Airship in a Pod
Introduces Airship in pod. This includes: * A base image which sets up common requirements * An image for the libvirt service * An image for building a specified instance of airshipctl * An image for initializing the various libvirt infrastructure required for a deployment * An image which runs the deployment scripts Closes: #313 Change-Id: Ib1114350190b0fe0c0761ff67b38b3eca783161a
This commit is contained in:
parent
b8a4b6ad73
commit
a423607000
201
tools/airship-in-a-pod/LICENSE
Normal file
201
tools/airship-in-a-pod/LICENSE
Normal file
@ -0,0 +1,201 @@
|
|||||||
|
Apache License
|
||||||
|
Version 2.0, January 2004
|
||||||
|
http://www.apache.org/licenses/
|
||||||
|
|
||||||
|
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||||
|
|
||||||
|
1. Definitions.
|
||||||
|
|
||||||
|
"License" shall mean the terms and conditions for use, reproduction,
|
||||||
|
and distribution as defined by Sections 1 through 9 of this document.
|
||||||
|
|
||||||
|
"Licensor" shall mean the copyright owner or entity authorized by
|
||||||
|
the copyright owner that is granting the License.
|
||||||
|
|
||||||
|
"Legal Entity" shall mean the union of the acting entity and all
|
||||||
|
other entities that control, are controlled by, or are under common
|
||||||
|
control with that entity. For the purposes of this definition,
|
||||||
|
"control" means (i) the power, direct or indirect, to cause the
|
||||||
|
direction or management of such entity, whether by contract or
|
||||||
|
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||||
|
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||||
|
|
||||||
|
"You" (or "Your") shall mean an individual or Legal Entity
|
||||||
|
exercising permissions granted by this License.
|
||||||
|
|
||||||
|
"Source" form shall mean the preferred form for making modifications,
|
||||||
|
including but not limited to software source code, documentation
|
||||||
|
source, and configuration files.
|
||||||
|
|
||||||
|
"Object" form shall mean any form resulting from mechanical
|
||||||
|
transformation or translation of a Source form, including but
|
||||||
|
not limited to compiled object code, generated documentation,
|
||||||
|
and conversions to other media types.
|
||||||
|
|
||||||
|
"Work" shall mean the work of authorship, whether in Source or
|
||||||
|
Object form, made available under the License, as indicated by a
|
||||||
|
copyright notice that is included in or attached to the work
|
||||||
|
(an example is provided in the Appendix below).
|
||||||
|
|
||||||
|
"Derivative Works" shall mean any work, whether in Source or Object
|
||||||
|
form, that is based on (or derived from) the Work and for which the
|
||||||
|
editorial revisions, annotations, elaborations, or other modifications
|
||||||
|
represent, as a whole, an original work of authorship. For the purposes
|
||||||
|
of this License, Derivative Works shall not include works that remain
|
||||||
|
separable from, or merely link (or bind by name) to the interfaces of,
|
||||||
|
the Work and Derivative Works thereof.
|
||||||
|
|
||||||
|
"Contribution" shall mean any work of authorship, including
|
||||||
|
the original version of the Work and any modifications or additions
|
||||||
|
to that Work or Derivative Works thereof, that is intentionally
|
||||||
|
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||||
|
or by an individual or Legal Entity authorized to submit on behalf of
|
||||||
|
the copyright owner. For the purposes of this definition, "submitted"
|
||||||
|
means any form of electronic, verbal, or written communication sent
|
||||||
|
to the Licensor or its representatives, including but not limited to
|
||||||
|
communication on electronic mailing lists, source code control systems,
|
||||||
|
and issue tracking systems that are managed by, or on behalf of, the
|
||||||
|
Licensor for the purpose of discussing and improving the Work, but
|
||||||
|
excluding communication that is conspicuously marked or otherwise
|
||||||
|
designated in writing by the copyright owner as "Not a Contribution."
|
||||||
|
|
||||||
|
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||||
|
on behalf of whom a Contribution has been received by Licensor and
|
||||||
|
subsequently incorporated within the Work.
|
||||||
|
|
||||||
|
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||||
|
this License, each Contributor hereby grants to You a perpetual,
|
||||||
|
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||||
|
copyright license to reproduce, prepare Derivative Works of,
|
||||||
|
publicly display, publicly perform, sublicense, and distribute the
|
||||||
|
Work and such Derivative Works in Source or Object form.
|
||||||
|
|
||||||
|
3. Grant of Patent License. Subject to the terms and conditions of
|
||||||
|
this License, each Contributor hereby grants to You a perpetual,
|
||||||
|
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||||
|
(except as stated in this section) patent license to make, have made,
|
||||||
|
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||||
|
where such license applies only to those patent claims licensable
|
||||||
|
by such Contributor that are necessarily infringed by their
|
||||||
|
Contribution(s) alone or by combination of their Contribution(s)
|
||||||
|
with the Work to which such Contribution(s) was submitted. If You
|
||||||
|
institute patent litigation against any entity (including a
|
||||||
|
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||||
|
or a Contribution incorporated within the Work constitutes direct
|
||||||
|
or contributory patent infringement, then any patent licenses
|
||||||
|
granted to You under this License for that Work shall terminate
|
||||||
|
as of the date such litigation is filed.
|
||||||
|
|
||||||
|
4. Redistribution. You may reproduce and distribute copies of the
|
||||||
|
Work or Derivative Works thereof in any medium, with or without
|
||||||
|
modifications, and in Source or Object form, provided that You
|
||||||
|
meet the following conditions:
|
||||||
|
|
||||||
|
(a) You must give any other recipients of the Work or
|
||||||
|
Derivative Works a copy of this License; and
|
||||||
|
|
||||||
|
(b) You must cause any modified files to carry prominent notices
|
||||||
|
stating that You changed the files; and
|
||||||
|
|
||||||
|
(c) You must retain, in the Source form of any Derivative Works
|
||||||
|
that You distribute, all copyright, patent, trademark, and
|
||||||
|
attribution notices from the Source form of the Work,
|
||||||
|
excluding those notices that do not pertain to any part of
|
||||||
|
the Derivative Works; and
|
||||||
|
|
||||||
|
(d) If the Work includes a "NOTICE" text file as part of its
|
||||||
|
distribution, then any Derivative Works that You distribute must
|
||||||
|
include a readable copy of the attribution notices contained
|
||||||
|
within such NOTICE file, excluding those notices that do not
|
||||||
|
pertain to any part of the Derivative Works, in at least one
|
||||||
|
of the following places: within a NOTICE text file distributed
|
||||||
|
as part of the Derivative Works; within the Source form or
|
||||||
|
documentation, if provided along with the Derivative Works; or,
|
||||||
|
within a display generated by the Derivative Works, if and
|
||||||
|
wherever such third-party notices normally appear. The contents
|
||||||
|
of the NOTICE file are for informational purposes only and
|
||||||
|
do not modify the License. You may add Your own attribution
|
||||||
|
notices within Derivative Works that You distribute, alongside
|
||||||
|
or as an addendum to the NOTICE text from the Work, provided
|
||||||
|
that such additional attribution notices cannot be construed
|
||||||
|
as modifying the License.
|
||||||
|
|
||||||
|
You may add Your own copyright statement to Your modifications and
|
||||||
|
may provide additional or different license terms and conditions
|
||||||
|
for use, reproduction, or distribution of Your modifications, or
|
||||||
|
for any such Derivative Works as a whole, provided Your use,
|
||||||
|
reproduction, and distribution of the Work otherwise complies with
|
||||||
|
the conditions stated in this License.
|
||||||
|
|
||||||
|
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||||
|
any Contribution intentionally submitted for inclusion in the Work
|
||||||
|
by You to the Licensor shall be under the terms and conditions of
|
||||||
|
this License, without any additional terms or conditions.
