summaryrefslogtreecommitdiffstats
path: root/xci/installer/kubespray
AgeCommit message (Collapse)AuthorFilesLines
2018-09-04xci: osa: Restore self-signed XCI certificateMarkos Chandras2-0/+5
This reverts commit cc583f30f881ba956fb4f1402aa4dd1608b27da2. We still need to have control over the generated certificates so lets keep creating our own. deploy-scenario:os-nosdn-nofeature installer-type:osa Change-Id: I9e730bce2dba578ca0b561b168eaf1c2eca1282d
2018-09-03Revert "xci: osa: Disable haproxy ssl configuration"Markos Chandras2-5/+0
This reverts commit 42501f0ef7e0f0729b1c780102fb9713ef383fb3. This also removes the entire SSL management code and we let the haproxy_server role generate the certificates for us. We also need to bump the openrc role to include an upstream patch which fixes the openrc template file. deploy-scenario:os-nosdn-nofeature installer-type:osa Change-Id: I9bb590c9f1d5bc63519cfb4794dc15f794cc5b07 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-08-23[xci] integrate istio in XCIwutianwei1-2/+2
using kubespary to deploy the istio, kubespary support to deploy istio installer-type:kubespray deploy-scenario:k8-nosdn-istio Change-Id: Id8c04936187c89fafa921dada382a0e9e11aab27 Signed-off-by: wutianwei <wutianwei1@huawei.com> Signed-off-by: Fatih Degirmenci <fdegir@gmail.com>
2018-06-01Merge "xci: kubespray: Use bootstrap role for k8s deployments"Markos Chandras2-1/+19
2018-05-18xci: kubespray: Use bootstrap role for k8s deploymentsMarkos Chandras2-1/+19
The bootstrap role configures NTP and networking on hosts so we should use it on k8s deployments as well. installer-type:kubespray deploy-scenario:k8-nosdn-nofeature Change-Id: I04bd1e1c2c325baabfb836bd8cca60c5f59344c7 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-05-18Merge "xci: kubespray: Switch kubespray to dynamic inventory"Markos Chandras6-117/+17
2018-05-16xci: kubespray: Switch kubespray to dynamic inventoryMarkos Chandras6-117/+17
The kubespray installer contains one inventory per flavor. We can get rid of these files and use the dynamic inventory similar to OSA. Moreover, we extend the dynamic inventory to read additional group variables per flavor if necessary. This way we can still pass additional information to inventory on per-flavor basis. This also fixes a typo in the 'IDF' file. We also need to bump Ansible for kubespray since the version we were using is having troubles with dynamic inventories. Change-Id: Ic58101555f81aec5fee3c193608440aa89bbe445 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-05-16xci: Bump Kubespray SHAs and install ansible moduleswutianwei1-0/+1
1. this change bumps Kubespray SHA to the HEAD of "master" as of 16.05.2018 2. install ansible-modules-hashivault, due to kubespray refactor vault role https://github.com/kubernetes-incubator/kubespray/commit/07cc98197187535619ac8e57ee4e04ae02631a5 installer-type:kubespray deploy-scenario:k8-nosdn-nofeature Change-Id: I2e3ade3b16eac1506e8556fe1820d84d64c09435 Signed-off-by: wutianwei <wutianwei1@huawei.com>
2018-05-11Merge "fix k8 aio flavor undefined variable"Markos Chandras2-1/+2
2018-05-11fix k8 aio flavor undefined variablewutianwei2-1/+2
1. fix error that kube_require_packages is undefined 2. add "remote_user: root" in configure-kubenet.yml if don't add this, it will have issue to connect host. fatal: [opnfv]:UNREACHABLE! => {"changed": false, "msg": "Failed to connect to thehost via ssh: Permission denied (publickey,password).\r\n", "unreachable": true"} installer-type:kubespray deploy-scenario:k8-nosdn-nofeature Change-Id: Ia8d1980ad18375c0cff3a97b284b0f53d7539e23 Signed-off-by: wutianwei <wutianwei1@huawei.com>
2018-05-10xci: installer: Do not use XCI_ANSIBLE_PARAMS on remote nodesMarkos Chandras1-2/+2
The XCI_ANSIBLE_PARAMS is used to pass extra Ansible parameters to XCI. However, these parameters may not make sense when Ansible is running on any of the remote nodes, so we should't use it there. If passing information to "remote" Ansible is required, then we need to come up with a new variable. deploy-scenario:os-nosdn-nofeature installer-type:osa Change-Id: Ib6343fbfe3af1514c2e7e8948c12e3b19b455fe3 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-30xci: Remove intermediate scenarios tasks fileMarkos Chandras1-1/+11
Now that the scenario role is recorded as a local fact, we can include the role directly directly so we don't need the the intermediate file anymore. deploy-scenario:os-nosdn-nofeature installer-type:osa Change-Id: Ia3c5658826f115538b2a103d987ee8f33d3048b9 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-17Merge "xci: kubespray: Fix inventory when configuring keys on targethosts"Markos Chandras3-17/+10
2018-04-16xci: kubespray: Fix inventory when configuring keys on targethostsMarkos Chandras3-17/+10
