R1 k8s cluster deployment
Added a dryrun option for the deploy-stack script.
Change-Id: I9b526ee0b0efdbe63338b92d3577a9fd32068e62
Signed-off-by: wrider <lji@research.att.com>
diff --git a/ric-infra/00-Kubernetes/heat/env/aux.env b/ric-infra/00-Kubernetes/heat/env/aux.env
new file mode 100644
index 0000000..a949534
--- /dev/null
+++ b/ric-infra/00-Kubernetes/heat/env/aux.env
@@ -0,0 +1,44 @@
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+# HEAT stack deploy env file
+# customize the following for local OpenStack parameters
+# ubuntu_1604_image: local OpenStack's image name for Ubuntu 1604
+# apt_proxy: host and port of the apt server
+# docker_proxy: host and port of the docker registry
+# k8s_vm_flavor: dimension of the VMs for the k8s cluster nodes
+# public_net_id: the UUID of the IPv4 network where VMs get their IPv4 floating IP addresses
+# public_v6net_id: the UUID of the IPv6 network where the VMs connect their IPv6 interfaces to
+# int_net_cidr: the address space of the internal network connecting all VMs of the stack
+# helm_override_yaml: the configurations for Helm deployments
+parameters:
+ ubuntu_1604_image: "${OS_IMAGE_NAME}"
+ apt_proxy: "${OS_APT_PROXY}"
+ docker_proxy: "${OS_DOCKER_PROXY}"
+ public_net_id: "${OS_PUBLIC_NET_ID}"
+ public_v6net_id: "${OS_PUBLIC_V6NET_ID}"
+ key_name: "${OS_KEY_NAME}"
+
+ k8s_vm_flavor: m1.large
+ int_net_cidr: 10.0.0.0/16
+
+ helm_deploy_delay: 4m
+
+ helm_override_yaml: >
+ global:
+ repository: __docker_proxy__
+ pullPolicy: IfNotPresent
diff --git a/ric-infra/00-Kubernetes/heat/env/ric.env b/ric-infra/00-Kubernetes/heat/env/ric.env
new file mode 100644
index 0000000..82deb42
--- /dev/null
+++ b/ric-infra/00-Kubernetes/heat/env/ric.env
@@ -0,0 +1,49 @@
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+# HEAT stack deploy env file
+# customize the following for local OpenStack parameters
+# ubuntu_1604_image: local OpenStack's image name for Ubuntu 1604
+# apt_proxy: host and port of the apt server
+# docker_proxy: host and port of the docker registry
+# k8s_vm_flavor: dimension of the VMs for the k8s cluster nodes
+# public_net_id: the UUID of the IPv4 network where VMs get their IPv4 floating IP addresses
+# public_v6net_id: the UUID of the IPv6 network where the VMs connect their IPv6 interfaces to
+# int_net_cidr: the address space of the internal network connecting all VMs of the stack
+# helm_override_yaml: the configurations for Helm deployments
+parameters:
+ ubuntu_1604_image: "${OS_IMAGE_NAME}"
+ apt_proxy: "${OS_APT_PROXY}"
+ docker_proxy: "${OS_DOCKER_PROXY}"
+ public_net_id: "${OS_PUBLIC_NET_ID}"
+ public_v6net_id: "${OS_PUBLIC_V6NET_ID}"
+ key_name: "${OS_KEY_NAME}"
+
+ docker_version: "${INFRA_DOCKER_VERSION}"
+ k8s_version: "${INFRA_K8S_VERSION}"
+ k8s_cni_version: "${INFRA_CNI_VERSION}"
+ helm_version: "${INFRA_HELM_VERSION}"
+
+ k8s_vm_flavor: m1.medium
+ int_net_cidr: 10.0.0.0/16
+
+ helm_deploy_delay: 4m
+
+ helm_override_yaml: >
+ global:
+ repository: __docker_proxy__
+ pullPolicy: IfNotPresent
diff --git a/ric-infra/00-Kubernetes/heat/parts/part-1-v6.yaml b/ric-infra/00-Kubernetes/heat/parts/part-1-v6.yaml
new file mode 100644
index 0000000..e24f753
--- /dev/null
+++ b/ric-infra/00-Kubernetes/heat/parts/part-1-v6.yaml
@@ -0,0 +1,173 @@
+heat_template_version: 2015-10-15
+description: OpenStack HOT for RIC Kubernetes cluster
+
+parameters:
+ docker_proxy:
+ type: string
+ default: ""
+
+ apt_proxy:
+ type: string
+ default: ""
+
+ public_net_id:
+ type: string
+ description: The ID of the Public network for floating IP address allocation
+
+ public_v6net_id:
+ type: string
+ description: The ID of the IPv6 provider network for ipv6 interface IP address allocation
+
+ int_net_cidr:
+ type: string
+ description: CIDR of the OAM ONAP network
+
+ ubuntu_1604_image:
+ type: string
+ description: Name of the Ubuntu 16.04 image
+
+ k8s_vm_flavor:
+ type: string
+ description: VM flavor for k8s hosts
+
+ helm_override_yaml:
+ type: string
+ description: Content for helm_override.yaml
+
+ docker_manifest:
+ type: string
+ default: ""
+
+ key_name:
+ type: string
+ default: "id-oran-int"
+
+ docker_version:
+ type: string
+ default: "18.06.1"
+
+ k8s_version:
+ type: string
+ default: "1.13.3"
+
+ k8s_cni_version:
+ type: string
+ default: "0.6.0"
+
+ helm_version:
+ type: string
+ default: "2.12.3"
+
+ helm_deploy_delay:
+ type: string
+ default: "2m"
+
+ use_ramdisk:
+ type: string
+ description: Set to "true" if you want to use a RAM disk for /dockerdata-nfs/.
+ default: "false"
+
+ mtu:
+ type: number
+ default: 1500
+
+resources:
+ random-str:
+ type: OS::Heat::RandomString
+ properties:
+ length: 4
+
+ cinder_volume:
+ type: OS::Cinder::Volume
+ properties:
+ size: 5
+ name:
+ str_replace:
+ template: volume_rand
+ params:
+ rand: { get_resource: random-str }
+
+ # RIC security group
+ ric_sg:
+ type: OS::Neutron::SecurityGroup
+ properties:
+ name:
+ str_replace:
+ template: base_rand
+ params:
+ base: ric_sg
+ rand: { get_resource: random-str }
+ description: security group for RIC traffic
+ rules:
+ # All egress traffic
+ - direction: egress
+ ethertype: IPv4
+ - direction: egress
+ ethertype: IPv6
+ # ingress traffic
+ # ICMP
+ - protocol: icmp
+ ethertype: IPv4
+ - protocol: icmp
+ ethertype: IPv6
+ - protocol: udp
+ ethertype: IPv4
+ port_range_min: 1
+ port_range_max: 65535
+ - protocol: udp
+ ethertype: IPv6
+ port_range_min: 1
+ port_range_max: 65535
+ - protocol: tcp
+ ethertype: IPv4
+ port_range_min: 1
+ port_range_max: 65535
+ - protocol: tcp
+ ethertype: IPv6
+ port_range_min: 1
+ port_range_max: 65535
+ # additional IP Protocols to allow
+ # SCTP
+ - protocol: 132
+ ethertype: IPv4
+ - protocol: 132
+ ethertype: IPv6
+
+
+ # RIC internal network
+ int_network:
+ type: OS::Neutron::Net
+ properties:
+ name:
+ str_replace:
+ template: ric_network_rand
+ params:
+ rand: { get_resource: random-str }
+
+ int_subnet:
+ type: OS::Neutron::Subnet
+ properties:
+ name:
+ str_replace:
+ template: oam_network_rand
+ params:
+ rand: { get_resource: random-str }
+ network_id: { get_resource: int_network }
+ cidr: { get_param: int_net_cidr }
+ dns_nameservers: [ "8.8.8.8" ]
+
+
+ router:
+ type: OS::Neutron::Router
+ properties:
+ name:
+ list_join: ['-', [{ get_param: 'OS::stack_name' }, 'router']]
+ external_gateway_info:
+ network: { get_param: public_net_id }
+
+ router_interface:
+ type: OS::Neutron::RouterInterface
+ properties:
+ router_id: { get_resource: router }
+ subnet_id: { get_resource: int_subnet }
+
diff --git a/ric-infra/00-Kubernetes/heat/parts/part-1.yaml b/ric-infra/00-Kubernetes/heat/parts/part-1.yaml
new file mode 100644
index 0000000..a0ff0eb
--- /dev/null
+++ b/ric-infra/00-Kubernetes/heat/parts/part-1.yaml
@@ -0,0 +1,189 @@
+heat_template_version: 2015-10-15
+description: OpenStack HOT for RIC Kubernetes cluster
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+parameters:
+ docker_proxy:
+ type: string
+ default: ""
+
+ apt_proxy:
+ type: string
+ default: ""
+
+ public_net_id:
+ type: string
+ description: The ID of the Public network for floating IP address allocation
+
+ public_v6net_id:
+ type: string
+ description: The ID of the IPv6 provider network for ipv6 interface IP address allocation
+
+ int_net_cidr:
+ type: string
+ description: CIDR of the OAM ONAP network
+
+ ubuntu_1604_image:
+ type: string
+ description: Name of the Ubuntu 16.04 image
+
+ k8s_vm_flavor:
+ type: string
+ description: VM flavor for k8s hosts
+
+ helm_override_yaml:
+ type: string
+ description: Content for helm_override.yaml
+
+ docker_manifest:
+ type: string
+ default: ""
+
+ key_name:
+ type: string
+ default: "id-oran-int"
+
+ docker_version:
+ type: string
+ default: "18.06.1"
+
+ k8s_version:
+ type: string
+ default: "1.13.3"
+
+ k8s_cni_version:
+ type: string
+ default: "0.6.0"
+
+ helm_version:
+ type: string
+ default: "2.12.3"
+
+ helm_deploy_delay:
+ type: string
+ default: "2m"
+
+ use_ramdisk:
+ type: string
+ description: Set to "true" if you want to use a RAM disk for /dockerdata-nfs/.
+ default: "false"
+
+ mtu:
+ type: number
+ default: 1500
+
+resources:
+ random-str:
+ type: OS::Heat::RandomString
+ properties:
+ length: 4
+
+ cinder_volume:
+ type: OS::Cinder::Volume
+ properties:
+ size: 5
+ name:
+ str_replace:
+ template: volume_rand
+ params:
+ rand: { get_resource: random-str }
+
+ # RIC security group
+ ric_sg:
+ type: OS::Neutron::SecurityGroup
+ properties:
+ name:
+ str_replace:
+ template: base_rand
+ params:
+ base: ric_sg
+ rand: { get_resource: random-str }
+ description: security group for RIC traffic
+ rules:
+ # All egress traffic
+ - direction: egress
+ ethertype: IPv4
+ - direction: egress
+ ethertype: IPv6
+ # ingress traffic
+ # ICMP
+ - protocol: icmp
+ ethertype: IPv4
+ - protocol: icmp
+ ethertype: IPv6
+ - protocol: udp
+ ethertype: IPv4
+ port_range_min: 1
+ port_range_max: 65535
+ - protocol: udp
+ ethertype: IPv6
+ port_range_min: 1
+ port_range_max: 65535
+ - protocol: tcp
+ ethertype: IPv4
+ port_range_min: 1
+ port_range_max: 65535
+ - protocol: tcp
+ ethertype: IPv6
+ port_range_min: 1
+ port_range_max: 65535
+ # additional IP Protocols to allow
+ # SCTP
+ - protocol: 132
+ ethertype: IPv4
+ - protocol: 132
+ ethertype: IPv6
+
+
+ # RIC internal network
+ int_network:
+ type: OS::Neutron::Net
+ properties:
+ name:
+ str_replace:
+ template: ric_network_rand
+ params:
+ rand: { get_resource: random-str }
+
+ int_subnet:
+ type: OS::Neutron::Subnet
+ properties:
+ name:
+ str_replace:
+ template: oam_network_rand
+ params:
+ rand: { get_resource: random-str }
+ network_id: { get_resource: int_network }
+ cidr: { get_param: int_net_cidr }
+ dns_nameservers: [ "8.8.8.8" ]
+
+
+ router:
+ type: OS::Neutron::Router
+ properties:
+ name:
+ list_join: ['-', [{ get_param: 'OS::stack_name' }, 'router']]
+ external_gateway_info:
+ network: { get_param: public_net_id }
+
+ router_interface:
+ type: OS::Neutron::RouterInterface
+ properties:
+ router_id: { get_resource: router }
+ subnet_id: { get_resource: int_subnet }
+
diff --git a/ric-infra/00-Kubernetes/heat/parts/part-2-v6.yaml b/ric-infra/00-Kubernetes/heat/parts/part-2-v6.yaml
new file mode 100644
index 0000000..1f0e8a7
--- /dev/null
+++ b/ric-infra/00-Kubernetes/heat/parts/part-2-v6.yaml
@@ -0,0 +1,105 @@
+ ${VM_TYPE}_${VM_NUM}_private_port:
+ type: OS::Neutron::Port
+ properties:
+ network: { get_resource: int_network }
+ fixed_ips: [{"subnet": { get_resource: int_subnet }}]
+ security_groups:
+ - { get_resource: ric_sg }
+
+ ${VM_TYPE}_${VM_NUM}_ipv6_port:
+ type: OS::Neutron::Port
+ properties:
+ network_id: { get_param: public_v6net_id }
+ security_groups:
+ - { get_resource: ric_sg }
+
+ ${VM_TYPE}_${VM_NUM}_floating_ip:
+ type: OS::Neutron::FloatingIP
+ properties:
+ floating_network_id: { get_param: public_net_id }
+ port_id: { get_resource: ${VM_TYPE}_${VM_NUM}_private_port }
+
+ ${VM_TYPE}_${VM_NUM}_vm_scripts:
+ type: OS::Heat::CloudConfig
+ properties:
+ cloud_config:
+ power_state:
+ mode: reboot
+ runcmd:
+ - [ /opt/k8s_vm_install.sh ]
+ write_files:
+ - path: /opt/k8s_vm_install.sh
+ permissions: '0755'
+ content:
+ str_replace:
+ params:
+ __docker_proxy__: { get_param: docker_proxy }
+ __apt_proxy__: { get_param: apt_proxy }
+ __docker_version__: { get_param: docker_version }
+ __k8s_version__: { get_param: k8s_version }
+ __k8s_cni_version__: { get_param: k8s_cni_version }
+ __helm_version__: { get_param: helm_version }
+ __host_private_ip_addr__: { get_attr: [${VM_TYPE}_${VM_NUM}_floating_ip, fixed_ip_address] }
+ __host_floating_ip_addr__: { get_attr: [${VM_TYPE}_${VM_NUM}_floating_ip, floating_ip_address] }
+ __host_private_ipv6_addr__: { get_attr: [${VM_TYPE}_${VM_NUM}_ipv6_port, fixed_ips, 0, ip_address ] }
+ __k8s_mst_floating_ip_addr__: { get_attr: [${VM_TYPE}_mst_floating_ip, floating_ip_address] }
+ __k8s_mst_private_ip_addr__: { get_attr: [${VM_TYPE}_mst_floating_ip, fixed_ip_address] }
+ __k8s_mst_parivate_ipv6_addr__: { get_attr: [${VM_TYPE}_mst_ipv6_port, fixed_ips, 0, ip_address] }
+ __mtu__: { get_param: mtu }
+ __cinder_volume_id__: { get_resource: cinder_volume }
+ __stack_name__: { get_param: 'OS::stack_name' }
+ template:
+ get_file: k8s_vm_install.sh
+ - path: /opt/k8s_vm_init.sh
+ permissions: '0755'
+ content:
+ str_replace:
+ params:
+ __host_private_ip_addr__: { get_attr: [${VM_TYPE}_${VM_NUM}_floating_ip, fixed_ip_address] }
+ __host_label__: '$HOST_LABEL'
+ template:
+ get_file: k8s_vm_init.sh
+ - path: /opt/k8s_vm_aux_install.sh
+ permissions: '0755'
+ content:
+ str_replace:
+ params:
+ __host_label__: '$HOST_LABEL'
+ template:
+ get_file: k8s_vm_aux_install.sh
+
+ - path: /opt/k8s_vm_custom_repos.sh
+ permissions: '0755'
+ content:
+ str_replace:
+ params:
+ __host_label__: '$HOST_LABEL'
+ template:
+ get_file: k8s_vm_custom_repos.sh
+
+ - path: /etc/init.d/k8s_vm_init_serv
+ permissions: '0755'
+ content:
+ get_file: k8s_vm_init_serv.sh
+
+
+ ${VM_TYPE}_${VM_NUM}_vm_config:
+ type: OS::Heat::MultipartMime
+ properties:
+ parts:
+ - config: { get_resource: ${VM_TYPE}_${VM_NUM}_vm_scripts }
+
+ ${VM_TYPE}_${VM_NUM}_vm:
+ type: OS::Nova::Server
+ properties:
+ name:
+ list_join: ['-', [ { get_param: 'OS::stack_name' }, '${VM_TYPE}', '${VM_NUM}' ] ]
+ image: { get_param: ubuntu_1604_image }
+ flavor: { get_param: ${VM_TYPE}_vm_flavor }
+ key_name: { get_param: key_name }
+ networks:
+ - port: { get_resource: ${VM_TYPE}_${VM_NUM}_private_port }
+ - port: { get_resource: ${VM_TYPE}_${VM_NUM}_ipv6_port }
+ user_data_format: SOFTWARE_CONFIG
+ user_data: { get_resource: ${VM_TYPE}_${VM_NUM}_vm_config }
+
diff --git a/ric-infra/00-Kubernetes/heat/parts/part-2.yaml b/ric-infra/00-Kubernetes/heat/parts/part-2.yaml
new file mode 100644
index 0000000..a564f2e
--- /dev/null
+++ b/ric-infra/00-Kubernetes/heat/parts/part-2.yaml
@@ -0,0 +1,75 @@
+ ${VM_TYPE}_${VM_NUM}_private_port:
+ type: OS::Neutron::Port
+ properties:
+ network: { get_resource: int_network }
+ fixed_ips: [{"subnet": { get_resource: int_subnet }}]
+ security_groups:
+ - { get_resource: ric_sg }
+
+ ${VM_TYPE}_${VM_NUM}_floating_ip:
+ type: OS::Neutron::FloatingIP
+ properties:
+ floating_network_id: { get_param: public_net_id }
+ port_id: { get_resource: ${VM_TYPE}_${VM_NUM}_private_port }
+
+ ${VM_TYPE}_${VM_NUM}_vm_scripts:
+ type: OS::Heat::CloudConfig
+ properties:
+ cloud_config:
+ power_state:
+ mode: reboot
+ runcmd:
+ - [ /opt/k8s_vm_install.sh ]
+ write_files:
+ - path: /opt/k8s_vm_install.sh
+ permissions: '0755'
+ content:
+ str_replace:
+ params:
+ __docker_proxy__: { get_param: docker_proxy }
+ __apt_proxy__: { get_param: apt_proxy }
+ __docker_version__: { get_param: docker_version }
+ __k8s_version__: { get_param: k8s_version }
+ __k8s_cni_version__: { get_param: k8s_cni_version }
+ __helm_version__: { get_param: helm_version }
+ __host_private_ip_addr__: { get_attr: [${VM_TYPE}_${VM_NUM}_floating_ip, fixed_ip_address] }
+ __k8s_mst_floating_ip_addr__: { get_attr: [${VM_TYPE}_mst_floating_ip, floating_ip_address] }
+ __k8s_mst_private_ip_addr__: { get_attr: [${VM_TYPE}_mst_floating_ip, fixed_ip_address] }
+ __mtu__: { get_param: mtu }
+ __cinder_volume_id__: { get_resource: cinder_volume }
+ __stack_name__: { get_param: OS::stack_name }
+ template:
+ get_file: k8s_vm_install.sh
+ - path: /opt/k8s_vm_init.sh
+ permissions: '0755'
+ content:
+ str_replace:
+ params:
+ __host_private_ip_addr__: { get_attr: [${VM_TYPE}_${VM_NUM}_floating_ip, fixed_ip_address] }
+ __host_label__: '$HOST_LABEL'
+ template:
+ get_file: k8s_vm_init.sh
+ - path: /etc/init.d/k8s_vm_init_serv
+ permissions: '0755'
+ content:
+ get_file: k8s_vm_init_serv.sh
+
+ ${VM_TYPE}_${VM_NUM}_vm_config:
+ type: OS::Heat::MultipartMime
+ properties:
+ parts:
+ - config: { get_resource: ${VM_TYPE}_${VM_NUM}_vm_scripts }
+
+ ${VM_TYPE}_${VM_NUM}_vm:
+ type: OS::Nova::Server
+ properties:
+ name:
+ list_join: ['-', [ { get_param: 'OS::stack_name' }, '${VM_TYPE}', '${VM_NUM}' ] ]
+ image: { get_param: ubuntu_1604_image }
+ flavor: { get_param: ${VM_TYPE}_vm_flavor }
+ key_name: { get_param: key_name }
+ networks:
+ - port: { get_resource: ${VM_TYPE}_${VM_NUM}_private_port }
+ user_data_format: SOFTWARE_CONFIG
+ user_data: { get_resource: ${VM_TYPE}_${VM_NUM}_vm_config }
+
diff --git a/ric-infra/00-Kubernetes/heat/parts/part-3-v6.yaml b/ric-infra/00-Kubernetes/heat/parts/part-3-v6.yaml
new file mode 100644
index 0000000..abf89ad
--- /dev/null
+++ b/ric-infra/00-Kubernetes/heat/parts/part-3-v6.yaml
@@ -0,0 +1,3 @@
+outputs:
+ cinder_volume_id:
+ value: {get_resource: cinder_volume}
diff --git a/ric-infra/00-Kubernetes/heat/parts/part-3.yaml b/ric-infra/00-Kubernetes/heat/parts/part-3.yaml
new file mode 100644
index 0000000..5d0e9c5
--- /dev/null
+++ b/ric-infra/00-Kubernetes/heat/parts/part-3.yaml
@@ -0,0 +1,4 @@
+
+outputs:
+ cinder_volume_id:
+ value: {get_resource: cinder_volume}
diff --git a/ric-infra/00-Kubernetes/heat/scripts/k8s_vm_aux_install.sh b/ric-infra/00-Kubernetes/heat/scripts/k8s_vm_aux_install.sh
new file mode 100644
index 0000000..4ee6d32
--- /dev/null
+++ b/ric-infra/00-Kubernetes/heat/scripts/k8s_vm_aux_install.sh
@@ -0,0 +1,95 @@
+# this script installs AUX infrastructure components
+
+# continue only on AUX cluster
+CINDER_V_ID=$(cat /opt/config/cinder_volume_id.txt)
+cat <<EOF > ./cinder_pv.yaml
+apiVersion: "v1"
+kind: "PersistentVolume"
+metadata:
+ name: "cinder-pv"
+spec:
+ capacity:
+ storage: "5Gi"
+ accessModes:
+ - "ReadWriteOnce"
+ cinder:
+ fsType: "ext3"
+ volumeID: "$CINDER_V_ID"
+EOF
+kubectl create -f ./cinder_pv.yaml
+
+
+# install fluentd
+LOGGING_NS="logging"
+kubectl create namespace "${LOGGING_NS}"
+while ! helm repo add incubator "https://kubernetes-charts-incubator.storage.googleapis.com/"; do
+ sleep 10
+done
+helm repo update
+helm install incubator/elasticsearch \
+ --namespace "${LOGGING_NS}" \
+ --name elasticsearch \
+ --set image.tag=6.7.0 \
+ --set data.terminationGracePeriodSeconds=0 \
+ --set master.persistence.enabled=false \
+ --set data.persistence.enabled=false
+helm install stable/fluentd-elasticsearch \
+ --name fluentd \
+ --namespace "${LOGGING_NS}" \
+ --set elasticsearch.host=elasticsearch-client.${LOGGING_NS}.svc.cluster.local \
+ --set elasticsearch.port=9200
+helm install stable/kibana \
+ --name kibana \
+ --namespace "${LOGGING_NS}" \
+ --set env.ELASTICSEARCH_URL=http://elasticsearch-client.${LOGGING_NS}.svc.cluster.local:9200 \
+ --set env.ELASTICSEARCH_HOSTS=http://elasticsearch-client.${LOGGING_NS}.svc.cluster.local:9200 \
+ --set env.SERVER_BASEPATH=/api/v1/namespaces/${LOGGING_NS}/services/kibana/proxy
+ #--set image.tag=6.4.2 \
+
+KIBANA_POD_NAME=$(kubectl get pods --selector=app=kibana -n "${LOGGING_NS}" \
+ --output=jsonpath="{.items..metadata.name}")
+wait_for_pods_running 1 "${LOGGING_NS}" "${KIBANA_POD_NAME}"
+
+
+# install prometheus
+PROMETHEUS_NS="monitoring"
+OPERATOR_POD_NAME="prometheus-prometheus-operator-prometheus-0"
+ALERTMANAGER_POD_NAME="alertmanager-prometheus-operator-alertmanager-0"
+helm install stable/prometheus-operator --name prometheus-operator --namespace "${PROMETHEUS_NS}"
+wait_for_pods_running 1 "${PROMETHEUS_NS}" "${OPERATOR_POD_NAME}"
+
+GRAFANA_POD_NAME=$(kubectl get pods --selector=app=grafana -n "${PROMETHEUS_NS}" \
+ --output=jsonpath="{.items..metadata.name}")
+
+
+
+cat <<EOF > ./ingress_lm.yaml
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: ingress-lm
+ annotations:
+ nginx.ingress.kubernetes.io/rewrite-target: /
+spec:
+ rules:
+ - http:
+ paths:
+ - path: /kibana
+ backend:
+ serviceName: kibana
+ servicePort: 5601
+ - path: /operator
+ backend:
+ serviceName: prometheus-operator-prometheus
+ servicePort: 9090
+ - path: /alertmanager
+ backend:
+ serviceName: prometheus-operator-alertmanager
+ servicePort: 9093
+ - path: /grafana
+ backend:
+ serviceName: prometheus-operator-grafana
+ servicePort: 3000
+EOF
+kubectl apply -f ingress-lm.yaml
+
diff --git a/ric-infra/00-Kubernetes/heat/scripts/k8s_vm_custom_repos.sh b/ric-infra/00-Kubernetes/heat/scripts/k8s_vm_custom_repos.sh
new file mode 100644
index 0000000..6b80a84
--- /dev/null
+++ b/ric-infra/00-Kubernetes/heat/scripts/k8s_vm_custom_repos.sh
@@ -0,0 +1,34 @@
+# add rancodev CI tool hostnames
+if [ ! -z "${__RUNRICENV_GERRIT_IP__}" ]; then
+ echo "${__RUNRICENV_GERRIT_IP__} ${__RUNRICENV_GERRIT_HOST__}" >> /etc/hosts
+fi
+
+if [ ! -z "${__RUNRICENV_DOCKER_IP__}" ]; then
+ echo "${__RUNRICENV_DOCKER_IP__} ${__RUNRICENV_DOCKER_HOST__}" >> /etc/hosts
+
+ if [ ! -z "${__RUNRICENV_DOCKER_CERT__}" ]; then
+ mkdir -p /etc/docker/certs.d/${__RUNRICENV_DOCKER_HOST__}:${__RUNRICENV_DOCKER_PORT__}
+ cat <<EOF >/etc/docker/ca.crt
+${__RUNRICENV_DOCKER_CERT__}
+EOF
+ cp /etc/docker/ca.crt \
+ /etc/docker/certs.d/${__RUNRICENV_DOCKER_HOST__}:${__RUNRICENV_DOCKER_PORT__}/ca.crt
+ fi
+
+ service docker restart
+ systemctl enable docker.service
+ docker login -u ${__RUNRICENV_DOCKER_USER__} -p ${__RUNRICENV_DOCKER_PASS__} \
+ ${__RUNRICENV_DOCKER_HOST__}:${__RUNRICENV_DOCKER_PORT__}
+ docker pull ${__RUNRICENV_DOCKER_HOST__}:${__RUNRICENV_DOCKER_PORT__}/whoami:0.0.1
+fi
+
+
+if [ ! -z "${__RUNRICENV_HELMREPO_IP__}" ]; then
+ echo "${__RUNRICENV_HELMREPO_IP__} ${__RUNRICENV_HELMREPO_HOST__}" >> /etc/hosts
+ if [ ! -z "${__RUNRICENV_HELMREPO_CERT__}" ]; then
+ cat <<EOF >/etc/ca-certificates/update.d/helm.crt
+${__RUNRICENV_HELMREPO_CERT__}
+EOF
+ fi
+fi
+
diff --git a/ric-infra/00-Kubernetes/heat/scripts/k8s_vm_init.sh b/ric-infra/00-Kubernetes/heat/scripts/k8s_vm_init.sh
new file mode 100644
index 0000000..6b0a402
--- /dev/null
+++ b/ric-infra/00-Kubernetes/heat/scripts/k8s_vm_init.sh
@@ -0,0 +1,20 @@
+#!/bin/bash -x
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+echo "k8s_vm_init.sh"
+
diff --git a/ric-infra/00-Kubernetes/heat/scripts/k8s_vm_init_serv.sh b/ric-infra/00-Kubernetes/heat/scripts/k8s_vm_init_serv.sh
new file mode 100644
index 0000000..93d8783
--- /dev/null
+++ b/ric-infra/00-Kubernetes/heat/scripts/k8s_vm_init_serv.sh
@@ -0,0 +1,117 @@
+#!/bin/sh
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+### BEGIN INIT INFO
+# Provides: k8s_vm_init.sh
+# Required-Start: $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Start daemon at boot time
+# Description: Enable service provided by daemon.
+### END INIT INFO
+
+echo "k8s_vm_init_serv.sh"
+
+
+dir="/opt"
+cmd="./k8s_vm_init.sh"
+user="root"
+
+name=`basename $0`
+pid_file="/var/run/$name.pid"
+stdout_log="/var/log/$name.log"
+stderr_log="/var/log/$name.err"
+
+get_pid() {
+ cat "$pid_file"
+}
+
+is_running() {
+ [ -f "$pid_file" ] && ps `get_pid` > /dev/null 2>&1
+}
+
+case "$1" in
+ start)
+ if is_running; then
+ echo "Already started"
+ else
+ echo "Starting $name"
+ cd "$dir"
+ if [ -z "$user" ]; then
+ sudo $cmd >> "$stdout_log" 2>> "$stderr_log" &
+ else
+ sudo -u "$user" $cmd >> "$stdout_log" 2>> "$stderr_log" &
+ fi
+ echo $! > "$pid_file"
+ if ! is_running; then
+ echo "Unable to start, see $stdout_log and $stderr_log"
+ exit 1
+ fi
+ fi
+ ;;
+ stop)
+ if is_running; then
+ echo -n "Stopping $name.."
+ kill `get_pid`
+ for i in {1..10}
+ do
+ if ! is_running; then
+ break
+ fi
+
+ echo -n "."
+ sleep 1
+ done
+ echo
+
+ if is_running; then
+ echo "Not stopped; may still be shutting down or shutdown may have failed"
+ exit 1
+ else
+ echo "Stopped"
+ if [ -f "$pid_file" ]; then
+ rm "$pid_file"
+ fi
+ fi
+ else
+ echo "Not running"
+ fi
+ ;;
+ restart)
+ $0 stop
+ if is_running; then
+ echo "Unable to stop, will not attempt to start"
+ exit 1
+ fi
+ $0 start
+ ;;
+ status)
+ if is_running; then
+ echo "Running"
+ else
+ echo "Stopped"
+ exit 1
+ fi
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|status}"
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/ric-infra/00-Kubernetes/heat/scripts/k8s_vm_install.sh b/ric-infra/00-Kubernetes/heat/scripts/k8s_vm_install.sh
new file mode 100644
index 0000000..54dbc3e
--- /dev/null
+++ b/ric-infra/00-Kubernetes/heat/scripts/k8s_vm_install.sh
@@ -0,0 +1,308 @@
+#!/bin/bash -x
+################################################################################
+# Copyright (c) 2019 AT&T Intellectual Property. #
+# Copyright (c) 2019 Nokia. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
+
+# first parameter: number of expected running pods
+# second parameter: namespace (all-namespaces means all namespaces)
+# third parameter: [optional] keyword
+wait_for_pods_running () {
+ NS="$2"
+ CMD="kubectl get pods --all-namespaces "
+ if [ "$NS" != "all-namespaces" ]; then
+ CMD="kubectl get pods -n $2 "
+ fi
+ KEYWORD="Running"
+ if [ "$#" == "3" ]; then
+ KEYWORD="${3}.*Running"
+ fi
+
+ CMD2="$CMD | grep \"$KEYWORD\" | wc -l"
+ NUMPODS=$(eval "$CMD2")
+ echo "waiting for $NUMPODS/$1 pods running in namespace [$NS] with keyword [$KEYWORD]"
+ while [ $NUMPODS -lt $1 ]; do
+ sleep 5
+ NUMPODS=$(eval "$CMD2")
+ echo "> waiting for $NUMPODS/$1 pods running in namespace [$NS] with keyword [$KEYWORD]"
+ done
+}
+
+
+# first parameter: interface name
+start_ipv6_if () {
+ # enable ipv6 interface
+ # standard Ubuntu cloud image does not have dual interface configuration or ipv6
+ IPv6IF="$1"
+ if ifconfig -a $IPv6IF; then
+ echo "" >> /etc/network/interfaces.d/50-cloud-init.cfg
+ #echo "auto ${IPv6IF}" >> /etc/network/interfaces.d/50-cloud-init.cfg
+ echo "allow-hotplug ${IPv6IF}" >> /etc/network/interfaces.d/50-cloud-init.cfg
+ echo "iface ${IPv6IF} inet6 auto" >> /etc/network/interfaces.d/50-cloud-init.cfg
+ #dhclient -r $IPv6IF
+ #systemctl restart networking
+ ifconfig ${IPv6IF} up
+ fi
+}
+
+echo "k8s_vm_install.sh"
+set -x
+export DEBIAN_FRONTEND=noninteractive
+echo "__host_private_ip_addr__ $(hostname)" >> /etc/hosts
+printenv
+
+mkdir -p /opt/config
+echo "__docker_version__" > /opt/config/docker_version.txt
+echo "__k8s_version__" > /opt/config/k8s_version.txt
+echo "__k8s_cni_version__" > /opt/config/k8s_cni_version.txt
+echo "__helm_version__" > /opt/config/helm_version.txt
+echo "__host_private_ip_addr__" > /opt/config/host_private_ip_addr.txt
+echo "__k8s_mst_floating_ip_addr__" > /opt/config/k8s_mst_floating_ip_addr.txt
+echo "__k8s_mst_private_ip_addr__" > /opt/config/k8s_mst_private_ip_addr.txt
+echo "__mtu__" > /opt/config/mtu.txt
+echo "__cinder_volume_id__" > /opt/config/cinder_volume_id.txt
+echo "__stack_name__" > /opt/config/stack_name.txt
+
+ISAUX='false'
+if [[ $(cat /opt/config/stack_name.txt) == *aux* ]]; then
+ ISAUX='true'
+fi
+
+modprobe -- ip_vs
+modprobe -- ip_vs_rr
+modprobe -- ip_vs_wrr
+modprobe -- ip_vs_sh
+modprobe -- nf_conntrack_ipv4
+modprobe -- nf_conntrack_ipv6
+modprobe -- nf_conntrack_proto_sctp
+
+start_ipv6_if ens4
+
+# disable swap
+SWAPFILES=$(grep swap /etc/fstab | sed '/^#/ d' |cut -f1 -d' ')
+if [ ! -z $SWAPFILES ]; then
+ for SWAPFILE in $SWAPFILES
+ do
+ if [ ! -z $SWAPFILE ]; then
+ echo "disabling swap file $SWAPFILE"
+ if [[ $SWAPFILE == UUID* ]]; then
+ UUID=$(echo $SWAPFILE | cut -f2 -d'=')
+ swapoff -U $UUID
+ else
+ swapoff $SWAPFILE
+ fi
+ # edit /etc/fstab file, remove line with /swapfile
+ sed -i -e "/$SWAPFILE/d" /etc/fstab
+ fi
+ done
+fi
+# disable swap
+#swapoff /swapfile
+# edit /etc/fstab file, remove line with /swapfile
+#sed -i -e '/swapfile/d' /etc/fstab
+
+
+DOCKERV=$(cat /opt/config/docker_version.txt)
+KUBEV=$(cat /opt/config/k8s_version.txt)
+KUBECNIV=$(cat /opt/config/k8s_cni_version.txt)
+
+KUBEVERSION="${KUBEV}-00"
+CNIVERSION="${KUBECNIV}-00"
+DOCKERVERSION="${DOCKERV}-0ubuntu1.2~16.04.1"
+curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
+echo 'deb http://apt.kubernetes.io/ kubernetes-xenial main' > /etc/apt/sources.list.d/kubernetes.list
+
+# install low latency kernel, docker.io, and kubernetes
+apt-get update
+apt-get install -y linux-image-4.15.0-45-lowlatency curl jq netcat docker.io=${DOCKERVERSION}
+apt-get install -y kubernetes-cni=${CNIVERSION}
+apt-get install -y --allow-unauthenticated kubeadm=${KUBEVERSION} kubelet=${KUBEVERSION} kubectl=${KUBEVERSION}
+apt-mark hold kubernetes-cni kubelet kubeadm kubectl
+
+
+# test access to k8s docker registry
+kubeadm config images pull
+
+
+# non-master nodes have hostnames ending with -[0-9][0-9]
+if [[ $(hostname) == *-[0-9][0-9] ]]; then
+ echo "Done for non-master node"
+ echo "Starting an NC TCP server on port 29999 to indicate we are ready"
+ nc -l -p 29999 &
+else
+ # below are steps for initializating master node, only run on the master node.
+ # minion node join will be triggered from the caller of the stack creation as ssh command.
