Merge "Deploy with ansible inside orchestration container"

2018-01-05 19:47:05 +00:00 · 2018-01-05 19:47:05 +00:00 · 5ef59653e5
parent e457a23639 29461d6850
commit 5ef59653e5
22 changed files with 456 additions and 28 deletions
--- a/22
+++ b/22
@ -0,0 +1,22 @@
+FROM ubuntu:16.04
+
+RUN apt-get update && apt-get -y install python-dev curl libffi-dev gcc libssl-dev sshpass wget crudini git vim
+RUN curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py \
+    && python get-pip.py \
+    && rm get-pip.py
+RUN pip install ansible==2.2.* oslo_config
+
+ENV HELM_LATEST_VERSION="v2.7.2"
+ENV KUBE_LATEST_VERSION="v1.8.4"
+
+RUN wget http://storage.googleapis.com/kubernetes-helm/helm-${HELM_LATEST_VERSION}-linux-amd64.tar.gz \
+    && tar -xvf helm-${HELM_LATEST_VERSION}-linux-amd64.tar.gz \
+    && mv linux-amd64/helm /usr/local/bin \
+    && rm -f /helm-${HELM_LATEST_VERSION}-linux-amd64.tar.gz
+RUN curl -L https://storage.googleapis.com/kubernetes-release/release/${KUBE_LATEST_VERSION}/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl \
+    && chmod +x /usr/local/bin/kubectl
+
+ADD . /kolla-kubernetes
+
+RUN pip install -U /kolla-kubernetes/
+RUN cp -a /kolla-kubernetes/etc/* /etc
--- a/helm/microservice/horizon-deployment/templates/horizon-api.yaml
+++ b/helm/microservice/horizon-deployment/templates/horizon-api.yaml
@ -53,7 +53,7 @@ spec:
              path: horizon.conf
            - key: config.json
              path: config.json
-            - key: local-settings
+            - key: local_settings
              path: local_settings
 {{- end }}

--- a/helm/microservice/neutron-dhcp-agent-daemonset/templates/dhcp-agent-daemonset.yaml
+++ b/helm/microservice/neutron-dhcp-agent-daemonset/templates/dhcp-agent-daemonset.yaml
@ -106,9 +106,9 @@ spec:
              path: neutron.conf
            - key: config.json
              path: config.json
-            - key: ml2-conf.ini
+            - key: ml2_conf.ini
              path: ml2_conf.ini
-            - key: dhcp-agent.ini
+            - key: dhcp_agent.ini
              path: dhcp_agent.ini
            - key: dnsmasq.conf
              path: dnsmasq.conf
--- a/helm/microservice/neutron-l3-agent-daemonset/templates/l3-agent-daemonset.yaml
+++ b/helm/microservice/neutron-l3-agent-daemonset/templates/l3-agent-daemonset.yaml
@ -125,11 +125,11 @@ spec:
              path: neutron.conf
            - key: config.json
              path: config.json
-            - key: ml2-conf.ini
+            - key: ml2_conf.ini
              path: ml2_conf.ini
-            - key: fwaas-driver.ini
+            - key: fwaas_driver.ini
              path: fwaas_driver.ini
-            - key: l3-agent.ini
+            - key: l3_agent.ini
              path: l3_agent.ini
        - name: host-run-netns
          hostPath:
--- a/helm/microservice/neutron-manage-db-job/templates/neutron-manage-db.yaml
+++ b/helm/microservice/neutron-manage-db-job/templates/neutron-manage-db.yaml
@ -14,11 +14,11 @@ items:
  path: neutron.conf
 - key: config.json
  path: config.json
- key: ml2-conf.ini
+- key: ml2_conf.ini
  path: ml2_conf.ini
- key: neutron-lbaas.conf
+- key: neutron_lbaas.conf
  path: neutron_lbaas.conf
- key: neutron-vpnaas.conf
+- key: neutron_vpnaas.conf
  path: neutron_vpnaas.conf
 {{- end }}
 {{- with $env := dict "resourceName" $resourceName "serviceName" $serviceName "podTypeBootstrap" $podTypeBootstrap "imageFull" $imageFull "extraConfigmapConfig" $extraConfigmapConfig  "Values" .Values "Release" .Release "searchPath" $searchPath }}
