diff --git a/.zuul.yaml b/.zuul.yaml index ac17279c6..01b607230 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -165,20 +165,20 @@ - job: name: openstack-helm-infra-linter - run: tools/gate/playbooks/zuul-linter.yaml + run: playbooks/zuul-linter.yaml nodeset: openstack-helm-single-node - job: name: openstack-helm-infra timeout: 3600 pre-run: - - tools/gate/playbooks/osh-infra-upgrade-host.yaml - - tools/gate/playbooks/osh-infra-deploy-docker.yaml - - tools/gate/playbooks/osh-infra-build.yaml - - tools/gate/playbooks/osh-infra-pull-images.yaml - - tools/gate/playbooks/osh-infra-deploy-k8s.yaml - run: tools/gate/playbooks/osh-infra-deploy-charts.yaml - post-run: tools/gate/playbooks/osh-infra-collect-logs.yaml + - playbooks/osh-infra-upgrade-host.yaml + - playbooks/osh-infra-deploy-docker.yaml + - playbooks/osh-infra-build.yaml + - playbooks/osh-infra-pull-images.yaml + - playbooks/osh-infra-deploy-k8s.yaml + run: playbooks/osh-infra-deploy-charts.yaml + post-run: playbooks/osh-infra-collect-logs.yaml - job: name: openstack-helm-infra-ubuntu diff --git a/Makefile b/Makefile index 69eba463c..2eab65abd 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ SHELL := /bin/bash HELM := helm TASK := build -EXCLUDES := helm-toolkit doc tests tools logs tmp +EXCLUDES := helm-toolkit doc tests tools logs tmp roles playbooks CHARTS := helm-toolkit $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) .PHONY: $(EXCLUDES) $(CHARTS) diff --git a/playbooks/osh-infra-build.retry b/playbooks/osh-infra-build.retry new file mode 100644 index 000000000..408303742 --- /dev/null +++ b/playbooks/osh-infra-build.retry @@ -0,0 +1 @@ +local diff --git a/tools/gate/playbooks/osh-infra-build.yaml b/playbooks/osh-infra-build.yaml similarity index 100% rename from tools/gate/playbooks/osh-infra-build.yaml rename to playbooks/osh-infra-build.yaml diff --git a/tools/gate/playbooks/osh-infra-collect-logs.yaml b/playbooks/osh-infra-collect-logs.yaml similarity index 100% rename from tools/gate/playbooks/osh-infra-collect-logs.yaml rename to playbooks/osh-infra-collect-logs.yaml diff --git a/playbooks/osh-infra-deploy-charts.retry b/playbooks/osh-infra-deploy-charts.retry new file mode 100644 index 000000000..408303742 --- /dev/null +++ b/playbooks/osh-infra-deploy-charts.retry @@ -0,0 +1 @@ +local diff --git a/tools/gate/playbooks/osh-infra-deploy-charts.yaml b/playbooks/osh-infra-deploy-charts.yaml similarity index 95% rename from tools/gate/playbooks/osh-infra-deploy-charts.yaml rename to playbooks/osh-infra-deploy-charts.yaml index b991e9e46..6e0303cd4 100644 --- a/tools/gate/playbooks/osh-infra-deploy-charts.yaml +++ b/playbooks/osh-infra-deploy-charts.yaml @@ -26,7 +26,7 @@ - hosts: primary vars_files: - vars.yaml - - ../chart-deploys/default.yaml + - ../tools/gate/chart-deploys/default.yaml vars: work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}" logs_dir: "/tmp/logs" diff --git a/tools/gate/playbooks/osh-infra-deploy-docker.yaml b/playbooks/osh-infra-deploy-docker.yaml similarity index 100% rename from tools/gate/playbooks/osh-infra-deploy-docker.yaml rename to playbooks/osh-infra-deploy-docker.yaml diff --git a/playbooks/osh-infra-deploy-k8s.retry b/playbooks/osh-infra-deploy-k8s.retry new file mode 100644 index 000000000..408303742 --- /dev/null +++ b/playbooks/osh-infra-deploy-k8s.retry @@ -0,0 +1 @@ +local diff --git a/tools/gate/playbooks/osh-infra-deploy-k8s.yaml b/playbooks/osh-infra-deploy-k8s.yaml similarity index 100% rename from tools/gate/playbooks/osh-infra-deploy-k8s.yaml rename to playbooks/osh-infra-deploy-k8s.yaml diff --git a/tools/gate/playbooks/osh-infra-docker.yaml b/playbooks/osh-infra-docker.yaml similarity index 100% rename from tools/gate/playbooks/osh-infra-docker.yaml rename to playbooks/osh-infra-docker.yaml diff --git a/tools/gate/playbooks/osh-infra-pull-images.yaml b/playbooks/osh-infra-pull-images.yaml similarity index 100% rename from tools/gate/playbooks/osh-infra-pull-images.yaml rename to playbooks/osh-infra-pull-images.yaml diff --git a/tools/gate/playbooks/osh-infra-upgrade-host.yaml b/playbooks/osh-infra-upgrade-host.yaml similarity index 100% rename from tools/gate/playbooks/osh-infra-upgrade-host.yaml rename to playbooks/osh-infra-upgrade-host.yaml diff --git a/tools/gate/playbooks/build-helm-packages/tasks/main.yaml b/playbooks/roles/build-helm-packages/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/build-helm-packages/tasks/main.yaml rename to playbooks/roles/build-helm-packages/tasks/main.yaml diff --git a/tools/gate/playbooks/build-helm-packages/tasks/setup-helm-serve.yaml b/playbooks/roles/build-helm-packages/tasks/setup-helm-serve.yaml similarity index 100% rename from tools/gate/playbooks/build-helm-packages/tasks/setup-helm-serve.yaml rename to playbooks/roles/build-helm-packages/tasks/setup-helm-serve.yaml diff --git a/tools/gate/playbooks/build-helm-packages/templates/helm-serve.service.j2 b/playbooks/roles/build-helm-packages/templates/helm-serve.service.j2 similarity index 100% rename from tools/gate/playbooks/build-helm-packages/templates/helm-serve.service.j2 rename to playbooks/roles/build-helm-packages/templates/helm-serve.service.j2 diff --git a/tools/gate/playbooks/build-images/tasks/kubeadm-aio.yaml b/playbooks/roles/build-images/tasks/kubeadm-aio.yaml similarity index 100% rename from tools/gate/playbooks/build-images/tasks/kubeadm-aio.yaml rename to playbooks/roles/build-images/tasks/kubeadm-aio.yaml diff --git a/tools/gate/playbooks/build-images/tasks/main.yaml b/playbooks/roles/build-images/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/build-images/tasks/main.yaml rename to playbooks/roles/build-images/tasks/main.yaml diff --git a/tools/gate/playbooks/clean-host/tasks/main.yaml b/playbooks/roles/clean-host/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/clean-host/tasks/main.yaml rename to playbooks/roles/clean-host/tasks/main.yaml diff --git a/tools/gate/playbooks/deploy-docker/tasks/deploy-ansible-docker-support.yaml b/playbooks/roles/deploy-docker/tasks/deploy-ansible-docker-support.yaml similarity index 100% rename from tools/gate/playbooks/deploy-docker/tasks/deploy-ansible-docker-support.yaml rename to playbooks/roles/deploy-docker/tasks/deploy-ansible-docker-support.yaml diff --git a/tools/gate/playbooks/deploy-docker/tasks/main.yaml b/playbooks/roles/deploy-docker/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/deploy-docker/tasks/main.yaml rename to playbooks/roles/deploy-docker/tasks/main.yaml diff --git a/tools/gate/playbooks/deploy-docker/templates/centos-docker.service.j2 b/playbooks/roles/deploy-docker/templates/centos-docker.service.j2 similarity index 100% rename from tools/gate/playbooks/deploy-docker/templates/centos-docker.service.j2 rename to playbooks/roles/deploy-docker/templates/centos-docker.service.j2 diff --git a/tools/gate/playbooks/deploy-docker/templates/fedora-docker.service.j2 b/playbooks/roles/deploy-docker/templates/fedora-docker.service.j2 similarity index 100% rename from tools/gate/playbooks/deploy-docker/templates/fedora-docker.service.j2 rename to playbooks/roles/deploy-docker/templates/fedora-docker.service.j2 diff --git a/tools/gate/playbooks/deploy-docker/templates/http-proxy.conf.j2 b/playbooks/roles/deploy-docker/templates/http-proxy.conf.j2 similarity index 100% rename from tools/gate/playbooks/deploy-docker/templates/http-proxy.conf.j2 rename to playbooks/roles/deploy-docker/templates/http-proxy.conf.j2 diff --git a/tools/gate/playbooks/deploy-docker/templates/ubuntu-docker.service.j2 b/playbooks/roles/deploy-docker/templates/ubuntu-docker.service.j2 similarity index 100% rename from tools/gate/playbooks/deploy-docker/templates/ubuntu-docker.service.j2 rename to playbooks/roles/deploy-docker/templates/ubuntu-docker.service.j2 diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml b/playbooks/roles/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml similarity index 100% rename from tools/gate/playbooks/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml rename to playbooks/roles/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml b/playbooks/roles/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml similarity index 100% rename from tools/gate/playbooks/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml rename to playbooks/roles/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/main.yaml