openstack/openstack-helm-infra
Code Issues Proposed changes

Gate/Dev: RPM and structure improvements

Browse Source 
This PS restores the use of the distro provided docker for RPM based
distros. It also removes the roles subdirectory from the playbooks
and replaces it with a symlink for local dev use.

Change-Id: Ic11adb85813e92488f5ebbe6714ad7da8d3938e2
This commit is contained in:
Pete Birley 2018-04-18 09:06:25 -05:00 committed by Pete Birley
parent 626b94e0c8
commit 37d836c8c7
49 changed files with 23 additions and 1786 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -72,4 +72,4 @@ releasenotes/build
# Gate and Check Logs
logs/
tools/gate/local-overrides/
tools/gate/playbooks/*.retry
playbooks/*.retry

1
playbooks/osh-infra-build.retry
View File

@ -1 +0,0 @@
local

1
playbooks/osh-infra-deploy-charts.retry
View File

@ -1 +0,0 @@
local

1
playbooks/osh-infra-deploy-k8s.retry
View File

@ -1 +0,0 @@
local

1
playbooks/roles Symbolic link
View File

@ -0,0 +1 @@
../roles

18
playbooks/roles/build-helm-packages/tasks/main.yaml
View File

@ -1,18 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- include: setup-helm-serve.yaml
- name: build all charts in repo
make:
chdir: "{{ work_dir }}"
target: all

87
playbooks/roles/build-helm-packages/tasks/setup-helm-serve.yaml
View File

@ -1,87 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- block:
- name: check if correct version of helm client already installed
shell: "set -e; [ \"x$($(type -p helm) version --client --short | awk '{ print $NF }' | awk -F '+' '{ print $1 }')\" == \"x${HELM_VERSION}\" ] || exit 1"
environment:
HELM_VERSION: "{{ version.helm }}"
args:
executable: /bin/bash
register: need_helm
ignore_errors: True
- name: install helm client
when: need_helm | failed
become_user: root
shell: |
TMP_DIR=$(mktemp -d)
curl -sSL https://storage.googleapis.com/kubernetes-helm/helm-${HELM_VERSION}-linux-amd64.tar.gz | tar -zxv --strip-components=1 -C ${TMP_DIR}
sudo mv ${TMP_DIR}/helm /usr/bin/helm
rm -rf ${TMP_DIR}
environment:
HELM_VERSION: "{{ version.helm }}"
args:
executable: /bin/bash
- name: setting up helm client
command: helm init --client-only
- block:
- name: checking if local helm server is running
shell: curl -s 127.0.0.1:8879 | grep -q 'Helm Repository'
args:
executable: /bin/bash
register: helm_server_running
ignore_errors: True
- name: getting current host user name
when: helm_server_running | failed
shell: id -un
args:
executable: /bin/bash
register: helm_server_user
- name: moving systemd unit into place for helm server
when: helm_server_running | failed
become: yes
become_user: root
template:
src: helm-serve.service.j2
dest: /etc/systemd/system/helm-serve.service
mode: 0640
- name: starting helm serve service
when: helm_server_running | failed
become: yes
become_user: root
systemd:
state: restarted
daemon_reload: yes
name: helm-serve
- name: wait for helm server to be ready
shell: curl -s 127.0.0.1:8879 | grep -q 'Helm Repository'
args:
executable: /bin/bash
register: wait_for_helm_server
until: wait_for_helm_server.rc == 0
retries: 120
delay: 5
- block:
- name: checking if helm 'stable' repo is present
shell: helm repo list | grep -q "^stable"
args:
executable: /bin/bash
register: helm_stable_repo_present
ignore_errors: True
- name: checking if helm 'stable' repo is present
when: helm_stable_repo_present | succeeded
command: helm repo remove stable
- name: adding helm local repo
command: helm repo add local http://localhost:8879/charts

11
playbooks/roles/build-helm-packages/templates/helm-serve.service.j2
View File

@ -1,11 +0,0 @@
[Unit]
Description=Helm Server
After=network.target
[Service]
User={{ helm_server_user.stdout }}
Restart=always
ExecStart=/usr/bin/helm serve
[Install]
WantedBy=multi-user.target

74
playbooks/roles/build-images/tasks/kubeadm-aio.yaml
View File

@ -1,74 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#NOTE(portdirect): Untill https://github.com/ansible/ansible/issues/21433 is
# reolved, we build with a shell script to make use of the host network.
- name: Kubeadm-AIO build
block:
#NOTE(portdirect): we do this to ensure we are feeding the docker build
# a clean path to work with.
- name: Kubeadm-AIO image build path
shell: cd "{{ work_dir }}"; pwd
register: kubeadm_aio_path
# - name: build the Kubeadm-AIO image
# docker_image:
# path: "{{ kubeadm_aio_path.stdout }}/"
# name: "{{ images.kubernetes.kubeadm_aio }}"
# dockerfile: "tools/images/kubeadm-aio/Dockerfile"
# force: yes
# pull: yes
# state: present
# rm: yes
# buildargs:
# KUBE_VERSION: "{{ version.kubernetes }}"
# CNI_VERSION: "{{ version.cni }}"
# HELM_VERSION: "{{ version.helm }}"
# CHARTS: "calico,flannel,tiller,kube-dns"
- name: Kubeadm-AIO image build path with proxy
when: proxy.http is defined and (proxy.http | trim != "")
shell: |-
set -e
docker build \
--network host \
--force-rm \
--tag "{{ images.kubernetes.kubeadm_aio }}" \
--file tools/images/kubeadm-aio/Dockerfile \
--build-arg KUBE_VERSION="{{ version.kubernetes }}" \
--build-arg CNI_VERSION="{{ version.cni }}" \
--build-arg HELM_VERSION="{{ version.helm }}" \
--build-arg CHARTS="calico,flannel,tiller,kube-dns" \
--build-arg HTTP_PROXY="{{ proxy.http }}" \
--build-arg HTTPS_PROXY="{{ proxy.https }}" \
--build-arg NO_PROXY="{{ proxy.noproxy }}" \
.
args:
chdir: "{{ kubeadm_aio_path.stdout }}/"
executable: /bin/bash
- name: Kubeadm-AIO image build path
when: proxy.http is undefined or (proxy.http | trim == "")
shell: |-
set -e
docker build \
--network host \
--force-rm \
--tag "{{ images.kubernetes.kubeadm_aio }}" \
--file tools/images/kubeadm-aio/Dockerfile \
--build-arg KUBE_VERSION="{{ version.kubernetes }}" \
--build-arg CNI_VERSION="{{ version.cni }}" \
--build-arg HELM_VERSION="{{ version.helm }}" \
--build-arg CHARTS="calico,flannel,tiller,kube-dns" \
.
args:
chdir: "{{ kubeadm_aio_path.stdout }}/"
executable: /bin/bash

