diff options
Diffstat (limited to 'xci/nfvi/osa/playbooks')
-rw-r--r-- | xci/nfvi/osa/playbooks/bootstrap-scenarios.yml | 23 | ||||
-rw-r--r-- | xci/nfvi/osa/playbooks/configure-localhost.yml | 75 | ||||
-rw-r--r-- | xci/nfvi/osa/playbooks/configure-opnfvhost.yml | 185 | ||||
-rw-r--r-- | xci/nfvi/osa/playbooks/configure-targethosts.yml | 49 | ||||
-rw-r--r-- | xci/nfvi/osa/playbooks/inventory | 10 | ||||
-rwxr-xr-x | xci/nfvi/osa/playbooks/xci-deploy.sh | 183 |
6 files changed, 525 insertions, 0 deletions
diff --git a/xci/nfvi/osa/playbooks/bootstrap-scenarios.yml b/xci/nfvi/osa/playbooks/bootstrap-scenarios.yml new file mode 100644 index 00000000..98acf73b --- /dev/null +++ b/xci/nfvi/osa/playbooks/bootstrap-scenarios.yml @@ -0,0 +1,23 @@ +--- +# +# This file is aimed to be used by scenarios to plug into the XCI. +# Ideally, all they need to do at this point is to include their +# role using a statement like the following one +# +# - name: Include foobar role +# include_role: +# name: "foobar" +# when: DEPLOY_SCENARIO == "foobar" + +- name: Prepare everything to run the os-nosdn-nofeature scenario + include_role: + name: "os-nosdn-nofeature" + when: DEPLOY_SCENARIO == 'os-nosdn-nofeature' +- name: Prepare everything to run the os-odl-nofeature scenario + include_role: + name: "os-odl-nofeature" + when: DEPLOY_SCENARIO == 'os-odl-nofeature' +- name: Prepare everything to run the os-odl-sfc scenario + include_role: + name: "os-odl-sfc" + when: DEPLOY_SCENARIO == 'os-odl-sfc' diff --git a/xci/nfvi/osa/playbooks/configure-localhost.yml b/xci/nfvi/osa/playbooks/configure-localhost.yml new file mode 100644 index 00000000..caa5d673 --- /dev/null +++ b/xci/nfvi/osa/playbooks/configure-localhost.yml @@ -0,0 +1,75 @@ +--- +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2017 Ericsson AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +- hosts: localhost + connection: local + + pre_tasks: + - name: Load distribution variables + include_vars: + file: "{{ item }}" + failed_when: false + with_items: + - "{{ XCI_PATH }}/xci/var/opnfv.yml" + - "{{ XCI_PATH }}/xci/var/{{ ansible_os_family }}.yml" + + - name: cleanup leftovers of previous deployment + file: + path: "{{ item }}" + state: absent + recurse: no + with_items: + - "{{ XCI_CACHE }}/repos" + - "{{ LOG_PATH }} " + - "{{ OPNFV_SSH_HOST_KEYS_PATH }}" + + roles: + - role: clone-repository + project: "openstack/openstack-ansible-openstack_openrc" + repo: "{{ OPENSTACK_OSA_OPENRC_GIT_URL }}" + dest: roles/openstack-ansible-openstack_openrc + version: "master" + - role: clone-repository + project: "openstack/openstack-ansible" + repo: "{{ OPENSTACK_OSA_GIT_URL }}" + dest: "{{ XCI_CACHE }}/repos/openstack-ansible" + version: "{{ OPENSTACK_OSA_VERSION }}" + + tasks: + - name: create log directory {{LOG_PATH}} + file: + path: "{{LOG_PATH}}" + state: directory + recurse: no + - name: check if certificate directory /etc/ssl/certs exists already + stat: path=/etc/ssl/certs + register: check_etc_ssl_certs + - name: create certificate directory /etc/ssl/certs + become: true + file: + path: "/etc/ssl/certs" + state: directory + when: check_etc_ssl_certs.stat.exists == false + - name: create key directory /etc/ssl/private + become: true + file: + path: "/etc/ssl/private" + state: directory + - name: generate self signed certificate + command: openssl req -new -nodes -x509 -subj "{{ XCI_SSL_SUBJECT }}" -days 3650 -keyout "/etc/ssl/private/xci.key" -out "/etc/ssl/certs/xci.crt" -extensions