+
+
+ # create kubenetes config file
+ if [[ ${KUBEV} == 1.13.* ]]; then
+ cat <<EOF >/root/config.yaml
+apiVersion: kubeadm.k8s.io/v1alpha3
+kubernetesVersion: v${KUBEV}
+kind: ClusterConfiguration
+apiServerExtraArgs:
+ feature-gates: SCTPSupport=true
+networking:
+ dnsDomain: cluster.local
+ podSubnet: 10.244.0.0/16
+ serviceSubnet: 10.96.0.0/12
+
+---
+apiVersion: kubeproxy.config.k8s.io/v1alpha1
+kind: KubeProxyConfiguration
+mode: ipvs
+EOF
+
+ elif [[ ${KUBEV} == 1.14.* ]]; then
+ cat <<EOF >/root/config.yaml
+apiVersion: kubeadm.k8s.io/v1beta1
+kubernetesVersion: v${KUBEV}
+kind: ClusterConfiguration
+apiServerExtraArgs:
+ feature-gates: SCTPSupport=true
+networking:
+ dnsDomain: cluster.local
+ podSubnet: 10.244.0.0/16
+ serviceSubnet: 10.96.0.0/12
+
+---
+apiVersion: kubeproxy.config.k8s.io/v1alpha1
+kind: KubeProxyConfiguration
+mode: ipvs
+EOF
+
+ else
+ echo "Unsupported Kubernetes version requested. Bail."
+ exit
+ fi
+
+
+ # create a RBAC file for helm (tiller)
+ cat <<EOF > /root/rbac-config.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: tiller
+ namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: tiller
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+ - kind: ServiceAccount
+ name: tiller
+ namespace: kube-system
+EOF
+
+ # start cluster (make sure CIDR is enabled with the flag)
+ kubeadm init --config /root/config.yaml
+
+
+ # install Helm
+ HELMV=$(cat /opt/config/helm_version.txt)
+ HELMVERSION=${HELMV}
+ cd /root
+ mkdir Helm
+ cd Helm
+ wget https://storage.googleapis.com/kubernetes-helm/helm-v${HELMVERSION}-linux-amd64.tar.gz
+ tar -xvf helm-v${HELMVERSION}-linux-amd64.tar.gz
+ mv linux-amd64/helm /usr/local/bin/helm
+
+ # set up kubectl credential and config
+ cd /root
+ rm -rf .kube
+ mkdir -p .kube
+ cp -i /etc/kubernetes/admin.conf /root/.kube/config
+ chown root:root /root/.kube/config
+
+ # at this point we should be able to use kubectl
+ kubectl get pods --all-namespaces
+
+ # install flannel
+ kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/bc79dd1505b0c8681ece4de4c0d86c5cd2643275/Documentation/kube-flannel.yml
+
+
+ # waiting for all 8 kube-system pods to be in running state
+ # (at this point, minions have not joined yet)
+ wait_for_pods_running 8 kube-system
+
+ # if running a single node cluster, need to enable master node to run pods
+ kubectl taint nodes --all node-role.kubernetes.io/master-
+
+ cd /root
+ # install RBAC for Helm
+ kubectl create -f rbac-config.yaml
+
+
+ rm -rf /root/.helm
+ helm init --service-account tiller
+ export HELM_HOME="/root/.helm"
+
+ # waiting for tiller pod to be in running state
+ wait_for_pods_running 1 kube-system tiller-deploy
+
+ while ! helm version; do
+ echo "Waiting for Helm to be ready"
+ sleep 15
+ done
+
+ # install ingress controller db-less kong
+ helm install stable/kong --set ingressController.enabled=true --set postgresql.enabled=false --set env.database=off
+
+
+ echo "Starting an NC TCP server on port 29999 to indicate we are ready"
+ nc -l -p 29999 &
+
+ echo "Done with master node setup"
+fi
+
+
+# add rancodev CI tool hostnames
+if [[ ! -z "${__RUNRICENV_GERRIT_IP__}" && ! -z "${__RUNRICENV_GERRIT_HOST__}" ]]; then
+ echo "${__RUNRICENV_GERRIT_IP__} ${__RUNRICENV_GERRIT_HOST__}" >> /etc/hosts
+fi
+if [[ ! -z "${__RUNRICENV_DOCKER_IP__}" && ! -z "${__RUNRICENV_DOCKER_HOST__}" ]]; then
+ echo "${__RUNRICENV_DOCKER_IP__} ${__RUNRICENV_DOCKER_HOST__}" >> /etc/hosts
+fi
+if [[ ! -z "${__RUNRICENV_HELMREPO_IP__}" && ! -z "${__RUNRICENV_HELMREPO_HOST__}" ]]; then
+ echo "${__RUNRICENV_HELMREPO_IP__} ${__RUNRICENV_HELMREPO_HOST__}" >> /etc/hosts
+fi
+
+if [ ! -z "${__RUNRICENV_HELMREPO_CERT__}" ]; then
+ cat <<EOF >/etc/ca-certificates/update.d/helm.crt
+${__RUNRICENV_HELMREPO_CERT__}
+EOF
+fi
+
+# add cert for accessing docker registry in Azure
+if [ ! -z "${__RUNRICENV_DOCKER_CERT__}" ]; then
+ mkdir -p /etc/docker/certs.d/${__RUNRICENV_DOCKER_HOST__}:${__RUNRICENV_DOCKER_PORT__}
+ cat <<EOF >/etc/docker/ca.crt
+${__RUNRICENV_DOCKER_CERT__}
+EOF
+ cp /etc/docker/ca.crt /etc/docker/certs.d/${__RUNRICENV_DOCKER_HOST__}:${__RUNRICENV_DOCKER_PORT__}/ca.crt
+
+ service docker restart
+ systemctl enable docker.service
+ docker login -u ${__RUNRICENV_DOCKER_USER__} -p ${__RUNRICENV_DOCKER_PASS__} ${__RUNRICENV_DOCKER_HOST__}:${__RUNRICENV_DOCKER_PORT__}
+ docker pull ${__RUNRICENV_DOCKER_HOST__}:${__RUNRICENV_DOCKER_PORT__}/whoami:0.0.1
+fi
+