15
playbooks/roles/build-images/tasks/main.yaml
View File

@ -1,15 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- include: kubeadm-aio.yaml

22
playbooks/roles/clean-host/tasks/main.yaml
View File

@ -1,22 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: remove osh directory
become: yes
become_user: root
file:
path: "{{ item }}"
state: absent
with_items:
- /var/lib/openstack-helm

68
playbooks/roles/deploy-docker/tasks/deploy-ansible-docker-support.yaml
View File

@ -1,68 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: ensuring SELinux is disabled on centos & fedora
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' or ansible_distribution == 'Fedora'
become: true
become_user: root
command: setenforce 0
ignore_errors: True
#NOTE(portdirect): See https://ask.openstack.org/en/question/110437/importerror-cannot-import-name-unrewindablebodyerror/
- name: fix docker removal issue with ansible's docker_container on centos
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
block:
- name: remove requests and urllib3 pip packages to fix docker removal issue with ansible's docker_container on centos
become: true
become_user: root
include_role:
name: deploy-package
tasks_from: pip
vars:
state: absent
packages:
- requests
- urllib3
- name: remove requests and urllib3 distro packages to fix docker removal issue with ansible's docker_container on centos
become: true
become_user: root
include_role:
name: deploy-package
tasks_from: dist
vars:
state: absent
packages:
rpm:
- python-urllib3
- python-requests
- name: restore requests and urllib3 distro packages to fix docker removal issue with ansible's docker_container on centos
become: true
become_user: root
include_role:
name: deploy-package
tasks_from: dist
vars:
state: present
packages:
rpm:
- python-urllib3
- python-requests
- name: Ensure docker python packages deployed
include_role:
name: deploy-package
tasks_from: pip
vars:
packages:
- docker-py

85
playbooks/roles/deploy-docker/tasks/main.yaml
View File

@ -1,85 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: check if docker deploy is needed
raw: which docker
register: need_docker
ignore_errors: True
- name: centos | moving systemd unit into place
when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( need_docker | failed )
template:
src: centos-docker.service.j2
dest: /etc/systemd/system/docker.service
mode: 0640
- name: fedora | moving systemd unit into place
when: ( ansible_distribution == 'Fedora' ) and ( need_docker | failed )
template:
src: fedora-docker.service.j2
dest: /etc/systemd/system/docker.service
mode: 0640
- name: ubuntu | moving systemd unit into place
when: ( ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' ) and ( need_docker | failed )
template:
src: ubuntu-docker.service.j2
dest: /etc/systemd/system/docker.service
mode: 0640
# NOTE: (lamt) Setting up the proxy before installing docker
- name: ensure docker.service.d directory exists
when: proxy.http is defined and (proxy.http | trim != "")
file:
path: /etc/systemd/system/docker.service.d
state: directory
- name: proxy | moving proxy systemd unit into place
when: ( need_docker | failed ) and ( proxy.http is defined and (proxy.http | trim != "") )
template:
src: http-proxy.conf.j2
dest: /etc/systemd/system/docker.service.d/http-proxy.conf
mode: 0640
- name: centos | add docker-ce repository
when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( need_docker | failed )
get_url:
url: https://download.docker.com/linux/centos/docker-ce.repo
dest: /etc/yum.repos.d/docker-ce.repo
- name: fedora | add docker-ce repository
when: ( ansible_distribution == 'Fedora' ) and ( need_docker | failed )
get_url:
url: https://download.docker.com/linux/fedora/docker-ce.repo
dest: /etc/yum.repos.d/docker-ce.repo
- name: deploy docker packages
when: need_docker | failed
include_role:
name: deploy-package
tasks_from: dist
vars:
packages:
deb:
- docker.io
rpm:
- docker-ce
- name: restarting docker
systemd:
state: restarted
daemon_reload: yes
name: docker
- include: deploy-ansible-docker-support.yaml

30
playbooks/roles/deploy-docker/templates/centos-docker.service.j2
View File

@ -1,30 +0,0 @@
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
NotifyAccess=all
Environment=GOTRACEBACK=crash
Environment=DOCKER_HTTP_HOST_COMPAT=1
Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
ExecStart=/usr/bin/dockerd \
--exec-opt native.cgroupdriver=systemd \
--userland-proxy-path=/usr/libexec/docker/docker-proxy \
--data-root=/var/lib/docker \
--storage-driver=overlay2 \
--log-driver=json-file \
--iptables=false
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0
Restart=on-abnormal
MountFlags=share
KillMode=process
[Install]
WantedBy=multi-user.target

29
playbooks/roles/deploy-docker/templates/fedora-docker.service.j2
View File

@ -1,29 +0,0 @@
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
Environment=GOTRACEBACK=crash
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd \
--exec-opt native.cgroupdriver=systemd \
--userland-proxy-path=/usr/libexec/docker/docker-proxy \
--data-root=/var/lib/docker \
--storage-driver=overlay2 \
--log-driver=json-file \
--iptables=false
ExecReload=/bin/kill -s HUP $MAINPID
TasksMax=8192
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
TimeoutStartSec=0
Restart=on-abnormal
[Install]
WantedBy=multi-user.target

