diff options
Diffstat (limited to 'ansible')
47 files changed, 1069 insertions, 114 deletions
diff --git a/ansible/build_vm.yml b/ansible/build_vm.yml new file mode 100644 index 000000000..9774f9ff5 --- /dev/null +++ b/ansible/build_vm.yml @@ -0,0 +1,44 @@ +- name: Prepare to build VM + hosts: jumphost + become: yes + vars: + img_prop_item: "{{ IMG_PROPERTY }}" + img_arch: "{{ YARD_IMG_ARCH }}" + + tasks: + - name: Include pre-build + include_role: + name: build_yardstick_image + tasks_from: pre_build.yml + when: + - installation_mode != inst_mode_container + + +- name: Build VM in chroot + hosts: chroot_image + connection: chroot + become: yes + vars: + img_property: "{{ IMG_PROPERTY }}" + environment: "{{ proxy_env }}" + + tasks: + - name: Include image build + include_role: + name: build_yardstick_image + tasks_from: "cloudimg_modify_{{ img_property }}.yml" + when: + - installation_mode != inst_mode_container + + +- name: Clear up after VM is built + hosts: jumphost + become: yes + + tasks: + - name: Include post-build + include_role: + name: build_yardstick_image + tasks_from: post_build.yml + when: + - installation_mode != inst_mode_container diff --git a/ansible/deploy_kube.yml b/ansible/deploy_kube.yml new file mode 100644 index 000000000..b71e7dc7c --- /dev/null +++ b/ansible/deploy_kube.yml @@ -0,0 +1,28 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- hosts: master + become: yes + environment: "{{ proxy_env }}" + roles: + - set_package_installer_proxy + - install_dependencies_kubernetes + - docker + - install_go + - install_kube + - build_cni + - role: download_dpdk + dpdk_version: "17.02.1" + - install_dpdk + - init_kubeadm diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index cd12bf02e..e94d24023 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -7,7 +7,16 @@ release: "{{ OS_RELEASE | default('xenial') }}" normal_image_file: "{{ workspace }}/yardstick-image.img"
nsb_image_file: "{{ workspace }}/yardstick-nsb-image.img"
ubuntu_image_file: /tmp/workspace/yardstick/yardstick-trusty-server.raw
+arch_amd64: "amd64"
+arch_arm64: "arm64"
+inst_mode_baremetal: "baremetal"
+inst_mode_container: "container"
+inst_mode_container_pull: "container_pull"
+ubuntu_archive:
+ "amd64": "http://archive.ubuntu.com/ubuntu/"
+ "arm64": "http://ports.ubuntu.com/ubuntu-ports/"
installation_mode: "{{ INSTALLATION_MODE | default('baremetal') }}"
+yardstick_dir: "{{ YARDSTICK_DIR | default('/home/opnfv/repos/yardstick') }}"
proxy_env:
PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/bin
http_proxy: "{{ lookup('env', 'http_proxy') }}"
diff --git a/ansible/group_vars/master.yml b/ansible/group_vars/master.yml new file mode 100644 index 000000000..f5f703a2f --- /dev/null +++ b/ansible/group_vars/master.yml @@ -0,0 +1,39 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +cni_info: + multus-cni: + repo_url: https://github.com/Intel-Corp/multus-cni + repo_ver: v1.2 + build_script: build + sriov-cni: + repo_url: https://github.com/Intel-Corp/sriov-cni + repo_ver: v0.4.0 + build_script: build + containernetworking-cni: + repo_url: https://github.com/containernetworking/cni + repo_ver: v0.6.0 + build_script: build.sh + containernetworking-plugins: + repo_url: https://github.com/containernetworking/plugins + repo_ver: v0.7.1 + build_script: build.sh +kubeadm_kubernetes_version: 1.9.3 +# Default CIDR defined in kube-flannel.yml +kubeadm_pod_network_cidr: 10.244.0.0/16 +kubelet_cluster_dns_ip: 172.20.0.10 +docker_daemon_config: + bip: 172.10.1.1/16 + fixed-cidr: 172.10.0.0/24 + mtu: 1500 diff --git a/ansible/install-inventory.ini b/ansible/install-inventory.ini index d0a8ef927..07d2c13f4 100644 --- a/ansible/install-inventory.ini +++ b/ansible/install-inventory.ini @@ -8,21 +8,22 @@ localhost ansible_connection=local [yardstick:children] jumphost -[yardstick-standalone] -# standalone-node ansible_host=192.168.2.51 ansible_user=ubuntu ansible_ssh_pass=password ansible_connection=ssh - [yardstick-baremetal] -# baremetal-node ansible_host=192.168.2.52 ansible_user=ubuntu ansible_ssh_pass=password ansible_connection=ssh +# baremetal-node ansible_host=192.168.2.51 ansible_user=ubuntu ansible_ssh_pass=password ansible_connection=ssh + +[yardstick-standalone] +# standalone-node ansible_host=192.168.2.52 ansible_user=ubuntu ansible_ssh_pass=password ansible_connection=ssh [all:vars] -arch_amd64=amd64 -arch_arm64=arm64 -inst_mode_baremetal=baremetal -inst_mode_container=container -inst_mode_container_pull=container_pull -ubuntu_archive={"amd64": "http://archive.ubuntu.com/ubuntu/", "arm64": "http://ports.ubuntu.com/ubuntu-ports/"} -# When IMG_PROPERTY is passed neither normal nor nsb set "path_to_vm=/path/to/image" to add it to OpenStack -# path_to_img=/tmp/workspace/yardstick-image.img # Uncomment credentials below if needed # ansible_user=root -# ansible_pass=root +# ansible_ssh_pass=root +# ansible_ssh_private_key_file=/root/.ssh/id_rsa + +# When IMG_PROPERTY is passed neither normal nor nsb set "path_to_vm=/path/to/image" to add it to OpenStack +# path_to_img=/tmp/workspace/yardstick-image.img + +# List of CPUs to be isolated (not used by default) +# Grub line will be extended with: "isolcpus=<ISOL_CPUS> nohz=on nohz_full=<ISOL_CPUS> rcu_nocbs=1<ISOL_CPUS>" +# ISOL_CPUS=2-27,30-55 # physical cpu's for all NUMA nodes, four cpu's reserved for kernel +# ISOL_CPUS=2-27,58-83 # physical cpu's for first NUMA node, four cpu's reserved for kernel diff --git a/ansible/install.yaml b/ansible/install.yaml index 6146c7f19..a78a11f68 100644 --- a/ansible/install.yaml +++ b/ansible/install.yaml @@ -1,4 +1,4 @@ -# Copyright (c) 2018 Intel Corporation. +# Copyright (c) 2018-2019 Intel Corporation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,7 +15,6 @@ - hosts: jumphost become: yes vars: - yardstick_dir: "{{ YARDSTICK_DIR | default('/home/opnfv/repos/yardstick') }}" virtual_environment: "{{ VIRTUAL_ENVIRONMENT | default(False) }}" nsb_dir: "{{ NSB_DIR | default('/opt/nsb_bin/') }}" @@ -39,7 +38,8 @@ - { role: configure_gui, when: installation_mode != inst_mode_container_pull } - { role: download_trex, when: installation_mode != inst_mode_container_pull } - { role: install_trex, when: installation_mode != inst_mode_container_pull } - - { role: configure_rabbitmq, when: installation_mode == inst_mode_baremetal } + - role: configure_rabbitmq + install_mode: "{{ installation_mode }}" post_tasks: @@ -67,6 +67,7 @@ # can't update grub in chroot/docker - enable_hugepages_on_boot - enable_iommu_on_boot + - enable_cpu_isolation_on_boot # needed for collectd plugins - increase_open_file_limits - install_image_dependencies @@ -103,54 +104,59 @@ - docker - barometer_collectd - - name: Prepare to build VM - hosts: jumphost + hosts: yardstick-standalone become: yes vars: img_prop_item: "{{ IMG_PROPERTY }}" img_arch: "{{ YARD_IMG_ARCH }}" - - tasks: - - name: Include pre-build - include_role: - name: build_yardstick_image - tasks_from: pre_build.yml - when: - - installation_mode != inst_mode_container - - IMG_PROPERTY == 'nsb' or IMG_PROPERTY == 'normal' - - -- name: Build VM in chroot - hosts: chroot_image - connection: chroot - become: yes - vars: - img_property: "{{ IMG_PROPERTY }}" environment: "{{ proxy_env }}" tasks: - - name: Include image build - include_role: - name: build_yardstick_image - tasks_from: "cloudimg_modify_{{ img_property }}.yml" + - file: + dest: /tmp/ansible + state: directory + mode: 0755 + + - name: Copy ansible folder to remote DUT + copy: + src: "." + dest: /tmp/ansible + + - name: Install DUT related packages + apt: + name: "{{ packages }}" + vars: + packages: + - qemu-kvm + - libvirt-bin + - bridge-utils + - fping + - genisoimage + + # There is a bug with the easy install ansible module in Ubuntu 16.04 linux. + # Refer https://github.com/ansible/ansible/issues/23534 + - name: Install pip + shell: easy_install -U pip when: - - installation_mode != inst_mode_container - - IMG_PROPERTY == 'nsb' or IMG_PROPERTY == 'normal' + - ansible_distribution == 'Ubuntu' + - ansible_distribution_major_version|int <= 16 + - name: Install python-pip + action: "{{ ansible_pkg_mgr }} name=python-pip state=present" + when: + - ansible_distribution == 'Ubuntu' + - ansible_distribution_major_version|int >= 17 -- name: Clear up after VM is built - hosts: jumphost - become: yes + - name: Update pip ansible docker + pip: + name: "ansible==2.5.5" - tasks: - - name: Include post-build - include_role: - name: build_yardstick_image - tasks_from: post_build.yml - when: - - installation_mode != inst_mode_container - - IMG_PROPERTY == 'nsb' or IMG_PROPERTY == 'normal' + # This is used as workaround as ansible doesn't support chroot on remote server + - name: Run ansible on remote + shell: "ansible-playbook -e OS_RELEASE={{ OS_RELEASE }} -e IMAGE_PROPERTY={{ IMAGE_PROPERTY }} -e YARD_IMAGE_ARCH={{ YARD_IMAGE_ARCH }} -i install-inventory.ini build_vm.yml -vv" + args: + chdir: "/tmp/ansible" - name: Add OpenStack variables, image @@ -214,6 +220,5 @@ volumes: - "{{ openrc_file|default('/dev/null') }}:/etc/yardstick/openstack.creds:ro" - /var/run/docker.sock:/var/run/docker.sock - - /opt:/opt - /etc/localtime:/etc/localtime:ro when: installation_mode == inst_mode_container_pull diff --git a/ansible/kube-inventory.ini b/ansible/kube-inventory.ini new file mode 100644 index 000000000..ff11b391d --- /dev/null +++ b/ansible/kube-inventory.ini @@ -0,0 +1,6 @@ +[master] +kube-master ansible_host=192.168.1.155 + +[master:vars] +ansible_user=ubuntu +ansible_ssh_private_key_file=ubuntu.key diff --git a/ansible/roles/build_cni/defaults/main.yml b/ansible/roles/build_cni/defaults/main.yml new file mode 100644 index 000000000..18aa418f4 --- /dev/null +++ b/ansible/roles/build_cni/defaults/main.yml @@ -0,0 +1,16 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +cni_src_dir: /opt/cni/src +cni_bin_dir: /opt/cni/bin diff --git a/ansible/roles/build_cni/tasks/main.yml b/ansible/roles/build_cni/tasks/main.yml new file mode 100644 index 000000000..ee66686f8 --- /dev/null +++ b/ansible/roles/build_cni/tasks/main.yml @@ -0,0 +1,49 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Get CNI driver sources + git: + repo: "{{ item.value.repo_url }}" + dest: "{{ cni_src_dir }}/{{ item.key }}" + version: "{{ item.value.repo_ver }}" + with_dict: "{{ cni_info }}" + +- name: Compile CNI drivers + command: "{{ cni_src_dir }}/{{ item.key }}/{{ item.value.build_script }}" + environment: "{{ go_env }}" + args: + chdir: "{{ cni_src_dir }}/{{ item.key }}" + with_dict: "{{ cni_info }}" + +- name: Get list of compiled CNI binaries + shell: ls -1 {{ item.key }}/bin/* + register: ls_cni_binaries_result + args: + chdir: "{{ cni_src_dir }}" + with_dict: "{{ cni_info }}" + +- set_fact: + cni_binary_list: "{{ cni_binary_list|default([]) + item.stdout_lines }}" + with_items: "{{ ls_cni_binaries_result.results }}" + +- name: Create CNI binaries dir + file: path={{ cni_bin_dir }} state=directory + +- name: Copy CNI binaries into kublet bin dir + copy: + src: "{{ cni_src_dir }}/{{ item }}" + dest: "{{ cni_bin_dir }}/" + remote_src: yes + mode: 0755 + with_items: "{{ cni_binary_list }}" diff --git a/ansible/roles/build_yardstick_image/tasks/cloudimg_modify_nsb.yml b/ansible/roles/build_yardstick_image/tasks/cloudimg_modify_nsb.yml index 8e2c3a623..65b9b8188 100644 --- a/ansible/roles/build_yardstick_image/tasks/cloudimg_modify_nsb.yml +++ b/ansible/roles/build_yardstick_image/tasks/cloudimg_modify_nsb.yml @@ -60,6 +60,11 @@ loop_var: role_item environment: "{{ proxy_env }}" +- include_vars: roles/install_dpdk/defaults/main.yml + when: INSTALL_BIN_PATH is undefined + +- include_vars: roles/download_samplevnfs/defaults/main.yml + - include_role: name: "{{ role_item }}" vars: @@ -72,9 +77,6 @@ loop_var: role_item environment: "{{ proxy_env }}" -- include_vars: roles/install_dpdk/defaults/main.yml - when: INSTALL_BIN_PATH is undefined - - name: Install PROX include_role: name: install_samplevnf diff --git a/ansible/roles/build_yardstick_image/tasks/post_build.yml b/ansible/roles/build_yardstick_image/tasks/post_build.yml index c6888f8df..14b7a3d17 100644 --- a/ansible/roles/build_yardstick_image/tasks/post_build.yml +++ b/ansible/roles/build_yardstick_image/tasks/post_build.yml @@ -35,6 +35,10 @@ state: unmounted
- mount:
+ name: "{{ mountdir }}/run"
+ state: unmounted
+
+- mount:
name: "{{ mountdir }}"
state: unmounted
@@ -44,3 +48,9 @@ - debug:
msg: "yardstick image = {{ imgfile }}"
+
+- set_fact:
+ imgdest: "/var/lib/libvirt/images/{{ imgfile | basename}}"
+
+- name: Copy image to libvirt images
+ shell: "cp {{ imgfile }} {{ imgdest }}"
diff --git a/ansible/roles/build_yardstick_image/tasks/pre_build.yml b/ansible/roles/build_yardstick_image/tasks/pre_build.yml index 2dae38060..3ac8e90e9 100644 --- a/ansible/roles/build_yardstick_image/tasks/pre_build.yml +++ b/ansible/roles/build_yardstick_image/tasks/pre_build.yml @@ -45,6 +45,7 @@ with_items:
# order matters
- "{{ mountdir }}/proc"
+ - "{{ mountdir }}/run"
- "{{ mountdir }}"
- "/mnt/{{ release }}"
@@ -178,6 +179,17 @@ fstab: "{{ fake_fstab }}"
state: mounted
+- name: mount chroot /run
+ mount:
+ src: /run
+ name: "{{ mountdir }}/run"
+ fstype: tmpfs
+ opts: bind
+ # !!!!!!! this is required otherwise we add entries to /etc/fstab
+ # and prevent the system from booting
+ fstab: "{{ fake_fstab }}"
+ state: mounted
+
- name: if arm copy qemu-aarch64-static into chroot
copy:
src: /usr/bin/qemu-aarch64-static
diff --git a/ansible/roles/configure_rabbitmq/tasks/main.yml b/ansible/roles/configure_rabbitmq/tasks/main.yml index 3ad60c1ea..59998abc0 100644 --- a/ansible/roles/configure_rabbitmq/tasks/main.yml +++ b/ansible/roles/configure_rabbitmq/tasks/main.yml @@ -12,19 +12,28 @@ # See the License for the specific language governing permissions and # limitations under the License. --- -- name: Restart rabbitmq - service: - name: rabbitmq-server - state: restarted +- block: + - name: Restart rabbitmq + service: + name: rabbitmq-server + state: restarted -- name: rabbitmqctl start_app - shell: rabbitmqctl start_app + - name: rabbitmqctl start_app + shell: rabbitmqctl start_app -- name: Configure rabbitmq - rabbitmq_user: - user: yardstick - password: yardstick - configure_priv: .* - read_priv: .* - write_priv: .* - state: present + - name: Configure rabbitmq + rabbitmq_user: + user: yardstick + password: yardstick + configure_priv: .* + read_priv: .* + write_priv: .* + state: present + when: install_mode == inst_mode_baremetal + +- name: Create rabbitmq file for supervisor + template: + src: rabbitmq.sh.j2 + dest: /etc/yardstick/rabbitmq.sh + mode: 0755 + when: install_mode == inst_mode_container diff --git a/ansible/roles/configure_rabbitmq/templates/rabbitmq.sh.j2 b/ansible/roles/configure_rabbitmq/templates/rabbitmq.sh.j2 new file mode 100644 index 000000000..a91565c01 --- /dev/null +++ b/ansible/roles/configure_rabbitmq/templates/rabbitmq.sh.j2 @@ -0,0 +1,20 @@ +#!/bin/bash
+trap "rabbitmqctl stop_app" EXIT
+
+rabbitmqctl stop_app
+service rabbitmq-server restart
+rabbitmqctl start_app
+
+tmp_file="/tmp/$(basename -- $0).configured"
+if [ ! -f "$tmp_file" ]; then
+ rabbitmqctl add_user yardstick yardstick
+ rabbitmqctl set_permissions -p / yardstick '.*' '.*' '.*'
+ touch "$tmp_file"
+fi
+
+while :
+do
+ sleep 5
+ service rabbitmq-server status > /dev/null 2>&1 || exit 1
+ rabbitmqctl report | grep "Status of node rabbit@`hostname`" > /dev/null 2>&1 || exit 1
+done
diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index bbec371a8..18e441462 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2017 Intel Corporation. +# Copyright (c) 2017-2019 Intel Corporation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,6 +18,10 @@ - name: create docker service config dir file: path=/etc/systemd/system/docker.service.d state=directory + - name: docker configuration + template: src=daemon.json.j2 dest=/etc/docker/daemon.json owner=root mode=0644 + when: 'docker_daemon_config is defined' + - name: create docker proxy config template: src=http-proxy-conf.j2 dest=/etc/systemd/system/docker.service.d/http-proxy.conf owner=root mode=0644 when: 'proxy_env is defined and "http_proxy" in proxy_env or "https_proxy" in proxy_env' diff --git a/ansible/roles/docker/templates/daemon.json.j2 b/ansible/roles/docker/templates/daemon.json.j2 new file mode 100644 index 000000000..57bdc9f63 --- /dev/null +++ b/ansible/roles/docker/templates/daemon.json.j2 @@ -0,0 +1 @@ +{{ docker_daemon_config | to_nice_json }} diff --git a/ansible/roles/download_civetweb/tasks/main.yml b/ansible/roles/download_civetweb/tasks/main.yml index 03dd3ccd3..b6a475774 100644 --- a/ansible/roles/download_civetweb/tasks/main.yml +++ b/ansible/roles/download_civetweb/tasks/main.yml @@ -18,6 +18,10 @@ dest: "{{ clone_dest }}/" validate_certs: False checksum: "{{ civetweb_sha256s }}" + register: package_result + until: package_result is succeeded + retries: 10 + delay: 5 - name: unarchive civetweb unarchive: diff --git a/ansible/roles/download_dpdk/tasks/main.yml b/ansible/roles/download_dpdk/tasks/main.yml index 55b466cb7..e434536a3 100644 --- a/ansible/roles/download_dpdk/tasks/main.yml +++ b/ansible/roles/download_dpdk/tasks/main.yml @@ -26,6 +26,10 @@ dest: "{{ dpdk_dest }}" validate_certs: False checksum: "{{ dpdk_md5[dpdk_version] }}" + register: package_result + until: package_result is succeeded + retries: 10 + delay: 5 - unarchive: src: "{{ dpdk_dest }}/{{ dpdk_file }}" diff --git a/ansible/roles/download_drivers/tasks/i40evf.yml b/ansible/roles/download_drivers/tasks/i40evf.yml index cb8a09d6c..48a0330ab 100644 --- a/ansible/roles/download_drivers/tasks/i40evf.yml +++ b/ansible/roles/download_drivers/tasks/i40evf.yml @@ -23,6 +23,10 @@ dest: "{{ i40evf_dest }}/{{ i40evf_gzfile }}" validate_certs: False checksum: "{{ i40evf_checksum[i40evf_version] }}" + register: package_result + until: package_result is succeeded + retries: 10 + delay: 5 - name: Unarchive the i40evf file unarchive: diff --git a/ansible/roles/download_l2fwd/tasks/main.yml b/ansible/roles/download_l2fwd/tasks/main.yml index 7f2ea25c4..43b0ec366 100644 --- a/ansible/roles/download_l2fwd/tasks/main.yml +++ b/ansible/roles/download_l2fwd/tasks/main.yml @@ -20,6 +20,10 @@ get_url: url: "{{ l2fwd_url }}" dest: "{{ l2fwd_dest }}" + register: package_result + until: package_result is succeeded + retries: 10 + delay: 5 - unarchive: src: "{{ l2fwd_dest }}/{{ l2fwd_file }}" diff --git a/ansible/roles/download_pktgen/tasks/main.yml b/ansible/roles/download_pktgen/tasks/main.yml index ff71f207d..b5ac8cfe8 100644 --- a/ansible/roles/download_pktgen/tasks/main.yml +++ b/ansible/roles/download_pktgen/tasks/main.yml @@ -22,6 +22,10 @@ dest: "{{ pktgen_dest }}" validate_certs: False checksum: "{{ pktgen_sha256s[pktgen_version] }}" + register: package_result + until: package_result is succeeded + retries: 10 + delay: 5 - unarchive: src: "{{ pktgen_dest }}/{{ pktgen_file }}" diff --git a/ansible/roles/download_samplevnfs/defaults/main.yml b/ansible/roles/download_samplevnfs/defaults/main.yml index 5ddc9f0f9..2ae4d6159 100644 --- a/ansible/roles/download_samplevnfs/defaults/main.yml +++ b/ansible/roles/download_samplevnfs/defaults/main.yml @@ -14,3 +14,4 @@ samplevnf_url: "https://git.opnfv.org/samplevnf" samplevnf_dest: "{{ clone_dest }}/samplevnf" samplevnf_version: "47123bfc1b3c0d0b01884aebbce1a3e09ad7ddb0" +path_json: "{{ INSTALL_BIN_PATH }}/{{ inventory_hostname | basename }}_sample_vnf.json" diff --git a/ansible/roles/download_samplevnfs/tasks/main.yml b/ansible/roles/download_samplevnfs/tasks/main.yml index e9d4142c9..f98f2a42d 100644 --- a/ansible/roles/download_samplevnfs/tasks/main.yml +++ b/ansible/roles/download_samplevnfs/tasks/main.yml @@ -27,3 +27,7 @@ - set_fact: samplevnf_path: "{{ samplevnf_dest }}" + +- file: + dest: "{{ path_json }}" + state: absent diff --git a/ansible/roles/download_trex/tasks/main.yml b/ansible/roles/download_trex/tasks/main.yml index 9df67d939..44449a9c0 100644 --- a/ansible/roles/download_trex/tasks/main.yml +++ b/ansible/roles/download_trex/tasks/main.yml @@ -23,6 +23,10 @@ dest: "{{ trex_dest }}" validate_certs: False checksum: "{{ trex_sha256s[trex_version] }}" + register: package_result + until: package_result is succeeded + retries: 10 + delay: 5 - name: unarchive Trex unarchive: diff --git a/ansible/roles/enable_cpu_isolation_on_boot/defaults/main.yml b/ansible/roles/enable_cpu_isolation_on_boot/defaults/main.yml new file mode 100644 index 000000000..fda366682 --- /dev/null +++ b/ansible/roles/enable_cpu_isolation_on_boot/defaults/main.yml @@ -0,0 +1,21 @@ +# Copyright (c) 2018-2019 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +grub_file: "/etc/default/grub" +isolcpus_help_string: ' # added by Yardstick ansible isolcpus role' +isolcpu_params: " isolcpus={{ ISOL_CPUS }} nohz=on nohz_full={{ ISOL_CPUS }} rcu_nocbs={{ ISOL_CPUS }}" +enable_isolcpu: 'GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX{{ isolcpu_params }}"' +update_grub: + Debian: "update-grub2" + RedHat: "grub2-mkconfig -o /boot/grub2/grub.cfg" diff --git a/ansible/roles/enable_cpu_isolation_on_boot/tasks/main.yml b/ansible/roles/enable_cpu_isolation_on_boot/tasks/main.yml new file mode 100644 index 000000000..e11288bfd --- /dev/null +++ b/ansible/roles/enable_cpu_isolation_on_boot/tasks/main.yml @@ -0,0 +1,59 @@ +# Copyright (c) 2018-2019 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Check if isolcpus is set by this role in {{ grub_file}} + lineinfile: + path: "{{ grub_file }}" + regexp: '{{ isolcpus_help_string }}' + state: absent + check_mode: yes + register: is_nsb_isolcpus_role + ignore_errors: True + +- name: Check if isolcpus is set by someone else + lineinfile: + path: "{{ grub_file }}" + regexp: "isolcpus=" + state: absent + check_mode: yes + register: is_isolcpu + ignore_errors: True + +- name: Send warning that CPU isolation cannot be configured + debug: + msg: "WARNING: CPU isolation is not configured" + when: + - not is_nsb_isolcpus_role.changed and not is_isolcpu.changed + - ISOL_CPUS is not defined + +- name: Send info that CPU isolation configured by someone else + debug: + msg: "INFO: NOT modified, CPU isolation is already configured by someone." + when: + - not is_nsb_isolcpus_role.changed and is_isolcpu.changed + +- name: Add/update isolcpus when ISOL_CPUS is defined and not set at all or set by this role + lineinfile: + path: "{{ grub_file }}" + regexp: "{{ isolcpus_help_string }}" + line: '{{ enable_isolcpu }} {{ isolcpus_help_string }}' + when: + - is_nsb_isolcpus_role.changed or not is_nsb_isolcpus_role.changed and not is_isolcpu.changed + - ISOL_CPUS is defined + +- name: Update grub for bare metal usage + command: "{{ update_grub[ansible_os_family] }}" + when: + - is_nsb_isolcpus_role.changed or not is_nsb_isolcpus_role.changed and not is_isolcpu.changed + - ISOL_CPUS is defined diff --git a/ansible/roles/enable_hugepages_on_boot/tasks/main.yml b/ansible/roles/enable_hugepages_on_boot/tasks/main.yml index 75526eb19..f84e07545 100755 --- a/ansible/roles/enable_hugepages_on_boot/tasks/main.yml +++ b/ansible/roles/enable_hugepages_on_boot/tasks/main.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2017 Intel Corporation +# Copyright (c) 2017-2019 Intel Corporation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. --- -- name: check if hugepages are set by this role +- name: Check if hugepages are set by this role command: "grep -o '{{ hugepage_param_regex }}' /etc/default/grub" register: is_mine_huge ignore_errors: True @@ -22,46 +22,32 @@ # stat: path="/sys/firmware/efi" # register: efi -- name: check if hugepages are set by someone else +- name: Check if hugepages are set by someone else command: "grep -o 'default_hugepagesz=' /etc/default/grub" register: is_huge ignore_errors: True -- fail: +- debug: msg: "Hugepages already set by someone else" when: is_mine_huge.stdout == "" and is_huge.stdout != "" -- name: configure hugepages as idempotent block +- name: Configure hugepages as idempotent block block: - - name: use 8 for auto num_hugepages and 1G size + - name: Use 8 for auto num_hugepages and 1G size set_fact: num_hugepages: 8 when: num_hugepages|default("auto") == "auto" - - name: set hugepages in grub + - name: Set hugepages in grub lineinfile: dest: /etc/default/grub regexp: '{{ hugepage_param_regex }}' line: '{{ hugepage_param }}' state: present - - name: create hugetables mount - file: - path: "{{ hugetable_mount }}" - state: directory - - - name: mount hugetlbfs - mount: - name: "{{ hugetable_mount }}" - src: nodev - fstype: hugetlbfs - state: present - - - service: - name: procps - enabled: yes - - include: manual_modify_grub.yml # only tested on Ubuntu, kernel line is probably different on other distros when: ansible_distribution == "Ubuntu" - when: is_mine_huge.stdout == "" + when: + - is_mine_huge.stdout == "" + - is_huge.stdout == "" diff --git a/ansible/roles/enable_iommu_on_boot/tasks/main.yml b/ansible/roles/enable_iommu_on_boot/tasks/main.yml index 188b32915..2772a5d52 100644 --- a/ansible/roles/enable_iommu_on_boot/tasks/main.yml +++ b/ansible/roles/enable_iommu_on_boot/tasks/main.yml @@ -54,25 +54,26 @@ - not is_nsb_iommu_role.changed - is_iommu.changed - - name: Add IOMMU when it is not set - lineinfile: - path: "{{ grub_file }}" - regexp: "{{ iommu_help_string }}" - line: '{{ enable_iommu }}" {{ iommu_help_string }}' + - block: + - name: Add IOMMU when it is not set + lineinfile: + path: "{{ grub_file }}" + regexp: "{{ iommu_help_string }}" + line: '{{ enable_iommu }}" {{ iommu_help_string }}' + + - name: find boot grub.cfg + find: + paths: /boot + file_type: file + patterns: 'grub*.cfg' + recurse: yes + register: grub_files + + - include: manual_modify_grub.yml + # only tested on Ubuntu, kernel line is probably different on other distros + with_items: "{{ grub_files.files }}" when: + - ansible_distribution == "Ubuntu" - not is_nsb_iommu_role.changed - not is_iommu.changed - - - name: find boot grub.cfg - find: - paths: /boot - file_type: file - patterns: 'grub*.cfg' - recurse: yes - register: grub_files - - - include: manual_modify_grub.yml - # only tested on Ubuntu, kernel line is probably different on other distros - with_items: "{{ grub_files.files }}" - when: ansible_distribution == "Ubuntu" when: iommu_boot_params is defined diff --git a/ansible/roles/init_kubeadm/defaults/main.yml b/ansible/roles/init_kubeadm/defaults/main.yml new file mode 100644 index 000000000..3d868398d --- /dev/null +++ b/ansible/roles/init_kubeadm/defaults/main.yml @@ -0,0 +1,27 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +cmk_rbc_rules_url: https://raw.githubusercontent.com/intel/CPU-Manager-for-Kubernetes/master/resources/authorization/cmk-rbac-rules.yaml +cmk_serviceaccount: https://raw.githubusercontent.com/intel/CPU-Manager-for-Kubernetes/master/resources/authorization/cmk-serviceaccount.yaml +dpdk_devbind_path: "{{ INSTALL_BIN_PATH|default('/opt') }}" +multus_config: + name: node-cni-network + type: multus + kubeconfig: /etc/kubernetes/kubelet.conf + delegates: + - type: flannel + delegate: + isDefaultGateway: true + hairpinMode: true + masterplugin: true diff --git a/ansible/roles/init_kubeadm/tasks/kubeadm.yml b/ansible/roles/init_kubeadm/tasks/kubeadm.yml new file mode 100644 index 000000000..7c808a01c --- /dev/null +++ b/ansible/roles/init_kubeadm/tasks/kubeadm.yml @@ -0,0 +1,50 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- set_fact: + service_cidr_param: --service-cidr={{ kubeadm_service_cidr }} + when: 'kubeadm_service_cidr is defined' + +- set_fact: + pod_network_cidr_param: --pod-network-cidr={{ kubeadm_pod_network_cidr }} + when: 'kubeadm_pod_network_cidr is defined' + +- set_fact: + kubernetes_version: --kubernetes-version {{ kubeadm_kubernetes_version }} + when: 'kubeadm_kubernetes_version is defined' + +- name: Initialize Kubernetes cluster + command: > + kubeadm init {{ pod_network_cidr_param|default('') }} + {{ service_cidr_param|default('') }} {{ kubernetes_version|default('') }} + --ignore-preflight-errors=all + +- name: Create Kubernetes configuration dir + file: path={{ ansible_env.HOME }}/.kube state=directory + +- name: Setup Kubernetes environment + copy: + src: /etc/kubernetes/admin.conf + dest: "{{ ansible_env.HOME }}/.kube/config" + remote_src: yes + +- name: Allow to schedule pods on the master + command: kubectl taint nodes --all node-role.kubernetes.io/master- + +- name: Wait for kube-dns pod to be in running state + command: kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o json + register: result + until: result.stdout|from_json|json_query('items[].status.phase|[0]') == "Running" + retries: 30 + delay: 2 diff --git a/ansible/roles/init_kubeadm/tasks/kubectl.yml b/ansible/roles/init_kubeadm/tasks/kubectl.yml new file mode 100644 index 000000000..dd8ad2f65 --- /dev/null +++ b/ansible/roles/init_kubeadm/tasks/kubectl.yml @@ -0,0 +1,26 @@ +# Copyright (c) 2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Generate temporary resource file + tempfile: state=file prefix=kubectl.{{ item }}. + register: config_file + +- name: Generate {{ item }} resource file + template: src={{ item }}.j2 dest={{ config_file.path }} + +- name: Create {{ item }} resource + command: kubectl create -f {{ config_file.path }} + +- name: Create Kubernetes configuration dir + file: path={{ config_file.path }} state=absent diff --git a/ansible/roles/init_kubeadm/tasks/main.yml b/ansible/roles/init_kubeadm/tasks/main.yml new file mode 100644 index 000000000..df7334ce1 --- /dev/null +++ b/ansible/roles/init_kubeadm/tasks/main.yml @@ -0,0 +1,70 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Disable swap + command: swapoff -a + ignore_errors: true + +- name: Reset Kubernetes cluster + command: kubeadm reset + +- name: Clean Kubernetes directories (w/o removing the folder itself) + shell: rm -fr {{ item }}/* + with_items: + - /etc/kubernetes + - /var/lib/cni + - /etc/cmk + +- name: Create Multus CNI plugin dir + file: path=/etc/cni/net.d state=directory + +- name: Configure Multus CNI plugin + template: src=10-multus-cni.conf.j2 dest=/etc/cni/net.d/10-multus-cni.conf owner=root mode=0644 + +- name: Change default kubelet cluster dns IP + lineinfile: + path: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf + regexp: '^(.*)--cluster-dns=([0-9\.]*)( +.*)$' + line: '\1--cluster-dns={{ kubelet_cluster_dns_ip }}\3' + backrefs: yes + backup: yes + +- name: Systemd daemon reload + command: systemctl daemon-reload + +- name: Restart kubelet + service: name=kubelet state=restarted + +- name: Initialize kubeadm + include: kubeadm.yml + +- name: Create CMK Kubernetes resources + command: kubectl create -f {{ item }} + with_items: + - "{{ cmk_rbc_rules_url }}" + - "{{ cmk_serviceaccount }}" + +- name: Create Kubernetes resources + include: kubectl.yml + with_items: + - crd-network.yaml + - net-flannel.yaml + - roles.yaml + - kube-flannel.yaml + - cmk-init-pod.yaml + +- name: Create a ClusterRoleBinding for a particular ClusterRole + command: > + kubectl create clusterrolebinding multus-node-{{ ansible_hostname }} + --clusterrole=multus-crd-overpowered --user=system:node:{{ ansible_hostname }} diff --git a/ansible/roles/init_kubeadm/templates/10-multus-cni.conf.j2 b/ansible/roles/init_kubeadm/templates/10-multus-cni.conf.j2 new file mode 100644 index 000000000..a68afaf26 --- /dev/null +++ b/ansible/roles/init_kubeadm/templates/10-multus-cni.conf.j2 @@ -0,0 +1 @@ +{{ multus_config | to_nice_json }} diff --git