|
||||||
|
Notwithstanding the above, nothing herein shall supersede or modify
|
||||||
|
the terms of any separate license agreement you may have executed
|
||||||
|
with Licensor regarding such Contributions.
|
||||||
|
|
||||||
|
6. Trademarks. This License does not grant permission to use the trade
|
||||||
|
names, trademarks, service marks, or product names of the Licensor,
|
||||||
|
except as required for reasonable and customary use in describing the
|
||||||
|
origin of the Work and reproducing the content of the NOTICE file.
|
||||||
|
|
||||||
|
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||||
|
agreed to in writing, Licensor provides the Work (and each
|
||||||
|
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||||
|
implied, including, without limitation, any warranties or conditions
|
||||||
|
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||||
|
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||||
|
appropriateness of using or redistributing the Work and assume any
|
||||||
|
risks associated with Your exercise of permissions under this License.
|
||||||
|
|
||||||
|
8. Limitation of Liability. In no event and under no legal theory,
|
||||||
|
whether in tort (including negligence), contract, or otherwise,
|
||||||
|
unless required by applicable law (such as deliberate and grossly
|
||||||
|
negligent acts) or agreed to in writing, shall any Contributor be
|
||||||
|
liable to You for damages, including any direct, indirect, special,
|
||||||
|
incidental, or consequential damages of any character arising as a
|
||||||
|
result of this License or out of the use or inability to use the
|
||||||
|
Work (including but not limited to damages for loss of goodwill,
|
||||||
|
work stoppage, computer failure or malfunction, or any and all
|
||||||
|
other commercial damages or losses), even if such Contributor
|
||||||
|
has been advised of the possibility of such damages.
|
||||||
|
|
||||||
|
9. Accepting Warranty or Additional Liability. While redistributing
|
||||||
|
the Work or Derivative Works thereof, You may choose to offer,
|
||||||
|
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||||
|
or other liability obligations and/or rights consistent with this
|
||||||
|
License. However, in accepting such obligations, You may act only
|
||||||
|
on Your own behalf and on Your sole responsibility, not on behalf
|
||||||
|
of any other Contributor, and only if You agree to indemnify,
|
||||||
|
defend, and hold each Contributor harmless for any liability
|
||||||
|
incurred by, or claims asserted against, such Contributor by reason
|
||||||
|
of your accepting any such warranty or additional liability.
|
||||||
|
|
||||||
|
END OF TERMS AND CONDITIONS
|
||||||
|
|
||||||
|
APPENDIX: How to apply the Apache License to your work.
|
||||||
|
|
||||||
|
To apply the Apache License to your work, attach the following
|
||||||
|
boilerplate notice, with the fields enclosed by brackets "[]"
|
||||||
|
replaced with your own identifying information. (Don't include
|
||||||
|
the brackets!) The text should be enclosed in the appropriate
|
||||||
|
comment syntax for the file format. We also recommend that a
|
||||||
|
file or class name and description of purpose be included on the
|
||||||
|
same "printed page" as the copyright notice for easier
|
||||||
|
identification within third-party archives.
|
||||||
|
|
||||||
|
Copyright [yyyy] [name of copyright owner]
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
39
tools/airship-in-a-pod/Makefile
Normal file
39
tools/airship-in-a-pod/Makefile
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
IMAGE_REGISTRY ?= quay.io/airshipit
|
||||||
|
IMAGES := infra-builder airshipctl-builder runner
|
||||||
|
IMAGE_TAG ?= latest
|
||||||
|
|
||||||
|
PUSH_IMAGES ?= false
|
||||||
|
|
||||||
|
.PHONY: help base libvirt $(IMAGES) build test
|
||||||
|
|
||||||
|
SHELL:=/bin/bash
|
||||||
|
.ONESHELL:
|
||||||
|
|
||||||
|
help: ## This help.
|
||||||
|
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z0-9_-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
|
||||||
|
|
||||||
|
build: base
|
||||||
|
build: libvirt
|
||||||
|
build: $(IMAGES) ## Build the containers.
|
||||||
|
|
||||||
|
base:
|
||||||
|
docker build --tag ianhowell/base:$(IMAGE_TAG) --build-arg BASE_IMAGE=ubuntu:20.04 ./base
|
||||||
|
ifeq (true, $(PUSH_IMAGES))
|
||||||
|
docker push ianhowell/base:$(IMAGE_TAG)
|
||||||
|
endif
|
||||||
|
|
||||||
|
libvirt:
|
||||||
|
docker build --tag ianhowell/libvirt:$(IMAGE_TAG) ./libvirt
|
||||||
|
ifeq (true, $(PUSH_IMAGES))
|
||||||
|
docker push ianhowell/libvirt:$(IMAGE_TAG)
|
||||||
|
endif
|
||||||
|
|
||||||
|
$(IMAGES):
|
||||||
|
docker build --tag $(IMAGE_REGISTRY)/aiap-$@:$(IMAGE_TAG) ./$@
|
||||||
|
ifeq (true, $(PUSH_IMAGES))
|
||||||
|
docker push $(IMAGE_REGISTRY)/aiap-$@:$(IMAGE_TAG)
|
||||||
|
endif
|
||||||
|
|
||||||
|
test: build ## Test airship-in-a-pod
|
||||||
|
kubectl delete -f airship-in-a-pod.yaml || true
|
||||||
|
kubectl create -f airship-in-a-pod.yaml
|
82
tools/airship-in-a-pod/README.md
Normal file
82
tools/airship-in-a-pod/README.md
Normal file
@ -0,0 +1,82 @@
|
|||||||
|
# Airship in a Pod
|
||||||
|
|
||||||
|
Airship in a pod is a Kubernetes pod definition which describes all of the
|
||||||
|
components required to deploy a fully functioning Airship 2 deployment. The pod
|
||||||
|
consists of the following "Task" containers:
|
||||||
|
|
||||||
|
* `airshipctl-builder`: This container builds the airshipctl binary and makes it
|
||||||
|
available to the other containers
|
||||||
|
* `infra-builder`: This container creates the various virtual networks and
|
||||||
|
machines required for an Airship deployment
|
||||||
|
* `runner`: The runner container is the "meat" of the pod, and executes the
|
||||||
|
deployment
|
||||||
|
|
||||||
|
The pod also contains the following "Support" containers:
|
||||||
|
|
||||||
|
* `libvirt`: This provides virtualisation
|
||||||
|
* `sushy-tools`: This is used for its BMC emulator
|
||||||
|
* `docker-in-docker`: This is used for nesting containers*
|
||||||
|
* `nginx`: This is used for image hosting
|
||||||
|
|
||||||
|
|
||||||
|
## Prerequisites
|
||||||
|
|
||||||
|
In order to deploy Airship in a Pod for development, you must first have a
|
||||||
|
working Kubernetes cluster. This guide assumes that a developer will deploy
|
||||||
|
using [minikube](https://minikube.sigs.k8s.io/docs/start/):
|
||||||
|
|
||||||
|
```
|
||||||
|
sudo -E minikube start --driver=none
|
||||||
|
```
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
|
Since Airship in a Pod is just a pod definition, deploying and using it is as
|
||||||
|
simple as deploying and using any Kubernetes pod.
|
||||||
|
|
||||||
|
#### Deploy the Pod
|
||||||
|
|
||||||
|
```
|
||||||
|
kubectl apply -f airship-in-a-pod.yaml
|
||||||
|
```
|
||||||
|
|
||||||
|
#### View Pod Logs
|
||||||
|
|
||||||
|
```
|
||||||
|
kubectl logs airship-in-a-pod -c $CONTAINER
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Interact with the Pod
|
||||||
|
|
||||||
|
```
|
||||||
|
kubectl exec -it airship-in-a-pod -c $CONTAINER -- bash
|
||||||
|
```
|
||||||
|
|
||||||
|
where `$CONTAINER` is one of the containers listed above.
|
||||||
|
|
||||||
|
|
||||||
|
### Output
|
||||||
|
|
||||||
|
Airship-in-a-pod produces the following outputs:
|
||||||
|
|
||||||
|
* The airshipctl repo and associated binary used with the deployment
|
||||||
|
* A tarball containing the generated ephemeral ISO, as well as the
|
||||||
|
configuration used during generation.
|
||||||
|
|
||||||
|
These artifacts are placed at `ARTIFACTS_DIR` (defaults to /opt/aiap-artifacts`).
|
||||||
|
|
||||||
|
|
||||||
|
### Caching
|
||||||
|
|
||||||
|
As it can be cumbersome and time-consuming to build and rebuild binaries and
|
||||||
|
images, some options are made available for caching. A developer may re-use
|
||||||
|
artifacts from previous runs (or provide their own) by placing them in
|
||||||
|
`CACHE_DIR` (defaults to `/opt/aiap-cache`). Special care is needed for the
|
||||||
|
caching:
|
||||||
|
|
||||||
|
* If using a cached `airshipctl`, the `airshipctl` binary must be stored in the
|
||||||
|
`$CACHE_DIR/airshipctl/bin/` directory, and the developer must have set
|
||||||
|
`USE_CACHED_AIRSHIPCTL` to `true`.
|
||||||
|
* If using a cached ephemeral iso, the iso must first be contained in a tarball named `iso.tar.gz`, must be stored in the
|
||||||
|
`$CACHE_DIR/` directory, and the developer must have set
|
||||||
|
`USE_CACHED_ISO` to `true`.
|
347
tools/airship-in-a-pod/airship-in-a-pod.yaml
Normal file
347
tools/airship-in-a-pod/airship-in-a-pod.yaml
Normal file
@ -0,0 +1,347 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Pod
|
||||||
|
metadata:
|
||||||
|
name: airship-in-a-pod
|
||||||
|
spec:
|
||||||
|
hostNetwork: false
|
||||||
|
restartPolicy: Never
|
||||||
|
containers:
|
||||||
|
|
||||||
|
- name: libvirt
|
||||||
|
image: ianhowell/libvirt:latest
|
||||||
|
tty: true
|
||||||
|
securityContext:
|
||||||
|
privileged: true
|
||||||
|
#SYS_ADMIN required for systemd, need to work out reqs for libvirt
|
||||||
|
command:
|
||||||
|
- bash
|
||||||
|
- -cex
|
||||||
|
- "exec /usr/lib/systemd/systemd"
|
||||||
|
env:
|
||||||
|
- name: container
|
||||||
|
value: docker
|
||||||
|
readinessProbe:
|
||||||
|
exec:
|
||||||
|
command:
|
||||||
|
- virsh
|
||||||
|
- version
|
||||||
|
initialDelaySeconds: 5
|
||||||
|
periodSeconds: 5
|
||||||
|
startupProbe:
|
||||||
|
exec:
|
||||||
|
command:
|
||||||
|
- systemctl
|
||||||
|
- is-active
|
||||||
|
- --quiet
|
||||||
|
- libvirtd
|
||||||
|
initialDelaySeconds: 5
|
||||||
|
periodSeconds: 5
|
||||||
|
volumeMounts:
|
||||||
|
- name: var-run-aiap
|
||||||
|
mountPath: /var/run/aiap/
|
||||||
|
- name: dev
|
||||||
|
mountPath: /dev
|
||||||
|
- name: tmp
|
||||||
|
mountPath: /tmp
|
||||||
|
- name: run
|
||||||
|
mountPath: /run
|
||||||
|
- name: var-lib-libvirt-images
|
||||||
|
mountPath: /var/lib/libvirt/images
|
||||||
|
- name: var-lib-libvirt-default
|
||||||
|
mountPath: /var/lib/libvirt/default
|
||||||
|
- name: var-run-libvirt
|
||||||
|
mountPath: /var/run/libvirt
|
||||||
|
- name: sys-fs-cgroup
|
||||||
|
mountPath: /sys/fs/cgroup
|
||||||
|
readOnly: false
|
||||||
|
- name: logs
|
||||||
|
mountPath: /var/log/
|
||||||
|
|
||||||
|
- name: sushy
|
||||||
|
image: quay.io/metal3-io/sushy-tools
|
||||||
|
command:
|
||||||
|
- bash
|
||||||
|
- -cex
|
||||||
|
- |
|
||||||
|
tee /csr_details.txt << EOF
|
||||||
|
[req]
|
||||||
|
default_bits = 2048
|
||||||
|
prompt = no
|
||||||
|
default_md = sha256
|
||||||
|
req_extensions = req_ext
|
||||||
|
distinguished_name = dn
|
||||||
|
|
||||||
|
[ dn ]
|
||||||
|
CN = localhost
|
||||||
|
|
||||||
|
[ req_ext ]
|
||||||
|
subjectAltName = @alt_names
|
||||||
|
|
||||||
|
[ alt_names ]
|
||||||
|
DNS.1 = 127.0.0.1
|
||||||
|
DNS.2 = ::1
|
||||||
|
EOF
|
||||||
|
|
||||||
|
openssl req \
|
||||||
|
-newkey rsa:2048 \
|
||||||
|
-nodes \
|
||||||
|
-keyout /airship_gate_redfish_auth.key \
|
||||||
|
-x509 \
|
||||||
|
-days 365 \
|
||||||
|
-out /airship_gate_redfish_auth.pem \
|
||||||
|
-config <(cat /csr_details.txt) \
|
||||||
|
-extensions 'req_ext'
|
||||||
|
|
||||||
|
# Wait for interface to come up
|
||||||
|
while ! ping -c1 10.23.25.1 2>&1 >/dev/null; do sleep 1; done
|
||||||
|
|
||||||
|
sushy-emulator \
|
||||||
|
--debug \
|
||||||
|
--interface 10.23.25.1 \
|
||||||
|
--port 8443 \
|
||||||
|
--ssl-key /airship_gate_redfish_auth.key \
|
||||||
|
--ssl-certificate /airship_gate_redfish_auth.pem || true
|
||||||
|
|
||||||
|
tail -f /dev/null
|
||||||
|
volumeMounts:
|
||||||
|
- name: var-run-libvirt
|
||||||
|
mountPath: /var/run/libvirt
|
||||||
|
|
||||||
|
- name: nginx
|
||||||
|
image: nginx:latest
|
||||||
|
command:
|
||||||
|
- bash
|
||||||
|
- -cex
|
||||||
|
- |
|
||||||
|
tee /etc/nginx/nginx.conf <<'EOF'
|
||||||
|
user nginx;
|
||||||
|
worker_processes 1;
|
||||||
|
error_log /var/log/nginx/error.log warn;
|
||||||
|
pid /var/run/nginx.pid;
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
http {
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
|
'$status $body_bytes_sent "$http_referer" '
|
||||||
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||||
|
access_log /var/log/nginx/access.log main;
|
||||||
|
sendfile on;
|
||||||
|
#tcp_nopush on;
