignore_errors: "true" + +- name: add cache refresh + blockinfile: + dest: /opt/openstack-ansible/playbooks/setup-infrastructure.yml + insertbefore: '^- include: unbound-install.yml' + block: | + - hosts: all + user: root + tasks: + - name: refresh + setup: + +- name: create openstack git directory + file: + path: /opt/git/openstack + state: directory + when: + - checkresult.rc == 0 + - offline_deployment is defined and offline_deployment == "Disable" + +- name: download openstack git package + get_url: + url: "http://192.168.137.222/download/openstack-queens-git.tar.gz" + dest: "/opt/git/openstack" + when: + - checkresult.rc == 0 + - offline_deployment is defined and offline_deployment == "Disable" + +- name: extract openstack git repo + shell: + tar zxf openstack-queens-git.tar.gz + args: + chdir: "/opt/git/openstack" + when: + - checkresult.rc == 0 + - offline_deployment is defined and offline_deployment == "Disable" + +- name: fix keepalived + lineinfile: + dest: /opt/openstack-ansible/inventory/group_vars/haproxy/keepalived.yml + regexp: 'check_script: "/bin/kill -0 `cat /var/run/haproxy.pid`"' + line: ' check_script: "/bin/kill -0 `cat /var/run/haproxy.pid` || true"' diff --git a/deploy/adapters/ansible/roles/config-osa/tasks/meters.yml b/deploy/adapters/ansible/roles/config-osa/tasks/meters.yml index 2b3bce5f..ca85f440 100644 --- a/deploy/adapters/ansible/roles/config-osa/tasks/meters.yml +++ b/deploy/adapters/ansible/roles/config-osa/tasks/meters.yml @@ -9,7 +9,7 @@ --- - name: modify the aodh haproxy config copy: - dest: /opt/openstack-ansible/group_vars/all/haproxy.yml + dest: /opt/openstack-ansible/inventory/group_vars/all/haproxy.yml src: haproxy.yml mode: 0664 diff --git a/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 b/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 index 4f1ea8d5..dd45bd1a 100644 --- a/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 +++ b/deploy/adapters/ansible/roles/config-osa/templates/user_variables.yml.j2 @@ -26,11 +26,16 @@ haproxy_keepalived_internal_vip_cidr: "{{ internal_vip.ip }}/32" haproxy_keepalived_external_interface: br-external haproxy_keepalived_internal_interface: br-mgmt keepalived_ping_address: "{{ ntp_server }}" +lxc_host_machine_volume_size: 16 cinder_cinder_conf_overrides: oslo_middleware: enable_proxy_headers_parsing: True +neutron_neutron_conf_overrides: + oslo_middleware: + enable_proxy_headers_parsing: True + nfs_file_gw: False {% if "openvswitch" == NEUTRON_MECHANISM_DRIVERS[0] or @@ -73,3 +78,4 @@ security_ntp_servers: - {{ ntp_server }} tacker_etc_dir: "/etc/tacker" +nova_spicehtml5_git_repo: https://gitlab.freedesktop.org/spice/spice-html5.git diff --git a/deploy/adapters/ansible/roles/config-osa/vars/main.yml b/deploy/adapters/ansible/roles/config-osa/vars/main.yml index 65f67c18..7daf40c9 100644 --- a/deploy/adapters/ansible/roles/config-osa/vars/main.yml +++ b/deploy/adapters/ansible/roles/config-osa/vars/main.yml @@ -12,5 +12,5 @@ ceph_host: "{{ hostvars[inventory_hostname]['groups']['ceph_osd'][0] }}" repo_dest_path: "/var/www/repo/os-releases/15.1.4/ubuntu-16.04-x86_64/" networking_sfc_version: 4.0.0 # yamllint disable rule:line-length -openstack_release: "{{ lookup('yamlfile', '/opt/openstack-ansible/group_vars/all/all.yml key=openstack_release') }}" +openstack_release: "{{ lookup('yamlfile', '/opt/openstack-ansible/inventory/group_vars/all/all.yml key=openstack_release') }}" # yamllint enable rule:line-length diff --git a/deploy/adapters/ansible/roles/post-openstack/files/manager.py.patch b/deploy/adapters/ansible/roles/post-openstack/files/manager.py.patch new file mode 100644 index 00000000..198ff5be --- /dev/null +++ b/deploy/adapters/ansible/roles/post-openstack/files/manager.py.patch @@ -0,0 +1,12 @@ +--- manager.py 2018-11-07 03:51:22.764685289 -0800 ++++ manager.py.new 2018-11-07 03:58:21.014139558 -0800 +@@ -314,8 +314,7 @@ + if self._events is None: + # NOTE(danms): We really should have a more specific error + # here, but this is what we use for our default error case +- raise exception.NovaException('In shutdown, no new events ' +- 'can be scheduled') ++ self._events = {} + + @utils.synchronized(self._lock_name(instance)) + def _create_or_get_event(): diff --git a/deploy/adapters/ansible/roles/post-openstack/tasks/main.yml b/deploy/adapters/ansible/roles/post-openstack/tasks/main.yml index 0bd9aeff..2a63acf0 100644 --- a/deploy/adapters/ansible/roles/post-openstack/tasks/main.yml +++ b/deploy/adapters/ansible/roles/post-openstack/tasks/main.yml @@ -86,3 +86,7 @@ state: restarted when: - inventory_hostname in groups['horizon'] + +- include: nova_patch.yml + when: + - inventory_hostname in groups['compute'] diff --git a/deploy/adapters/ansible/roles/post-openstack/tasks/nova_patch.yml b/deploy/adapters/ansible/roles/post-openstack/tasks/nova_patch.yml new file mode 100644 index 00000000..d9cfad9c --- /dev/null +++ b/deploy/adapters/ansible/roles/post-openstack/tasks/nova_patch.yml @@ -0,0 +1,23 @@ +############################################################################## +# Copyright (c) 2016-2018 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: copy manager.py.patch + copy: + src: manager.py.patch + dest: /openstack/venvs/nova-{{ openstack_release }}/lib/python2.7/site-packages/nova/compute + +- name: patch manager.py.patch + shell: + patch -p0 < manager.py.patch + args: + chdir: /openstack/venvs/nova-{{ openstack_release }}/lib/python2.7/site-packages/nova/compute + +- name: restart nova-compute + shell: + systemctl restart nova-compute diff --git a/deploy/adapters/ansible/roles/post-openstack/vars/main.yml b/deploy/adapters/ansible/roles/post-openstack/vars/main.yml index ed64c8db..1fc2cc27 100644 --- a/deploy/adapters/ansible/roles/post-openstack/vars/main.yml +++ b/deploy/adapters/ansible/roles/post-openstack/vars/main.yml @@ -45,5 +45,5 @@ flavors: disk: 160 # yamllint disable rule:line-length -openstack_release: "{{ lookup('yamlfile', '/opt/openstack-ansible/group_vars/all/all.yml key=openstack_release') }}" +openstack_release: "{{ lookup('yamlfile', '/opt/openstack-ansible/inventory/group_vars/all/all.yml key=openstack_release') }}" # yamllint enable rule:line-length diff --git a/deploy/adapters/ansible/roles/post-osa/files/sfc.conf b/deploy/adapters/ansible/roles/post-osa/files/sfc.conf index ce42c9e1..b200f254 100755 --- a/deploy/adapters/ansible/roles/post-osa/files/sfc.conf +++ b/deploy/adapters/ansible/roles/post-osa/files/sfc.conf @@ -1,6 +1,6 @@ [DEFAULT] -service_plugins = router,metering,flow_classifier,sfc +service_plugins = router,metering,flow_classifier,sfc,trunk [sfc] drivers = ovs diff --git a/deploy/adapters/ansible/roles/post-osa/tasks/install_networking_sfc.yml b/deploy/adapters/ansible/roles/post-osa/tasks/install_networking_sfc.yml index d5a04e78..684d05cb 100644 --- a/deploy/adapters/ansible/roles/post-osa/tasks/install_networking_sfc.yml +++ b/deploy/adapters/ansible/roles/post-osa/tasks/install_networking_sfc.yml @@ -2,7 +2,7 @@ - name: install networking-sfc pip: - name: networking-sfc + name: networking-sfc==6.0.0.0rc1 virtualenv: /openstack/venvs/neutron-{{ os_ver }} when: - inventory_hostname in groups['neutron_server'] diff --git a/deploy/adapters/ansible/roles/post-osa/tasks/main.yml b/deploy/adapters/ansible/roles/post-osa/tasks/main.yml index fed3842f..e7e4c37d 100644 --- a/deploy/adapters/ansible/roles/post-osa/tasks/main.yml +++ b/deploy/adapters/ansible/roles/post-osa/tasks/main.yml @@ -11,6 +11,7 @@ when: - inventory_hostname in groups['compute'] - ansible_distribution == 'Ubuntu' + - NEUTRON_MECHANISM_DRIVERS[0] == "openvswitch" # install