4
playbooks/roles/deploy-docker/templates/http-proxy.conf.j2
View File

@ -1,4 +0,0 @@
[Service]
Environment="HTTP_PROXY={{ proxy.http }}"
Environment="HTTPS_PROXY={{ proxy.https }}"
Environment="NO_PROXY={{ proxy.noproxy }}"

30
playbooks/roles/deploy-docker/templates/ubuntu-docker.service.j2
View File

@ -1,30 +0,0 @@
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network.target docker.socket firewalld.service
Requires=docker.socket
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
EnvironmentFile=-/etc/default/docker
ExecStart=/usr/bin/dockerd --iptables=false -H fd:// $DOCKER_OPTS
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
[Install]
WantedBy=multi-user.target

19
playbooks/roles/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml
View File

@ -1,19 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This set of tasks creates over-rides that need to be generated dyamicly and
# injected at runtime.
- name: setup directorys on host
file:
path: "{{ work_dir }}/tools/gate/local-overrides/"
state: directory

39
playbooks/roles/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml
View File

@ -1,39 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- block:
- name: installing OS-H dev tools
include_role:
name: deploy-package
tasks_from: dist
vars:
packages:
deb:
- git
- make
- curl
- ca-certificates
rpm:
- git
- make
- curl
- name: installing jq
include_role:
name: deploy-jq
tasks_from: main
- name: assemble charts
make:
chdir: "{{ work_dir }}"
register: out
- include: util-setup-dev-environment.yaml

27
playbooks/roles/deploy-helm-packages/tasks/main.yaml
View File

@ -1,27 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- include: generate-dynamic-over-rides.yaml
- name: "creating directory for helm test logs"
file:
path: "{{ logs_dir }}/helm-tests"
state: directory
- name: "iterating through Helm chart groups"
vars:
chart_group_name: "{{ helm_chart_group.name }}"
chart_group_items: "{{ helm_chart_group.charts }}"
include: util-chart-group.yaml
loop_control:
loop_var: helm_chart_group
with_items: "{{ chart_groups }}"

29
playbooks/roles/deploy-helm-packages/tasks/util-chart-group.yaml
View File

@ -1,29 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: "{{ helm_chart_group.name }}"
vars:
chart_def: "{{ charts[helm_chart] }}"
loop_control:
loop_var: helm_chart
include: util-common-helm-chart.yaml
with_items: "{{ helm_chart_group.charts }}"
- name: "Running wait for pods for the charts in the {{ helm_chart_group.name }} group"
when: ('timeout' in helm_chart_group)
include: util-common-wait-for-pods.yaml
vars:
namespace: "{{ charts[helm_chart].namespace }}"
timeout: "{{ helm_chart_group.timeout }}"
loop_control:
loop_var: helm_chart
with_items: "{{ helm_chart_group.charts }}"

92
playbooks/roles/deploy-helm-packages/tasks/util-common-helm-chart.yaml
View File

@ -1,92 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Helm management common block
vars:
check_deployed_result: null
chart_values_file: null
upgrade:
pre:
delete: null
block:
- name: "create temporary file for {{ chart_def['release'] }}'s values .yaml"
tempfile:
state: file
suffix: .yaml
register: chart_values_file
- name: "write out values.yaml for {{ chart_def['release'] }}"
copy:
dest: "{{ chart_values_file.path }}"
content: "{% if 'values' in chart_def %}{{ chart_def['values'] | to_nice_yaml }}{% else %}{% endif %}"
- name: "check if {{ chart_def['release'] }} is deployed"
command: helm status "{{ chart_def['release'] }}"
register: check_deployed_result
ignore_errors: True
- name: "check if local overrides are present in {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml"
stat:
path: "{{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml"
register: local_overrides
- name: "try to deploy release {{ chart_def['release'] }} in {{ chart_def['namespace'] }} namespace with {{ chart_def['chart_name'] }} chart"
when: check_deployed_result | failed
command: "helm install {{ work_dir }}/{{ chart_def['chart_name'] }} --namespace {{ chart_def['namespace'] }} --name {{ chart_def['release'] }} --values={{ chart_values_file.path }}{% if local_overrides.stat.exists %} --values {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml{% endif %}"
register: out
- name: "display info for the helm {{ chart_def['release'] }} release deploy"
when: check_deployed_result | failed
debug:
var: out.stdout_lines
- name: "pre-upgrade, delete jobs for {{ chart_def['release'] }} release"
when:
- check_deployed_result | succeeded
- "'upgrade' in chart_def"
- "'pre' in chart_def['upgrade']"
- "'delete' in chart_def['upgrade']['pre']"
- "chart_def.upgrade.pre.delete is not none"
with_items: "{{ chart_def.upgrade.pre.delete }}"
loop_control:
loop_var: helm_upgrade_delete_job
command: "kubectl delete --namespace {{ chart_def['namespace'] }} job -l application={{ helm_upgrade_delete_job.labels.application }},component={{ helm_upgrade_delete_job.labels.component }} --ignore-not-found=true"
- name: "try to upgrade release {{ chart_def['release'] }} in {{ chart_def['namespace'] }} namespace with {{ chart_def['chart_name'] }} chart"
when: check_deployed_result | succeeded
command: "helm upgrade {{ chart_def['release'] }} {{ work_dir }}/{{ chart_def['chart_name'] }} --values={{ chart_values_file.path }}{% if local_overrides.stat.exists %} --values {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml{% endif %}"
register: out
- name: "display info for the helm {{ chart_def['release'] }} release upgrade"
when: check_deployed_result | succeeded
debug:
var: out.stdout_lines
- include: util-common-wait-for-pods.yaml
when: ('timeout' in chart_def)
vars:
namespace: "{{ chart_def['namespace'] }}"
timeout: "{{ chart_def['timeout'] }}"
- include: util-common-helm-test.yaml
when:
- "'test' in chart_def"
- "chart_def.test is not none"
- "'enabled' in chart_def['test']"
- "chart_def.test.enabled|bool == true"
vars:
release: "{{ chart_def['release'] }}"
namespace: "{{ chart_def['namespace'] }}"
test_settings: "{{ chart_def.test }}"
always:
- name: "remove values.yaml for {{ chart_def['release'] }}"
file:
path: "{{ chart_values_file.path }}"
state: absent

67
playbooks/roles/deploy-helm-packages/tasks/util-common-helm-test.yaml
View File

@ -1,67 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Helm test common block
vars:
release: null
namespace: null
test_settings: null
block:
- name: "remove any expired helm test pods for {{ release }}"
command: "kubectl delete pod {{ release }}-test -n {{ namespace }}"
ignore_errors: True
- name: "run helm tests for the {{ release }} release"
when:
- "'timeout' in test_settings"
- "'timeout' is none"
command: "helm test {{ release }}"
register: test_result
- name: "run helm tests for the {{ release }} release with timeout"
when:
- "'timeout' in test_settings"
- "'timeout' is not none"
command: " helm test --timeout {{ test_settings.timeout }} {{ release }}"
register: test_result
- name: "display status for {{ release }} helm tests"
debug:
var: test_result.stdout_lines
- name: "gathering logs for helm tests for {{ release }}"
when:
- test_result | succeeded
shell: |-
set -e
kubectl logs {{ release }}-test -n {{ namespace }} >> {{ logs_dir }}/helm-tests/{{ release }}.txt
args:
executable: /bin/bash
register: test_logs
- name: "displaying logs for successful helm tests for {{ release }}"
when:
- test_result | succeeded
- "'output' in test_settings"
- "test_settings.output|bool == true"
debug:
var: test_logs.stdout_lines
rescue:
- name: "gathering logs for failed helm tests for {{ release }}"
command: "kubectl logs {{ release }}-test -n {{ namespace }}"
register: out
- name: "displaying logs for failed helm tests for {{ release }}"
debug:
var: out.stdout_lines
- name: "helm tests for {{ release }} failed, stopping execution"
command: exit 1

50
playbooks/roles/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml
View File

@ -1,50 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: wait for pods in namespace
vars:
namespace: null
timeout: 600
wait_return_code:
rc: 1
block:
- name: "wait for pods in {{ namespace }} namespace to be ready"
shell: |-
set -e
kubectl get pods --namespace="{{ namespace }}" -o json | jq -r \
'.items[].status.phase' | grep Pending > /dev/null && \
PENDING=True || PENDING=False
query='.items[]|select(.status.phase=="Running")'
query="$query|.status.containerStatuses[].ready"
kubectl get pods --namespace="{{ namespace }}" -o json | jq -r "$query" | \
grep false > /dev/null && READY="False" || READY="True"
kubectl get jobs -o json --namespace="{{ namespace }}" | jq -r \
'.items[] | .spec.completions == .status.succeeded' | \
grep false > /dev/null && JOBR="False" || JOBR="True"
[ $PENDING == "False" -a $READY == "True" -a $JOBR == "True" ] && \
exit 0 || exit 1
args:
executable: /bin/bash
register: wait_return_code
until: wait_return_code.rc == 0
retries: "{{ timeout }}"
delay: 1
rescue:
- name: "pods failed to come up in time, getting kubernetes objects status"
command: kubectl get --all-namespaces all -o wide --show-all
register: out
- name: "pods failed to come up in time, displaying kubernetes objects status"
debug: var=out.stdout_lines
- name: "pods failed to come up in time, stopping execution"
command: exit 1

69
playbooks/roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml
View File

@ -1,69 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: master
vars:
kubeadm_aio_action: clean-host
block:
- name: "kubeadm-aio performing action: {{ kubeadm_aio_action }}"
become: true
become_user: root
docker_container:
name: "kubeadm-{{ kubeadm_aio_action }}"
image: "{{ images.kubernetes.kubeadm_aio }}"
state: started
detach: false
recreate: yes
pid_mode: host
network_mode: host
capabilities: SYS_ADMIN
volumes:
- /sys:/sys:rw
- /run:/run:rw
- /:/mnt/rootfs:rw
- /etc:/etc:rw
env:
CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}"
ACTION="{{ kubeadm_aio_action }}"
KUBE_BIND_DEVICE="{{ kubernetes_default_device }}"
USER_UID="{{ playbook_user_id }}"
USER_GID="{{ playbook_group_id }}"
USER_HOME="{{ playbook_user_dir }}"
CNI_ENABLED="{{ kubernetes.cluster.cni }}"
PVC_SUPPORT_CEPH=true
PVC_SUPPORT_NFS=true
NET_SUPPORT_LINUXBRIDGE=true
KUBE_NET_POD_SUBNET="{{ kubernetes.cluster.pod_subnet }}"
KUBE_NET_DNS_DOMAIN="{{ kubernetes.cluster.domain }}"
CONTAINER_RUNTIME=docker
register: kubeadm_master_deploy
ignore_errors: True
rescue:
- name: getting logs from kubeadm-aio container
command: "docker logs kubeadm-{{ kubeadm_aio_action }}"
become: true
become_user: root
register: out
- name: dumping logs from kubeadm-aio container
debug:
var: out.stdout_lines
- name: exiting if the kubeadm deploy failed
command: exit 1
always:
- name: removing kubeadm-aio container
become: true
become_user: root
docker_container:
name: "kubeadm-{{ kubeadm_aio_action }}"
state: absent

27
playbooks/roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml
View File

@ -1,27 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: setting node labels
vars:
kubeadm_kubelet_labels_node:
- "{% if nodes.labels.all is defined %}{% set comma = joiner(\",\") %}{% for item in nodes.labels.all %}{{ comma() }}{{ item.name }}={{ item.value }}{% endfor %}{% else %}\"\"{% endif %}"
- "{% set comma = joiner(\",\") %}{% for group in group_names %}{% if nodes.labels[group] is defined %}{% for item in nodes.labels[group] %}{{ comma() }}{{ item.name }}={{ item.value }}{% endfor %}{% else %}\"\"{% endif %}{% endfor %}"
set_fact:
kubeadm_kubelet_labels: "{% set comma = joiner(\",\") %}{% for item in kubeadm_kubelet_labels_node %}{{ comma() }}{{ item }}{% endfor %}"
- name: deploy-kubelet
vars:
kubeadm_aio_action: deploy-kubelet
include: util-kubeadm-aio-run.yaml

