diff options
35 files changed, 1554 insertions, 139 deletions
diff --git a/ci/README.md b/ci/README.md new file mode 100644 index 00000000..c0873dad --- /dev/null +++ b/ci/README.md @@ -0,0 +1,7 @@ +The scripts located in this folder are used by OPNFV XCI/Jenkins +and they are not supposed to be used by users and developers. + +The scripts are executed by Jenkins jobs directly in execute-shell +or by simple wrappers so the most of the XCI specific logic is +developed and maintained for XCI CI gets verified like the rest of +XCI scripts. diff --git a/docs/xci-criterias-cls.rst b/docs/xci-criterias-cls.rst new file mode 100644 index 00000000..0a0f8f97 --- /dev/null +++ b/docs/xci-criterias-cls.rst @@ -0,0 +1,74 @@ +.. _xci-criterias-cls: + +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. SPDX-License-Identifier: CC-BY-4.0 +.. (c) Fatih Degirmenci (fatih.degirmenci@ericsson.com) + +============================================= +XCI Promotion Criterias and Confidence Levels +============================================= + +This document is structured in a way to explain the current Promotion Criterias and Confidence +Levels XCI uses to test and promote the scenarios. This is followed by other chapters to +start the conversation around how these criterias can be improved depending on the features +and scenarios that are onboarded to XCI or declared interest in participating. + +The expectation is to update this document collaboratively with the feature projects, scenario +owners, XCI team, test projects and release management to find right/sufficient/necessary +level of testing that are relevant to the features and scenarios. + +This document should be seen as guidance for the projects taking part in XCI until +the OPNFV CD-Based Release Model and the criterias set for the CI Loops for that track +become available. Until this happens, CI Loops will be constructed/updated by taking input +from this document to provide feedback to the projects based on the test scope set by the +projects themselves. + +The CD-Based Release Model will supersede the information and criterias set in this document. + +Existing CI Loops and Promotion Criterias +========================================= + +XCI determined various CI Loops that run for the scenarios that take part in XCI. +These loops are + +* verify +* post-merge + +Currently, XCI uses verify and post-merge loops to verify the changes and promote +the scenarios to the next loop in the CI Flow as candidates. The details of what +is done by each loop currently are listed below. + +verify +------ + +The changes and subsequent patches enter this pipeline and get verified against +the most basic criteria OPNFV has. + +* virtual noha deployment +* functest healthcheck + +The checks done within this loop is common for all the scenarios and features no matter if +they are OpenStack or Kubernetes scenarios. + +The changes that get Verified+1 from this pipeline is deemed to be good and +can be merged to master if there is sufficient +2 votes from the XCI and/or project committers. + +post-merge +---------- + +The changes that are merged to master enter this pipeline and get verified +against the same criteria as the verify pipeline. + +* virtual noha deployment +* functest healthcheck + +The checks done within this loop is common for all the scenarios no matter if +they are OpenStack or Kubernetes scenarios. + +The changes that are successfully verified get promoted for the next loop in +the pipeline. + +Evolving CI Loops and Promotion Criterias +========================================= + +TBD diff --git a/xci/config/env-vars b/xci/config/env-vars index f72a0240..bf333bdf 100755 --- a/xci/config/env-vars +++ b/xci/config/env-vars @@ -16,15 +16,24 @@ export KEEPALIVED_GIT_URL=${KEEPALIVED_GIT_URL:-https://github.com/evrardjp/ansi export OPENSTACK_OSA_ETC_PATH=/etc/openstack_deploy export OPNFV_HOST_IP=192.168.122.2 export XCI_FLAVOR_ANSIBLE_FILE_PATH=$XCI_PATH/xci/installer/$INSTALLER_TYPE/files/$XCI_FLAVOR -export CI_LOOP=${CI_LOOP:-daily} -export JOB_NAME=${JOB_NAME:-false} + # XCI_CACHE is a cache on localhost where repositories and scenarios are cloned. export XCI_CACHE=${XCI_PATH}/.cache + # OPNFV_XCI_CACHE is similar to XCI_CACHE but refers to the remote OPNFV host. export OPNFV_XCI_CACHE="/root/releng-xci/.cache" export XCI_SCENARIOS_CACHE="${XCI_CACHE}/repos/scenarios" export XCI_PLAYBOOKS=${XCI_PATH}/xci/playbooks +# Functest parameters +export FUNCTEST_MODE=${FUNCTEST_MODE:-"tier"} +export FUNCTEST_SUITE_NAME=${FUNCTEST_SUITE_NAME:-"healthcheck"} + +# CI paremeters +export CI_LOOP=${CI_LOOP:-"daily"} +export BUILD_TAG=${BUILD_TAG:-"notag"} +export NODE_NAME=${NODE_NAME:-$(hostname)} + #------------------------------------------------------------------------------- # Paths where git repositories of XCI Components will be cloned on the OPNFV host #------------------------------------------------------------------------------- @@ -43,3 +52,5 @@ export XCI_SSL_SUBJECT=${XCI_SSL_SUBJECT:-"/C=US/ST=California/L=San Francisco/O export DEPLOY_SCENARIO=${DEPLOY_SCENARIO:-"os-nosdn-nofeature"} # Kubespray requires that ansible version is 2.4.0.0 export XCI_KUBE_ANSIBLE_PIP_VERSION=2.4.0.0 +# OpenStack global requirements version +export OPENSTACK_REQUIREMENTS_VERSION=${OPENSTACK_REQUIREMENTS_VERSION:-$(awk '/requirements_git_install_branch:/ {print $2}' ${XCI_PATH}/xci/installer/osa/files/openstack_services.yml)} diff --git a/xci/config/pinned-versions b/xci/config/pinned-versions index 6b20374a..72a0ff61 100755 --- a/xci/config/pinned-versions +++ b/xci/config/pinned-versions @@ -45,4 +45,4 @@ export HAPROXY_VERSION=$(grep -E '.*name: haproxy_server' -A 3 \ | tail -n1 | sed -n 's/\(^.*: \)\([0-9a-z].*$\)/\2/p') # HEAD of kubspray "master" as of 27.02.2018 # kubespray's bug Reference: https://github.com/kubernetes-incubator/kubespray/issues/2400 -export KUBESPRAY_VERSION=${KUBESPRAY_VERSION:-"810c10a0e9b65b0ef8ae8f7c302f7553a165631c"} +export KUBESPRAY_VERSION=${KUBESPRAY_VERSION:-"5d9bb300d716880610c34dd680c167d2d728984d"} diff --git a/xci/files/install-lib.sh b/xci/files/install-lib.sh index 92d1f065..43e1213e 100644 --- a/xci/files/install-lib.sh +++ b/xci/files/install-lib.sh @@ -15,14 +15,13 @@ function install_ansible() { set -eu # Use the upper-constraints file from the pinned requirements repository. - local requirements_sha=$(awk '/requirements_git_install_branch:/ {print $2}' ${XCI_PATH}/xci/installer/osa/files/openstack_services.yml) - local uc="https://raw.githubusercontent.com/openstack/requirements/${requirements_sha}/upper-constraints.txt" + local uc="https://raw.githubusercontent.com/openstack/requirements/${OPENSTACK_REQUIREMENTS_VERSION}/upper-constraints.txt" local install_map declare -A PKG_MAP # workaround: for latest bindep to work, it needs to use en_US local - export LANG=c + export LANG="C" CHECK_CMD_PKGS=( gcc @@ -135,6 +134,7 @@ function install_ansible() { set -u # We are inside the virtualenv now so we should be good to use pip and python from it. + pip -q install --upgrade pip==9.0.3 # We need a version which supports the '-c' parameter pip -q install --upgrade -c $uc ara virtualenv pip setuptools ansible==$XCI_ANSIBLE_PIP_VERSION ansible-lint==3.4.21 ara_location=$(python -c "import os,ara; print(os.path.dirname(ara.__file__))") @@ -144,12 +144,14 @@ function install_ansible() { ansible_lint() { set -eu # Use the upper-constraints file from the pinned requirements repository. - local requirements_sha=$(awk '/requirements_git_install_branch:/ {print $2}' ${XCI_PATH}/xci/installer/osa/files/openstack_services.yml) - local uc="https://raw.githubusercontent.com/openstack/requirements/${requirements_sha}/upper-constraints.txt" + local uc="https://raw.githubusercontent.com/openstack/requirements/${OPENSTACK_REQUIREMENTS_VERSION}/upper-constraints.txt" local playbooks_dir=(xci/playbooks xci/installer/osa/playbooks xci/installer/kubespray/playbooks) # Extract role from scenario information local testing_role=$(sed -n "/^- scenario: ${DEPLOY_SCENARIO}/,/^$/p" ${XCI_PATH}/xci/opnfv-scenario-requirements.yml | grep role | rev | cut -d '/' -f -1 | rev) + # clear XCI_CACHE + rm -rf ${XCI_CACHE}/repos/openstack-ansible-tests + # Clone OSA rules too git clone --quiet --depth 1 https://github.com/openstack/openstack-ansible-tests.git \ ${XCI_CACHE}/repos/openstack-ansible-tests diff --git a/xci/files/xci-destroy-env.sh b/xci/files/xci-destroy-env.sh index 2e183bd7..97b76c7c 100755 --- a/xci/files/xci-destroy-env.sh +++ b/xci/files/xci-destroy-env.sh @@ -27,8 +27,8 @@ if which vbmc &>/dev/null || { [[ -e ${XCI_VENV}/bifrost/bin/activate ]] && sour # Delete all libvirt VMs and hosts from vbmc (look for a port number) for vm in $(vbmc list | awk '/[0-9]/{{ print $2 }}'); do if which virsh &>/dev/null; then - virsh destroy $vm || true - virsh undefine $vm || true + virsh destroy $vm &>/dev/null || true + virsh undefine $vm &>/dev/null || true fi vbmc delete $vm done @@ -40,8 +40,8 @@ for varfile in ${flavors[@]}; do source ${XCI_PATH}/xci/config/${varfile}-vars for vm in ${TEST_VM_NODE_NAMES}; do if which virsh &>/dev/null; then - virsh destroy $vm || true - virsh undefine $vm || true + virsh destroy $vm &>/dev/null || true + virsh undefine $vm &>/dev/null || true fi done done diff --git a/xci/infra/bifrost/scripts/bifrost-provision.sh b/xci/infra/bifrost/scripts/bifrost-provision.sh index f653a2fd..940e9439 100755 --- a/xci/infra/bifrost/scripts/bifrost-provision.sh +++ b/xci/infra/bifrost/scripts/bifrost-provision.sh @@ -21,7 +21,7 @@ export PYTHONUNBUFFERED=1 SCRIPT_HOME="$(cd "$(dirname "$0")" && pwd)" BIFROST_HOME=$SCRIPT_HOME/.. ENABLE_VENV="true" -export VENV=${XCI_VENV}/bifrost +export VENV=${XCI_VENV} PROVISION_WAIT_TIMEOUT=${PROVISION_WAIT_TIMEOUT:-3600} # This is normally exported by XCI env but we should initialize it here # in case we run this script on its own for debug purposes @@ -102,7 +102,15 @@ fi # Install missing