diff options
Diffstat (limited to 'mcp/scripts/docker-compose')
-rw-r--r-- | mcp/scripts/docker-compose/docker-compose.yaml.j2 | 102 | ||||
-rwxr-xr-x | mcp/scripts/docker-compose/files/entrypoint.sh | 104 | ||||
-rw-r--r-- | mcp/scripts/docker-compose/files/entrypoint_maas.sh.j2 | 62 | ||||
-rw-r--r-- | mcp/scripts/docker-compose/files/hosts.j2 | 7 | ||||
-rw-r--r-- | mcp/scripts/docker-compose/files/opnfv_master.conf | 21 |
5 files changed, 296 insertions, 0 deletions
diff --git a/mcp/scripts/docker-compose/docker-compose.yaml.j2 b/mcp/scripts/docker-compose/docker-compose.yaml.j2 new file mode 100644 index 000000000..04dc93f98 --- /dev/null +++ b/mcp/scripts/docker-compose/docker-compose.yaml.j2 @@ -0,0 +1,102 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +{%- import 'net_map.j2' as nm with context %} +{%- import 'net_macros.j2' as ma with context %} +{#- conf.MCPCONTROL_NET & co are mandatory, defaults are set via globals.sh #} +{%- set net_mcpcontrol = [conf.MCPCONTROL_NET, conf.MCPCONTROL_PREFIX] | join("/") %} +version: '2' +services: + opnfv-fuel-salt-master: + container_name: "fuel" + image: "opnfv/fuel:saltmaster-reclass-{{ conf.MCP_DOCKER_TAG }}" + restart: always + networks: + mcpcontrol: + ipv4_address: {{ conf.SALT_MASTER }} + pxebr: + ipv4_address: {{ nm.net_admin | ipnet_hostaddr(nm.start_ip[nm.net_admin] + nm.net_admin_hosts.index('opnfv_infra_config_pxe_admin_address') +1) }} + mgmt: + ipv4_address: {{ nm.net_mgmt | ipnet_hostaddr(nm.start_ip[nm.net_mgmt] + nm.net_mgmt_hosts.index('opnfv_infra_config_address') +1) }} + volumes: + - /run/dbus/system_bus_socket:/run/dbus/system_bus_socket:ro + - {{ conf.MCP_REPO_ROOT_PATH }}:/root/fuel + - {{ conf.MCP_REPO_ROOT_PATH }}/mcp/scripts/docker-compose/files/entrypoint.sh:/entrypoint.sh + - {{ conf.MCP_STORAGE_DIR }}/pod_config.yml:/root/pod_config.yml + - {{ conf.MCP_STORAGE_DIR }}/nodes:/srv/salt/reclass/nodes + - {{ conf.MCP_STORAGE_DIR }}/pki:/etc/pki + - {{ conf.MCP_STORAGE_DIR }}/salt:/etc/salt + - {{ conf.MCP_STORAGE_DIR }}/hosts:/etc/hosts +{%- if conf.MCP_VCP or '-vcp-' in conf.MCP_DEPLOY_SCENARIO %} + - {{ conf.MCP_STORAGE_DIR }}/base_image_opnfv_fuel_vcp.img:/srv/salt/env/prd/salt/files/control/images/base_image_opnfv_fuel_vcp.img +{%- endif %} + hostname: cfg01 + domainname: {{ conf.cluster.domain }} + privileged: true + dns: +{%- for server in nm.dns_public %} + - {{ server }} +{%- endfor %} +{%- if nm.cluster.has_baremetal_nodes %} + opnfv-fuel-maas: + container_name: "maas" + image: "opnfv/fuel:saltminion-maas-{{ conf.MCP_DOCKER_TAG }}" + restart: always + networks: + mcpcontrol: + ipv4_address: {{ conf.MAAS_IP }} + pxebr: + ipv4_address: {{ nm.net_admin | ipnet_hostaddr(nm.start_ip[nm.net_admin] + nm.net_admin_hosts.index('opnfv_infra_maas_node01_deploy_address') +1) }} + mgmt: + ipv4_address: {{ nm.net_mgmt | ipnet_hostaddr(nm.start_ip[nm.net_mgmt] + nm.net_mgmt_hosts.index('opnfv_infra_maas_node01_address') +1) }} + volumes: + - /lib/modules:/lib/modules:ro + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /run/dbus/system_bus_socket:/run/dbus/system_bus_socket:ro + - {{ conf.MCP_REPO_ROOT_PATH }}/mcp/scripts/docker-compose/files/entrypoint_maas.sh:/entrypoint.sh:ro + - {{ conf.MCP_STORAGE_DIR }}/hosts:/etc/hosts:ro + - {{ conf.MCP_STORAGE_DIR }}/mas01/etc/iptables:/etc/iptables + - {{ conf.MCP_STORAGE_DIR }}/mas01/var/lib/postgresql:/var/lib/postgresql + - {{ conf.MCP_STORAGE_DIR }}/mas01/var/lib/maas:/var/lib/maas + - {{ conf.MCP_STORAGE_DIR }}/mas01/var/spool/maas-proxy:/var/spool/maas-proxy + - {{ conf.MCP_STORAGE_DIR }}/mas01/etc/maas:/etc/maas + hostname: mas01 + domainname: {{ conf.cluster.domain }} + privileged: true + dns: +{%- for server in nm.dns_public %} + - {{ server }} +{%- endfor %} + ports: + - 5240:5240 +{%- endif %} +networks: + mcpcontrol: + driver: bridge + driver_opts: + com.docker.network.driver.mtu: 9000 + ipam: + config: + - subnet: {{ net_mcpcontrol }} + pxebr: + driver: macvlan + driver_opts: + parent: veth_mcp1 # Always untagged + ipam: + config: + - subnet: {{ nm.net_admin }} + mgmt: + driver: macvlan + driver_opts: +{%- if conf.idf.fuel.jumphost.get('trunks', {}).get('mgmt', False) %} + parent: {{ ma.interface_str('veth_mcp3', nm.vlan_mgmt) }} +{%- else %} + parent: veth_mcp3 # Untagged by default +{%- endif %} + ipam: + config: + - subnet: {{ nm.net_mgmt }} diff --git a/mcp/scripts/docker-compose/files/entrypoint.sh b/mcp/scripts/docker-compose/files/entrypoint.sh new file mode 100755 index 000000000..baf1f65d2 --- /dev/null +++ b/mcp/scripts/docker-compose/files/entrypoint.sh @@ -0,0 +1,104 @@ +#!/bin/bash -e +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +mkdir -p /etc/salt/{master.d,minion.d,proxy.d} + +if [ ! -z "$SALT_EXT_PILLAR" ]; then + cp -avr "/tmp/${SALT_EXT_PILLAR}.conf" /etc/salt/master.d/ +fi + +if [ ! -f /home/ubuntu/.ssh/authorized_keys ]; then + install -D -o ubuntu /root/fuel/mcp/scripts/mcp.rsa.pub \ + /home/ubuntu/.ssh/authorized_keys + mkdir -p /root/.ssh/ + echo 'User ubuntu' > /root/.ssh/config + echo 'IdentityFile /root/fuel/mcp/scripts/mcp.rsa' >> /root/.ssh/config +fi + +# salt state does not properly configure file_roots in master.conf, hard set it +cp -a /root/fuel/mcp/scripts/docker-compose/files/opnfv_master.conf \ + /etc/salt/master.d/opnfv_master.conf +echo -e 'master: localhost\nmine_interval: 15' > /etc/salt/minion.d/opnfv_slave.conf + +# NOTE: Most Salt and/or reclass tools have issues traversing Docker mounts +# or detecting them as directories inside the container. +# For now, let's do a lot of copy operations to bypass this. +# Later, we will inject the OPNFV patched reclass model during image build. +rm -rf /srv/salt/reclass/classes/* +cp -ar /root/fuel/mcp/reclass/classes/* /srv/salt/reclass/classes +cp -ar /root/fuel/mcp/reclass/nodes/* /srv/salt/reclass/nodes +# Sensitive data should stay out of /root/fuel, which is exposed via Jenkins WS +cp -a /root/pod_config.yml \ + /srv/salt/reclass/classes/cluster/all-mcp-arch-common/opnfv/pod_config.yml + +# OPNFV formulas +prefix=/srv/salt/formula/salt-formulas +rm -f /root/fuel/mcp/salt-formulas/*/.git +cp -ar /root/fuel/mcp/salt-formulas/* ${prefix}/ +for formula in 'armband' 'opendaylight' 'tacker' 'quagga'; do + ln -sf /root/fuel/mcp/salt-formulas/salt-formula-${formula}/* \ + /srv/salt/env/prd/ +done + +# Re-create classes.service links that we destroyed above +for formula in ${prefix}/*; do + if [ -e "${formula}/metadata/service" ] && [[ ! $formula =~ \. ]]; then + ln -sf "${formula}/metadata/service" \ + "/srv/salt/reclass/classes/service/${formula#${prefix}/salt-formula-}" + fi +done + +# Create links for salt-formula-* packages to mimic git-style salt-formulas +for artifact in /usr/share/salt-formulas/env/_*/*; do + ln -sf "${artifact}" "/srv/salt/env/prd/${artifact#/usr/share/salt-formulas/env/}" +done +for artifact in /usr/share/salt-formulas/env/*; do + if [[ ! ${artifact} =~ ^_ ]]; then + ln -sf "${artifact}" "/srv/salt/env/prd/$(basename ${artifact})" + fi +done +for formula in /usr/share/salt-formulas/reclass/service/*; do + ln -sf "${formula}" "/srv/salt/reclass/classes/service/$(basename ${formula})" +done + +# Temporary link rocky configs to stein +for f in /srv/salt/env/prd/*/files/rocky; do + if [ ! -d "$f/../stein" ]; then + ln -sf "$f" "$f/../stein" + fi +done + +# Tini init system resembles upstart very much, but needs a little adjustment +sed -i -e "s|return 'start/running' in |return 'is running' in |" \ + -e "s|ret = _default_runlevel|return _default_runlevel|" \ + /usr/lib/python2.7/dist-packages/salt/modules/upstart.py + +# Workaround for: https://github.com/salt-formulas/reclass/issues/77 +sed -i -e 's|\(ignore_overwritten_missing_references\)defaults.|\1|' \ + /usr/local/lib/python2.7/dist-packages/reclass/settings.py + +# Remove broken symlinks in /srv/salt, silences recurring warnings +find -L /srv/salt /srv/salt/env/prd/_* -maxdepth 1 -type l -delete + +# Fix up any permissions after above file shuffling +chown root:root -R /srv/salt + +# Docker-ce 19.x+ workaround for broken domainname setup +# shellcheck source=/dev/null +source /root/fuel/mcp/scripts/xdf_data.sh +hostname -b "cfg01.${CLUSTER_DOMAIN}" + +service ssh start +service salt-minion start + +if [[ $# -lt 1 ]] || [[ "$1" == "--"* ]]; then + exec /usr/bin/salt-master --log-file-level=quiet --log-level=info "$@" +else + exec "$@" +fi diff --git a/mcp/scripts/docker-compose/files/entrypoint_maas.sh.j2 b/mcp/scripts/docker-compose/files/entrypoint_maas.sh.j2 new file mode 100644 index 000000000..d92eeb017 --- /dev/null +++ b/mcp/scripts/docker-compose/files/entrypoint_maas.sh.j2 @@ -0,0 +1,62 @@ +#!/bin/bash -e +############################################################################## +# Copyright (c) 2019 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +{%- import 'net_map.j2' as nm with context %} +{%- set pxebr_addr = nm.net_admin | ipnet_hostaddr(nm.start_ip[nm.net_admin] + nm.net_admin_hosts.index('opnfv_infra_maas_node01_deploy_address') +1) %} +if [ ! -e /var/lib/postgresql/*/main ]; then + cp -ar /var/lib/opnfv/{postgresql,maas} /var/lib/ + cp -ar /var/lib/opnfv/etc/maas /etc/ +fi +chown -R maas:maas /var/lib/maas /etc/maas +chown -R postgres:postgres /var/lib/postgresql +chown -R proxy:proxy /var/spool/maas-proxy + +if [ ! -f /etc/sysctl.d/99-salt.conf ]; then + echo 'net.ipv4.ip_forward = 1' > /etc/sysctl.d/99-salt.conf +fi + +cat <<-EOF | tee /etc/resolv.conf +{%- for server in nm.dns_public %} +nameserver {{ server }} +{%- endfor %} +EOF + +cat <<-EOF | tee /etc/salt/minion.d/opnfv.conf +id: mas01.{{ conf.cluster.domain }} +master: {{ conf.SALT_MASTER }} +grains: + virtual_subtype: Docker_ +EOF +rm -f /etc/salt/minion.d/99-master-address.conf + +# Work around MaaS issues with PXE/admin using jumbo frames +MAAS_MTU_SERVICE="/etc/systemd/system/maas-mtu.service" +cat <<-EOF | tee "${MAAS_MTU_SERVICE}" +[Unit] +Requires=network-online.target +After=network-online.target +[Service] +ExecStart=/bin/sh -ec '\ + /sbin/ifconfig $(/sbin/ip addr | /bin/grep -Po "{{ pxebr_addr }}.* \K(.*)") mtu 1500' +EOF +ln -sf "${MAAS_MTU_SERVICE}" "/etc/systemd/system/multi-user.target.wants/" + +# Configure mass-region-controller if not already done previously +[ ! -e /var/lib/maas/secret ] || exit 0 +MAAS_FIXUP_SERVICE="/etc/systemd/system/maas-fixup.service" +cat <<-EOF | tee "${MAAS_FIXUP_SERVICE}" +[Unit] +After=postgresql.service +[Service] +ExecStart=/bin/sh -ec '\ + echo "debconf debconf/frontend select Noninteractive" | debconf-set-selections && \ + /var/lib/dpkg/info/maas-region-controller.config configure && \ + /var/lib/dpkg/info/maas-region-controller.postinst configure' +EOF +ln -sf "${MAAS_FIXUP_SERVICE}" "/etc/systemd/system/multi-user.target.wants/" +rm "/usr/sbin/policy-rc.d" diff --git a/mcp/scripts/docker-compose/files/hosts.j2 b/mcp/scripts/docker-compose/files/hosts.j2 new file mode 100644 index 000000000..b42c5a088 --- /dev/null +++ b/mcp/scripts/docker-compose/files/hosts.j2 @@ -0,0 +1,7 @@ +{{ conf.SALT_MASTER }} cfg01.{{ conf.cluster.domain }} +127.0.0.1 localhost +::1 localhost ip6-localhost ip6-loopback +fe00::0 ip6-localnet +ff00::0 ip6-mcastprefix +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters diff --git a/mcp/scripts/docker-compose/files/opnfv_master.conf b/mcp/scripts/docker-compose/files/opnfv_master.conf new file mode 100644 index 000000000..8e6d1af28 --- /dev/null +++ b/mcp/scripts/docker-compose/files/opnfv_master.conf @@ -0,0 +1,21 @@ +worker_threads: 20 +timeout: 15 +gather_job_timeout: 30 +max_open_files: 15000 + +file_roots: + base: + - /srv/salt/env/prd + prd: + - /srv/salt/env/prd + dev: + - /srv/salt/env/dev + - /srv/salt/env/prd + +user: root +file_recv: True + +open_mode: True + +peer: + .*: ['x509.sign_remote_certificate'] |