From: Fatih Degirmenci Date: Mon, 11 May 2020 20:28:26 +0000 (+0000) Subject: Plug packaging into stack X-Git-Url: https://gerrit.nordix.org/gitweb?p=infra%2Fstack%2Fkubernetes.git;a=commitdiff_plain;h=17c430a59810a53b365b566fb905292ade8a005e Plug packaging into stack Change-Id: Ie1621374f6f4dd5fe6eeea681428d0fd4bd096ab --- diff --git a/package.sh b/package.sh new file mode 100755 index 0000000..197f1f2 --- /dev/null +++ b/package.sh @@ -0,0 +1,38 @@ +#!/bin/bash +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +set -o errexit +set -o nounset +set -o pipefail + +#------------------------------------------------------------------------------- +# Start packaging process +#------------------------------------------------------------------------------- +echo "Info : Start packaging process" +echo "-------------------------------------------------------------------------" +cd "${ENGINE_PATH}" +ansible-playbook "${ENGINE_ANSIBLE_PARAMS[@]}" \ + -i "${ENGINE_PATH}/engine/inventory/localhost.ini" \ + engine/stack/kubernetes/playbooks/package.yaml +echo "-------------------------------------------------------------------------" +echo +echo "Info : Packaging is done!" +echo " You can take $OFFLINE_INSTALLER_FILE and use it for offline deployment!" + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/package.yaml b/playbooks/package.yaml new file mode 100644 index 0000000..2d5f5b4 --- /dev/null +++ b/playbooks/package.yaml @@ -0,0 +1,26 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- hosts: localhost + connection: local + gather_facts: true + become: false + + roles: + - role: package diff --git a/playbooks/roles/bootstrap-swconfig/tasks/main.yaml b/playbooks/roles/bootstrap-swconfig/tasks/main.yaml index 60c6edd..46db541 100644 --- a/playbooks/roles/bootstrap-swconfig/tasks/main.yaml +++ b/playbooks/roles/bootstrap-swconfig/tasks/main.yaml @@ -83,7 +83,7 @@ include_vars: "{{ deployment_vars_file }}" # NOTE (fdegir): Prepare provisioner and installer -- name: Prepare provisioner and installer for '{{ execution_mode }}' +- name: Prepare provisioner and installer for {{ execution_mode }} include_tasks: "configure-{{ execution_mode }}.yaml" # vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/defaults/main.yaml b/playbooks/roles/package/defaults/main.yaml new file mode 100644 index 0000000..a888ec1 --- /dev/null +++ b/playbooks/roles/package/defaults/main.yaml @@ -0,0 +1,228 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +# locations of the packaged dependencies +pkg_folder: "{{ offline_pkg_folder }}/pkg" +dib_folder: "{{ offline_pkg_folder }}/dib" +git_folder: "{{ offline_pkg_folder }}/git" +binaries_folder: "{{ offline_pkg_folder }}/binaries" +containers_folder: "{{ offline_pkg_folder }}/containers" +pip_folder: "{{ offline_pkg_folder }}/pip" + +helm_download_url: "https://get.helm.sh/helm-{{ helm_version }}-linux-amd64.tar.gz" + +# some images require architecture +image_arch: amd64 + +dib_images: + - https://artifactory.nordix.org/artifactory/cloud-infra/dib/deployment_image/ubuntu1804/deployment_image.qcow2 + - https://artifactory.nordix.org/artifactory/cloud-infra/dib/ipa_image/coreos/ipa.initramfs + - https://artifactory.nordix.org/artifactory/cloud-infra/dib/ipa_image/coreos/ipa.kernel + +k8s_binaries: + - calicoctl + - cni + - kubeadm + - kubectl + - kubelet + +k8s_misc_images: + - addon_resizer + - calico_cni + - calico_node + - calico_policy + - coredns + - dashboard + - dnsautoscaler + - etcd + - flannel + - flannel_cni + - helm + - metrics_server + - multus + - nginx + - nodelocaldns + - pod_infra + - registry_proxy + - tiller + - weave_kube + - weave_npc + +other_images: + # ceph + ceph: + repo: ceph/ceph + tag: "{{ ceph_version }}" + cephcsi: + repo: quay.io/cephcsi/cephcsi + tag: "{{ cephcsi_version }}" + csi-attacher: + repo: quay.io/k8scsi/csi-attacher + tag: "{{ csi_attacher_version }}" + csi-node-driver-registrar: + repo: quay.io/k8scsi/csi-node-driver-registrar + tag: "{{ csi_node_driver_registrar_version }}" + csi-provisioner: + repo: quay.io/k8scsi/csi-provisioner + tag: "{{ csi_provisioner_version }}" + csi-snapshotter: + repo: quay.io/k8scsi/csi-snapshotter + tag: "{{ csi_snapshotter_version }}" + rook: + repo: rook/ceph + tag: "{{ rook_version }}" + # prometheus + prom-alertmanager: + repo: docker.io/prom/alertmanager + tag: "{{ prom_alertmanager_version }}" + prom-node-exporter: + repo: docker.io/prom/node-exporter + tag: "{{ prom_node_exporter_version }}" + prom-prometheus: + repo: docker.io/prom/prometheus + tag: "{{ prom_prometheus_version }}" + prom-pushgateway: + repo: docker.io/prom/pushgateway + tag: "{{ prom_push_gateway_version }}" + # docker + docker-registry: + repo: docker.io/registry + tag: "{{ docker_registry_version }}" + # other - we don't know where this comes from + configmap-reload: + repo: docker.io/jimmidyson/configmap-reload + tag: "{{ configmap_reload_version }}" + kube-state-metrics: + repo: quay.io/coreos/kube-state-metrics + tag: "{{ kube_state_metrics_version }}" + +repositories: + # NOTE (fdegir): OpenDev Git Repositories - Using Nordix Mirrors + bifrost: + repo: "https://gerrit.nordix.org/opendev/openstack/bifrost" + dest: "bifrost" + version: "{{ bifrost_version }}" + diskimage-builder: + repo: "https://gerrit.nordix.org/opendev/openstack/diskimage-builder" + dest: "diskimage-builder" + version: "{{ diskimage_builder_version }}" + ironic: + repo: "https://gerrit.nordix.org/opendev/openstack/ironic" + dest: "ironic" + version: "{{ ironic_version }}" + ironic-inspector: + repo: "https://gerrit.nordix.org/opendev/openstack/ironic-inspector" + dest: "ironic-inspector" + version: "{{ ironic_inspector_version }}" + ironic-python-agent: + repo: "https://gerrit.nordix.org/opendev/openstack/ironic-python-agent" + dest: "ironic-python-agent" + version: "{{ ironic_python_agent_version }}" + ironic-python-agent-builder: + repo: "https://gerrit.nordix.org/opendev/openstack/ironic-python-agent-builder" + dest: "ironic-python-agent-builder" + version: "{{ ironic_python_agent_builder_version }}" + ironic-staging-drivers: + repo: "https://gerrit.nordix.org/opendev/x/ironic-staging-drivers" + dest: "ironic-staging-drivers" + version: "{{ ironic_staging_drivers_version }}" + keystone: + repo: "https://gerrit.nordix.org/opendev/openstack/keystone" + dest: "keystone" + version: "{{ keystone_version }}" + openstacksdk: + repo: "https://gerrit.nordix.org/opendev/openstack/openstacksdk" + dest: "openstacksdk" + version: "{{ openstacksdk_version }}" + python-ironicclient: + repo: "https://gerrit.nordix.org/opendev/openstack/python-ironicclient" + dest: "python-ironicclient" + version: "{{ python_ironicclient_version }}" + python-ironic-inspector-client: + repo: "https://gerrit.nordix.org/opendev/openstack/python-ironic-inspector-client" + dest: "python-ironic-inspector-client" + version: "{{ python_ironic_inspector_client_version }}" + requirements: + repo: "https://gerrit.nordix.org/opendev/openstack/requirements" + dest: "requirements" + version: "{{ requirements_version }}" + shade: + repo: "https://gerrit.nordix.org/opendev/openstack/shade" + dest: "shade" + version: "{{ shade_version }}" + sushy: + repo: "https://gerrit.nordix.org/opendev/openstack/sushy" + dest: "sushy" + version: "{{ sushy_version }}" + # NOTE (fdegir): Kubespray and Helm Git Repositories + charts: + repo: "https://github.com/helm/charts.git" + dest: "charts" + version: "{{ charts_version }}" + kubespray: + repo: "https://github.com/kubernetes-sigs/kubespray.git" + dest: "kubespray" + version: "{{ kubespray_version }}" + # NOTE (fdegir): Nordix Git Repositories + engine: + repo: "https://gerrit.nordix.org/infra/engine.git" + dest: "engine" + version: "{{ lookup('env', 'NORDIX_ENGINE_VERSION') | default('master', true) }}" + refspec: "{{ lookup('env', 'NORDIX_ENGINE_REFSPEC') | default(omit) }}" + hwconfig: + repo: "https://gerrit.nordix.org/infra/hwconfig.git" + dest: "hwconfig" + version: "{{ lookup('env', 'NORDIX_HWCONFIG_VERSION') | default('master', true) }}" + refspec: "{{ lookup('env', 'NORDIX_HWCONFIG_REFSPEC') | default(omit) }}" + swconfig: + repo: "https://gerrit.nordix.org/infra/swconfig.git" + dest: "swconfig" + version: "{{ lookup('env', 'NORDIX_SWCONFIG_VERSION') | default('master', true) }}" + refspec: "{{ lookup('env', 'NORDIX_SWCONFIG_REFSPEC') | default(omit) }}" + test: + repo: "https://gerrit.nordix.org/infra/test.git" + dest: "test" + version: "{{ lookup('env', 'NORDIX_TEST_VERSION') | default('master', true) }}" + refspec: "{{ lookup('env', 'NORDIX_TEST_REFSPEC') | default(omit) }}" + # NOTE (fdegir): Engine provisioner and installer repos will be prepended with engine + # in order to prevent name clashes during packaging + # NOTE (fdegir): stack git details are inherited from engine/inventory/group_vars/all/sdf.yaml + engine-kubernetes: + repo: "{{ stacks['kubernetes'].src }}" + dest: "engine-kubernetes" + version: "{{ stacks['kubernetes'].version }}" + refspec: "{{ stacks['kubernetes'].refspec | default(omit) }}" + # NOTE (fdegir): bifrost, heat, and kuberspray git details are inherited from kubernetes/vars/kubernetes.yaml + engine-bifrost: + repo: "{{ provisioners['bifrost'].src }}" + dest: "engine-bifrost" + version: "{{ provisioners['bifrost'].version }}" + refspec: "{{ provisioners['bifrost'].refspec | default(omit) }}" + engine-heat: + repo: "{{ provisioners['heat'].src }}" + dest: "engine-heat" + version: "{{ provisioners['heat'].version }}" + refspec: "{{ provisioners['heat'].refspec | default(omit) }}" + engine-kubespray: + repo: "{{ installers['kubespray'].src }}" + dest: "engine-kubespray" + version: "{{ installers['kubespray'].version }}" + refspec: "{{ installers['kubespray'].refspec | default(omit) }}" + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/files/build.sh b/playbooks/roles/package/files/build.sh new file mode 100755 index 0000000..5308647 --- /dev/null +++ b/playbooks/roles/package/files/build.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +set -o errexit +set -o nounset +set -o pipefail + +export OFFLINE_PKG_FOLDER="${OFFLINE_PKG_FOLDER:-/tmp/offline-package}" +export OFFLINE_PKG_FILE="${OFFLINE_PKG_FILE:-/tmp/offline-package.tgz}" + +# NOTE (fdegir): In order to package and test the change for offline deployment, +# we need to include the change/patch within the package since that is what should +# be used during the deployment phase. +# check if we are running as part of CI verify job +GERRIT_PROJECT="${GERRIT_PROJECT:-}" +if [[ "$GERRIT_PROJECT" == "infra/engine" ]]; then + REPO_GIT_URL="https://gerrit.nordix.org/infra/engine.git" + echo "Info : Running in CI - infra/engine patch will be packaged for testing." + echo " Checking out the change/patch $GERRIT_REFSPEC for $REPO_GIT_URL" + # navigate to the folder and checkout the patch + cd "$OFFLINE_PKG_FOLDER/git/engine" + git fetch "$REPO_GIT_URL" "$GERRIT_REFSPEC" && git checkout FETCH_HEAD +fi + +# compress & archive offline dependencies +tar -C "$OFFLINE_PKG_FOLDER" -czf "$OFFLINE_PKG_FILE" . + +# create self extracting installer +cat /tmp/decompress.sh "$OFFLINE_PKG_FILE" > "$OFFLINE_INSTALLER_FILE" +chmod +x "$OFFLINE_INSTALLER_FILE" + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/files/decompress.sh b/playbooks/roles/package/files/decompress.sh new file mode 100755 index 0000000..25c7570 --- /dev/null +++ b/playbooks/roles/package/files/decompress.sh @@ -0,0 +1,55 @@ +#!