networking-sfc for non odl scenarios - include: install_networking_sfc.yml @@ -29,3 +30,6 @@ - include: tacker_horizon.yml when: inventory_hostname in groups['horizon_all'] + +- include: novaclient_workaround.yml + when: inventory_hostname in groups['utility'] diff --git a/deploy/adapters/ansible/roles/post-osa/tasks/novaclient_workaround.yml b/deploy/adapters/ansible/roles/post-osa/tasks/novaclient_workaround.yml new file mode 100644 index 00000000..40ec608d --- /dev/null +++ b/deploy/adapters/ansible/roles/post-osa/tasks/novaclient_workaround.yml @@ -0,0 +1,6 @@ +--- + +- name: use python-novaclient version 9.0.0 to replace 10.2.0 + pip: + name: python-novaclient + version: 9.0.0 diff --git a/deploy/adapters/ansible/roles/post-osa/vars/main.yml b/deploy/adapters/ansible/roles/post-osa/vars/main.yml index f5ffa335..7aed0472 100644 --- a/deploy/adapters/ansible/roles/post-osa/vars/main.yml +++ b/deploy/adapters/ansible/roles/post-osa/vars/main.yml @@ -1,9 +1,9 @@ --- # yamllint disable rule:line-length -os_ver: "{{ lookup('yamlfile', '/opt/openstack-ansible/group_vars/all/all.yml key=openstack_release') }}" +os_ver: "{{ lookup('yamlfile', '/opt/openstack-ansible/inventory/group_vars/all/all.yml key=openstack_release') }}" # yamllint enable rule:line-length -os_name: pike +os_name: queens # yamllint disable rule:line-length tacker_horizon_repo: https://github.com/openstack/tacker-horizon.git diff --git a/deploy/adapters/ansible/roles/setup-host/tasks/Ubuntu.yml b/deploy/adapters/ansible/roles/setup-host/tasks/Ubuntu.yml index 00675d9c..5d9cded0 100644 --- a/deploy/adapters/ansible/roles/setup-host/tasks/Ubuntu.yml +++ b/deploy/adapters/ansible/roles/setup-host/tasks/Ubuntu.yml @@ -8,7 +8,7 @@ # ############################################################################# --- - name: setup hosts - shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \ + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_queens-opnfv2/ansible.log; \ export ANSIBLE_SCP_IF_SSH=y; \ cd /opt/openstack-ansible/playbooks; \ openstack-ansible setup-hosts.yml \ @@ -19,7 +19,7 @@ register: failed_container - name: destroy the failed_container - shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \ + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_queens-opnfv2/ansible.log; \ export ANSIBLE_SCP_IF_SSH=y; \ cd /opt/openstack-ansible/playbooks; \ openstack-ansible lxc-containers-destroy.yml \ @@ -30,7 +30,7 @@ ignore_errors: "True" - name: retry to setup failed_container - shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_pike-opnfv2/ansible.log; \ + shell: "export ANSIBLE_LOG_PATH=/var/ansible/run/openstack_queens-opnfv2/ansible.log; \ export ANSIBLE_SCP_IF_SSH=y; \ cd /opt/openstack-ansible/playbooks; \ openstack-ansible setup-hosts.yml --limit {{item}} \ diff --git a/deploy/adapters/ansible/roles/setup-openvswitch/handlers/main.yml b/deploy/adapters/ansible/roles/setup-openvswitch/handlers/main.yml index fb7814b7..58a1710c 100644 --- a/deploy/adapters/ansible/roles/setup-openvswitch/handlers/main.yml +++ b/deploy/adapters/ansible/roles/setup-openvswitch/handlers/main.yml @@ -6,6 +6,11 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################ --- +- name: restart network service + service: + name: networking + state: restarted + - name: restart neutron-openvswitch-agent service: name: neutron-openvswitch-agent diff --git a/deploy/adapters/ansible/roles/setup-openvswitch/tasks/compute.yml b/deploy/adapters/ansible/roles/setup-openvswitch/tasks/compute.yml index 43c6689f..670eea75 100644 --- a/deploy/adapters/ansible/roles/setup-openvswitch/tasks/compute.yml +++ b/deploy/adapters/ansible/roles/setup-openvswitch/tasks/compute.yml @@ -50,7 +50,7 @@ when: - compute in item["role"] -- name: start neutron-openvswitch-agent +- name: restart