|
||||||
|
keepalive_timeout 65;
|
||||||
|
#gzip on;
|
||||||
|
server {
|
||||||
|
listen 8099;
|
||||||
|
listen [::]:8099;
|
||||||
|
server_name localhost;
|
||||||
|
#charset koi8-r;
|
||||||
|
#access_log /var/log/nginx/host.access.log main;
|
||||||
|
location / {
|
||||||
|
root /srv/images;
|
||||||
|
autoindex on;
|
||||||
|
}
|
||||||
|
error_page 500 502 503 504 /50x.html;
|
||||||
|
location = /50x.html {
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
exec nginx -g 'daemon off;'
|
||||||
|
volumeMounts:
|
||||||
|
- name: srv
|
||||||
|
mountPath: /srv/
|
||||||
|
|
||||||
|
- name: dind
|
||||||
|
image: docker:stable-dind
|
||||||
|
securityContext:
|
||||||
|
privileged: true
|
||||||
|
volumeMounts:
|
||||||
|
- name: var-run-aiap
|
||||||
|
mountPath: /var/run/aiap/
|
||||||
|
- name: dind-storage
|
||||||
|
mountPath: /var/lib/docker
|
||||||
|
- name: var-run-docker
|
||||||
|
mountPath: /var/run/
|
||||||
|
- name: srv
|
||||||
|
mountPath: /srv/
|
||||||
|
|
||||||
|
- name: airshipctl-builder
|
||||||
|
image: quay.io/airshipit/aiap-airshipctl-builder:latest
|
||||||
|
command:
|
||||||
|
- bash
|
||||||
|
- -cex
|
||||||
|
- |
|
||||||
|
/entrypoint.sh || true
|
||||||
|
tail -f /dev/null
|
||||||
|
readinessProbe:
|
||||||
|
exec:
|
||||||
|
command:
|
||||||
|
- test
|
||||||
|
- -e
|
||||||
|
- /tmp/completed/airshipctl-builder
|
||||||
|
env:
|
||||||
|
- name: CACHE_DIR
|
||||||
|
value: /opt/aiap-cache
|
||||||
|
- name: USE_CACHED_AIRSHIPCTL
|
||||||
|
value: "false"
|
||||||
|
- name: ARTIFACTS_DIR
|
||||||
|
value: /opt/aiap-artifacts
|
||||||
|
- name: AIRSHIPCTL_REPO
|
||||||
|
value: https://review.opendev.org/airship/airshipctl
|
||||||
|
- name: AIRSHIPCTL_REF
|
||||||
|
value: master
|
||||||
|
volumeMounts:
|
||||||
|
- name: tmp
|
||||||
|
mountPath: /tmp
|
||||||
|
- name: cache
|
||||||
|
mountPath: /opt/aiap-cache
|
||||||
|
- name: artifacts
|
||||||
|
mountPath: /opt/aiap-artifacts
|
||||||
|
- name: completed
|
||||||
|
mountPath: /tmp/completed
|
||||||
|
- name: var-run-docker
|
||||||
|
mountPath: /var/run
|
||||||
|
|
||||||
|
- name: infra-builder
|
||||||
|
image: quay.io/airshipit/aiap-infra-builder:latest
|
||||||
|
securityContext:
|
||||||
|
privileged: true
|
||||||
|
command:
|
||||||
|
- bash
|
||||||
|
- -cex
|
||||||
|
- |
|
||||||
|
/entrypoint.sh || true
|
||||||
|
tail -f /dev/null
|
||||||
|
readinessProbe:
|
||||||
|
exec:
|
||||||
|
command:
|
||||||
|
- test
|
||||||
|
- -e
|
||||||
|
- /tmp/completed/infra-builder
|
||||||
|
env:
|
||||||
|
- name: CACHE_DIR
|
||||||
|
value: /opt/aiap-cache
|
||||||
|
- name: ARTIFACTS_DIR
|
||||||
|
value: /opt/aiap-artifacts
|
||||||
|
volumeMounts:
|
||||||
|
- name: cache
|
||||||
|
mountPath: /opt/aiap-cache
|
||||||
|
- name: artifacts
|
||||||
|
mountPath: /opt/aiap-artifacts
|
||||||
|
- name: completed
|
||||||
|
mountPath: /tmp/completed
|
||||||
|
- name: tmp
|
||||||
|
mountPath: /tmp
|
||||||
|
- name: var-run-aiap
|
||||||
|
mountPath: /var/run/aiap/
|
||||||
|
- name: var-lib-libvirt-images
|
||||||
|
mountPath: /var/lib/libvirt/images
|
||||||
|
- name: var-lib-libvirt-default
|
||||||
|
mountPath: /var/lib/libvirt/default
|
||||||
|
- name: var-run-libvirt
|
||||||
|
mountPath: /var/run/libvirt
|
||||||
|
- name: logs
|
||||||
|
mountPath: /var/log/
|
||||||
|
- name: var-run-docker
|
||||||
|
mountPath: /var/run
|
||||||
|
|
||||||
|
- name: runner
|
||||||
|
image: quay.io/airshipit/aiap-runner:latest
|
||||||
|
command:
|
||||||
|
- bash
|
||||||
|
- -cex
|
||||||
|
- |
|
||||||
|
/entrypoint.sh || true
|
||||||
|
tail -f /dev/null
|
||||||
|
readinessProbe:
|
||||||
|
exec:
|
||||||
|
command:
|
||||||
|
- test
|
||||||
|
- -e
|
||||||
|
- /tmp/completed/runner
|
||||||
|
initialDelaySeconds: 600
|
||||||
|
periodSeconds: 30
|
||||||
|
env:
|
||||||
|
- name: CACHE_DIR
|
||||||
|
value: /opt/aiap-cache
|
||||||
|
- name: ARTIFACTS_DIR
|
||||||
|
value: /opt/aiap-artifacts
|
||||||
|
- name: USE_CACHED_ISO
|
||||||
|
value: "false"
|
||||||
|
volumeMounts:
|
||||||
|
- name: cache
|
||||||
|
mountPath: /opt/aiap-cache
|
||||||
|
- name: artifacts
|
||||||
|
mountPath: /opt/aiap-artifacts
|
||||||
|
- name: completed
|
||||||
|
mountPath: /tmp/completed
|
||||||
|
- name: tmp
|
||||||
|
mountPath: /tmp
|
||||||
|
- name: var-run-aiap
|
||||||
|
mountPath: /var/run/aiap/
|
||||||
|
- name: srv
|
||||||
|
mountPath: /srv/
|
||||||
|
- name: run
|
||||||
|
mountPath: /run
|
||||||
|
- name: var-run-libvirt
|
||||||
|
mountPath: /var/run/libvirt
|
||||||
|
- name: logs
|
||||||
|
mountPath: /var/log/
|
||||||
|
- name: var-run-docker
|
||||||
|
mountPath: /var/run
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
- name: cache
|
||||||
|
hostPath:
|
||||||
|
path: /opt/aiap-cache
|
||||||
|
- name: artifacts
|
||||||
|
hostPath:
|
||||||
|
path: /opt/aiap-artifacts
|
||||||
|
- name: completed
|
||||||
|
emptyDir: {}
|
||||||
|
- name: dev
|
||||||
|
hostPath:
|
||||||
|
path: /dev
|
||||||
|
- name: tmp
|
||||||
|
emptyDir:
|
||||||
|
medium: "Memory"
|
||||||
|
- name: run
|
||||||
|
emptyDir:
|
||||||
|
medium: "Memory"
|
||||||
|
