| #!/bin/bash |
| ################################################################################ |
| # Copyright (c) 2019 AT&T Intellectual Property. # |
| # Copyright (c) 2019 Nokia. # |
| # # |
| # Licensed under the Apache License, Version 2.0 (the "License"); # |
| # you may not use this file except in compliance with the License. # |
| # You may obtain a copy of the License at # |
| # # |
| # http://www.apache.org/licenses/LICENSE-2.0 # |
| # # |
| # Unless required by applicable law or agreed to in writing, software # |
| # distributed under the License is distributed on an "AS IS" BASIS, # |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # |
| # See the License for the specific language governing permissions and # |
| # limitations under the License. # |
| ################################################################################ |
| |
| function wait_for_pods() { |
| echo -n "waiting for $1 pods to run" |
| |
| STILL_WAITING=true |
| while $STILL_WAITING; do |
| STILL_WAITING=false |
| PODS=$(kubectl get pods -n $2 2>/dev/null | grep $1 | awk '{print $1}') |
| if [ -z $PODS ]; then |
| STILL_WAITING=true |
| sleep 1 |
| echo -n "." |
| fi |
| for POD in ${PODS}; do |
| if [[ $(kubectl get pod ${POD} -n $2 -o go-template --template "{{.status.phase}}") != "Running" ]]; then |
| STILL_WAITING=true |
| sleep 1 |
| echo -n "." |
| break |
| fi |
| done |
| done |
| |
| echo |
| } |
| |
| function wait_for_cats() { |
| echo -n "waiting for $1 daemonset to complete" |
| |
| STILL_WAITING=true |
| while $STILL_WAITING; do |
| STILL_WAITING=false |
| PODS=$(kubectl get pods -n $2 | grep $1 | awk '{print $1}') |
| for POD in ${PODS}; do |
| if [[ $(kubectl logs ${POD} -n $2 --tail 1) != "done" ]]; then |
| STILL_WAITING=true |
| sleep 1 |
| echo -n "." |
| break |
| fi |
| done |
| done |
| |
| echo |
| } |
| |
| KERNEL_OPTIMIZATION=false |
| IS_HELM3=$(helm version --short|grep -e "^v3") |
| |
| while [ -n "$1" ]; do # while loop starts |
| |
| case "$1" in |
| |
| -f) OVERRIDEYAML=$2 |
| shift |
| ;; |
| -c) LIST_OF_COMPONENTS=$2 |
| shift |
| ;; |
| -o) KERNEL_OPTIMIZATION=true |
| ;; |
| *) echo "Option $1 not recognized" ;; # In case you typed a different option other than a,b,c |
| |
| esac |
| |
| shift |
| |
| done |
| |
| if [ -z "$OVERRIDEYAML" ];then |
| echo "****************************************************************************************************************" |
| echo " ERROR " |
| echo "****************************************************************************************************************" |
| echo "RIC deployment without deployment recipe is currently disabled. Please specify an recipe with the -f option." |
| echo "****************************************************************************************************************" |
| exit 1 |
| fi |
| |
| if [ -z $IS_HELM3 ] |
| then |
| HAS_COMMON_PACKAGE=$(helm search local/ric-common | grep ric-common) |
| else |
| HAS_COMMON_PACKAGE=$(helm search repo local/ric-common | grep ric-common) |
| fi |
| |
| if [ -z "$HAS_COMMON_PACKAGE" ];then |
| echo "****************************************************************************************************************" |
| echo " ERROR " |
| echo "****************************************************************************************************************" |
