Kubespray installation via config download mechanism

Add external_deploy_tasks for Kubespray installation. This makes Kubespray installation work with the config download mechanism. If the undercloud doesn't already contain /usr/share/kubespray directory, it will be git-cloned. This is to bridge a gap before we figure out where we get Kubespray RPM from. Co-Authored-By: Flavio Percoco <flaper87@gmail.com> Change-Id: I2573261bfd3d63aff1310b80fc454becc7504437
2017-10-11 17:19:16 +02:00 · 2017-10-11 17:19:16 +02:00 · d77327d6e2
parent 80eff5f4d7
commit d77327d6e2
5 changed files with 253 additions and 0 deletions
--- a/ci/environments/scenario006-multinode.yaml
+++ b/ci/environments/scenario006-multinode.yaml
@ -0,0 +1,45 @@
+resource_registry:
+  OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+  OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
+  OS::TripleO::Services::SwiftProxy: OS::Heat::None
+  OS::TripleO::Services::SwiftStorage: OS::Heat::None
+  OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None
+  OS::TripleO::Services::Keystone: OS::Heat::None
+  OS::TripleO::Services::GlanceApi: OS::Heat::None
+  OS::TripleO::Services::MySQL: OS::Heat::None
+  OS::TripleO::Services::MySQLClient: OS::Heat::None
+  OS::TripleO::Services::NeutronBgpVpnApi: OS::Heat::None
+  OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
+  OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
+  OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
+  OS::TripleO::Services::NeutronServer: OS::Heat::None
+  OS::TripleO::Services::NeutronCorePlugin: OS::Heat::None
+  OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+  OS::TripleO::Services::RabbitMQ: OS::Heat::None
+  OS::TripleO::Services::HAproxy: OS::Heat::None
+  OS::TripleO::Services::Keepalived: OS::Heat::None
+  OS::TripleO::Services::Memcached: OS::Heat::None
+  OS::TripleO::Services::NovaConductor: OS::Heat::None
+  OS::TripleO::Services::NovaApi: OS::Heat::None
+  OS::TripleO::Services::NovaPlacement: OS::Heat::None
+  OS::TripleO::Services::NovaMetadata: OS::Heat::None
+  OS::TripleO::Services::NovaScheduler: OS::Heat::None
+  OS::TripleO::Services::NovaCompute: OS::Heat::None
+  OS::TripleO::Services::NovaLibvirt: OS::Heat::None
+  OS::TripleO::Services::Docker: ../../puppet/services/docker.yaml
+
+
+
+parameter_defaults:
+  ControllerServices:
+    - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::TripleoPackages
+    - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::Sshd
+    - OS::TripleO::Services::Kubernetes::Master
+    - OS::TripleO::Services::Kubernetes::Worker
+  Debug: true
--- a/environments/kubernetes.yaml
+++ b/environments/kubernetes.yaml
@ -0,0 +1,16 @@
+resource_registry:
+  OS::TripleO::Services::Docker: ../puppet/services/docker.yaml
+  OS::TripleO::Services::Kubernetes::Worker: ../extraconfig/services/kubernetes-worker.yaml
+  OS::TripleO::Services::Kubernetes::Master: ../extraconfig/services/kubernetes-master.yaml
+
+parameter_defaults:
+  OvercloudControlFlavor: control
+  OvercloudComputeFlavor: compute
+
+  ComputeServices:
+    - OS::TripleO::Services::NovaCompute
+    - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::ComputeNeutronOvsAgent
+    - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::Sshd
+    - OS::TripleO::Services::Kubernetes::Worker
--- a/extraconfig/services/kubernetes-master.yaml
+++ b/extraconfig/services/kubernetes-master.yaml
@ -0,0 +1,144 @@
+heat_template_version: ocata
+
+description: Triggers a Mistral workflow for the deployment of Kubernetes
+
+parameters:
+  RoleNetIpMap:
+    default: {}
+    type: json
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+
+outputs:
+  role_data:
+    description: Role data for the Kubernetes Service
+    value:
+      service_name: kubernetes_master
+      config_settings: {}
+      upgrade_tasks: []
+      step_config: ''
+      external_deploy_tasks:
+        # FIXME: remove this block when kubespray is packaged
+        - name: kubernetes_master step 2 kubespray repository
+          when: step == '2'
+          block:
+            - name: check kubespray directory existence
+              stat:
+                path: /usr/share/kubespray
+              register: kubespray_stat
+            - name: clone kubespray repo
+              git:
+                repo: https://github.com/kubernetes-incubator/kubespray
+                dest: /usr/share/kubespray
+                update: no
+              become: yes
+              become_user: root
+              when: not kubespray_stat.stat.exists
+        - name: kubernetes_master step 2
+          when: step == '2'
+          block:
+            - name: create kubespray temp dir
+              file:
+                path: "{{playbook_dir}}/kubespray"
+                state: directory
+            - name: generate kubespray inventory
+              copy:
+                dest: "{{playbook_dir}}/kubespray/inventory"
+                content: |