dependencies. Use sudo since for bifrost jobs # the venv is not ready yet. -[[ -n ${VIRTUAL_ENV:-} ]] && _sudo="" || _sudo="sudo -H -E" +if [[ -n ${VIRTUAL_ENV:-} ]]; then + _sudo="" +else + virtualenv --quiet --no-site-packages ${XCI_VENV} + set +u + source ${XCI_VENV}/bin/activate + set -u + _sudo="sudo -H -E" +fi ${_sudo} pip install -q --upgrade -r "$(dirname $0)/../requirements.txt" # Change working directory diff --git a/xci/installer/kubespray/deploy.sh b/xci/installer/kubespray/deploy.sh index 5136f5a8..1a0b34bc 100755 --- a/xci/installer/kubespray/deploy.sh +++ b/xci/installer/kubespray/deploy.sh @@ -14,13 +14,6 @@ set -o pipefail K8_XCI_PLAYBOOKS="$(dirname $(realpath ${BASH_SOURCE[0]}))/playbooks" export ANSIBLE_ROLES_PATH=$HOME/.ansible/roles:/etc/ansible/roles:${XCI_PATH}/xci/playbooks/roles -# NOTE(hwoarang): This is a workaround for SUSE until upstream PR is accepted -# https://github.com/kubernetes-incubator/kubespray/pull/2380 -if [[ ${XCI_DISTRO} == opensuse ]]; then - export KUBESPRAY_GIT_URL=https://github.com/hwoarang/kubespray.git - export KUBESPRAY_VERSION=add-opensuse-support -fi - #------------------------------------------------------------------------------- # Configure localhost #------------------------------------------------------------------------------- @@ -86,6 +79,11 @@ ssh root@$OPNFV_HOST_IP "set -o pipefail; cd releng-xci/.cache/repos/kubespray;\ -i opnfv_inventory/inventory.cfg cluster.yml -b | tee setup-kubernetes.log" scp root@$OPNFV_HOST_IP:~/releng-xci/.cache/repos/kubespray/setup-kubernetes.log \ $LOG_PATH/setup-kubernetes.log + +cd $K8_XCI_PLAYBOOKS +ansible-playbook ${XCI_ANSIBLE_PARAMS} -e XCI_PATH="${XCI_PATH}" \ + -i ${XCI_FLAVOR_ANSIBLE_FILE_PATH}/inventory/inventory.cfg \ + configure-kubenet.yml echo echo "-----------------------------------------------------------------------" echo "Info: Kubernetes installation is successfully completed!" diff --git a/xci/installer/kubespray/playbooks/configure-kubenet.yml b/xci/installer/kubespray/playbooks/configure-kubenet.yml new file mode 100644 index 00000000..1c3740b2 --- /dev/null +++ b/xci/installer/kubespray/playbooks/configure-kubenet.yml @@ -0,0 +1,50 @@ +--- +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2018 SUSE LINUX GmbH and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +# NOTE(hwoarang) Kubenet expects networking to be prepared by the administrator so it's necessary +# to do that as part of the node configuration. All we need is to add static routes on every node +# so cbr0 interfaces can talk to each other. +- name: Prepare networking for kubenet + hosts: k8s-cluster + gather_facts: True + become: yes + vars_files: + - "{{ xci_path }}/xci/var/opnfv.yml" + tasks: + - name: Configure static routes + block: + - name: Collect cbr0 information from the nodes + set_fact: + kubenet_xci_static_routes: |- + {% set static_routes = [] %} + {% for host in groups['k8s-cluster']|select("ne", inventory_hostname) %} + {%- set _ = static_routes.append( + {'network': (hostvars[host]['ansible_cbr0']['ipv4']['network']+'/'+ + hostvars[host]['ansible_cbr0']['ipv4']['netmask'])|ipaddr('net'), + 'gateway': hostvars[host]['ansible_default_ipv4']['address']}) -%} + {% endfor %} + {{ static_routes }} + + - name: Add static routes on each node + shell: "ip route show | grep -q {{ item.network }} || ip route add {{ item.network }} via {{ item.gateway }}" + with_items: "{{ kubenet_xci_static_routes }}" + loop_control: + label: "{{ item.network }}" + when: deploy_scenario == 'k8-nosdn-nofeature' + + - name: Ensure rp_filter is disabled on localhost + sysctl: + name: net.ipv4.conf.all.rp_filter + sysctl_set: yes + state: present + value: "{{ deploy_scenario == 'k8-nosdn-nofeature' | ternary(0, 1) }}" + reload: yes + delegate_to: localhost + run_once: True diff --git a/xci/installer/kubespray/playbooks/configure-opnfvhost.yml b/xci/installer/kubespray/playbooks/configure-opnfvhost.yml index a4bdbf07..ac8988da 100644 --- a/xci/installer/kubespray/playbooks/configure-opnfvhost.yml +++ b/xci/installer/kubespray/playbooks/configure-opnfvhost.yml @@ -30,18 +30,6 @@ recursive: yes delete: yes - - name: generate SSH keys - command: ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N "" - args: - creates: /root/.ssh/id_rsa - - name: add id_rsa.pub to authorized_keys - shell: cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys - when: xci_flavor == 'aio' - - name: fetch public key - fetch: - src: "{{ ansible_env.HOME }}/.ssh/id_rsa.pub" - dest: "{{ xci_path }}/xci/files/authorized_keys" - flat: yes - name: delete the opnfv_inventory directory file: path: "{{ remote_xci_path }}/.cache/repos/kubespray/opnfv_inventory" @@ -55,11 +43,7 @@ file: path: "{{ remote_xci_path }}/.cache/repos/kubespray/opnfv_inventory/group_vars" state: directory - - name: copy k8s_cluster.yml - command: "cp -rf {{ remote_xci_path }}/xci/installer/kubespray/files/k8s-cluster.yml \ - {{ remote_xci_path }}/.cache/repos/kubespray/opnfv_inventory/group_vars" - args: - creates: "{{ remote_xci_path }}/.cache/repos/kubespray/opnfv_inventory/group_vars/k8s-cluster.yml" + - include: "{{ xci_path }}/xci/playbooks/bootstrap-scenarios.yml" - name: Install required packages package: name: "{{ kube_require_packages[ansible_pkg_mgr] }}" @@ -73,17 +57,21 @@ insertafter: 'targetPort' line: " type: NodePort" - - name: pip install ansible + - name: pip install required packages pip: - name: ansible - version: "{{ xci_kube_ansible_pip_version }}" + name: "{{ item.name }}" + version: "{{ item.version | default(omit) }}" + with_items: + - { name: 'ansible', version: "{{ xci_kube_ansible_pip_version }}" } + - { name: 'netaddr' } + - name: Configure SSL certificates + include_tasks: "{{ xci_path }}/xci/playbooks/manage-ssl-certs.yml" -- hosts: localhost - remote_user: root - vars_files: - - "{{ xci_path }}/xci/var/opnfv.yml" - tasks: - - name: Append public keys to authorized_keys - shell: "/bin/cat {{ ansible_env.HOME }}/.ssh/id_rsa.pub >> {{ xci_path }}/xci/files/authorized_keys" - changed_when: True + - name: fetch xci environment + copy: + src: "{{ xci_path }}/.cache/xci.env" + dest: /root/xci.env + + - name: Manage SSH keys + include_tasks: "{{ xci_path }}/xci/playbooks/manage-ssh-keys.yml" diff --git a/xci/installer/kubespray/playbooks/configure-targethosts.yml b/xci/installer/kubespray/playbooks/configure-targethosts.yml index d89cd334..c744eae6 100644 --- a/xci/installer/kubespray/playbooks/configure-targethosts.yml +++ b/xci/installer/kubespray/playbooks/configure-targethosts.yml @@ -1,14 +1,13 @@ --- -- hosts: all +- hosts: k8s-cluster remote_user: root tasks: - - name: add public key to host - copy: - src: "{{ xci_path }}/xci/files/authorized_keys" - dest: /root/.ssh/authorized_keys - - name: Install required packages + - name: Manage SSH keys + include_tasks: "{{ xci_path }}/xci/playbooks/manage-ssh-keys.yml" + + - name: Install dbus package: - name: "{{ kube_require_packages[ansible_pkg_mgr] }}" + name: "{{ (ansible_pkg_mgr == 'zypper') | ternary('dbus-1', 'dbus') }}" state: present update_cache: "{{ (ansible_pkg_mgr == 'apt') | ternary('yes', omit) }}" @@ -25,4 +24,6 @@ when: xci_flavor == 'ha' - role: "haproxy_server" haproxy_service_configs: "{{ haproxy_default_services}}" + haproxy_user_ssl_cert: "/etc/ssl/certs/xci.crt" + haproxy_user_ssl_key: "/etc/ssl/private/xci.key" when: xci_flavor == 'ha' diff --git a/xci/installer/kubespray/playbooks/group_vars/all b/xci/installer/kubespray/playbooks/group_vars/all index 87ed63bd..328f8dba 100644 --- a/xci/installer/kubespray/playbooks/group_vars/all +++ b/xci/installer/kubespray/playbooks/group_vars/all @@ -1,14 +1,3 @@ -kube_require_packages: - apt: - - python-netaddr - - dbus - yum: - - python-netaddr - - dbus - zypper: - - python-netaddr - - dbus-1 - keepalived_ubuntu_src: "uca" keepalived_uca_apt_repo_url: "{{ uca_apt_repo_url | default('http://ubuntu-cloud.archive.canonical.com/ubuntu') }}" diff --git a/xci/installer/osa/files/ansible-role-requirements.yml b/xci/installer/osa/files/ansible-role-requirements.yml index e4e87ddd..5ecbf155 100644 --- a/xci/installer/osa/files/ansible-role-requirements.yml +++ b/xci/installer/osa/files/ansible-role-requirements.yml @@ -200,7 +200,7 @@ - name: opendaylight scm: git src: https://github.com/opendaylight/integration-packaging-ansible-opendaylight - version: 72face5c6bfcef4e548d2af5066eff884b4cfac7 + version: 1f0f943499dcdd28a1b6971992c46bb4513ce8fb - name: haproxy_endpoints scm: git src: https://github.com/logan2211/ansible-haproxy-endpoints diff --git a/xci/installer/osa/playbooks/configure-opnfvhost.yml b/xci/installer/osa/playbooks/configure-opnfvhost.yml index 35b17e55..96bd9e5e 100644 --- a/xci/installer/osa/playbooks/configure-opnfvhost.yml +++ b/xci/installer/osa/playbooks/configure-opnfvhost.yml @@ -83,9 +83,9 @@ - { src: "{{ remote_xci_path }}/xci/installer/osa/files/cinder.yml", dest: "{{ openstack_osa_etc_path }}/env.d" } - { src: "{{ remote_xci_path }}/xci/installer/osa/files/user_variables_proxy.yml", dest: "{{ openstack_osa_etc_path }}/user_variables_proxy.yml", cond: "{{ lookup('env', 'http_proxy') != '' }}" } - { src: "{{ remote_xci_path }}/xci/installer/osa/files/setup-openstack.yml", dest: "{{ openstack_osa_path }}/playbooks" } - - { src: "{{ remote_xci_path }}/xci/installer/osa/files/ansible-role-requirements.yml", dest: "{{openstack_osa_path}}/ansible-role-requirements.yml", cond: openstack_osa_version != "master" } - - { src: "{{ remote_xci_path }}/xci/installer/osa/files/global-requirement-pins.txt", dest: "{{openstack_osa_path}}/global-requirement-pins.txt", cond: openstack_osa_version != "master" } - - { src: "{{ remote_xci_path }}/xci/installer/osa/files/openstack_services.yml", dest: "{{ openstack_osa_path }}/playbooks/defaults/repo_packages/openstack_services.yml", cond: openstack_osa_version != "master" } + - { src: "{{ remote_xci_path }}/xci/installer/osa/files/ansible-role-requirements.yml", dest: "{{openstack_osa_path}}/ansible-role-requirements.yml", cond: "{{ openstack_osa_version != 'master' }}" } + - { src: "{{ remote_xci_path }}/xci/installer/osa/files/global-requirement-pins.txt", dest: "{{openstack_osa_path}}/global-requirement-pins.txt", cond: "{{ openstack_osa_version != 'master' }}" } + - { src: "{{ remote_xci_path }}/xci/installer/osa/files/openstack_services.yml", dest: "{{ openstack_osa_path }}/playbooks/defaults/repo_packages/openstack_services.yml", cond: "{{ openstack_osa_version != 'master' }}" } when: item.cond is not defined or (item.cond is defined and item.cond | bool) loop_control: label: "{{ item.src }}" @@ -114,10 +114,8 @@ command: "/bin/bash ./scripts/bootstrap-ansible.sh" args: creates: "/usr/local/bin/openstack-ansible" - - changed_when: True - args: chdir: "{{openstack_osa_path}}" + - name: install opnfv pip required packages pip: name: "{{ item }}" @@ -127,7 +125,6 @@ - pyyaml - python-neutronclient - python-openstackclient - - pyOpenSSL - name: Install ARA callback plugin in OSA virtualenv pip: name: ara @@ -154,24 +151,10 @@ chdir: "{{openstack_osa_path}}/scripts" changed_when: True - - name: Generate XCI private key - openssl_privatekey: - path: /etc/ssl/private/xci.key - size: 2048 - - - name: Generate XCI certificate request - openssl_csr: - privatekey_path: /etc/ssl/private/xci.key - path: /etc/ssl/private/xci.csr - common_name: "{{ xci_ssl_subject }}" - - - name: Generate XCI self signed certificate - openssl_certificate: - path: /etc/ssl/certs/xci.crt - privatekey_path: /etc/ssl/private/xci.key - csr_path: /etc/ssl/private/xci.csr - provider: selfsigned - selfsigned_not_after: 20800101000000Z + - name: Configure SSL certificates + include_tasks: "{{ xci_path }}/xci/playbooks/manage-ssl-certs.yml" + vars: + extra_args: "-c https://raw.githubusercontent.com/openstack/requirements/{{ requirements_git_install_branch }}/upper-constraints.txt" - name: fetch xci environment copy: diff --git a/xci/opnfv-scenario-requirements.yml b/xci/opnfv-scenario-requirements.yml index a8361535..925789a9 100644 --- a/xci/opnfv-scenario-requirements.yml +++ b/xci/opnfv-scenario-requirements.yml @@ -28,7 +28,7 @@ - scenario: os-nosdn-nofeature scm: git - src: https://git.opnfv.org/releng-xci + src: https://gerrit.opnfv.org/gerrit/releng-xci version: master role: xci/scenarios/os-nosdn-nofeature/role/os-nosdn-nofeature installers: @@ -44,7 +44,7 @@ - scenario: os-odl-nofeature scm: git - src: https://git.opnfv.org/releng-xci + src: https://gerrit.opnfv.org/gerrit/releng-xci version: master role: xci/scenarios/os-odl-nofeature/role/os-odl-nofeature installers: @@ -59,7 +59,7 @@ - scenario: k8-nosdn-nofeature scm: git - src: https://git.opnfv.org/releng-xci + src: https://gerrit.opnfv.org/gerrit/releng-xci version: master role: xci/scenarios/k8-nosdn-nofeature/role/k8-nosdn-nofeature installers: @@ -77,7 +77,7 @@ - scenario: os-odl-bgpvpn scm: git src: https://gerrit.opnfv.org/gerrit/sdnvpn - version: master + version: 6.0.0 role: scenarios/os-odl-bgpvpn/role/os-odl-bgpvpn installers: - installer: osa @@ -88,3 +88,54 @@ distros: - ubuntu - centos + +- scenario: k8-canal-nofeature + scm: git + src: https://gerrit.opnfv.org/gerrit/releng-xci + version: master + role: xci/scenarios/k8-canal-nofeature/role/k8-canal-nofeature + installers: + - installer: kubespray + flavors: + - aio + - ha + - mini + - noha + distros: + - ubuntu + - centos + - opensuse + +- scenario: k8-calico-nofeature + scm: git + src: https://gerrit.opnfv.org/gerrit/releng-xci + version: master + role: xci/scenarios/k8-calico-nofeature/role/k8-calico-nofeature + installers: + - installer: kubespray + flavors: + - aio + - ha + - mini + - noha + distros: + - ubuntu + - centos + - opensuse + +- scenario: k8-flannel-nofeature + scm: git + src: https://gerrit.opnfv.org/gerrit/releng-xci + version: master + role: xci/scenarios/k8-flannel-nofeature/role/k8-flannel-nofeature + installers: + - installer: kubespray + flavors: + - aio + - ha + - noha + - mini + distros: + - ubuntu + - centos + - opensuse diff --git a/xci/playbooks/bootstrap-scenarios.yml b/xci/playbooks/bootstrap-scenarios.yml index 6546d5ce..d1331252 100644 --- a/xci/playbooks/bootstrap-scenarios.yml +++ b/xci/playbooks/bootstrap-scenarios.yml @@ -25,3 +25,19 @@ include_role: name: "os-odl-bgpvpn" when: deploy_scenario == 'os-odl-bgpvpn' +- name: Prepare everything to run the k8-canal-nofeature scenario + include_role: + name: "k8-canal-nofeature" + when: deploy_scenario == 'k8-canal-nofeature' +- name: Prepare everything to run the k8-canal-nofeature scenario + include_role: + name: "k8-calico-nofeature" + when: deploy_scenario == 'k8-calico-nofeature' +- name: Prepare everything to run the k8-flannel-nofeature scenario + include_role: + name: "k8-flannel-nofeature" + when: deploy_scenario == 'k8-flannel-nofeature' +- name: Prepare everything to run the k8-nosdn-nofeature scenario + include_role: + name: "k8-nosdn-nofeature" + when: deploy_scenario == 'k8-nosdn-nofeature' diff --git a/xci/playbooks/get-opnfv-scenario-requirements.yml b/xci/playbooks/get-opnfv-scenario-requirements.yml index f37de61a..af97ceb2 100644 --- a/xci/playbooks/get-opnfv-scenario-requirements.yml +++ b/xci/playbooks/get-opnfv-scenario-requirements.yml @@ -80,7 +80,7 @@ dest: "{{ role_path_default }}/{{ item.item.role | basename }}" archive: no times: no - recurse: yes + recursive: yes checksum: yes owner: yes group: yes diff --git a/xci/playbooks/manage-ssl-certs.yml b/xci/playbooks/manage-ssl-certs.yml new file mode 100644 index 00000000..d0c5c518 --- /dev/null +++ b/xci/playbooks/manage-ssl-certs.yml @@ -0,0 +1,32 @@ +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2018 SUSE Linux GmbH and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +- name: Install required pip packages for SSL + pip: + name: pyOpenSSL + state: present + extra_args: "{{ extra_args | default(omit) }}" + +- name: Generate XCI private key + openssl_privatekey: + path: /etc/ssl/private/xci.key + size: 2048 + +- name: Generate XCI certificate request + openssl_csr: + privatekey_path: /etc/ssl/private/xci.key + path: /etc/ssl/private/xci.csr + common_name: "{{ xci_ssl_subject }}" + +- name: Generate XCI self signed certificate + openssl_certificate: + path: /etc/ssl/certs/xci.crt + privatekey_path: /etc/ssl/private/xci.key + csr_path: /etc/ssl/private/xci.csr + provider: selfsigned + selfsigned_not_after: 20800101000000Z diff --git a/xci/playbooks/roles/prepare-functest/tasks/main.yml b/xci/playbooks/roles/prepare-functest/tasks/main.yml index ad578bfd..c29baca9 100644 --- a/xci/playbooks/roles/prepare-functest/tasks/main.yml +++ b/xci/playbooks/roles/prepare-functest/tasks/main.yml @@ -26,16 +26,19 @@ state: present extra_args: '-c https://raw.githubusercontent.com/openstack/requirements/{{ requirements_git_install_branch }}/upper-constraints.txt' -- name: check if the gateway was already set - shell: "ip a | grep {{ gateway_ip }}" - register: gateway_ip_result - ignore_errors: True - changed_when: False +- name: create public network gateway for functest + block: + - name: check if the gateway was already set + shell: "ip a | grep {{ gateway_ip }}" + register: gateway_ip_result + ignore_errors: True + changed_when: False -- name: add public network gateway - command: "ip addr add {{ gateway_ip_mask }} brd {{ broadcast_ip }} dev {{ gateway_interface }}" - changed_when: False - when: gateway_ip_result|failed + - name: add public network gateway + command: "ip addr add {{ gateway_ip_mask }} brd {{ broadcast_ip }} dev {{ gateway_interface }}" + changed_when: False + when: gateway_ip_result|failed + when: deploy_scenario is match("os-.*") - name: prepare environment file for functest template: diff --git a/xci/playbooks/roles/prepare-functest/templates/env.j2 b/xci/playbooks/roles/prepare-functest/templates/env.j2 index af271ac7..d9a3bf32 100644 --- a/xci/playbooks/roles/prepare-functest/templates/env.j2 +++ b/xci/playbooks/roles/prepare-functest/templates/env.j2 @@ -1,5 +1,7 @@ INSTALLER_IP=192.168.122.2 -EXTERNAL_NETWORK={{ external_network }} -CI_LOOP=daily TEST_DB_URL=http://testresults.opnfv.org/test/api/v1/results ENERGY_RECORDER_API_URL=http://energy.opnfv.fr/resources +{# external network is only valid for OpenStack based scenarios #} +{% if 'os-' in deploy_scenario %} +EXTERNAL_NETWORK={{ external_network }} +{% endif %} diff --git a/xci/playbooks/roles/prepare-functest/templates/run-functest.sh.j2 b/xci/playbooks/roles/prepare-functest/templates/run-functest.sh.j2 index a0ac9970..7856cb0e 100644 --- a/xci/playbooks/roles/prepare-functest/templates/run-functest.sh.j2 +++ b/xci/playbooks/roles/prepare-functest/templates/run-functest.sh.j2 @@ -1,21 +1,10 @@ #!