a/ansible/roles/init_kubeadm/templates/cmk-init-pod.yaml.j2 b/ansible/roles/init_kubeadm/templates/cmk-init-pod.yaml.j2 new file mode 100644 index 000000000..44c22581f --- /dev/null +++ b/ansible/roles/init_kubeadm/templates/cmk-init-pod.yaml.j2 @@ -0,0 +1,32 @@ +# Copyright (c) 2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: v1 +kind: Pod +metadata: + labels: + app: cmk-cluster-init-pod + name: cmk-cluster-init-pod +spec: + serviceAccountName: cmk-serviceaccount + containers: + - args: + # Change this value to pass different options to cluster-init. + - "/cmk/cmk.py cluster-init --host-list={{ ansible_hostname }} --saname=cmk-serviceaccount --cmk-img=si-docker.ir.intel.com/vcmts-ubuntu/cmk --num-dp-cores=4 --dp-mode=spread --num-cp-cores=1 --cp-mode=spread" + command: + - "/bin/bash" + - "-c" + image: si-docker.ir.intel.com/vcmts-ubuntu/cmk + name: cmk-cluster-init-pod + restartPolicy: Never diff --git a/ansible/roles/init_kubeadm/templates/crd-network.yaml.j2 b/ansible/roles/init_kubeadm/templates/crd-network.yaml.j2 new file mode 100644 index 000000000..0e451c51a --- /dev/null +++ b/ansible/roles/init_kubeadm/templates/crd-network.yaml.j2 @@ -0,0 +1,26 @@ +# Copyright (c) 2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: "apiextensions.k8s.io/v1beta1" +kind: CustomResourceDefinition +metadata: + name: networks.kubernetes.com +spec: + group: kubernetes.com + version: v1 + scope: Namespaced + names: + plural: networks + singular: network + kind: Network diff --git a/ansible/roles/init_kubeadm/templates/kube-flannel.yaml.j2 b/ansible/roles/init_kubeadm/templates/kube-flannel.yaml.j2 new file mode 100644 index 000000000..ddb849616 --- /dev/null +++ b/ansible/roles/init_kubeadm/templates/kube-flannel.yaml.j2 @@ -0,0 +1,158 @@ +# Copyright (c) 2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: flannel +rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: flannel +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: flannel +subjects: +- kind: ServiceAccount + name: flannel + namespace: kube-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: flannel + namespace: kube-system +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: kube-flannel-cfg + namespace: kube-system + labels: + tier: node + app: flannel +data: + cni-conf.json: | + { + "name": "cbr0", + "plugins": [ + { + "type": "flannel", + "delegate": { + "hairpinMode": true, + "isDefaultGateway": true + } + }, + { + "type": "portmap", + "capabilities": { + "portMappings": true + } + } + ] + } + net-conf.json: | + { + "Network": "{{ kubeadm_pod_network_cidr }}", + "Backend": { + "Type": "vxlan" + } + } +--- +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: kube-flannel-ds + namespace: kube-system + labels: + tier: node + app: flannel +spec: + template: + metadata: + labels: + tier: node + app: flannel + spec: + hostNetwork: true + nodeSelector: + beta.kubernetes.io/arch: amd64 + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + serviceAccountName: flannel + containers: + - name: kube-flannel + image: quay.io/coreos/flannel:v0.10.0-amd64 + command: + - /opt/bin/flanneld + args: + - --ip-masq + - --kube-subnet-mgr + resources: + requests: + cpu: "100m" + memory: "50Mi" + limits: + cpu: "100m" + memory: "50Mi" + securityContext: + privileged: true + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: run + mountPath: /run + - name: flannel-cfg + mountPath: /etc/kube-flannel/ + volumes: + - name: run + hostPath: + path: /run + - name: cni + hostPath: + path: /etc/cni/net.d + - name: flannel-cfg + configMap: + name: kube-flannel-cfg diff --git a/ansible/roles/init_kubeadm/templates/net-flannel.yaml.j2 b/ansible/roles/init_kubeadm/templates/net-flannel.yaml.j2 new file mode 100644 index 000000000..db25c6a89 --- /dev/null +++ b/ansible/roles/init_kubeadm/templates/net-flannel.yaml.j2 @@ -0,0 +1,24 @@ +# Copyright (c) 2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: "kubernetes.com/v1" +kind: Network +metadata: + name: flannel +plugin: flannel +args: '[{ + "delegate": { + "isDefaultGateway": true + } + }]' diff --git a/ansible/roles/init_kubeadm/templates/roles.yaml.j2 b/ansible/roles/init_kubeadm/templates/roles.yaml.j2 new file mode 100644 index 000000000..b3509b048 --- /dev/null +++ b/ansible/roles/init_kubeadm/templates/roles.yaml.j2 @@ -0,0 +1,29 @@ +# Copyright (c) 2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: multus-crd-overpowered +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +- nonResourceURLs: + - '*' + verbs: + - '*' diff --git a/ansible/roles/install_dependencies_kubernetes/tasks/main.yml b/ansible/roles/install_dependencies_kubernetes/tasks/main.yml new file mode 100644 index 000000000..90098a48e --- /dev/null +++ b/ansible/roles/install_dependencies_kubernetes/tasks/main.yml @@ -0,0 +1,19 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Install https download transport for APT + apt: + name: apt-transport-https + state: latest + update_cache: yes diff --git a/ansible/roles/install_go/defaults/main.yml b/ansible/roles/install_go/defaults/main.yml new file mode 100644 index 000000000..dee4f82d2 --- /dev/null +++ b/ansible/roles/install_go/defaults/main.yml @@ -0,0 +1,18 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +golang_repo_key_server: keyserver.ubuntu.com +golang_repo_key_id: C73998DC9DFEA6DCF1241057308C15A29AD198E9 +golang_repo_url: deb http://ppa.launchpad.net/gophers/archive/ubuntu xenial main +golang_bin_dir: /usr/lib/go-1.10/bin diff --git a/ansible/roles/install_go/tasks/main.yml b/ansible/roles/install_go/tasks/main.yml new file mode 100644 index 000000000..5489fadae --- /dev/null +++ b/ansible/roles/install_go/tasks/main.yml @@ -0,0 +1,40 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Add go language gophers repo key + # due to a proxy issue in the ansible apt_key module on Ubuntu 17.10, + # it doesn't work to add key via `id` and `keyserver` parametes. Similar + # issue is described here: https://github.com/debops/ansible-elastic_co/issues/2 + # apt_key: + # keyserver: "{{ golang_repo_key_server }}" + # id: "{{ golang_repo_key_id }}" + # As a workaround, we can use `apt-key` tool directly with proxy specified. + command: > + apt-key adv --keyserver {{ golang_repo_key_server }} --recv-keys + --keyserver-options http-proxy={{ proxy_env.http_proxy }} + {{ golang_repo_key_id }} + +- name: Add apt golang repository + apt_repository: + repo: "{{ golang_repo_url }}" + filename: golang-1.10-go + +- name: Install golang-1.10-go + apt: + name: golang-1.10-go + +- name: Setup Go environment variable + set_fact: + go_env: + PATH: "{{ golang_bin_dir }}:{{ ansible_env.PATH }}" diff --git a/ansible/roles/install_image_dependencies/defaults/main.yml b/ansible/roles/install_image_dependencies/defaults/main.yml index 42951bf6d..558e68a9b 100644 --- a/ansible/roles/install_image_dependencies/defaults/main.yml +++ b/ansible/roles/install_image_dependencies/defaults/main.yml @@ -30,6 +30,7 @@ install_dependencies: - libxss-dev - expect - libnuma-dev + - curl RedHat: - bc - fio @@ -50,3 +51,4 @@ install_dependencies: - sysstat - unzip - python-devel + - curl diff --git a/ansible/roles/install_kube/defaults/main.yml b/ansible/roles/install_kube/defaults/main.yml new file mode 100644 index 000000000..1ae57469d --- /dev/null +++ b/ansible/roles/install_kube/defaults/main.yml @@ -0,0 +1,16 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +kubernetes_key_url: https://packages.cloud.google.com/apt/doc/apt-key.gpg +kubernetes_repo_url: deb http://apt.kubernetes.io/ kubernetes-xenial main diff --git a/ansible/roles/install_kube/tasks/main.yml b/ansible/roles/install_kube/tasks/main.yml new file mode 100644 index 000000000..ea4f0cdb5 --- /dev/null +++ b/ansible/roles/install_kube/tasks/main.yml @@ -0,0 +1,30 @@ +# Copyright (c) 2018-2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Add kubernetes repo key + apt_key: + url: "{{ kubernetes_key_url }}" + +- name: Add apt kubernetes repository + apt_repository: + repo: "{{ kubernetes_repo_url }}" + filename: kubernetes + +- name: Install kubelet kubeadm kubectl kubernetes-cni + apt: + name: + - kubelet=1.9.3* + - kubeadm=1.9.3* + - kubectl=1.9.3* + force: yes diff --git a/ansible/roles/install_samplevnf/tasks/main.yml b/ansible/roles/install_samplevnf/tasks/main.yml index b5d33f668..ad147b00f 100644 --- a/ansible/roles/install_samplevnf/tasks/main.yml +++ b/ansible/roles/install_samplevnf/tasks/main.yml @@ -56,3 +56,35 @@ # make executable mode: 0755 +- set_fact: + path_vnf: "{{ INSTALL_BIN_PATH }}/{{ vnf_app_names[vnf_name]}}" + +- stat: + path: "{{ path_vnf }}" + checksum_algorithm: md5 + register: path_vnf_var + +- stat: + path: "{{ path_json }}" + register: path_json_var + +- name: Fetch from remote + fetch: + src: "{{ path_json }}" + dest: "{{ path_json }}" + flat: yes + when: path_json_var.stat.exists + +- name: Read from json + set_fact: + json_vars: "{{ lookup('file', path_json) | from_json }}" + when: path_json_var.stat.exists + +- set_fact: + json_vars: "{{ json_vars | default([]) | combine({ vnf_app_names[vnf_name]: {'branch_commit': samplevnf_version, 'path_vnf': path_vnf, 'md5': path_vnf_var.stat.checksum }}) }}" + +- name: Update json file + copy: + content: "{{ json_vars | to_nice_json }}" + dest: "{{ path_json }}" + mode: 0755 diff --git a/ansible/roles/set_package_installer_proxy/templates/apt_conf.j2 b/ansible/roles/set_package_installer_proxy/templates/apt_conf.j2 index 5b57178a7..cba8eacd4 100644 --- a/ansible/roles/set_package_installer_proxy/templates/apt_conf.j2 +++ b/ansible/roles/set_package_installer_proxy/templates/apt_conf.j2 @@ -1,3 +1,6 @@ {% if "http_proxy" in proxy_env %} Acquire::http::Proxy "{{ proxy_env.http_proxy }}"; {% endif %} +{% if "https_proxy" in proxy_env %} +Acquire::https::Proxy "{{ proxy_env.https_proxy }}"; +{% endif %} diff --git a/ansible/ubuntu_server_baremetal_deploy_samplevnfs.yml b/ansible/ubuntu_server_baremetal_deploy_samplevnfs.yml index 4f4d7d075..82d80fd5a 100644 --- a/ansible/ubuntu_server_baremetal_deploy_samplevnfs.yml +++ b/ansible/ubuntu_server_baremetal_deploy_samplevnfs.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2017 Intel Corporation. +# Copyright (c) 2017-2019 Intel Corporation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,6 +27,7 @@ # can't update grub in chroot/docker - enable_hugepages_on_boot - enable_iommu_on_boot + - enable_cpu_isolation_on_boot # needed for collectd plugins - increase_open_file_limits - install_image_dependencies |