Airship in a Pod
Introduces Airship in pod. This includes: * A base image which sets up common requirements * An image for the libvirt service * An image for building a specified instance of airshipctl * An image for initializing the various libvirt infrastructure required for a deployment * An image which runs the deployment scripts Closes: #313 Change-Id: Ib1114350190b0fe0c0761ff67b38b3eca783161a
This commit is contained in:
parent
b8a4b6ad73
commit
a423607000
201
tools/airship-in-a-pod/LICENSE
Normal file
201
tools/airship-in-a-pod/LICENSE
Normal file
@ -0,0 +1,201 @@
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
APPENDIX: How to apply the Apache License to your work.
|
||||
|
||||
To apply the Apache License to your work, attach the following
|
||||
boilerplate notice, with the fields enclosed by brackets "[]"
|
||||
replaced with your own identifying information. (Don't include
|
||||
the brackets!) The text should be enclosed in the appropriate
|
||||
comment syntax for the file format. We also recommend that a
|
||||
file or class name and description of purpose be included on the
|
||||
same "printed page" as the copyright notice for easier
|
||||
identification within third-party archives.
|
||||
|
||||
Copyright [yyyy] [name of copyright owner]
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
39
tools/airship-in-a-pod/Makefile
Normal file
39
tools/airship-in-a-pod/Makefile
Normal file
@ -0,0 +1,39 @@
|
||||
IMAGE_REGISTRY ?= quay.io/airshipit
|
||||
IMAGES := infra-builder airshipctl-builder runner
|
||||
IMAGE_TAG ?= latest
|
||||
|
||||
PUSH_IMAGES ?= false
|
||||
|
||||
.PHONY: help base libvirt $(IMAGES) build test
|
||||
|
||||
SHELL:=/bin/bash
|
||||
.ONESHELL:
|
||||
|
||||
help: ## This help.
|
||||
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z0-9_-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
|
||||
|
||||
build: base
|
||||
build: libvirt
|
||||
build: $(IMAGES) ## Build the containers.
|
||||
|
||||
base:
|
||||
docker build --tag ianhowell/base:$(IMAGE_TAG) --build-arg BASE_IMAGE=ubuntu:20.04 ./base
|
||||
ifeq (true, $(PUSH_IMAGES))
|
||||
docker push ianhowell/base:$(IMAGE_TAG)
|
||||
endif
|
||||
|
||||
libvirt:
|
||||
docker build --tag ianhowell/libvirt:$(IMAGE_TAG) ./libvirt
|
||||
ifeq (true, $(PUSH_IMAGES))
|
||||
docker push ianhowell/libvirt:$(IMAGE_TAG)
|
||||
endif
|
||||
|
||||
$(IMAGES):
|
||||
docker build --tag $(IMAGE_REGISTRY)/aiap-$@:$(IMAGE_TAG) ./$@
|
||||
ifeq (true, $(PUSH_IMAGES))
|
||||
docker push $(IMAGE_REGISTRY)/aiap-$@:$(IMAGE_TAG)
|
||||
endif
|
||||
|
||||
test: build ## Test airship-in-a-pod
|
||||
kubectl delete -f airship-in-a-pod.yaml || true
|
||||
kubectl create -f airship-in-a-pod.yaml
|
82
tools/airship-in-a-pod/README.md
Normal file
82
tools/airship-in-a-pod/README.md
Normal file
@ -0,0 +1,82 @@
|
||||
# Airship in a Pod
|
||||
|
||||
Airship in a pod is a Kubernetes pod definition which describes all of the
|
||||
components required to deploy a fully functioning Airship 2 deployment. The pod
|
||||
consists of the following "Task" containers:
|
||||
|
||||
* `airshipctl-builder`: This container builds the airshipctl binary and makes it
|
||||
available to the other containers
|
||||
* `infra-builder`: This container creates the various virtual networks and
|
||||
machines required for an Airship deployment
|
||||
* `runner`: The runner container is the "meat" of the pod, and executes the
|
||||
deployment
|
||||
|
||||
The pod also contains the following "Support" containers:
|
||||
|
||||
* `libvirt`: This provides virtualisation
|
||||
* `sushy-tools`: This is used for its BMC emulator
|
||||
* `docker-in-docker`: This is used for nesting containers*
|
||||
* `nginx`: This is used for image hosting
|
||||
|
||||
|
||||
## Prerequisites
|
||||
|
||||
In order to deploy Airship in a Pod for development, you must first have a
|
||||
working Kubernetes cluster. This guide assumes that a developer will deploy
|
||||
using [minikube](https://minikube.sigs.k8s.io/docs/start/):
|
||||
|
||||
```
|
||||
sudo -E minikube start --driver=none
|
||||
```
|
||||
|
||||
## Usage
|
||||
|
||||
Since Airship in a Pod is just a pod definition, deploying and using it is as
|
||||
simple as deploying and using any Kubernetes pod.
|
||||
|
||||
#### Deploy the Pod
|
||||
|
||||
```
|
||||
kubectl apply -f airship-in-a-pod.yaml
|
||||
```
|
||||
|
||||
#### View Pod Logs
|
||||
|
||||
```
|
||||
kubectl logs airship-in-a-pod -c $CONTAINER
|
||||
```
|
||||
|
||||
#### Interact with the Pod
|
||||
|
||||
```
|
||||
kubectl exec -it airship-in-a-pod -c $CONTAINER -- bash
|
||||
```
|
||||
|
||||
where `$CONTAINER` is one of the containers listed above.
|
||||
|
||||
|
||||
### Output
|
||||
|
||||
Airship-in-a-pod produces the following outputs:
|
||||
|
||||
* The airshipctl repo and associated binary used with the deployment
|
||||
* A tarball containing the generated ephemeral ISO, as well as the
|
||||
configuration used during generation.
|
||||
|
||||
These artifacts are placed at `ARTIFACTS_DIR` (defaults to /opt/aiap-artifacts`).
|
||||
|
||||
|
||||
### Caching
|
||||
|
||||
As it can be cumbersome and time-consuming to build and rebuild binaries and
|
||||
images, some options are made available for caching. A developer may re-use
|
||||
artifacts from previous runs (or provide their own) by placing them in
|
||||
`CACHE_DIR` (defaults to `/opt/aiap-cache`). Special care is needed for the
|
||||
caching:
|
||||
|
||||
* If using a cached `airshipctl`, the `airshipctl` binary must be stored in the
|
||||
`$CACHE_DIR/airshipctl/bin/` directory, and the developer must have set
|
||||
`USE_CACHED_AIRSHIPCTL` to `true`.
|
||||
* If using a cached ephemeral iso, the iso must first be contained in a tarball named `iso.tar.gz`, must be stored in the
|
||||
`$CACHE_DIR/` directory, and the developer must have set
|
||||
`USE_CACHED_ISO` to `true`.
|
347
tools/airship-in-a-pod/airship-in-a-pod.yaml
Normal file
347
tools/airship-in-a-pod/airship-in-a-pod.yaml
Normal file
@ -0,0 +1,347 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: airship-in-a-pod
|
||||
spec:
|
||||
hostNetwork: false
|
||||
restartPolicy: Never
|
||||
containers:
|
||||
|
||||
- name: libvirt
|
||||
image: ianhowell/libvirt:latest
|
||||
tty: true
|
||||
securityContext:
|
||||
privileged: true
|
||||
#SYS_ADMIN required for systemd, need to work out reqs for libvirt
|
||||
command:
|
||||
- bash
|
||||
- -cex
|
||||
- "exec /usr/lib/systemd/systemd"
|
||||
env:
|
||||
- name: container
|
||||
value: docker
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- virsh
|
||||
- version
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
startupProbe:
|
||||
exec:
|
||||
command:
|
||||
- systemctl
|
||||
- is-active
|
||||
- --quiet
|
||||
- libvirtd
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
volumeMounts:
|
||||
- name: var-run-aiap
|
||||
mountPath: /var/run/aiap/
|
||||
- name: dev
|
||||
mountPath: /dev
|
||||
- name: tmp
|
||||
mountPath: /tmp
|
||||
- name: run
|
||||
mountPath: /run
|
||||
- name: var-lib-libvirt-images
|
||||
mountPath: /var/lib/libvirt/images
|
||||
- name: var-lib-libvirt-default
|
||||
mountPath: /var/lib/libvirt/default
|
||||
- name: var-run-libvirt
|
||||
mountPath: /var/run/libvirt
|
||||
- name: sys-fs-cgroup
|
||||
mountPath: /sys/fs/cgroup
|
||||
readOnly: false
|
||||
- name: logs
|
||||
mountPath: /var/log/
|
||||
|
||||
- name: sushy
|
||||
image: quay.io/metal3-io/sushy-tools
|
||||
command:
|
||||
- bash
|
||||
- -cex
|
||||
- |
|
||||
tee /csr_details.txt << EOF
|
||||
[req]
|
||||
default_bits = 2048
|
||||
prompt = no
|
||||
default_md = sha256
|
||||
req_extensions = req_ext
|
||||
distinguished_name = dn
|
||||
|
||||
[ dn ]
|
||||
CN = localhost
|
||||
|
||||
[ req_ext ]
|
||||
subjectAltName = @alt_names
|
||||
|
||||
[ alt_names ]
|
||||
DNS.1 = 127.0.0.1
|
||||
DNS.2 = ::1
|
||||
EOF
|
||||
|
||||
openssl req \
|
||||
-newkey rsa:2048 \
|
||||
-nodes \
|
||||
-keyout /airship_gate_redfish_auth.key \
|
||||
-x509 \
|
||||
-days 365 \
|
||||
-out /airship_gate_redfish_auth.pem \
|
||||
-config <(cat /csr_details.txt) \
|
||||
-extensions 'req_ext'
|
||||
|
||||
# Wait for interface to come up
|
||||
while ! ping -c1 10.23.25.1 2>&1 >/dev/null; do sleep 1; done
|
||||
|
||||
sushy-emulator \
|
||||
--debug \
|
||||
--interface 10.23.25.1 \
|
||||
--port 8443 \
|
||||
--ssl-key /airship_gate_redfish_auth.key \
|
||||
--ssl-certificate /airship_gate_redfish_auth.pem || true
|
||||
|
||||
tail -f /dev/null
|
||||
volumeMounts:
|
||||
- name: var-run-libvirt
|
||||
mountPath: /var/run/libvirt
|
||||
|
||||
- name: nginx
|
||||
image: nginx:latest
|
||||
command:
|
||||
- bash
|
||||
- -cex
|
||||
- |
|
||||
tee /etc/nginx/nginx.conf <<'EOF'
|
||||
user nginx;
|
||||
worker_processes 1;
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
pid /var/run/nginx.pid;
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
access_log /var/log/nginx/access.log main;
|
||||
sendfile on;
|
||||
#tcp_nopush on;
|
||||
keepalive_timeout 65;
|
||||
#gzip on;
|
||||
server {
|
||||
listen 8099;
|
||||
listen [::]:8099;
|
||||
server_name localhost;
|
||||
#charset koi8-r;
|
||||
#access_log /var/log/nginx/host.access.log main;
|
||||
location / {
|
||||
root /srv/images;
|
||||
autoindex on;
|
||||
}
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
}
|
||||
}
|
||||
EOF
|
||||
exec nginx -g 'daemon off;'
|
||||
volumeMounts:
|
||||
- name: srv
|
||||
mountPath: /srv/
|
||||
|
||||
- name: dind
|
||||
image: docker:stable-dind
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- name: var-run-aiap
|
||||
mountPath: /var/run/aiap/
|
||||
- name: dind-storage
|
||||
mountPath: /var/lib/docker
|
||||
- name: var-run-docker
|
||||
mountPath: /var/run/
|
||||
- name: srv
|
||||
mountPath: /srv/
|
||||
|
||||
- name: airshipctl-builder
|
||||
image: quay.io/airshipit/aiap-airshipctl-builder:latest
|
||||
command:
|
||||
- bash
|
||||
- -cex
|
||||
- |
|
||||
/entrypoint.sh || true
|
||||
tail -f /dev/null
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- test
|
||||
- -e
|
||||
- /tmp/completed/airshipctl-builder
|
||||
env:
|
||||
- name: CACHE_DIR
|
||||
value: /opt/aiap-cache
|
||||
- name: USE_CACHED_AIRSHIPCTL
|
||||
value: "false"
|
||||
- name: ARTIFACTS_DIR
|
||||
value: /opt/aiap-artifacts
|
||||
- name: AIRSHIPCTL_REPO
|
||||
value: https://review.opendev.org/airship/airshipctl
|
||||
- name: AIRSHIPCTL_REF
|
||||
value: master
|
||||
volumeMounts:
|
||||
- name: tmp
|
||||
mountPath: /tmp
|
||||
- name: cache
|
||||
mountPath: /opt/aiap-cache
|
||||
- name: artifacts
|
||||
mountPath: /opt/aiap-artifacts
|
||||
- name: completed
|
||||
mountPath: /tmp/completed
|
||||
- name: var-run-docker
|
||||
mountPath: /var/run
|
||||
|
||||
- name: infra-builder
|
||||
image: quay.io/airshipit/aiap-infra-builder:latest
|
||||
securityContext:
|
||||
privileged: true
|
||||
command:
|
||||
- bash
|
||||
- -cex
|
||||
- |
|
||||
/entrypoint.sh || true
|
||||
tail -f /dev/null
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- test
|
||||
- -e
|
||||
- /tmp/completed/infra-builder
|
||||
env:
|
||||
- name: CACHE_DIR
|
||||
value: /opt/aiap-cache
|
||||
- name: ARTIFACTS_DIR
|
||||
value: /opt/aiap-artifacts
|
||||
volumeMounts:
|
||||
- name: cache
|
||||
mountPath: /opt/aiap-cache
|
||||
- name: artifacts
|
||||
mountPath: /opt/aiap-artifacts
|
||||
- name: completed
|
||||
mountPath: /tmp/completed
|
||||
- name: tmp
|
||||
mountPath: /tmp
|
||||
- name: var-run-aiap
|
||||
mountPath: /var/run/aiap/
|
||||
- name: var-lib-libvirt-images
|
||||
mountPath: /var/lib/libvirt/images
|
||||
- name: var-lib-libvirt-default
|
||||
mountPath: /var/lib/libvirt/default
|
||||
- name: var-run-libvirt
|
||||
mountPath: /var/run/libvirt
|
||||
- name: logs
|
||||
mountPath: /var/log/
|
||||
- name: var-run-docker
|
||||
mountPath: /var/run
|
||||
|
||||
- name: runner
|
||||
image: quay.io/airshipit/aiap-runner:latest
|
||||
command:
|
||||
- bash
|
||||
- -cex
|
||||
- |
|
||||
/entrypoint.sh || true
|
||||
tail -f /dev/null
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- test
|
||||
- -e
|
||||
- /tmp/completed/runner
|
||||
initialDelaySeconds: 600
|
||||
periodSeconds: 30
|
||||
env:
|
||||
- name: CACHE_DIR
|
||||
value: /opt/aiap-cache
|
||||
- name: ARTIFACTS_DIR
|
||||
value: /opt/aiap-artifacts
|
||||
- name: USE_CACHED_ISO
|
||||
value: "false"
|
||||
volumeMounts:
|
||||
- name: cache
|
||||
mountPath: /opt/aiap-cache
|
||||
- name: artifacts
|
||||
mountPath: /opt/aiap-artifacts
|
||||
- name: completed
|
||||
mountPath: /tmp/completed
|
||||
- name: tmp
|
||||
mountPath: /tmp
|
||||
- name: var-run-aiap
|
||||
mountPath: /var/run/aiap/
|
||||
- name: srv
|
||||
mountPath: /srv/
|
||||
- name: run
|
||||
mountPath: /run
|
||||
- name: var-run-libvirt
|
||||
mountPath: /var/run/libvirt
|
||||
- name: logs
|
||||
mountPath: /var/log/
|
||||
- name: var-run-docker
|
||||
mountPath: /var/run
|
||||
|
||||
volumes:
|
||||
- name: cache
|
||||
hostPath:
|
||||
path: /opt/aiap-cache
|
||||
- name: artifacts
|
||||
hostPath:
|
||||
path: /opt/aiap-artifacts
|
||||
- name: completed
|
||||
emptyDir: {}
|
||||
- name: dev
|
||||
hostPath:
|
||||
path: /dev
|
||||
- name: tmp
|
||||
emptyDir:
|
||||
medium: "Memory"
|
||||
- name: run
|
||||
emptyDir:
|
||||
medium: "Memory"
|
||||
- name: var-lib-libvirt-images
|
||||
emptyDir: {}
|
||||
- name: var-lib-libvirt-default
|
||||
emptyDir: {}
|
||||
- name: var-run-libvirt
|
||||
emptyDir:
|
||||
medium: "Memory"
|
||||
- name: var-run-aiap
|
||||
emptyDir:
|
||||
medium: "Memory"
|
||||
- name: sys-fs-cgroup
|
||||
hostPath:
|
||||
path: /sys/fs/cgroup
|
||||
- name: srv
|
||||
emptyDir: {}
|
||||
- name: logs
|
||||
emptyDir: {}
|
||||
- name: var-run-docker
|
||||
emptyDir:
|
||||
medium: "Memory"
|
||||
- name: dind-storage
|
||||
emptyDir: {}
|
30
tools/airship-in-a-pod/airshipctl-builder/Dockerfile
Normal file
30
tools/airship-in-a-pod/airshipctl-builder/Dockerfile
Normal file
@ -0,0 +1,30 @@
|
||||
FROM ianhowell/base:latest
|
||||
|
||||
SHELL ["bash", "-exc"]
|
||||
ENV DEBIAN_FRONTEND noninteractive
|
||||
|
||||
ARG USE_CACHED_AIRSHIPCTL="false"
|
||||
ENV USE_CACHED_AIRSHIPCTL="false"
|
||||
|
||||
ARG AIRSHIPCTL_REPO=https://review.opendev.org/airship/airshipctl
|
||||
ENV AIRSHIPCTL_REF=$AIRSHIPCTL_REF
|
||||
|
||||
ARG AIRSHIPCTL_REF=master
|
||||
ENV AIRSHIPCTL_REPO=$AIRSHIPCTL_REPO
|
||||
|
||||
# Update distro and install ansible
|
||||
RUN apt-get update ;\
|
||||
apt-get dist-upgrade -y ;\
|
||||
apt-get install -y \
|
||||
git \
|
||||
apt-transport-https \
|
||||
ca-certificates \
|
||||
gnupg-agent \
|
||||
gettext-base ;\
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
COPY assets /opt/assets/
|
||||
RUN cp -ravf /opt/assets/* / ;\
|
||||
rm -rf /opt/assets
|
||||
|
||||
ENTRYPOINT /entrypoint.sh
|
38
tools/airship-in-a-pod/airshipctl-builder/assets/entrypoint.sh
Executable file
38
tools/airship-in-a-pod/airshipctl-builder/assets/entrypoint.sh
Executable file
@ -0,0 +1,38 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
set -ex
|
||||
|
||||
if [[ "$USE_CACHED_AIRSHIPCTL" = "true" ]]
|
||||
then
|
||||
printf "Using cached airshipctl\n"
|
||||
cp -r "$CACHE_DIR/airshipctl" "$ARTIFACTS_DIR/airshipctl"
|
||||
else
|
||||
printf "Waiting 30 seconds for the libvirt, sushy, and docker services to be ready\n"
|
||||
sleep 30
|
||||
|
||||
airshipctl_dir="$ARTIFACTS_DIR/airshipctl"
|
||||
mkdir -p "$airshipctl_dir"
|
||||
cd "$airshipctl_dir"
|
||||
|
||||
git init
|
||||
git fetch "$AIRSHIPCTL_REPO" "$AIRSHIPCTL_REF"
|
||||
git checkout FETCH_HEAD
|
||||
|
||||
./tools/deployment/21_systemwide_executable.sh
|
||||
mkdir -p bin
|
||||
cp "$(which airshipctl)" bin
|
||||
fi
|
||||
|
||||
/signal_complete airshipctl-builder
|
44
tools/airship-in-a-pod/base/Dockerfile
Normal file
44
tools/airship-in-a-pod/base/Dockerfile
Normal file
@ -0,0 +1,44 @@
|
||||
ARG BASE_IMAGE
|
||||
FROM ${BASE_IMAGE}
|
||||
|
||||
SHELL ["bash", "-exc"]
|
||||
ENV DEBIAN_FRONTEND noninteractive
|
||||
|
||||
ARG CACHE_DIR=/opt/aiap-cache
|
||||
ENV CACHE_DIR=$CACHE_DIR
|
||||
|
||||
ARG ARTIFACTS_DIR=/opt/aiap-artifacts
|
||||
ENV ARTIFACTS_DIR=$ARTIFACTS_DIR
|
||||
|
||||
# Update distro and install common reqs
|
||||
RUN apt-get update ;\
|
||||
apt-get dist-upgrade -y ;\
|
||||
apt-get install -y \
|
||||
python3-minimal \
|
||||
python3-pip \
|
||||
python3-setuptools \
|
||||
python3-libvirt \
|
||||
curl \
|
||||
make \
|
||||
sudo \
|
||||
iproute2 \
|
||||
bridge-utils \
|
||||
iputils-ping \
|
||||
net-tools \
|
||||
less \
|
||||
jq \
|
||||
vim \
|
||||
software-properties-common \
|
||||
openssh-client ;\
|
||||
pip3 install --upgrade wheel ;\
|
||||
pip3 install --upgrade ansible ;\
|
||||
pip3 install --upgrade yq ;\
|
||||
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - ;\
|
||||
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" ;\
|
||||
apt-get install -y --no-install-recommends docker-ce-cli ;\
|
||||
rm -rf /var/lib/apt/lists/* ; \
|
||||
mkdir -p "$ARTIFACTS_DIR" ; \
|
||||
mkdir -p "$CACHE_DIR"
|
||||
|
||||
COPY wait_for .
|
||||
COPY signal_complete .
|
9
tools/airship-in-a-pod/base/signal_complete
Executable file
9
tools/airship-in-a-pod/base/signal_complete
Executable file
@ -0,0 +1,9 @@
|
||||
#!/bin/bash
|
||||
|
||||
# signal_complete takes a container name and creates a file in the "completed"
|
||||
# directory, denoting that the named container has finished its tasks. This can be
|
||||
# leveraged by dependent containers via the `wait_for` command.
|
||||
|
||||
mkdir -p "/tmp/completed"
|
||||
touch "/tmp/completed/$1"
|
||||
printf "Marked %s as complete.\n" "$1"
|
22
tools/airship-in-a-pod/base/wait_for
Executable file
22
tools/airship-in-a-pod/base/wait_for
Executable file
@ -0,0 +1,22 @@
|
||||
#!/bin/bash
|
||||
|
||||
# wait_for takes a list of container names and runs until all of those container names
|
||||
# appear in the "/tmp/completed" directory. It can be used to prevent a
|
||||
# container from executing until pre-requisite containers have indicated completion.
|
||||
|
||||
mkdir -p "/tmp/completed"
|
||||
while true; do
|
||||
# Assume we're finished, prove otherwise
|
||||
finished=true
|
||||
for container in "$@"; do
|
||||
if [[ ! -e "/tmp/completed/$container" ]]; then
|
||||
printf "Waiting on '%s'...\n" "$container"
|
||||
finished=false
|
||||
sleep 10
|
||||
break
|
||||
fi
|
||||
done
|
||||
if $finished; then
|
||||
break
|
||||
fi
|
||||
done
|
22
tools/airship-in-a-pod/infra-builder/Dockerfile
Normal file
22
tools/airship-in-a-pod/infra-builder/Dockerfile
Normal file
@ -0,0 +1,22 @@
|
||||
FROM ianhowell/base:latest
|
||||
|
||||
SHELL ["bash", "-exc"]
|
||||
ENV DEBIAN_FRONTEND noninteractive
|
||||
|
||||
# Update distro and install ansible
|
||||
RUN apt-get update ;\
|
||||
apt-get dist-upgrade -y ;\
|
||||
apt-get install -y \
|
||||
python3-apt \
|
||||
python3-lxml \
|
||||
virtinst \
|
||||
nfs4-acl-tools \
|
||||
acl \
|
||||
virt-manager;\
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
COPY assets /opt/assets/
|
||||
RUN cp -ravf /opt/assets/* / ;\
|
||||
rm -rf /opt/assets
|
||||
|
||||
ENTRYPOINT /entrypoint.sh
|
23
tools/airship-in-a-pod/infra-builder/assets/entrypoint.sh
Executable file
23
tools/airship-in-a-pod/infra-builder/assets/entrypoint.sh
Executable file
@ -0,0 +1,23 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
set -ex
|
||||
|
||||
printf "Waiting 30 seconds for the libvirt, sushy, and docker services to be ready\n"
|
||||
sleep 30
|
||||
|
||||
ansible-playbook -v /opt/ansible/playbooks/build-infra.yaml \
|
||||
-e local_src_dir="$(pwd)"
|
||||
|
||||
/signal_complete infra-builder
|
@ -0,0 +1,23 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
---
|
||||
- hosts: localhost
|
||||
tasks:
|
||||
|
||||
- name: install kustomize
|
||||
include_role:
|
||||
name: install-kustomize
|
||||
|
||||
- name: Setup Infrastructure
|
||||
include_role:
|
||||
name: build-infra
|
@ -0,0 +1,64 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
floorplan:
|
||||
image_pool: "/var/lib/libvirt/images"
|
||||
default_image_pool: "/var/lib/libvirt/default"
|
||||
uri: "qemu:///system"
|
||||
os_variant: "ubuntu18.04"
|
||||
|
||||
ephemeral_node:
|
||||
name: air-ephemeral
|
||||
cpu: 4
|
||||
ram: 6124
|
||||
nat_mac_address: 52:54:00:9b:27:02
|
||||
prov_mac_address: 52:54:00:b6:ed:02
|
||||
block:
|
||||
- 20G
|
||||
|
||||
target_nodes:
|
||||
count: 1
|
||||
name: air-target
|
||||
cpu: 2
|
||||
ram: 6124
|
||||
nat_mac_address: 52:54:00:9b:27:4c
|
||||
prov_mac_address: 52:54:00:b6:ed:31
|
||||
block:
|
||||
- 20G
|
||||
|
||||
worker_nodes:
|
||||
count: 1
|
||||
name: air-worker
|
||||
cpu: 1
|
||||
ram: 6124
|
||||
nat_mac_address: 52:54:00:9b:27:07
|
||||
prov_mac_address: 52:54:00:b6:ed:23
|
||||
block:
|
||||
- 20G
|
||||
|
||||
# 1st item must be the oobm network, 2nd the provisioning
|
||||
networks:
|
||||
- name: provisioning
|
||||
bridge: "air_prov"
|
||||
ip:
|
||||
address: "10.23.24.1"
|
||||
netmask: "255.255.255.0"
|
||||
