3 files changed, 163 insertions, 0 deletions

diff --git a/xci/installer/kubespray/playbooks/configure-opnfvhost.yml b/xci/installer/kubespray/playbooks/configure-opnfvhost.yml
new file mode 100644
index 00000000..23f93852
--- /dev/null
+++ b/xci/installer/kubespray/playbooks/configure-opnfvhost.yml
@@ -0,0 +1,77 @@
+---
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+- hosts: opnfv
+  remote_user: root
+  vars_files:
+    - "{{ XCI_PATH }}/xci/var/opnfv.yml"
+
+  tasks:
+    - name: Load distribution variables
+      include_vars:
+        file: "{{ item }}"
+      with_items:
+        - "{{ XCI_PATH }}/xci/var/{{ ansible_os_family }}.yml"
+    - name: Set facts for remote deployment
+      set_fact:
+        remote_xci_path: "{{ ansible_env.HOME }}/releng-xci"
+        remote_xci_flavor_files: "{{ ansible_env.HOME }}/releng-xci/xci/installer/{{ XCI_INSTALLER }}/files/{{ XCI_FLAVOR }}"
+        remote_xci_playbooks: "{{ ansible_env.HOME }}/releng-xci/xci/playbooks"
+
+    - name: Copy releng-xci to remote host
+      synchronize:
+        src: "{{ XCI_PATH }}/"
+        dest: "{{ remote_xci_path }}"
+        recursive: yes
+        delete: yes
+
+    - name: generate SSH keys
+      shell: ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N ""
+      args:
+        creates: /root/.ssh/id_rsa
+    - name: add id_rsa.pub to authorized_keys
+      shell: cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
+      when:  XCI_FLAVOR == 'aio'
+    - name: fetch public key
+      fetch:
+        src: "{{ ansible_env.HOME }}/.ssh/id_rsa.pub"
+        dest: "{{ XCI_PATH }}/xci/files/authorized_keys"
+        flat: yes
+    - name: delete the opnfv_inventory directory
+      file:
+        path: "{{ remote_xci_path }}/.cache/repos/kubespray/opnfv_inventory"
+        state: absent
+    - name: copy kubespray inventory directory
+      shell: "cp -rf {{ remote_xci_flavor_files }}/inventory \
+                   {{ remote_xci_path }}/.cache/repos/kubespray/opnfv_inventory"
+    - name: make sure kubespray/opnfv_inventory/group_vars/ exist
+      file:
+        path: "{{ remote_xci_path }}/.cache/repos/kubespray/opnfv_inventory/group_vars"
+        state: directory
+    - name: copy k8s_cluster.yml
+      shell: "cp -rf {{ remote_xci_path }}/xci/installer/kubespray/files/k8s-cluster.yml \
+                     {{ remote_xci_path }}/.cache/repos/kubespray/opnfv_inventory/group_vars"
+    - name: install dbus and ptyhon-netaddr
+      apt:
+        name: "{{item}}"
+        update_cache: yes
+      with_items: "{{ kube_require_packages }}"
+      when: XCI_FLAVOR == 'aio'
+    - name: pip install ansible
+      pip:
+        name: ansible
+        version: "{{ XCI_KUBE_ANSIBLE_PIP_VERSION }}"
+
+
+- hosts: localhost
+  remote_user: root
+  vars_files:
+    - "{{ XCI_PATH }}/xci/var/opnfv.yml"
+  tasks:
+    - name: Append public keys to authorized_keys
+      shell: "/bin/cat {{ ansible_env.HOME }}/.ssh/id_rsa.pub >> {{ XCI_PATH }}/xci/files/authorized_keys"
diff --git a/xci/installer/kubespray/playbooks/configure-targethosts.yml b/xci/installer/kubespray/playbooks/configure-targethosts.yml
new file mode 100644
index 00000000..7e29025b
--- /dev/null
+++ b/xci/installer/kubespray/playbooks/configure-targethosts.yml
@@ -0,0 +1,28 @@
+---
+- hosts: all
+  remote_user: root
+  tasks:
+    - name: add public key to host
+      copy:
+        src: "{{ XCI_PATH }}/xci/files/authorized_keys"
+        dest: /root/.ssh/authorized_keys
+    - name: install dbus and ptyhon-netaddr
+      apt:
+        name: "{{item}}"
+        update_cache: yes
+      with_items: "{{ kube_require_packages }}"
+
+- hosts: kube-master
+  remote_user: root
+  vars_files:
+    - "{{ XCI_PATH }}/xci/var/opnfv.yml"
+  pre_tasks:
+    - name: Load distribution variables
+      include_vars:
+        file: "{{ XCI_PATH }}/xci/var/{{ ansible_os_family }}.yml"
+  roles:
+    - role: "keepalived"
+      when:  XCI_FLAVOR == 'ha'
+    - role: "haproxy_server"
+      haproxy_service_configs: "{{ haproxy_default_services}}"
+      when:  XCI_FLAVOR == 'ha'
diff --git a/xci/installer/kubespray/playbooks/group_vars/all b/xci/installer/kubespray/playbooks/group_vars/all
new file mode 100644
index 00000000..06dccb68
--- /dev/null
+++ b/xci/installer/kubespray/playbooks/group_vars/all
@@ -0,0 +1,58 @@
+kube_require_packages:
+  - "python-netaddr"
+  - "dbus"
+
+keepalived_ubuntu_src: "uca"
+keepalived_uca_apt_repo_url: "{{ uca_apt_repo_url | default('http://ubuntu-cloud.archive.canonical.com/ubuntu') }}"
+
+keepalived_sync_groups:
+  haproxy:
+    instances:
+      - external
+
+haproxy_keepalived_external_interface: "{{ interface }}"
+haproxy_keepalived_authentication_password: 'keepalived'
+keepalived_instances:
+  external:
+    interface: "{{ haproxy_keepalived_external_interface }}"
+    state: "BACKUP"
+    virtual_router_id: "{{ haproxy_keepalived_external_virtual_router_id | default ('10') }}"
+    priority: "{{ ((ansible_play_hosts|length-ansible_play_hosts.index(inventory_hostname))*100)-((ansible_play_hosts|length-ansible_play_hosts.index(inventory_hostname))*50) }}"
+    authentication_password: "{{ haproxy_keepalived_authentication_password }}"
+    vips:
+      - "{{ haproxy_keepalived_external_vip_cidr | default('192.168.122.222/32')  }} dev {{ haproxy_keepalived_external_interface }}"
+
+haproxy_default_services:
+  - service:
+      haproxy_service_name: proxy-apiserver
+      haproxy_backend_nodes: "{{ groups['kube-master'] | default([]) }}"
+      haproxy_port: 8383
+      haproxy_backend_port: 6443
+      haproxy_balance_type: tcp
+
+haproxy_bind_on_non_local: "True"
+haproxy_use_keepalived: "True"
+keepalived_selinux_compile_rules:
+  - keepalived_ping
+  - keepalived_haproxy_pid_file
+
+# Ensure that the package state matches the global setting
+haproxy_package_state: "latest"
+
+haproxy_whitelist_networks:
+  - 192.168.0.0/16
+  - 172.16.0.0/12
+  - 10.0.0.0/8
+
+haproxy_galera_whitelist_networks: "{{ haproxy_whitelist_networks }}"
+haproxy_glance_registry_whitelist_networks: "{{ haproxy_whitelist_networks }}"
+haproxy_keystone_admin_whitelist_networks: "{{ haproxy_whitelist_networks }}"
+haproxy_nova_metadata_whitelist_networks: "{{ haproxy_whitelist_networks }}"
+haproxy_rabbitmq_management_whitelist_networks: "{{ haproxy_whitelist_networks }}"
+haproxy_repo_git_whitelist_networks: "{{ haproxy_whitelist_networks }}"
+haproxy_repo_cache_whitelist_networks: "{{ haproxy_whitelist_networks }}"
+haproxy_octavia_whitelist_networks: "{{ haproxy_whitelist_networks }}"
+haproxy_ssl: false
+
+internal_lb_vip_address: "192.168.122.222"
+external_lb_vip_address: "{{ internal_lb_vip_address }}"