noheat: Upgrades, refactor, deploy Devstack
* Revert "Enable VID" (this reverts commit 2223bfaffa8fe5fb90c578ec71a035f001b9ce22)
* make sure ca-certificates is current
* add ability to configure Docker daemon
* upgrade Ubuntu to 20.04
* update tools, dependencies, Ansible Galaxy collections, Docker, RKE, k8s & charts
* make Prometheus & MetalLB optional
* deploy Istio
* use copy instead of ansible.posix.synchronize
* Allow to set IP address pools in OpenStack
* fix ansible-lint issues
* split big tasks files into smaller ones
* migrate to ansible-core
* add 'make onap' task
* add Devstack deployment
* fix NFS exports
* add Strimzi
* install Docker on operator
* override Nexus only on hosts that need it
* ability to set override file (sm-onap is default)
* ability to set ONAP (OOM) branch
* ability to set Devstack version
* add playbook to deploy everything
* describe how to run playbooks
* save operator0 access information
* install Galaxy deps with dedicated module
Issue-ID: INT-1601
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
Change-Id: I88cfeeaf281c175340b63909983251ecd62eeb00
diff --git a/.gitignore b/.gitignore
index ce4abfa..ecf7f10 100644
--- a/.gitignore
+++ b/.gitignore
@@ -32,3 +32,4 @@
benchmark/
.tox/
build/
+deployment/noheat/**/artifacts/*
diff --git a/deployment/noheat/README.rst b/deployment/noheat/README.rst
index da66516..a75ad2b 100644
--- a/deployment/noheat/README.rst
+++ b/deployment/noheat/README.rst
@@ -25,16 +25,24 @@
~~~~~~~~~~~~
- Required python packages (including Ansible) can be found in ``requirements.txt`` pip file.
- Tested on Python 3.6.9.
-- Ansible:
- - Collections
- - community.crypto: tested on 1.7.1
- - ansible.posix: tested on 1.2.0
- - openstack.cloud: tested on 1.5.0
- - Roles
- - geerlingguy.ansible: tested on 2.1.0
+ Tested on Python 3.8.10.
+- Ansible required collections & roles can be found in ``requirements.yml`` file for installation
+ with ansible-galaxy tool.
Expected output
---------------
Ephemeral (disposable) ONAP instance.
+
+Running
+-------
+
+There are 4 playbooks available:
+
+- infa-openstack/ansible/create.yml: creates and prepares OpenStack VMs, generates inventory.
+ Must be run as a first playbook. Run on your machine.
+- devstack/ansible/create.yml: deploys Devstack on appropriate VM. Run on jumphost VM (operator0).
+- cluster-rke/ansible/create.yml: deploys NFS, k8s, helm charts and ONAP. Run on jumphost VM.
+- deploy-all.yml: runs above playbooks. Run on your machine.
+
+User may run deploy-all.yml or manually run infra-openstack, devstack and cluster-rke playbooks.
diff --git a/deployment/noheat/cluster-rke/ansible/create.yml b/deployment/noheat/cluster-rke/ansible/create.yml
index 3ba4a83..920db96 100644
--- a/deployment/noheat/cluster-rke/ansible/create.yml
+++ b/deployment/noheat/cluster-rke/ansible/create.yml
@@ -1,4 +1,12 @@
---
+- name: Update packages
+ hosts: operator
+ become: true
+ tasks:
+ - name: Update ca-certificates
+ package:
+ name: ca-certificates
+ state: latest
- name: Install NFS
hosts: all
become: yes
@@ -11,7 +19,7 @@
- role: create_bastion
destination: "{{ nexus }}"
- name: Add bastion information to the cluster nodes
- hosts: all
+ hosts: control,workers
become: yes
tasks:
- name: Add cluster hostnames to /etc/hosts file
@@ -22,11 +30,13 @@
- "nexus3.onap.org"
- name: Install Docker
become: yes
- hosts: control,workers
+ hosts: operator,control,workers
roles:
- role: setup_docker
- name: Deploy k8s
hosts: operator0
+ vars_files:
+ - ~/common-vars.yml
roles:
- role: setup_k8s
- name: Download OOM
@@ -36,7 +46,7 @@
git:
repo: "https://git.onap.org/oom"
dest: "{{ oom_dir }}"
- version: "master"
+ version: "{{ onap_branch }}"
- name: Install Helm
hosts: operator0
roles:
diff --git a/deployment/noheat/cluster-rke/ansible/group_vars/all.yml b/deployment/noheat/cluster-rke/ansible/group_vars/all.yml
deleted file mode 120000
index d8e74e2..0000000
--- a/deployment/noheat/cluster-rke/ansible/group_vars/all.yml
+++ /dev/null
@@ -1 +0,0 @@
-all.yml.sm-onap
\ No newline at end of file
diff --git a/deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap b/deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap
index 406f915..9fb3313 100644
--- a/deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap
+++ b/deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap
@@ -3,3 +3,9 @@
address: 199.204.45.137
port: 10001
oom_dir: "{{ ansible_user_dir }}/oom"
+onap_branch: "master"
+override_file: "{{ oom_dir }}/kubernetes/onap/resources/overrides/sm-onap.yaml"
+integration_dir: "{{ ansible_user_dir }}/integration"
+prometheus_enabled: true
+metallb_enabled: true
+istio_enabled: true
diff --git a/deployment/noheat/cluster-rke/ansible/group_vars/all/all.yml b/deployment/noheat/cluster-rke/ansible/group_vars/all/all.yml
new file mode 120000
index 0000000..2065261
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/group_vars/all/all.yml
@@ -0,0 +1 @@
+../all.yml.sm-onap
\ No newline at end of file
diff --git a/deployment/noheat/cluster-rke/ansible/roles/deps/defaults/main.yml b/deployment/noheat/cluster-rke/ansible/roles/deps/defaults/main.yml
index 28ddadf..eee910f 100644
--- a/deployment/noheat/cluster-rke/ansible/roles/deps/defaults/main.yml
+++ b/deployment/noheat/cluster-rke/ansible/roles/deps/defaults/main.yml
@@ -1,6 +1,11 @@
---
-cert_manager_version: "1.2.0"
-prometheus_version: "13.13.1"
-metallb_version: "0.10.2"
-metallb_protocol: "layer2"
-metallb_addresses: "192.168.1.240-192.168.1.255"
+cert_manager_version: "1.5.5"
+prometheus_enabled: true
+prometheus_version: "19.3.0"
+metallb_enabled: true
+metallb_version: "0.13.6"
+metallb_addresses: "192.168.1.129-192.168.1.255"
+istio_enabled: true
+istio_version: "1.15.2"
+strimzi_enabled: true
+strimzi_version: "0.28.0"
diff --git a/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/cert-manager.yml b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/cert-manager.yml
new file mode 100644
index 0000000..5a14d93
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/cert-manager.yml
@@ -0,0 +1,17 @@