- name: nat
|
||||
bridge: "air_nat"
|
||||
ip:
|
||||
address: "10.23.25.1"
|
||||
netmask: "255.255.255.0"
|
||||
- name: default
|
||||
bridge: "default"
|
||||
ip:
|
||||
address: "10.23.25.1"
|
||||
netmask: "255.255.255.0"
|
@ -0,0 +1,59 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- set_fact:
|
||||
qcow_rand: "{{ 6000 | random }}"
|
||||
|
||||
- name: "Create qemu image extra block devices"
|
||||
shell: |
|
||||
qemu-img create \
|
||||
-f qcow2 \
|
||||
"{{ floorplan.image_pool }}/{{ vm_instance.name }}-{{ seq }}-{{ qcow_rand }}".qcow2 "{{ vm_instance.block[(seq | int)-1] }}"
|
||||
with_sequence:
|
||||
start=1 end="{{ (vm_instance.block | length | int ) }}"
|
||||
loop_control:
|
||||
loop_var: seq
|
||||
|
||||
- acl:
|
||||
default: true
|
||||
path: "{{ floorplan.image_pool }}"
|
||||
entry: "u:libvirt-qemu:r-x"
|
||||
state: present
|
||||
|
||||
- name: Define vm xml
|
||||
shell: |
|
||||
virt-install \
|
||||
--connect "{{ floorplan.uri }}" \
|
||||
--os-variant "{{ floorplan.os_variant }}" \
|
||||
--machine pc \
|
||||
--name "{{ vm_name }}" \
|
||||
--memory "{{ vm_instance.ram }}" \
|
||||
--network network="air_nat",address.type='pci',address.domain=0,address.bus=0,address.slot=3,address.function=0,mac="{{ vm_instance.nat_mac_address }}" \
|
||||
--network network="air_prov",address.type='pci',address.domain=0,address.bus=0,address.slot=4,address.function=0,mac="{{ vm_instance.prov_mac_address }}" \
|
||||
--cpu host-passthrough \
|
||||
--vcpus "{{ vm_instance.cpu | int }}" \
|
||||
--import \
|
||||
{% for i in range(1, (vm_instance.block | length | int )+1) %}
|
||||
--disk "{{ floorplan.image_pool }}/{{ vm_instance.name }}-{{ i }}-{{ qcow_rand }}.qcow2,bus=scsi,format=qcow2" \
|
||||
{% endfor %}
|
||||
--nographics \
|
||||
--noautoconsole \
|
||||
--print-xml
|
||||
register: vm_xml
|
||||
|
||||
- debug:
|
||||
msg: "{{ vm_xml }}"
|
||||
|
||||
- name: Create vm
|
||||
virt:
|
||||
command: define
|
||||
xml: "{{ vm_xml.stdout }}"
|
@ -0,0 +1,20 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- debug:
|
||||
msg: "{{ worker_node }}"
|
||||
|
||||
- name: "Create vms"
|
||||
include_tasks: create-vm.yaml
|
||||
with_sequence: start=1 end="{{vm_instance.count | int}}"
|
||||
loop_control:
|
||||
loop_var: a_node
|
@ -0,0 +1,93 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- acl:
|
||||
default: true
|
||||
path: "{{ floorplan.default_image_pool }}"
|
||||
entry: "u:libvirt-qemu:r-x"
|
||||
state: present
|
||||
|
||||
- name: "Define, Build, and Start default storage pool"
|
||||
block:
|
||||
- virt_pool:
|
||||
command: define
|
||||
name: "{{ item }}"
|
||||
xml: '{{ lookup("template", "{{ item }}.xml.j2") }}'
|
||||
with_items:
|
||||
- default
|
||||
|
||||
- virt_pool:
|
||||
command: build
|
||||
name: "{{ item }}"
|
||||
with_items:
|
||||
- default
|
||||
|
||||
- virt_pool:
|
||||
state: active
|
||||
name: "{{ item }}"
|
||||
with_items:
|
||||
- default
|
||||
|
||||
- virt_pool:
|
||||
command: list_pools
|
||||
|
||||
- name: "Define network, activate, start network pools"
|
||||
block:
|
||||
- virt_net:
|
||||
command: define
|
||||
xml: '{{ lookup("template", "{{ item }}.xml.j2") }}'
|
||||
name: "{{ item }}"
|
||||
with_items:
|
||||
- "air_prov"
|
||||
- "air_nat"
|
||||
|
||||
- virt_net:
|
||||
state: active
|
||||
name: "{{ item }}"
|
||||
with_items:
|
||||
- "default"
|
||||
- "air_prov"
|
||||
- "air_nat"
|
||||
|
||||
- virt_net:
|
||||
name: "{{ item }}"
|
||||
autostart: true
|
||||
with_items:
|
||||
- "default"
|
||||
- "air_prov"
|
||||
- "air_nat"
|
||||
|
||||
- name: "Create ephemeral node"
|
||||
include_tasks: create-vm.yaml
|
||||
vars:
|
||||
vm_instance: "{{ ephemeral_node }}"
|
||||
vm_name: "{{ ephemeral_node.name }}"
|
||||
|
||||
- name: "Create target nodes"
|
||||
include_tasks: create-vm.yaml
|
||||
vars:
|
||||
vm_instance: "{{ target_nodes }}"
|
||||
vm_name: "{{ target_nodes.name }}-{{ a_node }}"
|
||||
with_sequence:
|
||||
start=1 end="{{ (vm_instance.count | int) }}"
|
||||
loop_control:
|
||||
loop_var: a_node
|
||||
|
||||
- name: "Create worker nodes"
|
||||
include_tasks: create-vm.yaml
|
||||
vars:
|
||||
vm_instance: "{{ worker_nodes }}"
|
||||
vm_name: "{{ worker_nodes.name }}-{{ a_node }}"
|
||||
with_sequence:
|
||||
start=1 end="{{ (vm_instance.count | int) }}"
|
||||
loop_control:
|
||||
loop_var: a_node
|
@ -0,0 +1,10 @@
|
||||
<network connections="2">
|
||||
<name>air_nat</name>
|
||||
<uuid>667f20da-ad20-4623-bf70-88f6e6dec2d6</uuid>
|
||||
<forward mode="nat">
|
||||
<nat><port start="1024" end="65535"/>
|
||||
</nat>
|
||||
</forward><bridge name="nat_br" stp="on" delay="0"/>
|
||||
<ip address="{{ networks[1].ip.address }}" netmask="{{ networks[1].ip.netmask }}">
|
||||
</ip>
|
||||
</network>
|
@ -0,0 +1,7 @@
|
||||
<network connections="2">
|
||||
<name>air_prov</name>
|
||||
<uuid>55739809-1c3a-4c79-b6e7-2607000715da</uuid>
|
||||
<bridge name="prov_br" stp="on" delay="0"/>
|
||||
<ip address="{{ networks[0].ip.address }}" netmask="{{ networks[0].ip.netmask }}">
|
||||
</ip>
|
||||
</network>
|
@ -0,0 +1,6 @@
|
||||
<pool type="dir">
|
||||
<name>default</name>
|
||||
<target>
|
||||
<path>{{ floorplan.default_image_pool }}</path>
|
||||
</target>
|
||||
</pool>
|
@ -0,0 +1,9 @@
|
||||
<network>
|
||||
<name>default</name>
|
||||
<uuid>3f11d0fe-6c59-43fb-b22a-4355d57d07fa</uuid><forward mode="nat"/>
|
||||
<bridge name="virbr0" stp="on" delay="0"/>
|
||||
<ip address="192.168.122.1" netmask="255.255.255.0">
|
||||
<dhcp><range start="192.168.122.2" end="192.168.122.254"/>
|
||||
</dhcp>
|
||||
</ip>
|
||||
</network>
|
@ -0,0 +1,17 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
kustomize_version: v3.8.5
|
||||
kustomize_download_url: "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/{{ kustomize_version }}/kustomize_{{ kustomize_version }}_linux_amd64.tar.gz"
|
||||
proxy:
|
||||
http:
|
||||
noproxy:
|
@ -0,0 +1,24 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: install kustomize binary
|
||||
shell: |
|
||||
set -e
|
||||
curl -sSL {{ kustomize_download_url }} | tar -C /tmp -xzf -
|
||||
install /tmp/kustomize /usr/local/bin
|
||||
become: yes
|
||||
args:
|
||||
warn: false
|
||||
environment:
|
||||
http_proxy: "{{ proxy.http }}"
|
||||
https_proxy: "{{ proxy.http }}"
|
||||
no_proxy: "{{ proxy.noproxy }}"
|
34
tools/airship-in-a-pod/libvirt/Dockerfile
Normal file
34
tools/airship-in-a-pod/libvirt/Dockerfile
Normal file
@ -0,0 +1,34 @@
|
||||
FROM ianhowell/base:latest
|
||||
|
||||
SHELL ["bash", "-exc"]
|
||||
ENV DEBIAN_FRONTEND noninteractive
|
||||
|
||||
RUN apt-get update ;\
|
||||
apt-get dist-upgrade -y ;\
|
||||
apt-get install -y \
|
||||
libvirt-daemon \
|
||||
qemu-kvm \
|
||||
libvirt-daemon-system \
|
||||
bridge-utils \
|
||||
libvirt-clients \
|
||||
systemd \
|
||||
socat ;\
|
||||
find /etc/systemd/system \
|
||||
/usr/lib/systemd/system \
|
||||
-path '*.wants/*' \
|
||||
-not -name '*journald*' \
|
||||
-not -name '*systemd-tmpfiles*' \
|
||||
-not -name '*systemd-user-sessions*' \
|
||||
-exec rm \{} \; ;\
|
||||
systemctl set-default multi-user.target ;\
|
||||
sed -i 's|SocketMode=0660|SocketMode=0666|g' /lib/systemd/system/libvirtd.socket ;\
|
||||
systemctl enable libvirtd ;\
|
||||
systemctl enable virtlogd ;\
|
||||
echo 'user = "root"' >> /etc/libvirt/qemu.conf ;\
|
||||
echo 'group = "root"' >> /etc/libvirt/qemu.conf
|
||||
|
||||
COPY assets /opt/assets/
|
||||
RUN cp -ravf /opt/assets/* / ;\
|
||||
rm -rf /opt/assets
|
||||
|
||||
ENTRYPOINT /bin/systemd
|
@ -0,0 +1,43 @@
|
||||
# This file is part of systemd.
|
||||
#
|
||||
# systemd is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU Lesser General Public License as published by
|
||||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Entries in this file show the compile time defaults.
|
||||
# You can change settings by editing this file.
|
||||
# Defaults can be restored by simply deleting this file.
|
||||
#
|
||||
# See journald.conf(5) for details.
|
||||
|
||||
[Journal]
|
||||
#Storage=auto
|
||||
#Compress=yes
|
||||
#Seal=yes
|
||||
#SplitMode=uid
|
||||
#SyncIntervalSec=5m
|
||||
#RateLimitIntervalSec=30s
|
||||
#RateLimitBurst=10000
|
||||
#SystemMaxUse=
|
||||
#SystemKeepFree=
|
||||
#SystemMaxFileSize=
|
||||
#SystemMaxFiles=100
|
||||
#RuntimeMaxUse=
|
||||
#RuntimeKeepFree=
|
||||
#RuntimeMaxFileSize=
|
||||
#RuntimeMaxFiles=100
|
||||
#MaxRetentionSec=
|
||||
#MaxFileSec=1month
|
||||
#ForwardToSyslog=yes
|
||||
#ForwardToKMsg=no
|
||||
ForwardToConsole=yes
|
||||
#ForwardToWall=yes
|
||||
TTYPath=/dev/console
|
||||
#MaxLevelStore=debug
|
||||
#MaxLevelSyslog=debug
|
||||
#MaxLevelKMsg=notice
|
||||
#MaxLevelConsole=info
|
||||
#MaxLevelWall=emerg
|
||||
#LineMax=48K
|
||||
#ReadKMsg=yes
|
@ -0,0 +1,3 @@
|
||||
[Service]
|
||||
StandardOutput=tty
|
||||
#FailureAction=poweroff
|
@ -0,0 +1,2 @@
|
||||
[Service]
|
||||
FailureAction=poweroff
|
@ -0,0 +1,2 @@
|
||||
[Service]
|
||||
StandardOutput=tty
|
28
tools/airship-in-a-pod/runner/Dockerfile
Normal file
28
tools/airship-in-a-pod/runner/Dockerfile
Normal file
@ -0,0 +1,28 @@
|
||||
FROM ianhowell/base:latest
|
||||
|
||||
SHELL ["bash", "-exc"]
|
||||
ENV DEBIAN_FRONTEND noninteractive
|
||||
|
||||
ARG k8s_version=v1.18.3
|
||||
ARG kubectl_url=https://storage.googleapis.com/kubernetes-release/release/"${k8s_version}"/bin/linux/amd64/kubectl
|
||||
|
||||
# Update distro and install ansible
|
||||
RUN apt-get update ;\
|
||||
apt-get dist-upgrade -y ;\
|
||||
apt-get install -y \
|
||||
git \
|
||||
git-review \
|
||||
apt-transport-https \
|
||||
ca-certificates \
|
||||
gnupg-agent \
|
||||
libvirt-clients \
|
||||
gettext-base ;\
|
||||
curl -sSLo /usr/local/bin/kubectl "${kubectl_url}" ;\
|
||||
chmod +x /usr/local/bin/kubectl ;\
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
COPY assets /opt/assets/
|
||||
RUN cp -ravf /opt/assets/* / ;\
|
||||
rm -rf /opt/assets
|
||||
|
||||
ENTRYPOINT /entrypoint.sh
|
70
tools/airship-in-a-pod/runner/assets/entrypoint.sh
Executable file
70
tools/airship-in-a-pod/runner/assets/entrypoint.sh
Executable file
@ -0,0 +1,70 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
set -ex
|
||||
|
||||
# Wait until airshipctl and libvirt infrastructure has been built
|
||||
/wait_for airshipctl-builder
|
||||
/wait_for infra-builder
|
||||
|
||||
export USER=root
|
||||
# https://github.com/sudo-project/sudo/issues/42
|
||||
echo "Set disable_coredump false" >> /etc/sudo.conf
|
||||
|
||||
echo "Installing kustomize"
|
||||
kustomize_version=v3.8.5
|
||||
kustomize_download_url="https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${kustomize_version}/kustomize_${kustomize_version}_linux_amd64.tar.gz"
|
||||
curl -sSL "$kustomize_download_url" | tar -C /tmp -xzf -
|
||||
install /tmp/kustomize /usr/local/bin
|
||||
|
||||
cp "$ARTIFACTS_DIR/airshipctl/bin/airshipctl" /usr/local/bin/airshipctl
|
||||
cp -r "$ARTIFACTS_DIR/airshipctl/" /opt/airshipctl
|
||||
cd /opt/airshipctl
|
||||
|
||||
|
||||
curl -fsSL -o key.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc
|
||||
SOPS_IMPORT_PGP="$(cat key.asc)"
|
||||
SOPS_PGP_FP="FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4"
|
||||
export SOPS_IMPORT_PGP SOPS_PGP_FP
|
||||
|
||||
# By default, don't build airshipctl - use the binary from the shared volume instead
|
||||
# ./tools/deployment/21_systemwide_executable.sh
|
||||
./tools/deployment/22_test_configs.sh
|
||||
./tools/deployment/23_pull_documents.sh
|
||||
./tools/deployment/23_generate_secrets.sh
|
||||
|
||||
sed -i -e 's#bmcAddress: redfish+http://\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\):8000#bmcAddress: redfish+https://10.23.25.1:8443#' /tmp/airship/airshipctl/manifests/site/test-site/target/catalogues/hosts.yaml
|
||||
sed -i -e 's#root#username#' /tmp/airship/airshipctl/manifests/site/test-site/target/catalogues/hosts.yaml
|
||||
sed -i -e 's#r00tme#password#' /tmp/airship/airshipctl/manifests/site/test-site/target/catalogues/hosts.yaml
|
||||
sed -i -e 's#disableCertificateVerification: false#disableCertificateVerification: true#' /tmp/airship/airshipctl/manifests/site/test-site/target/catalogues/hosts.yaml
|
||||
|
||||
if [[ "$USE_CACHED_ISO" = "true" ]]; then
|
||||
mkdir -p /srv/images
|
||||
tar -xzf "$CACHE_DIR/iso.tar.gz" --directory /srv/images
|
||||
else
|
||||
./tools/deployment/24_build_images.sh
|
||||
tar -czf "$ARTIFACTS_DIR/iso.tar.gz" --directory=/srv/images .
|
||||
fi
|
||||
|
||||
./tools/deployment/25_deploy_ephemeral_node.sh
|
||||
./tools/deployment/26_deploy_capi_ephemeral_node.sh
|
||||
./tools/deployment/30_deploy_controlplane.sh
|
||||
./tools/deployment/31_deploy_initinfra_target_node.sh
|
||||
./tools/deployment/32_cluster_init_target_node.sh
|
||||
./tools/deployment/33_cluster_move_target_node.sh
|
||||
./tools/deployment/34_deploy_worker_node.sh
|
||||
./tools/deployment/35_deploy_workload.sh
|
||||
./tools/deployment/36_verify_hwcc_profiles.sh
|
||||
|
||||
/signal_complete runner
|
Loading…
Reference in New Issue
Block a user