neutron-openvswitch-agent service: name: neutron-openvswitch-agent - state: started + state: restarted diff --git a/deploy/adapters/ansible/roles/setup-openvswitch/tasks/controller.yml b/deploy/adapters/ansible/roles/setup-openvswitch/tasks/controller.yml index 3637d1db..726cb545 100644 --- a/deploy/adapters/ansible/roles/setup-openvswitch/tasks/controller.yml +++ b/deploy/adapters/ansible/roles/setup-openvswitch/tasks/controller.yml @@ -50,7 +50,27 @@ when: - controller in item["role"] +- name: configure interfaces ubuntu + template: + src: controller.j2 + dest: /etc/network/interfaces + notify: + - restart network service + - name: start neutron-openvswitch-agent service: name: neutron-openvswitch-agent - state: started + state: restarted + +- name: update keepalived + replace: + dest: /etc/keepalived/keepalived.conf + regexp: 'br-external' + replace: 'br-provider' + +- meta: flush_handlers + +- name: restart keepalived + service: + name: keepalived + state: restarted diff --git a/deploy/adapters/ansible/roles/setup-openvswitch/tasks/main.yml b/deploy/adapters/ansible/roles/setup-openvswitch/tasks/main.yml index 87e508ca..0ad47d3c 100644 --- a/deploy/adapters/ansible/roles/setup-openvswitch/tasks/main.yml +++ b/deploy/adapters/ansible/roles/setup-openvswitch/tasks/main.yml @@ -10,9 +10,19 @@ - include: controller.yml when: - inventory_hostname not in groups['nova_compute'] - - NEUTRON_MECHANISM_DRIVERS[0] == "openvswitch" or "opendaylight" + - NEUTRON_MECHANISM_DRIVERS[0] == "openvswitch" - include: compute.yml when: - inventory_hostname in groups['nova_compute'] - - NEUTRON_MECHANISM_DRIVERS[0] == "openvswitch" or "opendaylight" + - NEUTRON_MECHANISM_DRIVERS[0] == "openvswitch" + +- include_vars: "{{ ansible_os_family }}.yml" + when: + - odl_sfc is not defined or odl_sfc != "Enable" + - NEUTRON_MECHANISM_DRIVERS[0] == "opendaylight" + +- include: odl.yml + when: + - odl_sfc is not defined or odl_sfc != "Enable" + - NEUTRON_MECHANISM_DRIVERS[0] == "opendaylight" diff --git a/deploy/adapters/ansible/roles/setup-openvswitch/tasks/odl.yml b/deploy/adapters/ansible/roles/setup-openvswitch/tasks/odl.yml new file mode 100644 index 00000000..9c96a46a --- /dev/null +++ b/deploy/adapters/ansible/roles/setup-openvswitch/tasks/odl.yml @@ -0,0 +1,25 @@ +############################################################################# +# Copyright (c) 2017-2018 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################# +--- +- name: uninstall ovs for odl + apt: + name: "{{ item.name }}" + state: absent + with_items: "{{ ovs_pkgs }}" + +- name: download ovs pkgs + get_url: + url: "{{ item.url }}" + dest: "/tmp/{{ item.package }}" + with_items: "{{ ovs_pkgs }}" + +- name: install ovs pkgs + shell: + dpkg -i "/tmp/{{ item.package }}" + with_items: "{{ ovs_pkgs }}" diff --git a/deploy/adapters/ansible/roles/setup-openvswitch/templates/controller.j2 b/deploy/adapters/ansible/roles/setup-openvswitch/templates/controller.j2 new file mode 100755 index 00000000..bdc4d447 --- /dev/null +++ b/deploy/adapters/ansible/roles/setup-openvswitch/templates/controller.j2 @@ -0,0 +1,90 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +# The loopback network interface +auto lo +iface lo inet loopback + +# Physical interface +auto eth0 +iface eth0 inet manual + +# external interface +{% set intf_external = contr_sys_mappings["external"]["interface"] %} +{% if contr_sys_mappings["external"]["vlan_tag"] | int %} +{% set intf_external = intf_external + '.' + contr_sys_mappings["external"]["vlan_tag"]|string %} +{% endif %} +auto {{ intf_external }} +iface {{ intf_external }} inet manual +{% if contr_sys_mappings["external"]["vlan_tag"] | int %} + vlan-raw-device {{ intf_external }} +{% endif %} + +# tenant interface +{% set intf_tenant = contr_sys_mappings["tenant"]["interface"] %} +{% if