b/playbooks/roles/deploy-helm-packages/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/deploy-helm-packages/tasks/main.yaml rename to playbooks/roles/deploy-helm-packages/tasks/main.yaml diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/util-chart-group.yaml b/playbooks/roles/deploy-helm-packages/tasks/util-chart-group.yaml similarity index 100% rename from tools/gate/playbooks/deploy-helm-packages/tasks/util-chart-group.yaml rename to playbooks/roles/deploy-helm-packages/tasks/util-chart-group.yaml diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/util-common-helm-chart.yaml b/playbooks/roles/deploy-helm-packages/tasks/util-common-helm-chart.yaml similarity index 100% rename from tools/gate/playbooks/deploy-helm-packages/tasks/util-common-helm-chart.yaml rename to playbooks/roles/deploy-helm-packages/tasks/util-common-helm-chart.yaml diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/util-common-helm-test.yaml b/playbooks/roles/deploy-helm-packages/tasks/util-common-helm-test.yaml similarity index 100% rename from tools/gate/playbooks/deploy-helm-packages/tasks/util-common-helm-test.yaml rename to playbooks/roles/deploy-helm-packages/tasks/util-common-helm-test.yaml diff --git a/tools/gate/playbooks/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml b/playbooks/roles/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml similarity index 100% rename from tools/gate/playbooks/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml rename to playbooks/roles/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/clean-node.yaml b/playbooks/roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml similarity index 100% rename from tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/clean-node.yaml rename to playbooks/roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml b/playbooks/roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml similarity index 100% rename from tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml rename to playbooks/roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/main.yaml b/playbooks/roles/deploy-kubeadm-aio-common/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/main.yaml rename to playbooks/roles/deploy-kubeadm-aio-common/tasks/main.yaml diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml b/playbooks/roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml similarity index 100% rename from tools/gate/playbooks/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml rename to playbooks/roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-master/tasks/main.yaml b/playbooks/roles/deploy-kubeadm-aio-master/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/deploy-kubeadm-aio-master/tasks/main.yaml rename to playbooks/roles/deploy-kubeadm-aio-master/tasks/main.yaml diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-node/tasks/main.yaml b/playbooks/roles/deploy-kubeadm-aio-node/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/deploy-kubeadm-aio-node/tasks/main.yaml rename to playbooks/roles/deploy-kubeadm-aio-node/tasks/main.yaml diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml b/playbooks/roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml similarity index 100% rename from tools/gate/playbooks/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml rename to playbooks/roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml diff --git a/tools/gate/playbooks/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml b/playbooks/roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml similarity index 100% rename from tools/gate/playbooks/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml rename to playbooks/roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml diff --git a/tools/gate/playbooks/deploy-package/tasks/dist.yaml b/playbooks/roles/deploy-package/tasks/dist.yaml similarity index 100% rename from tools/gate/playbooks/deploy-package/tasks/dist.yaml rename to playbooks/roles/deploy-package/tasks/dist.yaml diff --git a/tools/gate/playbooks/deploy-package/tasks/pip.yaml b/playbooks/roles/deploy-package/tasks/pip.yaml similarity index 100% rename from tools/gate/playbooks/deploy-package/tasks/pip.yaml rename to playbooks/roles/deploy-package/tasks/pip.yaml diff --git a/tools/gate/playbooks/deploy-python-pip/tasks/main.yaml b/playbooks/roles/deploy-python-pip/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/deploy-python-pip/tasks/main.yaml rename to playbooks/roles/deploy-python-pip/tasks/main.yaml diff --git a/tools/gate/playbooks/deploy-python/tasks/main.yaml b/playbooks/roles/deploy-python/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/deploy-python/tasks/main.yaml rename to playbooks/roles/deploy-python/tasks/main.yaml diff --git a/tools/gate/playbooks/deploy-yq/tasks/main.yaml b/playbooks/roles/deploy-yq/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/deploy-yq/tasks/main.yaml rename to playbooks/roles/deploy-yq/tasks/main.yaml diff --git a/tools/gate/playbooks/describe-kubernetes-objects/tasks/main.yaml b/playbooks/roles/describe-kubernetes-objects/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/describe-kubernetes-objects/tasks/main.yaml rename to playbooks/roles/describe-kubernetes-objects/tasks/main.yaml diff --git a/tools/gate/playbooks/gather-host-logs/tasks/main.yaml b/playbooks/roles/gather-host-logs/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/gather-host-logs/tasks/main.yaml rename to playbooks/roles/gather-host-logs/tasks/main.yaml diff --git a/tools/gate/playbooks/gather-pod-logs/tasks/main.yaml b/playbooks/roles/gather-pod-logs/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/gather-pod-logs/tasks/main.yaml rename to playbooks/roles/gather-pod-logs/tasks/main.yaml diff --git a/tools/gate/playbooks/gather-prom-metrics/tasks/main.yaml b/playbooks/roles/gather-prom-metrics/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/gather-prom-metrics/tasks/main.yaml rename to playbooks/roles/gather-prom-metrics/tasks/main.yaml diff --git a/tools/gate/playbooks/helm-release-status/tasks/main.yaml b/playbooks/roles/helm-release-status/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/helm-release-status/tasks/main.yaml rename to playbooks/roles/helm-release-status/tasks/main.yaml diff --git a/tools/gate/playbooks/pull-images/tasks/main.yaml b/playbooks/roles/pull-images/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/pull-images/tasks/main.yaml rename to playbooks/roles/pull-images/tasks/main.yaml diff --git a/tools/gate/playbooks/setup-firewall/tasks/main.yaml b/playbooks/roles/setup-firewall/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/setup-firewall/tasks/main.yaml rename to playbooks/roles/setup-firewall/tasks/main.yaml diff --git a/tools/gate/playbooks/upgrade-host/tasks/main.yaml b/playbooks/roles/upgrade-host/tasks/main.yaml similarity index 100% rename from tools/gate/playbooks/upgrade-host/tasks/main.yaml rename to playbooks/roles/upgrade-host/tasks/main.yaml diff --git a/tools/gate/playbooks/vars.yaml b/playbooks/vars.yaml similarity index 100% rename from tools/gate/playbooks/vars.yaml rename to playbooks/vars.yaml diff --git a/tools/gate/playbooks/zuul-linter.yaml b/playbooks/zuul-linter.yaml similarity index 100% rename from tools/gate/playbooks/zuul-linter.yaml rename to playbooks/zuul-linter.yaml diff --git a/roles/build-helm-packages/tasks/main.yaml b/roles/build-helm-packages/tasks/main.yaml new file mode 100644 index 000000000..1bd179c2e --- /dev/null +++ b/roles/build-helm-packages/tasks/main.yaml @@ -0,0 +1,18 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: setup-helm-serve.yaml + +- name: build all charts in repo + make: + chdir: "{{ work_dir }}" + target: all diff --git a/roles/build-helm-packages/tasks/setup-helm-serve.yaml b/roles/build-helm-packages/tasks/setup-helm-serve.yaml new file mode 100644 index 000000000..948b6f3ad --- /dev/null +++ b/roles/build-helm-packages/tasks/setup-helm-serve.yaml @@ -0,0 +1,87 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- block: + - name: check if correct version of helm client already installed + shell: "set -e; [ \"x$($(type -p helm) version --client --short | awk '{ print $NF }' | awk -F '+' '{ print $1 }')\" == \"x${HELM_VERSION}\" ] || exit 1" + environment: + HELM_VERSION: "{{ version.helm }}" + args: + executable: /bin/bash + register: need_helm + ignore_errors: True + - name: install helm client + when: need_helm | failed + become_user: root + shell: | + TMP_DIR=$(mktemp -d) + curl -sSL https://storage.googleapis.com/kubernetes-helm/helm-${HELM_VERSION}-linux-amd64.tar.gz | tar -zxv --strip-components=1 -C ${TMP_DIR} + sudo mv ${TMP_DIR}/helm /usr/bin/helm + rm -rf ${TMP_DIR} + environment: + HELM_VERSION: "{{ version.helm }}" + args: + executable: /bin/bash + - name: setting up helm client + command: helm init --client-only + +- block: + - name: checking if local helm server is running + shell: curl -s 127.0.0.1:8879 | grep -q 'Helm Repository' + args: + executable: /bin/bash + register: helm_server_running + ignore_errors: True + - name: getting current host user name + when: helm_server_running | failed + shell: id -un + args: + executable: /bin/bash + register: helm_server_user + - name: moving systemd unit into place for helm server + when: helm_server_running | failed + become: yes + become_user: root + template: + src: helm-serve.service.j2 + dest: /etc/systemd/system/helm-serve.service + mode: 0640 + - name: starting helm serve service + when: helm_server_running | failed + become: yes + become_user: root + systemd: + state: restarted + daemon_reload: yes + name: helm-serve + - name: wait for helm server to be ready + shell: curl -s 127.0.0.1:8879 | grep -q 'Helm Repository' + args: + executable: /bin/bash + register: wait_for_helm_server + until: wait_for_helm_server.rc == 0 + retries: 120 + delay: 5 + +- block: + - name: checking if helm 'stable' repo is present + shell: helm repo list | grep -q "^stable" + args: + executable: /bin/bash + register: helm_stable_repo_present + ignore_errors: True + - name: checking if helm 'stable' repo is present + when: helm_stable_repo_present | succeeded + command: helm repo remove stable + +- name: adding helm local repo + command: helm repo add local http://localhost:8879/charts diff --git a/roles/build-helm-packages/templates/helm-serve.service.j2 b/roles/build-helm-packages/templates/helm-serve.service.j2 new file mode 100644 index 000000000..3cd1aad0f --- /dev/null +++ b/roles/build-helm-packages/templates/helm-serve.service.j2 @@ -0,0 +1,11 @@ +[Unit] +Description=Helm Server +After=network.target + +[Service] +User={{ helm_server_user.stdout }} +Restart=always +ExecStart=/usr/bin/helm serve + +[Install] +WantedBy=multi-user.target diff --git a/roles/build-images/tasks/kubeadm-aio.yaml b/roles/build-images/tasks/kubeadm-aio.yaml new file mode 100644 index 000000000..ed3ed149b --- /dev/null +++ b/roles/build-images/tasks/kubeadm-aio.yaml @@ -0,0 +1,74 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#NOTE(portdirect): Untill https://github.com/ansible/ansible/issues/21433 is +# reolved, we build with a shell script to make use of the host network. +- name: Kubeadm-AIO build + block: + #NOTE(portdirect): we do this to ensure we are feeding the docker build + # a clean path to work with. + - name: Kubeadm-AIO image build path + shell: cd "{{ work_dir }}"; pwd + register: kubeadm_aio_path + # - name: build the Kubeadm-AIO image + # docker_image: + # path: "{{ kubeadm_aio_path.stdout }}/" + # name: "{{ images.kubernetes.kubeadm_aio }}" + # dockerfile: "tools/images/kubeadm-aio/Dockerfile" + # force: yes + # pull: yes + # state: present + # rm: yes + # buildargs: + # KUBE_VERSION: "{{ version.kubernetes }}" + # CNI_VERSION: "{{ version.cni }}" + # HELM_VERSION: "{{ version.helm }}" + # CHARTS: "calico,flannel,tiller,kube-dns" + - name: Kubeadm-AIO image build path with proxy + when: proxy.http is defined and (proxy.http | trim != "") + shell: |- + set -e + docker build \ + --network host \ + --force-rm \ + --tag "{{ images.kubernetes.kubeadm_aio }}" \ + --file tools/images/kubeadm-aio/Dockerfile \ + --build-arg KUBE_VERSION="{{ version.kubernetes }}" \ + --build-arg CNI_VERSION="{{ version.cni }}" \ + --build-arg HELM_VERSION="{{ version.helm }}" \ + --build-arg CHARTS="calico,flannel,tiller,kube-dns" \ + --build-arg HTTP_PROXY="{{ proxy.http }}" \ + --build-arg HTTPS_PROXY="{{ proxy.https }}" \ + --build-arg NO_PROXY="{{ proxy.noproxy }}" \ + . + args: + chdir: "{{ kubeadm_aio_path.stdout }}/" + executable: /bin/bash + - name: Kubeadm-AIO image build path + when: proxy.http is undefined or (proxy.http | trim == "") + shell: |- + set -e + docker build \ + --network host \ + --force-rm \ + --tag "{{ images.kubernetes.kubeadm_aio }}" \ + --file tools/images/kubeadm-aio/Dockerfile \ + --build-arg KUBE_VERSION="{{ version.kubernetes }}" \ + --build-arg CNI_VERSION="{{ version.cni }}" \ + --build-arg HELM_VERSION="{{ version.helm }}" \ + --build-arg CHARTS="calico,flannel,tiller,kube-dns" \ + . + args: + chdir: "{{ kubeadm_aio_path.stdout }}/" + executable: /bin/bash \ No newline at end of file diff --git a/roles/build-images/tasks/main.yaml b/roles/build-images/tasks/main.yaml new file mode 100644 index 000000000..7e13f0ba1 --- /dev/null +++ b/roles/build-images/tasks/main.yaml @@ -0,0 +1,15 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: kubeadm-aio.yaml diff --git a/roles/clean-host/tasks/main.yaml b/roles/clean-host/tasks/main.yaml new file mode 100644 index 000000000..77eee4369 --- /dev/null +++ b/roles/clean-host/tasks/main.yaml @@ -0,0 +1,22 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: remove osh directory + become: yes + become_user: root + file: + path: "{{ item }}" + state: absent + with_items: + - /var/lib/openstack-helm diff --git a/roles/deploy-docker/tasks/deploy-ansible-docker-support.yaml b/roles/deploy-docker/tasks/deploy-ansible-docker-support.yaml new file mode 100644 index 000000000..3e7a8e130 --- /dev/null +++ b/roles/deploy-docker/tasks/deploy-ansible-docker-support.yaml @@ -0,0 +1,68 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: ensuring SELinux is disabled on centos & fedora + when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' or ansible_distribution == 'Fedora' + become: true + become_user: root + command: setenforce 0 + ignore_errors: True + +#NOTE(portdirect): See https://ask.openstack.org/en/question/110437/importerror-cannot-import-name-unrewindablebodyerror/ +- name: fix docker removal issue with ansible's docker_container on centos + when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' + block: + - name: remove requests and urllib3 pip packages to fix docker removal issue with ansible's docker_container on centos + become: true + become_user: root + include_role: + name: deploy-package + tasks_from: pip + vars: + state: absent + packages: + - requests + - urllib3 + - name: remove requests and urllib3 distro packages to fix docker removal issue with ansible's docker_container on centos + become: true + become_user: root + include_role: + name: deploy-package + tasks_from: dist + vars: + state: absent + packages: + rpm: + - python-urllib3 + - python-requests + - name: restore requests and urllib3 distro packages to fix docker removal issue with ansible's docker_container on centos + become: true + become_user: root + include_role: + name: deploy-package + tasks_from: dist + vars: + state: present + packages: + rpm: + - python-urllib3 + - python-requests + +- name: Ensure docker python packages deployed + include_role: + name: deploy-package + tasks_from: pip + vars: + packages: + - docker-py diff --git a/roles/deploy-docker/tasks/main.yaml b/roles/deploy-docker/tasks/main.yaml new file mode 100644 index 000000000..6a4463768 --- /dev/null +++ b/roles/deploy-docker/tasks/main.yaml @@ -0,0 +1,85 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: check if docker deploy is needed + raw: which docker + register: need_docker + ignore_errors: True + +- name: centos | moving systemd unit into place + when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( need_docker | failed ) + template: + src: centos-docker.service.j2 + dest: /etc/systemd/system/docker.service + mode: 0640 + +- name: fedora | moving systemd unit into place + when: ( ansible_distribution == 'Fedora' ) and ( need_docker | failed ) + template: + src: fedora-docker.service.j2 + dest: /etc/systemd/system/docker.service + mode: 0640 + +- name: ubuntu | moving systemd unit into place + when: ( ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' ) and ( need_docker | failed ) + template: + src: ubuntu-docker.service.j2 + dest: /etc/systemd/system/docker.service + mode: 0640 + +# NOTE: (lamt) Setting up the proxy before installing docker +- name: ensure docker.service.d directory exists + when: proxy.http is defined and (proxy.http | trim != "") + file: + path: /etc/systemd/system/docker.service.d + state: directory + +- name: proxy | moving proxy systemd unit into place + when: ( need_docker | failed ) and ( proxy.http is defined and (proxy.http | trim != "") ) + template: + src: http-proxy.conf.j2 + dest: /etc/systemd/system/docker.service.d/http-proxy.conf + mode: 0640 + +- name: centos | add docker-ce repository + when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( need_docker | failed ) + get_url: + url: https://download.docker.com/linux/centos/docker-ce.repo + dest: /etc/yum.repos.d/docker-ce.repo + +- name: fedora | add docker-ce repository + when: ( ansible_distribution == 'Fedora' ) and ( need_docker | failed ) + get_url: + url: https://download.docker.com/linux/fedora/docker-ce.repo + dest: /etc/yum.repos.d/docker-ce.repo + +- name: deploy docker packages + when: need_docker | failed + include_role: + name: deploy-package + tasks_from: dist + vars: + packages: + deb: + - docker.io + rpm: + - docker-ce + +- name: restarting docker + systemd: + state: restarted + daemon_reload: yes + name: docker + +- include: deploy-ansible-docker-support.yaml diff --git a/roles/deploy-docker/templates/centos-docker.service.j2 b/roles/deploy-docker/templates/centos-docker.service.j2 new file mode 100644 index 000000000..ba9540e2d --- /dev/null +++ b/roles/deploy-docker/templates/centos-docker.service.j2 @@ -0,0 +1,30 @@ +[Unit] +Description=Docker Application Container Engine +Documentation=https://docs.docker.com +After=network-online.target firewalld.service +Wants=network-online.target + +[Service] +Type=notify +NotifyAccess=all +Environment=GOTRACEBACK=crash +Environment=DOCKER_HTTP_HOST_COMPAT=1 +Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin +ExecStart=/usr/bin/dockerd \ + --exec-opt native.cgroupdriver=systemd \ + --userland-proxy-path=/usr/libexec/docker/docker-proxy \ + --data-root=/var/lib/docker \ + --storage-driver=overlay2 \ + --log-driver=json-file \ + --iptables=false +ExecReload=/bin/kill -s HUP $MAINPID +LimitNOFILE=1048576 +LimitNPROC=1048576 +LimitCORE=infinity +TimeoutStartSec=0 +Restart=on-abnormal +MountFlags=share +KillMode=process + +[Install] +WantedBy=multi-user.target diff --git a/roles/deploy-docker/templates/fedora-docker.service.j2 b/roles/deploy-docker/templates/fedora-docker.service.j2 new file mode 100644 index 000000000..e471b92f3 --- /dev/null +++ b/roles/deploy-docker/templates/fedora-docker.service.j2 @@ -0,0 +1,29 @@ +[Unit] +Description=Docker Application Container Engine +Documentation=https://docs.docker.com +After=network-online.target firewalld.service +Wants=network-online.target + +[Service] +Type=notify +Environment=GOTRACEBACK=crash +# the default is not to use systemd for cgroups because the delegate issues still +# exists and systemd currently does not support the cgroup feature set required +# for containers run by docker +ExecStart=/usr/bin/dockerd \ + --exec-opt native.cgroupdriver=systemd \ + --userland-proxy-path=/usr/libexec/docker/docker-proxy \ + --data-root=/var/lib/docker \ + --storage-driver=overlay2 \ + --log-driver=json-file \ + --iptables=false +ExecReload=/bin/kill -s HUP $MAINPID +TasksMax=8192 +LimitNOFILE=1048576 +LimitNPROC=1048576 +LimitCORE=infinity +TimeoutStartSec=0 +Restart=on-abnormal + +[Install] +WantedBy=multi-user.target diff --git a/roles/deploy-docker/templates/http-proxy.conf.j2 b/roles/deploy-docker/templates/http-proxy.conf.j2 new file mode 100644 index 000000000..90d8e1d53 --- /dev/null +++ b/roles/deploy-docker/templates/http-proxy.conf.j2 @@ -0,0 +1,4 @@ +[Service] +Environment="HTTP_PROXY={{ proxy.http }}" +Environment="HTTPS_PROXY={{ proxy.https }}" +Environment="NO_PROXY={{ proxy.noproxy }}" diff --git a/roles/deploy-docker/templates/ubuntu-docker.service.j2 b/roles/deploy-docker/templates/ubuntu-docker.service.j2 new file mode 100644 index 000000000..2451b1980 --- /dev/null +++ b/roles/deploy-docker/templates/ubuntu-docker.service.j2 @@ -0,0 +1,30 @@ +[Unit] +Description=Docker Application Container Engine +Documentation=https://docs.docker.com +After=network.target docker.socket firewalld.service +Requires=docker.socket + +[Service] +Type=notify +# the default is not to use systemd for cgroups because the delegate issues still +# exists and systemd currently does not support the cgroup feature set required +# for containers run by docker +EnvironmentFile=-/etc/default/docker +ExecStart=/usr/bin/dockerd --iptables=false -H fd:// $DOCKER_OPTS +ExecReload=/bin/kill -s HUP $MAINPID +LimitNOFILE=1048576 +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNPROC=infinity +LimitCORE=infinity +# Uncomment TasksMax if your systemd version supports it. +# Only systemd 226 and above support this version. +TasksMax=infinity +TimeoutStartSec=0 +# set delegate yes so that systemd does not reset the cgroups of docker containers +Delegate=yes +# kill only the docker process, not all processes in the cgroup +KillMode=process + +[Install] +WantedBy=multi-user.target diff --git a/roles/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml b/roles/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml new file mode 100644 index 000000000..7738af531 --- /dev/null +++ b/roles/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml @@ -0,0 +1,19 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This set of tasks creates over-rides that need to be generated dyamicly and +# injected at runtime. + +- name: setup directorys on host + file: + path: "{{ work_dir }}/tools/gate/local-overrides/" + state: directory diff --git a/roles/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml b/roles/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml new file mode 100644 index 000000000..b2bfa7d21 --- /dev/null +++ b/roles/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml @@ -0,0 +1,39 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- block: + - name: installing OS-H dev tools + include_role: + name: deploy-package + tasks_from: dist + vars: + packages: + deb: + - git + - make + - curl + - ca-certificates + rpm: + - git + - make + - curl + - name: installing jq + include_role: + name: deploy-jq + tasks_from: main + +- name: assemble charts + make: + chdir: "{{ work_dir }}" + register: out + +- include: util-setup-dev-environment.yaml diff --git a/roles/deploy-helm-packages/tasks/main.yaml b/roles/deploy-helm-packages/tasks/main.yaml new file mode 100644 index 000000000..779c4008e --- /dev/null +++ b/roles/deploy-helm-packages/tasks/main.yaml @@ -0,0 +1,27 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: generate-dynamic-over-rides.yaml + +- name: "creating directory for helm test logs" + file: + path: "{{ logs_dir }}/helm-tests" + state: directory + +- name: "iterating through Helm chart groups" + vars: + chart_group_name: "{{ helm_chart_group.name }}" + chart_group_items: "{{ helm_chart_group.charts }}" + include: util-chart-group.yaml + loop_control: + loop_var: helm_chart_group + with_items: "{{ chart_groups }}" diff --git a/roles/deploy-helm-packages/tasks/util-chart-group.yaml b/roles/deploy-helm-packages/tasks/util-chart-group.yaml new file mode 100644 index 000000000..a114ff370 --- /dev/null +++ b/roles/deploy-helm-packages/tasks/util-chart-group.yaml @@ -0,0 +1,29 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: "{{ helm_chart_group.name }}" + vars: + chart_def: "{{ charts[helm_chart] }}" + loop_control: + loop_var: helm_chart + include: util-common-helm-chart.yaml + with_items: "{{ helm_chart_group.charts }}" + +- name: "Running wait for pods for the charts in the {{ helm_chart_group.name }} group" + when: ('timeout' in helm_chart_group) + include: util-common-wait-for-pods.yaml + vars: + namespace: "{{ charts[helm_chart].namespace }}" + timeout: "{{ helm_chart_group.timeout }}" + loop_control: + loop_var: helm_chart + with_items: "{{ helm_chart_group.charts }}" diff --git a/roles/deploy-helm-packages/tasks/util-common-helm-chart.yaml b/roles/deploy-helm-packages/tasks/util-common-helm-chart.yaml new file mode 100644 index 000000000..b95c7f1f5 --- /dev/null +++ b/roles/deploy-helm-packages/tasks/util-common-helm-chart.yaml @@ -0,0 +1,92 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Helm management common block + vars: + check_deployed_result: null + chart_values_file: null + upgrade: + pre: + delete: null + + block: + - name: "create temporary file for {{ chart_def['release'] }}'s values .yaml" + tempfile: + state: file + suffix: .yaml + register: chart_values_file + - name: "write out values.yaml for {{ chart_def['release'] }}" + copy: + dest: "{{ chart_values_file.path }}" + content: "{% if 'values' in chart_def %}{{ chart_def['values'] | to_nice_yaml }}{% else %}{% endif %}" + + - name: "check if {{ chart_def['release'] }} is deployed" + command: helm status "{{ chart_def['release'] }}" + register: check_deployed_result + ignore_errors: True + + - name: "check if local overrides are present in {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml" + stat: + path: "{{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml" + register: local_overrides + + - name: "try to deploy release {{ chart_def['release'] }} in {{ chart_def['namespace'] }} namespace with {{ chart_def['chart_name'] }} chart" + when: check_deployed_result | failed + command: "helm install {{ work_dir }}/{{ chart_def['chart_name'] }} --namespace {{ chart_def['namespace'] }} --name {{ chart_def['release'] }} --values={{ chart_values_file.path }}{% if local_overrides.stat.exists %} --values {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml{% endif %}" + register: out + - name: "display info for the helm {{ chart_def['release'] }} release deploy" + when: check_deployed_result | failed + debug: + var: out.stdout_lines + + - name: "pre-upgrade, delete jobs for {{ chart_def['release'] }} release" + when: + - check_deployed_result | succeeded + - "'upgrade' in chart_def" + - "'pre' in chart_def['upgrade']" + - "'delete' in chart_def['upgrade']['pre']" + - "chart_def.upgrade.pre.delete is not none" + with_items: "{{ chart_def.upgrade.pre.delete }}" + loop_control: + loop_var: helm_upgrade_delete_job + command: "kubectl delete --namespace {{ chart_def['namespace'] }} job -l application={{ helm_upgrade_delete_job.labels.application }},component={{ helm_upgrade_delete_job.labels.component }} --ignore-not-found=true" + - name: "try to upgrade release {{ chart_def['release'] }} in {{ chart_def['namespace'] }} namespace with {{ chart_def['chart_name'] }} chart" + when: check_deployed_result | succeeded + command: "helm upgrade {{ chart_def['release'] }} {{ work_dir }}/{{ chart_def['chart_name'] }} --values={{ chart_values_file.path }}{% if local_overrides.stat.exists %} --values {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml{% endif %}" + register: out + - name: "display info for the helm {{ chart_def['release'] }} release upgrade" + when: check_deployed_result | succeeded + debug: + var: out.stdout_lines + + - include: util-common-wait-for-pods.yaml + when: ('timeout' in chart_def) + vars: + namespace: "{{ chart_def['namespace'] }}" + timeout: "{{ chart_def['timeout'] }}" + + - include: util-common-helm-test.yaml + when: + - "'test' in chart_def" + - "chart_def.test is not none" + - "'enabled' in chart_def['test']" + - "chart_def.test.enabled|bool == true" + vars: + release: "{{ chart_def['release'] }}" + namespace: "{{ chart_def['namespace'] }}" + test_settings: "{{ chart_def.test }}" + + always: + - name: "remove values.yaml for {{ chart_def['release'] }}" + file: + path: "{{ chart_values_file.path }}" + state: absent diff --git a/roles/deploy-helm-packages/tasks/util-common-helm-test.yaml b/roles/deploy-helm-packages/tasks/util-common-helm-test.yaml new file mode 100644 index 000000000..a926946b1 --- /dev/null +++ b/roles/deploy-helm-packages/tasks/util-common-helm-test.yaml @@ -0,0 +1,67 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Helm test common block + vars: + release: null + namespace: null + test_settings: null + + block: + - name: "remove any expired helm test pods for {{ release }}" + command: "kubectl delete pod {{ release }}-test -n {{ namespace }}" + ignore_errors: True + + - name: "run helm tests for the {{ release }} release" + when: + - "'timeout' in test_settings" + - "'timeout' is none" + command: "helm test {{ release }}" + register: test_result + + - name: "run helm tests for the {{ release }} release with timeout" + when: + - "'timeout' in test_settings" + - "'timeout' is not none" + command: " helm test --timeout {{ test_settings.timeout }} {{ release }}" + register: test_result + + - name: "display status for {{ release }} helm tests" + debug: + var: test_result.stdout_lines + + - name: "gathering logs for helm tests for {{ release }}" + when: + - test_result | succeeded + shell: |- + set -e + kubectl logs {{ release }}-test -n {{ namespace }} >> {{ logs_dir }}/helm-tests/{{ release }}.txt + args: + executable: /bin/bash + register: test_logs + + - name: "displaying logs for successful helm tests for {{ release }}" + when: + - test_result | succeeded + - "'output' in test_settings" + - "test_settings.output|bool == true" + debug: + var: test_logs.stdout_lines + rescue: + - name: "gathering logs for failed helm tests for {{ release }}" + command: "kubectl logs {{ release }}-test -n {{ namespace }}" + register: out + - name: "displaying logs for failed helm tests for {{ release }}" + debug: + var: out.stdout_lines + - name: "helm tests for {{ release }} failed, stopping execution" + command: exit 1 diff --git a/roles/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml b/roles/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml new file mode 100644 index 000000000..19d8785b1 --- /dev/null +++ b/roles/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml @@ -0,0 +1,50 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: wait for pods in namespace + vars: + namespace: null + timeout: 600 + wait_return_code: + rc: 1 + block: + - name: "wait for pods in {{ namespace }} namespace to be ready" + shell: |- + set -e + kubectl get pods --namespace="{{ namespace }}" -o json | jq -r \ + '.items[].status.phase' | grep Pending > /dev/null && \ + PENDING=True || PENDING=False + + query='.items[]|select(.status.phase=="Running")' + query="$query|.status.containerStatuses[].ready" + kubectl get pods --namespace="{{ namespace }}" -o json | jq -r "$query" | \ + grep false > /dev/null && READY="False" || READY="True" + + kubectl get jobs -o json --namespace="{{ namespace }}" | jq -r \ + '.items[] | .spec.completions == .status.succeeded' | \ + grep false > /dev/null && JOBR="False" || JOBR="True" + [ $PENDING == "False" -a $READY == "True" -a $JOBR == "True" ] && \ + exit 0 || exit 1 + args: + executable: /bin/bash + register: wait_return_code + until: wait_return_code.rc == 0 + retries: "{{ timeout }}" + delay: 1 + rescue: + - name: "pods failed to come up in time, getting kubernetes objects status" + command: kubectl get --all-namespaces all -o wide --show-all + register: out + - name: "pods failed to come up in time, displaying kubernetes objects status" + debug: var=out.stdout_lines + - name: "pods failed to come up in time, stopping execution" + command: exit 1 diff --git a/roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml b/roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml new file mode 100644 index 000000000..afd5d371e --- /dev/null +++ b/roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml @@ -0,0 +1,69 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: master + vars: + kubeadm_aio_action: clean-host + block: + - name: "kubeadm-aio performing action: {{ kubeadm_aio_action }}" + become: true + become_user: root + docker_container: + name: "kubeadm-{{ kubeadm_aio_action }}" + image: "{{ images.kubernetes.kubeadm_aio }}" + state: started + detach: false + recreate: yes + pid_mode: host + network_mode: host + capabilities: SYS_ADMIN + volumes: + - /sys:/sys:rw + - /run:/run:rw + - /:/mnt/rootfs:rw + - /etc:/etc:rw + env: + CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}" + ACTION="{{ kubeadm_aio_action }}" + KUBE_BIND_DEVICE="{{ kubernetes_default_device }}" + USER_UID="{{ playbook_user_id }}" + USER_GID="{{ playbook_group_id }}" + USER_HOME="{{ playbook_user_dir }}" + CNI_ENABLED="{{ kubernetes.cluster.cni }}" + PVC_SUPPORT_CEPH=true + PVC_SUPPORT_NFS=true + NET_SUPPORT_LINUXBRIDGE=true + KUBE_NET_POD_SUBNET="{{ kubernetes.cluster.pod_subnet }}" + KUBE_NET_DNS_DOMAIN="{{ kubernetes.cluster.domain }}" + CONTAINER_RUNTIME=docker + register: kubeadm_master_deploy + ignore_errors: True + rescue: + - name: getting logs from kubeadm-aio container + command: "docker logs kubeadm-{{ kubeadm_aio_action }}" + become: true + become_user: root + register: out + - name: dumping logs from kubeadm-aio container + debug: + var: out.stdout_lines + - name: exiting if the kubeadm deploy failed + command: exit 1 + always: + - name: removing kubeadm-aio container + become: true + become_user: root + docker_container: + name: "kubeadm-{{ kubeadm_aio_action }}" + state: absent diff --git a/roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml b/roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml new file mode 100644 index 000000000..968faebaf --- /dev/null +++ b/roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml @@ -0,0 +1,27 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +- name: setting node labels + vars: + kubeadm_kubelet_labels_node: + - "{% if nodes.labels.all is defined %}{% set comma = joiner(\",\") %}{% for item in nodes.labels.all %}{{ comma() }}{{ item.name }}={{ item.value }}{% endfor %}{% else %}\"\"{% endif %}" + - "{% set comma = joiner(\",\") %}{% for group in group_names %}{% if nodes.labels[group] is defined %}{% for item in nodes.labels[group] %}{{ comma() }}{{ item.name }}={{ item.value }}{% endfor %}{% else %}\"\"{% endif %}{% endfor %}" + set_fact: + kubeadm_kubelet_labels: "{% set comma = joiner(\",\") %}{% for item in kubeadm_kubelet_labels_node %}{{ comma() }}{{ item }}{% endfor %}" + +- name: deploy-kubelet + vars: + kubeadm_aio_action: deploy-kubelet + include: util-kubeadm-aio-run.yaml diff --git a/roles/deploy-kubeadm-aio-common/tasks/main.yaml b/roles/deploy-kubeadm-aio-common/tasks/main.yaml new file mode 100644 index 000000000..65ac76089 --- /dev/null +++ b/roles/deploy-kubeadm-aio-common/tasks/main.yaml @@ -0,0 +1,35 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: setting playbook facts + set_fact: + playbook_user_id: "{{ ansible_user_uid }}" + playbook_group_id: "{{ ansible_user_gid }}" + playbook_user_dir: "{{ ansible_user_dir }}" + kubernetes_default_device: "{{ ansible_default_ipv4.alias }}" + kubernetes_default_address: null + +- name: if we have defined a custom interface for kubernetes use that + when: kubernetes.network.default_device is defined and kubernetes.network.default_device + set_fact: + kubernetes_default_device: "{{ kubernetes.network.default_device }}" + +- name: if we are in openstack infra use the private IP for kubernetes + when: (nodepool is defined) and (nodepool.private_ipv4 is defined) + set_fact: + kubernetes_default_address: "{{ nodepool.private_ipv4 }}" + +- include: clean-node.yaml + +- include: deploy-kubelet.yaml diff --git a/roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml b/roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml new file mode 100644 index 000000000..a634cd45f --- /dev/null +++ b/roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml @@ -0,0 +1,71 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Run Kubeadm-AIO container + vars: + kubeadm_aio_action: null + kubeadm_kubelet_labels: "" + block: + - name: "performing {{ kubeadm_aio_action }} action" + become: true + become_user: root + docker_container: + name: "kubeadm-{{ kubeadm_aio_action }}" + image: "{{ images.kubernetes.kubeadm_aio }}" + state: started + detach: false + recreate: yes + pid_mode: host + network_mode: host + capabilities: SYS_ADMIN + volumes: + - /sys:/sys:rw + - /run:/run:rw + - /:/mnt/rootfs:rw + - /etc:/etc:rw + env: + CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}" + ACTION="{{ kubeadm_aio_action }}" + KUBE_BIND_DEVICE="{{ kubernetes_default_device }}" + KUBE_BIND_ADDR="{{ kubernetes_default_address }}" + USER_UID="{{ playbook_user_id }}" + USER_GID="{{ playbook_group_id }}" + USER_HOME="{{ playbook_user_dir }}" + CNI_ENABLED="{{ kubernetes.cluster.cni }}" + PVC_SUPPORT_CEPH=true + PVC_SUPPORT_NFS=true + NET_SUPPORT_LINUXBRIDGE=true + KUBE_NET_POD_SUBNET="{{ kubernetes.cluster.pod_subnet }}" + KUBE_NET_DNS_DOMAIN="{{ kubernetes.cluster.domain }}" + CONTAINER_RUNTIME=docker + KUBELET_NODE_LABELS="{{ kubeadm_kubelet_labels }}" + register: kubeadm_master_deploy + rescue: + - name: "getting logs for {{ kubeadm_aio_action }} action" + command: "docker logs kubeadm-{{ kubeadm_aio_action }}" + become: true + become_user: root + register: out + - name: "dumping logs for {{ kubeadm_aio_action }} action" + debug: + var: out.stdout_lines + - name: "exiting if {{ kubeadm_aio_action }} action failed" + command: exit 1 + always: + - name: "removing container for {{ kubeadm_aio_action }} action" + become: true + become_user: root + docker_container: + name: "kubeadm-{{ kubeadm_aio_action }}" + state: absent diff --git a/roles/deploy-kubeadm-aio-master/tasks/main.yaml b/roles/deploy-kubeadm-aio-master/tasks/main.yaml new file mode 100644 index 000000000..294449c30 --- /dev/null +++ b/roles/deploy-kubeadm-aio-master/tasks/main.yaml @@ -0,0 +1,31 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: setting playbook user info facts before escalating privileges + set_fact: + playbook_user_id: "{{ ansible_user_uid }}" + playbook_group_id: "{{ ansible_user_gid }}" + playbook_user_dir: "{{ ansible_user_dir }}" + +- name: deploying kubelet and support assets to node + include_role: + name: deploy-kubeadm-aio-common + tasks_from: main + +- name: deploying kubernetes on master node + vars: + kubeadm_aio_action: deploy-kube + include_role: + name: deploy-kubeadm-aio-common + tasks_from: util-kubeadm-aio-run diff --git a/roles/deploy-kubeadm-aio-node/tasks/main.yaml b/roles/deploy-kubeadm-aio-node/tasks/main.yaml new file mode 100644 index 000000000..244d7db69 --- /dev/null +++ b/roles/deploy-kubeadm-aio-node/tasks/main.yaml @@ -0,0 +1,44 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: setting playbook user info facts before escalating privileges + set_fact: + playbook_user_id: "{{ ansible_user_uid }}" + playbook_group_id: "{{ ansible_user_gid }}" + playbook_user_dir: "{{ ansible_user_dir }}" + kube_master: "{{ groups['primary'][0] }}" + kube_worker: "{{ inventory_hostname }}" + +- name: deploying kubelet and support assets to node + include_role: + name: deploy-kubeadm-aio-common + tasks_from: main + +- name: generating the kubeadm join command for the node + include: util-generate-join-command.yaml + delegate_to: "{{ kube_master }}" + +- name: joining node to kubernetes cluster + vars: + kubeadm_aio_action: join-kube + kubeadm_aio_join_command: "{{ kubeadm_cluster_join_command }}" + include: util-run-join-command.yaml + +- name: waiting for node to be ready + delegate_to: "{{ kube_master }}" + command: kubectl get node "{{ ansible_fqdn }}" -o jsonpath="{$.status.conditions[?(@.reason=='KubeletReady')]['type']}" + register: task_result + until: task_result.stdout == 'Ready' + retries: 120 + delay: 5 diff --git a/roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml b/roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml new file mode 100644 index 000000000..c00ba8e19 --- /dev/null +++ b/roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml @@ -0,0 +1,56 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: generate the kubeadm join command for nodes + vars: + kubeadm_aio_action: generate-join-cmd + kubeadm_cluster_join_ttl: 30m + kube_worker: null + block: + - name: "deploying kubeadm {{ kubeadm_aio_action }} container" + become: true + become_user: root + docker_container: + name: "kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}" + image: "{{ images.kubernetes.kubeadm_aio }}" + state: started + detach: false + recreate: yes + network_mode: host + volumes: + - /etc/kubernetes:/etc/kubernetes:ro + env: + ACTION=generate-join-cmd + TTL="{{ kubeadm_cluster_join_ttl }}" + register: kubeadm_generate_join_command + - name: "getting logs for {{ kubeadm_aio_action }} action" + command: "docker logs kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}" + become: true + become_user: root + register: kubeadm_aio_action_logs + - name: storing cluster join command + set_fact: kubeadm_cluster_join_command="{{ kubeadm_aio_action_logs.stdout }}" + rescue: + - name: "dumping logs for {{ kubeadm_aio_action }} action" + debug: + var: kubeadm_aio_action_logs.stdout_lines + - name: "exiting if {{ kubeadm_aio_action }} action failed" + command: exit 1 + always: + - name: "removing container for {{ kubeadm_aio_action }} action" + become: true + become_user: root + docker_container: + name: "kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}" + state: absent diff --git a/roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml b/roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml new file mode 100644 index 000000000..83aca0d9a --- /dev/null +++ b/roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml @@ -0,0 +1,59 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: master + vars: + kubeadm_aio_action: join-kube + kubeadm_aio_join_command: null + block: + - name: "deploying kubeadm {{ kubeadm_aio_action }} container" + become: true + become_user: root + docker_container: + name: "kubeadm-{{ kubeadm_aio_action }}" + image: "{{ images.kubernetes.kubeadm_aio }}" + state: started + detach: false + recreate: yes + pid_mode: host + network_mode: host + capabilities: SYS_ADMIN + volumes: + - /sys:/sys:rw + - /run:/run:rw + - /:/mnt/rootfs:rw + - /etc:/etc:rw + env: + CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}" + ACTION="{{ kubeadm_aio_action }}" + KUBEADM_JOIN_COMMAND="{{ kubeadm_aio_join_command }}" + register: kubeadm_aio_join_container + rescue: + - name: "getting logs for {{ kubeadm_aio_action }} action" + command: "docker logs kubeadm-{{ kubeadm_aio_action }}" + become: true + become_user: root + register: kubeadm_aio_join_container_output + - name: "dumping logs for {{ kubeadm_aio_action }} action" + debug: + msg: "{{ kubeadm_aio_join_container_output.stdout_lines }}" + - name: "exiting if {{ kubeadm_aio_action }} action failed" + command: exit 1 + always: + - name: "removing container for {{ kubeadm_aio_action }} action" + become: true + become_user: root + docker_container: + name: "kubeadm-{{ kubeadm_aio_action }}" + state: absent diff --git a/roles/deploy-package/tasks/dist.yaml b/roles/deploy-package/tasks/dist.yaml new file mode 100644 index 000000000..f9743d306 --- /dev/null +++ b/roles/deploy-package/tasks/dist.yaml @@ -0,0 +1,46 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: managing distro packages for ubuntu + become: true + become_user: root + when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' + vars: + state: present + apt: + name: "{{ item }}" + state: "{{ state }}" + with_items: "{{ packages.deb }}" + +- name: managing distro packages for centos + become: true + become_user: root + when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' + vars: + state: present + yum: + name: "{{ item }}" + state: "{{ state }}" + with_items: "{{ packages.rpm }}" + +- name: managing distro packages for fedora + become: true + become_user: root + when: ansible_distribution == 'Fedora' + vars: + state: present + dnf: + name: "{{ item }}" + state: "{{ state }}" + with_items: "{{ packages.rpm }}" diff --git a/roles/deploy-package/tasks/pip.yaml b/roles/deploy-package/tasks/pip.yaml new file mode 100644 index 000000000..429bb50b3 --- /dev/null +++ b/roles/deploy-package/tasks/pip.yaml @@ -0,0 +1,27 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: managing pip packages + become: true + become_user: root + environment: + http_proxy: "{{ proxy.http }}" + https_proxy: "{{ proxy.https }}" + no_proxy: "{{ proxy.noproxy }}" + vars: + state: present + pip: + name: "{{ item }}" + state: "{{ state }}" + with_items: "{{ packages }}" diff --git a/roles/deploy-python-pip/tasks/main.yaml b/roles/deploy-python-pip/tasks/main.yaml new file mode 100644 index 000000000..a48868a54 --- /dev/null +++ b/roles/deploy-python-pip/tasks/main.yaml @@ -0,0 +1,48 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: ensuring python pip package is present for ubuntu + when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' + apt: + name: python-pip + state: present + +- name: ensuring python pip package is present for centos + when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' + block: + - name: ensuring epel-release package is present for centos as python-pip is in the epel repo + yum: + name: epel-release + state: present + - name: ensuring python pip package is present for centos + yum: + name: python-devel + state: present + +- name: ensuring python pip package is present for fedora via the python-devel rpm + when: ansible_distribution == 'Fedora' + dnf: + name: python2-pip + state: present + +- name: ensuring pip is the latest version + become: true + become_user: root + environment: + http_proxy: "{{ proxy.http }}" + https_proxy: "{{ proxy.https }}" + no_proxy: "{{ proxy.noproxy }}" + pip: + name: pip + state: latest diff --git a/roles/deploy-python/tasks/main.yaml b/roles/deploy-python/tasks/main.yaml new file mode 100644 index 000000000..02015673b --- /dev/null +++ b/roles/deploy-python/tasks/main.yaml @@ -0,0 +1,16 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: ensuring python2 is present on all hosts + raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal) || (sudo yum install -y python) || (sudo dnf install -y python2) diff --git a/roles/deploy-yq/tasks/main.yaml b/roles/deploy-yq/tasks/main.yaml new file mode 100644 index 000000000..b5f8b1852 --- /dev/null +++ b/roles/deploy-yq/tasks/main.yaml @@ -0,0 +1,43 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- block: + - name: ensuring jq is deployed on host + when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' or ansible_distribution == 'Fedora' + include_role: + name: deploy-package + tasks_from: dist + vars: + packages: + deb: + - jq + rpm: + - jq + - name: removing jq binary on centos + become: true + become_user: root + when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' + file: + path: "{{ item }}" + state: absent + with_items: + - /usr/bin/jq + - name: installing jq 1.5 binary for centos + become: true + become_user: root + when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' + get_url: + url: https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64 + dest: /usr/bin/jq + mode: 0555 diff --git a/roles/describe-kubernetes-objects/tasks/main.yaml b/roles/describe-kubernetes-objects/tasks/main.yaml new file mode 100644 index 000000000..bbd2bad30 --- /dev/null +++ b/roles/describe-kubernetes-objects/tasks/main.yaml @@ -0,0 +1,108 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: "creating directory for cluster scoped objects" + file: + path: "{{ logs_dir }}/objects/cluster" + state: directory + +- name: "Gathering descriptions for cluster scoped objects" + shell: |- + set -e + export OBJECT_TYPE=node,clusterrole,clusterrolebinding,storageclass,namespace + export PARALLELISM_FACTOR=2 + + function list_objects () { + printf ${OBJECT_TYPE} | xargs -d ',' -I {} -P1 -n1 bash -c 'echo "$@"' _ {} + } + export -f list_objects + + function name_objects () { + export OBJECT=$1 + kubectl get ${OBJECT} -o name | xargs -L1 -I {} -P1 -n1 bash -c 'echo "${OBJECT} ${1#*/}"' _ {} + } + export -f name_objects + + function get_objects () { + input=($1) + export OBJECT=${input[0]} + export NAME=${input[1]#*/} + echo "${OBJECT}/${NAME}" + DIR="{{ logs_dir }}/objects/cluster/${OBJECT}" + mkdir -p ${DIR} + kubectl get ${OBJECT} ${NAME} -o yaml > "${DIR}/${NAME}.yaml" + kubectl describe ${OBJECT} ${NAME} > "${DIR}/${NAME}.txt" + } + export -f get_objects + + list_objects | \ + xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'name_objects "$@"' _ {} | \ + xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_objects "$@"' _ {} + args: + executable: /bin/bash + ignore_errors: True + +- name: "creating directory for namespace scoped objects" + file: + path: "{{ logs_dir }}/objects/namespaced" + state: directory + +- name: "Gathering descriptions for namespace scoped objects" + shell: |- + set -e + export OBJECT_TYPE=configmaps,cronjobs,daemonsets,deployment,endpoints,ingresses,jobs,networkpolicies,pods,podsecuritypolicies,persistentvolumeclaims,rolebindings,roles,secrets,serviceaccounts,services,statefulsets + export PARALLELISM_FACTOR=2 + function get_namespaces () { + kubectl get namespaces -o name | awk -F '/' '{ print $NF }' + } + + function list_namespaced_objects () { + export NAMESPACE=$1 + printf ${OBJECT_TYPE} | xargs -d ',' -I {} -P1 -n1 bash -c 'echo "${NAMESPACE} $@"' _ {} + } + export -f list_namespaced_objects + + function name_objects () { + input=($1) + export NAMESPACE=${input[0]} + export OBJECT=${input[1]} + kubectl get -n ${NAMESPACE} ${OBJECT} -o name | xargs -L1 -I {} -P1 -n1 bash -c 'echo "${NAMESPACE} ${OBJECT} $@"' _ {} + } + export -f name_objects + + function get_objects () { + input=($1) + export NAMESPACE=${input[0]} + export OBJECT=${input[1]} + export NAME=${input[2]#*/} + echo "${NAMESPACE}/${OBJECT}/${NAME}" + DIR="{{ logs_dir }}/objects/namespaced/${NAMESPACE}/${OBJECT}" + mkdir -p ${DIR} + kubectl get -n ${NAMESPACE} ${OBJECT} ${NAME} -o yaml > "${DIR}/${NAME}.yaml" + kubectl describe -n ${NAMESPACE} ${OBJECT} ${NAME} > "${DIR}/${NAME}.txt" + } + export -f get_objects + + get_namespaces | \ + xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'list_namespaced_objects "$@"' _ {} | \ + xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'name_objects "$@"' _ {} | \ + xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_objects "$@"' _ {} + args: + executable: /bin/bash + ignore_errors: True + +- name: "Downloads logs to executor" + synchronize: + src: "{{ logs_dir }}/objects" + dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}" + mode: pull + ignore_errors: yes diff --git a/roles/gather-host-logs/tasks/main.yaml b/roles/gather-host-logs/tasks/main.yaml new file mode 100644 index 000000000..29f028e35 --- /dev/null +++ b/roles/gather-host-logs/tasks/main.yaml @@ -0,0 +1,39 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: "creating directory for system status" + file: + path: "{{ logs_dir }}/system" + state: directory + +- name: "Get logs for each host" + become: yes + shell: |- + set -x + systemd-cgls --full --all --no-pager > {{ logs_dir }}/system/systemd-cgls.txt + ip addr > {{ logs_dir }}/system/ip-addr.txt + ip route > {{ logs_dir }}/system/ip-route.txt + lsblk > {{ logs_dir }}/system/lsblk.txt + mount > {{ logs_dir }}/system/mount.txt + docker images > {{ logs_dir }}/system/docker-images.txt + brctl show > {{ logs_dir }}/system/brctl-show.txt + ps aux --sort=-%mem > {{ logs_dir }}/system/ps.txt + args: + executable: /bin/bash + ignore_errors: True + +- name: "Downloads logs to executor" + synchronize: + src: "{{ logs_dir }}/system" + dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}" + mode: pull + ignore_errors: True diff --git a/roles/gather-pod-logs/tasks/main.yaml b/roles/gather-pod-logs/tasks/main.yaml new file mode 100644 index 000000000..2fcb258b6 --- /dev/null +++ b/roles/gather-pod-logs/tasks/main.yaml @@ -0,0 +1,54 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: "creating directory for pod logs" + file: + path: "{{ logs_dir }}/pod-logs" + state: directory + +- name: "retrieve all container logs" + shell: |- + set -e + PARALLELISM_FACTOR=2 + function get_namespaces () { + kubectl get namespaces -o name | awk -F '/' '{ print $NF }' + } + function get_pods () { + NAMESPACE=$1 + kubectl get pods -n ${NAMESPACE} -o name --show-all | awk -F '/' '{ print $NF }' | xargs -L1 -P 1 -I {} echo ${NAMESPACE} {} + } + export -f get_pods + function get_pod_logs () { + NAMESPACE=${1% *} + POD=${1#* } + INIT_CONTAINERS=$(kubectl get pod $POD -n ${NAMESPACE} -o json | jq -r '.spec.initContainers[]?.name') + CONTAINERS=$(kubectl get pod $POD -n ${NAMESPACE} -o json | jq -r '.spec.containers[].name') + for CONTAINER in ${INIT_CONTAINERS} ${CONTAINERS}; do + echo "${NAMESPACE}/${POD}/${CONTAINER}" + mkdir -p "{{ logs_dir }}/pod-logs/${NAMESPACE}/${POD}" + kubectl logs ${POD} -n ${NAMESPACE} -c ${CONTAINER} > "{{ logs_dir }}/pod-logs/${NAMESPACE}/${POD}/${CONTAINER}.txt" + done + } + export -f get_pod_logs + get_namespaces | \ + xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_pods "$@"' _ {} | \ + xargs -r -n 2 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_pod_logs "$@"' _ {} + args: + executable: /bin/bash + ignore_errors: True + +- name: "Downloads logs to executor" + synchronize: + src: "{{ logs_dir }}/pod-logs" + dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}" + mode: pull + ignore_errors: True diff --git a/roles/gather-prom-metrics/tasks/main.yaml b/roles/gather-prom-metrics/tasks/main.yaml new file mode 100644 index 000000000..c05e4eb35 --- /dev/null +++ b/roles/gather-prom-metrics/tasks/main.yaml @@ -0,0 +1,44 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: "creating directory for helm release descriptions" + file: + path: "{{ logs_dir }}/prometheus" + state: directory + +- name: "Get prometheus metrics from exporters in all namespaces" + shell: |- + set -e + NAMESPACES=$(kubectl get namespaces -o json | jq -r '.items[].metadata.name') + for NS in $NAMESPACES; do + SERVICES=$(kubectl get svc -l component=metrics -n $NS -o json | jq -r '.items[].metadata.name') + for SVC in $SERVICES; do + PORT=$(kubectl get svc $SVC -n $NS -o json | jq -r '.spec.ports[].port') + curl "$SVC.$NS:$PORT/metrics" >> "{{ logs_dir }}"/prometheus/$NS-$SVC.txt + done + done + args: + executable: /bin/bash + +- name: "Get prometheus metrics from tiller-deploy" + shell: |- + set -e + curl tiller-deploy.kube-system:44135/metrics >> "{{ logs_dir }}"/prometheus/kube-system-tiller-deploy.txt + args: + executable: /bin/bash + +- name: "Downloads logs to executor" + synchronize: + src: "{{ logs_dir }}/prometheus" + dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}" + mode: pull + ignore_errors: True diff --git a/roles/helm-release-status/tasks/main.yaml b/roles/helm-release-status/tasks/main.yaml new file mode 100644 index 000000000..8c07cdf9d --- /dev/null +++ b/roles/helm-release-status/tasks/main.yaml @@ -0,0 +1,44 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: "creating directory for helm release status" + file: + path: "{{ logs_dir }}/helm" + state: directory + +- name: "retrieve all deployed charts" + shell: |- + set -e + helm ls --short + args: + executable: /bin/bash + register: helm_releases + +- name: "Gather get release status for helm charts" + shell: |- + set -e + helm status {{ helm_released }} >> {{ logs_dir }}/helm/{{ helm_release }}.txt + args: + executable: /bin/bash + ignore_errors: True + vars: + helm_release: "{{ helm_released }}" + loop_control: + loop_var: helm_released + with_items: "{{ helm_releases.stdout_lines }}" + +- name: "Downloads logs to executor" + synchronize: + src: "{{ logs_dir }}/helm" + dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}" + mode: pull + ignore_errors: True diff --git a/roles/pull-images/tasks/main.yaml b/roles/pull-images/tasks/main.yaml new file mode 100644 index 000000000..ec335009d --- /dev/null +++ b/roles/pull-images/tasks/main.yaml @@ -0,0 +1,26 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure docker python packages deployed + include_role: + name: deploy-package + tasks_from: pip + vars: + packages: + - yq + +- name: pull all images used in repo + make: + chdir: "{{ work_dir }}" + target: pull-all-images diff --git a/roles/setup-firewall/tasks/main.yaml b/roles/setup-firewall/tasks/main.yaml new file mode 100644 index 000000000..a98290d5c --- /dev/null +++ b/roles/setup-firewall/tasks/main.yaml @@ -0,0 +1,29 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#NOTE(portdirect): This needs refinement but drops the firewall on zuul nodes +- name: deploy iptables packages + include_role: + name: deploy-package + tasks_from: dist + vars: + packages: + deb: + - iptables + rpm: + - iptables +- command: iptables -S +- command: iptables -F +- command: iptables -P INPUT ACCEPT +- command: iptables -S diff --git a/roles/upgrade-host/tasks/main.yaml b/roles/upgrade-host/tasks/main.yaml new file mode 100644 index 000000000..24ecd99f6 --- /dev/null +++ b/roles/upgrade-host/tasks/main.yaml @@ -0,0 +1,42 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Upgrade to HWE kernel on Ubuntu Hosts + when: ansible_distribution == 'Ubuntu' + block: + - name: Deploy HWE kernel on Ubuntu Hosts + include_role: + name: deploy-package + tasks_from: dist + vars: + packages: + deb: + - linux-generic-hwe-16.04 + - name: Reboot Host following kernel upgrade + shell: sleep 2 && reboot + sudo: yes + async: 30 + poll: 0 + ignore_errors: true + args: + executable: /bin/bash + - name: Wait for hosts to come up following reboot + wait_for: + host: '{{ hostvars[item].ansible_host }}' + port: 22 + state: started + delay: 60 + timeout: 240 + with_items: '{{ play_hosts }}' + connection: local diff --git a/tools/gate/devel/start.sh b/tools/gate/devel/start.sh index 9105b7c40..56a2a2340 100755 --- a/tools/gate/devel/start.sh +++ b/tools/gate/devel/start.sh @@ -94,7 +94,7 @@ function dump_logs () { trap 'dump_logs "$?"' ERR for PLAYBOOK in ${PLAYBOOKS}; do - ansible-playbook ${WORK_DIR}/tools/gate/playbooks/${PLAYBOOK}.yaml \ + ansible-playbook ${WORK_DIR}/playbooks/${PLAYBOOK}.yaml \ -i ${INVENTORY} \ --extra-vars=@${VARS} \ --extra-vars "work_dir=${WORK_DIR}"