Browse Source
Introduces Airship in pod. This includes: * A base image which sets up common requirements * An image for the libvirt service * An image for building a specified instance of airshipctl * An image for initializing the various libvirt infrastructure required for a deployment * An image which runs the deployment scripts Closes: #313 Change-Id: Ib1114350190b0fe0c0761ff67b38b3eca783161achanges/53/739753/66
29 changed files with 1371 additions and 0 deletions
@ -0,0 +1,201 @@
|
||||
Apache License |
||||
Version 2.0, January 2004 |
||||
http://www.apache.org/licenses/ |
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION |
||||
|
||||
1. Definitions. |
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction, |
||||
and distribution as defined by Sections 1 through 9 of this document. |
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by |
||||
the copyright owner that is granting the License. |
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all |
||||
other entities that control, are controlled by, or are under common |
||||
control with that entity. For the purposes of this definition, |
||||
"control" means (i) the power, direct or indirect, to cause the |
||||
direction or management of such entity, whether by contract or |
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the |
||||
outstanding shares, or (iii) beneficial ownership of such entity. |
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity |
||||
exercising permissions granted by this License. |
||||
|
||||
"Source" form shall mean the preferred form for making modifications, |
||||
including but not limited to software source code, documentation |
||||
source, and configuration files. |
||||
|
||||
"Object" form shall mean any form resulting from mechanical |
||||
transformation or translation of a Source form, including but |
||||
not limited to compiled object code, generated documentation, |
||||
and conversions to other media types. |
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or |
||||
Object form, made available under the License, as indicated by a |
||||
copyright notice that is included in or attached to the work |
||||
(an example is provided in the Appendix below). |
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object |
||||
form, that is based on (or derived from) the Work and for which the |
||||
editorial revisions, annotations, elaborations, or other modifications |
||||
represent, as a whole, an original work of authorship. For the purposes |
||||
of this License, Derivative Works shall not include works that remain |
||||
separable from, or merely link (or bind by name) to the interfaces of, |
||||
the Work and Derivative Works thereof. |
||||
|
||||
"Contribution" shall mean any work of authorship, including |
||||
the original version of the Work and any modifications or additions |
||||
to that Work or Derivative Works thereof, that is intentionally |
||||
submitted to Licensor for inclusion in the Work by the copyright owner |
||||
or by an individual or Legal Entity authorized to submit on behalf of |
||||
the copyright owner. For the purposes of this definition, "submitted" |
||||
means any form of electronic, verbal, or written communication sent |
||||
to the Licensor or its representatives, including but not limited to |
||||
communication on electronic mailing lists, source code control systems, |
||||
and issue tracking systems that are managed by, or on behalf of, the |
||||
Licensor for the purpose of discussing and improving the Work, but |
||||
excluding communication that is conspicuously marked or otherwise |
||||
designated in writing by the copyright owner as "Not a Contribution." |
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity |
||||
on behalf of whom a Contribution has been received by Licensor and |
||||
subsequently incorporated within the Work. |
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of |
||||
this License, each Contributor hereby grants to You a perpetual, |
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable |
||||
copyright license to reproduce, prepare Derivative Works of, |
||||
publicly display, publicly perform, sublicense, and distribute the |
||||
Work and such Derivative Works in Source or Object form. |
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of |
||||
this License, each Contributor hereby grants to You a perpetual, |
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable |
||||
(except as stated in this section) patent license to make, have made, |
||||
use, offer to sell, sell, import, and otherwise transfer the Work, |
||||
where such license applies only to those patent claims licensable |
||||
by such Contributor that are necessarily infringed by their |
||||
Contribution(s) alone or by combination of their Contribution(s) |
||||
with the Work to which such Contribution(s) was submitted. If You |
||||
institute patent litigation against any entity (including a |
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work |
||||
or a Contribution incorporated within the Work constitutes direct |
||||
or contributory patent infringement, then any patent licenses |
||||
granted to You under this License for that Work shall terminate |
||||
as of the date such litigation is filed. |
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the |
||||
Work or Derivative Works thereof in any medium, with or without |
||||
modifications, and in Source or Object form, provided that You |
||||
meet the following conditions: |
||||
|
||||
(a) You must give any other recipients of the Work or |
||||
Derivative Works a copy of this License; and |
||||
|
||||
(b) You must cause any modified files to carry prominent notices |
||||
stating that You changed the files; and |
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works |
||||
that You distribute, all copyright, patent, trademark, and |
||||
attribution notices from the Source form of the Work, |
||||
excluding those notices that do not pertain to any part of |
||||
the Derivative Works; and |
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its |
||||
distribution, then any Derivative Works that You distribute must |
||||
include a readable copy of the attribution notices contained |
||||
within such NOTICE file, excluding those notices that do not |
||||
pertain to any part of the Derivative Works, in at least one |
||||
of the following places: within a NOTICE text file distributed |
||||
as part of the Derivative Works; within the Source form or |
||||
documentation, if provided along with the Derivative Works; or, |
||||
within a display generated by the Derivative Works, if and |
||||
wherever such third-party notices normally appear. The contents |
||||
of the NOTICE file are for informational purposes only and |
||||
do not modify the License. You may add Your own attribution |
||||
notices within Derivative Works that You distribute, alongside |
||||
or as an addendum to the NOTICE text from the Work, provided |
||||
that such additional attribution notices cannot be construed |
||||
as modifying the License. |
||||
|
||||
You may add Your own copyright statement to Your modifications and |
||||
may provide additional or different license terms and conditions |
||||
for use, reproduction, or distribution of Your modifications, or |
||||
for any such Derivative Works as a whole, provided Your use, |
||||
reproduction, and distribution of the Work otherwise complies with |
||||
the conditions stated in this License. |
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise, |
||||
any Contribution intentionally submitted for inclusion in the Work |
||||
by You to the Licensor shall be under the terms and conditions of |
||||
this License, without any additional terms or conditions. |
||||
Notwithstanding the above, nothing herein shall supersede or modify |
||||
the terms of any separate license agreement you may have executed |
||||
with Licensor regarding such Contributions. |
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade |
||||
names, trademarks, service marks, or product names of the Licensor, |
||||
except as required for reasonable and customary use in describing the |
||||
origin of the Work and reproducing the content of the NOTICE file. |
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or |
||||
agreed to in writing, Licensor provides the Work (and each |
||||
Contributor provides its Contributions) on an "AS IS" BASIS, |
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or |
||||
implied, including, without limitation, any warranties or conditions |
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A |
||||
PARTICULAR PURPOSE. You are solely responsible for determining the |
||||
appropriateness of using or redistributing the Work and assume any |
||||
risks associated with Your exercise of permissions under this License. |
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory, |
||||
whether in tort (including negligence), contract, or otherwise, |
||||
unless required by applicable law (such as deliberate and grossly |
||||
negligent acts) or agreed to in writing, shall any Contributor be |
||||
liable to You for damages, including any direct, indirect, special, |
||||
incidental, or consequential damages of any character arising as a |
||||
result of this License or out of the use or inability to use the |
||||
Work (including but not limited to damages for loss of goodwill, |
||||
work stoppage, computer failure or malfunction, or any and all |
||||
other commercial damages or losses), even if such Contributor |
||||
has been advised of the possibility of such damages. |
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing |
||||
the Work or Derivative Works thereof, You may choose to offer, |
||||
and charge a fee for, acceptance of support, warranty, indemnity, |
||||
or other liability obligations and/or rights consistent with this |
||||
License. However, in accepting such obligations, You may act only |
||||
on Your own behalf and on Your sole responsibility, not on behalf |
||||
of any other Contributor, and only if You agree to indemnify, |
||||
defend, and hold each Contributor harmless for any liability |
||||
incurred by, or claims asserted against, such Contributor by reason |
||||
of your accepting any such warranty or additional liability. |
||||
|
||||
END OF TERMS AND CONDITIONS |
||||
|
||||
APPENDIX: How to apply the Apache License to your work. |
||||
|
||||
To apply the Apache License to your work, attach the following |
||||
boilerplate notice, with the fields enclosed by brackets "[]" |
||||
replaced with your own identifying information. (Don't include |
||||
the brackets!) The text should be enclosed in the appropriate |
||||
comment syntax for the file format. We also recommend that a |
||||
file or class name and description of purpose be included on the |
||||
same "printed page" as the copyright notice for easier |
||||
identification within third-party archives. |
||||
|
||||
Copyright [yyyy] [name of copyright owner] |
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); |
||||
you may not use this file except in compliance with the License. |
||||
You may obtain a copy of the License at |
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0 |
||||
|
||||
Unless required by applicable law or agreed to in writing, software |
||||
distributed under the License is distributed on an "AS IS" BASIS, |
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
See the License for the specific language governing permissions and |
||||
limitations under the License. |
@ -0,0 +1,39 @@
|
||||
IMAGE_REGISTRY ?= quay.io/airshipit
|
||||
IMAGES := infra-builder airshipctl-builder runner
|
||||
IMAGE_TAG ?= latest
|
||||
|
||||
PUSH_IMAGES ?= false
|
||||
|
||||
.PHONY: help base libvirt $(IMAGES) build test |
||||
|
||||
SHELL:=/bin/bash
|
||||
.ONESHELL: |
||||
|
||||
help: ## This help.
|
||||
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z0-9_-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
|
||||
|
||||
build: base |
||||
build: libvirt |
||||
build: $(IMAGES) ## Build the containers.
|
||||
|
||||
base: |
||||
docker build --tag ianhowell/base:$(IMAGE_TAG) --build-arg BASE_IMAGE=ubuntu:20.04 ./base
|
||||
ifeq (true, $(PUSH_IMAGES)) |
||||
docker push ianhowell/base:$(IMAGE_TAG)