v3_ca + become: true + - name: Synchronize local development OSA repository to XCI paths + # command module is much faster than the copy module + synchronize: + src: "{{ OPENSTACK_OSA_DEV_PATH }}" + dest: "{{ XCI_CACHE }}/repos/openstack-ansible" + recursive: yes + delete: yes + when: + - OPENSTACK_OSA_DEV_PATH != "" diff --git a/xci/nfvi/osa/playbooks/configure-opnfvhost.yml b/xci/nfvi/osa/playbooks/configure-opnfvhost.yml new file mode 100644 index 00000000..656f18e8 --- /dev/null +++ b/xci/nfvi/osa/playbooks/configure-opnfvhost.yml @@ -0,0 +1,185 @@ +--- +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2017 Ericsson AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +- hosts: opnfv + remote_user: root + vars_files: + - "{{ XCI_PATH }}/xci/var/opnfv.yml" + + pre_tasks: + - name: Load distribution variables + include_vars: + file: "{{ item }}" + with_items: + - "{{ XCI_PATH }}/xci/var/{{ ansible_os_family }}.yml" + - "{{ XCI_PATH }}/xci/file/{{ XCI_FLAVOR }}/flavor-vars.yml" + - name: Set facts for remote deployment + set_fact: + remote_xci_path: "{{ ansible_env.HOME }}/releng-xci" + remote_xci_flavor_files: "{{ ansible_env.HOME }}/releng-xci/xci/file/{{ XCI_FLAVOR }}" + remote_xci_playbooks: "{{ ansible_env.HOME }}/releng-xci/xci/playbooks" + + roles: + - role: configure-network + when: XCI_FLAVOR != "aio" + + tasks: + - name: generate SSH keys + shell: ssh-keygen -b 2048 -t rsa -f /root/.ssh/id_rsa -q -N "" + args: + creates: "{{ ansible_env.HOME }}/.ssh/id_rsa" + - name: fetch public key + fetch: + src: "{{ ansible_env.HOME }}/.ssh/id_rsa.pub" + dest: "{{ XCI_PATH }}/xci/file/authorized_keys" + flat: yes + - name: Copy releng-xci to remote host + synchronize: + src: "{{ XCI_PATH }}/" + dest: "{{ remote_xci_path }}" + recursive: yes + delete: yes + - name: copy flavor inventory + shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/inventory {{ remote_xci_playbooks }}" + - name: copy openstack_deploy + shell: "/bin/cp -rf {{OPENSTACK_OSA_PATH}}/etc/openstack_deploy {{OPENSTACK_OSA_ETC_PATH}}" + - name: copy openstack_user_config.yml + shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/openstack_user_config.yml {{OPENSTACK_OSA_ETC_PATH}}" + failed_when: false + - name: copy all user override files + shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_variables.yml {{OPENSTACK_OSA_ETC_PATH}}" + failed_when: false + - name: copy cinder.yml + shell: "/bin/cp -rf {{ remote_xci_path }}/xci/nfvi/osa/files/cinder.yml {{OPENSTACK_OSA_ETC_PATH}}/env.d" + - name: Configure AIO tempest + lineinfile: + path: "{{ OPENSTACK_OSA_ETC_PATH }}/user_variables.yml" + line: "{{ item }}: {{ RUN_TEMPEST | bool }}" + state: present + with_items: + - "tempest_install" + - "tempest_run" + - block: + - name: copy ceph.yml + shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/ceph.yml {{OPENSTACK_OSA_ETC_PATH}}/conf.d/" + - name: copy user_ceph.yml + shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_ceph.yml {{OPENSTACK_OSA_ETC_PATH}}/user_ceph.yml" + - name: copy user_variables_ceph.yml + shell: "/bin/cp -rf {{ remote_xci_flavor_files }}/user_variables_ceph.yml {{OPENSTACK_OSA_ETC_PATH}}/user_variables_ceph.yml" + when: XCI_CEPH_ENABLED == "true" + # TODO: We need to get rid of this as soon as the issue is fixed upstream + - name: change the haproxy state from disable to enable + replace: + dest: "{{OPENSTACK_OSA_PATH}}/playbooks/os-keystone-install.yml" + regexp: '(\s+)haproxy_state: disabled' + replace: '\1haproxy_state: enabled' + - name: copy OPNFV OpenStack playbook + shell: "/bin/cp -rf {{ remote_xci_path }}/xci/nfvi/osa/files/setup-openstack.yml {{OPENSTACK_OSA_PATH}}/playbooks" + - name: copy pinned versions of OSA Roles and global requirements + shell: "/bin/cp -rf {{ remote_xci_path }}/xci/nfvi/osa/files/{{ item }} {{OPENSTACK_OSA_PATH}}/{{ item }}" + with_items: + - "ansible-role-requirements.yml" + - "global-requirement-pins.txt" + when: + - OPENSTACK_OSA_VERSION != "master" + - name: copy pinned versions of OpenStack services + shell: "/bin/cp -rf {{ remote_xci_path }}/xci/nfvi/osa/files/openstack_services.yml {{OPENSTACK_OSA_PATH}}/playbooks/defaults/repo_packages/openstack_services.yml" + when: + - OPENSTACK_OSA_VERSION != "master" + - include: bootstrap-scenarios.yml + - name: bootstrap ansible on opnfv host + command: "/bin/bash ./scripts/bootstrap-ansible.sh" + args: + chdir: "{{OPENSTACK_OSA_PATH}}" + - name: install python Crypto module + package: + name: "{{ python_crypto_package_name }}" + - name: install PyYAML + pip: + name: pyyaml + state: present + - name: generate password token + command: "python pw-token-gen.py --file {{OPENSTACK_OSA_ETC_PATH}}/user_secrets.yml" + args: + chdir: "{{OPENSTACK_OSA_PATH}}/scripts" + - name: check if certificate directory /etc/ssl/certs exists already + stat: path=/etc/ssl/certs + register: check_etc_ssl_certs + - name: create certificate directory /etc/ssl/certs + file: + path: "/etc/ssl/certs" + state: directory + when: check_etc_ssl_certs.stat.exists == false + - name: create key directory /etc/ssl/private + file: + path: "/etc/ssl/private" + state: directory + - name: copy certificate to /etc/ssl/certs + copy: + src: "/etc/ssl/certs/xci.crt" + dest: "/etc/ssl/certs/" + - name: read remote key from /etc/ssl/private + set_fact: + xci_ssl_key: "{{ lookup('pipe', 'sudo cat /etc/ssl/private/xci.key' ) }}" + - name: copy key to /etc/ssl/private + copy: + content: "{{ xci_ssl_key }}" + dest: "/etc/ssl/private/xci.key" + become: true + - name: install opnfv required packages + package: + name: "{{ opnfv_required_packages }}" + state: latest + # Docker is needed for functest + - name: Ensure Docker service is started and enabled + service: + name: "{{ docker_service_name }}" + state: started + enabled: yes + - name: install opnfv required pip packages + pip: + name: "{{ opnfv_required_pip }}" + state: present + +- hosts: localhost + remote_user: root + + tasks: + - name: Append public keys to authorized_keys + shell: "/bin/cat {{ ansible_env.HOME }}/.ssh/id_rsa.pub >> {{ XCI_PATH }}/xci/file/authorized_keys" + +- hosts: opnfv + remote_user: root + vars_files: + - "{{ XCI_PATH }}/xci/var/opnfv.yml" + + pre_tasks: + - name: Load distribution variables + include_vars: + file: "{{ item }}" + failed_when: false + with_items: + - "{{ XCI_PATH }}/xci/var/{{ ansible_os_family }}.yml" + - "{{ XCI_PATH }}/xci/file/{{ XCI_FLAVOR }}/flavor-vars.yml" + - "{{ XCI_PATH }}/xci/file/{{ XCI_FLAVOR }}/user_variables.yml" + roles: + - role: "openstack-ansible-openstack_openrc" + + tasks: + - name: add extra insecure flag to generated openrc + blockinfile: + dest: "{{ ansible_env.HOME }}/openrc" + block: | + export OS_INSECURE=true + + - name: fetch generated openrc + fetch: + src: "{{ ansible_env.HOME }}/openrc" + dest: "{{ XCI_PATH }}/.cache/openrc" + flat: true diff --git a/xci/nfvi/osa/playbooks/configure-targethosts.yml b/xci/nfvi/osa/playbooks/configure-targethosts.yml new file mode 100644 index 00000000..14a9149b --- /dev/null +++ b/xci/nfvi/osa/playbooks/configure-targethosts.yml @@ -0,0 +1,49 @@ +--- +- hosts: all + remote_user: root + tasks: + - name: add public key to host + copy: + src: "{{ XCI_PATH }}/xci/file/authorized_keys" + dest: /root/.ssh/authorized_keys + +- hosts: controller + remote_user: root + vars_files: + - "{{ XCI_PATH }}/xci/var/opnfv.yml" + + pre_tasks: + - name: Load distribution variables + include_vars: + file: "{{ item }}" + with_items: + - "{{ XCI_PATH }}/xci/var/{{ ansible_os_family }}.yml" + - "{{ XCI_PATH }}/xci/file/{{ XCI_FLAVOR }}/flavor-vars.yml" + roles: + - role: configure-network + # we need to force sync time with ntp or the nodes will be out of sync timewise + - role: synchronize-time + +- hosts: compute + remote_user: root + vars_files: + - "{{ XCI_PATH }}/xci/var/opnfv.yml" + + pre_tasks: + - name: Load distribution variables + include_vars: + file: "{{ item }}" + with_items: + - "{{ XCI_PATH }}/xci/var/{{ ansible_os_family }}.yml" + - "{{ XCI_PATH }}/xci/file/{{ XCI_FLAVOR }}/flavor-vars.yml" + roles: + - role: configure-network + # we need to force sync time with ntp or the nodes will be out of sync timewise + - role: synchronize-time + - role: configure-ceph + when: XCI_CEPH_ENABLED == "true" + +- hosts: compute00 + remote_user: root + roles: + - role: configure-nfs diff --git a/xci/nfvi/osa/playbooks/inventory b/xci/nfvi/osa/playbooks/inventory new file mode 100644 index 00000000..fd9af901 --- /dev/null +++ b/xci/nfvi/osa/playbooks/inventory @@ -0,0 +1,10 @@ +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2017 Ericsson AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +[opnfv] +opnfv ansible_ssh_host=192.168.122.2 diff --git a/xci/nfvi/osa/playbooks/xci-deploy.sh b/xci/nfvi/osa/playbooks/xci-deploy.sh new file mode 100755 index 00000000..89fb455b --- /dev/null +++ b/xci/nfvi/osa/playbooks/xci-deploy.sh @@ -0,0 +1,183 @@ +#!/bin/bash +set -o errexit +set -o nounset +set -o pipefail + +submit_bug_report() { + cd ${XCI_PATH} + echo "" + echo "-------------------------------------------------------------------------" + echo "Oh nooooo! The XCI deployment failed miserably :-(" + echo "" + echo "If you need help, please choose one of the following options" + echo "* #opnfv-pharos @ freenode network" + echo "* opnfv-tech-discuss mailing list (https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss)" + echo " - Please prefix the subject with [XCI]" + echo "* https://jira.opnfv.org (Release Engineering project)" + echo "" + echo "Do not forget to submit the following information on your bug report:" + echo "" + git diff --quiet && echo "releng-xci tree status: clean" || echo "releng-xci tree status: local modifications" + echo "opnfv/releng-xci version: $(git rev-parse HEAD)" + echo "openstack/bifrost version: $OPENSTACK_BIFROST_VERSION" + echo "openstack/openstack-ansible version: $OPENSTACK_OSA_VERSION" + echo "xci flavor: $XCI_FLAVOR" + echo "xci nfvi: $XCI_NFVI" + echo "Environment variables:" + env | grep --color=never '\(OPNFV\|XCI\|OPENSTACK\)' + echo "-------------------------------------------------------------------------" +} + +#------------------------------------------------------------------------------- +# This script should not be run as root +#------------------------------------------------------------------------------- +if [[ $(whoami) == "root" ]]; then + echo "WARNING: This script should not be run as root!" + echo "Elevated privileges are aquired automatically when necessary" + echo "Waiting 10s to give you a chance to stop the script (Ctrl-C)" + for x in $(seq 10 -1 1); do echo -n "$x..."; sleep 1; done +fi + +#------------------------------------------------------------------------------- +# Set environment variables +#------------------------------------------------------------------------------- +# The order of sourcing the variable files is significant so please do not +# change it or things might stop working. +# - user-vars: variables that can be configured or overriden by user. +# - pinned-versions: versions to checkout. These can be overriden if you want to +# use different/more recent versions of the tools but you might end up using +# something that is not verified by OPNFV XCI. +# - flavor-vars: settings for VM nodes for the chosen flavor. +# - env-vars: variables for the xci itself and you should not need to change or +# override any of them. +#------------------------------------------------------------------------------- +# find where are we +export XCI_PATH="$(git rev-parse --show-toplevel)" +# source user vars +source $XCI_PATH/xci/config/user-vars +# source pinned versions +source $XCI_PATH/xci/config/pinned-versions +# source flavor configuration +source "$XCI_PATH/xci/config/${XCI_FLAVOR}-vars" +# source NFVI configuration +source "$XCI_PATH/xci/nfvi/${XCI_NFVI}/env" &>/dev/null || true +# source xci configuration +source $XCI_PATH/xci/config/env-vars + +if [[ -z $(echo $PATH | grep "$HOME/.local/bin") ]]; then + export PATH="$HOME/.local/bin:$PATH" +fi + +#------------------------------------------------------------------------------- +# Sanitize local development environment variables +#------------------------------------------------------------------------------- +user_local_dev_vars=(OPENSTACK_OSA_DEV_PATH OPENSTACK_BIFROST_DEV_PATH) +for local_user_var in ${user_local_dev_vars[@]}; do + [[ -n ${!local_user_var:-} ]] && export $local_user_var=${!local_user_var%/}/ +done +unset user_local_dev_vars local_user_var + +# register our handler +trap submit_bug_report ERR + +#------------------------------------------------------------------------------- +# Log info to console +#------------------------------------------------------------------------------- +echo "Info: Starting XCI Deployment" +echo "Info: Deployment parameters" +echo "-------------------------------------------------------------------------" +echo "xci flavor: $XCI_FLAVOR" +echo "xci nfvi: $XCI_NFVI" +echo "opnfv/releng-xci version: $(git rev-parse HEAD)" +echo "openstack/bifrost version: $OPENSTACK_BIFROST_VERSION" +echo "openstack/openstack-ansible version: $OPENSTACK_OSA_VERSION" +echo "OPNFV scenario: $DEPLOY_SCENARIO" +echo "-------------------------------------------------------------------------" + +#------------------------------------------------------------------------------- +# Install ansible on localhost +#------------------------------------------------------------------------------- +echo "Info: Installing Ansible from pip" +echo "-------------------------------------------------------------------------" +source file/install-ansible.sh +echo "-------------------------------------------------------------------------" + +# Make the VMs match the host. If we need to make this configurable +# then this logic has to be moved outside this file +case ${OS_FAMILY,,} in + # These should ideally match the CI jobs + debian) + export DIB_OS_RELEASE="${DIB_OS_RELEASE:-xenial}" + export DIB_OS_ELEMENT="${DIB_OS_ELEMENT:-ubuntu-minimal}" + export DIB_OS_PACKAGES="${DIB_OS_PACKAGES:-vlan,vim,less,bridge-utils,language-pack-en,iputils-ping,rsyslog,curl,iptables}" + ;; + redhat) + export DIB_OS_RELEASE="${DIB_OS_RELEASE:-7}" + export DIB_OS_ELEMENT="${DIB_OS_ELEMENT:-centos-minimal}" + export DIB_OS_PACKAGES="${DIB_OS_PACKAGES:-vim,less,bridge-utils,iputils,rsyslog,curl,iptables}" + ;; + suse) + export DIB_OS_RELEASE="${DIB_OS_RELEASE:-42.3}" + export DIB_OS_ELEMENT="${DIB_OS_ELEMENT:-opensuse-minimal}" + export DIB_OS_PACKAGES="${DIB_OS_PACKAGES:-vim,less,bridge-utils,iputils,rsyslog,curl,iptables}" + ;; +esac + +# There is no CentOS support at all +if [[ $OS_FAMILY == RedHat ]]; then + echo "" + echo "Error: Sorry, only Ubuntu and SUSE hosts are supported for now!" + echo "Error: CentOS 7 support is still work in progress." + echo "" + exit 1 +fi + +# Clone OPNFV scenario repositories +#------------------------------------------------------------------------------- +# This playbook +# - removes existing scenario roles +# - clones OPNFV scenario roles based on the file/opnfv-scenario-requirements.yml file +#------------------------------------------------------------------------------- +echo "Info: Cloning OPNFV scenario repositories" +echo "-------------------------------------------------------------------------" +cd $XCI_PATH/xci/playbooks +ansible-playbook ${XCI_ANSIBLE_VERBOSITY} -i inventory get-opnfv-scenario-requirements.yml +echo "-------------------------------------------------------------------------" + +#------------------------------------------------------------------------------- +# Get scenario variables overrides +#------------------------------------------------------------------------------- +if [[ -f $XCI_SCENARIOS_CACHE/${DEPLOY_SCENARIO:-_no_scenario_}/xci_overrides ]]; then + source $XCI_SCENARIOS_CACHE/$DEPLOY_SCENARIO/xci_overrides +fi + +#------------------------------------------------------------------------------- +# Start provisioning VM nodes +#------------------------------------------------------------------------------- +# This playbook +# - removes directories that were created by the previous xci run +# - clones opnfv/releng-xci and openstack/bifrost repositories +# - combines opnfv/releng-xci and openstack/bifrost scripts/playbooks +# - destroys VMs, removes ironic db, leases, logs +# - creates and provisions VMs for the chosen flavor +#------------------------------------------------------------------------------- +echo "Info: Starting provisining VM nodes using openstack/bifrost" +echo "-------------------------------------------------------------------------" +# We are using sudo so we need to make sure that env_reset is not present +sudo sed -i "s/^Defaults.*env_reset/#&/" /etc/sudoers +cd $XCI_PATH/bifrost/ +sudo -E bash ./scripts/destroy-env.sh +cd $XCI_PLAYBOOKS +ansible-playbook ${XCI_ANSIBLE_VERBOSITY} -i inventory provision-vm-nodes.yml +cd ${XCI_CACHE}/repos/bifrost +bash ./scripts/bifrost-provision.sh +echo "-----------------------------------------------------------------------" +echo "Info: VM nodes are provisioned!" +echo "-----------------------------------------------------------------------" + +# Deploy OpenStack on the selected NFVI +echo "Info: Deploying '${XCI_NFVI}' NFVI" +echo "-----------------------------------------------------------------------" +source ${XCI_PATH}/xci/nfvi/${XCI_NFVI}/nfvi-deploy.sh + +# vim: set ts=4 sw=4 expandtab: |