| echo "Can't locate the ric-common helm package in the local repo. Please make sure that it is properly installed." |
| echo "****************************************************************************************************************" |
| exit 1 |
| fi |
| |
| DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" |
| COMMON_BLOCK=$(cat $OVERRIDEYAML | awk '/^common:/{getline; while ($0 ~ /^ +.*|^ *|^ *#.*$/) {print $0; if (getline == 0) {break}}}') |
| NAMESPACE_BLOCK=$(cat $OVERRIDEYAML | awk '/^ namespace:/{getline; while ($0 ~ /^ +.*|^ *|^ *#.*$/) {print $0; if (getline == 0) {break}}}') |
| PLTNAMESPACE=$(echo "$NAMESPACE_BLOCK" | awk '/^ *platform:/{print $2}') |
| INFRANAMESPACE=$(echo "$NAMESPACE_BLOCK" | awk '/^ *infra:/{print $2}') |
| XAPPNAMESPACE=$(echo "$NAMESPACE_BLOCK" | awk '/^ *xapp:/{print $2}') |
| RELEASE_PREFIX=$(echo "$COMMON_BLOCK" | awk '/^ *releasePrefix:/{print $2}') |
| LOCAL_REPOSITORY=$(echo "$COMMON_BLOCK" | awk '/^ *localregistry:/{print $2}') |
| |
| # replace the dbaasha with dbaas1 if deploying non HA DBaaS |
| COMPONENTS=${LIST_OF_COMPONENTS:-"infrastructure dbaas xapp-onboarder appmgr rtmgr e2mgr e2term a1mediator submgr vespamgr jaegeradapter o1mediator alarmadapter"} |
| echo "Deploying RIC infra components [$COMPONENTS]" |
| |
| |
| if ! kubectl get ns ${PLTNAMESPACE:-ricplt}> /dev/null 2>&1; then |
| kubectl create ns ${PLTNAMESPACE:-ricplt} |
| fi |
| if ! kubectl get ns ${INFRANAMESPACE:-ricinfra}> /dev/null 2>&1; then |
| kubectl create ns ${INFRANAMESPACE:-ricinfra} |
| fi |
| if ! kubectl get ns ${XAPPNAMESPACE:-ricxapp}> /dev/null 2>&1; then |
| kubectl create ns ${XAPPNAMESPACE:-ricxapp} |
| fi |
| FOUND_RECIPE=$(kubectl get configmap -n ${PLTNAMESPACE:-ricplt} ricplt-recipe 2>/dev/null ) |
| if [ ! -z "$FOUND_RECIPE" ]; then |
| kubectl delete configmap -n ${PLTNAMESPACE:-ricplt} ricplt-recipe |
| fi |
| kubectl create configmap -n ${PLTNAMESPACE:-ricplt} ricplt-recipe --from-file=recipe=$OVERRIDEYAML |
| |
| if [ ! -z "$LOCAL_REPOSITORY" ]; then |
| LOCAL_REPOSITORY="$LOCAL_REPOSITORY/" |
| fi |
| |
| |
| echo Add cluster roles |
| cat >ricplt-role.yaml <<EOF |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRole |
| metadata: |
| name: ricplt-system-tiller |
| rules: |
| - apiGroups: [""] |
| resources: ["deployments"] |
| verbs: ["get", "list", "create", "delete"] |
| - apiGroups: ["apiextensions.k8s.io"] |
| resources: ["customresourcedefinitions"] |
| verbs: ["get", "list", "create", "delete"] |
| - apiGroups: ["rbac.authorization.k8s.io"] |
| resources: ["clusterroles", "clusterrolebindings"] |
| verbs: ["get", "list", "create", "delete"] |
| - apiGroups: [""] |
| resources: ["events"] |
| verbs: ["create", "patch"] |
| - apiGroups: [""] |
| resources: ["nodes"] |
| verbs: ["list", "watch", "get"] |
| - apiGroups: [""] |
| resources: ["nodes/metrics"] |
| verbs: ["list", "watch", "get"] |
| - apiGroups: [""] |
| resources: ["nodes/proxy"] |
| verbs: ["list", "watch", "get"] |
| - apiGroups: ["configuration.konghq.com"] |
| resources: ["kongconsumers"] |
| verbs: ["get", "list", "watch"] |
| - apiGroups: ["configuration.konghq.com"] |
| resources: ["kongcredentials"] |
| verbs: ["get", "list", "watch"] |
| - apiGroups: ["configuration.konghq.com"] |
| resources: ["kongingresses"] |
| verbs: ["get", "list", "watch"] |
| - apiGroups: ["configuration.konghq.com"] |
| resources: ["kongplugins"] |
| verbs: ["get", "list", "watch"] |
| - apiGroups: ["networking.k8s.io"] |
| resources: ["ingresses"] |
| verbs: ["watch", "list", "get", "create", "delete", "update"] |
| - apiGroups: [""] |
| resources: ["ingresses"] |
| verbs: ["watch", "list", "get", "create", "delete", "update"] |
| - apiGroups: [""] |
| resources: ["persistentvolumes"] |
| verbs: ["watch", "list", "get", "create", "delete"] |
| - apiGroups: ["danm.k8s.io"] |
| resources: ["clusternetworks"] |
| verbs: ["watch", "list", "get", "create", "delete"] |
| - apiGroups: ["extensions"] |
| resources: ["ingresses/status"] |
| verbs: ["update", "get", "list", "watch"] |
| - apiGroups: ["networking.k8s.io"] |
| resources: ["ingresses/status"] |
| verbs: ["update", "get", "list", "watch"] |
| - apiGroups: ["certificates.k8s.io"] |
| resources: ["certificatesigningrequests"] |
| verbs: ["list", "watch"] |
| - apiGroups: ["storage.k8s.io"] |
| resources: ["storageclasses"] |
| verbs: ["list", "watch"] |
| - nonResourceURLs: ["/metrics"] |
| verbs: ["get"] |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRoleBinding |
| metadata: |
| name: ricplt-system-tiller |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: ClusterRole |
| name: ricplt-system-tiller |
| subjects: |
| - kind: ServiceAccount |
| name: tiller |
| namespace: kube-system |
| EOF |
| |
| if [ -z $IS_HELM3 ] |
| then |
| kubectl apply -f ricplt-role.yaml |
| rm ricplt-role.yaml |
| fi |
| |
| |
| # Add kernel optimization for radis services |
| if $KERNEL_OPTIMIZATION; then |
| cat >kernel_optimizer.yaml <<EOF |
| apiVersion: apps/v1 |
| kind: DaemonSet |
| metadata: |
| namespace: ${INFRANAMESPACE:-ricinfra} |
| name: redis-kernel-optimizer |
| spec: |
| selector: |
| matchLabels: |
| app: redis-kernel-optimizer |
| template: |
| metadata: |
| labels: |
| app: redis-kernel-optimizer |
| spec: |
| volumes: |
| - name: sys |
| hostPath: |
| path: /sys |
| containers: |
| - name: disable-thp |
| image: ${LOCAL_REPOSITORY}busybox |
| securityContext: |
| runAsNonRoot: false |
| privileged: true |
| runAsUser: 0 |
| command: ["sh", "-c"] |
| args: |
| - |- |
| set -e |
| set -o pipefail |
| trap 'exit' TERM |
| echo never > /rootfs/sys/kernel/mm/transparent_hugepage/enabled |
| echo never > /rootfs/sys/kernel/mm/transparent_hugepage/defrag |
| sysctl -w net.core.somaxconn=511 |
| grep -q -F [never] /sys/kernel/mm/transparent_hugepage/enabled |
| grep -q -F [never] /sys/kernel/mm/transparent_hugepage/defrag |
| sysctl -n net.core.somaxconn | grep 511 -q |
| echo "done" |
| while true; do sleep 1; done |
| volumeMounts: |
| - name: sys |
| mountPath: /rootfs/sys |
| EOF |
| kubectl apply -f kernel_optimizer.yaml |
| wait_for_pods redis-kernel-optimizer ${INFRANAMESPACE:-ricinfra} |
| wait_for_cats redis-kernel-optimizer ${INFRANAMESPACE:-ricinfra} |
| kubectl delete -f kernel_optimizer.yaml |
| rm kernel_optimizer.yaml |
| fi |
| |
| |
| for component in $COMPONENTS; do |
| helm dep up $DIR/../helm/$component |
| COMPONENT="${RELEASE_PREFIX}-$component" |
| if [ -z $IS_HELM3 ] |
| then |
| COMPONENT=" --name $COMPONENT" |
| fi |
| helm install -f $OVERRIDEYAML --namespace "${PLTNAMESPACE:-ricplt}" $COMPONENT $DIR/../helm/$component |
| sleep 8 |
| done |
| |
| |
| |
| |