+---
+- name: Check if cert-manager manifest file is present
+ stat:
+ path: /tmp/cert-manager.yaml
+ register: cm_manifest
+
+- name: Download cert-manager
+ get_url:
+ url: "https://github.com/jetstack/cert-manager/releases/download/v{{ cert_manager_version }}/cert-manager.yaml"
+ dest: "/tmp"
+ mode: '0400'
+ when: not cm_manifest.stat.exists
+
+- name: Deploy cert-manager
+ kubernetes.core.k8s:
+ src: /tmp/cert-manager.yaml
+ state: present
diff --git a/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/istio.yml b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/istio.yml
new file mode 100644
index 0000000..01e335c
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/istio.yml
@@ -0,0 +1,40 @@
+---
+- name: Add Istio Helm repository
+ kubernetes.core.helm_repository:
+ name: istio
+ repo_url: https://istio-release.storage.googleapis.com/charts
+
+- name: Deploy Istio base chart
+ kubernetes.core.helm:
+ name: istio-base
+ chart_version: "{{ istio_version }}"
+ chart_ref: istio/base
+ release_namespace: istio-system
+ create_namespace: true
+
+- name: Deploy Istio discovery chart
+ kubernetes.core.helm:
+ name: istiod
+ chart_version: "{{ istio_version }}"
+ chart_ref: istio/istiod
+ release_namespace: istio-system
+ wait: true
+
+- name: Create Istio ingress gateway namespace
+ kubernetes.core.k8s:
+ state: present
+ definition:
+ apiVersion: v1
+ kind: Namespace
+ metadata:
+ name: istio-ingress
+ labels:
+ istio-injection: enabled
+
+- name: Deploy Istio ingress gateway chart
+ kubernetes.core.helm:
+ name: istio-ingress
+ chart_version: "{{ istio_version }}"
+ chart_ref: istio/gateway
+ release_namespace: istio-ingress
+ wait: true
diff --git a/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/main.yml b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/main.yml
index 022867d..32adc33 100644
--- a/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/main.yml
+++ b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/main.yml
@@ -1,44 +1,19 @@
-- name: Download cert-manager
- get_url:
- url: "https://github.com/jetstack/cert-manager/releases/download/v{{ cert_manager_version }}/cert-manager.yaml"
- dest: "/tmp"
- mode: '0400'
+---
+- name: Setup cert-manager
+ include_tasks: cert-manager.yml
-- name: Deploy cert-manager
- kubernetes.core.k8s:
- src: /tmp/cert-manager.yaml
- state: present
+- name: Setup strimzi
+ include_tasks: strimzi.yml
+ when: strimzi_enabled
-- name: Add MetalLB Helm repository
- kubernetes.core.helm_repository:
- name: metallb
- repo_url: https://metallb.github.io/metallb
+- name: Setup MetalLB
+ include_tasks: metallb.yml
+ when: metallb_enabled
-- name: Add prometheus Helm repository
- kubernetes.core.helm_repository:
- name: prometheus
- repo_url: https://prometheus-community.github.io/helm-charts
+- name: Setup Prometheus
+ include_tasks: prometheus.yml
+ when: prometheus_enabled
-- name: Copy MetalLB override file
- template:
- src: "metallb-values.yaml.j2"
- dest: "/tmp/metallb-values.yaml"
- mode: '0400'
-
-- name: Deploy MetalLB charts
- kubernetes.core.helm:
- name: metallb
- chart_version: "{{ metallb_version }}"
- chart_ref: metallb/metallb
- release_namespace: metallb
- create_namespace: true
- values_files:
- - /tmp/metallb-values.yaml
-
-- name: Deploy Prometheus charts
- kubernetes.core.helm:
- name: prometheus
- chart_version: "{{ prometheus_version }}"
- chart_ref: prometheus/kube-prometheus-stack
- release_namespace: prometheus
- create_namespace: true
+- name: Setup Istio
+ include_tasks: istio.yml
+ when: istio_enabled
diff --git a/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/metallb.yml b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/metallb.yml
new file mode 100644
index 0000000..95547ec
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/metallb.yml
@@ -0,0 +1,51 @@
+---
+- name: Add MetalLB Helm repository
+ kubernetes.core.helm_repository:
+ name: metallb
+ repo_url: https://metallb.github.io/metallb
+
+- name: Create MetalLB namespace
+ kubernetes.core.k8s:
+ state: present
+ definition:
+ apiVersion: v1
+ kind: Namespace
+ metadata:
+ name: metallb-system
+ labels:
+ pod-security.kubernetes.io/enforce: privileged
+ pod-security.kubernetes.io/audit: privileged
+ pod-security.kubernetes.io/warn: privileged
+- name: Deploy MetalLB charts
+ kubernetes.core.helm:
+ name: metallb
+ chart_version: "{{ metallb_version }}"
+ chart_ref: metallb/metallb
+ release_namespace: metallb-system
+ wait: true
+
+- name: Create MetalLB IP Address Pool Resource
+ kubernetes.core.k8s:
+ state: present
+ definition:
+ apiVersion: metallb.io/v1beta1
+ kind: IPAddressPool
+ metadata:
+ name: onap-pool
+ namespace: metallb-system
+ spec:
+ addresses:
+ - "{{ metallb_addresses }}"
+ register: result
+ retries: 1
+ until: result['failed'] == false
+
+- name: Create MetalLB L2 Advertisement Resource
+ kubernetes.core.k8s:
+ state: present
+ definition:
+ apiVersion: metallb.io/v1beta1
+ kind: L2Advertisement
+ metadata:
+ name: onap
+ namespace: metallb-system
diff --git a/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/prometheus.yml b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/prometheus.yml
new file mode 100644
index 0000000..e046cdd
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/prometheus.yml
@@ -0,0 +1,13 @@
+---
+- name: Add prometheus Helm repository
+ kubernetes.core.helm_repository:
+ name: prometheus
+ repo_url: https://prometheus-community.github.io/helm-charts
+
+- name: Deploy Prometheus charts
+ kubernetes.core.helm:
+ name: prometheus
+ chart_version: "{{ prometheus_version }}"
+ chart_ref: prometheus/kube-prometheus-stack
+ release_namespace: prometheus
+ create_namespace: true
diff --git a/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/strimzi.yml b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/strimzi.yml
new file mode 100644
index 0000000..fd5828b
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/strimzi.yml
@@ -0,0 +1,15 @@
+---
+- name: Add Strimzi Helm repository
+ kubernetes.core.helm_repository:
+ name: strimzi