/bin/bash +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +set -o errexit +set -o nounset +set -o pipefail + +cat < /dev/null || source /usr/lib/os-release &> /dev/null; echo "${PRETTY_NAME}") +IP : $(hostname -I | cut -d' ' -f1) +#---------------------------------------------------# +Info : Please wait while extracting dependencies. + This might take a while. +#---------------------------------------------------# +EOF + +ENGINE_WORKSPACE=/opt/engine +DESTINATION_FOLDER="$ENGINE_WORKSPACE/offline" +export ENGINE_WORKSPACE DESTINATION_FOLDER + +# NOTE (fdegir): we need to clean things up in order to prevent side effects from leftovers +sudo rm -rf "$ENGINE_WORKSPACE" +sudo mkdir -p "$DESTINATION_FOLDER" +sudo chown -R "$USER":"$USER" "$ENGINE_WORKSPACE" + +ARCHIVE=$(awk '/^__ARCHIVE_BELOW__/ {print NR + 1; exit 0; }' "$0") + +tail -n+"$ARCHIVE" "$0" | tar -xz -C "$DESTINATION_FOLDER" + +cd "$DESTINATION_FOLDER" +./install.sh + +exit 0 +__ARCHIVE_BELOW__ diff --git a/playbooks/roles/package/files/install.sh b/playbooks/roles/package/files/install.sh new file mode 100755 index 0000000..a5c1ccb --- /dev/null +++ b/playbooks/roles/package/files/install.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +# TODO (fdegir): This script could be enhanced to provide full installation functionality +# by parsing arguments and executing actual engine deploy.sh with the arguments but left for later +echo "Info : Dependencies are extracted to $DESTINATION_FOLDER" +echo "Info : Please navigate to $DESTINATION_FOLDER/git/engine/engine folder and issue deployment command" +echo " You can get help about the engine usage by issuing command ./deploy.sh -h" +echo " Do not forget to specify PDF and IDF file locations using -p and -i arguments!" +echo "Info : Done!" + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/tasks/binaries.yaml b/playbooks/roles/package/tasks/binaries.yaml new file mode 100644 index 0000000..f90ac01 --- /dev/null +++ b/playbooks/roles/package/tasks/binaries.yaml @@ -0,0 +1,59 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Create directory to store k8s binaries + file: + path: "{{ binaries_folder }}" + state: "{{ item }}" + with_items: + - absent + - directory + +- name: Set versions of k8s components in Kubespray downloads role + lineinfile: + path: "{{ git_folder }}/kubespray/roles/download/defaults/main.yml" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - {regexp: "^kube_version:.*", line: "kube_version: {{ kubernetes_version }}"} + - {regexp: "^helm_version:.*", line: "helm_version: {{ helm_version }}"} + +# NOTE (fdegir): order of vars files is significant +- name: Include kubespray vars files + include_vars: "{{ item }}" + with_items: + - "{{ git_folder }}/kubespray/roles/kubespray-defaults/defaults/main.yaml" + - "{{ git_folder }}/kubespray/roles/download/defaults/main.yml" + +- name: Download k8s binaries + get_url: + url: "{{ downloads[item].url }}" + dest: "{{ binaries_folder }}/{{ item }}" + mode: 0755 + force: true + loop: "{{ k8s_binaries }}" + +- name: Download helm binary + get_url: + url: "{{ helm_download_url }}" + dest: "{{ binaries_folder }}" + mode: 0755 + force: true + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/tasks/containers.yaml b/playbooks/roles/package/tasks/containers.yaml new file mode 100644 index 0000000..9101950 --- /dev/null +++ b/playbooks/roles/package/tasks/containers.yaml @@ -0,0 +1,145 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Create directory to store container images + file: + path: "{{ containers_folder }}" + state: "{{ item }}" + with_items: + - absent + - directory + +- name: Set versions of k8s components in Kubespray downloads role + lineinfile: + path: "{{ git_folder }}/kubespray/roles/download/defaults/main.yml" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - {regexp: "^kube_version:.*", line: "kube_version: {{ kubernetes_version }}"} + - {regexp: "^helm_version:.*", line: "helm_version: {{ helm_version }}"} + +# NOTE (fdegir): order of vars files is significant +- name: Include kubespray vars files + include_vars: "{{ item }}" + with_items: + - "{{ git_folder }}/kubespray/roles/kubespray-defaults/defaults/main.yaml" + - "{{ git_folder }}/kubespray/roles/download/defaults/main.yml" + +- name: Remove outdated kubeadm-images.yaml file + file: + path: "/tmp/kubeadm-images.yaml" + state: absent + +- name: Generate kubeadm-images.yaml to fetch container images + template: + src: "kubeadm-images.yaml.j2" + dest: "/tmp/kubeadm-images.yaml" + force: true + +# NOTE (fdegir): the tasks below are taken from kubespray/roles/download/tasks/prep_kubeadm_images.yml +- name: Get list of kubeadm images + shell: | + set -o pipefail + {{ binaries_folder }}/kubeadm config images list --config=/tmp/kubeadm-images.yaml | grep -v coredns + args: + executable: /bin/bash + register: kubeadm_images_raw + run_once: true + changed_when: false + +- name: Parse list of kubeadm images + vars: + kubeadm_images_list: "{{ kubeadm_images_raw.stdout_lines }}" + set_fact: + kubeadm_image: + key: "kubeadm_{{ (item | regex_replace('^(?:.*\\/)*','')).split(':')[0] }}" + value: + enabled: true + container: true + repo: "{{ item | regex_replace('^(.*):.*$','\\1') }}" + tag: "{{ item | regex_replace('^.*:(.*)$','\\1') }}" + loop: "{{ kubeadm_images_list | flatten(levels=1) }}" + register: kubeadm_images_cooked + run_once: true + +- name: Convert list of kubeadm images to dict + set_fact: + kubeadm_images: "{{ kubeadm_images_cooked.results | map(attribute='ansible_facts.kubeadm_image') | list | items2dict }}" + run_once: true + +# NOTE (fdegir): docker_image module doesn't seem to respect become so falling back to command module +- name: Pull kubeadm container images + command: "docker pull {{ kubeadm_images[item.key].repo }}:{{ kubeadm_images[item.key].tag }}" + with_dict: "{{ kubeadm_images }}" + become: true + changed_when: false + +- name: Pull misc container images + command: "docker pull {{ downloads[item].repo }}:{{ downloads[item].tag }}" + loop: "{{ k8s_misc_images }}" + become: true + changed_when: false + +- name: Pull other container images + command: "docker pull {{ other_images[item.key].repo }}:{{ other_images[item.key].tag }}" + with_dict: "{{ other_images }}" + become: true + changed_when: false + +# save container images +- name: Save kubeadm container images + command: |- + docker save {{ kubeadm_images[item.key].repo }}:{{ kubeadm_images[item.key].tag }} + -o {{ kubeadm_images[item.key].repo | replace('/', '_') }}_{{ kubeadm_images[item.key].tag }}.tar + with_dict: "{{ kubeadm_images }}" + args: + chdir: "{{ containers_folder }}" + become: true + changed_when: false + +- name: Save misc container images + command: |- + docker save {{ downloads[item].repo }}:{{ downloads[item].tag }} + -o {{ downloads[item].repo }} -o {{ downloads[item].repo | replace('/', '_') }}_{{ downloads[item].tag }}.tar + loop: "{{ k8s_misc_images }}" + args: + chdir: "{{ containers_folder }}" + become: true + changed_when: false + +- name: Save other container images + command: |- + docker save {{ other_images[item.key].repo }}:{{ other_images[item.key].tag }} + -o {{ other_images[item.key].repo | replace('/', '_') }}_{{ other_images[item.key].tag }}.tar + with_dict: "{{ other_images }}" + args: + chdir: "{{ containers_folder }}" + become: true + changed_when: false + +# NOTE (fdegir): archive fails due to wrong permissions so we fix them +- name: Fix container image permissions + file: + path: "{{ containers_folder }}" + state: directory + recurse: true + mode: 0755 + become: true + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/tasks/dib.yaml b/playbooks/roles/package/tasks/dib.yaml new file mode 100644 index 0000000..887977b --- /dev/null +++ b/playbooks/roles/package/tasks/dib.yaml @@ -0,0 +1,35 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Create directory to store images used for provisioning + file: + path: "{{ dib_folder }}" + state: "{{ item }}" + with_items: + - absent + - directory + +- name: Download distro images used for provisioning nodes + get_url: + url: "{{ item }}" + dest: "{{ dib_folder }}" + force: true + loop: "{{ dib_images }}" + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/tasks/git.yaml b/playbooks/roles/package/tasks/git.yaml new file mode 100644 index 0000000..60ddff8 --- /dev/null +++ b/playbooks/roles/package/tasks/git.yaml @@ -0,0 +1,41 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Create directory to store git repositories + file: + path: "{{ git_folder }}" + state: "{{ item }}" + with_items: + - absent + - directory + +- name: Clone repositories + git: + repo: "{{ repositories[item.key].repo }}" + dest: "{{ git_folder }}/{{ repositories[item.key].dest }}" + version: "{{ repositories[item.key].version }}" + refspec: "{{ repositories[item.key].refspec | default(omit) }}" + force: true + with_dict: "{{ repositories }}" + environment: + http_proxy: "{{ lookup('env','http_proxy') }}" + https_proxy: "{{ lookup('env','https_proxy') }}" + no_proxy: "{{ lookup('env','no_proxy') }}" + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/tasks/install-packages-Debian.yml b/playbooks/roles/package/tasks/install-packages-Debian.yml new file mode 100644 index 0000000..b69f4bd --- /dev/null +++ b/playbooks/roles/package/tasks/install-packages-Debian.yml @@ -0,0 +1,61 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Load distribution variables + include_vars: '{{ ansible_os_family }}.yaml' + +- name: Add docker apt key + apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + state: present + become: true + +# NOTE(fdegir): ansible apt_repository gives segmentation fault so failling back to command +- name: Add docker apt repository + command: |- + add-apt-repository \ + "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" + changed_when: false + become: true + +- name: Run apt update + apt: + update_cache: true + become: true + +- name: Install packages + apt: + name: "{{ packages }}" + state: "{{ item }}" + force: true + install_recommends: true + autoremove: true + update_cache: true + with_items: + - absent + - present + become: true + +- name: Restart docker service + service: + name: "{{ docker_service_name }}" + state: restarted + become: true + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/tasks/main.yaml b/playbooks/roles/package/tasks/main.yaml new file mode 100644 index 0000000..a1296b1 --- /dev/null +++ b/playbooks/roles/package/tasks/main.yaml @@ -0,0 +1,87 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Prepare packaging + include_tasks: prepare-packaging.yaml + +- name: Create folder to store dependencies for offline deployment + file: + path: "{{ offline_pkg_folder }}" + state: "{{ item }}" + with_items: + - absent + - directory + +- name: Install packages on {{ ansible_os_family }} + include_tasks: "install-packages-{{ ansible_os_family }}.yml" + +# TODO (fdegir): we need to switch to build with dib here +- name: Fetch operating system images for provisioning + include_tasks: dib.yaml + +# collect apt packages +- name: Fetch operating system packages + include_tasks: "pkg-{{ ansible_os_family }}.yaml" + +# clone git repositories +- name: Fetch git repositories + include_tasks: git.yaml + +# download binaries +- name: Fetch binaries + include_tasks: binaries.yaml + +# download pip packages +- name: Fetch pip python packages + include_tasks: pip.yaml + +# fetch k8s container images +- name: Fetch container images + include_tasks: containers.yaml + +# ensure we don't have leftovers +- name: Delete outdated files + file: + path: "{{ item }}" + state: absent + with_items: + - "{{ offline_pkg_file }}" + - "{{ offline_pkg_folder }}/install.sh" + - "{{ offline_installer_file }}" + - "/tmp/decompress.sh" + +- name: Copy decompress and install scripts + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0755 + with_items: + - {src: "install.sh", dest: "{{ offline_pkg_folder }}/install.sh"} + - {src: "decompress.sh", dest: "/tmp/decompress.sh"} + +# create tarball +- name: Create engine installer file + script: build.sh + register: build_script + +- name: Log build script output to console + debug: + msg: "{{ build_script.stdout_lines }}" + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/tasks/pip.yaml b/playbooks/roles/package/tasks/pip.yaml new file mode 100644 index 0000000..a4a4642 --- /dev/null +++ b/playbooks/roles/package/tasks/pip.yaml @@ -0,0 +1,40 