--- a/helm/microservice/neutron-metadata-agent-daemonset/templates/metadata-agent-daemonset.yaml
+++ b/helm/microservice/neutron-metadata-agent-daemonset/templates/metadata-agent-daemonset.yaml
@ -62,9 +62,9 @@ spec:
              path: neutron.conf
            - key: config.json
              path: config.json
-            - key: ml2-conf.ini
+            - key: ml2_conf.ini
              path: ml2_conf.ini
-            - key: metadata-agent.ini
+            - key: metadata_agent.ini
              path: metadata_agent.ini
        - name: host-run-netns
          hostPath:
--- a/helm/microservice/neutron-openvswitch-agent-daemonset/templates/openvswitch-agent-daemonset.yaml
+++ b/helm/microservice/neutron-openvswitch-agent-daemonset/templates/openvswitch-agent-daemonset.yaml
@ -171,7 +171,7 @@ spec:
              path: neutron.conf
            - key: config.json
              path: config.json
-            - key: ml2-conf.ini
+            - key: ml2_conf.ini
              path: ml2_conf.ini
        - name: pod-main-config
          emptyDir: {}
--- a/helm/microservice/neutron-server-deployment/templates/neutron-server.yaml
+++ b/helm/microservice/neutron-server-deployment/templates/neutron-server.yaml
@ -23,11 +23,11 @@ items:
  path: neutron.conf
 - key: config.json
  path: config.json
- key: ml2-conf.ini
+- key: ml2_conf.ini
  path: ml2_conf.ini
- key: neutron-lbaas.conf
+- key: neutron_lbaas.conf
  path: neutron_lbaas.conf
- key: neutron-vpnaas.conf
+- key: neutron_vpnaas.conf
  path: neutron_vpnaas.conf
 {{- end }}
 {{- with $env := dict "netHostTrue" $netHostTrue "podTypeBootstrap" $podTypeBootstrap "resourceName" $resourceName "serviceName" $serviceName "serviceType" $serviceType "configFileName" $configFileName "configSectionName" $configSectionName "configListenHostParameter" $configListenHostParameter "configListenPortParameter" $configListenPortParameter "portName" $portName "imageFull" $imageFull "checkPath" $checkPath "extraConfigmapConfig" $extraConfigmapConfig "privileged" $privileged "Values" .Values "Release" .Release "searchPath" $searchPath }}
--- a/helm/test/devenv/templates/neutron-dhcp-agent.yaml
+++ b/helm/test/devenv/templates/neutron-dhcp-agent.yaml
@ -49,7 +49,7 @@ data:
            }
        ]
    }
-  dhcp-agent.ini: |+
+  dhcp_agent.ini: |+
    [DEFAULT]
    dnsmasq_config_file = /etc/neutron/dnsmasq.conf
    enable_isolated_metadata = true
@ -57,7 +57,7 @@ data:

  dnsmasq.conf: |
    log-facility=/var/log/kolla/neutron/dnsmasq.log
-  ml2-conf.ini: |+
+  ml2_conf.ini: |+
    [ml2]
    type_drivers = flat,vlan,vxlan
    tenant_network_types = vxlan
--- a/helm/test/devenv/templates/neutron-l3-agent.yaml
+++ b/helm/test/devenv/templates/neutron-l3-agent.yaml
@ -49,14 +49,14 @@ data:
            }
        ]
    }
-  fwaas-driver.ini: |+
+  fwaas_driver.ini: |+
    [fwaas]

-  l3-agent.ini: |+
+  l3_agent.ini: |+
    [DEFAULT]
    agent_mode = legacy

-  ml2-conf.ini: |+
+  ml2_conf.ini: |+
    [ml2]
    type_drivers = flat,vlan,vxlan
    tenant_network_types = vxlan
--- a/helm/test/devenv/templates/neutron-metadata-agent.yaml
+++ b/helm/test/devenv/templates/neutron-metadata-agent.yaml
@ -43,13 +43,13 @@ data:
            }
        ]
    }
-  metadata-agent.ini: |+
+  metadata_agent.ini: |+
    [DEFAULT]
    nova_metadata_ip = nova-metadata
    nova_metadata_port = 8775
    metadata_proxy_shared_secret = BPrkJkyrMUjKepsLaECUpLc9DZnsbLN03tRZozqC

-  ml2-conf.ini: |+
+  ml2_conf.ini: |+
    [ml2]
    type_drivers = flat,vlan,vxlan
    tenant_network_types = vxlan
--- a/helm/test/devenv/templates/neutron-openvswitch-agent.yaml
+++ b/helm/test/devenv/templates/neutron-openvswitch-agent.yaml
@ -32,7 +32,7 @@ data:
            }
        ]
    }
-  ml2-conf.ini: |+
+  ml2_conf.ini: |+
    [ml2]
    type_drivers = flat,vlan,vxlan
    tenant_network_types = vxlan
--- a/helm/test/devenv/templates/neutron-server.yaml
+++ b/helm/test/devenv/templates/neutron-server.yaml
@ -44,7 +44,7 @@ data:
            }
        ]
    }
-  ml2-conf.ini: |+
+  ml2_conf.ini: |+
    [ml2]
    type_drivers = flat,vlan,vxlan
    tenant_network_types = vxlan
@ -73,8 +73,8 @@ data:
    ovsdb_connection = tcp:0.0.0.0:6640
    local_ip = 0.0.0.0

-  neutron-lbaas.conf: ""
-  neutron-vpnaas.conf: ""
+  neutron_lbaas.conf: ""
+  neutron_vpnaas.conf: ""
  neutron.conf: |+
    [DEFAULT]
    debug = True
--- a/kolla_kubernetes/commands/cmd_resource.py
+++ b/kolla_kubernetes/commands/cmd_resource.py
@ -169,7 +169,7 @@ class ResourceTemplate(ResourceBase):
                for f in pathfinder.PathFinder.find_config_files(
                        resource_name):
                    cmd += ' --from-file={}={}'.format(
-                        os.path.basename(f).replace("_", "-"), f)
+                        os.path.basename(f), f)

                # Execute the command
                out, err = utils.ExecUtils.exec_command(cmd)
--- a/kolla_kubernetes/service_resources.py
+++ b/kolla_kubernetes/service_resources.py
@ -366,7 +366,7 @@ class Container(object):
        if action == 'create':
            for f in PathFinder.find_config_files(self.getName()):
                cmd += ' --from-file={}={}'.format(
-                    os.path.basename(f).replace("_", "-"), f)
+                    os.path.basename(f), f)

        # Execute the command
        ExecUtils.exec_command(cmd)
--- a/orchestration/README.md
+++ b/orchestration/README.md
@ -0,0 +1,62 @@
+# Kolla-Kubernetes Quickstart
+
+Temporary instructions for installing Kolla-Kubernetes with Ansible from Docker image.
+
+## Edit vars
+
+Configure the installation.
+
+```bash
+git clone http://github.com/openstack/kolla-kubernetes
+cd kolla-kubernetes
+vi ansible/group_vars/all.yml
+```
+
+## Create orchestration image
+
+Build and push orchestration images.
+Note: Requires image registry 
+
+```bash
+sudo docker build . --tag="localhost:30400/kolla-kubernetes-orchestration:latest"
+sudo docker push localhost:30400/kolla-kubernetes-orchestration
+```
+
+## Create namespace and context
+
+Create kolla namespace and context and use kolla context.
+
+```bash
+kubectl create ns kolla
+kubectl config set-context kolla --cluster=kubernetes --user=kubernetes-admin --namespace=kolla
+kubectl config use-context kolla
+```
+## Create orchestration manifest
+
+```yaml
+# kolla.yml
+
+apiVersion: v1
+kind: Pod
+metadata:
+  name: kolla
+spec:
+  containers:
+    - name: kolla-controller
+      image: localhost:30400/kolla-kubernetes-orchestration
+      command:
+        - sleep
+        - infinity
+```
+
+## Deploy
+
+Start orchestration pod, exec into container and run ansible-playbook.
+Note: You will need to wait for pod to be available before exec'ing into it.
+
+```bash
+kubectl create -f kolla.yml -n kolla
+kubectl exec -ti kolla /bin/bash -n kolla
+cd /kolla-kubernetes/orchestration
+ansible-playbook deploy.yml --extra-vars "@/kolla-kubernetes/ansible/group_vars/all.yml"  --extra-vars "kolla_internal_address=<IP address>"
+```
--- a/orchestration/deploy.yml
+++ b/orchestration/deploy.yml
@ -0,0 +1,6 @@
+---
+- name: Deploy kolla-kubernetes
+  hosts: localhost
+  connection: local
+  roles:
+    - kolla-controller
--- a/orchestration/roles/kolla-controller/tasks/kolla-config.yml
+++ b/orchestration/roles/kolla-controller/tasks/kolla-config.yml
@ -0,0 +1,97 @@
+---
+
+# Kolla-Kubernetes Configuration
+
+# Note: Ansible remote-src copy does not recurse dirs, hence using cp
+- name: Copy default kolla configuration to etc
+  become: True
+  command: cp -a /kolla-kubernetes/etc/kolla /etc
+
+- name: Copy default kolla-kubernetes configuration to /etc
+  become: True
+  command: cp -a /kolla-kubernetes/etc/kolla-kubernetes /etc
+
+- name: Generate default passwords via SPRNG
+  command: kolla-kubernetes-genpwd
+
+- name: Create a kubernetes namespace to isolate this kolla deployment
+  command: kubectl create namespace kolla
+  ignore_errors: True
+
+- name: Label the master node as the controller node
+  command: kubectl label node {{ ansible_hostname }} kolla_controller=true
+  ignore_errors: True
+
+- name: Label the master node a compute node
+  command: kubectl label node {{ ansible_hostname }} kolla_compute=true
+  ignore_errors: True
+  when:
+    - master_works == True
+
+# TODO Filter out master, add condition
+- name: Get Node List
+  shell: kubectl get nodes -o name | cut -d/ -f2
+  register: node_list
+
+# TODO Fix this: Get list of nodes and label them compute
+- name: Label the worker node a compute node
+  shell: kubectl label node "{{ item }}" kolla_compute=true
+  with_items: "{{ node_list.stdout.split('\n') }}"
+  ignore_errors: True
+
+- name: Label all nodes as kolla_node
+  shell: kubectl label node "{{ item }}" kolla_node=true
+  with_items: "{{ node_list.stdout.split('\n') }}"
+  ignore_errors: True
+
+- set_fact:
+      globals_config: "{{ lookup('template', 'templates/globals_config.j2') }}"
+
+- name: Add required configuration to the end of /etc/kolla/globals.yml
+  blockinfile:
+    dest: /etc/kolla/globals.yml
+    content: '{{ globals_config }}'
+    state: present
+    insertafter: EOF
+
+- name: Set network_interface in globals.yaml
+  lineinfile:
+    dest: /etc/kolla/globals.yml
+    line: "network_interface: {{ network_interface }}"
+    regexp: "^(.*)network_interface:(.*)$"
+  become: True
+
+- name: Set neutron_external_interface in globals.yaml
+  lineinfile:
+    dest: /etc/kolla/globals.yml
+    line: "neutron_external_interface: {{ neutron_external_interface }}"
+    regexp: "^(.*)neutron_external_interface:(.*)$"
+  become: True
+
+- file:
+    path: /etc/kolla/config/
+    state: directory
+    mode: 0755
+
+- name: Enable QEMU libvirt functionality and enable a workaround for a bug in libvirt
+  blockinfile:
+    dest: /etc/kolla/config/nova.conf
+    state: present
+    create: yes
+    content: |
+      [libvirt]
+      virt_type=qemu
+      cpu_mode=none
+  become: True
+
+- name: Generate the default configuration
+  command: ansible-playbook -e ansible_python_interpreter=/usr/bin/python -e @/etc/kolla/globals.yml -e @/etc/kolla/passwords.yml -e CONFIG_DIR=/etc/kolla /kolla-kubernetes/ansible/site.yml
+
+# TODO remove ignore errors
+- name: Generate the Kubernetes secrets and register them with Kubernetes
+  command: /kolla-kubernetes/tools/secret-generator.py create
+  ignore_errors: True
+
+# TODO convert to separate account for increased security
+- name: Create kolla context for kubectl
+  shell: kubectl config set-context kolla --cluster=kubernetes --user=kubernetes-admin --namespace=kolla
--- a/orchestration/roles/kolla-controller/tasks/kolla-deploy.yml
+++ b/orchestration/roles/kolla-controller/tasks/kolla-deploy.yml
@ -0,0 +1,123 @@
+---
+
+# Kolla-Kubernetes Deployment
+
+- name:  start kolla deploy
+  debug: msg="Starting kolla-kubernetes deployment"
+
+- name: Install haproxy configmaps
+  shell: "kubectl create  --namespace=kolla -f /kolla-kubernetes/helm/test/devenv/templates/{{ item }}.yaml"
+  with_items:
+    - glance-api-haproxy
+    - glance-registry-haproxy
+    - nova-novncproxy-haproxy
+    - neutron-server-haproxy
+    - nova-api-haproxy
+    - cinder-api-haproxy
+    #placement-api-haproxy
+
+- name: Create and register the Kolla global config maps
+  shell: "kubectl create configmap --namespace=kolla --from-file /etc/kolla/globals.yml globals"
+
+- name: Create and register the Kolla password secret
+  shell: "kubectl create secret generic --namespace=kolla --from-file /etc/kolla/passwords.yml passwords"
+
+# overrides TODO template nova.conf?
+- name: mkdir overrides
+  shell: mkdir /etc/kolla/overrides
+  become: True
+
+- name: crudini --set /etc/kolla/overrides/nova.conf libvirt virt_type qemu
+  shell: crudini --set /etc/kolla/overrides/nova.conf libvirt virt_type qemu
+  become: True
+
+- name: crudini --set /etc/kolla/overrides/nova.conf libvirt cpu_mode none
+  shell: crudini --set /etc/kolla/overrides/nova.conf libvirt cpu_mode none
+  become: True
+
+- name: set libvirt rbd_secret_uuid
+  shell: UUID=$(awk '{if($1 == "cinder_rbd_secret_uuid:"){print $2}}' /etc/kolla/passwords.yml) crudini --set /etc/kolla/overrides/nova.conf libvirt rbd_secret_uuid $UUID
+  become: True
+
+- name: crudini --set /etc/kolla/overrides/keystone.conf cache enabled False
+  shell: crudini --set /etc/kolla/overrides/keystone.conf cache enabled False
+  become: True
+
+# create config maps
+- name: Create and register the Kolla config maps
+  shell: "kubectl create configmap --namespace=kolla --from-file /etc/kolla/{{ item }} {{ item }}"
+  with_items:
+    - overrides
+    - mariadb
+    - keystone
+    - horizon
+    - rabbitmq
+    - memcached
+    - glance-api
+    - glance-registry
+    - cinder-api
+    - cinder-backup
+    - cinder-scheduler
+    - cinder-volume
+    - openvswitch-db-server
+    - openvswitch-vswitchd
+    - neutron-dhcp-agent
+    - neutron-l3-agent
+    - neutron-metadata-agent
+    - neutron-openvswitch-agent
+    - neutron-server
+    - nova-api
+    - nova-compute
+    - nova-conductor
+    - nova-consoleauth
+    - nova-libvirt
+    - nova-novncproxy
+    - nova-scheduler
+    - nova-ssh
+    - placement-api
+    #- tgtd
+    #- iscsid
+
+- name: Init helm (creates local repo)
+  shell: helm init -c
+
+# TODO build this in container or use helm repo chart
+- name: Build all helm microcharts, service charts, and metacharts
+  command: /kolla-kubernetes/tools/helm_build_all.sh ~/.helm/repository/kolla
+
+- name: Template cloud.yaml
+  template:
+    src: cloud.yaml
+    dest: /cloud.yaml
+    mode: 0666
+
+# TODO remove when new logging is complete
+- name: Disable experimental kube logging
+  replace:
+    dest: /cloud.yaml
+    regexp: "kube_logger: true"
+    replace: "kube_logger: false"
+
+# TODO change to poll for tiller
+- name: Wait on Tiller for 60 secs
+  wait_for:
+    timeout: 60
+
+- name: Start kolla-kubernetes services (compute kit)
+  command: helm install --debug /kolla-kubernetes/helm/service/{{ item }} --namespace kolla --name {{ item }} --values /cloud.yaml
+  with_items:
+    - mariadb
+    - rabbitmq
+    - memcached
+    - keystone
+    - glance
+    - horizon
+    - cinder-control
+    #- cinder-volume-lvm
+    - openvswitch
+    - neutron
+    - nova-control
+    - nova-compute
+
+# NOTE: Horizon container might be missing following symlink if from source
+# ln -s /var/lib/kolla/venv/lib/python2.7/site-packages /usr/share/openstack-dashboard
--- a/orchestration/roles/kolla-controller/tasks/main.yml
+++ b/orchestration/roles/kolla-controller/tasks/main.yml
@ -0,0 +1,8 @@
+---
+
+- include: kolla-config.yml
+
+- include: kolla-deploy.yml
+
+
+
--- a/orchestration/roles/kolla-controller/templates/cloud.yaml
+++ b/orchestration/roles/kolla-controller/templates/cloud.yaml