+ repo_url: https://strimzi.io/charts
+
+- name: Deploy Strimzi chart
+ kubernetes.core.helm:
+ name: strimzi-kafka-operator
+ chart_version: "{{ strimzi_version }}"
+ chart_ref: strimzi/strimzi-kafka-operator
+ release_namespace: strimzi-system
+ create_namespace: true
+ values:
+ watchAnyNamespace: true
diff --git a/deployment/noheat/cluster-rke/ansible/roles/deps/templates/metallb-values.yaml.j2 b/deployment/noheat/cluster-rke/ansible/roles/deps/templates/metallb-values.yaml.j2
deleted file mode 100644
index d86d505..0000000
--- a/deployment/noheat/cluster-rke/ansible/roles/deps/templates/metallb-values.yaml.j2
+++ /dev/null
@@ -1,6 +0,0 @@
-configInline:
- address-pools:
- - name: default
- protocol: "{{ metallb_protocol }}"
- addresses:
- - "{{ metallb_addresses }}"
diff --git a/deployment/noheat/cluster-rke/ansible/roles/oom/tasks/main.yml b/deployment/noheat/cluster-rke/ansible/roles/oom/tasks/main.yml
index c0d8b15..035fb01 100644
--- a/deployment/noheat/cluster-rke/ansible/roles/oom/tasks/main.yml
+++ b/deployment/noheat/cluster-rke/ansible/roles/oom/tasks/main.yml
@@ -1,3 +1,4 @@
+---
- name: Build OOM charts
make:
chdir: "{{ oom_dir }}/kubernetes"
@@ -5,6 +6,61 @@
params:
SKIP_LINT: "TRUE"
+- name: Build ONAP charts
+ make:
+ chdir: "{{ oom_dir }}/kubernetes"
+ target: onap
+ params:
+ SKIP_LINT: "TRUE"
+
+- name: Create ONAP namespace
+ kubernetes.core.k8s:
+ state: present
+ definition:
+ apiVersion: v1
+ kind: Namespace
+ metadata:
+ name: onap
+ labels:
+ istio-injection: enabled
+ when: istio_enabled
+
+- name: Create ONAP namespace
+ kubernetes.core.k8s:
+ name: onap
+ api_version: v1
+ kind: Namespace
+ state: present
+ when: not istio_enabled
+
+- name: Get encryption key
+ command: cat "{{ oom_dir }}/kubernetes/so/resources/config/mso/encryption.key"
+ register: encryption_key
+ when: encryption_key is undefined
+- name: Clone integration project
+ git:
+ repo: "https://git.onap.org/integration"
+ dest: "{{ integration_dir }}"
+ version: "{{ onap_branch }}"
+- name: Compile encryption tool
+ command:
+ cmd: javac Crypto.java
+ chdir: "{{ integration_dir }}/deployment/heat/onap-rke/scripts"
+ creates: "{{ integration_dir }}/deployment/heat/onap-rke/scripts/Crypto.class"
+- name: Encrypt password
+ command:
+ cmd: java Crypto "{{ openstack_passwd }}" "{{ encryption_key.stdout }}"
+ chdir: "{{ integration_dir }}/deployment/heat/onap-rke/scripts"
+ register: encrypted_password
+ when: encrypted_password is undefined
+
- name: Deploy sm-onap
command:
- cmd: "helm deploy onap local/onap --namespace onap --create-namespace --set global.masterPassword=scrtPasswd --set vid.enabled=true -f {{ oom_dir }}/kubernetes/onap/resources/overrides/sm-onap.yaml"
+ cmd: "helm deploy onap local/onap --namespace onap --set global.masterPassword=scrtPasswd -f {{ override_file }}"
+ environment:
+ OPENSTACK_USER_NAME: "{{ openstack_username }}"
+ OPENSTACK_REGION: "{{ openstack_region }}"
+ OPENSTACK_KEYSTONE_URL: "http://{{ hostvars['openstack0']['ansible_default_ipv4']['address'] }}:5000/3.0"
+ OPENSTACK_TENANT_NAME: "{{ openstack_tenant }}"
+ OPENSTACK_ENCTYPTED_PASSWORD: "{{ encrypted_password.stdout }}"
+ changed_when: false
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_docker/defaults/main.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/defaults/main.yml
index 3ec4af3..1d24016 100644
--- a/deployment/noheat/cluster-rke/ansible/roles/setup_docker/defaults/main.yml
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/defaults/main.yml
@@ -1,3 +1,3 @@
---
-docker_version: "19.03.15"
+docker_version: "20.10.18"
local_user: "ubuntu"
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_docker/handlers/main.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/handlers/main.yml
new file mode 100644
index 0000000..3627303
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart docker
+ service:
+ name: docker
+ state: restarted
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_docker/tasks/main.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/tasks/main.yml
index 29dee31..12e13f4 100644
--- a/deployment/noheat/cluster-rke/ansible/roles/setup_docker/tasks/main.yml
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/tasks/main.yml
@@ -1,38 +1,6 @@
-- name: Install deps
- apt:
- name: "{{ item }}"
- state: present
- with_items:
- - apt-transport-https
- - ca-certificates
- - curl
- - software-properties-common
-
-- name: Add Docker repo key
- apt_key:
- url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
- state: present
-
-- name: Add Docker repo
- apt_repository:
- repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }} stable"
- state: present
- update_cache: yes
-
-- name: Find exact Docker version
- shell: "apt-cache madison docker-ce | grep {{ docker_version }} | head -n 1 | cut -d ' ' -f 4"
- register: docker_pkg_version
-
-- name: install Docker
- apt:
- name: "{{ item }}"
- state: present
- with_items:
- - "docker-ce={{ docker_pkg_version.stdout }}"
- - "docker-ce-cli={{ docker_pkg_version.stdout }}"
-
-- name: Lock docker version
- command: apt-mark hold docker-ce docker-ce-cli
+---
+- name: Setup Docker repo and packages
+ include_tasks: packages.yml
- name: Add user to docker group
user:
@@ -46,3 +14,13 @@
name: docker
state: started
enabled: yes
+
+- name: Configure Docker
+ copy:
+ dest: /etc/docker/daemon.json
+ content: "{{ docker_config | to_nice_json }}"
+ mode: 0600
+ backup: true
+ when: docker_config is defined
+ notify:
+ - restart docker
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_docker/tasks/packages.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/tasks/packages.yml
new file mode 100644
index 0000000..814dd28
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/tasks/packages.yml
@@ -0,0 +1,41 @@
+---
+- name: Install deps
+ apt:
+ name: "{{ item }}"
+ state: present
+ with_items:
+ - apt-transport-https
+ - ca-certificates
+ - curl
+ - software-properties-common
+
+- name: Add Docker repo key
+ apt_key:
+ url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
+ state: present
+
+- name: Add Docker repo
+ apt_repository:
+ repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }} stable"
+ state: present
+ update_cache: yes
+
+- name: Find exact Docker version
+ shell: "set -o pipefail && apt-cache madison docker-ce | grep {{ docker_version }} | head -n 1 | cut -d ' ' -f 4"
+ args:
+ executable: "/bin/bash"
+ register: docker_pkg_version
+ changed_when: false
+
+- name: install Docker
+ apt:
+ name: "{{ item }}"
+ state: present
+ allow_downgrade: true
+ with_items:
+ - "docker-ce={{ docker_pkg_version.stdout }}"
+ - "docker-ce-cli={{ docker_pkg_version.stdout }}"
+
+- name: Lock docker version
+ command: apt-mark hold docker-ce docker-ce-cli
+ changed_when: false
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_docker/vars/main.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/vars/main.yml
new file mode 100644
index 0000000..6879cca
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/vars/main.yml
@@ -0,0 +1,8 @@
+---
+# docker_config will be converted to json and placed as a /etc/docker/daemon.json
+#docker_config:
+# insecure-registries:
+# - "192.168.1.1:5000"
+# - "192.168.1.2:5000"
+# registry-mirrors:
+# - "http://192.168.1.1:5000"
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_helm/defaults/main.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_helm/defaults/main.yml
index cbbb3c9..7de57af 100644
--- a/deployment/noheat/cluster-rke/ansible/roles/setup_helm/defaults/main.yml
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_helm/defaults/main.yml
@@ -1,6 +1,7 @@
---
-helm_version: "3.6.3"
-chartmuseum_version: "0.13.1"
+helm_version: "3.7.2"
+helm_cm_push_version: "0.10.3"
+chartmuseum_version: "0.15.0"
chartmuseum_port: "8879"
chartmuseum_dir: "{{ ansible_user_dir }}/helm3-storage"
local_user: "{{ ansible_user_id }}"
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/cm.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/cm.yml
new file mode 100644
index 0000000..71f43ad
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/cm.yml
@@ -0,0 +1,45 @@
+---
+- name: Check if chartmuseum is installed
+ stat:
+ path: /usr/local/bin/chartmuseum
+ register: cm_bin
+
+- name: Check if chartmuseum is installed
+ stat:
+ path: /tmp/get-chartmuseum
+ register: cm_install
+
+- name: Download chartmuseum install script
+ get_url:
+ url: "https://raw.githubusercontent.com/helm/chartmuseum/v{{ chartmuseum_version }}/scripts/get-chartmuseum"
+ dest: "/tmp/"
+ mode: '700'
+ when: not cm_install.stat.exists
+
+- name: Install chartmuseum
+ become: yes
+ command:
+ cmd: "./get-chartmuseum -v v{{ chartmuseum_version }}"
+ chdir: "/tmp/"
+ when: not cm_bin.stat.exists
+
+- name: Create chartmuseum local storage
+ file:
+ name: "{{ chartmuseum_dir }}"
+ state: directory
+ mode: '0755'
+
+- name: Install chartmuseum service file
+ become: yes
+ template:
+ src: "chartmuseum.service.j2"
+ dest: "/etc/systemd/system/chartmuseum.service"
+ mode: '0444'
+ notify: Reload systemd
+
+- name: Start and enable chartmuseum
+ become: yes
+ service:
+ name: "chartmuseum"
+ state: started
+ enabled: yes
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/helm.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/helm.yml
new file mode 100644
index 0000000..88ba29f
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/helm.yml
@@ -0,0 +1,35 @@
+---
+- name: Download helm
+ get_url:
+ url: "https://get.helm.sh/helm-v{{ helm_version }}-linux-amd64.tar.gz"
+ dest: "/tmp"
+
+- name: Unarchive helm
+ unarchive:
+ src: "/tmp/helm-v{{ helm_version }}-linux-amd64.tar.gz"
+ dest: "/tmp/"
+ remote_src: yes
+
+- name: Copy helm binary to $PATH
+ become: yes
+ copy:
+ src: "/tmp/linux-amd64/helm"
+ dest: "/usr/local/bin/"
+ remote_src: yes
+ mode: '0555'
+
+- name: Install Helm Push plugin
+ kubernetes.core.helm_plugin:
+ plugin_path: "https://github.com/chartmuseum/helm-push.git"
+ plugin_version: "{{ helm_cm_push_version }}"
+ state: present
+
+- name: Install Helm OOM Deploy plugin
+ kubernetes.core.helm_plugin:
+ plugin_path: "{{ oom_dir }}/kubernetes/helm/plugins/deploy"
+ state: present
+
+- name: Install Helm OOM Undeploy plugin
+ kubernetes.core.helm_plugin:
+ plugin_path: "{{ oom_dir }}/kubernetes/helm/plugins/undeploy"
+ state: present
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/main.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/main.yml
index 93787be..94abf6e 100644
--- a/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/main.yml
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/main.yml
@@ -1,67 +1,9 @@
-- name: Download helm
- get_url:
- url: "https://get.helm.sh/helm-v{{ helm_version }}-linux-amd64.tar.gz"
- dest: "/tmp"
+---
+- name: Setup helm
+ include_tasks: helm.yml
-- name: Unarchive helm
- unarchive:
- src: "/tmp/helm-v{{ helm_version }}-linux-amd64.tar.gz"
- dest: "/tmp/"
- remote_src: yes
-
-- name: Copy helm binary to $PATH
- become: yes
- copy:
- src: "/tmp/linux-amd64/helm"
- dest: "/usr/local/bin/"
- remote_src: yes
- mode: '0555'
-
-- name: Install Helm Push plugin
- command: helm plugin install --version 0.9.0 https://github.com/chartmuseum/helm-push.git
-
-- name: Install Helm OOM Deploy plugin
- kubernetes.core.helm_plugin:
- plugin_path: "{{ oom_dir }}/kubernetes/helm/plugins/deploy"
- state: present
-
-- name: Install Helm OOM Undeploy plugin
- kubernetes.core.helm_plugin:
- plugin_path: "{{ oom_dir }}/kubernetes/helm/plugins/undeploy"
- state: present
-
-- name: Download chartmuseum install script
- get_url:
- url: "https://raw.githubusercontent.com/helm/chartmuseum/v{{ chartmuseum_version }}/scripts/get-chartmuseum"
- dest: "/tmp/"
- mode: '700'
-
-- name: Install chartmuseum
- become: yes
- command:
- cmd: "./get-chartmuseum -v v{{ chartmuseum_version }}"
- chdir: "/tmp/"
-
-- name: Create chartmuseum local storage
- file:
- name: "{{ chartmuseum_dir }}"
- state: directory
- mode: '0755'
-
-- name: Install chartmuseum service file
- become: yes
- template:
- src: "chartmuseum.service.j2"
- dest: "/etc/systemd/system/chartmuseum.service"
- mode: '0444'
- notify: Reload systemd
-