- name: var-lib-libvirt-images
|
||||||
|
emptyDir: {}
|
||||||
|
- name: var-lib-libvirt-default
|
||||||
|
emptyDir: {}
|
||||||
|
- name: var-run-libvirt
|
||||||
|
emptyDir:
|
||||||
|
medium: "Memory"
|
||||||
|
- name: var-run-aiap
|
||||||
|
emptyDir:
|
||||||
|
medium: "Memory"
|
||||||
|
- name: sys-fs-cgroup
|
||||||
|
hostPath:
|
||||||
|
path: /sys/fs/cgroup
|
||||||
|
- name: srv
|
||||||
|
emptyDir: {}
|
||||||
|
- name: logs
|
||||||
|
emptyDir: {}
|
||||||
|
- name: var-run-docker
|
||||||
|
emptyDir:
|
||||||
|
medium: "Memory"
|
||||||
|
- name: dind-storage
|
||||||
|
emptyDir: {}
|
30
tools/airship-in-a-pod/airshipctl-builder/Dockerfile
Normal file
30
tools/airship-in-a-pod/airshipctl-builder/Dockerfile
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
FROM ianhowell/base:latest
|
||||||
|
|
||||||
|
SHELL ["bash", "-exc"]
|
||||||
|
ENV DEBIAN_FRONTEND noninteractive
|
||||||
|
|
||||||
|
ARG USE_CACHED_AIRSHIPCTL="false"
|
||||||
|
ENV USE_CACHED_AIRSHIPCTL="false"
|
||||||
|
|
||||||
|
ARG AIRSHIPCTL_REPO=https://review.opendev.org/airship/airshipctl
|
||||||
|
ENV AIRSHIPCTL_REF=$AIRSHIPCTL_REF
|
||||||
|
|
||||||
|
ARG AIRSHIPCTL_REF=master
|
||||||
|
ENV AIRSHIPCTL_REPO=$AIRSHIPCTL_REPO
|
||||||
|
|
||||||
|
# Update distro and install ansible
|
||||||
|
RUN apt-get update ;\
|
||||||
|
apt-get dist-upgrade -y ;\
|
||||||
|
apt-get install -y \
|
||||||
|
git \
|
||||||
|
apt-transport-https \
|
||||||
|
ca-certificates \
|
||||||
|
gnupg-agent \
|
||||||
|
gettext-base ;\
|
||||||
|
rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
COPY assets /opt/assets/
|
||||||
|
RUN cp -ravf /opt/assets/* / ;\
|
||||||
|
rm -rf /opt/assets
|
||||||
|
|
||||||
|
ENTRYPOINT /entrypoint.sh
|
38
tools/airship-in-a-pod/airshipctl-builder/assets/entrypoint.sh
Executable file
38
tools/airship-in-a-pod/airshipctl-builder/assets/entrypoint.sh
Executable file
@ -0,0 +1,38 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
set -ex
|
||||||
|
|
||||||
|
if [[ "$USE_CACHED_AIRSHIPCTL" = "true" ]]
|
||||||
|
then
|
||||||
|
printf "Using cached airshipctl\n"
|
||||||
|
cp -r "$CACHE_DIR/airshipctl" "$ARTIFACTS_DIR/airshipctl"
|
||||||
|
else
|
||||||
|
printf "Waiting 30 seconds for the libvirt, sushy, and docker services to be ready\n"
|
||||||
|
sleep 30
|
||||||
|
|
||||||
|
airshipctl_dir="$ARTIFACTS_DIR/airshipctl"
|
||||||
|
mkdir -p "$airshipctl_dir"
|
||||||
|
cd "$airshipctl_dir"
|
||||||
|
|
||||||
|
git init
|
||||||
|
git fetch "$AIRSHIPCTL_REPO" "$AIRSHIPCTL_REF"
|
||||||
|
git checkout FETCH_HEAD
|
||||||
|
|
||||||
|
./tools/deployment/21_systemwide_executable.sh
|
||||||
|
mkdir -p bin
|
||||||
|
cp "$(which airshipctl)" bin
|
||||||
|
fi
|
||||||
|
|
||||||
|
/signal_complete airshipctl-builder
|
44
tools/airship-in-a-pod/base/Dockerfile
Normal file
44
tools/airship-in-a-pod/base/Dockerfile
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
ARG BASE_IMAGE
|
||||||
|
FROM ${BASE_IMAGE}
|
||||||
|
|
||||||
|
SHELL ["bash", "-exc"]
|
||||||
|
ENV DEBIAN_FRONTEND noninteractive
|
||||||
|
|
||||||
|
ARG CACHE_DIR=/opt/aiap-cache
|
||||||
|
ENV CACHE_DIR=$CACHE_DIR
|
||||||
|
|
||||||
|
ARG ARTIFACTS_DIR=/opt/aiap-artifacts
|
||||||
|
ENV ARTIFACTS_DIR=$ARTIFACTS_DIR
|
||||||
|
|
||||||
|
# Update distro and install common reqs
|
||||||
|
RUN apt-get update ;\
|
||||||
|
apt-get dist-upgrade -y ;\
|
||||||
|
apt-get install -y \
|
||||||
|
python3-minimal \
|
||||||
|
python3-pip \
|
||||||
|
python3-setuptools \
|
||||||
|
python3-libvirt \
|
||||||
|
curl \
|
||||||
|
make \
|
||||||
|
sudo \
|
||||||
|
iproute2 \
|
||||||
|
bridge-utils \
|
||||||
|
iputils-ping \
|
||||||
|
net-tools \
|
||||||
|
less \
|
||||||
|
jq \
|
||||||
|
vim \
|
||||||
|
software-properties-common \
|
||||||
|
openssh-client ;\
|
||||||
|
pip3 install --upgrade wheel ;\
|
||||||
|
pip3 install --upgrade ansible ;\
|
||||||
|
pip3 install --upgrade yq ;\
|
||||||
|
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - ;\
|
||||||
|
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" ;\
|
||||||
|
apt-get install -y --no-install-recommends docker-ce-cli ;\
|
||||||
|
rm -rf /var/lib/apt/lists/* ; \
|
||||||
|
mkdir -p "$ARTIFACTS_DIR" ; \
|
||||||
|
mkdir -p "$CACHE_DIR"
|
||||||
|
|
||||||
|
COPY wait_for .
|
||||||
|
COPY signal_complete .
|
9
tools/airship-in-a-pod/base/signal_complete
Executable file
9
tools/airship-in-a-pod/base/signal_complete
Executable file
@ -0,0 +1,9 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# signal_complete takes a container name and creates a file in the "completed"
|
||||||
|
# directory, denoting that the named container has finished its tasks. This can be
|
||||||
|
# leveraged by dependent containers via the `wait_for` command.
|
||||||
|
|
||||||
|
mkdir -p "/tmp/completed"
|
||||||
|
touch "/tmp/completed/$1"
|
||||||
|
printf "Marked %s as complete.\n" "$1"
|
22
tools/airship-in-a-pod/base/wait_for
Executable file
22
tools/airship-in-a-pod/base/wait_for
Executable file
@ -0,0 +1,22 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# wait_for takes a list of container names and runs until all of those container names