@ -0,0 +1,73 @@
+global:
+   kolla:
+     all:
+       ceph_backend: false
+       storage_provider: host
+
+       image_tag: "4.0.0"
+       kube_logger: false
+       external_vip: "{{ kolla_external_vip_address }}"
+       base_distro: "{{ kolla_base_distro }}"
+       install_type: "{{ kolla_install_type }}"
+       tunnel_interface: "docker0"
+       resolve_conf_net_host_workaround: true
+     keystone:
+       all:
+         admin_port_external: "true"
+         dns_name: "{{ kolla_external_vip_address }}"
+         port: 5000
+       public:
+         all:
+           port_external: "true"
+     rabbitmq:
+       all:
+         cookie: 67
+     glance:
+       api:
+         all:
+           port_external: "true"
+       all:
+         ceph_backend: false
+     cinder:
+       api:
+         all:
+           port_external: "true"
+       volume_lvm:
+         all:
+           element_name: cinder-volume
+           ceph_backend: false
+         daemonset:
+           lvm_backends:
+             - "{{ kolla_external_vip_address }}": cinder-volumes
+     ironic:
+       conductor:
+         daemonset:
+           selector_key: "kolla_conductor"
+     nova:
+       placement_api:
+         all:
+           port_external: true
+       novncproxy:
+         all:
+           port: 6080
+           port_external: true
+       all:
+         ceph_backend: false
+     neutron:
+       openvswitch_agent:
+         all:
+           selector_key: kolla_node
+           selector_value: true
+     openvswitch:
+       all:
+         add_port: true
+         ext_bridge_name: br-ex
+         ext_interface_name: "{{ neutron_external_interface }}"
+         setup_bridge: true
+         selector_key: kolla_node
+         selector_value: true
+
+
+     horizon:
+       all:
+         port_external: false
--- a/orchestration/roles/kolla-controller/templates/globals_config.j2
+++ b/orchestration/roles/kolla-controller/templates/globals_config.j2
@ -0,0 +1,37 @@
+install_type: "source"
+tempest_image_alt_id: "tempest_image_id"
+tempest_flavor_ref_alt_id: "tempest_flavor_ref_id"
+
+neutron_plugin_agent: "openvswitch"
+api_interface_address: 0.0.0.0
+tunnel_interface_address: 0.0.0.0
+orchestration_engine: KUBERNETES
+memcached_servers: "memcached"
+keystone_admin_url: "http://keystone-admin:35357/v3"
+keystone_internal_url: "http://keystone-internal:5000/v3"
+keystone_public_url: "http://keystone-public:5000/v3"
+glance_registry_host: "glance-registry"
+neutron_host: "neutron"
+keystone_database_address: "mariadb"
+glance_database_address: "mariadb"
+nova_database_address: "mariadb"
+nova_api_database_address: "mariadb"
+neutron_database_address: "mariadb"
+cinder_database_address: "mariadb"
+ironic_database_address: "mariadb"
+placement_database_address: "mariadb"
+rabbitmq_servers: "rabbitmq"
+openstack_logging_debug: "True"
+enable_haproxy: "no"
+enable_heat: "no"
+enable_cinder: "yes"
+enable_cinder_backend_lvm: "yes"
+enable_cinder_backend_iscsi: "yes"
+enable_cinder_backend_rbd: "no"
+enable_ceph: "no"
+enable_elasticsearch: "no"
+enable_kibana: "no"
+glance_backend_ceph: "no"
+cinder_backend_ceph: "no"
+nova_backend_ceph: "no"
+