diff options
Diffstat (limited to 'xci/installer/kubespray/playbooks')
6 files changed, 338 insertions, 0 deletions
diff --git a/xci/installer/kubespray/playbooks/configure-installer.yml b/xci/installer/kubespray/playbooks/configure-installer.yml new file mode 100644 index 00000000..d88ee55c --- /dev/null +++ b/xci/installer/kubespray/playbooks/configure-installer.yml @@ -0,0 +1,50 @@ +--- +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +- hosts: localhost + connection: local + vars_files: + - "{{ xci_path }}/xci/var/opnfv.yml" + + tasks: + - name: delete existing kubespray/inventory/opnfv directory + file: + path: "{{ xci_path }}/.cache/repos/kubespray/inventory/opnfv" + state: absent + + - name: copy kubespray/inventory/sample as kubespray/inventory/opnfv + copy: + src: "{{ xci_path }}/.cache/repos/kubespray/inventory/sample/" + dest: "{{ xci_path }}/.cache/repos/kubespray/inventory/opnfv" + + - name: update kubespray k8s-cluster.yml for xci + lineinfile: + path: "{{ xci_path }}/.cache/repos/kubespray/inventory/opnfv/group_vars/k8s-cluster/k8s-cluster.yml" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: "kube_version:.*", line: "kube_version: {{ kubernetes_version }}" } + - { regexp: "kubeconfig_localhost:.*", line: "kubeconfig_localhost: true" } + - { regexp: "kube_basic_auth:.*", line: "kube_basic_auth: true" } + - { regexp: "dashboard_enabled:.*", line: "dashboard_enabled: true" } + +# NOTE(fdegir): the reason for this task to be separate from the task which uses lineinfile +# module is that escaping curly braces does not work with with_items. what happens is that +# ansible tries to resolve {{ ansible_env.HOME }} which we don't want since it should point +# to home folder of the user executing this task at runtime. + - name: update kubespray artifacts_dir + lineinfile: + path: "{{ xci_path }}/.cache/repos/kubespray/inventory/opnfv/group_vars/k8s-cluster/k8s-cluster.yml" + regexp: "artifacts_dir:.*" + line: "artifacts_dir: '{{ '{{' }} ansible_env.HOME {{ '}}' }}'" + + - name: change dashboard server type to NodePort + lineinfile: + path: "{{ xci_path }}/.cache/repos/kubespray/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2" + insertafter: 'targetPort' + line: " type: NodePort" diff --git a/xci/installer/kubespray/playbooks/configure-kubenet.yml b/xci/installer/kubespray/playbooks/configure-kubenet.yml new file mode 100644 index 00000000..18a126c1 --- /dev/null +++ b/xci/installer/kubespray/playbooks/configure-kubenet.yml @@ -0,0 +1,51 @@ +--- +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2018 SUSE LINUX GmbH and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +# NOTE(hwoarang) Kubenet expects networking to be prepared by the administrator so it's necessary +# to do that as part of the node configuration. All we need is to add static routes on every node +# so cbr0 interfaces can talk to each other. +- name: Prepare networking for kubenet + hosts: k8s-cluster + remote_user: root + gather_facts: True + become: yes + vars_files: + - "{{ xci_path }}/xci/var/opnfv.yml" + tasks: + - name: Configure static routes + block: + - name: Collect cbr0 information from the nodes + set_fact: + kubenet_xci_static_routes: |- + {% set static_routes = [] %} + {% for host in groups['k8s-cluster']|select("ne", inventory_hostname) %} + {%- set _ = static_routes.append( + {'network': (hostvars[host]['ansible_cbr0']['ipv4']['network']+'/'+ + hostvars[host]['ansible_cbr0']['ipv4']['netmask'])|ipaddr('net'), + 'gateway': hostvars[host]['ansible_default_ipv4']['address']}) -%} + {% endfor %} + {{ static_routes }} + + - name: Add static routes on each node + shell: "ip route show | grep -q {{ item.network }} || ip route add {{ item.network }} via {{ item.gateway }}" + with_items: "{{ kubenet_xci_static_routes }}" + loop_control: + label: "{{ item.network }}" + when: deploy_scenario.find('k8-nosdn-') != -1 + + - name: Ensure rp_filter is disabled on localhost + sysctl: + name: net.ipv4.conf.all.rp_filter + sysctl_set: yes + state: present + value: "{{ (kubenet_xci_static_routes is defined) | ternary(0, 1) }}" + reload: yes + delegate_to: localhost + run_once: True diff --git a/xci/installer/kubespray/playbooks/configure-opnfvhost.yml b/xci/installer/kubespray/playbooks/configure-opnfvhost.yml new file mode 100644 index 00000000..52e42b06 --- /dev/null +++ b/xci/installer/kubespray/playbooks/configure-opnfvhost.yml @@ -0,0 +1,101 @@ +--- +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +- hosts: opnfv + remote_user: root + vars_files: + - "{{ xci_path }}/xci/var/opnfv.yml" + + pre_tasks: + - name: Load distribution variables + include_vars: + file: "{{ item }}" + with_items: + - "{{ xci_path }}/xci/var/{{ ansible_os_family }}.yml" + - name: Set facts for remote deployment + set_fact: + remote_xci_path: "{{ ansible_env.HOME }}/releng-xci" + remote_xci_flavor_files: "{{ ansible_env.HOME }}/releng-xci/xci/installer/{{ installer_type }}/files/{{ xci_flavor }}" + remote_xci_playbooks: "{{ ansible_env.HOME }}/releng-xci/xci/playbooks" + + roles: + - role: bootstrap-host + configure_network: xci_flavor != 'aio' + + tasks: + - name: Create list of files to copy + shell: | + git ls-tree -r --name-only HEAD > {{ xci_cache }}/releng-xci.files + echo ".git/" >> {{ xci_cache }}/releng-xci.files + echo ".cache/repos/" >> {{ xci_cache }}/releng-xci.files + echo ".cache/xci.env" >> {{ xci_cache }}/releng-xci.files + args: + executable: /bin/bash + chdir: "{{ xci_path }}" + changed_when: False + delegate_to: 127.0.0.1 + tags: + - skip_ansible_lint + + - name: Copy releng-xci to remote host + synchronize: + archive: yes + src: "{{ xci_path }}/" + dest: "{{ remote_xci_path }}" + delete: yes + rsync_opts: + - "--recursive" + - "--files-from={{ xci_cache }}/releng-xci.files" + + - name: link xci dynamic inventory to kubespray/inventory/opnfv directory + file: + src: "{{ remote_xci_playbooks }}/dynamic_inventory.py" + path: "{{ remote_xci_path }}/.cache/repos/kubespray/inventory/opnfv/dynamic_inventory.py" + state: link + + - name: Download kubectl and place it to /usr/local/bin + get_url: + url: "https://storage.googleapis.com/kubernetes-release/release/{{ kubernetes_version }}/bin/linux/amd64/kubectl" + dest: /usr/local/bin/kubectl + owner: root + group: root + mode: 0755 + + - name: Reload XCI deployment host facts + setup: + filter: ansible_local + gather_subset: "!all" + delegate_to: 127.0.0.1 + + - name: Prepare everything to run the {{ deploy_scenario }} role + include_role: + name: "{{ hostvars['opnfv'].ansible_local.xci.scenarios.role }}" + + - name: Install required packages + package: + name: "{{ (ansible_pkg_mgr == 'zypper') | ternary('dbus-1', 'dbus') }}" + state: present + update_cache: "{{ (ansible_pkg_mgr in ['apt', 'zypper']) | ternary('yes', omit) }}" + when: xci_flavor == 'aio' + + - name: pip install required packages + pip: + name: "{{ item.name }}" + version: "{{ item.version | default(omit) }}" + with_items: + - { name: 'ansible', version: "{{ xci_kube_ansible_pip_version }}" } + - { name: 'netaddr' } + - { name: 'ansible-modules-hashivault' } + + - name: fetch xci environment + copy: + src: "{{ xci_path }}/.cache/xci.env" + dest: /root/xci.env + + - name: Manage SSH keys + include_tasks: "{{ xci_path }}/xci/playbooks/manage-ssh-keys.yml" diff --git a/xci/installer/kubespray/playbooks/configure-targethosts.yml b/xci/installer/kubespray/playbooks/configure-targethosts.yml new file mode 100644 index 00000000..2fde9877 --- /dev/null +++ b/xci/installer/kubespray/playbooks/configure-targethosts.yml @@ -0,0 +1,40 @@ +--- +- hosts: k8s-cluster + remote_user: root + vars_files: + - "{{ xci_path }}/xci/var/opnfv.yml" + + pre_tasks: + - name: Load distribution variables + include_vars: + file: "{{ item }}" + with_items: + - "{{ xci_path }}/xci/var/{{ ansible_os_family }}.yml" + + roles: + - role: bootstrap-host + + tasks: + - name: Manage SSH keys + include_tasks: "{{ xci_path }}/xci/playbooks/manage-ssh-keys.yml" + + - name: Install dbus + package: + name: "{{ (ansible_pkg_mgr == 'zypper') | ternary('dbus-1', 'dbus') }}" + state: present + update_cache: "{{ (ansible_pkg_mgr in ['apt', 'zypper']) | ternary('yes', omit) }}" + +- hosts: kube-master + remote_user: root + vars_files: + - "{{ xci_path }}/xci/var/opnfv.yml" + pre_tasks: + - name: Load distribution variables + include_vars: + file: "{{ xci_path }}/xci/var/{{ ansible_os_family }}.yml" + roles: + - role: "keepalived" + when: xci_flavor == 'ha' + - role: "haproxy_server" + haproxy_service_configs: "{{ haproxy_default_services}}" + when: xci_flavor == 'ha' diff --git a/xci/installer/kubespray/playbooks/group_vars/all b/xci/installer/kubespray/playbooks/group_vars/all new file mode 100644 index 00000000..328f8dba --- /dev/null +++ b/xci/installer/kubespray/playbooks/group_vars/all @@ -0,0 +1,54 @@ +keepalived_ubuntu_src: "uca" +keepalived_uca_apt_repo_url: "{{ uca_apt_repo_url | default('http://ubuntu-cloud.archive.canonical.com/ubuntu') }}" + +keepalived_sync_groups: + haproxy: + instances: + - external + +haproxy_keepalived_external_interface: "{{ ansible_default_ipv4.interface }}" +haproxy_keepalived_authentication_password: 'keepalived' +keepalived_instances: + external: + interface: "{{ haproxy_keepalived_external_interface }}" + state: "BACKUP" + virtual_router_id: "{{ haproxy_keepalived_external_virtual_router_id | default ('10') }}" + priority: "{{ ((ansible_play_hosts|length-ansible_play_hosts.index(inventory_hostname))*100)-((ansible_play_hosts|length-ansible_play_hosts.index(inventory_hostname))*50) }}" + authentication_password: "{{ haproxy_keepalived_authentication_password }}" + vips: + - "{{ haproxy_keepalived_external_vip_cidr | default('192.168.122.222/32') }} dev {{ haproxy_keepalived_external_interface }}" + +haproxy_default_services: + - service: + haproxy_service_name: proxy-apiserver + haproxy_backend_nodes: "{{ groups['kube-master'] | default([]) }}" + haproxy_port: 8383 + haproxy_backend_port: 6443 + haproxy_balance_type: tcp + +haproxy_bind_on_non_local: "True" +haproxy_use_keepalived: "True" +keepalived_selinux_compile_rules: + - keepalived_ping + - keepalived_haproxy_pid_file + +# Ensure that the package state matches the global setting +haproxy_package_state: "latest" + +haproxy_whitelist_networks: + - 192.168.0.0/16 + - 172.16.0.0/12 + - 10.0.0.0/8 + +haproxy_galera_whitelist_networks: "{{ haproxy_whitelist_networks }}" +haproxy_glance_registry_whitelist_networks: "{{ haproxy_whitelist_networks }}" +haproxy_keystone_admin_whitelist_networks: "{{ haproxy_whitelist_networks }}" +haproxy_nova_metadata_whitelist_networks: "{{ haproxy_whitelist_networks }}" +haproxy_rabbitmq_management_whitelist_networks: "{{ haproxy_whitelist_networks }}" +haproxy_repo_git_whitelist_networks: "{{ haproxy_whitelist_networks }}" +haproxy_repo_cache_whitelist_networks: "{{ haproxy_whitelist_networks }}" +haproxy_octavia_whitelist_networks: "{{ haproxy_whitelist_networks }}" +haproxy_ssl: false + +internal_lb_vip_address: "192.168.122.222" +external_lb_vip_address: "{{ internal_lb_vip_address }}" diff --git a/xci/installer/kubespray/playbooks/post-deployment.yml b/xci/installer/kubespray/playbooks/post-deployment.yml new file mode 100644 index 00000000..5c2f7f36 --- /dev/null +++ b/xci/installer/kubespray/playbooks/post-deployment.yml @@ -0,0 +1,42 @@ +--- +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2018 Ericsson AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +- hosts: opnfv + remote_user: root + vars_files: + - "{{ xci_path }}/xci/var/opnfv.yml" + + pre_tasks: + - name: Load distribution variables + include_vars: + file: "{{ item }}" + with_items: + - "{{ xci_path }}/xci/var/{{ ansible_os_family }}.yml" + - name: Set facts for remote deployment + set_fact: + remote_xci_scenario_path: "{{ ansible_env.HOME }}/releng-xci/.cache/repos/scenarios/{{ deploy_scenario }}/scenarios/{{ deploy_scenario }}" + + tasks: + - name: Reload XCI deployment host facts + setup: + filter: ansible_local + gather_subset: "!all" + delegate_to: 127.0.0.1 + + - name: Check if any post-deployment task defined for {{ deploy_scenario }} role + stat: + path: "{{ remote_xci_scenario_path }}/role/{{ deploy_scenario }}/tasks/post-deployment.yml" + register: post_deployment_yml + + - name: Execute post-deployment tasks of {{ deploy_scenario }} role + include_role: + name: "{{ hostvars['opnfv'].ansible_local.xci.scenarios.role }}" + tasks_from: post-deployment + when: + - post_deployment_yml.stat.exists |