contr_sys_mappings["tenant"]["vlan_tag"] | int %} +{% set intf_tenant = intf_tenant + '.' + contr_sys_mappings["tenant"]["vlan_tag"]|string %} +{% endif %} +auto {{ intf_tenant }} +iface {{ intf_tenant }} inet manual +{% if contr_sys_mappings["tenant"]["vlan_tag"] | int %} + vlan-raw-device {{ intf_tenant }} +{% endif %} + +# storage interface +{% set intf_storage = contr_sys_mappings["storage"]["interface"] %} +{% if contr_sys_mappings["storage"]["vlan_tag"] | int %} +{% set intf_storage = intf_storage + '.' + contr_sys_mappings["storage"]["vlan_tag"]|string %} +{% endif %} +auto {{ intf_storage }} +iface {{ intf_storage }} inet manual +{% if contr_sys_mappings["storage"]["vlan_tag"] | int %} + vlan-raw-device {{ intf_storage }} +{% endif %} + +# Container/Host management bridge +auto br-mgmt +iface br-mgmt inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports eth0 + address {{ ip_settings[inventory_hostname]["mgmt"]["ip"] }} + netmask 255.255.255.0 + +# OpenStack Networking VLAN bridge +auto br-provider +iface br-provider inet static + address {{ ip_settings[inventory_hostname]["external"]["ip"] }} + netmask 255.255.255.0 + gateway {{ ip_settings[inventory_hostname]["external"]["gw"] }} + pre-up ifconfig br-external down || true + pre-up brctl delbr br-external || true + +# OpenStack Networking VXLAN (tunnel/overlay) bridge +# +# Only the COMPUTE and NETWORK nodes must have an IP address +# on this bridge. When used by infrastructure nodes, the +# IP addresses are assigned to containers which use this +# bridge. +# +auto br-tenant +iface br-tenant inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports {{ intf_tenant }} + address {{ ip_settings[inventory_hostname]["tenant"]["ip"] }} + netmask 255.255.255.0 + +# Storage bridge +auto br-storage +iface br-storage inet static + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + bridge_ports {{ intf_storage }} + address {{ ip_settings[inventory_hostname]["storage"]["ip"] }} + netmask 255.255.255.0 + +source /etc/network/interfaces.d/*.cfg diff --git a/deploy/adapters/ansible/roles/setup-openvswitch/vars/Debian.yml b/deploy/adapters/ansible/roles/setup-openvswitch/vars/Debian.yml index b6bd95a8..72c410ca 100644 --- a/deploy/adapters/ansible/roles/setup-openvswitch/vars/Debian.yml +++ b/deploy/adapters/ansible/roles/setup-openvswitch/vars/Debian.yml @@ -1,3 +1,16 @@ --- ovs_service: openvswitch-switch + +# yamllint disable rule:line-length +ovs_pkgs: + - openvswitch-common: + name: openvswitch-common + package: openvswitch-common.deb + url: http://archive.ubuntu.com/ubuntu/pool/main/o/openvswitch/openvswitch-common_2.8.0-0ubuntu2_amd64.deb + + - openvswitch-switch: + name: openvswitch-switch + package: openvswitch-switch.deb + url: http://archive.ubuntu.com/ubuntu/pool/main/o/openvswitch/openvswitch-switch_2.8.0-0ubuntu2_amd64.deb +# yamllint enable rule:line-length diff --git a/deploy/adapters/cobbler/kickstarts/default16-aarch64.seed b/deploy/adapters/cobbler/kickstarts/default16-aarch64.seed new file mode 100644 index 00000000..e3e11f36 --- /dev/null +++ b/deploy/adapters/cobbler/kickstarts/default16-aarch64.seed @@ -0,0 +1,177 @@ +# Mostly based on the Ubuntu installation guide +# https://help.ubuntu.com/12.04/installation-guide/ + +## Figure out if we're kickstarting a system or a profile +#if $getVar('system_name','') != '' +#set $what = "system" +#else +#set $what = "profile" +#end if + +# Preseeding only locale sets language, country and locale. +d-i debian-installer/locale string en_US +d-i debian-installer/country string US +d-i debian-installer/language string en + +d-i debian-installer/splash boolean false +d-i debian-installer/quiet boolean false +d-i debian-installer/framebuffer boolean true +d-i hw-detect/load_firmware boolean true + +# Keyboard