+                  kube-master:
+                    hosts:
+                      {% for host in groups['kubernetes_master'] -%}
+                      {{host}}:
+                        ansible_user: {{ hostvars.raw_get(host)['ansible_user'] | default(hostvars.raw_get(host)['ansible_ssh_user']) | default('root') }}
+                      {% endfor %}
+
+                  kube-node:
+
+                    hosts:
+                      {% for host in groups['kubernetes_worker'] -%}
+                      {{host}}:
+                        ansible_user: {{ hostvars.raw_get(host)['ansible_user'] | default(hostvars.raw_get(host)['ansible_ssh_user']) | default('root') }}
+                      {% endfor %}
+
+                  etcd:
+                    children:
+                      kube-master: {}
+                  k8s-cluster:
+                    children:
+                      kube-master: {}
+                      kube-node: {}
+            - name: generate kubespray playbook
+              copy:
+                dest: "{{playbook_dir}}/kubespray/playbook.yml"
+                content: |
+                  # NOTE: We could let kubespray configure docker and
+                  # run it in step 1 when this RFE is implemented:
+                  # https://github.com/kubernetes-incubator/kubespray/issues/1836
+                  - name: Configure existing docker
+                    gather_facts: false
+                    hosts: k8s-cluster
+                    tasks:
+                    # NOTE(flaper87): These steps configure docker with
+                    # MountFlags=shared, which is required by kubespray
+                    - name: Create docker service systemd directory
+                      file:
+                        path: /etc/systemd/system/docker.service.d
+                        state: directory
+                    - name: Set mount propagation options for docker
+                      ini_file: dest=/etc/systemd/system/docker.service.d/clear_mount_propagtion_flags.conf section=Service option=MountFlags value=shared
+                    - name : Docker | reload systemd
+                      shell: systemctl daemon-reload
+                    - name: Docker | reload docker
+                      service:
+                        name: docker
+                        state: restarted
+                  - include: /usr/share/kubespray/cluster.yml
+            - name: set kubespray command
+              set_fact:
+                kubespray_command: >-
+                  {%- if kubespray_command is defined -%}
+                  {{kubespray_command}}
+                  {%- else -%}
+                  ansible-playbook
+                  -b
+                  -i '{{playbook_dir}}/kubespray/inventory'
+                  --skip-tags docker,bastion-ssh-config
+                  '{{playbook_dir}}/kubespray/playbook.yml'
+                  {%- endif -%}
+            - name: print kubespray command
+              debug:
+                var: kubespray_command
+            - name: run kubespray (immediate log at {{playbook_dir}}/kubespray/playbook.log)
+              shell: |
+                {{kubespray_command}} 2>&1 | tee {{playbook_dir}}/kubespray/playbook.log
+                exit ${PIPESTATUS[0]}
+              register: outputs
+            - name: print kubespray outputs
+              debug:
+                var: (outputs.stderr|default('')).split('\n')|union(outputs.stdout_lines|default([]))
+              failed_when: outputs|failed
+              when: outputs is defined
--- a/extraconfig/services/kubernetes-worker.yaml
+++ b/extraconfig/services/kubernetes-worker.yaml
@ -0,0 +1,46 @@
+heat_template_version: ocata
+
+description: Triggers a Mistral workflow for the deployment of Kubernetes
+
+parameters:
+  RoleNetIpMap:
+    default: {}
+    type: json
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+
+outputs:
+  role_data:
+    description: Role data for the Kubernetes Service
+    value:
+      # This service template essentially tags the nodes that we want
+      # as workers. The actual installation is performed in
+      # kubernetes-master service template.
+      service_name: kubernetes_worker
+      config_settings: {}
+      upgrade_tasks: []
+      step_config: ''
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@ -136,6 +136,8 @@ resource_registry:
  OS::TripleO::Services::HeatApiCloudwatch: puppet/services/disabled/heat-api-cloudwatch-disabled.yaml
  OS::TripleO::Services::HeatEngine: puppet/services/heat-engine.yaml
  OS::TripleO::Services::Kernel: puppet/services/kernel.yaml
+  OS::TripleO::Services::Kubernetes::Master: extraconfig/services/kubernetes-master.yaml
+  OS::TripleO::Services::Kubernetes::Worker: extraconfig/services/kubernetes-worker.yaml
  OS::TripleO::Services::MySQL: puppet/services/database/mysql.yaml
  OS::TripleO::Services::NeutronBgpVpnApi: OS::Heat::None
  OS::TripleO::Services::NeutronBgpVpnBagpipe: OS::Heat::None