summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--jjb/compass4nfv/compass-ci-jobs.yml2
-rw-r--r--jjb/compass4nfv/compass-dovetail-jobs.yml2
-rw-r--r--jjb/compass4nfv/compass-verify-jobs.yml6
-rw-r--r--jjb/fuel/fuel-daily-jobs.yml4
-rwxr-xr-xjjb/fuel/fuel-deploy.sh12
-rwxr-xr-xjjb/fuel/fuel-download-artifact.sh3
-rw-r--r--jjb/global/installer-params.yml4
-rw-r--r--prototypes/xci/file/ansible-role-requirements.yml4
-rwxr-xr-xutils/fetch_os_creds.sh70
9 files changed, 67 insertions, 40 deletions
diff --git a/jjb/compass4nfv/compass-ci-jobs.yml b/jjb/compass4nfv/compass-ci-jobs.yml
index 3ba69fab7..0c9f64d9a 100644
--- a/jjb/compass4nfv/compass-ci-jobs.yml
+++ b/jjb/compass4nfv/compass-ci-jobs.yml
@@ -205,7 +205,7 @@
- build-name:
name: '$BUILD_NUMBER - Scenario: $DEPLOY_SCENARIO'
- timeout:
- timeout: 120
+ timeout: 150
abort: true
- fix-workspace-permissions
diff --git a/jjb/compass4nfv/compass-dovetail-jobs.yml b/jjb/compass4nfv/compass-dovetail-jobs.yml
index 966dae50a..b46c73221 100644
--- a/jjb/compass4nfv/compass-dovetail-jobs.yml
+++ b/jjb/compass4nfv/compass-dovetail-jobs.yml
@@ -136,7 +136,7 @@
- build-name:
name: '$BUILD_NUMBER - Scenario: $DEPLOY_SCENARIO'
- timeout:
- timeout: 120
+ timeout: 150
abort: true
- fix-workspace-permissions
diff --git a/jjb/compass4nfv/compass-verify-jobs.yml b/jjb/compass4nfv/compass-verify-jobs.yml
index 4b05e2203..258315844 100644
--- a/jjb/compass4nfv/compass-verify-jobs.yml
+++ b/jjb/compass4nfv/compass-verify-jobs.yml
@@ -74,7 +74,7 @@
wrappers:
- ssh-agent-wrapper
- timeout:
- timeout: 120
+ timeout: 150
fail: true
- fix-workspace-permissions
@@ -197,7 +197,7 @@
wrappers:
- ssh-agent-wrapper
- timeout:
- timeout: 120
+ timeout: 150
fail: true
- fix-workspace-permissions
@@ -297,7 +297,7 @@
wrappers:
- ssh-agent-wrapper
- timeout:
- timeout: 120
+ timeout: 150
fail: true
- fix-workspace-permissions
diff --git a/jjb/fuel/fuel-daily-jobs.yml b/jjb/fuel/fuel-daily-jobs.yml
index dd0590c72..68677089d 100644
--- a/jjb/fuel/fuel-daily-jobs.yml
+++ b/jjb/fuel/fuel-daily-jobs.yml
@@ -293,6 +293,10 @@
name: GS_URL
default: artifacts.opnfv.org/$PROJECT{gs-pathname}
description: "URL to Google Storage."
+ - string:
+ name: SSH_KEY
+ default: "/tmp/mcp.rsa"
+ description: "Path to private SSH key to access environment nodes. For MCP deployments only."
########################
# trigger macros
########################
diff --git a/jjb/fuel/fuel-deploy.sh b/jjb/fuel/fuel-deploy.sh
index 4d48ee587..2fb5c71e4 100755
--- a/jjb/fuel/fuel-deploy.sh
+++ b/jjb/fuel/fuel-deploy.sh
@@ -12,11 +12,13 @@ set -o pipefail
export TERM="vt220"
-# source the file so we get OPNFV vars
-source latest.properties
+if [[ "$BRANCH" != 'master' ]]; then
+ # source the file so we get OPNFV vars
+ source latest.properties
-# echo the info about artifact that is used during the deployment
-echo "Using ${OPNFV_ARTIFACT_URL/*\/} for deployment"
+ # echo the info about artifact that is used during the deployment
+ echo "Using ${OPNFV_ARTIFACT_URL/*\/} for deployment"
+fi
if [[ "$JOB_NAME" =~ "merge" ]]; then
# set simplest scenario for virtual deploys to run for merges
@@ -75,7 +77,7 @@ echo "--------------------------------------------------------"
echo "Scenario: $DEPLOY_SCENARIO"
echo "Lab: $LAB_NAME"
echo "POD: $POD_NAME"
-echo "ISO: ${OPNFV_ARTIFACT_URL/*\/}"
+[[ "$BRANCH" != 'master' ]] && echo "ISO: ${OPNFV_ARTIFACT_URL/*\/}"
echo
echo "Starting the deployment using $INSTALLER_TYPE. This could take some time..."
echo "--------------------------------------------------------"
diff --git a/jjb/fuel/fuel-download-artifact.sh b/jjb/fuel/fuel-download-artifact.sh
index 8cc552e8d..c3b8253de 100755
--- a/jjb/fuel/fuel-download-artifact.sh
+++ b/jjb/fuel/fuel-download-artifact.sh
@@ -10,6 +10,9 @@
set -o errexit
set -o pipefail
+# disable Fuel ISO download for master branch
+[[ "$BRANCH" == 'master' ]] && exit 0
+
# use proxy url to replace the nomral URL, for googleusercontent.com will be blocked randomly
[[ "$NODE_NAME" =~ (zte) ]] && GS_URL=${GS_BASE_PROXY%%/*}/$GS_URL
diff --git a/jjb/global/installer-params.yml b/jjb/global/installer-params.yml
index 40fc42c76..e9f48aea1 100644
--- a/jjb/global/installer-params.yml
+++ b/jjb/global/installer-params.yml
@@ -38,6 +38,10 @@
default: '10.20.0.2'
description: 'IP of the installer'
- string:
+ name: SALT_MASTER_IP
+ default: '192.168.10.100'
+ description: 'IP of the salt master (for mcp deployments)'
+ - string:
name: INSTALLER_TYPE
default: fuel
description: 'Installer used for deploying OPNFV on this POD'
diff --git a/prototypes/xci/file/ansible-role-requirements.yml b/prototypes/xci/file/ansible-role-requirements.yml
index 842bcc44c..5a96e2a82 100644
--- a/prototypes/xci/file/ansible-role-requirements.yml
+++ b/prototypes/xci/file/ansible-role-requirements.yml
@@ -9,6 +9,10 @@
##############################################################################
# these versions are extracted based on the osa commit d9e1330c7ff9d72a604b6b4f3af765f66a01b30e on 04.04.2017
# https://review.openstack.org/gitweb?p=openstack/openstack-ansible.git;a=commit;h=d9e1330c7ff9d72a604b6b4f3af765f66a01b30e
+- name: ansible-hardening
+ scm: git
+ src: https://git.openstack.org/openstack/ansible-hardening
+ version: 051fe3195f59d1ee8db06fca5d2cce7a25e58861
- name: apt_package_pinning
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning
diff --git a/utils/fetch_os_creds.sh b/utils/fetch_os_creds.sh
index 458bbda3b..993c0b948 100755
--- a/utils/fetch_os_creds.sh
+++ b/utils/fetch_os_creds.sh
@@ -12,8 +12,9 @@ set -o nounset
set -o pipefail
usage() {
- echo "usage: $0 [-v] -d <destination> -i <installer_type> -a <installer_ip>" >&2
+ echo "usage: $0 [-v] -d <destination> -i <installer_type> -a <installer_ip> [-s <ssh_key>]" >&2
echo "[-v] Virtualized deployment" >&2
+ echo "[-s <ssh_key>] Path to ssh key. For MCP deployments only" >&2
}
info () {
@@ -53,11 +54,12 @@ swap_to_public() {
: ${DEPLOY_TYPE:=''}
#Get options
-while getopts ":d:i:a:h:v" optchar; do
+while getopts ":d:i:a:h:s:v" optchar; do
case "${optchar}" in
d) dest_path=${OPTARG} ;;
i) installer_type=${OPTARG} ;;
a) installer_ip=${OPTARG} ;;
+ s) ssh_key=${OPTARG} ;;
v) DEPLOY_TYPE="virt" ;;
*) echo "Non-option argument: '-${OPTARG}'" >&2
usage
@@ -70,6 +72,9 @@ done
dest_path=${dest_path:-$HOME/opnfv-openrc.sh}
installer_type=${installer_type:-$INSTALLER_TYPE}
installer_ip=${installer_ip:-$INSTALLER_IP}
+if [ "${installer_type}" == "fuel" ] && [ "${BRANCH}" == "master" ]; then
+ installer_ip=${SALT_MASTER_IP}
+fi
if [ -z $dest_path ] || [ -z $installer_type ] || [ -z $installer_ip ]; then
usage
@@ -89,40 +94,45 @@ ssh_options="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
# Start fetching the files
if [ "$installer_type" == "fuel" ]; then
- #ip_fuel="10.20.0.2"
verify_connectivity $installer_ip
+ if [ "${BRANCH}" == "master" ]; then
+ ssh_key=${ssh_key:-$SSH_KEY}
+ if [ -z $ssh_key ] || [ ! -f $ssh_key ]; then
+ error "Please provide path to existing ssh key for mcp deployment."
+ exit 2
+ fi
+ ssh_options+=" -i ${ssh_key}"
- env=$(sshpass -p r00tme ssh 2>/dev/null $ssh_options root@${installer_ip} \
- 'fuel env'|grep operational|head -1|awk '{print $1}') &> /dev/null
- if [ -z $env ]; then
- error "No operational environment detected in Fuel"
- fi
- env_id="${FUEL_ENV:-$env}"
-
- # Check if controller is alive (online='True')
- controller_ip=$(sshpass -p r00tme ssh 2>/dev/null $ssh_options root@${installer_ip} \
- "fuel node --env ${env_id} | grep controller | grep 'True\| 1' | awk -F\| '{print \$5}' | head -1" | \
- sed 's/ //g') &> /dev/null
+ # retrieving controller vip
+ controller_ip=$(ssh 2>/dev/null ${ssh_options} ubuntu@${installer_ip} \
+ "sudo salt --out txt 'ctl01*' pillar.get _param:openstack_control_address | awk '{print \$2}'" | \
+ sed 's/ //g') &> /dev/null
- if [ -z $controller_ip ]; then
- error "The controller $controller_ip is not up. Please check that the POD is correctly deployed."
- fi
+ info "Fetching rc file from controller $controller_ip..."
+ ssh ${ssh_options} ubuntu@${controller_ip} "sudo cat /root/keystonercv3" > $dest_path
+ else
+ #ip_fuel="10.20.0.2"
+ env=$(sshpass -p r00tme ssh 2>/dev/null ${ssh_options} root@${installer_ip} \
+ 'fuel env'|grep operational|head -1|awk '{print $1}') &> /dev/null
+ if [ -z $env ]; then
+ error "No operational environment detected in Fuel"
+ fi
+ env_id="${FUEL_ENV:-$env}"
- info "Fetching rc file from controller $controller_ip..."
- sshpass -p r00tme ssh 2>/dev/null $ssh_options root@${installer_ip} \
- "scp $ssh_options ${controller_ip}:/root/openrc ." &> /dev/null
- sshpass -p r00tme scp 2>/dev/null $ssh_options root@${installer_ip}:~/openrc $dest_path &> /dev/null
+ # Check if controller is alive (online='True')
+ controller_ip=$(sshpass -p r00tme ssh 2>/dev/null ${ssh_options} root@${installer_ip} \
+ "fuel node --env ${env_id} | grep controller | grep 'True\| 1' | awk -F\| '{print \$5}' | head -1" | \
+ sed 's/ //g') &> /dev/null
- #This file contains the mgmt keystone API, we need the public one for our rc file
- admin_ip=$(cat $dest_path | grep "OS_AUTH_URL" | sed 's/^.*\=//' | sed "s/^\([\"']\)\(.*\)\1\$/\2/g" | sed s'/\/$//')
- public_ip=$(sshpass -p r00tme ssh $ssh_options root@${installer_ip} \
- "ssh ${controller_ip} 'source openrc; openstack endpoint list'" \
- | grep keystone | grep public | sed 's/ /\n/g' | grep ^http | head -1) &> /dev/null
- #| grep http | head -1 | cut -d '|' -f 4 | sed 's/v1\/.*/v1\//' | sed 's/ //g') &> /dev/null
- #NOTE: this is super ugly sed 's/v1\/.*/v1\//'OS_AUTH_URL
- # but sometimes the output of endpoint-list is like this: http://172.30.9.70:8004/v1/%(tenant_id)s
- # Fuel virtual need a fix
+ if [ -z $controller_ip ]; then
+ error "The controller $controller_ip is not up. Please check that the POD is correctly deployed."
+ fi
+ info "Fetching rc file from controller $controller_ip..."
+ sshpass -p r00tme ssh 2>/dev/null ${ssh_options} root@${installer_ip} \
+ "scp ${ssh_options} ${controller_ip}:/root/openrc ." &> /dev/null
+ sshpass -p r00tme scp 2>/dev/null ${ssh_options} root@${installer_ip}:~/openrc $dest_path &> /dev/null
+ fi
#convert to v3 URL
auth_url=$(cat $dest_path|grep AUTH_URL)
if [[ -z `echo $auth_url |grep v3` ]]; then