Ansible bootstrap deployment

This commit supports host config operations that require grub update, improves robustness and addresses validation and config issues related to unified docker registry. Tests performed: - Bootstrap with default docker registries and vswitch type in AIOSX and Standard (2+2) - Bootstrap with ovs-dpdk vswitch configured in AIOSX - Bootstrap with insecure unified docker registry in AIOSX Story: 2004695 Task: 29686 Task: 30836 Change-Id: I9fe72b87ea2edec0195f3fc0c2db4cb3bc008900 Signed-off-by: Tee Ngo <tee.ngo@windriver.com>
2019-05-07 16:51:51 -04:00
parent 3f5322edca
commit a4693fa1ef
7 changed files with 41 additions and 14 deletions
--- a/playbookconfig/playbookconfig/playbooks/bootstrap/host_vars/default.yml
+++ b/playbookconfig/playbookconfig/playbooks/bootstrap/host_vars/default.yml
@@ -132,4 +132,4 @@ admin_password: St8rlingX*
 #
 # Default directory where user override file(s) can be found
 #
-override_files_dir: "/home/{{ lookup('env', 'USER') }}"
+override_files_dir: "{{ lookup('env', 'HOME') }}"
--- a/playbookconfig/playbookconfig/playbooks/bootstrap/roles/apply-bootstrap-manifest/tasks/main.yml
+++ b/playbookconfig/playbookconfig/playbooks/bootstrap/roles/apply-bootstrap-manifest/tasks/main.yml
@@ -37,7 +37,9 @@
    INITIAL_CONFIG_PRIMARY: "true"

 - debug: var=bootstrap_manifest
- fail:
+
+- name: Fail if puppet manifest apply script returns an error
+  fail:
    msg: >-
         Failed to apply bootstrap manifest. See /var/log/puppet/latest/puppet.log
         for details.
--- a/playbookconfig/playbookconfig/playbooks/bootstrap/roles/bringup-essential-services/tasks/bringup_kubemaster.yml
+++ b/playbookconfig/playbookconfig/playbooks/bootstrap/roles/bringup-essential-services/tasks/bringup_kubemaster.yml
@@ -32,11 +32,34 @@
    - net.bridge.bridge-nf-call-ip6tables = 1
    - net.bridge.bridge-nf-call-iptables = 1

- name: Set image repository to unified registry for kubelet
-  lineinfile:
-    path: /etc/sysconfig/kubelet
-    line: KUBELET_EXTRA_ARGS=--pod-infra-container-image={{ docker_registries[0] }}/pause:3.1
-    create: yes
+- block:
+  - name: Set image repository to unified registry for kubelet
+    lineinfile:
+      path: /etc/sysconfig/kubelet
+      line: KUBELET_EXTRA_ARGS=--pod-infra-container-image=$DOCKER_REGISTRY_IP/pause:3.1
+      create: yes
+
+  - block:
+    - name: Create daemon.json file for insecure registry
+      copy:
+        src: "{{ insecure_docker_registry_template }}"
+        dest: /etc/docker/daemon.json
+        remote_src: yes
+        mode: 0644
+
+    - name: Update daemon.json with registry IP
+      command: "sed -i -e 's|<%= @insecure_registries %>|'$DOCKER_REGISTRY_IP'|g' /etc/docker/daemon.json"
+      args:
+        warn: false
+
+    - name: Restart docker
+      systemd:
+        name: docker
+        state: restarted
+    when: not is_secure_registry
+
+  environment:
+    DOCKER_REGISTRY_IP: "{{ docker_registries[0] }}"
  when: use_unified_registry

 - name: Update kernel parameters for iptables
--- a/playbookconfig/playbookconfig/playbooks/bootstrap/roles/bringup-essential-services/tasks/setup_registry_certificate_and_keys.yml
+++ b/playbookconfig/playbookconfig/playbooks/bootstrap/roles/bringup-essential-services/tasks/setup_registry_certificate_and_keys.yml
@@ -21,7 +21,7 @@
  environment:
    DOCKER_REGISTRY_IP: "{{ controller_floating_address }}"