35
playbooks/roles/deploy-kubeadm-aio-common/tasks/main.yaml
View File

@ -1,35 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: setting playbook facts
set_fact:
playbook_user_id: "{{ ansible_user_uid }}"
playbook_group_id: "{{ ansible_user_gid }}"
playbook_user_dir: "{{ ansible_user_dir }}"
kubernetes_default_device: "{{ ansible_default_ipv4.alias }}"
kubernetes_default_address: null
- name: if we have defined a custom interface for kubernetes use that
when: kubernetes.network.default_device is defined and kubernetes.network.default_device
set_fact:
kubernetes_default_device: "{{ kubernetes.network.default_device }}"
- name: if we are in openstack infra use the private IP for kubernetes
when: (nodepool is defined) and (nodepool.private_ipv4 is defined)
set_fact:
kubernetes_default_address: "{{ nodepool.private_ipv4 }}"
- include: clean-node.yaml
- include: deploy-kubelet.yaml

71
playbooks/roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml
View File

@ -1,71 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Run Kubeadm-AIO container
vars:
kubeadm_aio_action: null
kubeadm_kubelet_labels: ""
block:
- name: "performing {{ kubeadm_aio_action }} action"
become: true
become_user: root
docker_container:
name: "kubeadm-{{ kubeadm_aio_action }}"
image: "{{ images.kubernetes.kubeadm_aio }}"
state: started
detach: false
recreate: yes
pid_mode: host
network_mode: host
capabilities: SYS_ADMIN
volumes:
- /sys:/sys:rw
- /run:/run:rw
- /:/mnt/rootfs:rw
- /etc:/etc:rw
env:
CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}"
ACTION="{{ kubeadm_aio_action }}"
KUBE_BIND_DEVICE="{{ kubernetes_default_device }}"
KUBE_BIND_ADDR="{{ kubernetes_default_address }}"
USER_UID="{{ playbook_user_id }}"
USER_GID="{{ playbook_group_id }}"
USER_HOME="{{ playbook_user_dir }}"
CNI_ENABLED="{{ kubernetes.cluster.cni }}"
PVC_SUPPORT_CEPH=true
PVC_SUPPORT_NFS=true
NET_SUPPORT_LINUXBRIDGE=true
KUBE_NET_POD_SUBNET="{{ kubernetes.cluster.pod_subnet }}"
KUBE_NET_DNS_DOMAIN="{{ kubernetes.cluster.domain }}"
CONTAINER_RUNTIME=docker
KUBELET_NODE_LABELS="{{ kubeadm_kubelet_labels }}"
register: kubeadm_master_deploy
rescue:
- name: "getting logs for {{ kubeadm_aio_action }} action"
command: "docker logs kubeadm-{{ kubeadm_aio_action }}"
become: true
become_user: root
register: out
- name: "dumping logs for {{ kubeadm_aio_action }} action"
debug:
var: out.stdout_lines
- name: "exiting if {{ kubeadm_aio_action }} action failed"
command: exit 1
always:
- name: "removing container for {{ kubeadm_aio_action }} action"
become: true
become_user: root
docker_container:
name: "kubeadm-{{ kubeadm_aio_action }}"
state: absent

31
playbooks/roles/deploy-kubeadm-aio-master/tasks/main.yaml
View File

@ -1,31 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: setting playbook user info facts before escalating privileges
set_fact:
playbook_user_id: "{{ ansible_user_uid }}"
playbook_group_id: "{{ ansible_user_gid }}"
playbook_user_dir: "{{ ansible_user_dir }}"
- name: deploying kubelet and support assets to node
include_role:
name: deploy-kubeadm-aio-common
tasks_from: main
- name: deploying kubernetes on master node
vars:
kubeadm_aio_action: deploy-kube
include_role:
name: deploy-kubeadm-aio-common
tasks_from: util-kubeadm-aio-run

44
playbooks/roles/deploy-kubeadm-aio-node/tasks/main.yaml
View File

@ -1,44 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: setting playbook user info facts before escalating privileges
set_fact:
playbook_user_id: "{{ ansible_user_uid }}"
playbook_group_id: "{{ ansible_user_gid }}"
playbook_user_dir: "{{ ansible_user_dir }}"
kube_master: "{{ groups['primary'][0] }}"
kube_worker: "{{ inventory_hostname }}"
- name: deploying kubelet and support assets to node
include_role:
name: deploy-kubeadm-aio-common
tasks_from: main
- name: generating the kubeadm join command for the node
include: util-generate-join-command.yaml
delegate_to: "{{ kube_master }}"
- name: joining node to kubernetes cluster
vars:
kubeadm_aio_action: join-kube
kubeadm_aio_join_command: "{{ kubeadm_cluster_join_command }}"
include: util-run-join-command.yaml
- name: waiting for node to be ready
delegate_to: "{{ kube_master }}"
command: kubectl get node "{{ ansible_fqdn }}" -o jsonpath="{$.status.conditions[?(@.reason=='KubeletReady')]['type']}"
register: task_result
until: task_result.stdout == 'Ready'
retries: 120
delay: 5

56
playbooks/roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml
View File

@ -1,56 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: generate the kubeadm join command for nodes
vars:
kubeadm_aio_action: generate-join-cmd
kubeadm_cluster_join_ttl: 30m
kube_worker: null
block:
- name: "deploying kubeadm {{ kubeadm_aio_action }} container"
become: true
become_user: root
docker_container:
name: "kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}"
image: "{{ images.kubernetes.kubeadm_aio }}"
state: started
detach: false
recreate: yes
network_mode: host
volumes:
- /etc/kubernetes:/etc/kubernetes:ro
env:
ACTION=generate-join-cmd
TTL="{{ kubeadm_cluster_join_ttl }}"
register: kubeadm_generate_join_command
- name: "getting logs for {{ kubeadm_aio_action }} action"
command: "docker logs kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}"
become: true
become_user: root
register: kubeadm_aio_action_logs
- name: storing cluster join command
set_fact: kubeadm_cluster_join_command="{{ kubeadm_aio_action_logs.stdout }}"
rescue:
- name: "dumping logs for {{ kubeadm_aio_action }} action"
debug:
var: kubeadm_aio_action_logs.stdout_lines
- name: "exiting if {{ kubeadm_aio_action }} action failed"
command: exit 1
always:
- name: "removing container for {{ kubeadm_aio_action }} action"
become: true
become_user: root
docker_container:
name: "kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}"
state: absent

59
playbooks/roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml
View File

@ -1,59 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: master
vars:
kubeadm_aio_action: join-kube
kubeadm_aio_join_command: null
block:
- name: "deploying kubeadm {{ kubeadm_aio_action }} container"
become: true
become_user: root
docker_container:
name: "kubeadm-{{ kubeadm_aio_action }}"
image: "{{ images.kubernetes.kubeadm_aio }}"
state: started
detach: false
recreate: yes
pid_mode: host
network_mode: host
capabilities: SYS_ADMIN
volumes:
- /sys:/sys:rw
- /run:/run:rw
- /:/mnt/rootfs:rw
- /etc:/etc:rw
env:
CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}"
ACTION="{{ kubeadm_aio_action }}"
KUBEADM_JOIN_COMMAND="{{ kubeadm_aio_join_command }}"
register: kubeadm_aio_join_container
rescue:
- name: "getting logs for {{ kubeadm_aio_action }} action"
command: "docker logs kubeadm-{{ kubeadm_aio_action }}"
become: true
become_user: root
register: kubeadm_aio_join_container_output
- name: "dumping logs for {{ kubeadm_aio_action }} action"
debug:
msg: "{{ kubeadm_aio_join_container_output.stdout_lines }}"
- name: "exiting if {{ kubeadm_aio_action }} action failed"
command: exit 1
always:
- name: "removing container for {{ kubeadm_aio_action }} action"
become: true
become_user: root
docker_container:
name: "kubeadm-{{ kubeadm_aio_action }}"
state: absent

46
playbooks/roles/deploy-package/tasks/dist.yaml
View File

@ -1,46 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: managing distro packages for ubuntu
become: true
become_user: root
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
vars:
state: present
apt:
name: "{{ item }}"
state: "{{ state }}"
with_items: "{{ packages.deb }}"
- name: managing distro packages for centos
become: true
become_user: root
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
vars:
state: present
yum:
name: "{{ item }}"
state: "{{ state }}"
with_items: "{{ packages.rpm }}"
- name: managing distro packages for fedora
become: true
become_user: root
when: ansible_distribution == 'Fedora'
vars:
state: present
dnf:
name: "{{ item }}"
state: "{{ state }}"
with_items: "{{ packages.rpm }}"

27
playbooks/roles/deploy-package/tasks/pip.yaml
View File

@ -1,27 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: managing pip packages
become: true
become_user: root
environment:
http_proxy: "{{ proxy.http }}"
https_proxy: "{{ proxy.https }}"
no_proxy: "{{ proxy.noproxy }}"
vars:
state: present
pip:
name: "{{ item }}"
state: "{{ state }}"
with_items: "{{ packages }}"

48
playbooks/roles/deploy-python-pip/tasks/main.yaml
View File

@ -1,48 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: ensuring python pip package is present for ubuntu
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
apt:
name: python-pip
state: present
- name: ensuring python pip package is present for centos
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
block:
- name: ensuring epel-release package is present for centos as python-pip is in the epel repo
yum:
name: epel-release
state: present
- name: ensuring python pip package is present for centos
yum:
name: python-devel
state: present
- name: ensuring python pip package is present for fedora via the python-devel rpm
when: ansible_distribution == 'Fedora'
dnf:
name: python2-pip
state: present
- name: ensuring pip is the latest version
become: true
become_user: root
environment:
http_proxy: "{{ proxy.http }}"
https_proxy: "{{ proxy.https }}"
no_proxy: "{{ proxy.noproxy }}"
pip:
name: pip
state: latest

16
playbooks/roles/deploy-python/tasks/main.yaml
View File

@ -1,16 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: ensuring python2 is present on all hosts
raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal) || (sudo yum install -y python) || (sudo dnf install -y python2)

43
playbooks/roles/deploy-yq/tasks/main.yaml
View File

@ -1,43 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- block:
- name: ensuring jq is deployed on host
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' or ansible_distribution == 'Fedora'
include_role:
name: deploy-package
tasks_from: dist
vars:
packages:
deb:
- jq
rpm:
- jq
- name: removing jq binary on centos
become: true
become_user: root
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
file:
path: "{{ item }}"
state: absent
with_items:
- /usr/bin/jq
- name: installing jq 1.5 binary for centos
become: true
become_user: root
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
get_url:
url: https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64
dest: /usr/bin/jq
mode: 0555

108
playbooks/roles/describe-kubernetes-objects/tasks/main.yaml
View File

@ -1,108 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: "creating directory for cluster scoped objects"
file:
path: "{{ logs_dir }}/objects/cluster"
state: directory
- name: "Gathering descriptions for cluster scoped objects"
shell: |-
set -e
export OBJECT_TYPE=node,clusterrole,clusterrolebinding,storageclass,namespace
export PARALLELISM_FACTOR=2
function list_objects () {
printf ${OBJECT_TYPE} | xargs -d ',' -I {} -P1 -n1 bash -c 'echo "$@"' _ {}
}
export -f list_objects
function name_objects () {
export OBJECT=$1
kubectl get ${OBJECT} -o name | xargs -L1 -I {} -P1 -n1 bash -c 'echo "${OBJECT} ${1#*/}"' _ {}
}
export -f name_objects
function get_objects () {
input=($1)
export OBJECT=${input[0]}
export NAME=${input[1]#*/}
echo "${OBJECT}/${NAME}"
DIR="{{ logs_dir }}/objects/cluster/${OBJECT}"
mkdir -p ${DIR}
kubectl get ${OBJECT} ${NAME} -o yaml > "${DIR}/${NAME}.yaml"
kubectl describe ${OBJECT} ${NAME} > "${DIR}/${NAME}.txt"
}
export -f get_objects
list_objects | \
xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'name_objects "$@"' _ {} | \
xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_objects "$@"' _ {}
args:
executable: /bin/bash
ignore_errors: True
- name: "creating directory for namespace scoped objects"
file:
path: "{{ logs_dir }}/objects/namespaced"
state: directory
- name: "Gathering descriptions for namespace scoped objects"
shell: |-
set -e
export OBJECT_TYPE=configmaps,cronjobs,daemonsets,deployment,endpoints,ingresses,jobs,networkpolicies,pods,podsecuritypolicies,persistentvolumeclaims,rolebindings,roles,secrets,serviceaccounts,services,statefulsets
export PARALLELISM_FACTOR=2
function get_namespaces () {
kubectl get namespaces -o name | awk -F '/' '{ print $NF }'
}
function list_namespaced_objects () {
export NAMESPACE=$1
printf ${OBJECT_TYPE} | xargs -d ',' -I {} -P1 -n1 bash -c 'echo "${NAMESPACE} $@"' _ {}
}
export -f list_namespaced_objects
function name_objects () {
input=($1)
export NAMESPACE=${input[0]}
export OBJECT=${input[1]}
kubectl get -n ${NAMESPACE} ${OBJECT} -o name | xargs -L1 -I {} -P1 -n1 bash -c 'echo "${NAMESPACE} ${OBJECT} $@"' _ {}
}
export -f name_objects
function get_objects () {
input=($1)
export NAMESPACE=${input[0]}
export OBJECT=${input[1]}
export NAME=${input[2]#*/}
echo "${NAMESPACE}/${OBJECT}/${NAME}"
DIR="{{ logs_dir }}/objects/namespaced/${NAMESPACE}/${OBJECT}"
mkdir -p ${DIR}
kubectl get -n ${NAMESPACE} ${OBJECT} ${NAME} -o yaml > "${DIR}/${NAME}.yaml"
kubectl describe -n ${NAMESPACE} ${OBJECT} ${NAME} > "${DIR}/${NAME}.txt"
}
export -f get_objects
get_namespaces | \
xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'list_namespaced_objects "$@"' _ {} | \
xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'name_objects "$@"' _ {} | \
xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_objects "$@"' _ {}
args:
executable: /bin/bash
ignore_errors: True
- name: "Downloads logs to executor"
synchronize:
src: "{{ logs_dir }}/objects"
dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
mode: pull
ignore_errors: yes

39
playbooks/roles/gather-host-logs/tasks/main.yaml
View File

@ -1,39 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: "creating directory for system status"
file:
path: "{{ logs_dir }}/system"
state: directory
- name: "Get logs for each host"
become: yes
shell: |-
set -x
systemd-cgls --full --all --no-pager > {{ logs_dir }}/system/systemd-cgls.txt
ip addr > {{ logs_dir }}/system/ip-addr.txt
ip route > {{ logs_dir }}/system/ip-route.txt
lsblk > {{ logs_dir }}/system/lsblk.txt
mount > {{ logs_dir }}/system/mount.txt
docker images > {{ logs_dir }}/system/docker-images.txt
brctl show > {{ logs_dir }}/system/brctl-show.txt
ps aux --sort=-%mem > {{ logs_dir }}/system/ps.txt
args:
executable: /bin/bash
ignore_errors: True
- name: "Downloads logs to executor"
synchronize:
src: "{{ logs_dir }}/system"
dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
mode: pull
ignore_errors: True

54
playbooks/roles/gather-pod-logs/tasks/main.yaml
View File

@ -1,54 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: "creating directory for pod logs"
file:
path: "{{ logs_dir }}/pod-logs"
state: directory
- name: "retrieve all container logs"
shell: |-
set -e
PARALLELISM_FACTOR=2
function get_namespaces () {
kubectl get namespaces -o name | awk -F '/' '{ print $NF }'
}
function get_pods () {
NAMESPACE=$1
kubectl get pods -n ${NAMESPACE} -o name --show-all | awk -F '/' '{ print $NF }' | xargs -L1 -P 1 -I {} echo ${NAMESPACE} {}
}
export -f get_pods
function get_pod_logs () {
NAMESPACE=${1% *}
POD=${1#* }
INIT_CONTAINERS=$(kubectl get pod $POD -n ${NAMESPACE} -o json | jq -r '.spec.initContainers[]?.name')
CONTAINERS=$(kubectl get pod $POD -n ${NAMESPACE} -o json | jq -r '.spec.containers[].name')
for CONTAINER in ${INIT_CONTAINERS} ${CONTAINERS}; do
echo "${NAMESPACE}/${POD}/${CONTAINER}"
mkdir -p "{{ logs_dir }}/pod-logs/${NAMESPACE}/${POD}"
kubectl logs ${POD} -n ${NAMESPACE} -c ${CONTAINER} > "{{ logs_dir }}/pod-logs/${NAMESPACE}/${POD}/${CONTAINER}.txt"
done
}
export -f get_pod_logs
get_namespaces | \
xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_pods "$@"' _ {} | \
xargs -r -n 2 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_pod_logs "$@"' _ {}
args:
executable: /bin/bash
ignore_errors: True
- name: "Downloads logs to executor"
synchronize:
src: "{{ logs_dir }}/pod-logs"
dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
mode: pull
ignore_errors: True

44
playbooks/roles/gather-prom-metrics/tasks/main.yaml
View File

@ -1,44 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: "creating directory for helm release descriptions"
file:
path: "{{ logs_dir }}/prometheus"
state: directory
- name: "Get prometheus metrics from exporters in all namespaces"
shell: |-
set -e
NAMESPACES=$(kubectl get namespaces -o json | jq -r '.items[].metadata.name')
for NS in $NAMESPACES; do
SERVICES=$(kubectl get svc -l component=metrics -n $NS -o json | jq -r '.items[].metadata.name')
for SVC in $SERVICES; do
PORT=$(kubectl get svc $SVC -n $NS -o json | jq -r '.spec.ports[].port')
curl "$SVC.$NS:$PORT/metrics" >> "{{ logs_dir }}"/prometheus/$NS-$SVC.txt
done
done
args:
executable: /bin/bash
- name: "Get prometheus metrics from tiller-deploy"
shell: |-
set -e
curl tiller-deploy.kube-system:44135/metrics >> "{{ logs_dir }}"/prometheus/kube-system-tiller-deploy.txt
args:
executable: /bin/bash
- name: "Downloads logs to executor"
synchronize:
src: "{{ logs_dir }}/prometheus"
dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
mode: pull
ignore_errors: True

44
playbooks/roles/helm-release-status/tasks/main.yaml
View File

@ -1,44 +0,0 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: "creating directory for helm release status"
file:
path: "{{ logs_dir }}/helm"
state: directory
- name: "retrieve all deployed charts"
shell: |-
set -e
helm ls --short
args:
executable: /bin/bash
register: helm_releases
- name: "Gather get release status for helm charts"
shell: |-
set -e
helm status {{ helm_released }} >> {{ logs_dir }}/helm/{{ helm_release }}.txt
args:
executable: /bin/bash
ignore_errors: True
vars:
helm_release: "{{ helm_released }}"
loop_control:
loop_var: helm_released
with_items: "{{ helm_releases.stdout_lines }}"
- name: "Downloads logs to executor"
synchronize:
src: "{{ logs_dir }}/helm"
dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
mode: pull
ignore_errors: True

26
playbooks/roles/pull-images/tasks/main.yaml
View File

@ -1,26 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Ensure docker python packages deployed
include_role:
name: deploy-package
tasks_from: pip
vars:
packages:
- yq
- name: pull all images used in repo
make:
chdir: "{{ work_dir }}"
target: pull-all-images

29
playbooks/roles/setup-firewall/tasks/main.yaml
View File

@ -1,29 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#NOTE(portdirect): This needs refinement but drops the firewall on zuul nodes
- name: deploy iptables packages
include_role:
name: deploy-package
tasks_from: dist
vars:
packages:
deb:
- iptables
rpm:
- iptables
- command: iptables -S
- command: iptables -F
- command: iptables -P INPUT ACCEPT
- command: iptables -S

42
playbooks/roles/upgrade-host/tasks/main.yaml
View File

@ -1,42 +0,0 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Upgrade to HWE kernel on Ubuntu Hosts
when: ansible_distribution == 'Ubuntu'
block:
- name: Deploy HWE kernel on Ubuntu Hosts
include_role:
name: deploy-package
tasks_from: dist
vars:
packages:
deb:
- linux-generic-hwe-16.04
- name: Reboot Host following kernel upgrade
shell: sleep 2 && reboot
sudo: yes
async: 30
poll: 0
ignore_errors: true
args:
executable: /bin/bash
- name: Wait for hosts to come up following reboot
wait_for:
host: '{{ hostvars[item].ansible_host }}'
port: 22
state: started
delay: 60
timeout: 240
with_items: '{{ play_hosts }}'
connection: local

14
roles/deploy-docker/tasks/main.yaml
View File

@ -52,18 +52,6 @@
dest: /etc/systemd/system/docker.service.d/http-proxy.conf
mode: 0640
- name: centos | add docker-ce repository
when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( need_docker | failed )
get_url:
url: https://download.docker.com/linux/centos/docker-ce.repo
dest: /etc/yum.repos.d/docker-ce.repo
- name: fedora | add docker-ce repository
when: ( ansible_distribution == 'Fedora' ) and ( need_docker | failed )
get_url:
url: https://download.docker.com/linux/fedora/docker-ce.repo
dest: /etc/yum.repos.d/docker-ce.repo
- name: deploy docker packages
when: need_docker | failed
include_role:
@ -74,7 +62,7 @@
deb:
- docker.io
rpm:
- docker-ce
- docker
- name: restarting docker
systemd:

14
roles/deploy-docker/templates/centos-docker.service.j2
View File

@ -1,8 +1,7 @@
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
Documentation=http://docs.docker.com
After=network.target
[Service]
Type=notify
@ -10,10 +9,13 @@ NotifyAccess=all
Environment=GOTRACEBACK=crash
Environment=DOCKER_HTTP_HOST_COMPAT=1
Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
ExecStart=/usr/bin/dockerd \
ExecStart=/usr/bin/dockerd-current \
--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
--default-runtime=docker-runc \
--exec-opt native.cgroupdriver=systemd \
--userland-proxy-path=/usr/libexec/docker/docker-proxy \
--data-root=/var/lib/docker \
--userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
--seccomp-profile=/etc/docker/seccomp.json \
--graph=/var/lib/docker \
--storage-driver=overlay2 \
--log-driver=json-file \
--iptables=false

20
roles/deploy-docker/templates/fedora-docker.service.j2
View File

@ -1,19 +1,21 @@
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
Documentation=http://docs.docker.com
After=network.target docker-containerd.service
Requires=docker-containerd.service
[Service]
Type=notify
Environment=GOTRACEBACK=crash
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd \
ExecStart=/usr/bin/dockerd-current \
--add-runtime oci=/usr/libexec/docker/docker-runc-current \
--default-runtime=oci \
--containerd /run/containerd.sock \
--exec-opt native.cgroupdriver=systemd \
--userland-proxy-path=/usr/libexec/docker/docker-proxy \
--data-root=/var/lib/docker \
--userland-proxy-path=/usr/libexec/docker/docker-proxy-current \
--init-path=/usr/libexec/docker/docker-init-current \
--seccomp-profile=/etc/docker/seccomp.json \
--graph=/var/lib/docker \
--storage-driver=overlay2 \
--log-driver=json-file \
--iptables=false

1
tools/gate/devel/start.sh
View File

@ -47,6 +47,7 @@ function ansible_install {
elif [ "x$ID" == "xfedora" ]; then
sudo dnf install -y \
python-devel \
libselinux-python \
redhat-rpm-config \
gcc \
jq