diff options
Diffstat (limited to 'ansible/roles')
35 files changed, 784 insertions, 57 deletions
diff --git a/ansible/roles/build_cni/defaults/main.yml b/ansible/roles/build_cni/defaults/main.yml new file mode 100644 index 000000000..18aa418f4 --- /dev/null +++ b/ansible/roles/build_cni/defaults/main.yml @@ -0,0 +1,16 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +cni_src_dir: /opt/cni/src +cni_bin_dir: /opt/cni/bin diff --git a/ansible/roles/build_cni/tasks/main.yml b/ansible/roles/build_cni/tasks/main.yml new file mode 100644 index 000000000..ee66686f8 --- /dev/null +++ b/ansible/roles/build_cni/tasks/main.yml @@ -0,0 +1,49 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Get CNI driver sources + git: + repo: "{{ item.value.repo_url }}" + dest: "{{ cni_src_dir }}/{{ item.key }}" + version: "{{ item.value.repo_ver }}" + with_dict: "{{ cni_info }}" + +- name: Compile CNI drivers + command: "{{ cni_src_dir }}/{{ item.key }}/{{ item.value.build_script }}" + environment: "{{ go_env }}" + args: + chdir: "{{ cni_src_dir }}/{{ item.key }}" + with_dict: "{{ cni_info }}" + +- name: Get list of compiled CNI binaries + shell: ls -1 {{ item.key }}/bin/* + register: ls_cni_binaries_result + args: + chdir: "{{ cni_src_dir }}" + with_dict: "{{ cni_info }}" + +- set_fact: + cni_binary_list: "{{ cni_binary_list|default([]) + item.stdout_lines }}" + with_items: "{{ ls_cni_binaries_result.results }}" + +- name: Create CNI binaries dir + file: path={{ cni_bin_dir }} state=directory + +- name: Copy CNI binaries into kublet bin dir + copy: + src: "{{ cni_src_dir }}/{{ item }}" + dest: "{{ cni_bin_dir }}/" + remote_src: yes + mode: 0755 + with_items: "{{ cni_binary_list }}" diff --git a/ansible/roles/build_yardstick_image/tasks/post_build.yml b/ansible/roles/build_yardstick_image/tasks/post_build.yml index c6888f8df..abbf57c03 100644 --- a/ansible/roles/build_yardstick_image/tasks/post_build.yml +++ b/ansible/roles/build_yardstick_image/tasks/post_build.yml @@ -35,6 +35,10 @@ state: unmounted
- mount:
+ name: "{{ mountdir }}/run"
+ state: unmounted
+
+- mount:
name: "{{ mountdir }}"
state: unmounted
@@ -44,3 +48,20 @@ - debug:
msg: "yardstick image = {{ imgfile }}"
+
+- set_fact:
+ imgdest: "/var/lib/libvirt/images/{{ imgfile | basename}}"
+ name: "{{ (imgfile | basename | splitext)[0] }}"
+ ext: "{{ (imgfile | basename | splitext)[1] }}"
+
+- name: Verify if imgfile exists in libvirt images
+ stat:
+ path: "{{ imgdest }}"
+ register: imgdest_stat
+
+- set_fact:
+ imgdest: "/var/lib/libvirt/images/{{ name }}_autogen{{ ext }}"
+ when: imgdest_stat.stat.exists
+
+- name: Copy image to libvirt images
+ shell: "cp {{ imgfile }} {{ imgdest }}"
diff --git a/ansible/roles/build_yardstick_image/tasks/pre_build.yml b/ansible/roles/build_yardstick_image/tasks/pre_build.yml index 2dae38060..3ac8e90e9 100644 --- a/ansible/roles/build_yardstick_image/tasks/pre_build.yml +++ b/ansible/roles/build_yardstick_image/tasks/pre_build.yml @@ -45,6 +45,7 @@ with_items:
# order matters
- "{{ mountdir }}/proc"
+ - "{{ mountdir }}/run"
- "{{ mountdir }}"
- "/mnt/{{ release }}"
@@ -178,6 +179,17 @@ fstab: "{{ fake_fstab }}"
state: mounted
+- name: mount chroot /run
+ mount:
+ src: /run
+ name: "{{ mountdir }}/run"
+ fstype: tmpfs
+ opts: bind
+ # !!!!!!! this is required otherwise we add entries to /etc/fstab
+ # and prevent the system from booting
+ fstab: "{{ fake_fstab }}"
+ state: mounted
+
- name: if arm copy qemu-aarch64-static into chroot
copy:
src: /usr/bin/qemu-aarch64-static
diff --git a/ansible/roles/configure_rabbitmq/tasks/main.yml b/ansible/roles/configure_rabbitmq/tasks/main.yml index 3ad60c1ea..59998abc0 100644 --- a/ansible/roles/configure_rabbitmq/tasks/main.yml +++ b/ansible/roles/configure_rabbitmq/tasks/main.yml @@ -12,19 +12,28 @@ # See the License for the specific language governing permissions and # limitations under the License. --- -- name: Restart rabbitmq - service: - name: rabbitmq-server - state: restarted +- block: + - name: Restart rabbitmq + service: + name: rabbitmq-server + state: restarted -- name: rabbitmqctl start_app - shell: rabbitmqctl start_app + - name: rabbitmqctl start_app + shell: rabbitmqctl start_app -- name: Configure rabbitmq - rabbitmq_user: - user: yardstick - password: yardstick - configure_priv: .* - read_priv: .* - write_priv: .* - state: present + - name: Configure rabbitmq + rabbitmq_user: + user: yardstick + password: yardstick + configure_priv: .* + read_priv: .* + write_priv: .* + state: present + when: install_mode == inst_mode_baremetal + +- name: Create rabbitmq file for supervisor + template: + src: rabbitmq.sh.j2 + dest: /etc/yardstick/rabbitmq.sh + mode: 0755 + when: install_mode == inst_mode_container diff --git a/ansible/roles/configure_rabbitmq/templates/rabbitmq.sh.j2 b/ansible/roles/configure_rabbitmq/templates/rabbitmq.sh.j2 new file mode 100644 index 000000000..a91565c01 --- /dev/null +++ b/ansible/roles/configure_rabbitmq/templates/rabbitmq.sh.j2 @@ -0,0 +1,20 @@ +#!/bin/bash
+trap "rabbitmqctl stop_app" EXIT
+
+rabbitmqctl stop_app
+service rabbitmq-server restart
+rabbitmqctl start_app
+
+tmp_file="/tmp/$(basename -- $0).configured"
+if [ ! -f "$tmp_file" ]; then
+ rabbitmqctl add_user yardstick yardstick
+ rabbitmqctl set_permissions -p / yardstick '.*' '.*' '.*'
+ touch "$tmp_file"
+fi
+
+while :
+do
+ sleep 5
+ service rabbitmq-server status > /dev/null 2>&1 || exit 1
+ rabbitmqctl report | grep "Status of node rabbit@`hostname`" > /dev/null 2>&1 || exit 1
+done
diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index bbec371a8..18e441462 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2017 Intel Corporation. +# Copyright (c) 2017-2019 Intel Corporation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,6 +18,10 @@ - name: create docker service config dir file: path=/etc/systemd/system/docker.service.d state=directory + - name: docker configuration + template: src=daemon.json.j2 dest=/etc/docker/daemon.json owner=root mode=0644 + when: 'docker_daemon_config is defined' + - name: create docker proxy config template: src=http-proxy-conf.j2 dest=/etc/systemd/system/docker.service.d/http-proxy.conf owner=root mode=0644 when: 'proxy_env is defined and "http_proxy" in proxy_env or "https_proxy" in proxy_env' diff --git a/ansible/roles/docker/templates/daemon.json.j2 b/ansible/roles/docker/templates/daemon.json.j2 new file mode 100644 index 000000000..57bdc9f63 --- /dev/null +++ b/ansible/roles/docker/templates/daemon.json.j2 @@ -0,0 +1 @@ +{{ docker_daemon_config | to_nice_json }} diff --git a/ansible/roles/download_civetweb/tasks/main.yml b/ansible/roles/download_civetweb/tasks/main.yml index 03dd3ccd3..b6a475774 100644 --- a/ansible/roles/download_civetweb/tasks/main.yml +++ b/ansible/roles/download_civetweb/tasks/main.yml @@ -18,6 +18,10 @@ dest: "{{ clone_dest }}/" validate_certs: False checksum: "{{ civetweb_sha256s }}" + register: package_result + until: package_result is succeeded + retries: 10 + delay: 5 - name: unarchive civetweb unarchive: diff --git a/ansible/roles/download_dpdk/tasks/main.yml b/ansible/roles/download_dpdk/tasks/main.yml index 55b466cb7..e434536a3 100644 --- a/ansible/roles/download_dpdk/tasks/main.yml +++ b/ansible/roles/download_dpdk/tasks/main.yml @@ -26,6 +26,10 @@ dest: "{{ dpdk_dest }}" validate_certs: False checksum: "{{ dpdk_md5[dpdk_version] }}" + register: package_result + until: package_result is succeeded + retries: 10 + delay: 5 - unarchive: src: "{{ dpdk_dest }}/{{ dpdk_file }}" diff --git a/ansible/roles/download_drivers/tasks/i40evf.yml b/ansible/roles/download_drivers/tasks/i40evf.yml index cb8a09d6c..48a0330ab 100644 --- a/ansible/roles/download_drivers/tasks/i40evf.yml +++ b/ansible/roles/download_drivers/tasks/i40evf.yml @@ -23,6 +23,10 @@ dest: "{{ i40evf_dest }}/{{ i40evf_gzfile }}" validate_certs: False checksum: "{{ i40evf_checksum[i40evf_version] }}" + register: package_result + until: package_result is succeeded + retries: 10 + delay: 5 - name: Unarchive the i40evf file unarchive: diff --git a/ansible/roles/download_l2fwd/tasks/main.yml b/ansible/roles/download_l2fwd/tasks/main.yml index 7f2ea25c4..43b0ec366 100644 --- a/ansible/roles/download_l2fwd/tasks/main.yml +++ b/ansible/roles/download_l2fwd/tasks/main.yml @@ -20,6 +20,10 @@ get_url: url: "{{ l2fwd_url }}" dest: "{{ l2fwd_dest }}" + register: package_result + until: package_result is succeeded + retries: 10 + delay: 5 - unarchive: src: "{{ l2fwd_dest }}/{{ l2fwd_file }}" diff --git a/ansible/roles/download_pktgen/tasks/main.yml b/ansible/roles/download_pktgen/tasks/main.yml index ff71f207d..b5ac8cfe8 100644 --- a/ansible/roles/download_pktgen/tasks/main.yml +++ b/ansible/roles/download_pktgen/tasks/main.yml @@ -22,6 +22,10 @@ dest: "{{ pktgen_dest }}" validate_certs: False checksum: "{{ pktgen_sha256s[pktgen_version] }}" + register: package_result + until: package_result is succeeded + retries: 10 + delay: 5 - unarchive: src: "{{ pktgen_dest }}/{{ pktgen_file }}" diff --git a/ansible/roles/download_trex/tasks/main.yml b/ansible/roles/download_trex/tasks/main.yml index 9df67d939..44449a9c0 100644 --- a/ansible/roles/download_trex/tasks/main.yml +++ b/ansible/roles/download_trex/tasks/main.yml @@ -23,6 +23,10 @@ dest: "{{ trex_dest }}" validate_certs: False checksum: "{{ trex_sha256s[trex_version] }}" + register: package_result + until: package_result is succeeded + retries: 10 + delay: 5 - name: unarchive Trex unarchive: diff --git a/ansible/roles/enable_cpu_isolation_on_boot/defaults/main.yml b/ansible/roles/enable_cpu_isolation_on_boot/defaults/main.yml new file mode 100644 index 000000000..fda366682 --- /dev/null +++ b/ansible/roles/enable_cpu_isolation_on_boot/defaults/main.yml @@ -0,0 +1,21 @@ +# Copyright (c) 2018-2019 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +grub_file: "/etc/default/grub" +isolcpus_help_string: ' # added by Yardstick ansible isolcpus role' +isolcpu_params: " isolcpus={{ ISOL_CPUS }} nohz=on nohz_full={{ ISOL_CPUS }} rcu_nocbs={{ ISOL_CPUS }}" +enable_isolcpu: 'GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX{{ isolcpu_params }}"' +update_grub: + Debian: "update-grub2" + RedHat: "grub2-mkconfig -o /boot/grub2/grub.cfg" diff --git a/ansible/roles/enable_cpu_isolation_on_boot/tasks/main.yml b/ansible/roles/enable_cpu_isolation_on_boot/tasks/main.yml new file mode 100644 index 000000000..e11288bfd --- /dev/null +++ b/ansible/roles/enable_cpu_isolation_on_boot/tasks/main.yml @@ -0,0 +1,59 @@ +# Copyright (c) 2018-2019 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Check if isolcpus is set by this role in {{ grub_file}} + lineinfile: + path: "{{ grub_file }}" + regexp: '{{ isolcpus_help_string }}' + state: absent + check_mode: yes + register: is_nsb_isolcpus_role + ignore_errors: True + +- name: Check if isolcpus is set by someone else + lineinfile: + path: "{{ grub_file }}" + regexp: "isolcpus=" + state: absent + check_mode: yes + register: is_isolcpu + ignore_errors: True + +- name: Send warning that CPU isolation cannot be configured + debug: + msg: "WARNING: CPU isolation is not configured" + when: + - not is_nsb_isolcpus_role.changed and not is_isolcpu.changed + - ISOL_CPUS is not defined + +- name: Send info that CPU isolation configured by someone else + debug: + msg: "INFO: NOT modified, CPU isolation is already configured by someone." + when: + - not is_nsb_isolcpus_role.changed and is_isolcpu.changed + +- name: Add/update isolcpus when ISOL_CPUS is defined and not set at all or set by this role + lineinfile: + path: "{{ grub_file }}" + regexp: "{{ isolcpus_help_string }}" + line: '{{ enable_isolcpu }} {{ isolcpus_help_string }}' + when: + - is_nsb_isolcpus_role.changed or not is_nsb_isolcpus_role.changed and not is_isolcpu.changed + - ISOL_CPUS is defined + +- name: Update grub for bare metal usage + command: "{{ update_grub[ansible_os_family] }}" + when: + - is_nsb_isolcpus_role.changed or not is_nsb_isolcpus_role.changed and not is_isolcpu.changed + - ISOL_CPUS is defined diff --git a/ansible/roles/enable_hugepages_on_boot/tasks/main.yml b/ansible/roles/enable_hugepages_on_boot/tasks/main.yml index 75526eb19..f84e07545 100755 --- a/ansible/roles/enable_hugepages_on_boot/tasks/main.yml +++ b/ansible/roles/enable_hugepages_on_boot/tasks/main.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2017 Intel Corporation +# Copyright (c) 2017-2019 Intel Corporation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. --- -- name: check if hugepages are set by this role +- name: Check if hugepages are set by this role command: "grep -o '{{ hugepage_param_regex }}' /etc/default/grub" register: is_mine_huge ignore_errors: True @@ -22,46 +22,32 @@ # stat: path="/sys/firmware/efi" # register: efi -- name: check if hugepages are set by someone else +- name: Check if hugepages are set by someone else command: "grep -o 'default_hugepagesz=' /etc/default/grub" register: is_huge ignore_errors: True -- fail: +- debug: msg: "Hugepages already set by someone else" when: is_mine_huge.stdout == "" and is_huge.stdout != "" -- name: configure hugepages as idempotent block +- name: Configure hugepages as idempotent block block: - - name: use 8 for auto num_hugepages and 1G size + - name: Use 8 for auto num_hugepages and 1G size set_fact: num_hugepages: 8 when: num_hugepages|default("auto") == "auto" - - name: set hugepages in grub + - name: Set hugepages in grub lineinfile: dest: /etc/default/grub regexp: '{{ hugepage_param_regex }}' line: '{{ hugepage_param }}' state: present - - name: create hugetables mount - file: - path: "{{ hugetable_mount }}" - state: directory - - - name: mount hugetlbfs - mount: - name: "{{ hugetable_mount }}" - src: nodev - fstype: hugetlbfs - state: present - - - service: - name: procps - enabled: yes - - include: manual_modify_grub.yml # only tested on Ubuntu, kernel line is probably different on other distros when: ansible_distribution == "Ubuntu" - when: is_mine_huge.stdout == "" + when: + - is_mine_huge.stdout == "" + - is_huge.stdout == "" diff --git a/ansible/roles/enable_iommu_on_boot/tasks/main.yml b/ansible/roles/enable_iommu_on_boot/tasks/main.yml index 188b32915..2772a5d52 100644 --- a/ansible/roles/enable_iommu_on_boot/tasks/main.yml +++ b/ansible/roles/enable_iommu_on_boot/tasks/main.yml @@ -54,25 +54,26 @@ - not is_nsb_iommu_role.changed - is_iommu.changed - - name: Add IOMMU when it is not set - lineinfile: - path: "{{ grub_file }}" - regexp: "{{ iommu_help_string }}" - line: '{{ enable_iommu }}" {{ iommu_help_string }}' + - block: + - name: Add IOMMU when it is not set + lineinfile: + path: "{{ grub_file }}" + regexp: "{{ iommu_help_string }}" + line: '{{ enable_iommu }}" {{ iommu_help_string }}' + + - name: find boot grub.cfg + find: + paths: /boot + file_type: file + patterns: 'grub*.cfg' + recurse: yes + register: grub_files + + - include: manual_modify_grub.yml + # only tested on Ubuntu, kernel line is probably different on other distros + with_items: "{{ grub_files.files }}" when: + - ansible_distribution == "Ubuntu" - not is_nsb_iommu_role.changed - not is_iommu.changed - - - name: find boot grub.cfg - find: - paths: /boot - file_type: file - patterns: 'grub*.cfg' - recurse: yes - register: grub_files - - - include: manual_modify_grub.yml - # only tested on Ubuntu, kernel line is probably different on other distros - with_items: "{{ grub_files.files }}" - when: ansible_distribution == "Ubuntu" when: iommu_boot_params is defined diff --git a/ansible/roles/init_kubeadm/defaults/main.yml b/ansible/roles/init_kubeadm/defaults/main.yml new file mode 100644 index 000000000..3d868398d --- /dev/null +++ b/ansible/roles/init_kubeadm/defaults/main.yml @@ -0,0 +1,27 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +cmk_rbc_rules_url: https://raw.githubusercontent.com/intel/CPU-Manager-for-Kubernetes/master/resources/authorization/cmk-rbac-rules.yaml +cmk_serviceaccount: https://raw.githubusercontent.com/intel/CPU-Manager-for-Kubernetes/master/resources/authorization/cmk-serviceaccount.yaml +dpdk_devbind_path: "{{ INSTALL_BIN_PATH|default('/opt') }}" +multus_config: + name: node-cni-network + type: multus + kubeconfig: /etc/kubernetes/kubelet.conf + delegates: + - type: flannel + delegate: + isDefaultGateway: true + hairpinMode: true + masterplugin: true diff --git a/ansible/roles/init_kubeadm/tasks/kubeadm.yml b/ansible/roles/init_kubeadm/tasks/kubeadm.yml new file mode 100644 index 000000000..7c808a01c --- /dev/null +++ b/ansible/roles/init_kubeadm/tasks/kubeadm.yml @@ -0,0 +1,50 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- set_fact: + service_cidr_param: --service-cidr={{ kubeadm_service_cidr }} + when: 'kubeadm_service_cidr is defined' + +- set_fact: + pod_network_cidr_param: --pod-network-cidr={{ kubeadm_pod_network_cidr }} + when: 'kubeadm_pod_network_cidr is defined' + +- set_fact: + kubernetes_version: --kubernetes-version {{ kubeadm_kubernetes_version }} + when: 'kubeadm_kubernetes_version is defined' + +- name: Initialize Kubernetes cluster + command: > + kubeadm init {{ pod_network_cidr_param|default('') }} + {{ service_cidr_param|default('') }} {{ kubernetes_version|default('') }} + --ignore-preflight-errors=all + +- name: Create Kubernetes configuration dir + file: path={{ ansible_env.HOME }}/.kube state=directory + +- name: Setup Kubernetes environment + copy: + src: /etc/kubernetes/admin.conf + dest: "{{ ansible_env.HOME }}/.kube/config" + remote_src: yes + +- name: Allow to schedule pods on the master + command: kubectl taint nodes --all node-role.kubernetes.io/master- + +- name: Wait for kube-dns pod to be in running state + command: kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o json + register: result + until: result.stdout|from_json|json_query('items[].status.phase|[0]') == "Running" + retries: 30 + delay: 2 diff --git a/ansible/roles/init_kubeadm/tasks/kubectl.yml b/ansible/roles/init_kubeadm/tasks/kubectl.yml new file mode 100644 index 000000000..3e9f2d71a --- /dev/null +++ b/ansible/roles/init_kubeadm/tasks/kubectl.yml @@ -0,0 +1,26 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Generate temporary resource file + tempfile: state=file prefix=kubectl.{{ item }}. + register: config_file + +- name: Generate {{ item }} resource file + template: src={{ item }}.j2 dest={{ config_file.path }} + +- name: Create {{ item }} resource + command: kubectl create -f {{ config_file.path }} + +- name: Create Kubernetes configuration dir + file: path={{ config_file.path }} state=absent diff --git a/ansible/roles/init_kubeadm/tasks/main.yml b/ansible/roles/init_kubeadm/tasks/main.yml new file mode 100644 index 000000000..df7334ce1 --- /dev/null +++ b/ansible/roles/init_kubeadm/tasks/main.yml @@ -0,0 +1,70 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Disable swap + command: swapoff -a + ignore_errors: true + +- name: Reset Kubernetes cluster + command: kubeadm reset + +- name: Clean Kubernetes directories (w/o removing the folder itself) + shell: rm -fr {{ item }}/* + with_items: + - /etc/kubernetes + - /var/lib/cni + - /etc/cmk + +- name: Create Multus CNI plugin dir + file: path=/etc/cni/net.d state=directory + +- name: Configure Multus CNI plugin + template: src=10-multus-cni.conf.j2 dest=/etc/cni/net.d/10-multus-cni.conf owner=root mode=0644 + +- name: Change default kubelet cluster dns IP + lineinfile: + path: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf + regexp: '^(.*)--cluster-dns=([0-9\.]*)( +.*)$' + line: '\1--cluster-dns={{ kubelet_cluster_dns_ip }}\3' + backrefs: yes + backup: yes + +- name: Systemd daemon reload + command: systemctl daemon-reload + +- name: Restart kubelet + service: name=kubelet state=restarted + +- name: Initialize kubeadm + include: kubeadm.yml + +- name: Create CMK Kubernetes resources + command: kubectl create -f {{ item }} + with_items: + - "{{ cmk_rbc_rules_url }}" + - "{{ cmk_serviceaccount }}" + +- name: Create Kubernetes resources + include: kubectl.yml + with_items: + - crd-network.yaml + - net-flannel.yaml + - roles.yaml + - kube-flannel.yaml + - cmk-init-pod.yaml + +- name: Create a ClusterRoleBinding for a particular ClusterRole + command: > + kubectl create clusterrolebinding multus-node-{{ ansible_hostname }} + --clusterrole=multus-crd-overpowered --user=system:node:{{ ansible_hostname }} diff --git a/ansible/roles/init_kubeadm/templates/10-multus-cni.conf.j2 b/ansible/roles/init_kubeadm/templates/10-multus-cni.conf.j2 new file mode 100644 index 000000000..a68afaf26 --- /dev/null +++ b/ansible/roles/init_kubeadm/templates/10-multus-cni.conf.j2 @@ -0,0 +1 @@ +{{ multus_config | to_nice_json }} diff --git a/ansible/roles/init_kubeadm/templates/cmk-init-pod.yaml.j2 b/ansible/roles/init_kubeadm/templates/cmk-init-pod.yaml.j2 new file mode 100644 index 000000000..a4c735394 --- /dev/null +++ b/ansible/roles/init_kubeadm/templates/cmk-init-pod.yaml.j2 @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Pod +metadata: + labels: + app: cmk-cluster-init-pod + name: cmk-cluster-init-pod +spec: + serviceAccountName: cmk-serviceaccount + containers: + - args: + # Change this value to pass different options to cluster-init. + - "/cmk/cmk.py cluster-init --host-list={{ ansible_hostname }} --saname=cmk-serviceaccount --cmk-img=si-docker.ir.intel.com/vcmts-ubuntu/cmk --num-dp-cores=4 --dp-mode=spread --num-cp-cores=1 --cp-mode=spread" + command: + - "/bin/bash" + - "-c" + image: si-docker.ir.intel.com/vcmts-ubuntu/cmk + name: cmk-cluster-init-pod + restartPolicy: Never diff --git a/ansible/roles/init_kubeadm/templates/crd-network.yaml.j2 b/ansible/roles/init_kubeadm/templates/crd-network.yaml.j2 new file mode 100644 index 000000000..180038b07 --- /dev/null +++ b/ansible/roles/init_kubeadm/templates/crd-network.yaml.j2 @@ -0,0 +1,13 @@ +--- +apiVersion: "apiextensions.k8s.io/v1beta1" +kind: CustomResourceDefinition +metadata: + name: networks.kubernetes.com +spec: + group: kubernetes.com + version: v1 + scope: Namespaced + names: + plural: networks + singular: network + kind: Network diff --git a/ansible/roles/init_kubeadm/templates/kube-flannel.yaml.j2 b/ansible/roles/init_kubeadm/templates/kube-flannel.yaml.j2 new file mode 100644 index 000000000..4cf63d6ca --- /dev/null +++ b/ansible/roles/init_kubeadm/templates/kube-flannel.yaml.j2 @@ -0,0 +1,145 @@ +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: flannel +rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: flannel +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: flannel +subjects: +- kind: ServiceAccount + name: flannel + namespace: kube-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: flannel + namespace: kube-system +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: kube-flannel-cfg + namespace: kube-system + labels: + tier: node + app: flannel +data: + cni-conf.json: | + { + "name": "cbr0", + "plugins": [ + { + "type": "flannel", + "delegate": { + "hairpinMode": true, + "isDefaultGateway": true + } + }, + { + "type": "portmap", + "capabilities": { + "portMappings": true + } + } + ] + } + net-conf.json: | + { + "Network": "{{ kubeadm_pod_network_cidr }}", + "Backend": { + "Type": "vxlan" + } + } +--- +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: kube-flannel-ds + namespace: kube-system + labels: + tier: node + app: flannel +spec: + template: + metadata: + labels: + tier: node + app: flannel + spec: + hostNetwork: true + nodeSelector: + beta.kubernetes.io/arch: amd64 + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + serviceAccountName: flannel + containers: + - name: kube-flannel + image: quay.io/coreos/flannel:v0.10.0-amd64 + command: + - /opt/bin/flanneld + args: + - --ip-masq + - --kube-subnet-mgr + resources: + requests: + cpu: "100m" + memory: "50Mi" + limits: + cpu: "100m" + memory: "50Mi" + securityContext: + privileged: true + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: run + mountPath: /run + - name: flannel-cfg + mountPath: /etc/kube-flannel/ + volumes: + - name: run + hostPath: + path: /run + - name: cni + hostPath: + path: /etc/cni/net.d + - name: flannel-cfg + configMap: + name: kube-flannel-cfg diff --git a/ansible/roles/init_kubeadm/templates/net-flannel.yaml.j2 b/ansible/roles/init_kubeadm/templates/net-flannel.yaml.j2 new file mode 100644 index 000000000..b872cd613 --- /dev/null +++ b/ansible/roles/init_kubeadm/templates/net-flannel.yaml.j2 @@ -0,0 +1,10 @@ +apiVersion: "kubernetes.com/v1" +kind: Network +metadata: + name: flannel +plugin: flannel +args: '[{ + "delegate": { + "isDefaultGateway": true + } + }]' diff --git a/ansible/roles/init_kubeadm/templates/roles.yaml.j2 b/ansible/roles/init_kubeadm/templates/roles.yaml.j2 new file mode 100644 index 000000000..635ba0c1e --- /dev/null +++ b/ansible/roles/init_kubeadm/templates/roles.yaml.j2 @@ -0,0 +1,16 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: multus-crd-overpowered +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +- nonResourceURLs: + - '*' + verbs: + - '*' diff --git a/ansible/roles/install_dependencies_kubernetes/tasks/main.yml b/ansible/roles/install_dependencies_kubernetes/tasks/main.yml new file mode 100644 index 000000000..90098a48e --- /dev/null +++ b/ansible/roles/install_dependencies_kubernetes/tasks/main.yml @@ -0,0 +1,19 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Install https download transport for APT + apt: + name: apt-transport-https + state: latest + update_cache: yes diff --git a/ansible/roles/install_go/defaults/main.yml b/ansible/roles/install_go/defaults/main.yml new file mode 100644 index 000000000..dee4f82d2 --- /dev/null +++ b/ansible/roles/install_go/defaults/main.yml @@ -0,0 +1,18 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +golang_repo_key_server: keyserver.ubuntu.com +golang_repo_key_id: C73998DC9DFEA6DCF1241057308C15A29AD198E9 +golang_repo_url: deb http://ppa.launchpad.net/gophers/archive/ubuntu xenial main +golang_bin_dir: /usr/lib/go-1.10/bin diff --git a/ansible/roles/install_go/tasks/main.yml b/ansible/roles/install_go/tasks/main.yml new file mode 100644 index 000000000..5489fadae --- /dev/null +++ b/ansible/roles/install_go/tasks/main.yml @@ -0,0 +1,40 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Add go language gophers repo key + # due to a proxy issue in the ansible apt_key module on Ubuntu 17.10, + # it doesn't work to add key via `id` and `keyserver` parametes. Similar + # issue is described here: https://github.com/debops/ansible-elastic_co/issues/2 + # apt_key: + # keyserver: "{{ golang_repo_key_server }}" + # id: "{{ golang_repo_key_id }}" + # As a workaround, we can use `apt-key` tool directly with proxy specified. + command: > + apt-key adv --keyserver {{ golang_repo_key_server }} --recv-keys + --keyserver-options http-proxy={{ proxy_env.http_proxy }} + {{ golang_repo_key_id }} + +- name: Add apt golang repository + apt_repository: + repo: "{{ golang_repo_url }}" + filename: golang-1.10-go + +- name: Install golang-1.10-go + apt: + name: golang-1.10-go + +- name: Setup Go environment variable + set_fact: + go_env: + PATH: "{{ golang_bin_dir }}:{{ ansible_env.PATH }}" diff --git a/ansible/roles/install_image_dependencies/defaults/main.yml b/ansible/roles/install_image_dependencies/defaults/main.yml index 42951bf6d..558e68a9b 100644 --- a/ansible/roles/install_image_dependencies/defaults/main.yml +++ b/ansible/roles/install_image_dependencies/defaults/main.yml @@ -30,6 +30,7 @@ install_dependencies: - libxss-dev - expect - libnuma-dev + - curl RedHat: - bc - fio @@ -50,3 +51,4 @@ install_dependencies: - sysstat - unzip - python-devel + - curl diff --git a/ansible/roles/install_kube/defaults/main.yml b/ansible/roles/install_kube/defaults/main.yml new file mode 100644 index 000000000..1ae57469d --- /dev/null +++ b/ansible/roles/install_kube/defaults/main.yml @@ -0,0 +1,16 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +kubernetes_key_url: https://packages.cloud.google.com/apt/doc/apt-key.gpg +kubernetes_repo_url: deb http://apt.kubernetes.io/ kubernetes-xenial main diff --git a/ansible/roles/install_kube/tasks/main.yml b/ansible/roles/install_kube/tasks/main.yml new file mode 100644 index 000000000..ea4f0cdb5 --- /dev/null +++ b/ansible/roles/install_kube/tasks/main.yml @@ -0,0 +1,30 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Add kubernetes repo key + apt_key: + url: "{{ kubernetes_key_url }}" + +- name: Add apt kubernetes repository + apt_repository: + repo: "{{ kubernetes_repo_url }}" + filename: kubernetes + +- name: Install kubelet kubeadm kubectl kubernetes-cni + apt: + name: + - kubelet=1.9.3* + - kubeadm=1.9.3* + - kubectl=1.9.3* + force: yes diff --git a/ansible/roles/set_package_installer_proxy/templates/apt_conf.j2 b/ansible/roles/set_package_installer_proxy/templates/apt_conf.j2 index 5b57178a7..cba8eacd4 100644 --- a/ansible/roles/set_package_installer_proxy/templates/apt_conf.j2 +++ b/ansible/roles/set_package_installer_proxy/templates/apt_conf.j2 @@ -1,3 +1,6 @@ {% if "http_proxy" in proxy_env %} Acquire::http::Proxy "{{ proxy_env.http_proxy }}"; {% endif %} +{% if "https_proxy" in proxy_env %} +Acquire::https::Proxy "{{ proxy_env.https_proxy }}"; +{% endif %} |