/bin/bash # Variables that we need to pass from XCI to functest -XCI_ENV=(INSTALLER_TYPE XCI_FLAVOR) +XCI_ENV=(INSTALLER_TYPE XCI_FLAVOR OPENSTACK_OSA_VERSION CI_LOOP BUILD_TAG NODE_NAME FUNCTEST_MODE FUNCTEST_SUITE_NAME) -source /root/openrc - -openstack --insecure network create --external \ - --provider-physical-network flat \ - --provider-network-type flat {{ external_network }} - -openstack --insecure subnet create --network {{ external_network }} \ - --allocation-pool {{ allocation_pool }} \ - --subnet-range {{ subnet_cidr }} --gateway {{ gateway_ip }} \ - --no-dhcp {{ subnet_name }} - -mkdir ~/results/ -mkdir ~/images && cd ~/images && wget -q http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img && cd ~ +# Create directory to store functest logs +mkdir -p ~/results/ # Extract variables from xci.env file if [[ -e /root/xci.env ]]; then @@ -38,8 +27,58 @@ echo "------------- functest environment file --------------" cat /root/env echo "------------------------------------------------------" +# we need to ensure the necessary environment variables are sourced +source /root/env + +{% if 'os-' in deploy_scenario %} +{# stuff needed for OpenStack based scenarios #} +source /root/openrc + +openstack --insecure network create --external \ + --provider-physical-network flat \ + --provider-network-type flat {{ external_network }} + +openstack --insecure subnet create --network {{ external_network }} \ + --allocation-pool {{ allocation_pool }} \ + --subnet-range {{ subnet_cidr }} --gateway {{ gateway_ip }} \ + --no-dhcp {{ subnet_name }} + +# the needed images differ between the suites so avoid downloading unnecessary images +if [[ "$FUNCTEST_SUITE_NAME" =~ "healthcheck" ]]; then + mkdir ~/images && cd ~/images && wget -q http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img && cd ~ +elif [[ "$FUNCTEST_SUITE_NAME" =~ "smoke" ]]; then + mkdir -p images && wget -q -O- https://git.opnfv.org/functest/plain/functest/ci/download_images.sh | bash -s -- images && ls -1 images/* +else + echo "Unsupported test suite for functest" + exit 1 +fi + +# docker image to use will be different for healthcheck and smoke test +DOCKER_IMAGE_NAME="opnfv/functest-${FUNCTEST_SUITE_NAME}" + sudo docker run --env-file env \ -v $(pwd)/openrc:/home/opnfv/functest/conf/env_file \ -v $(pwd)/images:/home/opnfv/functest/images \ -v $(pwd)/results:/home/opnfv/functest/results \ - opnfv/functest-healthcheck + $DOCKER_IMAGE_NAME +{% else %} +{# stuff needed for Kubernetes based scenarios #} +# Create k8s.creds file for functest +KUBE_MASTER_URL=$(grep -r server ~/.kube/config | awk '{print $2}') +KUBE_MASTER_IP=$(echo $KUBE_MASTER_URL | awk -F "[:/]" '{print $4}') +cat << EOF > ~/k8s.creds +KUBERNETES_PROVIDER=local +KUBE_MASTER_URL=$KUBE_MASTER_URL +KUBE_MASTER_IP=$KUBE_MASTER_IP +EOF + +# docker image to use will be different for healthcheck and smoke test +DOCKER_IMAGE_NAME="opnfv/functest-kubernetes-${FUNCTEST_SUITE_NAME}" + +sudo docker run --env-file env \ + -v $(pwd)/k8s.creds:/home/opnfv/functest/conf/env_file \ + -v $(pwd)/.kube/config:/root/.kube/config \ + -v $(pwd)/results:/home/opnfv/functest/results \ + $DOCKER_IMAGE_NAME +{% endif %} + diff --git a/xci/installer/kubespray/files/k8s-cluster.yml b/xci/scenarios/k8-calico-nofeature/role/k8-calico-nofeature/files/k8s-cluster.yml index 20d3091d..20d3091d 100644 --- a/xci/installer/kubespray/files/k8s-cluster.yml +++ b/xci/scenarios/k8-calico-nofeature/role/k8-calico-nofeature/files/k8s-cluster.yml diff --git a/xci/scenarios/k8-calico-nofeature/role/k8-calico-nofeature/tasks/main.yml b/xci/scenarios/k8-calico-nofeature/role/k8-calico-nofeature/tasks/main.yml new file mode 100644 index 00000000..5b2939f1 --- /dev/null +++ b/xci/scenarios/k8-calico-nofeature/role/k8-calico-nofeature/tasks/main.yml @@ -0,0 +1,14 @@ +############################################################################## +# Copyright (c) 2018 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- + +- name: copy k8s-cluster.yml + copy: + src: "k8s-cluster.yml" + dest: "{{ remote_xci_path }}/.cache/repos/kubespray/opnfv_inventory/group_vars/k8s-cluster.yml" diff --git a/xci/scenarios/k8-canal-nofeature/role/k8-canal-nofeature/files/k8s-cluster.yml b/xci/scenarios/k8-canal-nofeature/role/k8-canal-nofeature/files/k8s-cluster.yml new file mode 100644 index 00000000..7646aefa --- /dev/null +++ b/xci/scenarios/k8-canal-nofeature/role/k8-canal-nofeature/files/k8s-cluster.yml @@ -0,0 +1,292 @@ +# Valid bootstrap options (required): ubuntu, coreos, centos, none +bootstrap_os: none + +#Directory where etcd data stored +etcd_data_dir: /var/lib/etcd + +# Directory where the binaries will be installed +bin_dir: /usr/local/bin + +## The access_ip variable is used to define how other nodes should access +## the node. This is used in flannel to allow other flannel nodes to see +## this node for example. The access_ip is really useful AWS and Google +## environments where the nodes are accessed remotely by the "public" ip, +## but don't know about that address themselves. +#access_ip: 1.1.1.1 + +### LOADBALANCING AND ACCESS MODES +## Enable multiaccess to configure etcd clients to access all of the etcd members directly +## as the "http://hostX:port, http://hostY:port, ..." and ignore the proxy loadbalancers. +## This may be the case if clients support and loadbalance multiple etcd servers natively. +#etcd_multiaccess: true + +## Internal loadbalancers for apiservers +#loadbalancer_apiserver_localhost: true + +## Local loadbalancer should use this port instead, if defined. +## Defaults to kube_apiserver_port (6443) +#nginx_kube_apiserver_port: 8443 + +### OTHER OPTIONAL VARIABLES +## For some things, kubelet needs to load kernel modules. For example, dynamic kernel services are needed +## for mounting persistent volumes into containers. These may not be loaded by preinstall kubernetes +## processes. For example, ceph and rbd backed volumes. Set to true to allow kubelet to load kernel +## modules. +# kubelet_load_modules: false + +## Internal network total size. This is the prefix of the +## entire network. Must be unused in your environment. +#kube_network_prefix: 18 + +## With calico it is possible to distributed routes with border routers of the datacenter. +## Warning : enabling router peering will disable calico's default behavior ('node mesh'). +## The subnets of each nodes will be distributed by the datacenter router +#peer_with_router: false + +## Upstream dns servers used by dnsmasq +#upstream_dns_servers: +# - 8.8.8.8 +# - 8.8.4.4 + +## There are some changes specific to the cloud providers +## for instance we need to encapsulate packets with some network plugins +## If set the possible values are either 'gce', 'aws', 'azure', 'openstack', 'vsphere', or 'external' +## When openstack is used make sure to source in the openstack credentials +## like you would do when using nova-client before starting the playbook. +#cloud_provider: + +## When OpenStack is used, Cinder version can be explicitly specified if autodetection fails (https://github.com/kubernetes/kubernetes/issues/50461) +#openstack_blockstorage_version: "v1/v2/auto (default)" +## When OpenStack is used, if LBaaSv2 is available you can enable it with the following variables. +#openstack_lbaas_enabled: True +#openstack_lbaas_subnet_id: "Neutron subnet ID (not network ID) to create LBaaS VIP" +#openstack_lbaas_floating_network_id: "Neutron network ID (not subnet ID) to get floating IP from, disabled by default" +#openstack_lbaas_create_monitor: "yes" +#openstack_lbaas_monitor_delay: "1m" +#openstack_lbaas_monitor_timeout: "30s" +#openstack_lbaas_monitor_max_retries: "3" + +## Uncomment to enable experimental kubeadm deployment mode +#kubeadm_enabled: false +#kubeadm_token_first: "{{ lookup('password', 'credentials/kubeadm_token_first length=6 chars=ascii_lowercase,digits') }}" +#kubeadm_token_second: "{{ lookup('password', 'credentials/kubeadm_token_second length=16 chars=ascii_lowercase,digits') }}" +#kubeadm_token: "{{ kubeadm_token_first }}.{{ kubeadm_token_second }}" +# +## Set these proxy values in order to update package manager and docker daemon to use proxies +#http_proxy: "" +#https_proxy: "" +## Refer to roles/kubespray-defaults/defaults/main.yml before modifying no_proxy +#no_proxy: "" + +## Uncomment this if you want to force overlay/overlay2 as docker storage driver +## Please note that overlay2 is only supported on newer kernels +#docker_storage_options: -s overlay2 + +# Uncomment this if you have more than 3 nameservers, then we'll only use the first 3. +#docker_dns_servers_strict: false + +## Default packages to install within the cluster, f.e: +#kpm_packages: +# - name: kube-system/grafana + +## Certificate Management +## This setting determines whether certs are generated via scripts or whether a +## cluster of Hashicorp's Vault is started to issue certificates (using etcd +## as a backend). Options are "script" or "vault" +#cert_management: script + +# Set to true to allow pre-checks to fail and continue deployment +#ignore_assert_errors: false + +## Etcd auto compaction retention for mvcc key value store in hour +#etcd_compaction_retention: 0 + +## Set level of detail for etcd exported metrics, specify 'extensive' to include histogram metrics. +#etcd_metrics: basic + + +# Kubernetes configuration dirs and system namespace. +# Those are where all the additional config stuff goes +# kubernetes normally puts in /srv/kubernetes. +# This puts them in a sane location and namespace. +# Editing those values will almost surely break something. +kube_config_dir: /etc/kubernetes +kube_script_dir: "{{ bin_dir }}/kubernetes-scripts" +kube_manifest_dir: "{{ kube_config_dir }}/manifests" +system_namespace: kube-system + +# Logging directory (sysvinit systems) +kube_log_dir: "/var/log/kubernetes" + +# This is where all the cert scripts and certs will be located +kube_cert_dir: "{{ kube_config_dir }}/ssl" + +# This is where all of the bearer tokens will be stored +kube_token_dir: "{{ kube_config_dir }}/tokens" + +# This is where to save basic auth file +kube_users_dir: "{{ kube_config_dir }}/users" + +kube_api_anonymous_auth: false + +## Change this to use another Kubernetes version, e.g. a current beta release +#kube_version: v1.9.0 + +# Where the binaries will be downloaded. +# Note: ensure that you've enough disk space (about 1G) +local_release_dir: "/tmp/releases" +# Random shifts for retrying failed ops like pushing/downloading +retry_stagger: 5 + +# This is the group that the cert creation scripts chgrp the +# cert files to. Not really changable... +kube_cert_group: kube-cert + +# Cluster Loglevel configuration +kube_log_level: 2 + +# Users to create for basic auth in Kubernetes API via HTTP +# Optionally add groups for user +kube_api_pwd: "{{ lookup('password', 'credentials/kube_user length=15 chars=ascii_letters,digits') }}" +kube_users: + kube: + pass: "{{kube_api_pwd}}" + role: admin + groups: + - system:masters + +## It is possible to activate / deactivate selected authentication methods (basic auth, static token auth) +#kube_oidc_auth: false +kube_basic_auth: true +#kube_token_auth: false + + +## Variables for OpenID Connect Configuration https://kubernetes.io/docs/admin/authentication/ +## To use OpenID you have to deploy additional an OpenID Provider (e.g Dex, Keycloak, ...) + +# kube_oidc_url: https:// ... +# kube_oidc_client_id: kubernetes +## Optional settings for OIDC +# kube_oidc_ca_file: {{ kube_cert_dir }}/ca.pem +# kube_oidc_username_claim: sub +# kube_oidc_groups_claim: groups + + +# Choose network plugin (calico, contiv, weave or flannel) +# Can also be set to 'cloud', which lets the cloud provider setup appropriate routing +kube_network_plugin: canal + +# weave's network password for encryption +# if null then no network encryption +# you can use --extra-vars to pass the password in command line +weave_password: EnterPasswordHere + +# Weave uses consensus mode by default +# Enabling seed mode allow to dynamically add or remove hosts +# https://www.weave.works/docs/net/latest/ipam/ +weave_mode_seed: false + +# This two variable are automatically changed by the weave's role, do not manually change these values +# To reset values : +# weave_seed: uninitialized +# weave_peers: uninitialized +weave_seed: uninitialized +weave_peers: uninitialized + +# Enable kubernetes network policies +enable_network_policy: false + +# Kubernetes internal network for services, unused block of space. +kube_service_addresses: 10.233.0.0/18 + +# internal network. When used, it will assign IP +# addresses from this range to individual pods. +# This network must be unused in your network infrastructure! +kube_pods_subnet: 10.233.64.0/18 + +# internal network node size allocation (optional). This is the size allocated +# to each node on your network. With these defaults you should have +# room for 4096 nodes with 254 pods per node. +kube_network_node_prefix: 24 + +# The port the API Server will be listening on. +kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}" +kube_apiserver_port: 6443 # (https) +kube_apiserver_insecure_port: 8080 # (http) + +# DNS configuration. +# Kubernetes cluster name, also will be used as DNS domain +cluster_name: cluster.local +# Subdomains of DNS domain to be resolved via /etc/resolv.conf for hostnet pods +ndots: 2 +# Can be dnsmasq_kubedns, kubedns or none +dns_mode: kubedns +# Can be docker_dns, host_resolvconf or none +resolvconf_mode: docker_dns +# Deploy netchecker app to verify DNS resolve as an HTTP service +deploy_netchecker: false +# Ip address of the kubernetes skydns service +skydns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(3)|ipaddr('address') }}" +dnsmasq_dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address') }}" +dns_domain: "{{ cluster_name }}" + +# Path used to store Docker data +docker_daemon_graph: "/var/lib/docker" + +## A string of extra options to pass to the docker daemon. +## This string should be exactly as you wish it to appear. +## An obvious use case is allowing insecure-registry access +## to self hosted registries like so: + +docker_options: "--insecure-registry={{ kube_service_addresses }} --graph={{ docker_daemon_graph }} {{ docker_log_opts }}" +docker_bin_dir: "/usr/bin" + +# Settings for containerized control plane (etcd/kubelet/secrets) +etcd_deployment_type: docker +kubelet_deployment_type: host +vault_deployment_type: docker +helm_deployment_type: host + +# K8s image pull policy (imagePullPolicy) +k8s_image_pull_policy: IfNotPresent + +# Kubernetes dashboard +# RBAC required. see docs/getting-started.md for access details. +dashboard_enabled: true + +# Monitoring apps for k8s +efk_enabled: false + +# Helm deployment +helm_enabled: false + +# Istio deployment +istio_enabled: false + +# Local volume provisioner deployment +local_volumes_enabled: false + +# Add Persistent Volumes Storage Class for corresponding cloud provider ( OpenStack is only supported now ) +persistent_volumes_enabled: false + +# Make a copy of kubeconfig on the host that runs Ansible in GITDIR/artifacts +kubeconfig_localhost: true +# Download kubectl onto the host that runs Ansible in GITDIR/artifacts +kubectl_localhost: true +artifacts_dir: "{{ ansible_env.HOME }}" + +# dnsmasq +# dnsmasq_upstream_dns_servers: +# - /resolvethiszone.with/10.0.4.250 +# - 8.8.8.8 + +# Enable creation of QoS cgroup hierarchy, if true top level QoS and pod cgroups are created. (default true) +# kubelet_cgroups_per_qos: true + +# A comma separated list of levels of node allocatable enforcement to be enforced by kubelet. +# Acceptible options are 'pods', 'system-reserved', 'kube-reserved' and ''. Default is "". +# kubelet_enforce_node_allocatable: pods + +## Supplementary addresses that can be added in kubernetes ssl keys. +## That can be usefull for example to setup a keepalived virtual IP +# supplementary_addresses_in_ssl_keys: [10.0.0.1, 10.0.0.2, 10.0.0.3] diff --git a/xci/scenarios/k8-canal-nofeature/role/k8-canal-nofeature/tasks/main.yml b/xci/scenarios/k8-canal-nofeature/role/k8-canal-nofeature/tasks/main.yml new file mode 100644 index 00000000..5b2939f1 --- /dev/null +++ b/xci/scenarios/k8-canal-nofeature/role/k8-canal-nofeature/tasks/main.yml @@ -0,0 +1,14 @@ +############################################################################## +# Copyright (c) 2018 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- + +- name: copy k8s-cluster.yml + copy: + src: "k8s-cluster.yml" + dest: "{{ remote_xci_path }}/.cache/repos/kubespray/opnfv_inventory/group_vars/k8s-cluster.yml" diff --git a/xci/scenarios/k8-flannel-nofeature/role/k8-flannel-nofeature/files/k8-cluster.yml b/xci/scenarios/k8-flannel-nofeature/role/k8-flannel-nofeature/files/k8-cluster.yml new file mode 100644 index 00000000..3c3dc5d9 --- /dev/null +++ b/xci/scenarios/k8-flannel-nofeature/role/k8-flannel-nofeature/files/k8-cluster.yml @@ -0,0 +1,292 @@ +# Valid bootstrap options (required): ubuntu, coreos, centos, none +bootstrap_os: none + +#Directory where etcd data stored +etcd_data_dir: /var/lib/etcd + +# Directory where the binaries will be installed +bin_dir: /usr/local/bin + +## The access_ip variable is used to define how other nodes should access +## the node. This is used in flannel to allow other flannel nodes to see +## this node for example. The access_ip is really useful AWS and Google +## environments where the nodes are accessed remotely by the "public" ip, +## but don't know about that address themselves. +#access_ip: 1.1.1.1 + +### LOADBALANCING AND ACCESS MODES +## Enable multiaccess to configure etcd clients to access all of the etcd members directly +## as the "http://hostX:port, http://hostY:port, ..." and ignore the proxy loadbalancers. +## This may be the case if clients support and loadbalance multiple etcd servers natively. +#etcd_multiaccess: true + +## Internal loadbalancers for apiservers +#loadbalancer_apiserver_localhost: true + +## Local loadbalancer should use this port instead, if defined. +## Defaults to kube_apiserver_port (6443) +#nginx_kube_apiserver_port: 8443 + +### OTHER OPTIONAL VARIABLES +## For some things, kubelet needs to load kernel modules. For example, dynamic kernel services are needed +## for mounting persistent volumes into containers. These may not be loaded by preinstall kubernetes +## processes. For example, ceph and rbd backed volumes. Set to true to allow kubelet to load kernel +## modules. +# kubelet_load_modules: false + +## Internal network total size. This is the prefix of the +## entire network. Must be unused in your environment. +#kube_network_prefix: 18 + +## With calico it is possible to distributed routes with border routers of the datacenter. +## Warning : enabling router peering will disable calico's default behavior ('node mesh'). +## The subnets of each nodes will be distributed by the datacenter router +#peer_with_router: false + +## Upstream dns servers used by dnsmasq +#upstream_dns_servers: +# - 8.8.8.8 +# - 8.8.4.4 + +## There are some changes specific to the cloud providers +## for instance we need to encapsulate packets with some network plugins +## If set the possible values are either 'gce', 'aws', 'azure', 'openstack', 'vsphere', or 'external' +## When openstack is used make sure to source in the openstack credentials +## like you would do when using nova-client before starting the playbook. +#cloud_provider: + +## When OpenStack is used, Cinder version can be explicitly specified if autodetection fails (https://github.com/kubernetes/kubernetes/issues/50461) +#openstack_blockstorage_version: "v1/v2/auto (default)" +## When OpenStack is used, if LBaaSv2 is available you can enable it with the following variables. +#openstack_lbaas_enabled: True +#openstack_lbaas_subnet_id: "Neutron subnet ID (not network ID) to create LBaaS VIP" +#openstack_lbaas_floating_network_id: "Neutron network ID (not subnet ID) to get floating IP from, disabled by default" +#openstack_lbaas_create_monitor: "yes" +#openstack_lbaas_monitor_delay: "1m" +#openstack_lbaas_monitor_timeout: "30s" +#openstack_lbaas_monitor_max_retries: "3" + +## Uncomment to enable experimental kubeadm deployment mode +#kubeadm_enabled: false +#kubeadm_token_first: "{{ lookup('password', 'credentials/kubeadm_token_first length=6 chars=ascii_lowercase,digits') }}" +#kubeadm_token_second: "{{ lookup('password', 'credentials/kubeadm_token_second length=16 chars=ascii_lowercase,digits') }}" +#kubeadm_token: "{{ kubeadm_token_first }}.