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Create directory to store pip packages + file: + path: "{{ pip_folder }}" + state: "{{ item }}" + with_items: + - absent + - directory + +- name: Download pip packages using requirements.txt file + command: "pip download -r {{ engine_path }}/requirements.txt --no-cache" + changed_when: false + args: + chdir: "{{ pip_folder }}" + +- name: Copy pip.conf + template: + src: pip.conf.j2 + dest: "{{ pip_folder }}/pip.conf" + force: true + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/tasks/pkg-Debian.yaml b/playbooks/roles/package/tasks/pkg-Debian.yaml new file mode 100644 index 0000000..f844bf9 --- /dev/null +++ b/playbooks/roles/package/tasks/pkg-Debian.yaml @@ -0,0 +1,53 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Create directory to store apt packages + file: + path: "{{ pkg_folder }}/amd64" + state: "{{ item }}" + with_items: + - absent + - directory + +# NOTE (fdegir): docker version is taken and updated from engine versions file +- name: Generate ubuntu.list file from template + template: + src: ubuntu.list.j2 + dest: /tmp/ubuntu.list + force: true + +- name: Download apt packages using ubuntu.list file + shell: | + set -o pipefail + apt download $(grep -vE "^\s*#" /tmp/ubuntu.list | tr "\n" " ") + changed_when: false + args: + executable: /bin/bash + chdir: "{{ pkg_folder }}/amd64" + +- name: Generate Packages.gz file for apt packages + shell: | + set -o pipefail + dpkg-scanpackages amd64 | gzip -9c > amd64/Packages.gz + args: + executable: /bin/bash + creates: "{{ pkg_folder }}/amd64/Packages.gz" + chdir: "{{ pkg_folder }}" + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/tasks/prepare-packaging.yaml b/playbooks/roles/package/tasks/prepare-packaging.yaml new file mode 100644 index 0000000..48428e3 --- /dev/null +++ b/playbooks/roles/package/tasks/prepare-packaging.yaml @@ -0,0 +1,82 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Ensure provisioner and installer folders exist and empty + file: + path: "{{ engine_path }}/engine/{{ item.path}}" + state: "{{ item.state }}" + with_items: + - {path: "{{ engine_path }}/engine/provisioner", state: absent} + - {path: "{{ engine_path }}/engine/provisioner", state: directory} + - {path: "{{ engine_path }}/engine/installer", state: absent} + - {path: "{{ engine_path }}/engine/installer", state: directory} + +- name: Clone engine provisioner repositories + git: + repo: "{{ provisioners[provisioner.key].src }}" + dest: "{{ engine_path }}/engine/provisioner/{{ provisioner.key }}" + version: "{{ provisioners[provisioner.key].version }}" + refspec: "{{ provisioners[provisioner.key].refspec | default(omit) }}" + force: true + with_dict: "{{ provisioners }}" + loop_control: + loop_var: provisioner + environment: + http_proxy: "{{ lookup('env','http_proxy') }}" + https_proxy: "{{ lookup('env','https_proxy') }}" + no_proxy: "{{ lookup('env','no_proxy') }}" + +- name: Copy engine provisioner vars file into group_vars + copy: + src: "{{ engine_path }}/engine/provisioner/{{ provisioner.key }}/vars/{{ provisioner.key }}.yaml" + dest: "{{ engine_path }}/engine/inventory/group_vars/all/{{ provisioner.key }}.yaml" + force: true + with_dict: "{{ provisioners }}" + loop_control: + loop_var: provisioner + +- name: Clone engine installer repositories + git: + repo: "{{ installers[installer.key].src }}" + dest: "{{ engine_path }}/engine/installer/{{ installer.key }}" + version: "{{ installers[installer.key].version }}" + refspec: "{{ installers[installer.key].refspec | default(omit) }}" + force: true + with_dict: "{{ installers }}" + loop_control: + loop_var: installer + environment: + http_proxy: "{{ lookup('env','http_proxy') }}" + https_proxy: "{{ lookup('env','https_proxy') }}" + no_proxy: "{{ lookup('env','no_proxy') }}" + +- name: Copy engine installer vars file into group_vars + copy: + src: "{{ engine_path }}/engine/installer/{{ installer.key }}/vars/{{ installer.key }}.yaml" + dest: "{{ engine_path }}/engine/inventory/group_vars/all/{{ installer.key }}.yaml" + force: true + with_dict: "{{ installers }}" + loop_control: + loop_var: installer + +- name: Include vars from collected provisioners and installers vars files + include_vars: + dir: "{{ engine_path }}/engine/inventory/group_vars/all" + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/templates/kubeadm-images.yaml.j2 b/playbooks/roles/package/templates/kubeadm-images.yaml.j2 new file mode 100644 index 0000000..cc4f212 --- /dev/null +++ b/playbooks/roles/package/templates/kubeadm-images.yaml.j2 @@ -0,0 +1,13 @@ +apiVersion: kubeadm.k8s.io/v1beta1 +kind: InitConfiguration +nodeRegistration: + criSocket: {{ cri_socket }} +--- +apiVersion: kubeadm.k8s.io/v1beta1 +kind: ClusterConfiguration +imageRepository: {{ kube_image_repo }} +kubernetesVersion: {{ kube_version }} +dns: + type: CoreDNS + imageRepository: {{ coredns_image_repo | regex_replace('/coredns$','') }} + imageTag: {{ coredns_image_tag }} diff --git a/playbooks/roles/package/templates/pip.conf.j2 b/playbooks/roles/package/templates/pip.conf.j2 new file mode 100644 index 0000000..9ab40ef --- /dev/null +++ b/playbooks/roles/package/templates/pip.conf.j2 @@ -0,0 +1,4 @@ +[global] +timeout=10 +find-links={{ engine_workspace }}/offline/pip +no-index=yes diff --git a/playbooks/roles/package/templates/ubuntu.list.j2 b/playbooks/roles/package/templates/ubuntu.list.j2 new file mode 100644 index 0000000..7003921 --- /dev/null +++ b/playbooks/roles/package/templates/ubuntu.list.j2 @@ -0,0 +1,859 @@ +accountsservice +acl +acpid +adduser +amd64-microcode +apparmor +apport +apport-symptoms +apt +apt-cacher-ng +apt-transport-https +apt-utils +at +aufs-tools +augeas-lenses +base-files +base-passwd +bash +bash-completion +bc +bcache-tools +bind9-host +binutils +binutils-common:amd64 +binutils-x86-64-linux-gnu +bridge-utils +bsdmainutils +bsdutils +btrfs-progs +btrfs-tools +build-essential +busybox +busybox-initramfs +busybox-static +byobu +bzip2 +ca-certificates +chrony +cloud-guest-utils +cloud-image-utils +cloud-init +cloud-initramfs-copymods +cloud-initramfs-dyn-netconf +cloud-utils +command-not-found +command-not-found-data +conntrack +console-setup +console-setup-linux +coreutils +cpio +cpp +cpp-7 +cpu-checker +crda +cron +cryptsetup +cryptsetup-bin +curl +dash +dbus +dconf-gsettings-backend:amd64 +dconf-service +debconf +debconf-i18n +debianutils +debootstrap +dh-python +diffutils +dirmngr +distro-info-data +dmeventd +dmidecode +dmsetup +dnsmasq +dnsmasq-base +dns-root-data +dnsutils +dosfstools +dpkg +dpkg-dev +e2fsprogs +eatmydata +ebtables +ed +efibootmgr +eject +ethtool +fakeroot +fdisk +file +findutils +fontconfig +fontconfig-config +fonts-dejavu-core +fonts-ubuntu-console +freeipmi-common +friendly-recovery +ftp +fuse +g++ +g++-7 +galera-3 +gawk +gcc +gcc-7 +gcc-7-base:amd64 +gcc-8-base:amd64 +gdisk +genisoimage +geoip-database +gettext-base +gir1.2-glib-2.0:amd64 +gir1.2-harfbuzz-0.0:amd64 +git +git-man +glib-networking:amd64 +glib-networking-common +glib-networking-services +gnupg +gnupg-agent +gnupg-l10n +gnupg-utils +gpg +gpg-agent +gpgconf +gpgsm +gpgv +gpg-wks-client +gpg-wks-server +grep +groff-base +grub2-common +grub-common +grub-efi-amd64 +grub-efi-amd64-bin +grub-efi-amd64-signed +grub-gfxpayload-lists +grub-ipxe +grub-legacy-ec2 +grub-pc +grub-pc-bin +gsettings-desktop-schemas +gstreamer1.0-plugins-base:amd64 +gstreamer1.0-plugins-good:amd64 +gstreamer1.0-x:amd64 +gzip +hdparm +hostname +htop +ibverbs-providers:amd64 +icu-devtools +ifupdown +info +init +initramfs-tools +initramfs-tools-bin +initramfs-tools-core +init-system-helpers +install-info +intel-microcode +ipmitool +iproute2 +ipset +iptables +iputils-ping +iputils-tracepath +ipvsadm +ipxe +ipxe-qemu +ipxe-qemu-256k-compat-efi-roms +irqbalance +isc-dhcp-client +isc-dhcp-common +iso-codes +iucode-tool +iw +javascript-common +kbd +keyboard-configuration +klibc-utils +kmod +kpartx +krb5-locales +landscape-common +language-pack-en +language-pack-en-base +language-selector-common +less +libaa1:amd64 +libaccountsservice0:amd64 +libacl1:amd64 +libaio1:amd64 +libalgorithm-diff-perl +libalgorithm-diff-xs-perl +libalgorithm-merge-perl +libapparmor1:amd64 +libapt-inst2.0:amd64 +libapt-pkg5.0:amd64 +libargon2-0:amd64 +libasan4:amd64 +libasn1-8-heimdal:amd64 +libasound2:amd64 +libasound2-data +libassuan0:amd64 +libasyncns0:amd64 +libatm1:amd64 +libatomic1:amd64 +libattr1:amd64 +libaudit1:amd64 +libaudit-common +libaugeas0:amd64 +libavahi-client3:amd64 +libavahi-common3:amd64 +libavahi-common-data:amd64 +libavc1394-0:amd64 +libbind9-160:amd64 +libbinutils:amd64 +libblkid1:amd64 +libbluetooth3:amd64 +libbrlapi0.6:amd64 +libbsd0:amd64 +libbz2-1.0:amd64 +libc6:amd64 +libc6-dev:amd64 +libcaca0:amd64 +libcacard0:amd64 +libcairo2:amd64 +libcairo-gobject2:amd64 +libcap2:amd64 +libcap2-bin +libcap-ng0:amd64 +libc-bin +libcc1-0:amd64 +libc-dev-bin +libcdparanoia0:amd64 +libcgi-fast-perl +libcgi-pm-perl +libcilkrts5:amd64 +libcom-err2:amd64 +libconfig-inifiles-perl +libcryptsetup12:amd64 +libcurl3-gnutls:amd64 +libcurl4:amd64 +libdatrie1:amd64 +libdb5.3:amd64 +libdbd-mysql-perl +libdbi-perl +libdbus-1-3:amd64 +libdconf1:amd64 +libdebconfclient0:amd64 +libdevmapper1.02.1:amd64 +libdevmapper-event1.02.1:amd64 +libdns1100:amd64 +libdns-export1100 +libdpkg-perl +libdrm2:amd64 +libdrm-common +libdumbnet1:amd64 +libdv4:amd64 +libeatmydata1:amd64 +libedit2:amd64 +libefiboot1:amd64 +libefivar1:amd64 +libelf1:amd64 +libencode-locale-perl +liberror-perl +libestr0:amd64 +libevent-2.1-6:amd64 +libexpat1:amd64 +libexpat1-dev:amd64 +libext2fs2:amd64 +libfakeroot:amd64 +libfastjson4:amd64 +libfcgi-perl +libfdisk1:amd64 +libfdt1:amd64 +libffi6:amd64 +libffi-dev:amd64 +libfile-copy-recursive-perl +libfile-fcntllock-perl +libflac8:amd64 +libfontconfig1:amd64 +libfreeipmi16 +libfreetype6:amd64 +libfribidi0:amd64 +libfuse2:amd64 +libgcc1:amd64 +libgcc-7-dev:amd64 +libgcrypt20:amd64 +libgd3:amd64 +libgdbm5:amd64 +libgdbm-compat4:amd64 +libgdk-pixbuf2.0-0:amd64 +libgdk-pixbuf2.0-bin +libgdk-pixbuf2.0-common +libgeoip1:amd64 +libgirepository-1.0-1:amd64 +libglib2.0-0:amd64 +libglib2.0-bin +libglib2.0-data +libglib2.0-dev:amd64 +libglib2.0-dev-bin +libgmp10:amd64 +libgnutls30:amd64 +libgomp1:amd64 +libgpg-error0:amd64 +libgpm2:amd64 +libgraphite2-3:amd64 +libgraphite2-dev:amd64 +libgssapi3-heimdal:amd64 +libgssapi-krb5-2:amd64 +libgstreamer1.0-0:amd64 +libgstreamer-plugins-base1.0-0:amd64 +libgstreamer-plugins-good1.0-0:amd64 +libgudev-1.0-0:amd64 +libharfbuzz0b:amd64 +libharfbuzz-dev:amd64 +libharfbuzz-gobject0:amd64 +libharfbuzz-icu0:amd64 +libhcrypto4-heimdal:amd64 +libheimbase1-heimdal:amd64 +libheimntlm0-heimdal:amd64 +libhogweed4:amd64 +libhtml-parser-perl +libhtml-tagset-perl +libhtml-template-perl +libhttp-date-perl +libhttp-message-perl +libhx509-5-heimdal:amd64 +libibverbs1:amd64 +libicu60:amd64 +libicu-dev +libicu-le-hb0:amd64 +libicu-le-hb-dev:amd64 +libiculx60:amd64 +libidn11:amd64 +libidn2-0:amd64 +libiec61883-0:amd64 +libio-html-perl +libip4tc0:amd64 +libip6tc0:amd64 +libipset3:amd64 +libiptc0:amd64 +libirs160:amd64 +libisc169:amd64 +libisccc160:amd64 +libisccfg160:amd64 +libisc-export169:amd64 +libiscsi7:amd64 +libisl19:amd64 +libisns0:amd64 +libitm1:amd64 +libjack-jackd2-0:amd64 +libjbig0:amd64 +libjemalloc1 +libjpeg8:amd64 +libjpeg-turbo8:amd64 +libjs-jquery +libjson-c3:amd64 +libjs-sphinxdoc +libjs-underscore +libk5crypto3:amd64 +libkeyutils1:amd64 +libklibc +libkmod2:amd64 +libkrb5-26-heimdal:amd64 +libkrb5-3:amd64 +libkrb5support0:amd64 +libksba8:amd64 +libldap-2.4-2:amd64 +libldap-common +liblocale-gettext-perl +liblsan0:amd64 +libltdl7 +liblvm2app2.2:amd64 +liblvm2cmd2.02:amd64 +liblwp-mediatypes-perl +liblwres160:amd64 +liblxc1 +liblxc-common +liblz4-1:amd64 +liblzma5:amd64 +liblzo2-2:amd64 +libmagic1:amd64 +libmagic-mgc +libmnl0:amd64 +libmount1:amd64 +libmp3lame0:amd64 +libmpc3:amd64 +libmpdec2:amd64 +libmpfr6:amd64 +libmpg123-0:amd64 +libmpx2:amd64 +libmspack0:amd64 +libmysqlclient20:amd64 +libncurses5:amd64 +libncursesw5:amd64 +libnetcf1:amd64 +libnetfilter-conntrack3:amd64 +libnettle6:amd64 +libnewt0.52:amd64 +libnfnetlink0:amd64 +libnghttp2-14:amd64 +libnginx-mod-http-geoip +libnginx-mod-http-image-filter +libnginx-mod-http-xslt-filter +libnginx-mod-mail +libnginx-mod-stream +libnih1:amd64 +libnl-3-200:amd64 +libnl-genl-3-200:amd64 +libnl-route-3-200:amd64 +libnorm1:amd64 +libnpth0:amd64 +libnspr4:amd64 +libnss3:amd64 +libnss-systemd:amd64 +libntfs-3g88 +libnuma1:amd64 +libogg0:amd64 +libopenipmi0 +libopus0:amd64 +liborc-0.4-0:amd64 +libp11-kit0:amd64 +libpam0g:amd64 +libpam-cap:amd64 +libpam-modules:amd64 +libpam-modules-bin +libpam-runtime +libpam-systemd:amd64 +libpango-1.0-0:amd64 +libpangocairo-1.0-0:amd64 +libpangoft2-1.0-0:amd64 +libparted2:amd64 +libpcap0.8:amd64 +libpci3:amd64 +libpciaccess0:amd64 +libpcre16-3:amd64 +libpcre32-3:amd64 +libpcre3:amd64 +libpcre3-dev:amd64 +libpcrecpp0v5:amd64 +libperl5.26:amd64 +libpgm-5.2-0:amd64 +libpipeline1:amd64 +libpixman-1-0:amd64 +libplymouth4:amd64 +libpng16-16:amd64 +libpolkit-agent-1-0:amd64 +libpolkit-backend-1-0:amd64 +libpolkit-gobject-1-0:amd64 +libpopt0:amd64 +libprocps6:amd64 +libproxy1v5:amd64 +libpsl5:amd64 +libpulse0:amd64 +libpython2.7:amd64 +libpython2.7-dev:amd64 +libpython2.7-minimal:amd64 +libpython2.7-stdlib:amd64 +libpython3.6:amd64 +libpython3.6-dev:amd64 +libpython3.6-minimal:amd64 +libpython3.6-stdlib:amd64 +libpython3-dev:amd64 +libpython3-stdlib:amd64 +libpython-all-dev:amd64 +libpython-dev:amd64 +libpython-stdlib:amd64 +libquadmath0:amd64 +librados2 +libraw1394-11:amd64 +librbd1 +librdmacm1:amd64 +libreadline5:amd64 +libreadline7:amd64 +libroken18-heimdal:amd64 +librtmp1:amd64 +libsamplerate0:amd64 +libsasl2-2:amd64 +libsasl2-modules:amd64 +libsasl2-modules-db:amd64 +libsdl1.2debian:amd64 +libseccomp2:amd64 +libselinux1:amd64 +libsemanage1:amd64 +libsemanage-common +libsensors4:amd64 +libsepol1:amd64 +libshout3:amd64 +libsigsegv2:amd64 +libslang2:amd64 +libsmartcols1:amd64 +libsndfile1:amd64 +libsnmp30:amd64 +libsnmp-base +libsodium23:amd64 +libsoup2.4-1:amd64 +libspeex1:amd64 +libspice-server1:amd64 +libsqlite3-0:amd64 +libss2:amd64 +libssl1.0.0:amd64 +libssl1.1:amd64 +libssl-dev:amd64 +libstdc++6:amd64 +libstdc++-7-dev:amd64 +libsystemd0:amd64 +libtag1v5:amd64 +libtag1v5-vanilla:amd64 +libtasn1-6:amd64 +libterm-readkey-perl +libtext-charwidth-perl +libtext-iconv-perl +libtext-wrapi18n-perl +libthai0:amd64 +libthai-data +libtheora0:amd64 +libtiff5:amd64 +libtimedate-perl +libtinfo5:amd64 +libtsan0:amd64 +libtwolame0:amd64 +libubsan0:amd64 +libudev1:amd64 +libunistring2:amd64 +libunwind8:amd64 +liburi-perl +libusb-1.0-0:amd64 +libusbredirparser1:amd64 +libutempter0:amd64 +libuuid1:amd64 +libv4l-0:amd64 +libv4lconvert0:amd64 +libvirt0:amd64 +libvirt-bin +libvirt-clients +libvirt-daemon +libvirt-daemon-driver-storage-rbd +libvirt-daemon-system +libvirt-dev:amd64 +libvisual-0.4-0:amd64 +libvorbis0a:amd64 +libvorbisenc2:amd64 +libvpx5:amd64 +libwavpack1:amd64 +libwebp6:amd64 +libwind0-heimdal:amd64 +libwrap0:amd64 +libwsman1:amd64 +libwsman-client4:amd64 +libwsman-curl-client-transport1:amd64 +libx11-6:amd64 +libx11-data +libxau6:amd64 +libxcb1:amd64 +libxcb-render0:amd64 +libxcb-shm0:amd64 +libxdamage1:amd64 +libxdmcp6:amd64 +libxen-4.9:amd64 +libxen-dev:amd64 +libxenstore3.0:amd64 +libxext6:amd64 +libxfixes3:amd64 +libxml2:amd64 +libxml2-dev:amd64 +libxml2-utils +libxmlsec1:amd64 +libxmlsec1-openssl:amd64 +libxmuu1:amd64 +libxpm4:amd64 +libxrender1:amd64 +libxslt1.1:amd64 +libxslt1-dev:amd64 +libxtables12:amd64 +libxv1:amd64 +libyajl2:amd64 +libyaml-0-2:amd64 +libzmq5:amd64 +libzstd1:amd64 +linux-base +linux-firmware +linux-headers-4.15.0-20 +linux-headers-4.15.0-20-generic +linux-headers-generic +linux-headers-virtual +linux-image-4.15.0-20-generic +linux-image-4.15.0-88-generic +linux-image-generic +linux-image-virtual +linux-libc-dev:amd64 +linux-modules-4.15.0-20-generic +linux-modules-4.15.0-88-generic +linux-modules-extra-4.15.0-88-generic +linux-virtual +locales +login +logrotate +lsb-base +lsb-release +lshw +lsof +ltrace +lvm2 +lxcfs +lxd +lxd-client +make +man-db +manpages +manpages-dev +mariadb-client-10.1 +mariadb-client-core-10.1 +mariadb-common +mariadb-server +mariadb-server-10.1 +mariadb-server-core-10.1 +mawk +mdadm +mime-support +mlocate +mokutil +mount +msr-tools +mtr-tiny +multiarch-support +mysql-common +nano +ncurses-base +ncurses-bin +ncurses-term +netbase +netcat-openbsd +netplan.io +net-tools +networkd-dispatcher +nginx +nginx-common +nginx-core +nplan +ntfs-3g +openipmi +open-iscsi +openssh-client +openssh-server +openssh-sftp-server +openssl +open-vm-tools +os-prober +overlayroot +parted +passwd +pastebinit +patch +pciutils +perl +perl-base +perl-modules-5.26 +pinentry-curses +pkg-config +plymouth +plymouth-theme-ubuntu-text +policykit-1 +pollinate +popularity-contest +powermgmt-base +procps +psmisc +publicsuffix +python +python2.7 +python2.7-dev +python2.7-minimal +python3 +python3.6 +python3.6-dev +python3.6-minimal +python3-apport +python3-apt +python3-asn1crypto +python3-attr +python3-automat +python3-blinker +python3-certifi +python3-cffi-backend +python3-chardet +python3-click +python3-colorama +python3-commandnotfound +python3-configobj +python3-constantly +python3-crypto +python3-cryptography +python3-dbus +python3-debconf +python3-debian +python3-dev +python3-distro-info +python3-distupgrade +python3-distutils +python3-gdbm:amd64 +python3-gi +python3-httplib2 +python3-hyperlink +python3-idna +python3-incremental +python3-jinja2 +python3-jsonpatch +python3-json-pointer +python3-jsonschema +python3-jwt +python3-keyring +python3-keyrings.alt +python3-lib2to3 +python3-markupsafe +python3-minimal +python3-mysqldb +python3-newt:amd64 +python3-oauthlib +python3-openssl +python3-pam +python3-pip +python3-pkg-resources +python3-problem-report +python3-pyasn1 +python3-pyasn1-modules +python3-pymysql +python3-requests +python3-requests-unixsocket +python3-secretstorage +python3-serial +python3-service-identity +python3-setuptools +python3-six +python3-software-properties +python3-systemd +python3-twisted +python3-twisted-bin:amd64 +python3-update-manager +python3-urllib3 +python3-virtualenv +python3-wheel +python3-xdg +python3-yaml +python3-zmq +python3-zope.interface +python-all +python-all-dev +python-apt +python-apt-common +python-asn1crypto +python-cffi-backend +python-configparser +python-crypto +python-cryptography +python-dbus +python-dev +python-enum34 +python-gi +python-idna +python-ipaddress +python-keyring +python-keyrings.alt +python-minimal +python-mysqldb +python-openwsman +python-pip +python-pip-whl +python-pkg-resources +python-pymysql +python-secretstorage +python-setuptools +python-six +python-virtualenv +python-wheel +python-xdg +qemu-block-extra:amd64 +qemu-kvm +qemu-system-common +qemu-system-x86 +qemu-utils +readline-common +rsync +rsyslog +run-one +sbsigntool +screen +seabios +secureboot-db +sed +sensible-utils +sgabios +shared-mime-info +sharutils +shim +shim-signed +snapd +socat +software-properties-common +sosreport +squashfs-tools +ssh-import-id +strace +sudo +systemd +systemd-sysv +sysvinit-utils +tar +tcpdump +telnet +tftpd-hpa +tftp-hpa +time +tmux +tzdata +ubuntu-advantage-tools +ubuntu-keyring +ubuntu-minimal +ubuntu-release-upgrader-core +ubuntu-server +ubuntu-standard +ucf +udev +ufw +uidmap +unattended-upgrades +unzip +update-inetd +update-manager-core +update-notifier-common +ureadahead +usbutils +util-linux +uuid-runtime +vim +vim-common +vim-runtime +vim-tiny +virtualenv +wget +whiptail +wireless-regdb +xauth +xdelta3 +xdg-user-dirs +xfsprogs +xinetd +xkb-data +xxd +xz-utils +zerofree +zlib1g:amd64 +zlib1g-dev:amd64 +# NOTE (fdegir): pinned docker versions +docker-ce={{ docker_ce_version }} +docker-ce-cli={{ docker_ce_cli_version }} +containerd.io={{ containerd_io_version }} diff --git a/playbooks/roles/package/vars/Debian.yaml b/playbooks/roles/package/vars/Debian.yaml new file mode 100644 index 0000000..bd7361f --- /dev/null +++ b/playbooks/roles/package/vars/Debian.yaml @@ -0,0 +1,30 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +# package names +packages: + - dpkg-dev + - docker-ce={{ docker_ce_version }} + - docker-ce-cli={{ docker_ce_cli_version }} + - containerd.io={{ containerd_io_version }} + +# service names +docker_service_name: docker + +# vim: set ts=2 sw=2 expandtab: diff --git a/vars/kubernetes.yaml b/vars/kubernetes.yaml index e30fb82..0da0d1b 100644 --- a/vars/kubernetes.yaml +++ b/vars/kubernetes.yaml @@ -26,16 +26,19 @@ provisioners: scm: git src: ssh://localhost:47821/home/fdegir/repos/poc-nordix/bifrost version: "{{ lookup('env', 'NORDIX_BIFROST_VERSION') | default('poc', true) }}" + refspec: "{{ lookup('env', 'NORDIX_BIFROST_REFSPEC') | default(omit) }}" heat: scm: git src: ssh://localhost:47821/home/fdegir/repos/poc-nordix/heat version: "{{ lookup('env', 'NORDIX_HEAT_VERSION') | default('poc', true) }}" + refspec: "{{ lookup('env', 'NORDIX_HEAT_REFSPEC') | default(omit) }}" installers: kubespray: scm: git src: ssh://localhost:47821/home/fdegir/repos/poc-nordix/kubespray version: "{{ lookup('env', 'NORDIX_KUBESPRAY_VERSION') | default('poc', true) }}" + refspec: "{{ lookup('env', 'NORDIX_KUBESPRAY_REFSPEC') | default(omit) }}" # NOTE (fdegir): this is only the list of scenarios implemented within # installer repository and does not list what apps are for curated for @@ -53,4 +56,54 @@ scenarios: - k8-multus-plugins - k8-weave-nofeature +# ------------------------------------------------------------------------------- +# Kubernetes: Kubernetes and kubectl versions +# ------------------------------------------------------------------------------- +# Kubernetes version that is supported by the pinned kubespray version +kubernetes_version: "v1.17.0" +# version of the kubectl should generally match to the version of kubernetes itself +# but it would be good to have possibility to override it in case if someone needs it for some reason +kubectl_version: "{{ kubernetes_version }}" + +# ------------------------------------------------------------------------------- +# Kubernetes: Versions of rook, ceph and their dependencies +# ------------------------------------------------------------------------------- +rook_version: "v1.1.2" +ceph_version: "v14.2.4-20190917" +cephcsi_version: "v1.2.1" +csi_node_driver_registrar_version: "v1.1.0" +csi_attacher_version: "v1.2.0" +csi_provisioner_version: "v1.3.0" +csi_snapshotter_version: "v1.2.0" + +# ------------------------------------------------------------------------------- +# Kubernetes: Versions of prometheus and its dependencies +# ------------------------------------------------------------------------------- +# TODO (fdegir): prometheus version of what? helm chart? +prometheus_version: "1.3.1" +prom_alertmanager_version: "v0.20.0" +prom_node_exporter_version: "v0.18.1" +prom_prometheus_version: "v2.16.0" +prom_push_gateway_version: "v1.0.1" + +# ------------------------------------------------------------------------------- +# Kubernetes: Versions of spinnaker and its dependencies +# ------------------------------------------------------------------------------- +# Helm chart and docker version +spinnaker_version: "1.23.2" +spinnaker_app_version: "1.16.2" + +# ------------------------------------------------------------------------------- +# Kubernetes: App versions +# ------------------------------------------------------------------------------- +helm_version: "v2.16.1" +charts_version: "0b64349aeb537d0fd038df0e1d40ec5cf1206609" +istio_version: "1.3.1" + +# ------------------------------------------------------------------------------- +# Misc: Versions of other components +# ------------------------------------------------------------------------------- +configmap_reload_version: "v0.3.0" +kube_state_metrics_version: "v1.9.5" + # vim: set ts=2 sw=2 expandtab: