From 20d34e772e021fabdee0aa9b50e9804a80d5108a Mon Sep 17 00:00:00 2001 From: Fatih Degirmenci Date: Tue, 19 May 2020 08:13:26 +0000 Subject: [PATCH] Create engine kubernetes stack This change creates kubernetes stack for engine in order to package, deploy, and test stacks independently from engine core. The main feature this enables is the ability to develop stacks in their own repository with proper versioning and branching no matter how the tools (provisioner and installer) are developed. The stack simply selects versions of the tools (could be branches) and the rest is done accordingly. The role package which was previously located under infra/installer/kubespray is moved into this repository in order to handle what to package within the stack since some of the artifacts we package do not belong to installer but to the stack itself. Change-Id: I760d4d904544dad768525e999ebe53e156464111 --- install.sh | 65 ++ package.sh | 38 + playbooks/bootstrap-swconfig.yaml | 28 + playbooks/package.yaml | 28 + playbooks/prepare-artifacts.yaml | 30 + .../tasks/configure-offline-deployment.yaml | 66 ++ .../tasks/configure-online-deployment.yaml | 76 ++ .../roles/bootstrap-swconfig/tasks/main.yaml | 89 ++ playbooks/roles/package/defaults/main.yaml | 223 +++++ playbooks/roles/package/files/build.sh | 54 ++ playbooks/roles/package/files/decompress.sh | 55 ++ playbooks/roles/package/files/install.sh | 11 + playbooks/roles/package/tasks/binaries.yaml | 59 ++ playbooks/roles/package/tasks/containers.yaml | 145 +++ playbooks/roles/package/tasks/dib.yaml | 35 + playbooks/roles/package/tasks/git.yaml | 41 + .../package/tasks/install-packages-Debian.yml | 61 ++ playbooks/roles/package/tasks/main.yaml | 87 ++ playbooks/roles/package/tasks/pip.yaml | 40 + playbooks/roles/package/tasks/pkg-Debian.yaml | 53 ++ .../package/tasks/prepare-packaging.yaml | 88 ++ .../package/templates/kubeadm-images.yaml.j2 | 13 + playbooks/roles/package/templates/pip.conf.j2 | 4 + .../roles/package/templates/ubuntu.list.j2 | 859 ++++++++++++++++++ playbooks/roles/package/vars/Debian.yaml | 30 + .../roles/prepare-artifacts/tasks/main.yaml | 62 ++ vars/kubernetes.yaml | 108 +++ 27 files changed, 2448 insertions(+) create mode 100755 install.sh create mode 100755 package.sh create mode 100644 playbooks/bootstrap-swconfig.yaml create mode 100644 playbooks/package.yaml create mode 100644 playbooks/prepare-artifacts.yaml create mode 100644 playbooks/roles/bootstrap-swconfig/tasks/configure-offline-deployment.yaml create mode 100644 playbooks/roles/bootstrap-swconfig/tasks/configure-online-deployment.yaml create mode 100644 playbooks/roles/bootstrap-swconfig/tasks/main.yaml create mode 100644 playbooks/roles/package/defaults/main.yaml create mode 100755 playbooks/roles/package/files/build.sh create mode 100755 playbooks/roles/package/files/decompress.sh create mode 100755 playbooks/roles/package/files/install.sh create mode 100644 playbooks/roles/package/tasks/binaries.yaml create mode 100644 playbooks/roles/package/tasks/containers.yaml create mode 100644 playbooks/roles/package/tasks/dib.yaml create mode 100644 playbooks/roles/package/tasks/git.yaml create mode 100644 playbooks/roles/package/tasks/install-packages-Debian.yml create mode 100644 playbooks/roles/package/tasks/main.yaml create mode 100644 playbooks/roles/package/tasks/pip.yaml create mode 100644 playbooks/roles/package/tasks/pkg-Debian.yaml create mode 100644 playbooks/roles/package/tasks/prepare-packaging.yaml create mode 100644 playbooks/roles/package/templates/kubeadm-images.yaml.j2 create mode 100644 playbooks/roles/package/templates/pip.conf.j2 create mode 100644 playbooks/roles/package/templates/ubuntu.list.j2 create mode 100644 playbooks/roles/package/vars/Debian.yaml create mode 100644 playbooks/roles/prepare-artifacts/tasks/main.yaml create mode 100644 vars/kubernetes.yaml diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..9ae4cc3 --- /dev/null +++ b/install.sh @@ -0,0 +1,65 @@ +#!/bin/bash +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +set -o errexit +set -o nounset +set -o pipefail + +#------------------------------------------------------------------------------- +# Bootstrap stack software configuration +#------------------------------------------------------------------------------- +echo "Info : Bootstrap stack software configuration" +echo "-------------------------------------------------------------------------" +cd "${ENGINE_PATH}" +ansible-playbook "${ENGINE_ANSIBLE_PARAMS[@]}" \ + -i "${ENGINE_PATH}/engine/inventory/localhost.ini" \ + engine/stack/kubernetes/playbooks/bootstrap-swconfig.yaml +echo "-------------------------------------------------------------------------" + +#------------------------------------------------------------------------------- +# Provision nodes using the selected provisioning tool +#------------------------------------------------------------------------------- +# NOTE: shellcheck SC1090 is disabled since the script becomes available during runtime +# shellcheck disable=SC1090 +source "${ENGINE_PATH}/engine/provisioner/provision.sh" + +#------------------------------------------------------------------------------- +# Provision local apt repo, docker registry, and ntp server services +#------------------------------------------------------------------------------- +# NOTE: shellcheck SC1090 is disabled since the script becomes available during runtime +# shellcheck disable=SC1090 +source "${ENGINE_PATH}/engine/library/engine-services.sh" + +#------------------------------------------------------------------------------- +# Prepare artifacts for offline deployment +#------------------------------------------------------------------------------- +cd "${ENGINE_PATH}" +ansible-playbook "${ENGINE_ANSIBLE_PARAMS[@]}" \ + -i "${ENGINE_PATH}/engine/inventory/inventory.ini" \ + engine/stack/kubernetes/playbooks/prepare-artifacts.yaml +echo "-------------------------------------------------------------------------" + +#------------------------------------------------------------------------------- +# Install the stack using the selected installer +#------------------------------------------------------------------------------- +# NOTE: shellcheck SC1090 is disabled since the script becomes available during runtime +# shellcheck disable=SC1090 +source "${ENGINE_PATH}/engine/installer/install.sh" + +# vim: set ts=2 sw=2 expandtab: diff --git a/package.sh b/package.sh new file mode 100755 index 0000000..197f1f2 --- /dev/null +++ b/package.sh @@ -0,0 +1,38 @@ +#!/bin/bash +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +set -o errexit +set -o nounset +set -o pipefail + +#------------------------------------------------------------------------------- +# Start packaging process +#------------------------------------------------------------------------------- +echo "Info : Start packaging process" +echo "-------------------------------------------------------------------------" +cd "${ENGINE_PATH}" +ansible-playbook "${ENGINE_ANSIBLE_PARAMS[@]}" \ + -i "${ENGINE_PATH}/engine/inventory/localhost.ini" \ + engine/stack/kubernetes/playbooks/package.yaml +echo "-------------------------------------------------------------------------" +echo +echo "Info : Packaging is done!" +echo " You can take $OFFLINE_INSTALLER_FILE and use it for offline deployment!" + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/bootstrap-swconfig.yaml b/playbooks/bootstrap-swconfig.yaml new file mode 100644 index 0000000..bd8d24f --- /dev/null +++ b/playbooks/bootstrap-swconfig.yaml @@ -0,0 +1,28 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- hosts: localhost + connection: local + gather_facts: true + become: false + + roles: + - role: bootstrap-swconfig + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/package.yaml b/playbooks/package.yaml new file mode 100644 index 0000000..1cf4c34 --- /dev/null +++ b/playbooks/package.yaml @@ -0,0 +1,28 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- hosts: localhost + connection: local + gather_facts: true + become: false + + roles: + - role: package + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/prepare-artifacts.yaml b/playbooks/prepare-artifacts.yaml new file mode 100644 index 0000000..0132d65 --- /dev/null +++ b/playbooks/prepare-artifacts.yaml @@ -0,0 +1,30 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- hosts: jumphost + gather_facts: true + become: false + + tasks: + - name: Prepare artifacts for offline deployment + include_role: + name: prepare-artifacts + when: execution_mode == "offline-deployment" + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/bootstrap-swconfig/tasks/configure-offline-deployment.yaml b/playbooks/roles/bootstrap-swconfig/tasks/configure-offline-deployment.yaml new file mode 100644 index 0000000..4d57285 --- /dev/null +++ b/playbooks/roles/bootstrap-swconfig/tasks/configure-offline-deployment.yaml @@ -0,0 +1,66 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Delete outdated engine provisioner files and folders + file: + path: "{{ item }}" + state: absent + with_items: + - "{{ engine_workspace }}/offline/git/engine/engine/provisioner" + - "{{ engine_workspace }}/offline/git/engine/engine/inventory/group_vars/all/{{ provisioner_type }}.yaml" + +- block: + - name: Clone engine provisioner repository + git: + repo: "{{ engine_workspace }}/offline/git/engine-{{ provisioner_type }}" + dest: "{{ engine_workspace }}/offline/git/engine/engine/provisioner" + version: "{{ provisioners[provisioner_type].version }}" + force: true + + - name: Copy engine provisioner vars file into group_vars + copy: + src: "{{ engine_workspace }}/offline/git/engine-{{ provisioner_type }}/vars/{{ provisioner_type }}.yaml" + dest: "{{ engine_workspace }}/offline/git/engine/engine/inventory/group_vars/all/{{ provisioner_type }}.yaml" + force: true + when: provisioners is defined + +- name: Delete outdated engine installer vars files from group_vars + file: + path: "{{ item }}" + state: absent + with_items: + - "{{ engine_workspace }}/offline/git/engine/engine/installer" + - "{{ engine_workspace }}/offline/git/engine/engine/inventory/group_vars/all/{{ installer_type }}.yaml" + +- block: + - name: Clone engine installer repository + git: + repo: "{{ engine_workspace }}/offline/git/engine-{{ installer_type }}" + dest: "{{ engine_workspace }}/offline/git/engine/engine/installer" + version: "{{ installers[installer_type].version }}" + force: true + + - name: Copy engine installer vars file into group_vars + copy: + src: "{{ engine_workspace }}/offline/git/engine-{{ installer_type }}/vars/{{ installer_type }}.yaml" + dest: "{{ engine_workspace }}/offline/git/engine/engine/inventory/group_vars/all/{{ installer_type }}.yaml" + force: true + when: installers is defined + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/bootstrap-swconfig/tasks/configure-online-deployment.yaml b/playbooks/roles/bootstrap-swconfig/tasks/configure-online-deployment.yaml new file mode 100644 index 0000000..75f3db5 --- /dev/null +++ b/playbooks/roles/bootstrap-swconfig/tasks/configure-online-deployment.yaml @@ -0,0 +1,76 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Delete outdated engine provisioner files and folders + file: + path: "{{ item }}" + state: absent + with_items: + - "{{ engine_path }}/engine/provisioner" + - "{{ engine_path }}/engine/inventory/group_vars/all/{{ provisioner_type }}.yaml" + +- block: + - name: Clone engine provisioner repository + git: + repo: "{{ provisioners[provisioner_type].src }}" + dest: "{{ engine_path }}/engine/provisioner" + version: "{{ provisioners[provisioner_type].version }}" + refspec: "{{ provisioners[provisioner_type].refspec | default(omit) }}" + force: true + environment: + http_proxy: "{{ lookup('env','http_proxy') }}" + https_proxy: "{{ lookup('env','https_proxy') }}" + no_proxy: "{{ lookup('env','no_proxy') }}" + + - name: Copy engine provisioner vars file into group_vars + copy: + src: "{{ engine_path }}/engine/provisioner/vars/{{ provisioner_type }}.yaml" + dest: "{{ engine_path }}/engine/inventory/group_vars/all/{{ provisioner_type }}.yaml" + force: true + when: provisioners is defined + +- name: Delete outdated engine installer files and folders + file: + path: "{{ item }}" + state: absent + with_items: + - "{{ engine_path }}/engine/installer" + - "{{ engine_path }}/engine/inventory/group_vars/all/{{ installer_type }}.yaml" + +- block: + - name: Clone engine installer repository + git: + repo: "{{ installers[installer_type].src }}" + dest: "{{ engine_path }}/engine/installer" + version: "{{ installers[installer_type].version }}" + refspec: "{{ installers[installer_type].refspec | default(omit) }}" + force: true + environment: + http_proxy: "{{ lookup('env','http_proxy') }}" + https_proxy: "{{ lookup('env','https_proxy') }}" + no_proxy: "{{ lookup('env','no_proxy') }}" + + - name: Copy engine installer vars file into group_vars + copy: + src: "{{ engine_path }}/engine/installer/vars/{{ installer_type }}.yaml" + dest: "{{ engine_path }}/engine/inventory/group_vars/all/{{ installer_type }}.yaml" + force: true + when: installers is defined + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/bootstrap-swconfig/tasks/main.yaml b/playbooks/roles/bootstrap-swconfig/tasks/main.yaml new file mode 100644 index 0000000..46db541 --- /dev/null +++ b/playbooks/roles/bootstrap-swconfig/tasks/main.yaml @@ -0,0 +1,89 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Set distribution + set_fact: + distro: "{{ ansible_distribution | lower }}{{ ansible_distribution_version | replace('.','') }}" + +- name: Log distribution to console + debug: + msg: 'Set distribution to {{ distro }}' + +- name: Fail if distribution is not valid for stack '{{ stack_type }}' + fail: + msg: "'{{ distro }}' is not a valid distribution for stack '{{ stack_type }}'" + when: distro not in distros + +- name: Set provisioner type + set_fact: + provisioner_type: "{{ details.type is defined | ternary('bifrost', 'heat') }}" + +- name: Log provisioner type to console + debug: + msg: 'Set provisioner type to {{ provisioner_type }}' + +- name: Fail if the selected provisioner is not valid for stack '{{ stack_type }}' + fail: + msg: "'{{ provisioner_type }}' is not a valid provisioner for stack '{{ stack_type }}'" + when: provisioner_type not in provisioners + +- name: Set installer type + set_fact: + installer_type: 'kubespray' + when: deploy_scenario is search('k8-') + +- name: Log installer type to console + debug: + msg: 'Set installer type to {{ installer_type }}' + +- name: Fail if the selected installer is not valid for stack '{{ stack_type }}' + fail: + msg: "'{{ installer_type }}' is not a valid installer for stack '{{ stack_type }}'" + when: installer_type not in installers + +- name: Log deploy scenario to console + debug: + msg: 'Set deploy scenario to {{ deploy_scenario }}' + +- name: Fail if the deploy scenario is not valid for stack '{{ stack_type }}' + fail: + msg: "'{{ deploy_scenario }}' is not valid for stack '{{ stack_type }}'" + when: deploy_scenario not in scenarios + +# NOTE (fdegir): as we determine things dynamically, we need to record variables in order +# for them to become available subsequent tasks, roles, playbooks +- name: Record deployment variables to deployment variables file + blockinfile: + path: "{{ deployment_vars_file }}" + state: present + create: true + block: | + distro: "{{ distro }}" + provisioner_type: "{{ provisioner_type }}" + installer_type: "{{ installer_type }}" + marker: "# {mark} ANSIBLE MANAGED BLOCK engine-kubernetes" + +- name: Reload deployment variables + include_vars: "{{ deployment_vars_file }}" + +# NOTE (fdegir): Prepare provisioner and installer +- name: Prepare provisioner and installer for {{ execution_mode }} + include_tasks: "configure-{{ execution_mode }}.yaml" + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/defaults/main.yaml b/playbooks/roles/package/defaults/main.yaml new file mode 100644 index 0000000..44f045e --- /dev/null +++ b/playbooks/roles/package/defaults/main.yaml @@ -0,0 +1,223 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +# locations of the packaged dependencies +pkg_folder: "{{ offline_pkg_folder }}/pkg" +dib_folder: "{{ offline_pkg_folder }}/dib" +git_folder: "{{ offline_pkg_folder }}/git" +binaries_folder: "{{ offline_pkg_folder }}/binaries" +containers_folder: "{{ offline_pkg_folder }}/containers" +pip_folder: "{{ offline_pkg_folder }}/pip" + +helm_download_url: "https://get.helm.sh/helm-{{ helm_version }}-linux-amd64.tar.gz" + +# some images require architecture +image_arch: amd64 + +dib_images: + - https://artifactory.nordix.org/artifactory/cloud-infra/dib/deployment_image/ubuntu1804/deployment_image.qcow2 + - https://artifactory.nordix.org/artifactory/cloud-infra/dib/ipa_image/coreos/ipa.initramfs + - https://artifactory.nordix.org/artifactory/cloud-infra/dib/ipa_image/coreos/ipa.kernel + +k8s_binaries: + - calicoctl + - cni + - kubeadm + - kubectl + - kubelet + +k8s_misc_images: + - addon_resizer + - calico_cni + - calico_node + - calico_policy + - coredns + - dashboard + - dnsautoscaler + - etcd + - flannel + - flannel_cni + - helm + - metrics_server + - multus + - nginx + - nodelocaldns + - pod_infra + - registry_proxy + - tiller + - weave_kube + - weave_npc + +other_images: + # ceph + ceph: + repo: ceph/ceph + tag: "{{ ceph_version }}" + cephcsi: + repo: quay.io/cephcsi/cephcsi + tag: "{{ cephcsi_version }}" + csi-attacher: + repo: quay.io/k8scsi/csi-attacher + tag: "{{ csi_attacher_version }}" + csi-node-driver-registrar: + repo: quay.io/k8scsi/csi-node-driver-registrar + tag: "{{ csi_node_driver_registrar_version }}" + csi-provisioner: + repo: quay.io/k8scsi/csi-provisioner + tag: "{{ csi_provisioner_version }}" + csi-snapshotter: + repo: quay.io/k8scsi/csi-snapshotter + tag: "{{ csi_snapshotter_version }}" + rook: + repo: rook/ceph + tag: "{{ rook_version }}" + # prometheus + prom-alertmanager: + repo: docker.io/prom/alertmanager + tag: "{{ prom_alertmanager_version }}" + prom-node-exporter: + repo: docker.io/prom/node-exporter + tag: "{{ prom_node_exporter_version }}" + prom-prometheus: + repo: docker.io/prom/prometheus + tag: "{{ prom_prometheus_version }}" + prom-pushgateway: + repo: docker.io/prom/pushgateway + tag: "{{ prom_push_gateway_version }}" + # docker + docker-registry: + repo: docker.io/registry + tag: "{{ docker_registry_version }}" + # other - we don't know where this comes from + configmap-reload: + repo: docker.io/jimmidyson/configmap-reload + tag: "{{ configmap_reload_version }}" + kube-state-metrics: + repo: quay.io/coreos/kube-state-metrics + tag: "{{ kube_state_metrics_version }}" + +repositories: + # NOTE (fdegir): OpenDev Git Repositories - Using Nordix Mirrors + bifrost: + repo: "https://gerrit.nordix.org/opendev/openstack/bifrost" + dest: "bifrost" + version: "{{ bifrost_version }}" + diskimage-builder: + repo: "https://gerrit.nordix.org/opendev/openstack/diskimage-builder" + dest: "diskimage-builder" + version: "{{ diskimage_builder_version }}" + ironic: + repo: "https://gerrit.nordix.org/opendev/openstack/ironic" + dest: "ironic" + version: "{{ ironic_version }}" + ironic-inspector: + repo: "https://gerrit.nordix.org/opendev/openstack/ironic-inspector" + dest: "ironic-inspector" + version: "{{ ironic_inspector_version }}" + ironic-python-agent: + repo: "https://gerrit.nordix.org/opendev/openstack/ironic-python-agent" + dest: "ironic-python-agent" + version: "{{ ironic_python_agent_version }}" + ironic-python-agent-builder: + repo: "https://gerrit.nordix.org/opendev/openstack/ironic-python-agent-builder" + dest: "ironic-python-agent-builder" + version: "{{ ironic_python_agent_builder_version }}" + ironic-staging-drivers: + repo: "https://gerrit.nordix.org/opendev/x/ironic-staging-drivers" + dest: "ironic-staging-drivers" + version: "{{ ironic_staging_drivers_version }}" + keystone: + repo: "https://gerrit.nordix.org/opendev/openstack/keystone" + dest: "keystone" + version: "{{ keystone_version }}" + openstacksdk: + repo: "https://gerrit.nordix.org/opendev/openstack/openstacksdk" + dest: "openstacksdk" + version: "{{ openstacksdk_version }}" + python-ironicclient: + repo: "https://gerrit.nordix.org/opendev/openstack/python-ironicclient" + dest: "python-ironicclient" + version: "{{ python_ironicclient_version }}" + python-ironic-inspector-client: + repo: "https://gerrit.nordix.org/opendev/openstack/python-ironic-inspector-client" + dest: "python-ironic-inspector-client" + version: "{{ python_ironic_inspector_client_version }}" + requirements: + repo: "https://gerrit.nordix.org/opendev/openstack/requirements" + dest: "requirements" + version: "{{ requirements_version }}" + shade: + repo: "https://gerrit.nordix.org/opendev/openstack/shade" + dest: "shade" + version: "{{ shade_version }}" + sushy: + repo: "https://gerrit.nordix.org/opendev/openstack/sushy" + dest: "sushy" + version: "{{ sushy_version }}" + # NOTE (fdegir): Kubespray and Helm Git Repositories + charts: + repo: "https://github.com/helm/charts.git" + dest: "charts" + version: "{{ charts_version }}" + kubespray: + repo: "https://github.com/kubernetes-sigs/kubespray.git" + dest: "kubespray" + version: "{{ kubespray_version }}" + # NOTE (fdegir): Nordix Git Repositories + engine: + repo: "https://gerrit.nordix.org/infra/engine.git" + dest: "engine" + version: "{{ lookup('env', 'NORDIX_ENGINE_VERSION') | default('master', true) }}" + refspec: "{{ lookup('env', 'NORDIX_ENGINE_REFSPEC') | default(omit) }}" + hwconfig: + repo: "https://gerrit.nordix.org/infra/hwconfig.git" + dest: "hwconfig" + version: "{{ lookup('env', 'NORDIX_HWCONFIG_VERSION') | default('master', true) }}" + refspec: "{{ lookup('env', 'NORDIX_HWCONFIG_REFSPEC') | default(omit) }}" + test: + repo: "https://gerrit.nordix.org/infra/test.git" + dest: "test" + version: "{{ lookup('env', 'NORDIX_TEST_VERSION') | default('master', true) }}" + refspec: "{{ lookup('env', 'NORDIX_TEST_REFSPEC') | default(omit) }}" + # NOTE (fdegir): Engine provisioner and installer repos will be prepended with engine + # in order to prevent name clashes during packaging + # NOTE (fdegir): stack git details are inherited from engine/inventory/group_vars/all/sdf.yaml + engine-kubernetes: + repo: "{{ stacks['kubernetes'].src }}" + dest: "engine-kubernetes" + version: "{{ stacks['kubernetes'].version }}" + refspec: "{{ stacks['kubernetes'].refspec | default(omit) }}" + # NOTE (fdegir): bifrost, heat, and kuberspray git details are inherited from kubernetes/vars/kubernetes.yaml + engine-bifrost: + repo: "{{ provisioners['bifrost'].src }}" + dest: "engine-bifrost" + version: "{{ provisioners['bifrost'].version }}" + refspec: "{{ provisioners['bifrost'].refspec | default(omit) }}" + engine-heat: + repo: "{{ provisioners['heat'].src }}" + dest: "engine-heat" + version: "{{ provisioners['heat'].version }}" + refspec: "{{ provisioners['heat'].refspec | default(omit) }}" + engine-kubespray: + repo: "{{ installers['kubespray'].src }}" + dest: "engine-kubespray" + version: "{{ installers['kubespray'].version }}" + refspec: "{{ installers['kubespray'].refspec | default(omit) }}" + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/files/build.sh b/playbooks/roles/package/files/build.sh new file mode 100755 index 0000000..c28264d --- /dev/null +++ b/playbooks/roles/package/files/build.sh @@ -0,0 +1,54 @@ +#!