The SSH keys for the OPNFV host have been configured in the configure-opnfvhost.yml playbook so we shouldn't do that in a playbook that is only meant to configure the target hosts. As such, fix the group to use 'k8s-cluster' instead. Since the targethosts playbook does not apply to all hosts anymore, we can simply drop the list of required packages and only install 'netaddr' on the OPNFV host which is the host that needs it. Similarly, the dbus package is only needed on the targethosts. Change-Id: I293ad83a3a95797d9025f2cddd7849be7b3a49da Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-16xci: Add k8-nosdn-nofeature rolewutianwei4-297/+55
Move default k8s-cluster.yml from kubespray/files/ to role/k8-nosdn-nofeature/files/k8s-cluster.yml since it's scenario specific. Moreover, we set 'cloud' as kube_network_plugin, which would use kubnet as network plugin. The kubenet network plugin requires routing between to be setup by the administrator so we need to add static routes on every host since they are connected using a bridge instead of a router. installer-type:kubespray deploy-scenario:k8-nosdn-nofeature Change-Id: I6ab7288c966d7f17e9d61279056f7673be37bebe Signed-off-by: wutianwei <wutianwei1@huawei.com> Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-13xci: kubespray: Bump SHA to include openSUSE supportMarkos Chandras1-7/+0
The upstream PR to include openSUSE support has been merged so we need to bump the SHA to make it available in XCI. Change-Id: Ida5bd05ce8b0c883b6d7582a495ca934ecc4b1f1 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-12Create the k8-canal-nofeature scenariowutianwei1-0/+1
add the k8-nosdn-noeature and k8-canal-nofeature roles under scenarios directory run different roles to configure the k8s-cluster according to the deploy scenario installer-type:kubespray deploy-scenario:k8-canal-nofeature Change-Id: Ia96b01f79fb058e045c5b7d9d9aecb7f15a21e63 Signed-off-by: wutianwei <wutianwei1@huawei.com>
2018-04-12Update prepare-functest role for k8s and fix fetching xci.envFatih Degirmenci1-0/+5
This change updates prepare-functest role for testing k8s scenarios using functest healthcheck. The changes include - update tasks to skip checking/creation of public gateway which is needed for OpenStack based scenarios - update run-functest.sh.j2 template and set the used docker image name based on FUNCTEST_SUITE_NAME that is going to be used - update run-functest.sh.j2 template and add commands needed to run tests using functest-kubernetes-${FUNCTEST_SUITE_NAME} docker image - update env.j2 to exclude setting the var EXTERNAL_NETWORK which is needed for OpenStack based scenarios Apart from updating the the prepare-functest role, a bug has also been fixed by adding the fetching of xci.env for installer kubespray. installer-type:kubespray deploy-scenario:k8-nosdn-nofeature Change-Id: Ia701db9748ea9509a2dc165341285fb189aa7266 Signed-off-by: Fatih Degirmenci <fdegir@gmail.com>
2018-04-06xci: kubespray: Generate and use SSL certificate for HAProxyMarkos Chandras2-0/+5
In the OpenStack-Ansible installers we are using the XCI ssl certificates for the endpoints but in kubespray we are generating them on the fly. In order to keep both setups as close as possible, we can use the XCI certificates in kubespray as well. Change-Id: I1ca55127fe747618205394c02b3d44bb573435f4 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-06xci: kubespray: Use the common tasks to manage the SSH keysMarkos Chandras2-25/+4
Drop the kubespray specific tasks for managing the SSH keys in favor of the common ones. Change-Id: Ib8e18fcc14c4c0126cae72740dbb33921a21af6b Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-04xci: kubespray: Fix failures to due task checksMarkos Chandras2-5/+6
(this commit fixes many things because they all need to be submitted together to unblock the jobs) Commit 9e1d3d6e62abf5d0da26a296bcd235f37a54d9c6 ("xci: playbooks: Fixes various ansible-lint warnings") broke public key authentication from localhost to the OPNFV host because the localhost pubkey was not appended in the authorized_keys file. The reason for that was that the task was skipped due to the 'creates' parameter. This is now fixed, by dropping the check since we always need to append the localhost pubkey. This is only a temporary solution until we modify kubespray to use the common file for managing the SSH keys. This also makes the final 'kubectl' move to /usr/local/bin non-fatal since future kubespray releases put it there already. The same commit also broke the k8s-cluster.yml overrides. This is because the file was never copied across due to the task conditional being wrong. As such, we fix the conditional to check for the correct file. Change-Id: I9cfb29eba50c7fea9df29581ebb015163b8a9754 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-03-26xci: playbooks: Fixes various ansible-lint warningsMarkos Chandras1-3/+9
