diff options
30 files changed, 908 insertions, 18 deletions
diff --git a/ansible/deploy_kube.yml b/ansible/deploy_kube.yml new file mode 100644 index 000000000..b71e7dc7c --- /dev/null +++ b/ansible/deploy_kube.yml @@ -0,0 +1,28 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- hosts: master + become: yes + environment: "{{ proxy_env }}" + roles: + - set_package_installer_proxy + - install_dependencies_kubernetes + - docker + - install_go + - install_kube + - build_cni + - role: download_dpdk + dpdk_version: "17.02.1" + - install_dpdk + - init_kubeadm diff --git a/ansible/group_vars/master.yml b/ansible/group_vars/master.yml new file mode 100644 index 000000000..f5f703a2f --- /dev/null +++ b/ansible/group_vars/master.yml @@ -0,0 +1,39 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +cni_info: + multus-cni: + repo_url: https://github.com/Intel-Corp/multus-cni + repo_ver: v1.2 + build_script: build + sriov-cni: + repo_url: https://github.com/Intel-Corp/sriov-cni + repo_ver: v0.4.0 + build_script: build + containernetworking-cni: + repo_url: https://github.com/containernetworking/cni + repo_ver: v0.6.0 + build_script: build.sh + containernetworking-plugins: + repo_url: https://github.com/containernetworking/plugins + repo_ver: v0.7.1 + build_script: build.sh +kubeadm_kubernetes_version: 1.9.3 +# Default CIDR defined in kube-flannel.yml +kubeadm_pod_network_cidr: 10.244.0.0/16 +kubelet_cluster_dns_ip: 172.20.0.10 +docker_daemon_config: + bip: 172.10.1.1/16 + fixed-cidr: 172.10.0.0/24 + mtu: 1500 diff --git a/ansible/kube-inventory.ini b/ansible/kube-inventory.ini new file mode 100644 index 000000000..ff11b391d --- /dev/null +++ b/ansible/kube-inventory.ini @@ -0,0 +1,6 @@ +[master] +kube-master ansible_host=192.168.1.155 + +[master:vars] +ansible_user=ubuntu +ansible_ssh_private_key_file=ubuntu.key diff --git a/ansible/roles/build_cni/defaults/main.yml b/ansible/roles/build_cni/defaults/main.yml new file mode 100644 index 000000000..18aa418f4 --- /dev/null +++ b/ansible/roles/build_cni/defaults/main.yml @@ -0,0 +1,16 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +cni_src_dir: /opt/cni/src +cni_bin_dir: /opt/cni/bin diff --git a/ansible/roles/build_cni/tasks/main.yml b/ansible/roles/build_cni/tasks/main.yml new file mode 100644 index 000000000..ee66686f8 --- /dev/null +++ b/ansible/roles/build_cni/tasks/main.yml @@ -0,0 +1,49 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Get CNI driver sources + git: + repo: "{{ item.value.repo_url }}" + dest: "{{ cni_src_dir }}/{{ item.key }}" + version: "{{ item.value.repo_ver }}" + with_dict: "{{ cni_info }}" + +- name: Compile CNI drivers + command: "{{ cni_src_dir }}/{{ item.key }}/{{ item.value.build_script }}" + environment: "{{ go_env }}" + args: + chdir: "{{ cni_src_dir }}/{{ item.key }}" + with_dict: "{{ cni_info }}" + +- name: Get list of compiled CNI binaries + shell: ls -1 {{ item.key }}/bin/* + register: ls_cni_binaries_result + args: + chdir: "{{ cni_src_dir }}" + with_dict: "{{ cni_info }}" + +- set_fact: + cni_binary_list: "{{ cni_binary_list|default([]) + item.stdout_lines }}" + with_items: "{{ ls_cni_binaries_result.results }}" + +- name: Create CNI binaries dir + file: path={{ cni_bin_dir }} state=directory + +- name: Copy CNI binaries into kublet bin dir + copy: + src: "{{ cni_src_dir }}/{{ item }}" + dest: "{{ cni_bin_dir }}/" + remote_src: yes + mode: 0755 + with_items: "{{ cni_binary_list }}" diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index bbec371a8..18e441462 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2017 Intel Corporation. +# Copyright (c) 2017-2019 Intel Corporation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,6 +18,10 @@ - name: create docker service config dir file: path=/etc/systemd/system/docker.service.d state=directory + - name: docker configuration + template: src=daemon.json.j2 dest=/etc/docker/daemon.json owner=root mode=0644 + when: 'docker_daemon_config is defined' + - name: create docker proxy config template: src=http-proxy-conf.j2 dest=/etc/systemd/system/docker.service.d/http-proxy.conf owner=root mode=0644 when: 'proxy_env is defined and "http_proxy" in proxy_env or "https_proxy" in proxy_env' diff --git a/ansible/roles/docker/templates/daemon.json.j2 b/ansible/roles/docker/templates/daemon.json.j2 new file mode 100644 index 000000000..57bdc9f63 --- /dev/null +++ b/ansible/roles/docker/templates/daemon.json.j2 @@ -0,0 +1 @@ +{{ docker_daemon_config | to_nice_json }} diff --git a/ansible/roles/init_kubeadm/defaults/main.yml b/ansible/roles/init_kubeadm/defaults/main.yml new file mode 100644 index 000000000..3d868398d --- /dev/null +++ b/ansible/roles/init_kubeadm/defaults/main.yml @@ -0,0 +1,27 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +cmk_rbc_rules_url: https://raw.githubusercontent.com/intel/CPU-Manager-for-Kubernetes/master/resources/authorization/cmk-rbac-rules.yaml +cmk_serviceaccount: https://raw.githubusercontent.com/intel/CPU-Manager-for-Kubernetes/master/resources/authorization/cmk-serviceaccount.yaml +dpdk_devbind_path: "{{ INSTALL_BIN_PATH|default('/opt') }}" +multus_config: + name: node-cni-network + type: multus + kubeconfig: /etc/kubernetes/kubelet.conf + delegates: + - type: flannel + delegate: + isDefaultGateway: true + hairpinMode: true + masterplugin: true diff --git a/ansible/roles/init_kubeadm/tasks/kubeadm.yml b/ansible/roles/init_kubeadm/tasks/kubeadm.yml new file mode 100644 index 000000000..7c808a01c --- /dev/null +++ b/ansible/roles/init_kubeadm/tasks/kubeadm.yml @@ -0,0 +1,50 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- set_fact: + service_cidr_param: --service-cidr={{ kubeadm_service_cidr }} + when: 'kubeadm_service_cidr is defined' + +- set_fact: + pod_network_cidr_param: --pod-network-cidr={{ kubeadm_pod_network_cidr }} + when: 'kubeadm_pod_network_cidr is defined' + +- set_fact: + kubernetes_version: --kubernetes-version {{ kubeadm_kubernetes_version }} + when: 'kubeadm_kubernetes_version is defined' + +- name: Initialize Kubernetes cluster + command: > + kubeadm init {{ pod_network_cidr_param|default('') }} + {{ service_cidr_param|default('') }} {{ kubernetes_version|default('') }} + --ignore-preflight-errors=all + +- name: Create Kubernetes configuration dir + file: path={{ ansible_env.HOME }}/.kube state=directory + +- name: Setup Kubernetes environment + copy: + src: /etc/kubernetes/admin.conf + dest: "{{ ansible_env.HOME }}/.kube/config" + remote_src: yes + +- name: Allow to schedule pods on the master + command: kubectl taint nodes --all node-role.kubernetes.io/master- + +- name: Wait for kube-dns pod to be in running state + command: kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o json + register: result + until: result.stdout|from_json|json_query('items[].status.phase|[0]') == "Running" + retries: 30 + delay: 2 diff --git a/ansible/roles/init_kubeadm/tasks/kubectl.yml b/ansible/roles/init_kubeadm/tasks/kubectl.yml new file mode 100644 index 000000000..dd8ad2f65 --- /dev/null +++ b/ansible/roles/init_kubeadm/tasks/kubectl.yml @@ -0,0 +1,26 @@ +# Copyright (c) 2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Generate temporary resource file + tempfile: state=file prefix=kubectl.{{ item }}. + register: config_file + +- name: Generate {{ item }} resource file + template: src={{ item }}.j2 dest={{ config_file.path }} + +- name: Create {{ item }} resource + command: kubectl create -f {{ config_file.path }} + +- name: Create Kubernetes configuration dir + file: path={{ config_file.path }} state=absent diff --git a/ansible/roles/init_kubeadm/tasks/main.yml b/ansible/roles/init_kubeadm/tasks/main.yml new file mode 100644 index 000000000..df7334ce1 --- /dev/null +++ b/ansible/roles/init_kubeadm/tasks/main.yml @@ -0,0 +1,70 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Disable swap + command: swapoff -a + ignore_errors: true + +- name: Reset Kubernetes cluster + command: kubeadm reset + +- name: Clean Kubernetes directories (w/o removing the folder itself) + shell: rm -fr {{ item }}/* + with_items: + - /etc/kubernetes + - /var/lib/cni + - /etc/cmk + +- name: Create Multus CNI plugin dir + file: path=/etc/cni/net.d state=directory + +- name: Configure Multus CNI plugin + template: src=10-multus-cni.conf.j2 dest=/etc/cni/net.d/10-multus-cni.conf owner=root mode=0644 + +- name: Change default kubelet cluster dns IP + lineinfile: + path: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf + regexp: '^(.*)--cluster-dns=([0-9\.]*)( +.*)$' + line: '\1--cluster-dns={{ kubelet_cluster_dns_ip }}\3' + backrefs: yes + backup: yes + +- name: Systemd daemon reload + command: systemctl daemon-reload + +- name: Restart kubelet + service: name=kubelet state=restarted + +- name: Initialize kubeadm + include: kubeadm.yml + +- name: Create CMK Kubernetes resources + command: kubectl create -f {{ item }} + with_items: + - "{{ cmk_rbc_rules_url }}" + - "{{ cmk_serviceaccount }}" + +- name: Create Kubernetes resources + include: kubectl.yml + with_items: + - crd-network.yaml + - net-flannel.yaml + - roles.yaml + - kube-flannel.yaml + - cmk-init-pod.yaml + +- name: Create a ClusterRoleBinding for a particular ClusterRole + command: > + kubectl create clusterrolebinding multus-node-{{ ansible_hostname }} + --clusterrole=multus-crd-overpowered --user=system:node:{{ ansible_hostname }} diff --git a/ansible/roles/init_kubeadm/templates/10-multus-cni.conf.j2 b/ansible/roles/init_kubeadm/templates/10-multus-cni.conf.j2 new file mode 100644 index 000000000..a68afaf26 --- /dev/null +++ b/ansible/roles/init_kubeadm/templates/10-multus-cni.conf.j2 @@ -0,0 +1 @@ +{{ multus_config | to_nice_json }} diff --git a/ansible/roles/init_kubeadm/templates/cmk-init-pod.yaml.j2 b/ansible/roles/init_kubeadm/templates/cmk-init-pod.yaml.j2 new file mode 100644 index 000000000..44c22581f --- /dev/null +++ b/ansible/roles/init_kubeadm/templates/cmk-init-pod.yaml.j2 @@ -0,0 +1,32 @@ +# Copyright (c) 2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: v1 +kind: Pod +metadata: + labels: + app: cmk-cluster-init-pod + name: cmk-cluster-init-pod +spec: + serviceAccountName: cmk-serviceaccount + containers: + - args: + # Change this value to pass different options to cluster-init. + - "/cmk/cmk.py cluster-init --host-list={{ ansible_hostname }} --saname=cmk-serviceaccount --cmk-img=si-docker.ir.intel.com/vcmts-ubuntu/cmk --num-dp-cores=4 --dp-mode=spread --num-cp-cores=1 --cp-mode=spread" + command: + - "/bin/bash" + - "-c" + image: si-docker.ir.intel.com/vcmts-ubuntu/cmk + name: cmk-cluster-init-pod + restartPolicy: Never diff --git a/ansible/roles/init_kubeadm/templates/crd-network.yaml.j2 b/ansible/roles/init_kubeadm/templates/crd-network.yaml.j2 new file mode 100644 index 000000000..0e451c51a --- /dev/null +++ b/ansible/roles/init_kubeadm/templates/crd-network.yaml.j2 @@ -0,0 +1,26 @@ +# Copyright (c) 2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: "apiextensions.k8s.io/v1beta1" +kind: CustomResourceDefinition +metadata: + name: networks.kubernetes.com +spec: + group: kubernetes.com + version: v1 + scope: Namespaced + names: + plural: networks + singular: network + kind: Network diff --git a/ansible/roles/init_kubeadm/templates/kube-flannel.yaml.j2 b/ansible/roles/init_kubeadm/templates/kube-flannel.yaml.j2 new file mode 100644 index 000000000..ddb849616 --- /dev/null +++ b/ansible/roles/init_kubeadm/templates/kube-flannel.yaml.j2 @@ -0,0 +1,158 @@ +# Copyright (c) 2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: flannel +rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: flannel +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: flannel +subjects: +- kind: ServiceAccount + name: flannel + namespace: kube-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: flannel + namespace: kube-system +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: kube-flannel-cfg + namespace: kube-system + labels: + tier: node + app: flannel +data: + cni-conf.json: | + { + "name": "cbr0", + "plugins": [ + { + "type": "flannel", + "delegate": { + "hairpinMode": true, + "isDefaultGateway": true + } + }, + { + "type": "portmap", + "capabilities": { + "portMappings": true + } + } + ] + } + net-conf.json: | + { + "Network": "{{ kubeadm_pod_network_cidr }}", + "Backend": { + "Type": "vxlan" + } + } +--- +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: kube-flannel-ds + namespace: kube-system + labels: + tier: node + app: flannel +spec: + template: + metadata: + labels: + tier: node + app: flannel + spec: + hostNetwork: true + nodeSelector: + beta.kubernetes.io/arch: amd64 + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + serviceAccountName: flannel + containers: + - name: kube-flannel + image: quay.io/coreos/flannel:v0.10.0-amd64 + command: + - /opt/bin/flanneld + args: + - --ip-masq + - --kube-subnet-mgr + resources: + requests: + cpu: "100m" + memory: "50Mi" + limits: + cpu: "100m" + memory: "50Mi" + securityContext: + privileged: true + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: run + mountPath: /run + - name: flannel-cfg + mountPath: /etc/kube-flannel/ + volumes: + - name: run + hostPath: + path: /run + - name: cni + hostPath: + path: /etc/cni/net.d + - name: flannel-cfg + configMap: + name: kube-flannel-cfg diff --git a/ansible/roles/init_kubeadm/templates/net-flannel.yaml.j2 b/ansible/roles/init_kubeadm/templates/net-flannel.yaml.j2 new file mode 100644 index 000000000..db25c6a89 --- /dev/null +++ b/ansible/roles/init_kubeadm/templates/net-flannel.yaml.j2 @@ -0,0 +1,24 @@ +# Copyright (c) 2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: "kubernetes.com/v1" +kind: Network +metadata: + name: flannel +plugin: flannel +args: '[{ + "delegate": { + "isDefaultGateway": true + } + }]' diff --git a/ansible/roles/init_kubeadm/templates/roles.yaml.j2 b/ansible/roles/init_kubeadm/templates/roles.yaml.j2 new file mode 100644 index 000000000..b3509b048 --- /dev/null +++ b/ansible/roles/init_kubeadm/templates/roles.yaml.j2 @@ -0,0 +1,29 @@ +# Copyright (c) 2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: multus-crd-overpowered +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +- nonResourceURLs: + - '*' + verbs: + - '*' diff --git a/ansible/roles/install_dependencies_kubernetes/tasks/main.yml b/ansible/roles/install_dependencies_kubernetes/tasks/main.yml new file mode 100644 index 000000000..90098a48e --- /dev/null +++ b/ansible/roles/install_dependencies_kubernetes/tasks/main.yml @@ -0,0 +1,19 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Install https download transport for APT + apt: + name: apt-transport-https + state: latest + update_cache: yes diff --git a/ansible/roles/install_go/defaults/main.yml b/ansible/roles/install_go/defaults/main.yml new file mode 100644 index 000000000..dee4f82d2 --- /dev/null +++ b/ansible/roles/install_go/defaults/main.yml @@ -0,0 +1,18 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +golang_repo_key_server: keyserver.ubuntu.com +golang_repo_key_id: C73998DC9DFEA6DCF1241057308C15A29AD198E9 +golang_repo_url: deb http://ppa.launchpad.net/gophers/archive/ubuntu xenial main +golang_bin_dir: /usr/lib/go-1.10/bin diff --git a/ansible/roles/install_go/tasks/main.yml b/ansible/roles/install_go/tasks/main.yml new file mode 100644 index 000000000..5489fadae --- /dev/null +++ b/ansible/roles/install_go/tasks/main.yml @@ -0,0 +1,40 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Add go language gophers repo key + # due to a proxy issue in the ansible apt_key module on Ubuntu 17.10, + # it doesn't work to add key via `id` and `keyserver` parametes. Similar + # issue is described here: https://github.com/debops/ansible-elastic_co/issues/2 + # apt_key: + # keyserver: "{{ golang_repo_key_server }}" + # id: "{{ golang_repo_key_id }}" + # As a workaround, we can use `apt-key` tool directly with proxy specified. + command: > + apt-key adv --keyserver {{ golang_repo_key_server }} --recv-keys + --keyserver-options http-proxy={{ proxy_env.http_proxy }} + {{ golang_repo_key_id }} + +- name: Add apt golang repository + apt_repository: + repo: "{{ golang_repo_url }}" + filename: golang-1.10-go + +- name: Install golang-1.10-go + apt: + name: golang-1.10-go + +- name: Setup Go environment variable + set_fact: + go_env: + PATH: "{{ golang_bin_dir }}:{{ ansible_env.PATH }}" diff --git a/ansible/roles/install_kube/defaults/main.yml b/ansible/roles/install_kube/defaults/main.yml new file mode 100644 index 000000000..1ae57469d --- /dev/null +++ b/ansible/roles/install_kube/defaults/main.yml @@ -0,0 +1,16 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +kubernetes_key_url: https://packages.cloud.google.com/apt/doc/apt-key.gpg +kubernetes_repo_url: deb http://apt.kubernetes.io/ kubernetes-xenial main diff --git a/ansible/roles/install_kube/tasks/main.yml b/ansible/roles/install_kube/tasks/main.yml new file mode 100644 index 000000000..ea4f0cdb5 --- /dev/null +++ b/ansible/roles/install_kube/tasks/main.yml @@ -0,0 +1,30 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Add kubernetes repo key + apt_key: + url: "{{ kubernetes_key_url }}" + +- name: Add apt kubernetes repository + apt_repository: + repo: "{{ kubernetes_repo_url }}" + filename: kubernetes + +- name: Install kubelet kubeadm kubectl kubernetes-cni + apt: + name: + - kubelet=1.9.3* + - kubeadm=1.9.3* + - kubectl=1.9.3* + force: yes diff --git a/ansible/roles/set_package_installer_proxy/templates/apt_conf.j2 b/ansible/roles/set_package_installer_proxy/templates/apt_conf.j2 index 5b57178a7..cba8eacd4 100644 --- a/ansible/roles/set_package_installer_proxy/templates/apt_conf.j2 +++ b/ansible/roles/set_package_installer_proxy/templates/apt_conf.j2 @@ -1,3 +1,6 @@ {% if "http_proxy" in proxy_env %} Acquire::http::Proxy "{{ proxy_env.http_proxy }}"; {% endif %} +{% if "https_proxy" in proxy_env %} +Acquire::https::Proxy "{{ proxy_env.https_proxy }}"; +{% endif %} diff --git a/docker/Dockerfile b/docker/Dockerfile index 29319e056..31f7d5dfc 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -38,7 +38,7 @@ RUN git clone --depth 1 -b $BRANCH https://gerrit.opnfv.org/gerrit/yardstick ${Y #RUN mkdir ${YARDSTICK_REPO_DIR} #COPY ./ ${YARDSTICK_REPO_DIR} RUN git clone --depth 1 https://gerrit.opnfv.org/gerrit/releng ${RELENG_REPO_DIR} -RUN git clone --depth 1 -b $BRANCH https://gerrit.opnfv.org/gerrit/storperf ${STORPERF_REPO_DIR} +RUN git clone --depth 1 -b stable/gambia https://gerrit.opnfv.org/gerrit/storperf ${STORPERF_REPO_DIR} RUN ansible-playbook -i ${YARDSTICK_REPO_DIR}/ansible/install-inventory.ini -c local -vvv -e INSTALLATION_MODE="container" ${YARDSTICK_REPO_DIR}/ansible/install.yaml diff --git a/docker/Dockerfile.aarch64.patch b/docker/Dockerfile.aarch64.patch index cae9dbb2f..2f510b841 100644 --- a/docker/Dockerfile.aarch64.patch +++ b/docker/Dockerfile.aarch64.patch @@ -35,7 +35,7 @@ index 71ce6b58..fce7c116 100644 @@ -40,7 +41,8 @@ RUN git clone --depth 1 -b $BRANCH https://gerrit.opnfv.org/gerrit/yardstick ${Y RUN git clone --depth 1 https://gerrit.opnfv.org/gerrit/releng ${RELENG_REPO_DIR} - RUN git clone --depth 1 -b $BRANCH https://gerrit.opnfv.org/gerrit/storperf ${STORPERF_REPO_DIR} + RUN git clone --depth 1 -b stable/gambia https://gerrit.opnfv.org/gerrit/storperf ${STORPERF_REPO_DIR} -RUN ansible-playbook -i ${YARDSTICK_REPO_DIR}/ansible/install-inventory.ini -c local -vvv -e INSTALLATION_MODE="container" ${YARDSTICK_REPO_DIR}/ansible/install.yaml +RUN sed -i -e '/configure_gui/d' ${YARDSTICK_REPO_DIR}/ansible/install.yaml && \ diff --git a/docs/testing/user/userguide/13-nsb-installation.rst b/docs/testing/user/userguide/13-nsb-installation.rst index 694521d2b..3a06be648 100644 --- a/docs/testing/user/userguide/13-nsb-installation.rst +++ b/docs/testing/user/userguide/13-nsb-installation.rst @@ -1,7 +1,7 @@ .. This work is licensed under a Creative Commons Attribution 4.0 International .. License. .. http://creativecommons.org/licenses/by/4.0 -.. (c) OPNFV, 2016-2018 Intel Corporation. +.. (c) OPNFV, 2016-2019 Intel Corporation. .. Convention for heading levels in Yardstick documentation: @@ -369,7 +369,7 @@ OpenStack:: Finally, you should be able to run the testcase:: - yardstick --debug task start yardstick/samples/vnf_samples/nsut/<vnf>/<test case> + yardstick --debug task start ./yardstick/samples/vnf_samples/nsut/<vnf>/<test case> Network Service Benchmarking - Bare-Metal ----------------------------------------- @@ -410,7 +410,7 @@ Bare-Metal Config pod.yaml Before executing Yardstick test cases, make sure that ``pod.yaml`` reflects the topology and update all the required fields.:: - cp /etc/yardstick/nodes/pod.yaml.nsb.sample /etc/yardstick/nodes/pod.yaml + cp ./etc/yardstick/nodes/pod.yaml.nsb.sample /etc/yardstick/nodes/pod.yaml .. code-block:: YAML @@ -618,8 +618,8 @@ topology and update all the required fields. .. code-block:: console - cp <yardstick>/etc/yardstick/nodes/standalone/trex_bm.yaml.sample /etc/yardstick/nodes/standalone/pod_trex.yaml - cp <yardstick>/etc/yardstick/nodes/standalone/host_sriov.yaml /etc/yardstick/nodes/standalone/host_sriov.yaml + cp ./etc/yardstick/nodes/standalone/trex_bm.yaml.sample /etc/yardstick/nodes/standalone/pod_trex.yaml + cp ./etc/yardstick/nodes/standalone/host_sriov.yaml /etc/yardstick/nodes/standalone/host_sriov.yaml .. note:: Update all the required fields like ip, user, password, pcis, etc... @@ -666,7 +666,7 @@ SR-IOV Config host_sriov.yaml password: "" SR-IOV testcase update: -``<yardstick>/samples/vnf_samples/nsut/vfw/tc_sriov_rfc2544_ipv4_1rule_1flow_64B_trex.yaml`` +``./samples/vnf_samples/nsut/vfw/tc_sriov_rfc2544_ipv4_1rule_1flow_64B_trex.yaml`` Update contexts section ''''''''''''''''''''''' @@ -856,8 +856,8 @@ OVS-DPDK 3-Node setup - Correlated Traffic Before executing Yardstick test cases, make sure that the ``pod.yaml`` reflects the topology and update all the required fields:: - cp <yardstick>/etc/yardstick/nodes/standalone/trex_bm.yaml.sample /etc/yardstick/nodes/standalone/pod_trex.yaml - cp <yardstick>/etc/yardstick/nodes/standalone/host_ovs.yaml /etc/yardstick/nodes/standalone/host_ovs.yaml + cp ./etc/yardstick/nodes/standalone/trex_bm.yaml.sample /etc/yardstick/nodes/standalone/pod_trex.yaml + cp ./etc/yardstick/nodes/standalone/host_ovs.yaml /etc/yardstick/nodes/standalone/host_ovs.yaml .. note:: Update all the required fields like ip, user, password, pcis, etc... @@ -903,7 +903,7 @@ OVS-DPDK Config host_ovs.yaml password: "" ovs_dpdk testcase update: -``<yardstick>/samples/vnf_samples/nsut/vfw/tc_ovs_rfc2544_ipv4_1rule_1flow_64B_trex.yaml`` +``./samples/vnf_samples/nsut/vfw/tc_ovs_rfc2544_ipv4_1rule_1flow_64B_trex.yaml`` Update contexts section ''''''''''''''''''''''' @@ -1385,8 +1385,8 @@ IxLoad .. code-block:: console - cp <repo>/etc/yardstick/nodes/pod.yaml.nsb.sample.ixia \ - etc/yardstick/nodes/pod_ixia.yaml + cp ./etc/yardstick/nodes/pod.yaml.nsb.sample.ixia \ + /etc/yardstick/nodes/pod_ixia.yaml Config ``pod_ixia.yaml`` @@ -1409,7 +1409,7 @@ IxLoad 4. Create a folder ``Results`` in c:\ and share the folder on the network. 5. Execute testcase in samplevnf folder e.g. - ``<repo>/samples/vnf_samples/nsut/vfw/tc_baremetal_http_ixload_1b_Requests-65000_Concurrency.yaml`` + ``./samples/vnf_samples/nsut/vfw/tc_baremetal_http_ixload_1b_Requests-65000_Concurrency.yaml`` IxNetwork ^^^^^^^^^ @@ -1421,8 +1421,8 @@ installed as part of the requirements of the project. .. code-block:: console - cp <repo>/etc/yardstick/nodes/pod.yaml.nsb.sample.ixia \ - etc/yardstick/nodes/pod_ixia.yaml + cp ./etc/yardstick/nodes/pod.yaml.nsb.sample.ixia \ + /etc/yardstick/nodes/pod_ixia.yaml Configure ``pod_ixia.yaml`` @@ -1442,7 +1442,7 @@ installed as part of the requirements of the project. (or ``IxNetworkApiServer``) 3. Execute testcase in samplevnf folder e.g. - ``<repo>/samples/vnf_samples/nsut/vfw/tc_baremetal_rfc2544_ipv4_1rule_1flow_64B_ixia.yaml`` + ``./samples/vnf_samples/nsut/vfw/tc_baremetal_rfc2544_ipv4_1rule_1flow_64B_ixia.yaml`` Spirent Landslide ----------------- diff --git a/docs/testing/user/userguide/14-nsb-operation.rst b/docs/testing/user/userguide/14-nsb-operation.rst index 69ffb8a3b..8d9a1108a 100644 --- a/docs/testing/user/userguide/14-nsb-operation.rst +++ b/docs/testing/user/userguide/14-nsb-operation.rst @@ -674,3 +674,34 @@ preinstalled and properly configured. dump_interface_table quit EOL + + +Preparing test run of vCMTS test case +------------------------------------- + +Location of vCMTS test cases: ``samples/vnf_samples/nsut/cmts/``. + +Before running a specific vIPSEC test case using NSB, some changes must be +made to the original vCMTS package. + +Allow SSH access to the docker images +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Follow the documentation at ``https://docs.docker.com/engine/examples/running_ssh_service/`` +to allow SSH access to the Pktgen/vcmts-d containers located at: + +* ``$VCMTS_ROOT/pktgen/docker/docker-image-pktgen/Dockerfile`` and +* ``$VCMTS_ROOT/vcmtsd/docker/docker-image-vcmtsd/Dockerfile`` + + +Deploy the ConfigMaps for Pktgen and vCMTSd +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +.. code-block:: bash + + cd $VCMTS_ROOT/kubernetes/helm/pktgen + helm template . -x templates/pktgen-configmap.yaml > configmap.yaml + kubectl create -f configmap.yaml + + cd $VCMTS_ROOT/kubernetes/helm/vcmtsd + helm template . -x templates/vcmts-configmap.yaml > configmap.yaml + kubectl create -f configmap.yaml + diff --git a/docs/testing/user/userguide/nsb/nsb-list-of-tcs.rst b/docs/testing/user/userguide/nsb/nsb-list-of-tcs.rst index 1a4bf32b5..562c80ff7 100644..100755 --- a/docs/testing/user/userguide/nsb/nsb-list-of-tcs.rst +++ b/docs/testing/user/userguide/nsb/nsb-list-of-tcs.rst @@ -38,3 +38,4 @@ NSB PROX Test Case Descriptions tc_vfw_rfc3511 tc_vpp_baremetal_crypto_ipsec tc_vims_context_sipp + tc_pktgen_k8s_vcmts diff --git a/docs/testing/user/userguide/nsb/tc_pktgen_k8s_vcmts.rst b/docs/testing/user/userguide/nsb/tc_pktgen_k8s_vcmts.rst new file mode 100755 index 000000000..56f5c27ed --- /dev/null +++ b/docs/testing/user/userguide/nsb/tc_pktgen_k8s_vcmts.rst @@ -0,0 +1,102 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International +.. License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) OPNFV, 2019 Viosoft Corporation. + +*********************************************** +Yardstick Test Case Description: NSB vCMTS +*********************************************** + ++------------------------------------------------------------------------------+ +|NSB Pktgen test for vCMTS characterization | +| | ++--------------+---------------------------------------------------------------+ +|test case id | tc_vcmts_k8s_pktgen | +| | | ++--------------+---------------------------------------------------------------+ +|metric | * Upstream Processing (Per Service Group); | +| | * Downstream Processing (Per Service Group); | +| | * Upstream Throughput; | +| | * Downstream Throughput; | +| | * Platform Metrics; | +| | * Power Consumption; | +| | * Upstream Throughput Time Series; | +| | * Downstream Throughput Time Series; | +| | * System Summary; | +| | | ++--------------+---------------------------------------------------------------+ +|test purpose | * The vCMTS test handles service groups and packet generation | +| | containers setup, and metrics collection. | +| | | +| | * The vCMTS test case is implemented to run in Kubernetes | +| | environment with vCMTS pre-installed. | ++--------------+---------------------------------------------------------------+ +|configuration | The vCMTS test case configurable values are listed below | +| | | +| | * num_sg: Number of service groups (Upstream/Downstream | +| | container pairs). | +| | * num_tg: Number of Pktgen containers. | +| | * vcmtsd_image: vCMTS container image (feat/perf). | +| | * qat_on: QAT status (true/false). | +| | | +| | num_sg and num_tg values should be configured in the test | +| | case file and in the topology file. | +| | | ++--------------+---------------------------------------------------------------+ +|test tool | Intel vCMTS Reference Dataplane | +| | Reference implementation of a DPDK-based vCMTS (DOCSIS MAC) | +| | dataplane in a Kubernetes-orchestrated Linux Container | +| | environment. | +| | | ++--------------+---------------------------------------------------------------+ +|applicability | This test cases can be configured with different: | +| | | +| | * Number of service groups | +| | * Number of Pktgen instances | +| | * QAT offloading | +| | * Feat/Perf Images for performance or features (more data | +| | collection) | +| | | +| | Default values exist. | +| | | ++--------------+---------------------------------------------------------------+ +|pre-test | Intel vCMTS Reference Dataplane should be installed and | +|conditions | runnable on 2 nodes Kubernetes environment with modifications | +| | to the containers to allow yardstick ssh access, and the | +| | ConfigMaps from the original vCMTS package deployed. | +| | | ++--------------+---------------------------------------------------------------+ +|test sequence | description and expected result | +| | | ++--------------+---------------------------------------------------------------+ +|step 1 | Yardstick is connected to the Kubernetes Master node using | +| | the configuration file in /etc/kubernetes/admin.yaml | +| | | ++--------------+---------------------------------------------------------------+ +|step 2 | The TG containers are created and started on the traffic | +| | generator server (Master node), While the VNF containers are | +| | created and started on the data plan server. | +| | | ++--------------+---------------------------------------------------------------+ +|step 3 | Yardstick is connected with the TG and VNF by using ssh. | +| | to start vCMTS-d, and Pktgen. | +| | | ++--------------+---------------------------------------------------------------+ +|step 4 | Yardstick connects to the running Pktgen instances to start | +| | generating traffic using the configurations from: | +| | /etc/yardstick/pktgen_values.yaml | +| | | +| | and connects to the vCMTS-d containers to start the upstream | +| | and downstream processing using the configurations from: | +| | /etc/yardstick/vcmtsd_values.yaml | +| | | ++--------------+---------------------------------------------------------------+ +|step 5 | Yardstick copies vCMTS metrics regularly from the remote | +| | InfluxDB (deployed by the vCMTS Package) to the local | +| | Yardstick InfluxDB as configured in the options section in | +| | the test case file. | +| | | ++--------------+---------------------------------------------------------------+ +|test verdict | None. The test case will collect the KPIs and plot on | +| | Grafana. | ++--------------+---------------------------------------------------------------+
\ No newline at end of file diff --git a/tools/kube-setup-one-node.sh b/tools/kube-setup-one-node.sh new file mode 100755 index 000000000..180f11b46 --- /dev/null +++ b/tools/kube-setup-one-node.sh @@ -0,0 +1,44 @@ +#!/usr/bin/env bash +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +proxy_vars=(http_proxy https_proxy ftp_proxy no_proxy) +# get proxy environment values from /etc/environment if not set +for proxy_var in ${proxy_vars[@]} +do + env_proxy=$(sed -ne "s/^$proxy_var=[\"\']\(.*\)[\"\']/\1/p" /etc/environment) + if [[ -z ${!proxy_var} ]] && [[ ! -z ${env_proxy} ]]; then + export ${proxy_var}=${env_proxy} + fi +done +# add proxy configuration into proxy file +add_extra_env=false +echo "proxy_env:" > /tmp/proxy.yml +for proxy_var in ${proxy_vars[@]} +do + if [[ ! -z ${!proxy_var} ]]; then + echo " ${proxy_var}: ${!proxy_var}" >> /tmp/proxy.yml + add_extra_env=true + fi +done +# add extra arguments file if needed +if ${add_extra_env}; then + extra_args="${extra_args} -e @/tmp/proxy.yml " +fi + +ANSIBLE_SCRIPTS="${0%/*}/../ansible" + +cd ${ANSIBLE_SCRIPTS} && \ +ansible-playbook \ + ${extra_args} -i kube-inventory.ini deploy_kube.yml |