Ansible bootstrap deployment

This commit includes the porting of relevant changes for story 2004762 (Container pinning on worker nodes and All-in-one servers) to bootstrap playbook as well as a few fixes for remote playbook replay. Tests performed: - remote and local play and replay Story: 2004762 Task: 29686 Task: 29687 Change-Id: I04af51d9d0e0ea7e09d144accff41390fe67d668 Signed-off-by: Tee Ngo <tee.ngo@windriver.com>
2019-04-26 10:19:22 -04:00
parent ac554af3fd
commit ee2a6b71b3
11 changed files with 128 additions and 63 deletions
--- a/playbookconfig/playbookconfig/playbooks/bootstrap/roles/bringup-essential-services/tasks/bringup_helm.yml
+++ b/playbookconfig/playbookconfig/playbooks/bootstrap/roles/bringup-essential-services/tasks/bringup_helm.yml
@@ -138,8 +138,8 @@
    HOME: /home/wrsroot
  when: inventory_hostname == 'localhost'

-# Not sure why Helm init task above cannot be executed successfully as wrsroot on
-# remote host
+# Workaround for helm init remotely. Not sure why the task cannot be executed
+# successfully as wrsroot on remote host.
 - block:
  - name: Initialize Helm (remote host)
    command: >-
@@ -175,13 +175,21 @@
    HOME: /home/wrsroot
  when: inventory_hostname == 'localhost'

-# Workaround for helm repo add in remote host
-# TODO(tngo): Fix files ownership
- name: Add StarlingX Helm repo (remote host)
-  command: helm repo add starlingx http://127.0.0.1/helm_charts
-  environment:
-    KUBECONFIG: /etc/kubernetes/admin.conf
-    HOME: /home/wrsroot
+# Workaround for helm repo add remotely
+- block:
+  - name: Add StarlingX Helm repo (remote host)
+    command: helm repo add starlingx http://127.0.0.1/helm_charts
+    environment:
+      KUBECONFIG: /etc/kubernetes/admin.conf
+      HOME: /home/wrsroot
+
+  - name: Change helm directory ownership to pick up newly generated files (remote host)
+    file:
+      dest: /home/wrsroot/.helm
+      owner: wrsroot
+      group: wrs
+      mode: 0755
+      recurse: yes
  when: inventory_hostname != 'localhost'

 - name: Stop lighttpd
--- a/playbookconfig/playbookconfig/playbooks/bootstrap/roles/bringup-essential-services/tasks/bringup_kubemaster.yml
+++ b/playbookconfig/playbookconfig/playbooks/bootstrap/roles/bringup-essential-services/tasks/bringup_kubemaster.yml
@@ -8,6 +8,7 @@
 #   Bring up Kubernetes master
 #   - Update iptables
 #   - Create manifest directory
+#   - Set up pods cgroups for minimal set of controllers
 #   - Enable kubelet service (with default/custom registry)
 #   - Run kubeadm init
 #   - Prepare admin.conf
@@ -47,6 +48,43 @@
    state: directory
    mode: 0700

+- name: Create kubelet cgroup for minimal set
+  file:
+    path: "{{ cgroup_root }}/{{ item }}/{{ k8s_cgroup_name }}"
+    state: directory
+    recurse: yes
+    owner: root
+    group: root
+    mode: 0700
+  with_items:
+    - cpuset
+    - cpu
+    - cpuacct
+    - memory
+    - systemd
+
+- name: Get default k8s cpuset
+  command: cat /sys/devices/system/cpu/online
+  register: k8s_cpuset
+
+- name: Get default k8s nodeset
+  command: cat /sys/devices/system/node/online
+  register: k8s_nodeset
+
+- name: Set mems for cpuset controller
+  shell: "echo {{ k8s_nodeset.stdout_lines[0] }} > {{ cgroup_root }}/cpuset/{{ k8s_cgroup_name }}/cpuset.mems || :"
+
+- name: Set cpus for cpuset controller
+  shell: "echo {{ k8s_cpuset.stdout_lines[0] }} > {{ cgroup_root }}/cpuset/{{ k8s_cgroup_name }}/cpuset.cpus || :"
+
+- name: Create a tasks file for cpuset controller
+  file:
+    path: "{{ cgroup_root }}/cpuset/{{ k8s_cgroup_name }}/tasks"
+    state: touch
+    owner: root
+    group: root
+    mode: 0644
+
 - name: Enable kubelet
  systemd:
    name: kubelet
--- a/playbookconfig/playbookconfig/playbooks/bootstrap/roles/bringup-essential-services/tasks/main.yml
+++ b/playbookconfig/playbookconfig/playbooks/bootstrap/roles/bringup-essential-services/tasks/main.yml
@@ -21,7 +21,7 @@
      mgmt_nfs_2_virtual: "{{ derived_network_params.nfs_management_address_2 }}/{{ management_subnet_prefix }}"

  - name: Add loopback interface
-   # Had to resort to shell module as source is an internal shell command
+    # Had to resort to shell module as source is an internal shell command
    shell: "{{ item }}"
    with_items:
      - source /etc/platform/openrc; system host-if-add controller-0 lo virtual none lo -c platform --networks mgmt -m 1500
@@ -73,13 +73,13 @@
 - block:
  - name: Remove config file from previous play
    file:
-      path: /tmp/last_bootstrap_config.yml
+      path: "{{ last_bootstrap_config_file }}"
      state: absent

  - name: Save the current system and network config for reference in subsequent replays
    lineinfile:
      # This file should be cleared upon host reboot
-      path: /tmp/last_bootstrap_config.yml
+      path: "{{ last_bootstrap_config_file }}"
      line: "{{ item }}"
      create: yes
    with_items:
--- a/playbookconfig/playbookconfig/playbooks/bootstrap/roles/bringup-essential-services/vars/main.yml
+++ b/playbookconfig/playbookconfig/playbooks/bootstrap/roles/bringup-essential-services/vars/main.yml
@@ -15,3 +15,5 @@ registry_cert_key: /etc/ssl/private/registry-cert.key
 registry_cert_crt: /etc/ssl/private/registry-cert.crt
 registry_cert_pkcs1_key: /etc/ssl/private/registry-cert-pkcs1.key
 docker_cert_dir: /etc/docker/certs.d
+cgroup_root: /sys/fs/cgroup
+k8s_cgroup_name: k8s-infra