{{ kubeadm_token_second }}" +# +## Set these proxy values in order to update package manager and docker daemon to use proxies +#http_proxy: "" +#https_proxy: "" +## Refer to roles/kubespray-defaults/defaults/main.yml before modifying no_proxy +#no_proxy: "" + +## Uncomment this if you want to force overlay/overlay2 as docker storage driver +## Please note that overlay2 is only supported on newer kernels +#docker_storage_options: -s overlay2 + +# Uncomment this if you have more than 3 nameservers, then we'll only use the first 3. +#docker_dns_servers_strict: false + +## Default packages to install within the cluster, f.e: +#kpm_packages: +# - name: kube-system/grafana + +## Certificate Management +## This setting determines whether certs are generated via scripts or whether a +## cluster of Hashicorp's Vault is started to issue certificates (using etcd +## as a backend). Options are "script" or "vault" +#cert_management: script + +# Set to true to allow pre-checks to fail and continue deployment +#ignore_assert_errors: false + +## Etcd auto compaction retention for mvcc key value store in hour +#etcd_compaction_retention: 0 + +## Set level of detail for etcd exported metrics, specify 'extensive' to include histogram metrics. +#etcd_metrics: basic + + +# Kubernetes configuration dirs and system namespace. +# Those are where all the additional config stuff goes +# kubernetes normally puts in /srv/kubernetes. +# This puts them in a sane location and namespace. +# Editing those values will almost surely break something. +kube_config_dir: /etc/kubernetes +kube_script_dir: "{{ bin_dir }}/kubernetes-scripts" +kube_manifest_dir: "{{ kube_config_dir }}/manifests" +system_namespace: kube-system + +# Logging directory (sysvinit systems) +kube_log_dir: "/var/log/kubernetes" + +# This is where all the cert scripts and certs will be located +kube_cert_dir: "{{ kube_config_dir }}/ssl" + +# This is where all of the bearer tokens will be stored +kube_token_dir: "{{ kube_config_dir }}/tokens" + +# This is where to save basic auth file +kube_users_dir: "{{ kube_config_dir }}/users" + +kube_api_anonymous_auth: false + +## Change this to use another Kubernetes version, e.g. a current beta release +#kube_version: v1.9.0 + +# Where the binaries will be downloaded. +# Note: ensure that you've enough disk space (about 1G) +local_release_dir: "/tmp/releases" +# Random shifts for retrying failed ops like pushing/downloading +retry_stagger: 5 + +# This is the group that the cert creation scripts chgrp the +# cert files to. Not really changable... +kube_cert_group: kube-cert + +# Cluster Loglevel configuration +kube_log_level: 2 + +# Users to create for basic auth in Kubernetes API via HTTP +# Optionally add groups for user +kube_api_pwd: "{{ lookup('password', 'credentials/kube_user length=15 chars=ascii_letters,digits') }}" +kube_users: + kube: + pass: "{{kube_api_pwd}}" + role: admin + groups: + - system:masters + +## It is possible to activate / deactivate selected authentication methods (basic auth, static token auth) +#kube_oidc_auth: false +kube_basic_auth: true +#kube_token_auth: false + + +## Variables for OpenID Connect Configuration https://kubernetes.io/docs/admin/authentication/ +## To use OpenID you have to deploy additional an OpenID Provider (e.g Dex, Keycloak, ...) + +# kube_oidc_url: https:// ... +# kube_oidc_client_id: kubernetes +## Optional settings for OIDC +# kube_oidc_ca_file: {{ kube_cert_dir }}/ca.pem +# kube_oidc_username_claim: sub +# kube_oidc_groups_claim: groups + + +# Choose network plugin (calico, contiv, weave or flannel) +# Can also be set to 'cloud', which lets the cloud provider setup appropriate routing +kube_network_plugin: flannel + +# weave's network password for encryption +# if null then no network encryption +# you can use --extra-vars to pass the password in command line +weave_password: EnterPasswordHere + +# Weave uses consensus mode by default +# Enabling seed mode allow to dynamically add or remove hosts +# https://www.weave.works/docs/net/latest/ipam/ +weave_mode_seed: false + +# This two variable are automatically changed by the weave's role, do not manually change these values +# To reset values : +# weave_seed: uninitialized +# weave_peers: uninitialized +weave_seed: uninitialized +weave_peers: uninitialized + +# Enable kubernetes network policies +enable_network_policy: false + +# Kubernetes internal network for services, unused block of space. +kube_service_addresses: 10.233.0.0/18 + +# internal network. When used, it will assign IP +# addresses from this range to individual pods. +# This network must be unused in your network infrastructure! +kube_pods_subnet: 10.233.64.0/18 + +# internal network node size allocation (optional). This is the size allocated +# to each node on your network. With these defaults you should have +# room for 4096 nodes with 254 pods per node. +kube_network_node_prefix: 24 + +# The port the API Server will be listening on. +kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}" +kube_apiserver_port: 6443 # (https) +kube_apiserver_insecure_port: 8080 # (http) + +# DNS configuration. +# Kubernetes cluster name, also will be used as DNS domain +cluster_name: cluster.local +# Subdomains of DNS domain to be resolved via /etc/resolv.conf for hostnet pods +ndots: 2 +# Can be dnsmasq_kubedns, kubedns or none +dns_mode: kubedns +# Can be docker_dns, host_resolvconf or none +resolvconf_mode: docker_dns +# Deploy netchecker app to verify DNS resolve as an HTTP service +deploy_netchecker: false +# Ip address of the kubernetes skydns service +skydns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(3)|ipaddr('address') }}" +dnsmasq_dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address') }}" +dns_domain: "{{ cluster_name }}" + +# Path used to store Docker data +docker_daemon_graph: "/var/lib/docker" + +## A string of extra options to pass to the docker daemon. +## This string should be exactly as you wish it to appear. +## An obvious use case is allowing insecure-registry access +## to self hosted registries like so: + +docker_options: "--insecure-registry={{ kube_service_addresses }} --graph={{ docker_daemon_graph }} {{ docker_log_opts }}" +docker_bin_dir: "/usr/bin" + +# Settings for containerized control plane (etcd/kubelet/secrets) +etcd_deployment_type: docker +kubelet_deployment_type: host +vault_deployment_type: docker +helm_deployment_type: host + +# K8s image pull policy (imagePullPolicy) +k8s_image_pull_policy: IfNotPresent + +# Kubernetes dashboard +# RBAC required. see docs/getting-started.md for access details. +dashboard_enabled: true + +# Monitoring apps for k8s +efk_enabled: false + +# Helm deployment +helm_enabled: false + +# Istio deployment +istio_enabled: false + +# Local volume provisioner deployment +local_volumes_enabled: false + +# Add Persistent Volumes Storage Class for corresponding cloud provider ( OpenStack is only supported now ) +persistent_volumes_enabled: false + +# Make a copy of kubeconfig on the host that runs Ansible in GITDIR/artifacts +kubeconfig_localhost: true +# Download kubectl onto the host that runs Ansible in GITDIR/artifacts +kubectl_localhost: true +artifacts_dir: "{{ ansible_env.HOME }}" + +# dnsmasq +# dnsmasq_upstream_dns_servers: +# - /resolvethiszone.with/10.0.4.250 +# - 8.8.8.8 + +# Enable creation of QoS cgroup hierarchy, if true top level QoS and pod cgroups are created. (default true) +# kubelet_cgroups_per_qos: true + +# A comma separated list of levels of node allocatable enforcement to be enforced by kubelet. +# Acceptible options are 'pods', 'system-reserved', 'kube-reserved' and ''. Default is "". +# kubelet_enforce_node_allocatable: pods + +## Supplementary addresses that can be added in kubernetes ssl keys. +## That can be usefull for example to setup a keepalived virtual IP +# supplementary_addresses_in_ssl_keys: [10.0.0.1, 10.0.0.2, 10.0.0.3] diff --git a/xci/scenarios/k8-flannel-nofeature/role/k8-flannel-nofeature/tasks/main.yml b/xci/scenarios/k8-flannel-nofeature/role/k8-flannel-nofeature/tasks/main.yml new file mode 100644 index 00000000..5efd7c83 --- /dev/null +++ b/xci/scenarios/k8-flannel-nofeature/role/k8-flannel-nofeature/tasks/main.yml @@ -0,0 +1,14 @@ +############################################################################## +# Copyright (c) 2018 taseer94@gmail.com & others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- + +- name: copy the k8-cluster config file + copy: + src: k8-cluster.yml + dest: "{{ remote_xci_path }}/.cache/repos/kubespray/opnfv_inventory/group_vars/k8s-cluster.yml" diff --git a/xci/scenarios/k8-nosdn-nofeature/role/k8-nosdn-nofeature/files/k8s-cluster.yml b/xci/scenarios/k8-nosdn-nofeature/role/k8-nosdn-nofeature/files/k8s-cluster.yml new file mode 100644 index 00000000..614d784e --- /dev/null +++ b/xci/scenarios/k8-nosdn-nofeature/role/k8-nosdn-nofeature/files/k8s-cluster.yml @@ -0,0 +1,292 @@ +# Valid bootstrap options (required): ubuntu, coreos, centos, none +bootstrap_os: none + +#Directory where etcd data stored +etcd_data_dir: /var/lib/etcd + +# Directory where the binaries will be installed +bin_dir: /usr/local/bin + +## The access_ip variable is used to define how other nodes should access +## the node. This is used in flannel to allow other flannel nodes to see +## this node for example. The access_ip is really useful AWS and Google +## environments where the nodes are accessed remotely by the "public" ip, +## but don't know about that address themselves. +#access_ip: 1.1.1.1 + +### LOADBALANCING AND ACCESS MODES +## Enable multiaccess to configure etcd clients to access all of the etcd members directly +## as the "http://hostX:port, http://hostY:port, ..." and ignore the proxy loadbalancers. +## This may be the case if clients support and loadbalance multiple etcd servers natively. +#etcd_multiaccess: true + +## Internal loadbalancers for apiservers +#loadbalancer_apiserver_localhost: true + +## Local loadbalancer should use this port instead, if defined. +## Defaults to kube_apiserver_port (6443) +#nginx_kube_apiserver_port: 8443 + +### OTHER OPTIONAL VARIABLES +## For some things, kubelet needs to load kernel modules. For example, dynamic kernel services are needed +## for mounting persistent volumes into containers. These may not be loaded by preinstall kubernetes +## processes. For example, ceph and rbd backed volumes. Set to true to allow kubelet to load kernel +## modules. +# kubelet_load_modules: false + +## Internal network total size. This is the prefix of the +## entire network. Must be unused in your environment. +#kube_network_prefix: 18 + +## With calico it is possible to distributed routes with border