airship
/
treasuremap
Code Issues Proposed changes
Reference Airship manifests, CICD, and reference architecture.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
626 Commits
2 Branches
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
treasuremap/tools/deployment/aiab/common/deploy-airship.sh

435 lines
15KB
Raw Permalink Blame History 

  1. #!/bin/bash

  2. #

  3. # Copyright 2018 AT&T Intellectual Property.  All other rights reserved.

  4. #

  5. # Licensed under the Apache License, Version 2.0 (the "License");

  6. # you may not use this file except in compliance with the License.

  7. # You may obtain a copy of the License at

  8. #

  9. #     http://www.apache.org/licenses/LICENSE-2.0

  10. #

  11. # Unless required by applicable law or agreed to in writing, software

  12. # distributed under the License is distributed on an "AS IS" BASIS,

  13. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  14. # See the License for the specific language governing permissions and

  15. # limitations under the License.

  16. 

  17. ###############################################################################

  18. #                                                                             #

  19. # Set up and deploy an Airship environment for development/testing purposes.  #

  20. # Many of the defaults and sources used here are NOT production ready, and    #

  21. # this should not be used as a copy/paste source for any production use.      #

  22. #                                                                             #

  23. ###############################################################################

  24. 

  25. set -x

  26. 

  27. # The last step to run through in this script. Valid Values are "collect",

  28. # "genesis", "deploy", and "demo". By default this will run through to the end

  29. # of the genesis steps

  30. LAST_STEP_NAME=${1:-"genesis"}

  31. 

  32. if [[ ${LAST_STEP_NAME} == "collect" ]]; then

  33.   STEP_BREAKPOINT=10

  34. elif [[ ${LAST_STEP_NAME} == "genesis" ]]; then

  35.   STEP_BREAKPOINT=20

  36. elif [[ ${LAST_STEP_NAME} == "deploy" ]]; then

  37.   STEP_BREAKPOINT=30

  38. elif [[ ${LAST_STEP_NAME} == "demo" ]]; then

  39.   STEP_BREAKPOINT=40

  40. else

  41.   STEP_BREAKPOINT=20

  42. fi

  43. 

  44. # The directory of the repo where current script is located.

  45. REPO_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )"/../../../../ >/dev/null 2>&1 && pwd )"

  46. 

  47. # The directory that will contain the copies of designs and repos from this

  48. # script. By default it is a directory where the repository is cloned.

  49. export WORKSPACE=${WORKSPACE:-"${REPO_DIR}/../"}

  50. 

  51. # The site to deploy

  52. TARGET_SITE=${TARGET_SITE:-"aiab"}

  53. 

  54. # Setup blank defaults for proxy variables

  55. http_proxy=${http_proxy:-""}

  56. https_proxy=${https_proxy:-""}

  57. no_proxy=${no_proxy:-""}

  58. 

  59. # The host name for the single-node deployment. e.g.: 'genesis'

  60. SHORT_HOSTNAME=${SHORT_HOSTNAME:-""}

  61. # The host ip for this single-node deployment. e.g.: '10.0.0.9'

  62. HOSTIP=${HOSTIP:-""}

  63. # The cidr for the network for the host. e.g.: '10.0.0.0/24'

  64. HOSTCIDR=${HOSTCIDR:-""}

  65. # The interface on the host/genesis node. e.g.: 'ens3'

  66. NODE_NET_IFACE=${NODE_NET_IFACE:-""}

  67. # Allowance for Genesis/Armada to settle in seconds:

  68. POST_GENESIS_DELAY=${POST_GENESIS_DELAY:-60}

  69. 

  70. # Command shortcuts

  71. PEGLEG="${REPO_DIR}/tools/airship pegleg"

  72. SHIPYARD="${REPO_DIR}/tools/airship shipyard"

  73. PROMENADE="${REPO_DIR}/tools/airship promenade"

  74. 

  75. function check_preconditions() {

  76.   set +x

  77.   fail=false

  78.   if ! [ $(id -u) = 0 ] ; then

  79.     echo "Please execute this script as root!"

  80.     fail=true

  81.   fi

  82.   if [ -z ${HOSTIP} ] ; then

  83.     echo "The HOSTIP variable must be set. E.g. 10.0.0.9"

  84.     fail=true

  85.   fi

  86.   if [ -z ${SHORT_HOSTNAME} ] ; then

  87.     echo "The SHORT_HOSTNAME variable must be set. E.g. testvm1"

  88.     fail=true

  89.   fi

  90.   if [ -z ${HOSTCIDR} ] ; then

  91.     echo "The HOSTCIDR variable must be set. E.g. 10.0.0.0/24"

  92.     fail=true

  93.   fi

  94.   if [ -z ${NODE_NET_IFACE} ] ; then

  95.     echo "The NODE_NET_IFACE variable must be set. E.g. ens3"

  96.     fail=true

  97.   fi

  98.   if [[ -z $(grep $SHORT_HOSTNAME /etc/hosts | grep $HOSTIP) ]]

  99.   then

  100.     echo "No /etc/hosts entry found for $SHORT_HOSTNAME. Please add one."

  101.     fail=true

  102.   fi

  103.   if [ $fail = true ] ; then

  104.     echo "Preconditions failed"

  105.     exit 1

  106.   fi

  107.   set -x

  108. }

  109. 

  110. function setup_workspace() {

  111.   # Setup workspace directories

  112.   mkdir -p ${WORKSPACE}/collected

  113.   mkdir -p ${WORKSPACE}/genesis

  114.   # Open permissions for output from Promenade

  115.   chmod -R 777 ${WORKSPACE}/genesis

  116. }

  117. 

  118. function configure_docker() {

  119.   if [[ ! -z "${https_proxy}" ]] || [[ ! -z "${http_proxy}" ]]

  120.   then

  121.     echo "Configuring Docker to use a proxy..."

  122.     mkdir -p /etc/systemd/system/docker.service.d/

  123.     cat << EOF > /etc/systemd/system/docker.service.d/http-proxy.conf

  124. [Service]

  125. Environment="HTTP_PROXY=${http_proxy}"

  126. Environment="HTTPS_PROXY=${https_proxy}"

  127. Environment="NO_PROXY=${no_proxy}"

  128. EOF

  129.     systemctl daemon-reload

  130.     systemctl restart docker

  131.   fi

  132. }

  133. 

  134. function configure_apt() {

  135.   if [[ ! -z "${https_proxy}" ]] || [[ ! -z "${http_proxy}" ]]

  136.   then

  137.     echo "Configuring apt to use a proxy..."

  138.     mkdir -p /etc/apt/

  139.     cat << EOF > /etc/apt/apt.conf

  140. Acquire::http::proxy "${http_proxy}";

  141. Acquire::https::proxy "${https_proxy}";

  142. EOF

  143.   fi

  144. }

  145. 

  146. function configure_dev_configurables() {

  147.   cat << EOF >> ${WORKSPACE}/treasuremap/site/${TARGET_SITE}/deployment/dev-configurables.yaml

  148. data:

  149.   hostname: ${SHORT_HOSTNAME}

  150.   hostip: ${HOSTIP}

  151.   hostcidr: ${HOSTCIDR}

  152.   interface: ${NODE_NET_IFACE}

  153.   maas-ingress: '192.169.1.5/32'

  154. EOF

  155. }

  156. 

  157. function install_dependencies() {

  158.     apt -qq update

  159.     # Install docker

  160.     apt -y install --no-install-recommends docker.io jq nmap nfs-common

  161. }

  162. 

  163. function run_pegleg_collect() {

  164.   pushd ${WORKSPACE}

  165.   # Make sure certificates generated during prior runs are deleted.

  166.   rm -f treasuremap/site/${TARGET_SITE}/secrets/certificates.yaml

  167.   # Run pegleg collect to get the documents combined.

  168.   ${PEGLEG} site -r /target/treasuremap collect ${TARGET_SITE} -s /target/collected

  169.   popd

  170. }

  171. 

  172. function generate_certs() {

  173.   # Runs the generation of certs by Promenade and builds bootstrap scripts

  174.   # Note: In the really real world, CAs and certs would be provided as part of

  175.   #   the supplied design. In this dev/test environment, self signed is fine.

  176.   # Moves the generated certificates from /genesis to the design, so that a

  177.   # Lint can be run

  178.   set +x

  179.   echo "=== Generating updated certificates ==="

  180.   set -x

  181.   pushd ${WORKSPACE}

  182.   # Copy the collected yamls into the target for the certs

  183.   cp collected/*.yaml genesis/

  184.   # Generate certificates

  185.   ${PROMENADE} generate-certs -o /target/genesis /target/genesis/treasuremap.yaml

  186.   # Copy the generated certs back into the deployment_files structure

  187.   cp genesis/certificates.yaml treasuremap/site/${TARGET_SITE}/secrets/

  188.   popd

  189. }

  190. 

  191. function lint_design() {

  192.   # After the certificates are in the deployment files run a pegleg lint

  193.   pushd ${WORKSPACE}

  194.   ${PEGLEG} site -r /target/treasuremap lint -x P001 ${TARGET_SITE}

  195.   popd

  196. }

  197. 

  198. function generate_genesis() {

  199.   # Generate the genesis scripts

  200.   pushd ${WORKSPACE}

  201.   ${PROMENADE} build-all -o /target/genesis --validators \

  202.     /target/genesis/treasuremap.yaml \

  203.     /target/genesis/certificates.yaml

  204.   popd

  205. }

  206. 

  207. function run_genesis() {

  208.   # Runs the genesis script that was generated

  209.   ${WORKSPACE}/genesis/genesis.sh

  210. }

  211. 

  212. function validate_genesis() {

  213.   # Vaidates the genesis deployment

  214.   ${WORKSPACE}/genesis/validate-genesis.sh

  215. }

  216. 

  217. function genesis_complete() {

  218.   # Setup kubeconfig

  219.   if [ ! -d "$HOME/.kube" ] ; then

  220.     mkdir ~/.kube

  221.   fi

  222.   cp -r /etc/kubernetes/admin/pki ~/.kube/pki

  223.   cat /etc/kubernetes/admin/kubeconfig.yaml | sed -e 's/\/etc\/kubernetes\/admin/./' > ~/.kube/config

  224. 

  225.   set +x

  226.   echo "-----------"

  227.   echo "Waiting ${POST_GENESIS_DELAY} seconds for Genesis process to settle. This is a good time to grab one more coffee :)"

  228.   echo "-----------"

  229.   sleep ${POST_GENESIS_DELAY}

  230.   echo " "

  231.   echo "Genesis complete. "

  232.   print_shipyard_info1

  233.   set -x

  234. }

  235. 

  236. function print_shipyard_info1() {

  237.   SHIPYARD_KEYSTONE_PASS=$(awk '/^data:/ {print $2}' ${WORKSPACE}/treasuremap/site/${TARGET_SITE}/secrets/passphrases/ucp_shipyard_keystone_password.yaml)

  238.   set +x

  239.   # signals that genesis completed

  240.   echo " "

  241.   echo "The .yaml files in ${WORKSPACE} contain the site design that may be suitable for use with Shipyard. "

  242.   echo "The Shipyard Keystone password ${SHIPYARD_KEYSTONE_PASS} may be found in ${WORKSPACE}/treasuremap/site/${TARGET_SITE}/secrets/passphrases/ucp_shipyard_keystone_password.yaml"

  243.   echo " "

  244.   set -x

  245. }

  246. 

  247. function setup_deploy_site() {

  248.   # creates a directory /${WORKSPACE}/site with all the things necessary to run

  249.   # deploy_site

  250.   mkdir -p ${WORKSPACE}/site

  251.   cp ${WORKSPACE}/treasuremap/tools/deployment/aiab/common/creds.sh ${WORKSPACE}/site

  252.   cp ${WORKSPACE}/genesis/*.yaml ${WORKSPACE}/site

  253.   print_shipyard_info2

  254. }

  255. 

  256. function print_shipyard_info2() {

  257.   set +x

  258.   echo " "

  259.   echo "${WORKSPACE}/site is set up with creds.sh which can be sourced to set up credentials for use in running Shipyard"

  260.   echo "${WORKSPACE}/site contains .yaml files that represent the single-node site deployment. (treasuremap.yaml, certificates.yaml)"

  261.   echo " "

  262.   echo "----------------------------------------------------------------------------------"

  263.   echo "The following commands will execute Shipyard to setup and run a deploy_site action"

  264.   echo "----------------------------------------------------------------------------------"

  265.   echo "cd ${WORKSPACE}/site"

  266.   echo "source creds.sh"

  267.   echo "${SHIPYARD} create configdocs design --filename=/home/shipyard/host/treasuremap.yaml"

  268.   echo "${SHIPYARD} create configdocs secrets --filename=/home/shipyard/host/certificates.yaml --append"

  269.   echo "${SHIPYARD} commit configdocs"

  270.   echo "${SHIPYARD} create action deploy_site"

  271.   echo " "

  272.   echo "-----------"

  273.   echo "Other Notes"

  274.   echo "-----------"

  275.   echo "If you need to run Armada directly to deploy charts (fix something broken?), the following may be of use:"

  276.   echo "export ARMADA_IMAGE=quay.io/airshipit/armada"

  277.   echo "docker run -t -v ~/.kube:/armada/.kube -v ${WORKSPACE}/site:/target --net=host \${ARMADA_IMAGE} apply /target/your-yaml.yaml"

  278.   echo " "

  279.   set -x

  280. }

  281. 

  282. function execute_deploy_site() {

  283.   set +x

  284.   echo " "

  285.   echo "This is an automated deployment using Shipyard, running commands noted previously"

  286.   echo "Please stand by while Shipyard deploys the site"

  287.   echo " "

  288.   pushd ${WORKSPACE}/site

  289.   source creds.sh

  290.   set -x

  291.   ${SHIPYARD} create configdocs design --filename=/target/treasuremap.yaml

  292.   ${SHIPYARD} create configdocs secrets --filename=/target/certificates.yaml --append

  293.   ${SHIPYARD} commit configdocs

  294.   ${SHIPYARD} create action deploy_site

  295.   ${REPO_DIR}/tools/gate/wait-for-shipyard.sh

  296.   popd

  297. }

  298. 

  299. function execute_create_heat_stack() {

  300.   # TODO: (bryan-strassner) prevent this running unless we're running from a

  301.   #     compatible site defintion that includes OpenStack

  302.   set +x

  303.   echo " "

  304.   echo "Performing basic sanity checks by creating heat stacks"

  305.   echo " "

  306.   set -x

  307.   # Switch to directory where the script is located

  308.   pushd ${WORKSPACE}/treasuremap/tools/deployment/aiab/common/

  309.   bash test_create_heat_stack.sh

  310.   popd

  311. }

  312. 

  313. function publish_horizon_dashboard() {

  314.   kubectl -n openstack expose service/horizon-int --type=NodePort --name=horizon-dashboard

  315. }

  316. 

  317. function print_dashboards() {

  318.   AIRFLOW_PORT=$(kubectl -n ucp get service airflow-web-int -o jsonpath="{.spec.ports[0].nodePort}")

  319.   HORIZON_PORT=$(kubectl -n openstack get service horizon-dashboard -o jsonpath="{.spec.ports[0].nodePort}")

  320.   MAAS_PORT=$(kubectl -n ucp get service maas-region-ui -o jsonpath="{.spec.ports[0].nodePort}")

  321.   MASS_PASS=$(awk '/^data:/ {print $2}' ${WORKSPACE}/treasuremap/site/${TARGET_SITE}/secrets/passphrases/ucp_maas_admin_password.yaml)

  322.   HORIZON_PASS=$(awk '/^data:/ {print $2}' ${WORKSPACE}/treasuremap/site/${TARGET_SITE}/secrets/passphrases/osh_horizon_oslo_db_password.yaml)

  323.   set +x

  324.   echo " "

  325.   echo "OpenStack Horizon dashboard is available on this host at the following URL:"

  326.   echo " "

  327.   echo "  http://${HOSTIP}:${HORIZON_PORT}"

  328.   echo " "

  329.   # TODO: (roman_g) can we source it from somewhere?

  330.   echo "Credentials:"

  331.   echo "  Domain: default"

  332.   echo "  Username: admin"

  333.   echo "  Password: ${HORIZON_PASS}"

  334.   echo " "

  335.   echo "OpenStack CLI commands could be launched via \`./openstack\` script, e.g.:"

  336.   echo "  # cd ${WORKSPACE}/treasuremap/tools/"

  337.   echo "  # ./openstack stack list"

  338.   echo "  ..."

  339.   echo "  "

  340.   echo "Other dashboards:"

  341.   echo " "

  342.   echo "  MAAS: http://${HOSTIP}:${MAAS_PORT}/MAAS/ admin/${MASS_PASS}"

  343.   echo "  Airship Shipyard Airflow DAG: http://${HOSTIP}:${AIRFLOW_PORT}/"

  344.   echo " "

  345.   echo "Airship itself does not have a dashboard."

  346.   echo " "

  347.   # TODO: (roman_g) endpoints.yaml path below does not seem to be a reliable location

  348.   echo "Other endpoints and credentials are listed in the following locations:"

  349.   echo "  ${WORKSPACE}/type/sloop/config/endpoints.yaml"

  350.   echo "  ${WORKSPACE}/treasuremap/site/${TARGET_SITE}/secrets/passphrases/"

  351.   echo "Exposed ports of services can be listed with the following command:"

  352.   echo "  # kubectl get services --all-namespaces | grep -v ClusterIP"

  353.   echo "  ..."

  354.   echo " "

  355.   set -x

  356. }

  357. 

  358. function your_next_steps() {

  359.   set +x

  360.   echo " "

  361.   echo "---------------------------------------------------------------"

  362.   echo " "

  363.   echo "Airship has completed deployment of OpenStack (OpenStack-Helm)."

  364.   echo " "

  365.   echo "Explore Airship Treasuremap repository and documentation"

  366.   echo "available at the following URLs:"

  367.   echo " "

  368.   echo "  https://opendev.org/airship/treasuremap/"

  369.   echo "  https://airship-treasuremap.readthedocs.io/"

  370.   echo " "

  371.   echo "---------------------------------------------------------------"

  372.   echo " "

  373.   set -x

  374. }

  375. 

  376. function clean() {

  377.   # Perform any cleanup of temporary or unused artifacts

  378.   set +x

  379.   echo "To remove files generated during this script's execution, delete ${WORKSPACE}."

  380.   echo "This VM is disposable. Re-deployment in this same VM will lead to unpredictable results."

  381.   set -x

  382. }

  383. 

  384. function error() {

  385.   # Processes errors

  386.   set +x

  387.   echo "Error when $1."

  388.   set -x

  389.   exit 1

  390. }

  391. 

  392. trap clean EXIT

  393. 

  394. 

  395. # Common steps for all breakpoints specified

  396. check_preconditions || error "checking for preconditions"

  397. configure_apt || error "configuring apt behind proxy"

  398. setup_workspace || error "setting up workspace directories"

  399. configure_dev_configurables || error "adding dev-configurables values"

  400. install_dependencies || error "installing dependencies"

  401. configure_docker || error "configuring docker behind proxy"

  402. 

  403. # collect

  404. if [[ ${STEP_BREAKPOINT} -ge 10 ]]; then

  405.   echo "This is a good time to grab a coffee :)"

  406.   run_pegleg_collect || error "running pegleg collect"

  407. fi

  408. 

  409. # genesis

  410. if [[ ${STEP_BREAKPOINT} -ge 20 ]]; then

  411.   generate_certs || error "setting up certs with Promenade"

  412.   lint_design || error "linting the design"

  413.   generate_genesis || error "generating genesis"

  414.   run_genesis || error "running genesis"

  415.   validate_genesis || error "validating genesis"

  416.   genesis_complete || error "printing out some info about next steps"

  417.   setup_deploy_site || error "preparing the /site directory for deploy_site"

  418. fi

  419. 

  420. # deploy

  421. if [[ ${STEP_BREAKPOINT} -ge 30 ]]; then

  422.   execute_deploy_site || error "executing deploy_site from the /site directory"

  423. fi

  424. 

  425. # demo

  426. if [[ ${STEP_BREAKPOINT} -ge 40 ]]; then

  427.   execute_create_heat_stack || error "creating heat stack"

  428.   publish_horizon_dashboard || error "publishing Horizon dashboard"

  429.   print_shipyard_info1

  430.   print_shipyard_info2

  431.   print_dashboards || error "printing dashboards list"

  432.   ## Done

  433.   your_next_steps

  434. fi