|
||||
endif |
||||
|
||||
libvirt: |
||||
docker build --tag ianhowell/libvirt:$(IMAGE_TAG) ./libvirt
|
||||
ifeq (true, $(PUSH_IMAGES)) |
||||
docker push ianhowell/libvirt:$(IMAGE_TAG)
|
||||
endif |
||||
|
||||
$(IMAGES): |
||||
docker build --tag $(IMAGE_REGISTRY)/aiap-$@:$(IMAGE_TAG) ./$@
|
||||
ifeq (true, $(PUSH_IMAGES)) |
||||
docker push $(IMAGE_REGISTRY)/aiap-$@:$(IMAGE_TAG)
|
||||
endif |
||||
|
||||
test: build ## Test airship-in-a-pod
|
||||
kubectl delete -f airship-in-a-pod.yaml || true
|
||||
kubectl create -f airship-in-a-pod.yaml
|
@ -0,0 +1,82 @@
|
||||
# Airship in a Pod |
||||
|
||||
Airship in a pod is a Kubernetes pod definition which describes all of the |
||||
components required to deploy a fully functioning Airship 2 deployment. The pod |
||||
consists of the following "Task" containers: |
||||
|
||||
* `airshipctl-builder`: This container builds the airshipctl binary and makes it |
||||
available to the other containers |
||||
* `infra-builder`: This container creates the various virtual networks and |
||||
machines required for an Airship deployment |
||||
* `runner`: The runner container is the "meat" of the pod, and executes the |
||||
deployment |
||||
|
||||
The pod also contains the following "Support" containers: |
||||
|
||||
* `libvirt`: This provides virtualisation |
||||
* `sushy-tools`: This is used for its BMC emulator |
||||
* `docker-in-docker`: This is used for nesting containers* |
||||
* `nginx`: This is used for image hosting |
||||
|
||||
|
||||
## Prerequisites |
||||
|
||||
In order to deploy Airship in a Pod for development, you must first have a |
||||
working Kubernetes cluster. This guide assumes that a developer will deploy |
||||
using [minikube](https://minikube.sigs.k8s.io/docs/start/): |
||||
|
||||
``` |
||||
sudo -E minikube start --driver=none |
||||
``` |
||||
|
||||
## Usage |
||||
|
||||
Since Airship in a Pod is just a pod definition, deploying and using it is as |
||||
simple as deploying and using any Kubernetes pod. |
||||
|
||||
#### Deploy the Pod |
||||
|
||||
``` |
||||
kubectl apply -f airship-in-a-pod.yaml |
||||
``` |
||||
|
||||
#### View Pod Logs |
||||
|
||||
``` |
||||
kubectl logs airship-in-a-pod -c $CONTAINER |
||||
``` |
||||
|
||||
#### Interact with the Pod |
||||
|
||||
``` |
||||
kubectl exec -it airship-in-a-pod -c $CONTAINER -- bash |
||||
``` |
||||
|
||||
where `$CONTAINER` is one of the containers listed above. |
||||
|
||||
|
||||
### Output |
||||
|
||||
Airship-in-a-pod produces the following outputs: |
||||
|
||||
* The airshipctl repo and associated binary used with the deployment |
||||
* A tarball containing the generated ephemeral ISO, as well as the |
||||
configuration used during generation. |
||||
|
||||
These artifacts are placed at `ARTIFACTS_DIR` (defaults to /opt/aiap-artifacts`). |
||||
|
||||
|
||||
### Caching |
||||
|
||||
As it can be cumbersome and time-consuming to build and rebuild binaries and |
||||
images, some options are made available for caching. A developer may re-use |
||||
artifacts from previous runs (or provide their own) by placing them in |
||||
`CACHE_DIR` (defaults to `/opt/aiap-cache`). Special care is needed for the |
||||
caching: |
||||
|
||||
* If using a cached `airshipctl`, the `airshipctl` binary must be stored in the |
||||
`$CACHE_DIR/airshipctl/bin/` directory, and the developer must have set |
||||
`USE_CACHED_AIRSHIPCTL` to `true`. |
||||
* If using a cached ephemeral iso, the iso must first be contained in a tarball named `iso.tar.gz`, must be stored in the |
||||
`$CACHE_DIR/` directory, and the developer must have set |
||||
`USE_CACHED_ISO` to `true`. |
@ -0,0 +1,347 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); |
||||
# you may not use this file except in compliance with the License. |
||||
# You may obtain a copy of the License at |
||||
# |
||||
# http://www.apache.org/licenses/LICENSE-2.0 |
||||
# |
||||
# Unless required by applicable law or agreed to in writing, software |
||||
# distributed under the License is distributed on an "AS IS" BASIS, |
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
# See the License for the specific language governing permissions and |
||||
# limitations under the License. |
||||
|
||||
apiVersion: v1 |
||||
kind: Pod |
||||
metadata: |
||||
name: airship-in-a-pod |
||||
spec: |
||||
hostNetwork: false |
||||
restartPolicy: Never |
||||
containers: |
||||
|
||||
- name: libvirt |
||||
image: ianhowell/libvirt:latest |
||||
tty: true |
||||
securityContext: |
||||
privileged: true |
||||
#SYS_ADMIN required for systemd, need to work out reqs for libvirt |
||||
command: |
||||
- bash |
||||
- -cex |
||||
- "exec /usr/lib/systemd/systemd" |
||||
env: |
||||
- name: container |
||||
value: docker |
||||
readinessProbe: |
||||
exec: |
||||
command: |
||||
- virsh |
||||
- version |
||||
initialDelaySeconds: 5 |
||||
periodSeconds: 5 |
||||
startupProbe: |
||||
exec: |
||||
command: |
||||
- systemctl |
||||
- is-active |
||||
- --quiet |
||||
- libvirtd |
||||
initialDelaySeconds: 5 |
||||
periodSeconds: 5 |
||||
volumeMounts: |
||||
- name: var-run-aiap |
||||
mountPath: /var/run/aiap/ |
||||
- name: dev |
||||
mountPath: /dev |
||||
- name: tmp |
||||
mountPath: /tmp |
||||
- name: run |
||||
mountPath: /run |
||||
- name: var-lib-libvirt-images |
||||
mountPath: /var/lib/libvirt/images |
||||
- name: var-lib-libvirt-default |
||||
mountPath: /var/lib/libvirt/default |
||||
- name: var-run-libvirt |
||||
mountPath: /var/run/libvirt |
||||
- name: sys-fs-cgroup |
||||
mountPath: /sys/fs/cgroup |
||||
readOnly: false |
||||
- name: logs |
||||
mountPath: /var/log/ |
||||
|
||||
- name: sushy |
||||
image: quay.io/metal3-io/sushy-tools |
||||
command: |
||||
- bash |
||||
- -cex |
||||
- | |
||||
tee /csr_details.txt << EOF |
||||
[req] |
||||
default_bits = 2048 |
||||
prompt = no |
||||
default_md = sha256 |
||||
req_extensions = req_ext |
||||
distinguished_name = dn |
||||
|
||||
[ dn ] |
||||
CN = localhost |
||||
|
||||
[ req_ext ] |
||||
subjectAltName = @alt_names |
||||
|
||||
[ alt_names ] |
||||
DNS.1 = 127.0.0.1 |
||||
DNS.2 = ::1 |
||||
EOF |
||||
|
||||
openssl req \ |
||||
-newkey rsa:2048 \ |
||||
-nodes \ |
||||
-keyout /airship_gate_redfish_auth.key \ |
||||
-x509 \ |
||||
-days 365 \ |
||||
-out /airship_gate_redfish_auth.pem \ |
||||
-config <(cat /csr_details.txt) \ |
||||
-extensions 'req_ext' |
||||
|
||||
# Wait for interface to come up |
||||
while ! ping -c1 10.23.25.1 2>&1 >/dev/null; do sleep 1; done |
||||
|
||||
sushy-emulator \ |
||||
--debug \ |
||||
--interface 10.23.25.1 \ |
||||
--port 8443 \ |
||||
--ssl-key /airship_gate_redfish_auth.key \ |
||||
--ssl-certificate /airship_gate_redfish_auth.pem || true |
||||
|
||||
tail -f /dev/null |
||||
volumeMounts: |
||||
- name: var-run-libvirt |
||||
mountPath: /var/run/libvirt |
||||
|
||||
- name: nginx |
||||
image: nginx:latest |
||||
command: |
||||
- bash |
||||
- -cex |
||||
- | |
||||
tee /etc/nginx/nginx.conf <<'EOF' |
||||
user nginx; |
||||
worker_processes 1; |
||||
error_log /var/log/nginx/error.log warn; |
||||
pid /var/run/nginx.pid; |
||||
events { |
||||
worker_connections 1024; |
||||
} |
||||
http { |
||||
include /etc/nginx/mime.types; |
||||
default_type application/octet-stream; |
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' |
||||
'$status $body_bytes_sent "$http_referer" ' |
||||
'"$http_user_agent" "$http_x_forwarded_for"'; |
||||
access_log /var/log/nginx/access.log main; |
||||
sendfile on; |
||||
#tcp_nopush on; |
||||
keepalive_timeout 65; |
||||
#gzip on; |
||||
server { |
||||
listen 8099; |
||||
listen [::]:8099; |
||||
server_name localhost; |
||||
#charset koi8-r; |
||||
#access_log /var/log/nginx/host.access.log main; |
||||
location / { |
||||
root /srv/images; |
||||
autoindex on; |
||||
} |
||||
error_page 500 502 503 504 /50x.html; |
||||
location = /50x.html { |
||||
root /usr/share/nginx/html; |
||||
} |
||||
} |
||||
} |
||||
EOF |
||||
exec nginx -g 'daemon off;' |
||||
volumeMounts: |
||||
- name: srv |
||||
mountPath: /srv/ |
||||
|
||||
- name: dind |
||||
image: docker:stable-dind |
||||
securityContext: |
||||
privileged: true |
||||
volumeMounts: |
||||
- name: var-run-aiap |
||||
mountPath: /var/run/aiap/ |
||||
- name: dind-storage |
||||
mountPath: /var/lib/docker |
||||
- name: var-run-docker |
||||
mountPath: /var/run/ |
||||
- name: srv |
||||
mountPath: /srv/ |
||||
|
||||
- name: airshipctl-builder |
||||
image: quay.io/airshipit/aiap-airshipctl-builder:latest |
||||
command: |
||||
- bash |
||||
- -cex |
||||
- | |
||||
/entrypoint.sh || true |
||||
tail -f /dev/null |
||||
readinessProbe: |
||||
exec: |
||||
command: |
||||
- test |
||||
- -e |
||||
- /tmp/completed/airshipctl-builder |
||||
env: |
||||
- name: CACHE_DIR |
||||
value: /opt/aiap-cache |
||||
- name: USE_CACHED_AIRSHIPCTL |
||||
value: "false" |
||||
- name: ARTIFACTS_DIR |
||||
value: /opt/aiap-artifacts |
||||
- name: AIRSHIPCTL_REPO |
||||
value: https://review.opendev.org/airship/airshipctl |
||||
- name: AIRSHIPCTL_REF |
||||
value: master |
||||
volumeMounts: |
||||
- name: tmp |
||||
mountPath: /tmp |
||||
- name: cache |
||||
mountPath: /opt/aiap-cache |
||||
- name: artifacts |
||||
mountPath: /opt/aiap-artifacts |
||||
- name: completed |
||||
mountPath: /tmp/completed |
||||
- name: var-run-docker |
||||
mountPath: /var/run |
||||
|
||||
- name: infra-builder |
||||
image: quay.io/airshipit/aiap-infra-builder:latest |
||||
securityContext: |
||||
privileged: true |
||||
command: |
||||
- bash |
||||
- -cex |
||||
- | |
||||
/entrypoint.sh || true |
||||
tail -f /dev/null |
||||
readinessProbe: |
||||
exec: |
||||
command: |
||||
- test |
||||
- -e |
||||
- /tmp/completed/infra-builder |
||||
env: |
||||
- name: CACHE_DIR |
||||
value: /opt/aiap-cache |
||||
- name: ARTIFACTS_DIR |
||||
value: /opt/aiap-artifacts |
||||
volumeMounts: |
||||
- name: cache |
||||
mountPath: /opt/aiap-cache |
||||
- name: artifacts |
||||
mountPath: /opt/aiap-artifacts |
||||
- name: completed |
||||
mountPath: /tmp/completed |
||||
- name: tmp |
||||
mountPath: /tmp |
||||
- name: var-run-aiap |
||||
mountPath: /var/run/aiap/ |
||||
- name: var-lib-libvirt-images |
||||
mountPath: /var/lib/libvirt/images |
||||
- name: var-lib-libvirt-default |
||||
mountPath: /var/lib/libvirt/default |
||||
- name: var-run-libvirt |
||||
mountPath: /var/run/libvirt |
||||
- name: logs |
||||
mountPath: /var/log/ |
||||
- name: var-run-docker |
||||
mountPath: /var/run |
||||
|
||||
- name: runner |
||||
image: quay.io/airshipit/aiap-runner:latest |
||||
command: |
||||
- bash |
||||
- -cex |
||||
- | |
||||
/entrypoint.sh || true |
||||
tail -f /dev/null |
||||
readinessProbe: |
||||
exec: |
||||
command: |
||||
- test |
||||
- -e |
||||
- /tmp/completed/runner |
||||
initialDelaySeconds: 600 |
||||
periodSeconds: 30 |
||||
env: |
||||
- name: CACHE_DIR |
||||
value: /opt/aiap-cache |
||||
- name: ARTIFACTS_DIR |
||||
value: /opt/aiap-artifacts |
||||
- name: USE_CACHED_ISO |
||||
value: "false" |
||||
volumeMounts: |
||||
- name: cache |
||||
mountPath: /opt/aiap-cache |
||||
- name: artifacts |
||||
mountPath: /opt/aiap-artifacts |
||||
- name: completed |
||||
mountPath: /tmp/completed |
||||
- name: tmp |
||||
mountPath: /tmp |
||||
- name: var-run-aiap |
||||
mountPath: /var/run/aiap/ |
||||
- name: srv |
||||
mountPath: /srv/ |
||||
- name: run |
||||
mountPath: /run |
||||
- name: var-run-libvirt |
||||
mountPath: /var/run/libvirt |
||||
- name: logs |
||||
mountPath: /var/log/ |
||||
- name: var-run-docker |
||||
mountPath: /var/run |
||||
|
||||
volumes: |
||||
- name: cache |
||||
hostPath: |
||||
path: /opt/aiap-cache |
||||
- name: artifacts |
||||
hostPath: |
||||
path: /opt/aiap-artifacts |
||||
- name: completed |
||||
emptyDir: {} |
||||
- name: dev |
||||
hostPath: |
||||
path: /dev |
||||
- name: tmp |
||||
emptyDir: |
||||
medium: "Memory" |
||||
- name: run |
||||
emptyDir: |
||||
medium: "Memory" |
||||
- name: var-lib-libvirt-images |
||||
emptyDir: {} |
||||
- name: var-lib-libvirt-default |
||||
emptyDir: {} |
||||
- name: var-run-libvirt |
||||
emptyDir: |
||||
medium: "Memory" |
||||
- name: var-run-aiap |
||||
emptyDir: |
||||
medium: "Memory" |
||||
- name: sys-fs-cgroup |
||||
hostPath: |
||||
path: /sys/fs/cgroup |
||||
- name: srv |
||||
emptyDir: {} |
||||
- name: logs |
||||
emptyDir: {} |
||||
- name: var-run-docker |
||||
emptyDir: |
||||
medium: "Memory" |
||||
- name: dind-storage |
||||
emptyDir: {} |
@ -0,0 +1,30 @@
|
||||
FROM ianhowell/base:latest |
||||
|
||||
SHELL ["bash", "-exc"] |
||||
ENV DEBIAN_FRONTEND noninteractive |
||||
|
||||
ARG USE_CACHED_AIRSHIPCTL="false" |
||||
ENV USE_CACHED_AIRSHIPCTL="false" |
||||
|
||||
ARG AIRSHIPCTL_REPO=https://review.opendev.org/airship/airshipctl |
||||
ENV AIRSHIPCTL_REF=$AIRSHIPCTL_REF |
||||
|
||||
ARG AIRSHIPCTL_REF=master |
||||
ENV AIRSHIPCTL_REPO=$AIRSHIPCTL_REPO |
||||
|
||||
# Update distro and install ansible |
||||
RUN apt-get update ;\ |
||||
apt-get dist-upgrade -y ;\ |
||||
apt-get install -y \ |
||||
git \ |
||||
apt-transport-https \ |
||||
ca-certificates \ |
||||
gnupg-agent \ |
||||
gettext-base ;\ |
||||
rm -rf /var/lib/apt/lists/* |
||||
|
||||
COPY assets /opt/assets/ |
||||
RUN cp -ravf /opt/assets/* / ;\ |
||||
rm -rf /opt/assets |
||||
|
||||
ENTRYPOINT /entrypoint.sh |
@ -0,0 +1,38 @@
|
||||
#!/bin/bash |
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); |
||||
# you may not use this file except in compliance with the License. |
||||
# You may obtain a copy of the License at |
||||
# |
||||
# http://www.apache.org/licenses/LICENSE-2.0 |
||||
# |
||||
# Unless required by applicable law or agreed to in writing, software |
||||
# distributed under the License is distributed on an "AS IS" BASIS, |
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
# See the License for the specific language governing permissions and |
||||
# limitations under the License. |
||||
|
||||
set -ex |
||||
|
||||
if [[ "$USE_CACHED_AIRSHIPCTL" = "true" ]] |
||||
then |
||||
printf "Using cached airshipctl\n" |
||||
cp -r "$CACHE_DIR/airshipctl" "$ARTIFACTS_DIR/airshipctl" |
||||
else |
||||
printf "Waiting 30 seconds for the libvirt, sushy, and docker services to be ready\n" |
||||
sleep 30 |
||||
|
||||
airshipctl_dir="$ARTIFACTS_DIR/airshipctl" |
||||
mkdir -p "$airshipctl_dir" |
||||
cd "$airshipctl_dir" |
||||
|
||||
git init |
||||
git fetch "$AIRSHIPCTL_REPO" "$AIRSHIPCTL_REF" |
||||
git checkout FETCH_HEAD |
||||
|
||||
./tools/deployment/21_systemwide_executable.sh |
||||
mkdir -p bin |
||||
cp "$(which airshipctl)" bin |
||||
fi |
||||
|
||||
/signal_complete airshipctl-builder |
@ -0,0 +1,44 @@
|
||||
ARG BASE_IMAGE |
||||
FROM ${BASE_IMAGE} |
||||
|
||||
SHELL ["bash", "-exc"] |
||||
ENV DEBIAN_FRONTEND noninteractive |
||||
|
||||
ARG CACHE_DIR=/opt/aiap-cache |
||||
ENV CACHE_DIR=$CACHE_DIR |
||||
|
||||
ARG ARTIFACTS_DIR=/opt/aiap-artifacts |
||||
ENV ARTIFACTS_DIR=$ARTIFACTS_DIR |
||||
|
||||
# Update distro and install common reqs |
||||
RUN apt-get update ;\ |
||||
apt-get dist-upgrade -y ;\ |
||||
apt-get install -y \ |
||||
python3-minimal \ |
||||
python3-pip \ |
||||
python3-setuptools \ |
||||
python3-libvirt \ |
||||
curl \ |
||||
make \ |
||||
sudo \ |
||||
iproute2 \ |
||||
bridge-utils \ |
||||
iputils-ping \ |
||||
net-tools \ |
||||
less \ |
||||
jq \ |
||||
vim \ |
||||
software-properties-common \ |
||||
openssh-client ;\ |
||||
pip3 install --upgrade wheel ;\ |
||||
pip3 install --upgrade ansible ;\ |
||||
pip3 install --upgrade yq ;\ |
||||
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - ;\ |
||||
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" ;\ |
||||
apt-get install -y --no-install-recommends docker-ce-cli ;\ |
||||
rm -rf /var/lib/apt/lists/* ; \ |
||||
mkdir -p "$ARTIFACTS_DIR" ; \ |
||||
mkdir -p "$CACHE_DIR" |
||||
|
||||
COPY wait_for . |
||||
COPY signal_complete . |
@ -0,0 +1,9 @@
|
||||
#!/bin/bash |
||||
|
||||
# signal_complete takes a container name and creates a file in the "completed" |
||||
# directory, denoting that the named container has finished its tasks. This can be |
||||
# leveraged by dependent containers via the `wait_for` command. |
||||
|
||||
mkdir -p "/tmp/completed" |
||||
touch "/tmp/completed/$1" |
||||
printf "Marked %s as complete.\n" "$1" |
@ -0,0 +1,22 @@
|
||||
#!/bin/bash |
||||
|
||||
# wait_for takes a list of container names and runs until all of those container names |
||||
# appear in the "/tmp/completed" directory. It can be used to prevent a |
||||
# container from executing until pre-requisite containers have indicated completion. |
||||
|
||||
mkdir -p "/tmp/completed" |
||||
while true; do |
||||
# Assume we're finished, prove otherwise |
||||
finished=true |
||||
for container in "$@"; do |
||||
if [[ ! -e "/tmp/completed/$container" ]]; then |
||||
printf "Waiting on '%s'...\n" "$container" |
||||
finished=false |
||||
sleep 10 |
||||
break |
||||
fi |
||||
done |
||||
if $finished; then |
||||
break |
||||
fi |
||||
done |
@ -0,0 +1,22 @@
|
||||
FROM ianhowell/base:latest |
||||
|
||||
SHELL ["bash", "-exc"] |
||||
ENV DEBIAN_FRONTEND noninteractive |
||||
|
||||
# Update distro and install ansible |
||||
RUN apt-get update ;\ |
||||
apt-get dist-upgrade -y ;\ |
||||
apt-get install -y \ |
||||
python3-apt \ |
||||
python3-lxml \ |
||||
virtinst \ |
||||
nfs4-acl-tools \ |
||||
acl \ |
||||
virt-manager;\ |
||||
rm -rf /var/lib/apt/lists/* |
||||
|
||||
COPY assets /opt/assets/ |
||||
RUN cp -ravf /opt/assets/* / ;\ |
||||
rm -rf /opt/assets |
||||
|
||||
ENTRYPOINT /entrypoint.sh |
@ -0,0 +1,23 @@
|
||||
#!/bin/bash |
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); |
||||
# you may not use this file except in compliance with the License. |
||||
# You may obtain a copy of the License at |
||||
# |
||||
# http://www.apache.org/licenses/LICENSE-2.0 |
||||
# |
||||
# Unless required by applicable law or agreed to in writing, software |
||||
# distributed under the License is distributed on an "AS IS" BASIS, |
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
# See the License for the specific language governing permissions and |
||||
# limitations under the License. |
||||
|
||||
set -ex |
||||
|
||||
printf "Waiting 30 seconds for the libvirt, sushy, and docker services to be ready\n" |
||||
sleep 30 |
||||
|
||||
ansible-playbook -v /opt/ansible/playbooks/build-infra.yaml \ |
||||
-e local_src_dir="$(pwd)" |
||||
|
||||
/signal_complete infra-builder |
@ -0,0 +1,23 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); |
||||
# you may not use this file except in compliance with the License. |
||||
# You may obtain a copy of the License at |
||||
# |
||||
# http://www.apache.org/licenses/LICENSE-2.0 |
||||
# |
||||
# Unless required by applicable law or agreed to in writing, software |
||||
# distributed under the License is distributed on an "AS IS" BASIS, |
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
# See the License for the specific language governing permissions and |
||||
# limitations under the License. |
||||
|
||||
--- |
||||
- hosts: localhost |
||||
tasks: |
||||
|
||||
- name: install kustomize |
||||
include_role: |
||||
name: install-kustomize |
||||
|
||||
- name: Setup Infrastructure |
||||
include_role: |
||||
name: build-infra |
@ -0,0 +1,64 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); |
||||
# you may not use this file except in compliance with the License. |
||||
# You may obtain a copy of the License at |
||||
# |
||||
# http://www.apache.org/licenses/LICENSE-2.0 |
||||
# |
||||
# Unless required by applicable law or agreed to in writing, software |
||||
# distributed under the License is distributed on an "AS IS" BASIS, |
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
# See the License for the specific language governing permissions and |
||||
# limitations under the License. |
||||
|
||||
floorplan: |
||||
image_pool: "/var/lib/libvirt/images" |
||||
default_image_pool: "/var/lib/libvirt/default" |
||||
uri: "qemu:///system" |
||||
os_variant: "ubuntu18.04" |
||||
|
||||
ephemeral_node: |
||||
name: air-ephemeral |
||||
cpu: 4 |
||||
ram: 6124 |
||||
nat_mac_address: 52:54:00:9b:27:02 |
||||
prov_mac_address: 52:54:00:b6:ed:02 |
||||
block: |
||||
- 20G |
||||
|
||||
target_nodes: |
||||
count: 1 |
||||
name: air-target |
||||
cpu: 2 |
||||
ram: 6124 |
||||
nat_mac_address: 52:54:00:9b:27:4c |
||||
prov_mac_address: 52:54:00:b6:ed:31 |
||||
block: |
||||
- 20G |
||||
|
||||
worker_nodes: |
||||
count: 1 |
||||
name: air-worker |
||||
cpu: 1 |
||||
ram: 6124 |
||||
nat_mac_address: 52:54:00:9b:27:07 |
||||
prov_mac_address: 52:54:00:b6:ed:23 |
||||
block: |
||||
- 20G |
||||
|
||||
# 1st item must be the oobm network, 2nd the provisioning |
||||
networks: |
||||
- name: provisioning |
||||
bridge: "air_prov" |
||||
ip: |
||||
address: "10.23.24.1" |
||||
netmask: "255.255.255.0" |
||||
- name: nat |
||||
bridge: "air_nat" |
||||
ip: |
||||
address: "10.23.25.1" |
||||
netmask: "255.255.255.0" |
||||
- name: default |
||||
bridge: "default" |
||||
ip: |
||||
address: "10.23.25.1" |
||||
netmask: "255.255.255.0" |
@ -0,0 +1,59 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); |
||||
# you may not use this file except in compliance with the License. |
||||
# You may obtain a copy of the License at |
||||
# |
||||
# http://www.apache.org/licenses/LICENSE-2.0 |
||||
# |
||||
# Unless required by applicable law or agreed to in writing, software |
||||
# distributed under the License is distributed on an "AS IS" BASIS, |
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
# See the License for the specific language governing permissions and |
||||
# limitations under the License. |
||||
|
||||
- set_fact: |
||||
qcow_rand: "{{ 6000 | random }}" |
||||
|
||||
- name: "Create qemu image extra block devices" |
||||
shell: | |
||||
qemu-img create \ |
||||
-f qcow2 \ |
||||
"{{ floorplan.image_pool }}/{{ vm_instance.name }}-{{ seq }}-{{ qcow_rand }}".qcow2 "{{ vm_instance.block[(seq | int)-1] }}" |
||||
with_sequence: |
||||
start=1 end="{{ (vm_instance.block | length | int ) }}" |
||||
loop_control: |
||||
loop_var: seq |
||||
|
||||
- acl: |
||||
default: true |
||||
path: "{{ floorplan.image_pool }}" |
||||
entry: "u:libvirt-qemu:r-x" |
||||
state: present |
||||
|
||||
- name: Define vm xml |
||||
shell: | |
||||
virt-install \ |
||||
--connect "{{ floorplan.uri }}" \ |
||||
--os-variant "{{ floorplan.os_variant }}" \ |
||||
--machine pc \ |
||||
--name "{{ vm_name }}" \ |
||||
--memory "{{ vm_instance.ram }}" \ |
||||
--network network="air_nat",address.type='pci',address.domain=0,address.bus=0,address.slot=3,address.function=0,mac="{{ vm_instance.nat_mac_address }}" \ |
||||
--network network="air_prov",address.type='pci',address.domain=0,address.bus=0,address.slot=4,address.function=0,mac="{{ vm_instance.prov_mac_address }}" \ |
||||
--cpu host-passthrough \ |
||||
--vcpus "{{ vm_instance.cpu | int }}" \ |
||||
--import \ |
||||
{% for i in range(1, (vm_instance.block | length | int )+1) %} |
||||
--disk "{{ floorplan.image_pool }}/{{ vm_instance.name }}-{{ i }}-{{ qcow_rand }}.qcow2,bus=scsi,format=qcow2" \ |
||||
{% endfor %} |
||||
--nographics \ |
||||
--noautoconsole \ |
||||
--print-xml |
||||
register: vm_xml |
||||
|
||||
- debug: |
||||
msg: "{{ vm_xml }}" |
||||
|
||||
- name: Create vm |
||||
virt: |
||||
command: define |
||||
xml: "{{ vm_xml.stdout }}" |
@ -0,0 +1,20 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); |
||||
# you may not use this file except in compliance with the License. |
||||
# You may obtain a copy of the License at |
||||
# |
||||
# http://www.apache.org/licenses/LICENSE-2.0 |
||||
# |
||||
# Unless required by applicable law or agreed to in writing, software |
||||
# distributed under the License is distributed on an "AS IS" BASIS, |
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
# See the License for the specific language governing permissions and |
||||
# limitations under the License. |
||||
|
||||
- debug: |
||||
msg: "{{ worker_node }}" |
||||
|
||||
- name: "Create vms" |
||||
include_tasks: create-vm.yaml |
||||
with_sequence: start=1 end="{{vm_instance.count | int}}" |
||||
loop_control: |
||||
loop_var: a_node |
@ -0,0 +1,93 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); |
||||
# you may not use this file except in compliance with the License. |
||||
# You may obtain a copy of the License at |
||||
# |
||||
# http://www.apache.org/licenses/LICENSE-2.0 |
||||
# |
||||
# Unless required by applicable law or agreed to in writing, software |
||||
# distributed under the License is distributed on an "AS IS" BASIS, |
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
# See the License for the specific language governing permissions and |
||||
# limitations under the License. |
||||
|
||||
- acl: |
||||
default: true |
||||
path: "{{ floorplan.default_image_pool }}" |
||||
entry: "u:libvirt-qemu:r-x" |
||||
state: present |
||||
|
||||
- name: "Define, Build, and Start default storage pool" |
||||
block: |
||||
- virt_pool: |
||||
command: define |
||||
name: "{{ item }}" |
||||
xml: '{{ lookup("template", "{{ item }}.xml.j2") }}' |
||||
with_items: |
||||
- default |
||||
|
||||
- virt_pool: |
||||
command: build |
||||
name: "{{ item }}" |
||||
with_items: |
||||
- default |
||||
|
||||
- virt_pool: |
||||
state: active |
||||
name: "{{ item }}" |
||||
with_items: |
||||
- default |
||||
|
||||
- virt_pool: |
||||
command: list_pools |
||||
|
||||
- name: "Define network, activate, start network pools" |
||||
block: |
||||
- virt_net: |
||||
command: define |
||||
xml: '{{ lookup("template", "{{ item }}.xml.j2") }}' |
||||
name: "{{ item }}" |
||||
with_items: |
||||
- "air_prov" |
||||
- "air_nat" |
||||
|
||||
- virt_net: |
||||
state: active |
||||
name: "{{ item }}" |
||||
with_items: |
||||
- "default" |
||||
- "air_prov" |
||||
- "air_nat" |
||||
|
||||
- virt_net: |
||||
name: "{{ item }}" |
||||
autostart: true |
||||
with_items: |
||||
- "default" |
||||
- "air_prov" |
||||
- "air_nat" |
||||
|
||||
- name: "Create ephemeral node" |
||||
include_tasks: create-vm.yaml |
||||
vars: |
||||
vm_instance: "{{ ephemeral_node }}" |
||||
vm_name: "{{ ephemeral_node.name }}" |
||||
|
||||
- name: "Create target nodes" |
||||
include_tasks: create-vm.yaml |
||||
vars: |
||||
vm_instance: "{{ target_nodes }}" |
||||
vm_name: "{{ target_nodes.name }}-{{ a_node }}" |
||||
with_sequence: |
||||
start=1 end="{{ (vm_instance.count | int) }}" |
||||
loop_control: |
||||
loop_var: a_node |
||||
|
||||
- name: "Create worker nodes" |
||||
include_tasks: create-vm.yaml |
||||
vars: |
||||
vm_instance: "{{ worker_nodes }}" |
||||
vm_name: "{{ worker_nodes.name }}-{{ a_node }}" |
||||
with_sequence: |
||||
start=1 end="{{ (vm_instance.count | int) }}" |
||||
loop_control: |
||||
loop_var: a_node |
@ -0,0 +1,10 @@
|
||||
<network connections="2"> |
||||
<name>air_nat</name> |
||||
<uuid>667f20da-ad20-4623-bf70-88f6e6dec2d6</uuid> |
||||
<forward mode="nat"> |
||||
<nat><port start="1024" end="65535"/> |
||||
</nat> |
||||
</forward><bridge name="nat_br" stp="on" delay="0"/> |
||||
<ip address="{{ networks[1].ip.address }}" netmask="{{ networks[1].ip.netmask }}"> |
||||
</ip> |
||||
</network> |
@ -0,0 +1,7 @@
|
||||
<network connections="2"> |
||||
<name>air_prov</name> |
||||
<uuid>55739809-1c3a-4c79-b6e7-2607000715da</uuid> |
||||
<bridge name="prov_br" stp="on" delay="0"/> |
||||
<ip address="{{ networks[0].ip.address }}" netmask="{{ networks[0].ip.netmask }}"> |
||||
</ip> |
||||
</network> |
@ -0,0 +1,6 @@
|
||||
<pool type="dir"> |
||||
<name>default</name> |
||||
<target> |
||||
<path>{{ floorplan.default_image_pool }}</path> |
||||
</target> |
||||
</pool> |
@ -0,0 +1,9 @@
|
||||
<network> |
||||
<name>default</name> |
||||
<uuid>3f11d0fe-6c59-43fb-b22a-4355d57d07fa</uuid><forward mode="nat"/> |
||||
<bridge name="virbr0" stp="on" delay="0"/> |
||||
<ip address="192.168.122.1" netmask="255.255.255.0"> |
||||
<dhcp><range start="192.168.122.2" end="192.168.122.254"/> |
||||
</dhcp> |
||||
</ip> |
||||
</network> |
@ -0,0 +1,17 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); |
||||
# you may not use this file except in compliance with the License. |
||||
# You may obtain a copy of the License at |
||||
# |
||||
# http://www.apache.org/licenses/LICENSE-2.0 |
||||
# |
||||
# Unless required by applicable law or agreed to in writing, software |
||||
# distributed under the License is distributed on an "AS IS" BASIS, |
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
# See the License for the specific language governing permissions and |
||||
# limitations under the License. |
||||
|
||||
kustomize_version: v3.8.5 |
||||
kustomize_download_url: "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/{{ kustomize_version }}/kustomize_{{ kustomize_version }}_linux_amd64.tar.gz" |
||||
proxy: |
||||
http: |
||||
noproxy: |
@ -0,0 +1,24 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); |
||||
# you may not use this file except in compliance with the License. |
||||
# You may obtain a copy of the License at |
||||
# |
||||
# http://www.apache.org/licenses/LICENSE-2.0 |
||||
# |
||||
# Unless required by applicable law or agreed to in writing, software |
||||
# distributed under the License is distributed on an "AS IS" BASIS, |
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
# See the License for the specific language governing permissions and |
||||
# limitations under the License. |
||||
|
||||
- name: install kustomize binary |
||||
shell: | |
||||
set -e |
||||
curl -sSL {{ kustomize_download_url }} | tar -C /tmp -xzf - |
||||
install /tmp/kustomize /usr/local/bin |
||||
become: yes |
||||
args: |
||||
warn: false |
||||
environment: |
||||
http_proxy: "{{ proxy.http }}" |
||||
https_proxy: "{{ proxy.http }}" |
||||
no_proxy: "{{ proxy.noproxy }}" |
@ -0,0 +1,34 @@
|
||||
FROM ianhowell/base:latest |
||||
|
||||
SHELL ["bash", "-exc"] |
||||
ENV DEBIAN_FRONTEND noninteractive |
||||
|
||||
RUN apt-get update ;\ |
||||
apt-get dist-upgrade -y ;\ |
||||
apt-get install -y \ |
||||
libvirt-daemon \ |
||||
qemu-kvm \ |
||||
libvirt-daemon-system \ |
||||
bridge-utils \ |
||||
libvirt-clients \ |
||||
systemd \ |
||||
socat ;\ |
||||
find /etc/systemd/system \ |
||||
/usr/lib/systemd/system \ |
||||
-path '*.wants/*' \ |
||||
-not -name '*journald*' \ |
||||
-not -name '*systemd-tmpfiles*' \ |
||||
-not -name '*systemd-user-sessions*' \ |
||||
-exec rm \{} \; ;\ |
||||
systemctl set-default multi-user.target ;\ |
||||
sed -i 's|SocketMode=0660|SocketMode=0666|g' /lib/systemd/system/libvirtd.socket ;\ |
||||
systemctl enable libvirtd ;\ |
||||
systemctl enable virtlogd ;\ |
||||
echo 'user = "root"' >> /etc/libvirt/qemu.conf ;\ |
||||
echo 'group = "root"' >> /etc/libvirt/qemu.conf |
||||
|
||||
COPY assets /opt/assets/ |
||||
RUN cp -ravf /opt/assets/* / ;\ |
||||
rm -rf /opt/assets |
||||
|
||||
ENTRYPOINT /bin/systemd |
@ -0,0 +1,43 @@
|
||||
# This file is part of systemd. |
||||
# |
||||
# systemd is free software; you can redistribute it and/or modify it |
||||
# under the terms of the GNU Lesser General Public License as published by |
||||
# the Free Software Foundation; either version 2.1 of the License, or |
||||
# (at your option) any later version. |
||||
# |
||||
# Entries in this file show the compile time defaults. |
||||
# You can change settings by editing this file. |
||||
# Defaults can be restored by simply deleting this file. |
||||
# |
||||
# See journald.conf(5) for details. |
||||
|
||||
[Journal] |
||||
#Storage=auto |
||||
#Compress=yes |
||||
#Seal=yes |
||||
#SplitMode=uid |
||||
#SyncIntervalSec=5m |
||||
#RateLimitIntervalSec=30s |
||||
#RateLimitBurst=10000 |
||||
#SystemMaxUse= |
||||
#SystemKeepFree= |
||||
#SystemMaxFileSize= |
||||
#SystemMaxFiles=100 |
||||
#RuntimeMaxUse= |
||||
#RuntimeKeepFree= |
||||
#RuntimeMaxFileSize= |
||||
#RuntimeMaxFiles=100 |
||||
#MaxRetentionSec= |
||||
#MaxFileSec=1month |
||||
#ForwardToSyslog=yes |
||||
#ForwardToKMsg=no |
||||
ForwardToConsole=yes |
||||
#ForwardToWall=yes |
||||
TTYPath=/dev/console |
||||
#MaxLevelStore=debug |
||||
#MaxLevelSyslog=debug |
||||
#MaxLevelKMsg=notice |
||||
#MaxLevelConsole=info |
||||
#MaxLevelWall=emerg |
||||
#LineMax=48K |
||||
#ReadKMsg=yes |
@ -0,0 +1,3 @@
|
||||
[Service] |
||||
StandardOutput=tty |
||||
#FailureAction=poweroff |
@ -0,0 +1,2 @@
|
||||
[Service] |
||||
FailureAction=poweroff |
@ -0,0 +1,2 @@
|
||||
[Service] |
||||
StandardOutput=tty |
@ -0,0 +1,28 @@
|
||||
FROM ianhowell/base:latest |
||||
|
||||
SHELL ["bash", "-exc"] |
||||
ENV DEBIAN_FRONTEND noninteractive |
||||
|
||||
ARG k8s_version=v1.18.3 |
||||
ARG kubectl_url=https://storage.googleapis.com/kubernetes-release/release/"${k8s_version}"/bin/linux/amd64/kubectl |
||||
|
||||
# Update distro and install ansible |
||||
RUN apt-get update ;\ |
||||
apt-get dist-upgrade -y ;\ |
||||
apt-get install -y \ |
||||
git \ |
||||
git-review \ |
||||
apt-transport-https \ |
||||
ca-certificates \ |
||||
gnupg-agent \ |
||||
libvirt-clients \ |
||||
gettext-base ;\ |
||||
curl -sSLo /usr/local/bin/kubectl "${kubectl_url}" ;\ |
||||
chmod +x /usr/local/bin/kubectl ;\ |
||||
rm -rf /var/lib/apt/lists/* |
||||
|
||||
COPY assets /opt/assets/ |
||||
RUN cp -ravf /opt/assets/* / ;\ |
||||
rm -rf /opt/assets |
||||
|
||||
ENTRYPOINT /entrypoint.sh |
@ -0,0 +1,70 @@
|
||||
#!/bin/bash |
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); |
||||
# you may not use this file except in compliance with the License. |
||||
# You may obtain a copy of the License at |
||||
# |
||||
# http://www.apache.org/licenses/LICENSE-2.0 |
||||
# |
||||
# Unless required by applicable law or agreed to in writing, software |
||||
# distributed under the License is distributed on an "AS IS" BASIS, |
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
# See the License for the specific language governing permissions and |
||||
# limitations under the License. |
||||
|
||||
set -ex |
||||
|
||||
# Wait until airshipctl and libvirt infrastructure has been built |
||||
/wait_for airshipctl-builder |
||||
/wait_for infra-builder |
||||
|
||||
export USER=root |
||||
# https://github.com/sudo-project/sudo/issues/42 |
||||
echo "Set disable_coredump false" >> /etc/sudo.conf |
||||
|
||||
echo "Installing kustomize" |
||||
kustomize_version=v3.8.5 |
||||
kustomize_download_url="https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${kustomize_version}/kustomize_${kustomize_version}_linux_amd64.tar.gz" |
||||
curl -sSL "$kustomize_download_url" | tar -C /tmp -xzf - |
||||
install /tmp/kustomize /usr/local/bin |
||||
|
||||
cp "$ARTIFACTS_DIR/airshipctl/bin/airshipctl" /usr/local/bin/airshipctl |
||||
cp -r "$ARTIFACTS_DIR/airshipctl/" /opt/airshipctl |
||||
cd /opt/airshipctl |
||||
|
||||
|
||||
curl -fsSL -o key.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc |
||||
SOPS_IMPORT_PGP="$(cat key.asc)" |
||||
SOPS_PGP_FP="FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4" |
||||
export SOPS_IMPORT_PGP SOPS_PGP_FP |
||||
|
||||
# By default, don't build airshipctl - use the binary from the shared volume instead |
||||
# ./tools/deployment/21_systemwide_executable.sh |
||||
./tools/deployment/22_test_configs.sh |
||||
./tools/deployment/23_pull_documents.sh |
||||
./tools/deployment/23_generate_secrets.sh |
||||
|
||||
sed -i -e 's#bmcAddress: redfish+http://\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\):8000#bmcAddress: redfish+https://10.23.25.1:8443#' /tmp/airship/airshipctl/manifests/site/test-site/target/catalogues/hosts.yaml |
||||
sed -i -e 's#root#username#' /tmp/airship/airshipctl/manifests/site/test-site/target/catalogues/hosts.yaml |
||||
sed -i -e 's#r00tme#password#' /tmp/airship/airshipctl/manifests/site/test-site/target/catalogues/hosts.yaml |
||||
sed -i -e 's#disableCertificateVerification: false#disableCertificateVerification: true#' /tmp/airship/airshipctl/manifests/site/test-site/target/catalogues/hosts.yaml |
||||
|
||||
if [[ "$USE_CACHED_ISO" = "true" ]]; then |
||||
mkdir -p /srv/images |
||||
tar -xzf "$CACHE_DIR/iso.tar.gz" --directory /srv/images |
||||
else |
||||
./tools/deployment/24_build_images.sh |
||||
tar -czf "$ARTIFACTS_DIR/iso.tar.gz" --directory=/srv/images . |
||||
fi |
||||
|
||||
./tools/deployment/25_deploy_ephemeral_node.sh |
||||
./tools/deployment/26_deploy_capi_ephemeral_node.sh |
||||
./tools/deployment/30_deploy_controlplane.sh |
||||
./tools/deployment/31_deploy_initinfra_target_node.sh |
||||
./tools/deployment/32_cluster_init_target_node.sh |
||||
./tools/deployment/33_cluster_move_target_node.sh |
||||
./tools/deployment/34_deploy_worker_node.sh |
||||
./tools/deployment/35_deploy_workload.sh |
||||
./tools/deployment/36_verify_hwcc_profiles.sh |
||||
|
||||
/signal_complete runner |
Loading…
Reference in new issue