routers of the datacenter. +## Warning : enabling router peering will disable calico's default behavior ('node mesh'). +## The subnets of each nodes will be distributed by the datacenter router +#peer_with_router: false + +## Upstream dns servers used by dnsmasq +#upstream_dns_servers: +# - 8.8.8.8 +# - 8.8.4.4 + +## There are some changes specific to the cloud providers +## for instance we need to encapsulate packets with some network plugins +## If set the possible values are either 'gce', 'aws', 'azure', 'openstack', 'vsphere', or 'external' +## When openstack is used make sure to source in the openstack credentials +## like you would do when using nova-client before starting the playbook. +#cloud_provider: + +## When OpenStack is used, Cinder version can be explicitly specified if autodetection fails (https://github.com/kubernetes/kubernetes/issues/50461) +#openstack_blockstorage_version: "v1/v2/auto (default)" +## When OpenStack is used, if LBaaSv2 is available you can enable it with the following variables. +#openstack_lbaas_enabled: True +#openstack_lbaas_subnet_id: "Neutron subnet ID (not network ID) to create LBaaS VIP" +#openstack_lbaas_floating_network_id: "Neutron network ID (not subnet ID) to get floating IP from, disabled by default" +#openstack_lbaas_create_monitor: "yes" +#openstack_lbaas_monitor_delay: "1m" +#openstack_lbaas_monitor_timeout: "30s" +#openstack_lbaas_monitor_max_retries: "3" + +## Uncomment to enable experimental kubeadm deployment mode +#kubeadm_enabled: false +#kubeadm_token_first: "{{ lookup('password', 'credentials/kubeadm_token_first length=6 chars=ascii_lowercase,digits') }}" +#kubeadm_token_second: "{{ lookup('password', 'credentials/kubeadm_token_second length=16 chars=ascii_lowercase,digits') }}" +#kubeadm_token: "{{ kubeadm_token_first }}.{{ kubeadm_token_second }}" +# +## Set these proxy values in order to update package manager and docker daemon to use proxies +#http_proxy: "" +#https_proxy: "" +## Refer to roles/kubespray-defaults/defaults/main.yml before modifying no_proxy +#no_proxy: "" + +## Uncomment this if you want to force overlay/overlay2 as docker storage driver +## Please note that overlay2 is only supported on newer kernels +#docker_storage_options: -s overlay2 + +# Uncomment this if you have more than 3 nameservers, then we'll only use the first 3. +#docker_dns_servers_strict: false + +## Default packages to install within the cluster, f.e: +#kpm_packages: +# - name: kube-system/grafana + +## Certificate Management +## This setting determines whether certs are generated via scripts or whether a +## cluster of Hashicorp's Vault is started to issue certificates (using etcd +## as a backend). Options are "script" or "vault" +#cert_management: script + +# Set to true to allow pre-checks to fail and continue deployment +#ignore_assert_errors: false + +## Etcd auto compaction retention for mvcc key value store in hour +#etcd_compaction_retention: 0 + +## Set level of detail for etcd exported metrics, specify 'extensive' to include histogram metrics. +#etcd_metrics: basic + + +# Kubernetes configuration dirs and system namespace. +# Those are where all the additional config stuff goes +# kubernetes normally puts in /srv/kubernetes. +# This puts them in a sane location and namespace. +# Editing those values will almost surely break something. +kube_config_dir: /etc/kubernetes +kube_script_dir: "{{ bin_dir }}/kubernetes-scripts" +kube_manifest_dir: "{{ kube_config_dir }}/manifests" +system_namespace: kube-system + +# Logging directory (sysvinit systems) +kube_log_dir: "/var/log/kubernetes" + +# This is where all the cert scripts and certs will be located +kube_cert_dir: "{{ kube_config_dir }}/ssl" + +# This is where all of the bearer tokens will be stored +kube_token_dir: "{{ kube_config_dir }}/tokens" + +# This is where to save basic auth file +kube_users_dir: "{{ kube_config_dir }}/users" + +kube_api_anonymous_auth: false + +## Change this to use another Kubernetes version, e.g. a current beta release +#kube_version: v1.9.0 + +# Where the binaries will be downloaded. +# Note: ensure that you've enough disk space (about 1G) +local_release_dir: "/tmp/releases" +# Random shifts for retrying failed ops like pushing/downloading +retry_stagger: 5 + +# This is the group that the cert creation scripts chgrp the +# cert files to. Not really changable... +kube_cert_group: kube-cert + +# Cluster Loglevel configuration +kube_log_level: 2 + +# Users to create for basic auth in Kubernetes API via HTTP +# Optionally add groups for user +kube_api_pwd: "{{ lookup('password', 'credentials/kube_user length=15 chars=ascii_letters,digits') }}" +kube_users: + kube: + pass: "{{kube_api_pwd}}" + role: admin + groups: + - system:masters + +## It is possible to activate / deactivate selected authentication methods (basic auth, static token auth) +#kube_oidc_auth: false +kube_basic_auth: true +#kube_token_auth: false + + +## Variables for OpenID Connect Configuration https://kubernetes.io/docs/admin/authentication/ +## To use OpenID you have to deploy additional an OpenID Provider (e.g Dex, Keycloak, ...) + +# kube_oidc_url: https:// ... +# kube_oidc_client_id: kubernetes +## Optional settings for OIDC +# kube_oidc_ca_file: {{ kube_cert_dir }}/ca.pem +# kube_oidc_username_claim: sub +# kube_oidc_groups_claim: groups + + +# Choose network plugin (calico, contiv, weave or flannel) +# Can also be set to 'cloud', which lets the cloud provider setup appropriate routing +kube_network_plugin: cloud + +# weave's network password for encryption +# if null then no network encryption +# you can use --extra-vars to pass the password in command line +weave_password: EnterPasswordHere + +# Weave uses consensus mode by default +# Enabling seed mode allow to dynamically add or remove hosts +# https://www.weave.works/docs/net/latest/ipam/ +weave_mode_seed: false + +# This two variable are automatically changed by the weave's role, do not manually change these values +# To reset values : +# weave_seed: uninitialized +# weave_peers: uninitialized +weave_seed: uninitialized +weave_peers: uninitialized + +# Enable kubernetes network policies +enable_network_policy: false + +# Kubernetes internal network for services, unused block of space. +kube_service_addresses: 10.233.0.0/18 + +# internal network. When used, it will assign IP +# addresses from this range to individual pods. +# This network must be unused in your network infrastructure! +kube_pods_subnet: 10.233.64.0/18 + +# internal network node size allocation (optional). This is the size allocated +# to each node on your network. With these defaults you should have +# room for 4096 nodes with 254 pods per node. +kube_network_node_prefix: 24 + +# The port the API Server will be listening on. +kube_apiserver_ip: "{{ kube_service_addresses|ipaddr('net')|ipaddr(1)|ipaddr('address') }}" +kube_apiserver_port: 6443 # (https) +kube_apiserver_insecure_port: 8080 # (http) + +# DNS configuration. +# Kubernetes cluster name, also will be used as DNS domain +cluster_name: cluster.local +# Subdomains of DNS domain to be resolved via /etc/resolv.conf for hostnet pods +ndots: 2 +# Can be dnsmasq_kubedns, kubedns or none +dns_mode: kubedns +# Can be docker_dns, host_resolvconf or none +resolvconf_mode: docker_dns +# Deploy netchecker app to verify DNS resolve as an HTTP service +deploy_netchecker: false +# Ip address of the kubernetes skydns service +skydns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(3)|ipaddr('address') }}" +dnsmasq_dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address') }}" +dns_domain: "{{ cluster_name }}" + +# Path used to store Docker data +docker_daemon_graph: "/var/lib/docker" + +## A string of extra options to pass to the docker daemon. +## This string should be exactly as you wish it to appear. +## An obvious use case is allowing insecure-registry access +## to self hosted registries like so: + +docker_options: "--insecure-registry={{ kube_service_addresses }} --graph={{ docker_daemon_graph }} {{ docker_log_opts }}" +docker_bin_dir: "/usr/bin" + +# Settings for containerized control plane (etcd/kubelet/secrets) +etcd_deployment_type: docker +kubelet_deployment_type: host +vault_deployment_type: docker +helm_deployment_type: host + +# K8s image pull policy (imagePullPolicy) +k8s_image_pull_policy: IfNotPresent + +# Kubernetes dashboard +# RBAC required. see docs/getting-started.md for access details. +dashboard_enabled: true + +# Monitoring apps for k8s +efk_enabled: false + +# Helm deployment +helm_enabled: false + +# Istio deployment +istio_enabled: false + +# Local volume provisioner deployment +local_volumes_enabled: false + +# Add Persistent Volumes Storage Class for corresponding cloud provider ( OpenStack is only supported now ) +persistent_volumes_enabled: false + +# Make a copy of kubeconfig on the host that runs Ansible in GITDIR/artifacts +kubeconfig_localhost: true +# Download kubectl onto the host that runs Ansible in GITDIR/artifacts +kubectl_localhost: true +artifacts_dir: "{{ ansible_env.HOME }}" + +# dnsmasq +# dnsmasq_upstream_dns_servers: +# - /resolvethiszone.with/10.0.4.250 +# - 8.8.8.8 + +# Enable creation of QoS cgroup hierarchy, if true top level QoS and pod cgroups are created. (default true) +# kubelet_cgroups_per_qos: true + +# A comma separated list of levels of node allocatable enforcement to be enforced by kubelet. +# Acceptible options are 'pods', 'system-reserved', 'kube-reserved' and ''. Default is "". +# kubelet_enforce_node_allocatable: pods + +## Supplementary addresses that can be added in kubernetes ssl keys. +## That can be usefull for example to setup a keepalived virtual IP +# supplementary_addresses_in_ssl_keys: [10.0.0.1, 10.0.0.2, 10.0.0.3] diff --git a/xci/scenarios/k8-nosdn-nofeature/role/k8-nosdn-nofeature/tasks/main.yml b/xci/scenarios/k8-nosdn-nofeature/role/k8-nosdn-nofeature/tasks/main.yml new file mode 100644 index 00000000..5b2939f1 --- /dev/null +++ b/xci/scenarios/k8-nosdn-nofeature/role/k8-nosdn-nofeature/tasks/main.yml @@ -0,0 +1,14 @@ +############################################################################## +# Copyright (c) 2018 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- + +- name: copy k8s-cluster.yml + copy: + src: "k8s-cluster.yml" + dest: "{{ remote_xci_path }}/.cache/repos/kubespray/opnfv_inventory/group_vars/k8s-cluster.yml" diff --git a/xci/scenarios/os-odl-nofeature/role/os-odl-nofeature/templates/user_variables_os-odl-nofeature.yml.j2 b/xci/scenarios/os-odl-nofeature/role/os-odl-nofeature/templates/user_variables_os-odl-nofeature.yml.j2 index 5a5ec553..eb08adc0 100644 --- a/xci/scenarios/os-odl-nofeature/role/os-odl-nofeature/templates/user_variables_os-odl-nofeature.yml.j2 +++ b/xci/scenarios/os-odl-nofeature/role/os-odl-nofeature/templates/user_variables_os-odl-nofeature.yml.j2 @@ -40,6 +40,6 @@ neutron_plugin_base: - odl-router_v2 {% endraw %} -{% if ODL_VERSION is defined %} -odl_repo_url: "{{ repo_url[ ansible_pkg_mgr ] }}" +{% if odl_repo_version is defined %} +odl_version: "{{ odl_repo_version }}" {% endif %} diff --git a/xci/scenarios/os-odl-nofeature/role/os-odl-nofeature/vars/main.yml b/xci/scenarios/os-odl-nofeature/role/os-odl-nofeature/vars/main.yml deleted file mode 100644 index 5f672b37..00000000 --- a/xci/scenarios/os-odl-nofeature/role/os-odl-nofeature/vars/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -odl_version: - master: 9 - oxygen: 8 - nitrogen: 7 - -repo_url: - zypper: "{% if ODL_VERSION is defined %}https://git.opendaylight.org/gerrit/gitweb?p=integration/packaging.git;a=blob_plain;f=packages/rpm/example_repo_configs/opendaylight-{{ odl_version[ODL_VERSION] }}-opensuse-devel.repo{% endif %}" - yum: "{% if ODL_VERSION is defined %}https://git.opendaylight.org/gerrit/gitweb?p=integration/packaging.git;a=blob_plain;f=packages/rpm/example_repo_configs/opendaylight-{{ odl_version[ODL_VERSION] }}-devel.repo{% endif %}" - apt: "{% if ODL_VERSION is defined %}https://git.opendaylight.org/gerrit/gitweb?p=integration/packaging.git;a=blob_plain;f=packages/rpm/example_repo_configs/opendaylight-{{ odl_version[ODL_VERSION] }}-ubuntu-devel.repo{% endif %}" diff --git a/xci/scenarios/os-odl-nofeature/vars/main.yml b/xci/scenarios/os-odl-nofeature/vars/main.yml new file mode 100644 index 00000000..629b50c7 --- /dev/null +++ b/xci/scenarios/os-odl-nofeature/vars/main.yml @@ -0,0 +1,2 @@ +--- +odl_repo_version: "{{ lookup('env','ODL_VERSION') }}" diff --git a/xci/var/idf.yml b/xci/var/idf.yml new file mode 100644 index 00000000..8d9352b6 --- /dev/null +++ b/xci/var/idf.yml @@ -0,0 +1,69 @@ +--- +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2018 Orange and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +idf: + version: 0.1 + osa: + kolla: + k8s: + net_config: &net_config + admin: + interface: 0 + network: 172.29.236.0 + mask: 22 + storage: + interface: 1 + network: 172.29.240.0 + mask: 22 + public: + interface: 2 + network: 192.168.122.0 + mask: 24 + gateway: 192.168.122.1 + dns: 8.8.8.8 + private: + interface: 3 + network: 172.29.244.0 + mask: 22 + +xci: + pod_name: vpod1 + net_config: *net_config + nodes_roles: + opnfv_host: [opnfv_host] + node1: [compute, storage] + node2: [compute, storage] + node3: [controller] + node4: [controller] + node5: [controller] + + # net_config network to be used by the PXE + pxe_network: public + + # As the MAC of generated bridges are generated, we use a list of local + # bridges to create libvirt networks + jumphost_interfaces_bridges: + - name: virbr0 + ip: 192.168.122.1 + + extra_addresses: + opnfv_host: 192.168.122.2 + + # network mapping + network_mapping: + # Management network used by installer components to communicate + net-mgmt: admin + # Storage Network + net-storage: storage + # Internal network for communication between VNF + net-internal: private + # Public network for VNF remote acces (ext-net in Openstack) + net-vnf: public diff --git a/xci/var/pdf.yml b/xci/var/pdf.yml new file mode 100644 index 00000000..bb9a5f55 --- /dev/null +++ b/xci/var/pdf.yml @@ -0,0 +1,168 @@ +--- +############################################################################## +# Copyright (c) 2017 Ericsson AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +details: + pod_owner: OPNFV + contact: N/A + lab: OPNFV LaaS + location: N/A + type: production + link: http://wiki.opnfv.org/ +############################################################################## +jumphost: + name: jumphost + node: + disks: + os: + remote_management: + interfaces: +############################################################################## +nodes: + - name: node1 + node: &nodeparams + type: virtual + vendor: libvirt + model: pc + arch: x86_64 + cpus: 6 + cpu_cflags: host-model + cores: 6 + memory: 12G + disks: &disks + - name: disk1 + disk_capacity: 80G + disk_type: hdd + disk_interface: sata + disk_rotation: + remote_params: &remote_params + type: + - ipmi: [2.0] + user: admin + pass: password + remote_management: + <<: *remote_params + address: 192.168.122.1:625 + mac_address: "52:54:00:fe:3b:01" + interface_common_nic1: &interface_common_nic1 + name: nic1 + speed: + features: + vlan: 10 + interface_common_nic2: &interface_common_nic2 + name: nic2 + speed: + features: + vlan: 20 + interface_common_nic3: &interface_common_nic3 + name: nic3 + speed: + features: + vlan: native + interface_common_nic4: &interface_common_nic4 + name: nic4 + speed: + features: + vlan: 30 + interfaces: + - mac_address: "52:54:00:fe:3b:01" + address: 172.29.236.11 + <<: *interface_common_nic1 + - mac_address: "52:54:00:fe:3b:01" + address: 172.29.244.11 + <<: *interface_common_nic2 + - mac_address: "52:54:00:fe:3b:01" + address: 192.168.122.3 + <<: *interface_common_nic3 + - mac_address: "52:54:00:fe:3b:01" + address: 172.29.240.11 + <<: *interface_common_nic4 + ############################################################################## + - name: node2 + node: *nodeparams + disks: *disks + remote_management: + <<: *remote_params + address: 192.168.122.1:626 + mac_address: "52:54:00:b9:d4:87" + interfaces: + - mac_address: "52:54:00:b9:d4:87" + address: 172.29.236.12 + <<: *interface_common_nic1 + - mac_address: "52:54:00:b9:d4:87" + address: 172.29.244.12 + <<: *interface_common_nic2 + - mac_address: "52:54:00:b9:d4:87" + address: 192.168.122.4 + <<: *interface_common_nic3 + - mac_address: "52:54:00:b9:d4:87" + address: 172.29.240.12 + <<: *interface_common_nic4 + ############################################################################## + - name: node3 + node: *nodeparams + disks: *disks + remote_management: + <<: *remote_params + address: 192.168.122.1:627 + mac_address: "52:54:00:6d:0e:d1" + interfaces: + - mac_address: "52:54:00:6d:0e:d1" + address: 172.29.236.13 + <<: *interface_common_nic1 + - mac_address: "52:54:00:6d:0e:d1" + address: 172.29.244.13 + <<: *interface_common_nic2 + - mac_address: "52:54:00:6d:0e:d1" + address: 192.168.122.5 + <<: *interface_common_nic3 + - mac_address: "52:54:00:6d:0e:d1" + address: 172.29.240.13 + <<: *interface_common_nic4 + ############################################################################## + - name: node4 + node: *nodeparams + disks: *disks + remote_management: + <<: *remote_params + address: 192.168.122.1:628 + mac_address: "52:54:00:95:02:10" + interfaces: + - mac_address: "52:54:00:95:02:10" + address: 172.29.236.14 + <<: *interface_common_nic1 + - mac_address: "52:54:00:95:02:10" + address: 172.29.244.14 + <<: *interface_common_nic2 + - mac_address: "52:54:00:95:02:10" + address: 192.168.122.6 + <<: *interface_common_nic3 + - mac_address: "52:54:00:95:02:10" + address: 172.29.240.14 + <<: *interface_common_nic4 + ############################################################################## + - name: node5 + node: *nodeparams + disks: *disks + remote_management: + <<: *remote_params + address: 192.168.122.1:629 + mac_address: "52:54:00:84:fa:19" + interfaces: + - mac_address: "52:54:00:84:fa:19" + address: 172.29.236.15 + <<: *interface_common_nic1 + - mac_address: "52:54:00:84:fa:19" + address: 172.29.244.15 + <<: *interface_common_nic2 + - mac_address: "52:54:00:84:fa:19" + address: 192.168.122.7 + <<: *interface_common_nic3 + - mac_address: "52:54:00:84:fa:19" + address: 172.29.240.15 + <<: *interface_common_nic4 diff --git a/xci/xci-deploy.sh b/xci/xci-deploy.sh index 20f67e61..c0c1a8ef 100755 --- a/xci/xci-deploy.sh +++ b/xci/xci-deploy.sh @@ -109,10 +109,9 @@ echo "xci flavor: $XCI_FLAVOR" echo "xci installer: $INSTALLER_TYPE" echo "infra deployment: $INFRA_DEPLOYMENT" echo "opnfv/releng-xci version: $(git rev-parse HEAD)" -echo "openstack/bifrost version: $OPENSTACK_BIFROST_VERSION" +[[ "$INFRA_DEPLOYMENT" == "bifrost" ]] && echo "openstack/bifrost version: $OPENSTACK_BIFROST_VERSION" [[ "$INSTALLER_TYPE" == "osa" ]] && echo "openstack/openstack-ansible version: $OPENSTACK_OSA_VERSION" [[ "$INSTALLER_TYPE" == "kubespray" ]] && echo "kubespray version: $KUBESPRAY_VERSION" -[[ "$INFRA_DEPLOYMENT" == "bifrost" ]] && echo "bifrost version: $OPENSTACK_BIFROST_VERSION" echo "-------------------------------------------------------------------------" #------------------------------------------------------------------------------- @@ -154,7 +153,8 @@ echo "-------------------------------------------------------------------------" #------------------------------------------------------------------------------- # Get scenario variables overrides #------------------------------------------------------------------------------- -source $(find $XCI_SCENARIOS_CACHE/${DEPLOY_SCENARIO} -name xci_overrides) &>/dev/null || : +source $(find $XCI_PATH/xci/scenarios/${DEPLOY_SCENARIO} -name xci_overrides) &>/dev/null || \ + source $(find $XCI_SCENARIOS_CACHE/${DEPLOY_SCENARIO} -name xci_overrides) &>/dev/null || : # Deploy infrastructure based on the selected deloyment method echo "Info: Deploying hardware using '${INFRA_DEPLOYMENT}'" |