selection. +# Disable automatic (interactive) keymap detection. +d-i console-setup/ask_detect boolean false +d-i console-setup/layoutcode string us +d-i console-setup/modelcode string SKIP +d-i keyboard-configuration/variantcode string us +d-i keyboard-configuration/layoutcode string us +d-i keyboard-configuration/model select Generic 105-key (Intl) PC +d-i console-keymaps-at/keymap select us +d-i keyboard-configuration/xkb-keymap select us + +d-i preseed/early_command string \ +wget -O- \ +http://$http_server/cblr/svc/op/script/$what/$name/?script=preseed_early_default | /bin/sh -s; \ +debconf-set-selections /tmp/pre_install_network_config + +$SNIPPET('preseed_network_config') + +# Partition disk manually +d-i partman-auto/disk string /dev/sda +d-i partman-auto/method string regular +d-i partman-lvm/device_remove_lvm boolean true +d-i partman-md/device_remove_md boolean true +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true + +d-i partman-auto/choose_recipe select efi-root +d-i partman-auto/expert_recipe string \ + efi-root :: \ + 512 512 512 fat32 \ + $primary{ } $lvmignore{ } \ + method{ efi } format{ } \ + . \ + 4096 4096 -1 ext4 \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ / } \ + . + +d-i partman-basicfilesystems/no_swap boolean false + +d-i partman/confirm_write_new_label boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true + +# NTP/Time Setup +#if $getVar('timezone', '') != "" +d-i time/zone string $timezone +#else +d-i time/zone string US/Pacific +#end if +d-i clock-setup/utc boolean true +d-i clock-setup/ntp boolean true +#if $getVar('ntp_server', '') == "" +d-i clock-setup/ntp-server string 0.ubuntu.pool.ntp.org +#else +d-i clock-setup/ntp-server string $ntp_server +#end if + +# Setup the installation source +d-i mirror/country string manual +d-i mirror/http/hostname string $http_server +d-i mirror/http/directory string $install_source_directory +d-i mirror/http/proxy string +d-i mirror/http/mirror select $http_server +d-i mirror/protocol select http +d-i mirror/udeb/components multiselect main, restricted + +#set $os_v = $getVar('os_version','') +#if $os_v and $os_v.lower()[0] > 'p' +# Required at least for 12.10+ +d-i live-installer/net-image string http://$http_server/cobbler/ks_mirror/$distro_name/install/filesystem.squashfs +#end if + +# root account and password +#if $getVar('username', 'root') != "root" +d-i passwd/root-login boolean false +d-i passwd/make-user boolean true +d-i user-setup/allow-password-weak boolean true +d-i passwd/root-password password root +d-i passwd/root-password-again password root + #set username = $getVar('username', 'root') +d-i passwd/user-fullname string $username +d-i passwd/username string $username + #if $getVar('password', '') != "" +d-i passwd/user-password-crypted password $password + #else +d-i passwd/user-password password $username +d-i passwd/user-password-again password $username + #end if +#else +d-i passwd/root-login boolean true +d-i passwd/make-user boolean false +d-i user-setup/allow-password-weak boolean true + #if $getVar('password', '') != "" +d-i passwd/root-password-crypted password $password + #else +d-i passwd/root-password password root +d-i passwd/root-password-again password root + #end if +#end if + +$SNIPPET('preseed_apt_repo_config') + +# Individual additional packages to install +# wget is REQUIRED otherwise quite a few things won't work +# later in the build (like late-command scripts) +#if $getVar('tool', '') != '' + #set $preseed_software = "preseed_software_%s" % $tool +$SNIPPET($preseed_software) +#else +d-i pkgsel/include string ntp ssh openssh-server wget vim bridge-utils ifenslave vlan +#end if + +# Whether to upgrade packages after debootstrap. +# Allowed values: none, safe-upgrade, full-upgrade +d-i pkgsel/upgrade select none +d-i popularity-contest/participate boolean false +d-i lilo-installer/skip boolean true +d-i grub-installer/only_debian boolean true + +# Use the following option to add additional boot parameters for the +# installed system (if supported by the bootloader installer). +# Note: options passed to the installer will be added automatically. +d-i debian-installer/add-kernel-opts string $kernel_options_post +d-i debian-installer/allow_unauthenticated string true + +d-i finish-install/late_command string update-grub +# Avoid that last message about the install being complete. +d-i finish-install/reboot_in_progress note + +# This will prevent the installer from ejecting the CD during the reboot, +# which is useful in some situations. +d-i cdrom-detect/eject boolean false + +# This command is run just before the install finishes, but when there is +# still a usable /target directory. You can chroot to /target and use it +# directly, or use the apt-install and in-target commands to easily install +# packages and run commands in the target system. +# d-i preseed/late_command string [command] +d-i preseed/late_command string \ +in-target sed -i '$a UseDNS no' /etc/ssh/sshd_config; \ +in-target sed -i 's/.*GSSAPIAuthentication.*/GSSAPIAuthentication no/g' /etc/ssh/sshd_config; \ +in-target sed -i '$d' /usr/share/initramfs-tools/scripts/local-top/lvm2; \ +in-target echo "lvm vgchange -ay" >> /usr/share/initramfs-tools/scripts/local-top/lvm2; \ +in-target echo "exit 0" >> /usr/share/initramfs-tools/scripts/local-top/lvm2; \ +in-target touch /etc/initramfs-tools/scripts/local-top/lvm2; \ +in-target chmod 777 /etc/initramfs-tools/scripts/local-top/lvm2; \ +in-target echo "vgchange -a y" >> /etc/initramfs-tools/scripts/local-top/lvm2; \ +wget -O- \ + http://$http_server/cblr/svc/op/script/$what/$name/?script=preseed_late_default | \ + chroot /target /bin/sh -s; cp /target/etc/network/interfaces /etc/network/interfaces; \ +in-target update-initramfs -k `uname -r` -c; \ +in-target update-grub; \ +in-target apt-get install python2.7; \ +in-target ln -s /usr/bin/python2.7 /usr/bin/python diff --git a/deploy/adapters/cobbler/snippets/kickstart_client.rb b/deploy/adapters/cobbler/snippets/kickstart_client.rb index 568ba46a..a890272a 100644 --- a/deploy/adapters/cobbler/snippets/kickstart_client.rb +++ b/deploy/adapters/cobbler/snippets/kickstart_client.rb @@ -1,3 +1,12 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + mkdir -p /etc/chef cat << EOL > /etc/chef/client.rb log_level :info diff --git a/deploy/adapters/cobbler/snippets/kickstart_knife.rb b/deploy/adapters/cobbler/snippets/kickstart_knife.rb index e4ab081b..aca3d5c0 100644 --- a/deploy/adapters/cobbler/snippets/kickstart_knife.rb +++ b/deploy/adapters/cobbler/snippets/kickstart_knife.rb @@ -1,3 +1,12 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + mkdir -p /root/.chef cat << EOL > /root/.chef/knife.rb log_level :info diff --git a/deploy/adapters/cobbler/snippets/preseed_knife.rb b/deploy/adapters/cobbler/snippets/preseed_knife.rb index 32047bbc..fa9a808d 100644 --- a/deploy/adapters/cobbler/snippets/preseed_knife.rb +++ b/deploy/adapters/cobbler/snippets/preseed_knife.rb @@ -1,3 +1,12 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + mkdir -p /root/.chef cat << EOL > /root/.chef/knife.rb log_level :info diff --git a/deploy/adapters/cobbler/snippets/preseed_post_apt_repo_config b/deploy/adapters/cobbler/snippets/preseed_post_apt_repo_config index 6ea56c56..591313b5 100644 --- a/deploy/adapters/cobbler/snippets/preseed_post_apt_repo_config +++ b/deploy/adapters/cobbler/snippets/preseed_post_apt_repo_config @@ -29,6 +29,8 @@ $SNIPPET($repos_snippet) #if $arch == "x86_64" #set $rarch = "[arch=amd64]" +#elif $arch == "arm" + #set $rarch = "[arch=arm64]" #else #set $rarch = "[arch=%s]" % $arch #end if |