/bin/bash +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +set -o errexit +set -o nounset +set -o pipefail + +export OFFLINE_PKG_FOLDER="${OFFLINE_PKG_FOLDER:-/tmp/offline-package}" +export OFFLINE_PKG_FILE="${OFFLINE_PKG_FILE:-/tmp/offline-package.tgz}" + +# NOTE (fdegir): In order to package and test the change for offline deployment, +# we need to include the change/patch within the package since that is what should +# be used during the deployment phase. +# check if we are running as part of CI verify job +GERRIT_PROJECT="${GERRIT_PROJECT:-}" +if [[ "$GERRIT_PROJECT" == "infra/engine" ]]; then + REPO_GIT_URL="https://gerrit.nordix.org/infra/engine.git" + echo "Info : Running in CI - infra/engine patch will be packaged for testing." + echo " Checking out the change/patch $GERRIT_REFSPEC for $REPO_GIT_URL" + # navigate to the folder and checkout the patch + cd "$OFFLINE_PKG_FOLDER/git/engine" + git fetch "$REPO_GIT_URL" "$GERRIT_REFSPEC" && git checkout FETCH_HEAD +fi + +# compress & archive offline dependencies +tar -C "$OFFLINE_PKG_FOLDER" -czf "$OFFLINE_PKG_FILE" . + +# remove intermediate offline pkg folder +rm -rf "$OFFLINE_PKG_FOLDER" + +# create self extracting installer +cat /tmp/decompress.sh "$OFFLINE_PKG_FILE" > "$OFFLINE_INSTALLER_FILE" +chmod +x "$OFFLINE_INSTALLER_FILE" + +# remove intermediate offline pkg file +rm -rf "$OFFLINE_PKG_FILE" + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/files/decompress.sh b/playbooks/roles/package/files/decompress.sh new file mode 100755 index 0000000..25c7570 --- /dev/null +++ b/playbooks/roles/package/files/decompress.sh @@ -0,0 +1,55 @@ +#!/bin/bash +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +set -o errexit +set -o nounset +set -o pipefail + +cat < /dev/null || source /usr/lib/os-release &> /dev/null; echo "${PRETTY_NAME}") +IP : $(hostname -I | cut -d' ' -f1) +#---------------------------------------------------# +Info : Please wait while extracting dependencies. + This might take a while. +#---------------------------------------------------# +EOF + +ENGINE_WORKSPACE=/opt/engine +DESTINATION_FOLDER="$ENGINE_WORKSPACE/offline" +export ENGINE_WORKSPACE DESTINATION_FOLDER + +# NOTE (fdegir): we need to clean things up in order to prevent side effects from leftovers +sudo rm -rf "$ENGINE_WORKSPACE" +sudo mkdir -p "$DESTINATION_FOLDER" +sudo chown -R "$USER":"$USER" "$ENGINE_WORKSPACE" + +ARCHIVE=$(awk '/^__ARCHIVE_BELOW__/ {print NR + 1; exit 0; }' "$0") + +tail -n+"$ARCHIVE" "$0" | tar -xz -C "$DESTINATION_FOLDER" + +cd "$DESTINATION_FOLDER" +./install.sh + +exit 0 +__ARCHIVE_BELOW__ diff --git a/playbooks/roles/package/files/install.sh b/playbooks/roles/package/files/install.sh new file mode 100755 index 0000000..a5c1ccb --- /dev/null +++ b/playbooks/roles/package/files/install.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +# TODO (fdegir): This script could be enhanced to provide full installation functionality +# by parsing arguments and executing actual engine deploy.sh with the arguments but left for later +echo "Info : Dependencies are extracted to $DESTINATION_FOLDER" +echo "Info : Please navigate to $DESTINATION_FOLDER/git/engine/engine folder and issue deployment command" +echo " You can get help about the engine usage by issuing command ./deploy.sh -h" +echo " Do not forget to specify PDF and IDF file locations using -p and -i arguments!" +echo "Info : Done!" + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/tasks/binaries.yaml b/playbooks/roles/package/tasks/binaries.yaml new file mode 100644 index 0000000..f90ac01 --- /dev/null +++ b/playbooks/roles/package/tasks/binaries.yaml @@ -0,0 +1,59 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Create directory to store k8s binaries + file: + path: "{{ binaries_folder }}" + state: "{{ item }}" + with_items: + - absent + - directory + +- name: Set versions of k8s components in Kubespray downloads role + lineinfile: + path: "{{ git_folder }}/kubespray/roles/download/defaults/main.yml" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - {regexp: "^kube_version:.*", line: "kube_version: {{ kubernetes_version }}"} + - {regexp: "^helm_version:.*", line: "helm_version: {{ helm_version }}"} + +# NOTE (fdegir): order of vars files is significant +- name: Include kubespray vars files + include_vars: "{{ item }}" + with_items: + - "{{ git_folder }}/kubespray/roles/kubespray-defaults/defaults/main.yaml" + - "{{ git_folder }}/kubespray/roles/download/defaults/main.yml" + +- name: Download k8s binaries + get_url: + url: "{{ downloads[item].url }}" + dest: "{{ binaries_folder }}/{{ item }}" + mode: 0755 + force: true + loop: "{{ k8s_binaries }}" + +- name: Download helm binary + get_url: + url: "{{ helm_download_url }}" + dest: "{{ binaries_folder }}" + mode: 0755 + force: true + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/tasks/containers.yaml b/playbooks/roles/package/tasks/containers.yaml new file mode 100644 index 0000000..9101950 --- /dev/null +++ b/playbooks/roles/package/tasks/containers.yaml @@ -0,0 +1,145 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Create directory to store container images + file: + path: "{{ containers_folder }}" + state: "{{ item }}" + with_items: + - absent + - directory + +- name: Set versions of k8s components in Kubespray downloads role + lineinfile: + path: "{{ git_folder }}/kubespray/roles/download/defaults/main.yml" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - {regexp: "^kube_version:.*", line: "kube_version: {{ kubernetes_version }}"} + - {regexp: "^helm_version:.*", line: "helm_version: {{ helm_version }}"} + +# NOTE (fdegir): order of vars files is significant +- name: Include kubespray vars files + include_vars: "{{ item }}" + with_items: + - "{{ git_folder }}/kubespray/roles/kubespray-defaults/defaults/main.yaml" + - "{{ git_folder }}/kubespray/roles/download/defaults/main.yml" + +- name: Remove outdated kubeadm-images.yaml file + file: + path: "/tmp/kubeadm-images.yaml" + state: absent + +- name: Generate kubeadm-images.yaml to fetch container images + template: + src: "kubeadm-images.yaml.j2" + dest: "/tmp/kubeadm-images.yaml" + force: true + +# NOTE (fdegir): the tasks below are taken from kubespray/roles/download/tasks/prep_kubeadm_images.yml +- name: Get list of kubeadm images + shell: | + set -o pipefail + {{ binaries_folder }}/kubeadm config images list --config=/tmp/kubeadm-images.yaml | grep -v coredns + args: + executable: /bin/bash + register: kubeadm_images_raw + run_once: true + changed_when: false + +- name: Parse list of kubeadm images + vars: + kubeadm_images_list: "{{ kubeadm_images_raw.stdout_lines }}" + set_fact: + kubeadm_image: + key: "kubeadm_{{ (item | regex_replace('^(?:.*\\/)*','')).split(':')[0] }}" + value: + enabled: true + container: true + repo: "{{ item | regex_replace('^(.*):.*$','\\1') }}" + tag: "{{ item | regex_replace('^.*:(.*)$','\\1') }}" + loop: "{{ kubeadm_images_list | flatten(levels=1) }}" + register: kubeadm_images_cooked + run_once: true + +- name: Convert list of kubeadm images to dict + set_fact: + kubeadm_images: "{{ kubeadm_images_cooked.results | map(attribute='ansible_facts.kubeadm_image') | list | items2dict }}" + run_once: true + +# NOTE (fdegir): docker_image module doesn't seem to respect become so falling back to command module +- name: Pull kubeadm container images + command: "docker pull {{ kubeadm_images[item.key].repo }}:{{ kubeadm_images[item.key].tag }}" + with_dict: "{{ kubeadm_images }}" + become: true + changed_when: false + +- name: Pull misc container images + command: "docker pull {{ downloads[item].repo }}:{{ downloads[item].tag }}" + loop: "{{ k8s_misc_images }}" + become: true + changed_when: false + +- name: Pull other container images + command: "docker pull {{ other_images[item.key].repo }}:{{ other_images[item.key].tag }}" + with_dict: "{{ other_images }}" + become: true + changed_when: false + +# save container images +- name: Save kubeadm container images + command: |- + docker save {{ kubeadm_images[item.key].repo }}:{{ kubeadm_images[item.key].tag }} + -o {{ kubeadm_images[item.key].repo | replace('/', '_') }}_{{ kubeadm_images[item.key].tag }}.tar + with_dict: "{{ kubeadm_images }}" + args: + chdir: "{{ containers_folder }}" + become: true + changed_when: false + +- name: Save misc container images + command: |- + docker save {{ downloads[item].repo }}:{{ downloads[item].tag }} + -o {{ downloads[item].repo }} -o {{ downloads[item].repo | replace('/', '_') }}_{{ downloads[item].tag }}.tar + loop: "{{ k8s_misc_images }}" + args: + chdir: "{{ containers_folder }}" + become: true + changed_when: false + +- name: Save other container images + command: |- + docker save {{ other_images[item.key].repo }}:{{ other_images[item.key].tag }} + -o {{ other_images[item.key].repo | replace('/', '_') }}_{{ other_images[item.key].tag }}.tar + with_dict: "{{ other_images }}" + args: + chdir: "{{ containers_folder }}" + become: true + changed_when: false + +# NOTE (fdegir): archive fails due to wrong permissions so we fix them +- name: Fix container image permissions + file: + path: "{{ containers_folder }}" + state: directory + recurse: true + mode: 0755 + become: true + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/tasks/dib.yaml b/playbooks/roles/package/tasks/dib.yaml new file mode 100644 index 0000000..887977b --- /dev/null +++ b/playbooks/roles/package/tasks/dib.yaml @@ -0,0 +1,35 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Create directory to store images used for provisioning + file: + path: "{{ dib_folder }}" + state: "{{ item }}" + with_items: + - absent + - directory + +- name: Download distro images used for provisioning nodes + get_url: + url: "{{ item }}" + dest: "{{ dib_folder }}" + force: true + loop: "{{ dib_images }}" + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/tasks/git.yaml b/playbooks/roles/package/tasks/git.yaml new file mode 100644 index 0000000..60ddff8 --- /dev/null +++ b/playbooks/roles/package/tasks/git.yaml @@ -0,0 +1,41 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Create directory to store git repositories + file: + path: "{{ git_folder }}" + state: "{{ item }}" + with_items: + - absent + - directory + +- name: Clone repositories + git: + repo: "{{ repositories[item.key].repo }}" + dest: "{{ git_folder }}/{{ repositories[item.key].dest }}" + version: "{{ repositories[item.key].version }}" + refspec: "{{ repositories[item.key].refspec | default(omit) }}" + force: true + with_dict: "{{ repositories }}" + environment: + http_proxy: "{{ lookup('env','http_proxy') }}" + https_proxy: "{{ lookup('env','https_proxy') }}" + no_proxy: "{{ lookup('env','no_proxy') }}" + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/tasks/install-packages-Debian.yml b/playbooks/roles/package/tasks/install-packages-Debian.yml new file mode 100644 index 0000000..b69f4bd --- /dev/null +++ b/playbooks/roles/package/tasks/install-packages-Debian.yml @@ -0,0 +1,61 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Load distribution variables + include_vars: '{{ ansible_os_family }}.yaml' + +- name: Add docker apt key + apt_key: + url: https://download.docker.com/linux/ubuntu/gpg + state: present + become: true + +# NOTE(fdegir): ansible apt_repository gives segmentation fault so failling back to command +- name: Add docker apt repository + command: |- + add-apt-repository \ + "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" + changed_when: false + become: true + +- name: Run apt update + apt: + update_cache: true + become: true + +- name: Install packages + apt: + name: "{{ packages }}" + state: "{{ item }}" + force: true + install_recommends: true + autoremove: true + update_cache: true + with_items: + - absent + - present + become: true + +- name: Restart docker service + service: + name: "{{ docker_service_name }}" + state: restarted + become: true + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/tasks/main.yaml b/playbooks/roles/package/tasks/main.yaml new file mode 100644 index 0000000..a1296b1 --- /dev/null +++ b/playbooks/roles/package/tasks/main.yaml @@ -0,0 +1,87 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Prepare packaging + include_tasks: prepare-packaging.yaml + +- name: Create folder to store dependencies for offline deployment + file: + path: "{{ offline_pkg_folder }}" + state: "{{ item }}" + with_items: + - absent + - directory + +- name: Install packages on {{ ansible_os_family }} + include_tasks: "install-packages-{{ ansible_os_family }}.yml" + +# TODO (fdegir): we need to switch to build with dib here +- name: Fetch operating system images for provisioning + include_tasks: dib.yaml + +# collect apt packages +- name: Fetch operating system packages + include_tasks: "pkg-{{ ansible_os_family }}.yaml" + +# clone git repositories +- name: Fetch git repositories + include_tasks: git.yaml + +# download binaries +- name: Fetch binaries + include_tasks: binaries.yaml + +# download pip packages +- name: Fetch pip python packages + include_tasks: pip.yaml + +# fetch k8s container images +- name: Fetch container images + include_tasks: containers.yaml + +# ensure we don't have leftovers +- name: Delete outdated files + file: + path: "{{ item }}" + state: absent + with_items: + - "{{ offline_pkg_file }}" + - "{{ offline_pkg_folder }}/install.sh" + - "{{ offline_installer_file }}" + - "/tmp/decompress.sh" + +- name: Copy decompress and install scripts + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0755 + with_items: + - {src: "install.sh", dest: "{{ offline_pkg_folder }}/install.sh"} + - {src: "decompress.sh", dest: "/tmp/decompress.sh"} + +# create tarball +- name: Create engine installer file + script: build.sh + register: build_script + +- name: Log build script output to console + debug: + msg: "{{ build_script.stdout_lines }}" + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/tasks/pip.yaml b/playbooks/roles/package/tasks/pip.yaml new file mode 100644 index 0000000..a4a4642 --- /dev/null +++ b/playbooks/roles/package/tasks/pip.yaml @@ -0,0 +1,40 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Create directory to store pip packages + file: + path: "{{ pip_folder }}" + state: "{{ item }}" + with_items: + - absent + - directory + +- name: Download pip packages using requirements.txt file + command: "pip download -r {{ engine_path }}/requirements.txt --no-cache" + changed_when: false + args: + chdir: "{{ pip_folder }}" + +- name: Copy pip.conf + template: + src: pip.conf.j2 + dest: "{{ pip_folder }}/pip.conf" + force: true + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/tasks/pkg-Debian.yaml b/playbooks/roles/package/tasks/pkg-Debian.yaml new file mode 100644 index 0000000..f844bf9 --- /dev/null +++ b/playbooks/roles/package/tasks/pkg-Debian.yaml @@ -0,0 +1,53 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Create directory to store apt packages + file: + path: "{{ pkg_folder }}/amd64" + state: "{{ item }}" + with_items: + - absent + - directory + +# NOTE (fdegir): docker version is taken and updated from engine versions file +- name: Generate ubuntu.list file from template + template: + src: ubuntu.list.j2 + dest: /tmp/ubuntu.list + force: true + +- name: Download apt packages using ubuntu.list file + shell: | + set -o pipefail + apt download $(grep -vE "^\s*#" /tmp/ubuntu.list | tr "\n" " ") + changed_when: false + args: + executable: /bin/bash + chdir: "{{ pkg_folder }}/amd64" + +- name: Generate Packages.gz file for apt packages + shell: | + set -o pipefail + dpkg-scanpackages amd64 | gzip -9c > amd64/Packages.gz + args: + executable: /bin/bash + creates: "{{ pkg_folder }}/amd64/Packages.gz" + chdir: "{{ pkg_folder }}" + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/tasks/prepare-packaging.yaml b/playbooks/roles/package/tasks/prepare-packaging.yaml new file mode 100644 index 0000000..cca35b0 --- /dev/null +++ b/playbooks/roles/package/tasks/prepare-packaging.yaml @@ -0,0 +1,88 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Create temporary folder to clone engine repositories + tempfile: + prefix: "engine." + state: directory + register: tempdir + +- block: + - name: Clone engine provisioner repositories + git: + repo: "{{ provisioners[provisioner.key].src }}" + dest: "{{ tempdir.path }}/{{ provisioner.key }}" + version: "{{ provisioners[provisioner.key].version }}" + refspec: "{{ provisioners[provisioner.key].refspec | default(omit) }}" + force: true + with_dict: "{{ provisioners }}" + loop_control: + loop_var: provisioner + environment: + http_proxy: "{{ lookup('env','http_proxy') }}" + https_proxy: "{{ lookup('env','https_proxy') }}" + no_proxy: "{{ lookup('env','no_proxy') }}" + + - name: Copy engine provisioner vars file into group_vars + copy: + src: "{{ tempdir.path }}/{{ provisioner.key }}/vars/{{ provisioner.key }}.yaml" + dest: "{{ engine_path }}/engine/inventory/group_vars/all/{{ provisioner.key }}.yaml" + force: true + with_dict: "{{ provisioners }}" + loop_control: + loop_var: provisioner + when: provisioners is defined + +- block: + - name: Clone engine installer repositories + git: + repo: "{{ installers[installer.key].src }}" + dest: "{{ tempdir.path }}/{{ installer.key }}" + version: "{{ installers[installer.key].version }}" + refspec: "{{ installers[installer.key].refspec | default(omit) }}" + force: true + with_dict: "{{ installers }}" + loop_control: + loop_var: installer + environment: + http_proxy: "{{ lookup('env','http_proxy') }}" + https_proxy: "{{ lookup('env','https_proxy') }}" + no_proxy: "{{ lookup('env','no_proxy') }}" + + - name: Copy engine installer vars file into group_vars + copy: + src: "{{ tempdir.path }}/{{ installer.key }}/vars/{{ installer.key }}.yaml" + dest: "{{ engine_path }}/engine/inventory/group_vars/all/{{ installer.key }}.yaml" + force: true + with_dict: "{{ installers }}" + loop_control: + loop_var: installer + when: installers is defined + +- name: Delete temporary folder + file: + path: "{{ tempdir.path }}" + state: absent + force: true + +- name: Include vars from collected provisioners and installers vars files + include_vars: + dir: "{{ engine_path }}/engine/inventory/group_vars/all" + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/package/templates/kubeadm-images.yaml.j2 b/playbooks/roles/package/templates/kubeadm-images.yaml.j2 new file mode 100644 index 0000000..cc4f212 --- /dev/null +++ b/playbooks/roles/package/templates/kubeadm-images.yaml.j2 @@ -0,0 +1,13 @@ +apiVersion: kubeadm.k8s.io/v1beta1 +kind: InitConfiguration +nodeRegistration: + criSocket: {{ cri_socket }} +--- +apiVersion: kubeadm.k8s.io/v1beta1 +kind: ClusterConfiguration +imageRepository: {{ kube_image_repo }} +kubernetesVersion: {{ kube_version }} +dns: + type: CoreDNS + imageRepository: {{ coredns_image_repo | regex_replace('/coredns$','') }} + imageTag: {{ coredns_image_tag }} diff --git a/playbooks/roles/package/templates/pip.conf.j2 b/playbooks/roles/package/templates/pip.conf.j2 new file mode 100644 index 0000000..9ab40ef --- /dev/null +++ b/playbooks/roles/package/templates/pip.conf.j2 @@ -0,0 +1,4 @@ +[global] +timeout=10 +find-links={{ engine_workspace }}/offline/pip +no-index=yes diff --git a/playbooks/roles/package/templates/ubuntu.list.j2 b/playbooks/roles/package/templates/ubuntu.list.j2 new file mode 100644 index 0000000..7003921 --- /dev/null +++ b/playbooks/roles/package/templates/ubuntu.list.j2 @@ -0,0 +1,859 @@ +accountsservice +acl +acpid +adduser +amd64-microcode +apparmor +apport +apport-symptoms +apt +apt-cacher-ng +apt-transport-https +apt-utils +at +aufs-tools +augeas-lenses +base-files +base-passwd +bash +bash-completion +bc +bcache-tools +bind9-host +binutils +binutils-common:amd64 +binutils-x86-64-linux-gnu +bridge-utils +bsdmainutils +bsdutils +btrfs-progs +btrfs-tools +build-essential +busybox +busybox-initramfs +busybox-static +byobu +bzip2 +ca-certificates +chrony +cloud-guest-utils +cloud-image-utils +cloud-init +cloud-initramfs-copymods +cloud-initramfs-dyn-netconf +cloud-utils +command-not-found +command-not-found-data +conntrack +console-setup +console-setup-linux +coreutils +cpio +cpp +cpp-7 +cpu-checker +crda +cron +cryptsetup +cryptsetup-bin +curl +dash +dbus +dconf-gsettings-backend:amd64 +dconf-service +debconf +debconf-i18n +debianutils +debootstrap +dh-python +diffutils +dirmngr +distro-info-data +dmeventd +dmidecode +dmsetup +dnsmasq +dnsmasq-base +dns-root-data +dnsutils +dosfstools +dpkg +dpkg-dev +e2fsprogs +eatmydata +ebtables +ed +efibootmgr +eject +ethtool +fakeroot +fdisk +file +findutils +fontconfig +fontconfig-config +fonts-dejavu-core +fonts-ubuntu-console +freeipmi-common +friendly-recovery +ftp +fuse +g++ +g++-7 +galera-3 +gawk +gcc +gcc-7 +gcc-7-base:amd64 +gcc-8-base:amd64 +gdisk +genisoimage +geoip-database +gettext-base +gir1.2-glib-2.0:amd64 +gir1.2-harfbuzz-0.0:amd64 +git +git-man +glib-networking:amd64 +glib-networking-common +glib-networking-services +gnupg +gnupg-agent +gnupg-l10n +gnupg-utils +gpg +gpg-agent +gpgconf +gpgsm +gpgv +gpg-wks-client +gpg-wks-server +grep +groff-base +grub2-common +grub-common +grub-efi-amd64 +grub-efi-amd64-bin +grub-efi-amd64-signed +grub-gfxpayload-lists +grub-ipxe +grub-legacy-ec2 +grub-pc +grub-pc-bin +gsettings-desktop-schemas +gstreamer1.0-plugins-base:amd64 +gstreamer1.0-plugins-good:amd64 +gstreamer1.0-x:amd64 +gzip +hdparm +hostname +htop +ibverbs-providers:amd64 +icu-devtools +ifupdown +info +init +initramfs-tools +initramfs-tools-bin +initramfs-tools-core +init-system-helpers +install-info +intel-microcode +ipmitool +iproute2 +ipset +iptables +iputils-ping +iputils-tracepath +ipvsadm +ipxe +ipxe-qemu +ipxe-qemu-256k-compat-efi-roms +irqbalance +isc-dhcp-client +isc-dhcp-common +iso-codes +iucode-tool +iw +javascript-common +kbd +keyboard-configuration +klibc-utils +kmod +kpartx +krb5-locales +landscape-common +language-pack-en +language-pack-en-base +language-selector-common +less +libaa1:amd64 +libaccountsservice0:amd64 +libacl1:amd64 +libaio1:amd64 +libalgorithm-diff-perl +libalgorithm-diff-xs-perl +libalgorithm-merge-perl +libapparmor1:amd64 +libapt-inst2.0:amd64 +libapt-pkg5.0:amd64 +libargon2-0:amd64 +libasan4:amd64 +libasn1-8-heimdal:amd64 +libasound2:amd64 +libasound2-data +libassuan0:amd64 +libasyncns0:amd64 +libatm1:amd64 +libatomic1:amd64 +libattr1:amd64 +libaudit1:amd64 +libaudit-common +libaugeas0:amd64 +libavahi-client3:amd64 +libavahi-common3:amd64 +libavahi-common-data:amd64 +libavc1394-0:amd64 +libbind9-160:amd64 +libbinutils:amd64 +libblkid1:amd64 +libbluetooth3:amd64 +libbrlapi0.6:amd64 +libbsd0:amd64 +libbz2-1.0:amd64 +libc6:amd64 +libc6-dev:amd64 +libcaca0:amd64 +libcacard0:amd64 +libcairo2:amd64 +libcairo-gobject2:amd64 +libcap2:amd64 +libcap2-bin +libcap-ng0:amd64 +libc-bin +libcc1-0:amd64 +libc-dev-bin +libcdparanoia0:amd64 +libcgi-fast-perl +libcgi-pm-perl +libcilkrts5:amd64 +libcom-err2:amd64 +libconfig-inifiles-perl +libcryptsetup12:amd64 +libcurl3-gnutls:amd64 +libcurl4:amd64 +libdatrie1:amd64 +libdb5.3:amd64 +libdbd-mysql-perl +libdbi-perl +libdbus-1-3:amd64 +libdconf1:amd64 +libdebconfclient0:amd64 +libdevmapper1.02.1:amd64 +libdevmapper-event1.02.1:amd64 +libdns1100:amd64 +libdns-export1100 +libdpkg-perl +libdrm2:amd64 +libdrm-common +libdumbnet1:amd64 +libdv4:amd64 +libeatmydata1:amd64 +libedit2:amd64 +libefiboot1:amd64 +libefivar1:amd64 +libelf1:amd64 +libencode-locale-perl +liberror-perl +libestr0:amd64 +libevent-2.1-6:amd64 +libexpat1:amd64 +libexpat1-dev:amd64 +libext2fs2:amd64 +libfakeroot:amd64 +libfastjson4:amd64 +libfcgi-perl +libfdisk1:amd64 +libfdt1:amd64 +libffi6:amd64 +libffi-dev:amd64 +libfile-copy-recursive-perl +libfile-fcntllock-perl +libflac8:amd64 +libfontconfig1:amd64 +libfreeipmi16 +libfreetype6:amd64 +libfribidi0:amd64 +libfuse2:amd64 +libgcc1:amd64 +libgcc-7-dev:amd64 +libgcrypt20:amd64 +libgd3:amd64 +libgdbm5:amd64 +libgdbm-compat4:amd64 +libgdk-pixbuf2.0-0:amd64 +libgdk-pixbuf2.0-bin +libgdk-pixbuf2.0-common +libgeoip1:amd64 +libgirepository-1.0-1:amd64 +libglib2.0-0:amd64 +libglib2.0-bin +libglib2.0-data +libglib2.0-dev:amd64 +libglib2.0-dev-bin +libgmp10:amd64 +libgnutls30:amd64 +libgomp1:amd64 +libgpg-error0:amd64 +libgpm2:amd64 +libgraphite2-3:amd64 +libgraphite2-dev:amd64 +libgssapi3-heimdal:amd64 +libgssapi-krb5-2:amd64 +libgstreamer1.0-0:amd64 +libgstreamer-plugins-base1.0-0:amd64 +libgstreamer-plugins-good1.0-0:amd64 +libgudev-1.0-0:amd64 +libharfbuzz0b:amd64 +libharfbuzz-dev:amd64 +libharfbuzz-gobject0:amd64 +libharfbuzz-icu0:amd64 +libhcrypto4-heimdal:amd64 +libheimbase1-heimdal:amd64 +libheimntlm0-heimdal:amd64 +libhogweed4:amd64 +libhtml-parser-perl +libhtml-tagset-perl +libhtml-template-perl +libhttp-date-perl +libhttp-message-perl +libhx509-5-heimdal:amd64 +libibverbs1:amd64 +libicu60:amd64 +libicu-dev +libicu-le-hb0:amd64 +libicu-le-hb-dev:amd64 +libiculx60:amd64 +libidn11:amd64 +libidn2-0:amd64 +libiec61883-0:amd64 +libio-html-perl +libip4tc0:amd64 +libip6tc0:amd64 +libipset3:amd64 +libiptc0:amd64 +libirs160:amd64 +libisc169:amd64 +libisccc160:amd64 +libisccfg160:amd64 +libisc-export169:amd64 +libiscsi7:amd64 +libisl19:amd64 +libisns0:amd64 +libitm1:amd64 +libjack-jackd2-0:amd64 +libjbig0:amd64 +libjemalloc1 +libjpeg8:amd64 +libjpeg-turbo8:amd64 +libjs-jquery +libjson-c3:amd64 +libjs-sphinxdoc +libjs-underscore +libk5crypto3:amd64 +libkeyutils1:amd64 +libklibc +libkmod2:amd64 +libkrb5-26-heimdal:amd64 +libkrb5-3:amd64 +libkrb5support0:amd64 +libksba8:amd64 +libldap-2.4-2:amd64 +libldap-common +liblocale-gettext-perl +liblsan0:amd64 +libltdl7 +liblvm2app2.2:amd64 +liblvm2cmd2.02:amd64 +liblwp-mediatypes-perl +liblwres160:amd64 +liblxc1 +liblxc-common +liblz4-1:amd64 +liblzma5:amd64 +liblzo2-2:amd64 +libmagic1:amd64 +libmagic-mgc +libmnl0:amd64 +libmount1:amd64 +libmp3lame0:amd64 +libmpc3:amd64 +libmpdec2:amd64 +libmpfr6:amd64 +libmpg123-0:amd64 +libmpx2:amd64 +libmspack0:amd64 +libmysqlclient20:amd64 +libncurses5:amd64 +libncursesw5:amd64 +libnetcf1:amd64 +libnetfilter-conntrack3:amd64 +libnettle6:amd64 +libnewt0.52:amd64 +libnfnetlink0:amd64 +libnghttp2-14:amd64 +libnginx-mod-http-geoip +libnginx-mod-http-image-filter +libnginx-mod-http-xslt-filter +libnginx-mod-mail +libnginx-mod-stream +libnih1:amd64 +libnl-3-200:amd64 +libnl-genl-3-200:amd64 +libnl-route-3-200:amd64 +libnorm1:amd64 +libnpth0:amd64 +libnspr4:amd64 +libnss3:amd64 +libnss-systemd:amd64 +libntfs-3g88 +libnuma1:amd64 +libogg0:amd64 +libopenipmi0 +libopus0:amd64 +liborc-0.4-0:amd64 +libp11-kit0:amd64 +libpam0g:amd64 +libpam-cap:amd64 +libpam-modules:amd64 +libpam-modules-bin +libpam-runtime +libpam-systemd:amd64 +libpango-1.0-0:amd64 +libpangocairo-1.0-0:amd64 +libpangoft2-1.0-0:amd64 +libparted2:amd64 +libpcap0.8:amd64 +libpci3:amd64 +libpciaccess0:amd64 +libpcre16-3:amd64 +libpcre32-3:amd64 +libpcre3:amd64 +libpcre3-dev:amd64 +libpcrecpp0v5:amd64 +libperl5.26:amd64 +libpgm-5.2-0:amd64 +libpipeline1:amd64 +libpixman-1-0:amd64 +libplymouth4:amd64 +libpng16-16:amd64 +libpolkit-agent-1-0:amd64 +libpolkit-backend-1-0:amd64 +libpolkit-gobject-1-0:amd64 +libpopt0:amd64 +libprocps6:amd64 +libproxy1v5:amd64 +libpsl5:amd64 +libpulse0:amd64 +libpython2.7:amd64 +libpython2.7-dev:amd64 +libpython2.7-minimal:amd64 +libpython2.7-stdlib:amd64 +libpython3.6:amd64 +libpython3.6-dev:amd64 +libpython3.6-minimal:amd64 +libpython3.6-stdlib:amd64 +libpython3-dev:amd64 +libpython3-stdlib:amd64 +libpython-all-dev:amd64 +libpython-dev:amd64 +libpython-stdlib:amd64 +libquadmath0:amd64 +librados2 +libraw1394-11:amd64 +librbd1 +librdmacm1:amd64 +libreadline5:amd64 +libreadline7:amd64 +libroken18-heimdal:amd64 +librtmp1:amd64 +libsamplerate0:amd64 +libsasl2-2:amd64 +libsasl2-modules:amd64 +libsasl2-modules-db:amd64 +libsdl1.2debian:amd64 +libseccomp2:amd64 +libselinux1:amd64 +libsemanage1:amd64 +libsemanage-common +libsensors4:amd64 +libsepol1:amd64 +libshout3:amd64 +libsigsegv2:amd64 +libslang2:amd64 +libsmartcols1:amd64 +libsndfile1:amd64 +libsnmp30:amd64 +libsnmp-base +libsodium23:amd64 +libsoup2.4-1:amd64 +libspeex1:amd64 +libspice-server1:amd64 +libsqlite3-0:amd64 +libss2:amd64 +libssl1.0.0:amd64 +libssl1.1:amd64 +libssl-dev:amd64 +libstdc++6:amd64 +libstdc++-7-dev:amd64 +libsystemd0:amd64 +libtag1v5:amd64 +libtag1v5-vanilla:amd64 +libtasn1-6:amd64 +libterm-readkey-perl +libtext-charwidth-perl +libtext-iconv-perl +libtext-wrapi18n-perl +libthai0:amd64 +libthai-data +libtheora0:amd64 +libtiff5:amd64 +libtimedate-perl +libtinfo5:amd64 +libtsan0:amd64 +libtwolame0:amd64 +libubsan0:amd64 +libudev1:amd64 +libunistring2:amd64 +libunwind8:amd64 +liburi-perl +libusb-1.0-0:amd64 +libusbredirparser1:amd64 +libutempter0:amd64 +libuuid1:amd64 +libv4l-0:amd64 +libv4lconvert0:amd64 +libvirt0:amd64 +libvirt-bin +libvirt-clients +libvirt-daemon +libvirt-daemon-driver-storage-rbd +libvirt-daemon-system +libvirt-dev:amd64 +libvisual-0.4-0:amd64 +libvorbis0a:amd64 +libvorbisenc2:amd64 +libvpx5:amd64 +libwavpack1:amd64 +libwebp6:amd64 +libwind0-heimdal:amd64 +libwrap0:amd64 +libwsman1:amd64 +libwsman-client4:amd64 +libwsman-curl-client-transport1:amd64 +libx11-6:amd64 +libx11-data +libxau6:amd64 +libxcb1:amd64 +libxcb-render0:amd64 +libxcb-shm0:amd64 +libxdamage1:amd64 +libxdmcp6:amd64 +libxen-4.9:amd64 +libxen-dev:amd64 +libxenstore3.0:amd64 +libxext6:amd64 +libxfixes3:amd64 +libxml2:amd64 +libxml2-dev:amd64 +libxml2-utils +libxmlsec1:amd64 +libxmlsec1-openssl:amd64 +libxmuu1:amd64 +libxpm4:amd64 +libxrender1:amd64 +libxslt1.1:amd64 +libxslt1-dev:amd64 +libxtables12:amd64 +libxv1:amd64 +libyajl2:amd64 +libyaml-0-2:amd64 +libzmq5:amd64 +libzstd1:amd64 +linux-base +linux-firmware +linux-headers-4.15.0-20 +linux-headers-4.15.0-20-generic +linux-headers-generic +linux-headers-virtual +linux-image-4.15.0-20-generic +linux-image-4.15.0-88-generic +linux-image-generic +linux-image-virtual +linux-libc-dev:amd64 +linux-modules-4.15.0-20-generic +linux-modules-4.15.0-88-generic +linux-modules-extra-4.15.0-88-generic +linux-virtual +locales +login +logrotate +lsb-base +lsb-release +lshw +lsof +ltrace +lvm2 +lxcfs +lxd +lxd-client +make +man-db +manpages +manpages-dev +mariadb-client-10.1 +mariadb-client-core-10.1 +mariadb-common +mariadb-server +mariadb-server-10.1 +mariadb-server-core-10.1 +mawk +mdadm +mime-support +mlocate +mokutil +mount +msr-tools +mtr-tiny +multiarch-support +mysql-common +nano +ncurses-base +ncurses-bin +ncurses-term +netbase +netcat-openbsd +netplan.io +net-tools +networkd-dispatcher +nginx +nginx-common +nginx-core +nplan +ntfs-3g +openipmi +open-iscsi +openssh-client +openssh-server +openssh-sftp-server +openssl +open-vm-tools +os-prober +overlayroot +parted +passwd +pastebinit +patch +pciutils +perl +perl-base +perl-modules-5.26 +pinentry-curses +pkg-config +plymouth +plymouth-theme-ubuntu-text +policykit-1 +pollinate +popularity-contest +powermgmt-base +procps +psmisc +publicsuffix +python +python2.7 +python2.7-dev +python2.7-minimal +python3 +python3.6 +python3.6-dev +python3.6-minimal +python3-apport +python3-apt +python3-asn1crypto +python3-attr +python3-automat +python3-blinker +python3-certifi +python3-cffi-backend +python3-chardet +python3-click +python3-colorama +python3-commandnotfound +python3-configobj +python3-constantly +python3-crypto +python3-cryptography +python3-dbus +python3-debconf +python3-debian +python3-dev +python3-distro-info +python3-distupgrade +python3-distutils +python3-gdbm:amd64 +python3-gi +python3-httplib2 +python3-hyperlink +python3-idna +python3-incremental +python3-jinja2 +python3-jsonpatch +python3-json-pointer +python3-jsonschema +python3-jwt +python3-keyring +python3-keyrings.alt +python3-lib2to3 +python3-markupsafe +python3-minimal +python3-mysqldb +python3-newt:amd64 +python3-oauthlib +python3-openssl +python3-pam +python3-pip +python3-pkg-resources +python3-problem-report +python3-pyasn1 +python3-pyasn1-modules +python3-pymysql +python3-requests +python3-requests-unixsocket +python3-secretstorage +python3-serial +python3-service-identity +python3-setuptools +python3-six +python3-software-properties +python3-systemd +python3-twisted +python3-twisted-bin:amd64 +python3-update-manager +python3-urllib3 +python3-virtualenv +python3-wheel +python3-xdg +python3-yaml +python3-zmq +python3-zope.interface +python-all +python-all-dev +python-apt +python-apt-common +python-asn1crypto +python-cffi-backend +python-configparser +python-crypto +python-cryptography +python-dbus +python-dev +python-enum34 +python-gi +python-idna +python-ipaddress +python-keyring +python-keyrings.alt +python-minimal +python-mysqldb +python-openwsman +python-pip +python-pip-whl +python-pkg-resources +python-pymysql +python-secretstorage +python-setuptools +python-six +python-virtualenv +python-wheel +python-xdg +qemu-block-extra:amd64 +qemu-kvm +qemu-system-common +qemu-system-x86 +qemu-utils +readline-common +rsync +rsyslog +run-one +sbsigntool +screen +seabios +secureboot-db +sed +sensible-utils +sgabios +shared-mime-info +sharutils +shim +shim-signed +snapd +socat +software-properties-common +sosreport +squashfs-tools +ssh-import-id +strace +sudo +systemd +systemd-sysv +sysvinit-utils +tar +tcpdump +telnet +tftpd-hpa +tftp-hpa +time +tmux +tzdata +ubuntu-advantage-tools +ubuntu-keyring +ubuntu-minimal +ubuntu-release-upgrader-core +ubuntu-server +ubuntu-standard +ucf +udev +ufw +uidmap +unattended-upgrades +unzip +update-inetd +update-manager-core +update-notifier-common +ureadahead +usbutils +util-linux +uuid-runtime +vim +vim-common +vim-runtime +vim-tiny +virtualenv +wget +whiptail +wireless-regdb +xauth +xdelta3 +xdg-user-dirs +xfsprogs +xinetd +xkb-data +xxd +xz-utils +zerofree +zlib1g:amd64 +zlib1g-dev:amd64 +# NOTE (fdegir): pinned docker versions +docker-ce={{ docker_ce_version }} +docker-ce-cli={{ docker_ce_cli_version }} +containerd.io={{ containerd_io_version }} diff --git a/playbooks/roles/package/vars/Debian.yaml b/playbooks/roles/package/vars/Debian.yaml new file mode 100644 index 0000000..bd7361f --- /dev/null +++ b/playbooks/roles/package/vars/Debian.yaml @@ -0,0 +1,30 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +# package names +packages: + - dpkg-dev + - docker-ce={{ docker_ce_version }} + - docker-ce-cli={{ docker_ce_cli_version }} + - containerd.io={{ containerd_io_version }} + +# service names +docker_service_name: docker + +# vim: set ts=2 sw=2 expandtab: diff --git a/playbooks/roles/prepare-artifacts/tasks/main.yaml b/playbooks/roles/prepare-artifacts/tasks/main.yaml new file mode 100644 index 0000000..f55b044 --- /dev/null +++ b/playbooks/roles/prepare-artifacts/tasks/main.yaml @@ -0,0 +1,62 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +- name: Get list of k8s container image tarfiles + find: + path: "{{ engine_workspace }}/offline/containers" + patterns: '*.tar' + register: container_image + +# NOTE (fdegir): the user may not be member of docker group so we need root +# TODO (fdegir): we can perhaps skip loading already existing images here +- name: Load k8s container images from tarfiles + shell: docker load < {{ item.path }} + loop: "{{ container_image.files }}" + changed_when: false + become: true + +# NOTE (fdegir): the escape of curly brackets in ansible is really messy unfortunately +# we also shouldn't attempt to tag and push container images that are already on local registry +# NOTE (fdegir): we do not push any image that is already on engine.local and any image without tag +- name: Get list of loaded k8s container images to push + shell: | + set -o pipefail + docker images --format '{{ '{{' }}.Repository{{ '}}' }}':'{{ '{{' }}.Tag{{ '}}' }}' | grep -v '{{ server_fqdn }}\|' | sort + args: + executable: /bin/bash + changed_when: false + become: true + register: container_images + +- name: Create dict of k8s container images to tag and push + set_fact: + container_images_dict: "{{ ( container_images_dict | default({}) ) | combine({item: item | regex_replace('.*?.io/', '')}) }}" + loop: "{{ container_images.stdout_lines }}" + +# TODO (fdegir): it is messy to use ansible module for tagging and pushing but we can still look into it +# TODO (fdegir): we can perhaps skip tagging & pushing already existing images here +- name: Tag and push k8s container images to local registry + shell: | + docker tag {{ item.key }} {{ server_fqdn }}/{{ item.value }} + docker push {{ server_fqdn }}/{{ item.value }} + with_dict: "{{ container_images_dict }}" + changed_when: false + become: true + +# vim: set ts=2 sw=2 expandtab: diff --git a/vars/kubernetes.yaml b/vars/kubernetes.yaml new file mode 100644 index 0000000..5accc01 --- /dev/null +++ b/vars/kubernetes.yaml @@ -0,0 +1,108 @@ +--- +# ============LICENSE_START======================================================= +# Copyright (C) 2019 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +distros: + - ubuntu1804 + +provisioners: + bifrost: + scm: git + src: https://gerrit.nordix.org/infra/provisioner/bifrost.git + version: "{{ lookup('env', 'NORDIX_BIFROST_VERSION') | default('master', true) }}" + refspec: "{{ lookup('env', 'NORDIX_BIFROST_REFSPEC') | default(omit) }}" + heat: + scm: git + src: https://gerrit.nordix.org/infra/provisioner/heat.git + version: "{{ lookup('env', 'NORDIX_HEAT_VERSION') | default('master', true) }}" + refspec: "{{ lookup('env', 'NORDIX_HEAT_REFSPEC') | default(omit) }}" + +installers: + kubespray: + scm: git + src: https://gerrit.nordix.org/infra/installer/kubespray.git + version: "{{ lookup('env', 'NORDIX_KUBESPRAY_VERSION') | default('master', true) }}" + refspec: "{{ lookup('env', 'NORDIX_KUBESPRAY_REFSPEC') | default(omit) }}" + +# NOTE (fdegir): this is only the list of scenarios implemented within +# installer repository and does not list what apps are for curated for +# them as it is self documented within the scenario playbook in installer +# repository. Curated apps are not listed separately either as they are +# similar to scenarios; they are available in installer repository. +scenarios: + - k8-calico-istio + - k8-calico-nofeature + - k8-calico-spinnaker + - k8-canal-nofeature + - k8-cilium-nofeature + - k8-flannel-nofeature + - k8-multus-nofeature + - k8-multus-plugins + - k8-weave-nofeature + +# ------------------------------------------------------------------------------- +# Kubernetes: Kubernetes and kubectl versions +# ------------------------------------------------------------------------------- +# Kubernetes version that is supported by the pinned kubespray version +kubernetes_version: "v1.17.0" +# version of the kubectl should generally match to the version of kubernetes itself +# but it would be good to have possibility to override it in case if someone needs it for some reason +kubectl_version: "{{ kubernetes_version }}" + +# ------------------------------------------------------------------------------- +# Kubernetes: Versions of rook, ceph and their dependencies +# ------------------------------------------------------------------------------- +rook_version: "v1.1.2" +ceph_version: "v14.2.4-20190917" +cephcsi_version: "v1.2.1" +csi_node_driver_registrar_version: "v1.1.0" +csi_attacher_version: "v1.2.0" +csi_provisioner_version: "v1.3.0" +csi_snapshotter_version: "v1.2.0" + +# ------------------------------------------------------------------------------- +# Kubernetes: Versions of prometheus and its dependencies +# ------------------------------------------------------------------------------- +# TODO (fdegir): prometheus version of what? helm chart? +prometheus_version: "1.3.1" +prom_alertmanager_version: "v0.20.0" +prom_node_exporter_version: "v0.18.1" +prom_prometheus_version: "v2.16.0" +prom_push_gateway_version: "v1.0.1" + +# ------------------------------------------------------------------------------- +# Kubernetes: Versions of spinnaker and its dependencies +# ------------------------------------------------------------------------------- +# Helm chart and docker version +spinnaker_version: "1.23.2" +spinnaker_app_version: "1.16.2" + +# ------------------------------------------------------------------------------- +# Kubernetes: App versions +# ------------------------------------------------------------------------------- +helm_version: "v2.16.1" +charts_version: "0b64349aeb537d0fd038df0e1d40ec5cf1206609" +istio_version: "1.3.1" + +# ------------------------------------------------------------------------------- +# Misc: Versions of other components +# ------------------------------------------------------------------------------- +configmap_reload_version: "v0.3.0" +kube_state_metrics_version: "v1.9.5" + +# vim: set ts=2 sw=2 expandtab: -- 2.25.1