|
||||||
|
# appear in the "/tmp/completed" directory. It can be used to prevent a
|
||||||
|
# container from executing until pre-requisite containers have indicated completion.
|
||||||
|
|
||||||
|
mkdir -p "/tmp/completed"
|
||||||
|
while true; do
|
||||||
|
# Assume we're finished, prove otherwise
|
||||||
|
finished=true
|
||||||
|
for container in "$@"; do
|
||||||
|
if [[ ! -e "/tmp/completed/$container" ]]; then
|
||||||
|
printf "Waiting on '%s'...\n" "$container"
|
||||||
|
finished=false
|
||||||
|
sleep 10
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
if $finished; then
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
22
tools/airship-in-a-pod/infra-builder/Dockerfile
Normal file
22
tools/airship-in-a-pod/infra-builder/Dockerfile
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
FROM ianhowell/base:latest
|
||||||
|
|
||||||
|
SHELL ["bash", "-exc"]
|
||||||
|
ENV DEBIAN_FRONTEND noninteractive
|
||||||
|
|
||||||
|
# Update distro and install ansible
|
||||||
|
RUN apt-get update ;\
|
||||||
|
apt-get dist-upgrade -y ;\
|
||||||
|
apt-get install -y \
|
||||||
|
python3-apt \
|
||||||
|
python3-lxml \
|
||||||
|
virtinst \
|
||||||
|
nfs4-acl-tools \
|
||||||
|
acl \
|
||||||
|
virt-manager;\
|
||||||
|
rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
COPY assets /opt/assets/
|
||||||
|
RUN cp -ravf /opt/assets/* / ;\
|
||||||
|
rm -rf /opt/assets
|
||||||
|
|
||||||
|
ENTRYPOINT /entrypoint.sh
|
23
tools/airship-in-a-pod/infra-builder/assets/entrypoint.sh
Executable file
23
tools/airship-in-a-pod/infra-builder/assets/entrypoint.sh
Executable file
@ -0,0 +1,23 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
set -ex
|
||||||
|
|
||||||
|
printf "Waiting 30 seconds for the libvirt, sushy, and docker services to be ready\n"
|
||||||
|
sleep 30
|
||||||
|
|
||||||
|
ansible-playbook -v /opt/ansible/playbooks/build-infra.yaml \
|
||||||
|
-e local_src_dir="$(pwd)"
|
||||||
|
|
||||||
|
/signal_complete infra-builder
|
@ -0,0 +1,23 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
---
|
||||||
|
- hosts: localhost
|
||||||
|
tasks:
|
||||||
|
|
||||||
|
- name: install kustomize
|
||||||
|
include_role:
|
||||||
|
name: install-kustomize
|
||||||
|
|
||||||
|
- name: Setup Infrastructure
|
||||||
|
include_role:
|
||||||
|
name: build-infra
|
@ -0,0 +1,64 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
floorplan:
|
||||||
|
image_pool: "/var/lib/libvirt/images"
|
||||||
|
default_image_pool: "/var/lib/libvirt/default"
|
||||||
|
uri: "qemu:///system"
|
||||||
|
os_variant: "ubuntu18.04"
|
||||||
|
|
||||||
|
ephemeral_node:
|
||||||
|
name: air-ephemeral
|
||||||
|
cpu: 4
|
||||||
|
ram: 6124
|
||||||
|
nat_mac_address: 52:54:00:9b:27:02
|
||||||
|
prov_mac_address: 52:54:00:b6:ed:02
|
||||||
|
block:
|
||||||
|
- 20G
|
||||||
|
|
||||||
|
target_nodes:
|
||||||
|
count: 1
|
||||||
|
name: air-target
|
||||||
|
cpu: 2
|
||||||
|
ram: 6124
|
||||||
|
nat_mac_address: 52:54:00:9b:27:4c
|
||||||
|
prov_mac_address: 52:54:00:b6:ed:31
|
||||||
|
block:
|
||||||
|
- 20G
|
||||||
|
|
||||||
|
worker_nodes:
|
||||||
|
count: 1
|
||||||
|
name: air-worker
|
||||||
|
cpu: 1
|
||||||
|
ram: 6124
|
||||||
|
nat_mac_address: 52:54:00:9b:27:07
|
||||||
|
prov_mac_address: 52:54:00:b6:ed:23
|
||||||
|
block:
|
||||||
|
- 20G
|
||||||
|
|
||||||
|
# 1st item must be the oobm network, 2nd the provisioning
|
||||||
|
networks:
|
||||||
|
- name: provisioning
|
||||||
|
bridge: "air_prov"
|
||||||
|
ip:
|
||||||
|
address: "10.23.24.1"
|
||||||
|
netmask: "255.255.255.0"
|
||||||
|
- name: nat
|
||||||
|
bridge: "air_nat"
|
||||||
|
ip:
|
||||||
|
address: "10.23.25.1"
|
||||||
|
netmask: "255.255.255.0"
|
||||||
|
- name: default
|
||||||
|
bridge: "default"
|
||||||
|
ip:
|
||||||
|
address: "10.23.25.1"
|
||||||
|
netmask: "255.255.255.0"
|
@ -0,0 +1,59 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
qcow_rand: "{{ 6000 | random }}"
|
||||||
|
|
||||||
|
- name: "Create qemu image extra block devices"
|
||||||
|
shell: |
|
||||||
|
qemu-img create \
|
||||||
|
-f qcow2 \
|
||||||
|
"{{ floorplan.image_pool }}/{{ vm_instance.name }}-{{ seq }}-{{ qcow_rand }}".qcow2 "{{ vm_instance.block[(seq | int)-1] }}"
|
||||||
|
with_sequence:
|
||||||
|
start=1 end="{{ (vm_instance.block | length | int ) }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: seq
|
||||||
|
|
||||||
|
- acl:
|
||||||
|
default: true
|
||||||
|
path: "{{ floorplan.image_pool }}"
|
||||||
|
entry: "u:libvirt-qemu:r-x"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Define vm xml
|
||||||
|
shell: |
|
||||||
|
virt-install \
|
||||||
|
--connect "{{ floorplan.uri }}" \
|
||||||
|
--os-variant "{{ floorplan.os_variant }}" \
|
||||||
|
--machine pc \
|
||||||
|
--name "{{ vm_name }}" \
|
||||||
|
--memory "{{ vm_instance.ram }}" \
|
||||||
|
--network network="air_nat",address.type='pci',address.domain=0,address.bus=0,address.slot=3,address.function=0,mac="{{ vm_instance.nat_mac_address }}" \
|
||||||
|
--network network="air_prov",address.type='pci',address.domain=0,address.bus=0,address.slot=4,address.function=0,mac="{{ vm_instance.prov_mac_address }}" \
|
||||||
|
--cpu host-passthrough \
|
||||||
|
--vcpus "{{ vm_instance.cpu | int }}" \
|
||||||
|
--import \
|
||||||
|
{% for i in range(1, (vm_instance.block | length | int )+1) %}
|
||||||
|
--disk "{{ floorplan.image_pool }}/{{ vm_instance.name }}-{{ i }}-{{ qcow_rand }}.qcow2,bus=scsi,format=qcow2" \
|
||||||
|
{% endfor %}
|
||||||
|
--nographics \
|
||||||
|
--noautoconsole \
|
||||||
|
--print-xml
|
||||||
|
register: vm_xml
|
||||||
|
|
||||||
|
- debug:
|
||||||
|
msg: "{{ vm_xml }}"
|
||||||
|
|
||||||
|
- name: Create vm
|
||||||
|
virt:
|
||||||
|
command: define
|
||||||
|
xml: "{{ vm_xml.stdout }}"
|
@ -0,0 +1,20 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- debug:
|
||||||
|
msg: "{{ worker_node }}"
|
||||||
|
|
||||||
|
- name: "Create vms"
|
||||||
|
include_tasks: create-vm.yaml
|
||||||
|
with_sequence: start=1 end="{{vm_instance.count | int}}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: a_node
|
@ -0,0 +1,93 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- acl:
|
||||||
|
default: true
|
||||||
|