In preparation for adding support for the 'ansible-lint' tool we fix various problems in our playbooks to make the tool happy before we make it mandatory. Some of the problems that are fixed here are - [ANSIBLE0011] All tasks should be named - [ANSIBLE0012] Commands should not change things if nothing needs doing - [ANSIBLE0013] Use shell only when shell functionality is required - [ANSIBLE0010] Package installs should not use latest installer-type:osa deploy-scenario:os-nosdn-nofeature Change-Id: I66c759d3932a414b81b2846393d2d98ce80c0b6d Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-03-22Merge "xci: kubespray: Add experimental support for openSUSE"Fatih Degirmenci1-0/+9
2018-03-21xci: kubespray: Add experimental support for openSUSEMarkos Chandras1-0/+9
Add experimental support for openSUSE until the upstream PR is accepted installer-type:kubespray deploy-scenario:k8-nosdn-nofeature Change-Id: Icd3698d882d249a18be77560ba0ba52159893816 Link: https://github.com/kubernetes-incubator/kubespray/pull/2380 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-03-21Clean up opnfv ansible vars and switch to lowercaseFatih Degirmenci2-15/+15
This change removes the variables that are not used in any of the playbooks/roles from opnfv ansible vars. Apart from that, all caps ansible vars replaced with lowercase ones and impacted playbooks/roles are updated. installer-type:osa deploy-scenario:os-nosdn-nofeature Change-Id: I99ebdc155b3903176ac5940b64cef0c0f3aa0f0d Signed-off-by: Fatih Degirmenci <fdegir@gmail.com>
2018-03-20Access the K8s dashboard and configure the CLI in opnfv hostwutianwei3-3/+43
1. Add the type: NodePort in dashboard service. the default is ClustIP, which cannot access from outside. 2. Print the url ,user, password for user to access dashboard. 3. configure the kubectl CLI in opnfv host. Change-Id: I6cb6e6f7547412139ece0c40a85de67a9edce0ef Signed-off-by: wutianwei <wutianwei1@huawei.com>
2018-03-14kubespray: Do not grep log text to determine failureFatih Degirmenci1-7/+4
Pipefail should be sufficient to determine the failure so this change gets rid of grepping the logs for failure and unreachable to leave the evaluation to bash itself. Change-Id: I0fcd6016ddc19eb11b3eb2402347032a11c5a32a Signed-off-by: Fatih Degirmenci <fdegir@gmail.com>
2018-03-13Merge changes from topics 'allow-pass-ansible-arguments', ↵Markos Chandras1-4/+4
'allow-pass-ansible-arguments-force-verify' * changes: xci: OSA: Fix warning about missing inventory file xci: Pass the XCI_PATH variable to all Ansible calls xci: Rename XCI_ANSIBLE_VERBOSITY to XCI_ANSIBLE_PARAMS
2018-03-12Combine vars setting installer type in INSTALLER_TYPEFatih Degirmenci2-2/+2
Change-Id: Ie196d1df537d09f0f91e43ab5e0305a45d543815 Signed-off-by: Fatih Degirmenci <fdegir@gmail.com>
2018-03-12xci: Rename XCI_ANSIBLE_VERBOSITY to XCI_ANSIBLE_PARAMSMarkos Chandras1-4/+4
We don't quite need a specific env variable just for Ansible verbosity so we can rename this variable to make it clear that it can be used to pass any Ansible option to XCI. Change-Id: Ie20517d4b563bfc6daeb27848168d36da7014cee Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-02-23XCI: k8s: Add support for CentOS distrowutianwei3-12/+19
Kubespray already supports the CentOS distribution so make the necessary changes to allow it to work in XCI. Change-Id: I3cf1db055a5fd563b107b46456bc3e18eeafb3ab Co-authored-by: Markos Chandras <mchandras@suse.de> Signed-off-by: wutianwei <wutianwei1@huawei.com>
2018-02-21xci: roles: configure-network: Determine host NIC from Ansible factsMarkos Chandras1-1/+1
Hardcoding the interface as a variable is very fragile since it varies from host to host. We could use the Ansible facts to find out the interface name and then use that to configure all the VLANs and networking. Change-Id: Ie7e2409d638625b9bede23b6c1fe33dc36f81840 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-01-31deploy kubernetes in XCIwutianwei11-0/+709
This commit introduces kubespray into XCI. k8s install currently assumes k8s install and OpenStack install cannot coexist. If XCI_INSTALLER is set to "kubespray" and DEPLOY_SCENARIO is set to "k8-nosdn-nofeature" the xci-deploy.sh would install kubernetes instead of OpenStack. The version of kubernetes is beta release v1.9.0 currently according to the master of kubespray it only support the ubuntu now. Opensuse and centos still need to develop and test. This patch create the directory xci/installer/kubespray, the related files of kubespray would be placed to it. The xci/installer/$installer/playbooks/configure-localhost.yml was moved to xci/playbooks/configure-localhost.yml as a common yaml file. You can modify some parameters according your need in xci/installer/kubespray/files/k8s-cluster.yml to deploy cluster. When deploying kubernetes, it would download the kubespray to releng-xci/.cache/repos/kubespray. If your flavor is Ha, it will download haproxy_server and keepalived to xci/playbook/roles, which setup haproxy service for kubernetes. Change-Id: I24d521a735d7ee85fbe5af8c4def65f37586b843 Signed-off-by: wutianwei <wutianwei1@huawei.com>