- name: Generate certifcate and key files
+- name: Generate certificate and key files
  command: >-
    openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout {{ registry_cert_key }}
    -out {{ registry_cert_crt }} -config {{ cert_cnf_file }}
@@ -43,7 +43,7 @@
    - "{{ registry_cert_crt }}"
    - "{{ registry_cert_pkcs1_key }}"

- name: Copy certifcate and keys to shared filesystem for mate
+- name: Copy certificate and keys to shared filesystem for mate
  copy:
    src: "{{ item }}"
    dest: "{{ config_permdir }}"
--- a/playbookconfig/playbookconfig/playbooks/bootstrap/roles/bringup-essential-services/vars/main.yml
+++ b/playbookconfig/playbookconfig/playbooks/bootstrap/roles/bringup-essential-services/vars/main.yml
@@ -10,6 +10,7 @@ kubelet_pmond_template: /usr/share/puppet/modules/platform/templates/kubelet-pmo
 lighttpd_conf_template: /usr/share/puppet/modules/openstack/templates/lighttpd.conf.erb
 lighttpd_inc_conf_template: /usr/share/puppet/modules/openstack/templates/lighttpd-inc.conf.erb
 cert_cnf_template: /usr/share/puppet/modules/platform/templates/registry-cert-extfile.erb
+insecure_docker_registry_template: /usr/share/puppet/modules/platform/templates/insecuredockerregistry.conf.erb
 cert_cnf_file: /etc/ssl/private/registry-cert-extfile.cnf
 registry_cert_key: /etc/ssl/private/registry-cert.key
 registry_cert_crt: /etc/ssl/private/registry-cert.crt
--- a/playbookconfig/playbookconfig/playbooks/bootstrap/roles/validate-config/tasks/main.yml
+++ b/playbookconfig/playbookconfig/playbooks/bootstrap/roles/validate-config/tasks/main.yml
@@ -140,7 +140,7 @@
  - name: Fail if address allocation is misconfigured
    fail:
      msg: "dynamic_address_allocation is misconfigured. Valid value is either 'True' or 'False'."
-    when: not dynamic_address_allocation | bool
+    when: not dynamic_address_allocation | type_debug == 'bool'

  # The provided subnets have passed validation, set the default addresses
  # based on the subnet values
@@ -217,7 +217,7 @@
      controller_pxeboot_floating_address: "{{ (pxeboot_subnet | ipaddr(2)).split('/')[0] if pxeboot_start_address == 'derived' else  pxeboot_start_address }}"
      cluster_floating_address: "{{ (cluster_host_subnet | ipaddr(2)).split('/')[0] if cluster_host_start_address == 'derived' else cluster_host_start_address }}"

-  - name: Set derived facts for subsequent roles
+  - name: Set derived facts for subsequent tasks/roles
    set_fact:
      derived_network_params:
        'management_interface': lo
@@ -243,6 +243,7 @@
      controller_0_cluster_host: "{{ cluster_floating_address|ipmath(1) }}"
      controller_1_cluster_host: "{{ cluster_floating_address|ipmath(2) }}"

+
 # Docker config validation
 - block:
  - set_fact:
@@ -301,7 +302,7 @@
      fail:
        msg: "is_secure_registry is misconfigured. Valid value is either 'True' or 'False'."
      when: (is_secure_registry is defined) and
-            (not is_secure_registry | bool)
+            (not is_secure_registry |type_debug == 'bool')

    - name: Default the unified registry to secure if not specified
      set_fact:
--- a/playbookconfig/playbookconfig/playbooks/bootstrap/roles/validate-config/tasks/validate_address.yml
+++ b/playbookconfig/playbookconfig/playbooks/bootstrap/roles/validate-config/tasks/validate_address.yml
@@ -13,8 +13,8 @@
    script_content: |
      # Use this utility to be consistent with the current config_controller
      # though the underlying regex used is not flexible.
-      from controllerconfig.utils import is_valid_domain
-      if not is_valid_domain( "{{ input_address }}" ):
+      from controllerconfig.utils import is_valid_domain_or_ip
+      if not is_valid_domain_or_ip( "{{ input_address }}" ):
        raise Exception("Invalid domain name!")
  shell: "{{ script_content }}"
  args: