summaryrefslogtreecommitdiffstats
path: root/xci/installer
AgeCommit message (Collapse)AuthorFilesLines
2018-09-03Revert "xci: osa: Disable haproxy ssl configuration"Markos Chandras7-32/+8
This reverts commit 42501f0ef7e0f0729b1c780102fb9713ef383fb3. This also removes the entire SSL management code and we let the haproxy_server role generate the certificates for us. We also need to bump the openrc role to include an upstream patch which fixes the openrc template file. deploy-scenario:os-nosdn-nofeature installer-type:osa Change-Id: I9bb590c9f1d5bc63519cfb4794dc15f794cc5b07 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-08-30xci: Bump OSA and bifrost SHAsMarkos Chandras2-94/+105
This change - bumps OSA SHA to b9d9269528ecbe04b2638a73c2b0f49839f27422 - bumps bifrost SHA to 0d0cfd908d10a670668619c575fd338d1ff328b7 - Pins Ansible to 2.5.8. OSA is using 2.5.5 which has a bug in the pause module so we need to use something newer. Change-Id: Idf05bbef880db11de4a41464ae5080aa21a0613c Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-08-23[xci] integrate istio in XCIwutianwei1-2/+2
using kubespary to deploy the istio, kubespary support to deploy istio installer-type:kubespray deploy-scenario:k8-nosdn-istio Change-Id: Id8c04936187c89fafa921dada382a0e9e11aab27 Signed-off-by: wutianwei <wutianwei1@huawei.com> Signed-off-by: Fatih Degirmenci <fdegir@gmail.com>
2018-08-22Print OpenStack login information at the endFatih Degirmenci1-15/+16
The info is logged to the console before post-deployment tasks and this makes it seeing the deployment status and login info inconvenient. This change moves the logging to the end, after post-deployment. Change-Id: Ic7e232a0b8343e666f54087fbcc09481ab59ca90 Signed-off-by: Fatih Degirmenci <fdegir@gmail.com>
2018-08-21xci: Bump OSA and bifrost SHAsFatih Degirmenci3-102/+140
This change - bumps OSA SHA to cbfdb7dc295ff702044b807336fab067d84a3f20 (mostly based on Rocky RC1) - bumps bifrost SHA to c1c6fb7487d5b967624400623fd35aabf303b917 - pins Ansible to 2.4.6.0 - switches to ollivier/functest-healtcheck since OS is bumped to Rocky Change-Id: Icc14e3e794b489dafd78b426c54051a3732ccb1a Signed-off-by: Fatih Degirmenci <fdegir@gmail.com> Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-08-16Update SHA for ODLManuel Buil1-1/+1
Deployment not working because of a bug. This bug gets fixed with the new SHA Change-Id: I91c6df6bf7ea10492265466ebdfbf4264492936b Signed-off-by: Manuel Buil <mbuil@suse.com>
2018-08-10Merge changes from topic 'extend-suse-support-id-skip-verify'Markos Chandras1-2/+2
* changes: xci: xci-destroy-env.sh: Update virtualbmc path xci: create-vm-nodes: Install virtualbmc in the XCI virtualenv xci: osa: Drop openSUSE mirror variables
2018-08-10xci: osa: Drop openSUSE mirror variablesMarkos Chandras1-2/+2
we let downloads.opensuse.org redirect us to a good one since the hardcoded one does not appear to work anymore. Ansible gets upset if we feed it an empty variables file, so we set a couple of variables there to make it happy. Change-Id: I887522ebc71dd866d544e75beeff47af6111e059 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-08-09Integrate os-nosdn-osm scenarioFatih Degirmenci2-1/+80
This change integrates os-nosdn-osm scenario. The installation of OSM is done as post-deployment. This is achieved by the addition of the new playbook named post-deployment.yml in scenario role folder. This mechanism is available for all OpenStack scenarios. If anything needs to be done for a specific scenario as part of the post-deployment, it can be achieved by creating playbook post-deployment.yml. If post-deployment.yml exists in scenario role, the framework will run it once the regular deployment playbooks are run successfully. If the file does not exist, it will be skipped. The location of the post-deployment.yml is releng-xci-scenarios/<scenario>/role/<scenario>/tasks/post-deployment.yml This is only implemented for OpenStack scenarios currently and similar mechanism is needed for K8S scenarios as well which will be implemented in a separate change. installer-type:osa deploy-scenario:os-nosdn-osm Change-Id: I16780abffca39699eb2f38f662479f0e4d551504 Signed-off-by: Fatih Degirmenci <fdegir@gmail.com>
2018-07-04xci: osa: Disable haproxy ssl configurationMarkos Chandras3-3/+9
The self-signed certificates are causing troubles so until we implement a proper certificate chain in XCI we should disable the SSL endpoints. Change-Id: Ife4ef78de1569121c435a806924a3f90917fd85b Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-06-06xci: osa: switch back from GitHub to OpenStack OSA reposMarkos Chandras2-80/+80
Switching to github.com for the gitclones did not make much of a difference since we are still seeing randomg SSL failures during git clones. So we can switch back to git://git.openstack.org hoping that the git protocol will be more efficient than https. Moreover some projects are moving away from github mirroring and this breaks our tests. Change-Id: I8188ec7cbfbf16eeb4634bd9a44b12a104ce1059 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-06-06xci: OSA: Bump Queens SHAs to fix spice-html5 repo relocationMarkos Chandras1-3/+4
The spice-html5 repository moved from github to its own gitlab hosting and that broke everything. As such, we update the OSA roles which contain the correct URL for the new repository. Change-Id: I3e2883c0436c9c93d2a8a338343ca3a75a1431e4 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-06-01Merge "xci: kubespray: Use bootstrap role for k8s deployments"Markos Chandras2-1/+19
2018-05-18xci: kubespray: Use bootstrap role for k8s deploymentsMarkos Chandras2-1/+19
The bootstrap role configures NTP and networking on hosts so we should use it on k8s deployments as well. installer-type:kubespray deploy-scenario:k8-nosdn-nofeature Change-Id: I04bd1e1c2c325baabfb836bd8cca60c5f59344c7 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-05-18Merge "xci: kubespray: Switch kubespray to dynamic inventory"Markos Chandras6-117/+17
2018-05-16xci: kubespray: Switch kubespray to dynamic inventoryMarkos Chandras6-117/+17
The kubespray installer contains one inventory per flavor. We can get rid of these files and use the dynamic inventory similar to OSA. Moreover, we extend the dynamic inventory to read additional group variables per flavor if necessary. This way we can still pass additional information to inventory on per-flavor basis. This also fixes a typo in the 'IDF' file. We also need to bump Ansible for kubespray since the version we were using is having troubles with dynamic inventories. Change-Id: Ic58101555f81aec5fee3c193608440aa89bbe445 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-05-16xci: Bump Kubespray SHAs and install ansible moduleswutianwei1-0/+1
1. this change bumps Kubespray SHA to the HEAD of "master" as of 16.05.2018 2. install ansible-modules-hashivault, due to kubespray refactor vault role https://github.com/kubernetes-incubator/kubespray/commit/07cc98197187535619ac8e57ee4e04ae02631a5 installer-type:kubespray deploy-scenario:k8-nosdn-nofeature Change-Id: I2e3ade3b16eac1506e8556fe1820d84d64c09435 Signed-off-by: wutianwei <wutianwei1@huawei.com>
2018-05-14Merge "xci: osa: Add initial dynamic inventory from PDF/IDF files"Markos Chandras11-137/+2
2018-05-11Merge "fix k8 aio flavor undefined variable"Markos Chandras2-1/+2
2018-05-11fix k8 aio flavor undefined variablewutianwei2-1/+2
1. fix error that kube_require_packages is undefined 2. add "remote_user: root" in configure-kubenet.yml if don't add this, it will have issue to connect host. fatal: [opnfv]:UNREACHABLE! => {"changed": false, "msg": "Failed to connect to thehost via ssh: Permission denied (publickey,password).\r\n", "unreachable": true"} installer-type:kubespray deploy-scenario:k8-nosdn-nofeature Change-Id: Ia8d1980ad18375c0cff3a97b284b0f53d7539e23 Signed-off-by: wutianwei <wutianwei1@huawei.com>
2018-05-11Merge "New SHA for ODL"Markos Chandras1-1/+1
2018-05-10New SHA for ODLManuel Buil1-1/+1
We need a patch in the ODL role to be able to deploy a stable ODL. Before this patch, it is not possible to deploy with a stable version of ODL and we are always deploying with the tip of the branch. However, it is useful to deploy with a version which we know for sure that it is working. deploy-scenario:os-odl-sfc installer-type:osa Change-Id: I539a5afa41598f54c3eeb2f1096022c73aa942b9 Signed-off-by: Manuel Buil <mbuil@suse.com>
2018-05-10xci: installer: Do not use XCI_ANSIBLE_PARAMS on remote nodesMarkos Chandras2-6/+6
The XCI_ANSIBLE_PARAMS is used to pass extra Ansible parameters to XCI. However, these parameters may not make sense when Ansible is running on any of the remote nodes, so we should't use it there. If passing information to "remote" Ansible is required, then we need to come up with a new variable. deploy-scenario:os-nosdn-nofeature installer-type:osa Change-Id: Ib6343fbfe3af1514c2e7e8948c12e3b19b455fe3 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-05-09xci: osa: Add initial dynamic inventory from PDF/IDF filesMarkos Chandras11-137/+2
The PDF and IDF files contain all the information we need for the virtual XCI deployment, so we can use it to create a dynamic inventory and get rid of all the static ones which could easily get outdated as PDF and IDF files evolve over time. This inital version of the dynamic inventory contains a lot of unnecessary generated information but we do that in order to ease the migration from static files to the dynamic inventory. The dynamic inventory will be improved in the future as we consume more and more information from the PDF and IDF files. Change-Id: Id9f07a61c67a5cffcbc18079a341e5d395020a27 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-05-08xci: osa: Bump SHA to fix resolv.conf file creation and git-clone issuesMarkos Chandras1-2/+2
Container images have recently changed and this breaks lxc_hosts during cache preparation as shown below: May 04 07:59:47 fatal: [controller00]: FAILED! => {"ansible_job_id": "362521755821.32697", "attempts": 1, "changed": true, "cmd": "chroot /var/lib/machines/ubuntu-xenial-amd64 /usr/local/bin/cache-prep-commands.sh > /var/log/lxc-cache-prep-commands.log 2>&1", "delta": "0:00:00.018827", "end": "2018-05-04 07:59:45.614668", "finished": 1, "msg": "non-zero return code", "rc": 1, "start": "2018-05-04 07:59:45.595841", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []} As such, we need to bump the SHA from the Queens branch to include the fix in XCI. We also need to bump SHA for repo_build role in order to bring in some upstream fixes when cloning git repositories. Change-Id: I9f04313f7eb1606e5e71ab8ecee7148d1c5b75ad Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-30xci: Remove intermediate scenarios tasks fileMarkos Chandras2-2/+20
Now that the scenario role is recorded as a local fact, we can include the role directly directly so we don't need the the intermediate file anymore. deploy-scenario:os-nosdn-nofeature installer-type:osa Change-Id: Ia3c5658826f115538b2a103d987ee8f33d3048b9 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-27xci: Add XCI OSA variables fileMarkos Chandras2-0/+18
We can use an XCI specific YAML file to add OSA options which are common across flavors. Right now, it only overrides the default openSUSE mirror to use a more stable one. Change-Id: Iae7d542787ead33be1e64cdeda60761aa401cfde Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-17Merge "xci: osa: Fix OpenStack-Ansible bootstrap"Fatih Degirmenci1-0/+1
2018-04-17xci: osa: Fix OpenStack-Ansible bootstrapMarkos Chandras1-0/+1
Commit 269b5fc033b1ee8d14d9d4694f4f0d3765866c0a ("xci: installer: osa: Fix status report when bootstrapping OSA") removed the 'chdir' parameter by accident and this broke the OpenStack-Ansible bootstrapping. This patch brings the missing parameter back. Change-Id: I0ecfa0eb4c91a9f1dfa2d86a8a50bacdbd224533 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-17Merge "xci: kubespray: Fix inventory when configuring keys on targethosts"Markos Chandras3-17/+10
2018-04-17Merge "xci: Add k8-nosdn-nofeature role"Markos Chandras4-297/+55
2018-04-16xci: kubespray: Fix inventory when configuring keys on targethostsMarkos Chandras3-17/+10
The SSH keys for the OPNFV host have been configured in the configure-opnfvhost.yml playbook so we shouldn't do that in a playbook that is only meant to configure the target hosts. As such, fix the group to use 'k8s-cluster' instead. Since the targethosts playbook does not apply to all hosts anymore, we can simply drop the list of required packages and only install 'netaddr' on the OPNFV host which is the host that needs it. Similarly, the dbus package is only needed on the targethosts. Change-Id: I293ad83a3a95797d9025f2cddd7849be7b3a49da Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-16xci: Add k8-nosdn-nofeature rolewutianwei4-297/+55
Move default k8s-cluster.yml from kubespray/files/ to role/k8-nosdn-nofeature/files/k8s-cluster.yml since it's scenario specific. Moreover, we set 'cloud' as kube_network_plugin, which would use kubnet as network plugin. The kubenet network plugin requires routing between to be setup by the administrator so we need to add static routes on every host since they are connected using a bridge instead of a router. installer-type:kubespray deploy-scenario:k8-nosdn-nofeature Change-Id: I6ab7288c966d7f17e9d61279056f7673be37bebe Signed-off-by: wutianwei <wutianwei1@huawei.com> Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-13xci: installer: osa: Fix status report when bootstrapping OSAMarkos Chandras1-3/+0
Fixes the following ansible-lint warning [WARNING]: While constructing a mapping from /home/devuser/releng- xci/xci/installer/osa/playbooks/configure-opnfvhost.yml, line 113, column 7, found a duplicate dict key (args). Using last defined value only. We also remove the changed_when value since we now use 'args' to get proper status report. Change-Id: I382e3183b66e590462fbcb8663d53cade0e5d92c Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-13xci: kubespray: Bump SHA to include openSUSE supportMarkos Chandras1-7/+0
The upstream PR to include openSUSE support has been merged so we need to bump the SHA to make it available in XCI. Change-Id: Ida5bd05ce8b0c883b6d7582a495ca934ecc4b1f1 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-12Create the k8-canal-nofeature scenariowutianwei1-0/+1
add the k8-nosdn-noeature and k8-canal-nofeature roles under scenarios directory run different roles to configure the k8s-cluster according to the deploy scenario installer-type:kubespray deploy-scenario:k8-canal-nofeature Change-Id: Ia96b01f79fb058e045c5b7d9d9aecb7f15a21e63 Signed-off-by: wutianwei <wutianwei1@huawei.com>
2018-04-12Update prepare-functest role for k8s and fix fetching xci.envFatih Degirmenci1-0/+5
This change updates prepare-functest role for testing k8s scenarios using functest healthcheck. The changes include - update tasks to skip checking/creation of public gateway which is needed for OpenStack based scenarios - update run-functest.sh.j2 template and set the used docker image name based on FUNCTEST_SUITE_NAME that is going to be used - update run-functest.sh.j2 template and add commands needed to run tests using functest-kubernetes-${FUNCTEST_SUITE_NAME} docker image - update env.j2 to exclude setting the var EXTERNAL_NETWORK which is needed for OpenStack based scenarios Apart from updating the the prepare-functest role, a bug has also been fixed by adding the fetching of xci.env for installer kubespray. installer-type:kubespray deploy-scenario:k8-nosdn-nofeature Change-Id: Ia701db9748ea9509a2dc165341285fb189aa7266 Signed-off-by: Fatih Degirmenci <fdegir@gmail.com>
2018-04-10shabump: Bump SHA to make sfc scenario workManuel Buil1-1/+1
sfc scenario fails when running the functest snaps-healthcheck. The reason is a race condition found in ODL Nitrogen. This race condition is gone in ODL Oxygen. We need latest ODL role to include the ODL Oxygen version Depends-On: I59802f467a77ae755886e4cc389c2406e9d17d4c deploy-scenario:os-odl-sfc installer-type:osa Change-Id: I6d575370834eabb1b6a0532f74e1b2fc733e500c Signed-off-by: Manuel Buil <mbuil@suse.com>
2018-04-10Merge "xci: kubespray: Generate and use SSL certificate for HAProxy"Manuel Buil2-0/+5
2018-04-10Merge "xci: osa: Move SSL certification tasks to a new file"Manuel Buil1-19/+4
2018-04-10Merge "xci: kubespray: Use the common tasks to manage the SSH keys"Manuel Buil2-25/+4
2018-04-10xci: osa: Fix conditional for copying OSA files to OPNFV hostMarkos Chandras1-3/+3
The conditional was wrong since it was being treated as a string instead of actually evaluating it as a boolean value. Change-Id: I59802f467a77ae755886e4cc389c2406e9d17d4c Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-06xci: kubespray: Generate and use SSL certificate for HAProxyMarkos Chandras2-0/+5
In the OpenStack-Ansible installers we are using the XCI ssl certificates for the endpoints but in kubespray we are generating them on the fly. In order to keep both setups as close as possible, we can use the XCI certificates in kubespray as well. Change-Id: I1ca55127fe747618205394c02b3d44bb573435f4 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-06xci: osa: Move SSL certification tasks to a new fileMarkos Chandras1-19/+4
The tasks for creating and managing the XCI SSL certificates can be shared between installers so move them to a common file. Change-Id: I9df82517e737681420429a992aa8d68e78528fd4 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-06xci: kubespray: Use the common tasks to manage the SSH keysMarkos Chandras2-25/+4
Drop the kubespray specific tasks for managing the SSH keys in favor of the common ones. Change-Id: Ib8e18fcc14c4c0126cae72740dbb33921a21af6b Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-06Merge "xci: kubespray: Fix failures to due task checks"Markos Chandras2-5/+6
2018-04-06Merge "xci: osa: Fix task status when bootstrapping OpenStack-Ansible"Markos Chandras1-0/+4
2018-04-04xci: kubespray: Fix failures to due task checksMarkos Chandras2-5/+6
(this commit fixes many things because they all need to be submitted together to unblock the jobs) Commit 9e1d3d6e62abf5d0da26a296bcd235f37a54d9c6 ("xci: playbooks: Fixes various ansible-lint warnings") broke public key authentication from localhost to the OPNFV host because the localhost pubkey was not appended in the authorized_keys file. The reason for that was that the task was skipped due to the 'creates' parameter. This is now fixed, by dropping the check since we always need to append the localhost pubkey. This is only a temporary solution until we modify kubespray to use the common file for managing the SSH keys. This also makes the final 'kubectl' move to /usr/local/bin non-fatal since future kubespray releases put it there already. The same commit also broke the k8s-cluster.yml overrides. This is because the file was never copied across due to the task conditional being wrong. As such, we fix the conditional to check for the correct file. Change-Id: I9cfb29eba50c7fea9df29581ebb015163b8a9754 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-04xci: osa: Fix task status when bootstrapping OpenStack-AnsibleMarkos Chandras1-0/+4
The bootstrap script from the OpenStack-Ansible repository creates several things in /opt/ansible-runtime and /usr/local/bin so we can check if the final 'openstack-ansible' symlink exists in order to report a proper status for that task and even skip if everything is prepared already. Change-Id: I4ca3a733746f8d757aa1156b533e4b4de90188e6 Signed-off-by: Markos Chandras <mchandras@suse.de>
2018-04-04xci: osa: Use Ansible modules to create ssl certificatesMarkos Chandras1-24/+21
Ansible already provides modules to create ssl certificates so we can use these instead of running the openssl commands directly. Moreover, we can drop all the tasks which create the ssl directories since there are being created by the openssl package which also creates the appropriate symlinks. Finally, there is no need to generate the certificate on localhost if only the OPNFV host consumes it, so move these steps to the appropriate playbook. Change-Id: I0045945c502013be3d76440876e894a44a092690 Signed-off-by: Markos Chandras <mchandras@suse.de>