path: "{{ floorplan.default_image_pool }}"
|
||||||
|
entry: "u:libvirt-qemu:r-x"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: "Define, Build, and Start default storage pool"
|
||||||
|
block:
|
||||||
|
- virt_pool:
|
||||||
|
command: define
|
||||||
|
name: "{{ item }}"
|
||||||
|
xml: '{{ lookup("template", "{{ item }}.xml.j2") }}'
|
||||||
|
with_items:
|
||||||
|
- default
|
||||||
|
|
||||||
|
- virt_pool:
|
||||||
|
command: build
|
||||||
|
name: "{{ item }}"
|
||||||
|
with_items:
|
||||||
|
- default
|
||||||
|
|
||||||
|
- virt_pool:
|
||||||
|
state: active
|
||||||
|
name: "{{ item }}"
|
||||||
|
with_items:
|
||||||
|
- default
|
||||||
|
|
||||||
|
- virt_pool:
|
||||||
|
command: list_pools
|
||||||
|
|
||||||
|
- name: "Define network, activate, start network pools"
|
||||||
|
block:
|
||||||
|
- virt_net:
|
||||||
|
command: define
|
||||||
|
xml: '{{ lookup("template", "{{ item }}.xml.j2") }}'
|
||||||
|
name: "{{ item }}"
|
||||||
|
with_items:
|
||||||
|
- "air_prov"
|
||||||
|
- "air_nat"
|
||||||
|
|
||||||
|
- virt_net:
|
||||||
|
state: active
|
||||||
|
name: "{{ item }}"
|
||||||
|
with_items:
|
||||||
|
- "default"
|
||||||
|
- "air_prov"
|
||||||
|
- "air_nat"
|
||||||
|
|
||||||
|
- virt_net:
|
||||||
|
name: "{{ item }}"
|
||||||
|
autostart: true
|
||||||
|
with_items:
|
||||||
|
- "default"
|
||||||
|
- "air_prov"
|
||||||
|
- "air_nat"
|
||||||
|
|
||||||
|
- name: "Create ephemeral node"
|
||||||
|
include_tasks: create-vm.yaml
|
||||||
|
vars:
|
||||||
|
vm_instance: "{{ ephemeral_node }}"
|
||||||
|
vm_name: "{{ ephemeral_node.name }}"
|
||||||
|
|
||||||
|
- name: "Create target nodes"
|
||||||
|
include_tasks: create-vm.yaml
|
||||||
|
vars:
|
||||||
|
vm_instance: "{{ target_nodes }}"
|
||||||
|
vm_name: "{{ target_nodes.name }}-{{ a_node }}"
|
||||||
|
with_sequence:
|
||||||
|
start=1 end="{{ (vm_instance.count | int) }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: a_node
|
||||||
|
|
||||||
|
- name: "Create worker nodes"
|
||||||
|
include_tasks: create-vm.yaml
|
||||||
|
vars:
|
||||||
|
vm_instance: "{{ worker_nodes }}"
|
||||||
|
vm_name: "{{ worker_nodes.name }}-{{ a_node }}"
|
||||||
|
with_sequence:
|
||||||
|
start=1 end="{{ (vm_instance.count | int) }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: a_node
|
@ -0,0 +1,10 @@
|
|||||||
|
<network connections="2">
|
||||||
|
<name>air_nat</name>
|
||||||
|
<uuid>667f20da-ad20-4623-bf70-88f6e6dec2d6</uuid>
|
||||||
|
<forward mode="nat">
|
||||||
|
<nat><port start="1024" end="65535"/>
|
||||||
|
</nat>
|
||||||
|
</forward><bridge name="nat_br" stp="on" delay="0"/>
|
||||||
|
<ip address="{{ networks[1].ip.address }}" netmask="{{ networks[1].ip.netmask }}">
|
||||||
|
</ip>
|
||||||
|
</network>
|
@ -0,0 +1,7 @@
|
|||||||
|
<network connections="2">
|
||||||
|
<name>air_prov</name>
|
||||||
|
<uuid>55739809-1c3a-4c79-b6e7-2607000715da</uuid>
|
||||||
|
<bridge name="prov_br" stp="on" delay="0"/>
|
||||||
|
<ip address="{{ networks[0].ip.address }}" netmask="{{ networks[0].ip.netmask }}">
|
||||||
|
</ip>
|
||||||
|
</network>
|
@ -0,0 +1,6 @@
|
|||||||
|
<pool type="dir">
|
||||||
|
<name>default</name>
|
||||||
|
<target>
|
||||||
|
<path>{{ floorplan.default_image_pool }}</path>
|
||||||
|
</target>
|
||||||
|
</pool>
|
@ -0,0 +1,9 @@
|
|||||||
|
<network>
|
||||||
|
<name>default</name>
|
||||||
|
<uuid>3f11d0fe-6c59-43fb-b22a-4355d57d07fa</uuid><forward mode="nat"/>
|
||||||
|
<bridge name="virbr0" stp="on" delay="0"/>
|
||||||
|
<ip address="192.168.122.1" netmask="255.255.255.0">
|
||||||
|
<dhcp><range start="192.168.122.2" end="192.168.122.254"/>
|
||||||
|
</dhcp>
|
||||||
|
</ip>
|
||||||
|
</network>
|
@ -0,0 +1,17 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
kustomize_version: v3.8.5
|
||||||
|
kustomize_download_url: "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/{{ kustomize_version }}/kustomize_{{ kustomize_version }}_linux_amd64.tar.gz"
|
||||||
|
proxy:
|
||||||
|
http:
|
||||||
|
noproxy:
|
@ -0,0 +1,24 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- name: install kustomize binary
|
||||||
|
shell: |
|
||||||
|
set -e
|
||||||
|
curl -sSL {{ kustomize_download_url }} | tar -C /tmp -xzf -
|
||||||
|
install /tmp/kustomize /usr/local/bin
|
||||||
|
become: yes
|
||||||
|
args:
|
||||||
|
warn: false
|
||||||
|
environment:
|
||||||
|
http_proxy: "{{ proxy.http }}"
|
||||||
|
https_proxy: "{{ proxy.http }}"
|
||||||
|
no_proxy: "{{ proxy.noproxy }}"
|
34
tools/airship-in-a-pod/libvirt/Dockerfile
Normal file
34
tools/airship-in-a-pod/libvirt/Dockerfile
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
FROM ianhowell/base:latest
|
||||||
|
|
||||||
|
SHELL ["bash", "-exc"]
|
||||||
|
ENV DEBIAN_FRONTEND noninteractive
|
||||||
|
|
||||||
|
RUN apt-get update ;\
|
||||||
|
apt-get dist-upgrade -y ;\
|
||||||
|
apt-get install -y \
|
||||||
|
libvirt-daemon \
|
||||||
|
qemu-kvm \
|
||||||
|
libvirt-daemon-system \
|
||||||
|
bridge-utils \
|
||||||
|
libvirt-clients \
|
||||||
|
systemd \
|
||||||
|
socat ;\
|
||||||
|
find /etc/systemd/system \
|
||||||
|
/usr/lib/systemd/system \
|
||||||
|
-path '*.wants/*' \
|
||||||
|
-not -name '*journald*' \
|
||||||
|
-not -name '*systemd-tmpfiles*' \
|
||||||
|
-not -name '*systemd-user-sessions*' \
|
||||||
|
-exec rm \{} \; ;\
|
||||||
|
systemctl set-default multi-user.target ;\
|
||||||
|
sed -i 's|SocketMode=0660|SocketMode=0666|g' /lib/systemd/system/libvirtd.socket ;\
|
||||||
|
systemctl enable libvirtd ;\
|
||||||
|
systemctl enable virtlogd ;\
|
||||||
|
echo 'user = "root"' >> /etc/libvirt/qemu.conf ;\
|
||||||
|
echo 'group = "root"' >> /etc/libvirt/qemu.conf
|
||||||
|
|
||||||
|
COPY assets /opt/assets/
|
||||||
|
RUN cp -ravf /opt/assets/* / ;\
|
||||||
|
rm -rf /opt/assets
|
||||||
|
|
||||||
|
ENTRYPOINT /bin/systemd
|
@ -0,0 +1,43 @@
|
|||||||
|
# This file is part of systemd.
|
||||||
|
#
|
||||||
|
# systemd is free software; you can redistribute it and/or modify it
|
||||||
|
# under the terms of the GNU Lesser General Public License as published by
|
||||||
|
# the Free Software Foundation; either version 2.1 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# Entries in this file show the compile time defaults.
|
||||||
|
# You can change settings by editing this file.
|
||||||
|
# Defaults can be restored by simply deleting this file.
|
||||||
|
#
|
||||||
|
# See journald.conf(5) for details.
|
||||||
|
|
||||||
|
[Journal]
|
||||||
|
#Storage=auto
|
||||||
|
#Compress=yes
|
||||||
|
#Seal=yes
|
||||||
|
#SplitMode=uid
|
||||||
|
#SyncIntervalSec=5m
|
||||||
|
#RateLimitIntervalSec=30s
|
||||||
|
#RateLimitBurst=10000
|
||||||
|
#SystemMaxUse=
|
||||||
|
#SystemKeepFree=
|
||||||
|
#SystemMaxFileSize=
|
||||||
|
#SystemMaxFiles=100
|
||||||
|
#RuntimeMaxUse=
|
||||||
|
#RuntimeKeepFree=
|
||||||
|
#RuntimeMaxFileSize=
|
||||||
|
#RuntimeMaxFiles=100
|
||||||
|
#MaxRetentionSec=
|
||||||
|
#MaxFileSec=1month
|
||||||
|
#ForwardToSyslog=yes
|
||||||
|
#ForwardToKMsg=no
|
||||||
|
ForwardToConsole=yes
|
||||||
|
#ForwardToWall=yes
|
||||||
|
TTYPath=/dev/console
|
||||||
|
#MaxLevelStore=debug
|
||||||
|
#MaxLevelSyslog=debug
|
||||||
|
#MaxLevelKMsg=notice
|
||||||
|
#MaxLevelConsole=info
|
||||||
|
#MaxLevelWall=emerg
|
||||||
|
#LineMax=48K
|
||||||
|
#ReadKMsg=yes
|
@ -0,0 +1,3 @@
|
|||||||
|
[Service]
|
||||||
|
StandardOutput=tty
|
||||||
|
#FailureAction=poweroff
|
@ -0,0 +1,2 @@
|
|||||||
|
[Service]
|
||||||
|
FailureAction=poweroff
|
@ -0,0 +1,2 @@
|
|||||||
|
[Service]
|
||||||
|
StandardOutput=tty
|
28
tools/airship-in-a-pod/runner/Dockerfile
Normal file
28
tools/airship-in-a-pod/runner/Dockerfile
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
FROM ianhowell/base:latest
|
||||||
|
|
||||||
|
SHELL ["bash", "-exc"]
|
||||||
|
ENV DEBIAN_FRONTEND noninteractive
|
||||||
|
|
||||||
|
ARG k8s_version=v1.18.3
|
||||||
|
ARG kubectl_url=https://storage.googleapis.com/kubernetes-release/release/"${k8s_version}"/bin/linux/amd64/kubectl
|
||||||
|
|
||||||
|
# Update distro and install ansible
|
||||||
|
RUN apt-get update ;\
|
||||||
|
apt-get dist-upgrade -y ;\
|
||||||
|
apt-get install -y \
|
||||||
|
git \
|
||||||
|
git-review \
|
||||||
|
apt-transport-https \
|
||||||
|
ca-certificates \
|
||||||
|
gnupg-agent \
|
||||||
|
libvirt-clients \
|
||||||
|
gettext-base ;\
|
||||||
|
curl -sSLo /usr/local/bin/kubectl "${kubectl_url}" ;\
|
||||||
|
chmod +x /usr/local/bin/kubectl ;\
|
||||||
|
rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
COPY assets /opt/assets/
|
||||||
|
RUN cp -ravf /opt/assets/* / ;\
|
||||||
|
rm -rf /opt/assets
|
||||||
|
|
||||||
|
ENTRYPOINT /entrypoint.sh
|
70
tools/airship-in-a-pod/runner/assets/entrypoint.sh
Executable file
70
tools/airship-in-a-pod/runner/assets/entrypoint.sh
Executable file
@ -0,0 +1,70 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
set -ex
|
||||||
|
|
||||||
|
# Wait until airshipctl and libvirt infrastructure has been built
|
||||||
|
/wait_for airshipctl-builder
|
||||||
|
/wait_for infra-builder
|
||||||
|
|
||||||
|
export USER=root
|
||||||
|
# https://github.com/sudo-project/sudo/issues/42
|
||||||
|
echo "Set disable_coredump false" >> /etc/sudo.conf
|
||||||
|
|
||||||
|
echo "Installing kustomize"
|
||||||
|
kustomize_version=v3.8.5
|
||||||
|
kustomize_download_url="https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${kustomize_version}/kustomize_${kustomize_version}_linux_amd64.tar.gz"
|
||||||
|
curl -sSL "$kustomize_download_url" | tar -C /tmp -xzf -
|
||||||
|
install /tmp/kustomize /usr/local/bin
|
||||||
|
|
||||||
|
cp "$ARTIFACTS_DIR/airshipctl/bin/airshipctl" /usr/local/bin/airshipctl
|
||||||
|
cp -r "$ARTIFACTS_DIR/airshipctl/" /opt/airshipctl
|
||||||
|
cd /opt/airshipctl
|
||||||
|
|
||||||
|
|
||||||
|
curl -fsSL -o key.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc
|
||||||
|
SOPS_IMPORT_PGP="$(cat key.asc)"
|
||||||
|
SOPS_PGP_FP="FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4"
|
||||||
|
export SOPS_IMPORT_PGP SOPS_PGP_FP
|
||||||
|
|
||||||
|
# By default, don't build airshipctl - use the binary from the shared volume instead
|
||||||
|
# ./tools/deployment/21_systemwide_executable.sh
|
||||||
|
./tools/deployment/22_test_configs.sh
|
||||||
|
./tools/deployment/23_pull_documents.sh
|
||||||
|
./tools/deployment/23_generate_secrets.sh
|
||||||
|
|
||||||
|
sed -i -e 's#bmcAddress: redfish+http://\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\):8000#bmcAddress: redfish+https://10.23.25.1:8443#' /tmp/airship/airshipctl/manifests/site/test-site/target/catalogues/hosts.yaml
|
||||||
|
sed -i -e 's#root#username#' /tmp/airship/airshipctl/manifests/site/test-site/target/catalogues/hosts.yaml
|
||||||
|
sed -i -e 's#r00tme#password#' /tmp/airship/airshipctl/manifests/site/test-site/target/catalogues/hosts.yaml
|
||||||
|
sed -i -e 's#disableCertificateVerification: false#disableCertificateVerification: true#' /tmp/airship/airshipctl/manifests/site/test-site/target/catalogues/hosts.yaml
|
||||||
|
|
||||||
|
if [[ "$USE_CACHED_ISO" = "true" ]]; then
|
||||||
|
mkdir -p /srv/images
|
||||||
|
tar -xzf "$CACHE_DIR/iso.tar.gz" --directory /srv/images
|
||||||
|
else
|
||||||
|
./tools/deployment/24_build_images.sh
|
||||||
|
tar -czf "$ARTIFACTS_DIR/iso.tar.gz" --directory=/srv/images .
|
||||||
|
fi
|
||||||
|
|
||||||
|
./tools/deployment/25_deploy_ephemeral_node.sh
|
||||||
|
./tools/deployment/26_deploy_capi_ephemeral_node.sh
|
||||||
|
./tools/deployment/30_deploy_controlplane.sh
|
||||||
|
./tools/deployment/31_deploy_initinfra_target_node.sh
|
||||||
|
./tools/deployment/32_cluster_init_target_node.sh
|
||||||
|
./tools/deployment/33_cluster_move_target_node.sh
|
||||||
|
./tools/deployment/34_deploy_worker_node.sh
|
||||||
|
./tools/deployment/35_deploy_workload.sh
|
||||||
|
./tools/deployment/36_verify_hwcc_profiles.sh
|
||||||
|
|
||||||
|
/signal_complete runner
|
Loading…
x
Reference in New Issue
Block a user