-- name: Start and enable chartmuseum
- become: yes
- service:
- name: "chartmuseum"
- state: started
- enabled: yes
+- name: Setup chartmuseum
+ include_tasks: cm.yml
- name: Add local Helm repository
kubernetes.core.helm_repository:
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/defaults/main.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/defaults/main.yml
index 527238d..021aae0 100644
--- a/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/defaults/main.yml
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/defaults/main.yml
@@ -1,3 +1,3 @@
---
-rke_version: "1.2.11"
-k8s_version: "v1.19.13-rancher1-1"
+rke_version: "1.3.15"
+rke_k8s_version: "v{{ k8s_version }}-rancher1-1"
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/kubectl.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/kubectl.yml
new file mode 100644
index 0000000..f9912eb
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/kubectl.yml
@@ -0,0 +1,13 @@
+---
+- name: Check if kubectl is available
+ stat:
+ path: "/usr/local/bin/kubectl"
+ register: kubectl_bin
+
+- name: Get kubectl
+ become: yes
+ get_url:
+ url: "https://dl.k8s.io/release/v{{ k8s_version }}/bin/linux/amd64/kubectl"
+ dest: "/usr/local/bin/"
+ mode: '0555'
+ when: not kubectl_bin.stat.exists
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/main.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/main.yml
index 53d7b81..7d3ba00 100644
--- a/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/main.yml
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/main.yml
@@ -1,20 +1,6 @@
-- name: Download RKE
- get_url:
- url: "https://github.com/rancher/rke/releases/download/v{{ rke_version }}/rke_linux-amd64"
- dest: "{{ ansible_user_dir }}/rke"
- mode: '0700'
-
-- name: Prepare RKE configuration
- template:
- src: "cluster.yml.j2"
- dest: "{{ ansible_user_dir }}/cluster.yml"
- mode: '0400'
-
-- name: Run RKE
- command:
- cmd: "./rke up"
- chdir: "{{ ansible_user_dir }}"
- creates: "{{ ansible_user_dir }}/kube_config_cluster.yml"
+---
+- name: Deploy kubernetes with RKE
+ include_tasks: rke.yml
- name: Create k8s directory
file:
@@ -24,10 +10,7 @@
- name: Set k8s config
command: "mv {{ ansible_user_dir }}/kube_config_cluster.yml {{ ansible_user_dir }}/.kube/config"
+ when: rke_run and rke_run.rc == 0
-- name: Get kubectl
- become: yes
- get_url:
- url: "https://dl.k8s.io/release/{{ k8s_version.split('-')[0] }}/bin/linux/amd64/kubectl"
- dest: "/usr/local/bin/"
- mode: '0555'
+- name: Install kubectl
+ include_tasks: kubectl.yml
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/rke.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/rke.yml
new file mode 100644
index 0000000..b253e71
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/rke.yml
@@ -0,0 +1,25 @@
+---
+- name: Check if RKE is available
+ stat:
+ path: "{{ ansible_user_dir }}/rke"
+ register: rke_bin
+
+- name: Download RKE
+ get_url:
+ url: "https://github.com/rancher/rke/releases/download/v{{ rke_version }}/rke_linux-amd64"
+ dest: "{{ ansible_user_dir }}/rke"
+ mode: '0700'
+ when: not rke_bin.stat.exists
+
+- name: Prepare RKE configuration
+ template:
+ src: "cluster.yml.j2"
+ dest: "{{ ansible_user_dir }}/cluster.yml"
+ mode: '0400'
+
+- name: Run RKE
+ command:
+ cmd: "./rke up"
+ chdir: "{{ ansible_user_dir }}"
+ creates: "{{ ansible_user_dir }}/kube_config_cluster.yml"
+ register: rke_run
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/templates/cluster.yml.j2 b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/templates/cluster.yml.j2
index 9928052..3b83fd4 100644
--- a/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/templates/cluster.yml.j2
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/templates/cluster.yml.j2
@@ -40,7 +40,7 @@
authorization:
mode: rbac
ignore_docker_version: false
-kubernetes_version: "{{ k8s_version }}"
+kubernetes_version: "{{ rke_k8s_version }}"
private_registries:
- url: nexus3.onap.org:10001
user: docker
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_nfs/templates/exports.j2 b/deployment/noheat/cluster-rke/ansible/roles/setup_nfs/templates/exports.j2
index edadcb9..6a5a825 100644
--- a/deployment/noheat/cluster-rke/ansible/roles/setup_nfs/templates/exports.j2
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_nfs/templates/exports.j2
@@ -1 +1 @@
-{{ nfs_mountpoint }} {% for host in (groups['control'] | union(groups['workers'])) %} {{ hostvars[host]['ansible_default_ipv4']['address'] }}{% endfor %}(rw,sync,no_root_squash,no_subtree_check)
+{{ nfs_mountpoint }} {% for host in (groups['control'] | union(groups['workers'])) %} {{ hostvars[host]['ansible_default_ipv4']['address'] }}(rw,sync,no_root_squash,no_subtree_check){% endfor %}
diff --git a/deployment/noheat/common-vars.yml b/deployment/noheat/common-vars.yml
new file mode 100644
index 0000000..8e1dc71
--- /dev/null
+++ b/deployment/noheat/common-vars.yml
@@ -0,0 +1,2 @@
+---
+k8s_version: "1.22.13"
diff --git a/deployment/noheat/deploy-all.yml b/deployment/noheat/deploy-all.yml
new file mode 100644
index 0000000..2ea0695
--- /dev/null
+++ b/deployment/noheat/deploy-all.yml
@@ -0,0 +1,9 @@
+---
+- name: Create infastructure
+ import_playbook: infra-openstack/ansible/create.yml
+- hosts: operator0
+ tasks:
+ - name: Deploy Devstack
+ ansible.builtin.command: ansible-playbook -i {{ ansible_user_dir }}/inventory.ini {{ ansible_user_dir }}/devstack/ansible/create.yml
+ - name: Deploy k8s & ONAP
+ ansible.builtin.command: ansible-playbook -i {{ ansible_user_dir }}/inventory.ini {{ ansible_user_dir }}/deploy/cluster-rke/ansible/create.yml
diff --git a/deployment/noheat/devstack/ansible/create.yml b/deployment/noheat/devstack/ansible/create.yml
new file mode 100644
index 0000000..f11fe11
--- /dev/null
+++ b/deployment/noheat/devstack/ansible/create.yml
@@ -0,0 +1,43 @@
+---
+- name: Deploy Devstack
+ hosts: "openstack*"
+ tasks:
+ - name: Update Devstack hosts
+ become: true
+ ansible.builtin.apt:
+ upgrade: full
+ update_cache: true
+ autoremove: true
+ autoclean: true
+
+ - name: Reboot OS
+ become: true
+ ansible.builtin.reboot:
+
+ - name: Clone Devstack
+ ansible.builtin.git:
+ repo: "https://opendev.org/openstack/devstack"
+ dest: "{{ devstack_dir }}"
+ version: "{{ devstack_version }}"
+
+ - name: Copy local.conf
+ ansible.builtin.template:
+ src: "local.conf.j2"
+ dest: "{{ devstack_dir }}/local.conf"
+ mode: '0600'
+
+ - name: Run devstack setup script
+ ansible.builtin.command:
+ chdir: "{{ devstack_dir }}"
+ cmd: "./stack.sh"
+ creates: /opt/stack
+
+ - name: Run devstack setup script
+ ansible.builtin.file:
+ path: "{{ devstack_dir }}"
+ state: absent
+
+ handlers:
+ - name: Reboot OS
+ become: true
+ ansible.builtin.reboot:
diff --git a/deployment/noheat/devstack/ansible/group_vars/all/all.yml b/deployment/noheat/devstack/ansible/group_vars/all/all.yml
new file mode 100644
index 0000000..b2d63c6
--- /dev/null
+++ b/deployment/noheat/devstack/ansible/group_vars/all/all.yml
@@ -0,0 +1,3 @@
+---
+devstack_dir: "{{ ansible_user_dir }}/devstack"
+devstack_version: "stable/yoga"
diff --git a/deployment/noheat/devstack/ansible/templates/local.conf.j2 b/deployment/noheat/devstack/ansible/templates/local.conf.j2
new file mode 100644
index 0000000..0bfa3bb
--- /dev/null
+++ b/deployment/noheat/devstack/ansible/templates/local.conf.j2
@@ -0,0 +1,5 @@
+[[local|localrc]]
+ADMIN_PASSWORD="{{ openstack_passwd }}"
+DATABASE_PASSWORD=$ADMIN_PASSWORD
+RABBIT_PASSWORD=$ADMIN_PASSWORD
+SERVICE_PASSWORD=$ADMIN_PASSWORD
diff --git a/deployment/noheat/infra-openstack/README.rst b/deployment/noheat/infra-openstack/README.rst
index 1ac9539..c48dfa7 100644
--- a/deployment/noheat/infra-openstack/README.rst
+++ b/deployment/noheat/infra-openstack/README.rst
@@ -22,13 +22,8 @@
Dependencies
~~~~~~~~~~~~
-- Ansible: tested on 2.9.9 (using Python 3.5.2)
- - Collections
- - community.crypto: tested on 1.3.0
- - ansible.posix: tested on 1.1.1
- - Roles
- - geerlingguy.ansible: tested on 2.1.0
-- openstacksdk_: tested on 0.46.0 (using Python 3.5.2)
+Tested on Python 3.8.10. Required Python dependencies can be found in ``../requirements.txt``.
+Required Ansible roles and collections can be found in ``../requirements.yml``
.. _openstacksdk: https://pypi.org/project/openstacksdk
diff --git a/deployment/noheat/infra-openstack/ansible/create.yml b/deployment/noheat/infra-openstack/ansible/create.yml
index 825bee3..7383066 100644
--- a/deployment/noheat/infra-openstack/ansible/create.yml
+++ b/deployment/noheat/infra-openstack/ansible/create.yml
@@ -10,6 +10,21 @@
- role: create_hosts
hosts: "{{ operation.hosts }}"
operator_key: "dummy"
+ tasks:
+ - name: Get operator Openstack info
+ openstack.cloud.server_info:
+ server: "operator0"
+ register: operator_info
+ - name: Create directory for artifacts
+ ansible.builtin.file:
+ name: "artifacts"
+ state: directory
+ mode: '0755'
+ - name: Save operator access information
+ ansible.builtin.copy:
+ content: "{{ operator_info['openstack_servers'][0]['public_v4'] }},{{ image['user'] }},~/.ssh/{{ keypair['key']['name'] }}"
+ dest: "artifacts/operator.csv"
+ mode: "0644"
- name: Create cluster operator access keypair
hosts: "operator0"
gather_facts: False
@@ -21,10 +36,18 @@
path: "~/.ssh/{{ keypair.name }}"
register: key
- name: Add operator0 public key to it's authorized keys
- authorized_key:
+ ansible.posix.authorized_key:
key: "{{ key['public_key'] }}"
state: present
user: "{{ ansible_user }}"
+- name: Create OpenStack instances
+ hosts: localhost
+ connection: local
+ gather_facts: False
+ roles:
+ - role: create_hosts
+ hosts: "{{ openstack.hosts }}"
+ operator_key: "{{ hostvars['operator0']['key']['public_key'] }}"
- name: Create cluster instances
hosts: localhost
connection: local
@@ -35,9 +58,8 @@
operator_key: "{{ hostvars['operator0']['key']['public_key'] }}"
- name: Create cluster operator access information
hosts: "operator0"
- roles:
- - role: geerlingguy.ansible
- become: yes
+ vars_files:
+ - ../../common-vars.yml
tasks:
- name: Add cluster hostnames to /etc/hosts file
lineinfile:
@@ -52,25 +74,63 @@
vars:
hosts: "{{ lookup('dict', hostvars['localhost']['hosts_dict']) }}"
- name: Push in-cluster deployment stage description to the next Ansible control host
- ansible.posix.synchronize:
+ copy:
src: ../../cluster-rke
dest: ~/deploy
- - name: Install python dependencies
- become: yes
- package:
- name:
- - python3-pip
- - python3-setuptools
- state: present
- - name: Install community.kubernetes.k8s Ansible collection dependencies
- pip:
- name:
- - openshift
- - pyyaml
- - kubernetes
- executable: pip3
- become: yes
- - name: Add Ansible collection dependencies
- command: "ansible-galaxy collection install ansible.posix"
- - name: Add community.kubernetes Ansible collection
- command: "ansible-galaxy collection install community.kubernetes"
+ - name: Push Devstack deployment stage description to the next Ansible control host
+ copy:
+ src: ../../devstack
+ dest: ~/
+ - name: Push common variables to the next Ansible control host
+ copy:
+ src: ../../common-vars.yml
+ dest: ~/
+ - name: Push Devstack vars to the next Ansible control host (for Devstack stage)
+ template:
+ src: "templates/openstack.yml.j2"
+ dest: ~/devstack/ansible/group_vars/all/openstack.yml
+ mode: '0644'
+ - name: Push Devstack vars to the next Ansible control host (for cluster-rke stage)
+ template:
+ src: "templates/openstack.yml.j2"
+ dest: ~/deploy/cluster-rke/ansible/group_vars/all/openstack.yml
+ mode: '0644'
+ - name: Create Devstack config directory
+ file:
+ path: ~/.config/openstack/
+ state: directory
+ mode: '0755'
+ - name: Generate Devstack clouds.yml file
+ template:
+ src: "templates/clouds.yaml.j2"
+ dest: ~/.config/openstack/clouds.yml
+ mode: '0644'
+ - block:
+ - name: Install python dependencies
+ become: yes
+ apt:
+ name:
+ - python3-pip
+ - python3-setuptools
+ - default-jdk-headless
+ state: present
+ update_cache: true
+ - name: Install community.kubernetes.k8s Ansible collection dependencies
+ pip:
+ name:
+ - ansible-core==2.13.5
+ - openshift==0.13.1
+ - pyyaml==6.0
+ # Major version of Python k8s libraty matches minor version of k8s.
+ - kubernetes~={{ k8s_version | regex_search("[^^.][0-9]+[^$]") ~ "0" }}
+ executable: pip3
+ become: yes
+ - name: Copy ansible-galaxy requirements file
+ copy:
+ src: operator-requirements.yml
+ dest: ~/requirements.yml
+ mode: '0444'
+ - name: Install ansible-galaxy collections
+ community.general.ansible_galaxy_install:
+ requirements_file: ~/requirements.yml
+ type: both
diff --git a/deployment/noheat/infra-openstack/ansible/destroy.yml b/deployment/noheat/infra-openstack/ansible/destroy.yml
index ff9d5fc..1564e30 100644
--- a/deployment/noheat/infra-openstack/ansible/destroy.yml
+++ b/deployment/noheat/infra-openstack/ansible/destroy.yml
@@ -8,6 +8,8 @@
hosts: "{{ cluster.hosts }}"
- role: destroy_hosts
hosts: "{{ operation.hosts }}"
+ - role: destroy_hosts
+ hosts: "{{ openstack.hosts }}"
- destroy_keypair
- destroy_network
- destroy_securitygroup
diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml
deleted file mode 120000
index e4e1e1f..0000000
--- a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml
+++ /dev/null
@@ -1 +0,0 @@
-all.yml.sample
\ No newline at end of file
diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample
index 1b03b06..541e152 100644
--- a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample
+++ b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample
@@ -18,9 +18,23 @@
- "192.168.1.0/24"
image:
- name: &image_name "Ubuntu_18.04"
+ name: &image_name "Ubuntu_20.04"
user: "ubuntu"
+openstack:
+ name: "vnf0"
+ inventory: "~/inventory.ini"
+ hosts:
+ - name: "openstack0"
+ image: *image_name
+ flavor: "m1.large"
+ keypair: *keypair_name
+ network: *network_name
+ securitygroup: *securitygroup_name
+ boot_from_volume: true
+ terminate_volume: true
+ volume_size: 100
+
operation:
name: "operation0"
inventory: "~/inventory.ini"
diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap
index cb5168c..9223ea5 100644
--- a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap
+++ b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap
@@ -14,9 +14,22 @@
- "192.168.1.0/24"
image:
- name: &image_name "Ubuntu_18.04"
+ name: &image_name "Ubuntu_20.04"
user: "ubuntu"
+openstack:
+ name: "vnf0"
+ inventory: "~/inventory.ini"
+ hosts:
+ - name: "openstack0"
+ image: *image_name
+ flavor: "m1.xlarge"
+ keypair: *keypair_name
+ network: *network_name
+ auto_ip: false
+ securitygroup: *securitygroup_name
+ volume_size: 140
+
operation:
name: "operation0"
inventory: "~/inventory.ini"
diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all/all.yml b/deployment/noheat/infra-openstack/ansible/group_vars/all/all.yml
new file mode 120000
index 0000000..8548398
--- /dev/null
+++ b/deployment/noheat/infra-openstack/ansible/group_vars/all/all.yml
@@ -0,0 +1 @@
+../all.yml.sample
\ No newline at end of file
diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all/openstack.yml b/deployment/noheat/infra-openstack/ansible/group_vars/all/openstack.yml
new file mode 100644
index 0000000..63ed1b0
--- /dev/null
+++ b/deployment/noheat/infra-openstack/ansible/group_vars/all/openstack.yml
@@ -0,0 +1,6 @@
+---
+openstack_username: "admin"
+openstack_domain: "Default"
+openstack_passwd: "secret"
+openstack_region: "RegionOne"
+openstack_tenant: "admin"
diff --git a/deployment/noheat/infra-openstack/ansible/operator-requirements.yml b/deployment/noheat/infra-openstack/ansible/operator-requirements.yml
new file mode 100644
index 0000000..08b7eee
--- /dev/null
+++ b/deployment/noheat/infra-openstack/ansible/operator-requirements.yml
@@ -0,0 +1,8 @@
+---
+collections:
+ - name: ansible.posix
+ version: 1.4.0
+ - name: kubernetes.core
+ version: 2.3.2
+ - name: community.general
+ version: 5.7.0
diff --git a/deployment/noheat/infra-openstack/ansible/roles/create_hosts/tasks/main.yml b/deployment/noheat/infra-openstack/ansible/roles/create_hosts/tasks/main.yml
index 731bca0..933b2f5 100644
--- a/deployment/noheat/infra-openstack/ansible/roles/create_hosts/tasks/main.yml
+++ b/deployment/noheat/infra-openstack/ansible/roles/create_hosts/tasks/main.yml
@@ -1,3 +1,5 @@
---
-- include: create_host.yml host={{ item }}
+- include_tasks: create_host.yml
loop: "{{ hosts }}"
+ loop_control:
+ loop_var: host
diff --git a/deployment/noheat/infra-openstack/ansible/roles/create_keypair/tasks/main.yml b/deployment/noheat/infra-openstack/ansible/roles/create_keypair/tasks/main.yml
index a330875..8a7c720 100644
--- a/deployment/noheat/infra-openstack/ansible/roles/create_keypair/tasks/main.yml
+++ b/deployment/noheat/infra-openstack/ansible/roles/create_keypair/tasks/main.yml
@@ -5,11 +5,11 @@
register: keypair
- name: Create local public key
- local_action:
- module: copy
+ copy:
content: "{{ keypair.key.public_key }}"
dest: "~/.ssh/{{ keypair.key.name }}.pub"
mode: 0600
+ delegate_to: localhost
- name: Check if local private key exists
stat:
@@ -17,9 +17,9 @@
register: local_private_key
- name: Create local private key
- local_action:
- module: copy
+ copy:
content: "{{ keypair.key.private_key }}"
dest: "~/.ssh/{{ keypair.key.name }}"
mode: 0600
- when: local_private_key.stat.exists == False
+ delegate_to: localhost
+ when: not local_private_key.stat.exists
diff --git a/deployment/noheat/infra-openstack/ansible/roles/create_network/tasks/create_network.yml b/deployment/noheat/infra-openstack/ansible/roles/create_network/tasks/create_network.yml
index 81d8caa..3e22ee6 100644
--- a/deployment/noheat/infra-openstack/ansible/roles/create_network/tasks/create_network.yml
+++ b/deployment/noheat/infra-openstack/ansible/roles/create_network/tasks/create_network.yml
@@ -15,6 +15,8 @@
network_name: "{{ net.name }}"
cidr: "{{ net.cidr }}"
dns_nameservers: "{{ dns_ips if dns_ips is defined else omit }}"
+ allocation_pool_start: '{{ net.allocation_pool_start | default("") }}'
+ allocation_pool_end: '{{ net.allocation_pool_end | default ("") }}'
state: present
- name: "Create {{ net.name }} router"
diff --git a/deployment/noheat/infra-openstack/ansible/roles/create_network/tasks/main.yml b/deployment/noheat/infra-openstack/ansible/roles/create_network/tasks/main.yml
index 5e3ef67..cce6f79 100644
--- a/deployment/noheat/infra-openstack/ansible/roles/create_network/tasks/main.yml
+++ b/deployment/noheat/infra-openstack/ansible/roles/create_network/tasks/main.yml
@@ -1,4 +1,6 @@
---
-- include: create_network.yml net={{ item }}
+- include_tasks: create_network.yml
loop:
- "{{ network }}"
+ loop_control:
+ loop_var: net
diff --git a/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/main.yml b/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/main.yml
index d04b72c..8729880 100644
--- a/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/main.yml
+++ b/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/main.yml
@@ -1,5 +1,5 @@
---
-- include: create_securitygroup.yml
+- include_tasks: create_securitygroup.yml
loop:
- "{{ securitygroup }}"
loop_control:
diff --git a/deployment/noheat/infra-openstack/ansible/roles/destroy_hosts/tasks/main.yml b/deployment/noheat/infra-openstack/ansible/roles/destroy_hosts/tasks/main.yml
index 5ce130d..1dd5c72 100644
--- a/deployment/noheat/infra-openstack/ansible/roles/destroy_hosts/tasks/main.yml
+++ b/deployment/noheat/infra-openstack/ansible/roles/destroy_hosts/tasks/main.yml
@@ -1,3 +1,5 @@
---
-- include: destroy_host.yml host={{ item }}
+- include_tasks: destroy_host.yml
loop: "{{ hosts }}"
+ loop_control:
+ loop_var: host
diff --git a/deployment/noheat/infra-openstack/ansible/roles/destroy_network/tasks/main.yml b/deployment/noheat/infra-openstack/ansible/roles/destroy_network/tasks/main.yml
index e52dcbd..1d84ab6 100644
--- a/deployment/noheat/infra-openstack/ansible/roles/destroy_network/tasks/main.yml
+++ b/deployment/noheat/infra-openstack/ansible/roles/destroy_network/tasks/main.yml
@@ -1,4 +1,6 @@
---
-- include: destroy_network.yml net={{ item }}
+- include_tasks: destroy_network.yml
loop:
- "{{ network }}"
+ loop_control:
+ loop_var: net
diff --git a/deployment/noheat/infra-openstack/ansible/roles/destroy_securitygroup/tasks/main.yml b/deployment/noheat/infra-openstack/ansible/roles/destroy_securitygroup/tasks/main.yml
index de098af..8142e80 100644
--- a/deployment/noheat/infra-openstack/ansible/roles/destroy_securitygroup/tasks/main.yml
+++ b/deployment/noheat/infra-openstack/ansible/roles/destroy_securitygroup/tasks/main.yml
@@ -1,4 +1,6 @@
---
-- include: destroy_securitygroup.yml secgrp={{ item }}
+- include_tasks: destroy_securitygroup.yml
loop:
- "{{ securitygroup }}"
+ loop_control:
+ loop_var: secgrp
diff --git a/deployment/noheat/infra-openstack/ansible/templates/clouds.yaml.j2 b/deployment/noheat/infra-openstack/ansible/templates/clouds.yaml.j2
new file mode 100644
index 0000000..afbbc87
--- /dev/null
+++ b/deployment/noheat/infra-openstack/ansible/templates/clouds.yaml.j2
@@ -0,0 +1,11 @@
+clouds:
+ openstack:
+ auth:
+ auth_url: "https://{{ hostvars['localhost']['hosts_dict']['openstack0'] }}:5000/v3"
+ project_name: "{{ openstack_tenant }}""
+ username: "{{ openstack_username }}"
+ user_domain_name: "{{ openstack_domain }}"
+ password: "{{ openstack_passwd }}"
+ region_name: "{{ openstack_region }}"
+ interface: "public"
+ identity_api_version: 3
diff --git a/deployment/noheat/infra-openstack/ansible/templates/inventory.ini.j2 b/deployment/noheat/infra-openstack/ansible/templates/inventory.ini.j2
index 15bb7ca..79da2c6 100644
--- a/deployment/noheat/infra-openstack/ansible/templates/inventory.ini.j2
+++ b/deployment/noheat/infra-openstack/ansible/templates/inventory.ini.j2
@@ -3,6 +3,13 @@
{{ item.key }} ansible_host={{ item.value }}
{% endfor %}
+[openstack]
+{% for item in hosts %}
+{% if "openstack" in item.key %}
+{{ item.key }}
+{% endif %}
+{% endfor %}
+
[operator]
{% for item in hosts %}
{% if "operator" in item.key %}
diff --git a/deployment/noheat/infra-openstack/ansible/templates/openstack.yml.j2 b/deployment/noheat/infra-openstack/ansible/templates/openstack.yml.j2
new file mode 100644
index 0000000..25233ab
--- /dev/null
+++ b/deployment/noheat/infra-openstack/ansible/templates/openstack.yml.j2
@@ -0,0 +1,5 @@
+---
+openstack_username: "{{ openstack_username }}"
+openstack_passwd: "{{ openstack_passwd }}"
+openstack_region: "{{ openstack_region }}"
+openstack_tenant: "{{ openstack_tenant }}"
diff --git a/deployment/noheat/infra-openstack/vagrant/Vagrantfile b/deployment/noheat/infra-openstack/vagrant/Vagrantfile
index 8acdf14..ed1a3d0 100644
--- a/deployment/noheat/infra-openstack/vagrant/Vagrantfile
+++ b/deployment/noheat/infra-openstack/vagrant/Vagrantfile
@@ -11,15 +11,15 @@
os_clouds_config = "#{os_clouds_dir}/clouds.yaml"
os_admin = "admin"
os_user = "demo"
-image_url = "https://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-amd64.img"
-image_name = "Ubuntu_18.04"
+image_url = "https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img"
+image_name = "Ubuntu_20.04"
vm_cpu = 1
vm_cpus = 4
vm_memory = 1 * 1024
vm_memory_os = 8 * 1024
vm_disk = 32
-vm_box = "generic/ubuntu1804"
+vm_box = "generic/ubuntu2004"
operation = {
name: 'operator',
diff --git a/deployment/noheat/requirements.txt b/deployment/noheat/requirements.txt
index dfa66f7..8ef36fc 100644
--- a/deployment/noheat/requirements.txt
+++ b/deployment/noheat/requirements.txt
@@ -1,3 +1,3 @@
-wheel==0.36.2
-openstacksdk==0.58.0
-ansible==2.9.24
+wheel==0.37.1
+openstacksdk==0.61.0
+ansible-core==2.13.5
diff --git a/deployment/noheat/requirements.yml b/deployment/noheat/requirements.yml
new file mode 100644
index 0000000..af82600
--- /dev/null
+++ b/deployment/noheat/requirements.yml
@@ -0,0 +1,10 @@
+---
+collections:
+ - name: ansible.posix
+ version: 1.4.0
+ - name: community.general
+ version: 5.7.0
+ - name: community.crypto
+ version: 2.7.0
+ - name: openstack.cloud
+ version: 1.10.0