aboutsummaryrefslogtreecommitdiffstats
path: root/deployment
AgeCommit message (Collapse)AuthorFilesLines
2021-08-24noheat deployment: loosen security groups constraintsMaciej Wereski1-11/+4
Current rules may cause kubernetes services to be blocked. This may lead to a lot of time wasted on debuging issues that aren't to any of deployed components. After all patches are in place and working we might try to come up with restricting Security Groups. Issue-ID: INT-1601 Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com> Change-Id: I2f36afefb72df1c4082bc9dda036713f4625ab46
2021-08-24noheat deployment: Add groups to dynamic inventoryMaciej Wereski1-0/+37
Also set variables that will be needed to deploy NFS. Issue-ID: INT-1601 Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com> Change-Id: Ibb033726f040246094f45ec5f1288b4bb4de0ef0
2021-08-23Update requirements of OpenStack noheat deploymentMaciej Wereski2-7/+9
Python dependencies are now tracked in requirements.txt file. Issue-ID: INT-1601 Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com> Change-Id: I47bbec6ad3e7b9e9fa3ec569d44605b803ac8271 Signed-off-by: mrichomme <morgan.richomme@orange.com>
2021-04-30Set up network for in-cluster deployment stagePawel Wieczorek7-0/+70
This patch adds new network traffic exceptions to the infrastructure setup step. This change has to be done during the infrastructure setup step because OpenStack client is not available from within the cluster. Issue-ID: INT-1601 Change-Id: I5adbce6197d8de6ab2bf7f54c73d6003442674da Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2021-04-30Add missing dependencies and artifacts for in-cluster deployment stagePawel Wieczorek1-0/+6
Configuration of the operation machine has to be altered before commencing in-cluster deployment stage - otherwise in-cluster playbook will not be even parsable (after changing Ansible control node). Issue-ID: INT-1601 Change-Id: Ic0fd8d3e36866dd588febfcee8e91f837b46f015 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2021-04-28Prepare operation machine for in-cluster deployment stagePawel Wieczorek6-1/+29
This patch creates an in-cluster inventory based on the dynamic one from creating OpenStack VMs. It will be used at the next deployment stage. This patch also adds missing documentation on required software to run these Ansible playbooks. Issue-ID: INT-1601 Change-Id: Ibf009a2530de989b1927a7a4a2f328fa61c1dd55 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2021-04-26Flatten Ansible role structurePawel Wieczorek16-10/+10
Given current constraints of CI Lab application of Ansible playbooks has to be divided into several stages (changing Ansible controller between them). This is why role structure can be flattened for increased readability. Issue-ID: INT-1601 Change-Id: I71f95649617e160f7887f03c6a96161fb8873c66 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2021-01-29Make adding Ubuntu Bionic image to the DevStack idempotentPawel Wieczorek1-2/+2
Relevant review: https://gerrit.onap.org/r/c/integration/+/116546/#message-dc666a721a0f7ee646626bef6d36e54b7786e38f Issue-ID: INT-1601 Change-Id: I3a37cb6b2ff8b200dcbad052653e0eac7af10c60 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2021-01-29Create cluster operator access informationPawel Wieczorek2-0/+14
Issue-ID: INT-1601 Change-Id: I218ec5521d97eab298ea0556f690f2bc3d8ccbfa Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2021-01-29Inject operator key when launching cluster instancesPawel Wieczorek2-13/+13
Issue-ID: INT-1601 Change-Id: Ie2c606d7afa191386124a0ad49619de40fb15c06 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2021-01-29Divide host group into cluster and operation instancesPawel Wieczorek4-4/+16
Issue-ID: INT-1601 Change-Id: I799f15077437bcd836c5a38a004d974eed64f707 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2021-01-29Accept host group as an argument to allow reusing rolesPawel Wieczorek4-4/+6
Issue-ID: INT-1601 Change-Id: I358332725272c44535257648c7fbccaf94d2ac30 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2021-01-07Allow using multiple remote IP prefixes for security groupsPawel Wieczorek4-5/+12
This patch is required for allowing machine-to-machine traffic within ONAP cluster with no Vagrant operator involvement. Issue-ID: INT-1601 Change-Id: I0159b3176ecb3e5783f4f87b9b507824fc411b2b Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2021-01-07Allow operator access to the clusterPawel Wieczorek6-57/+107
This patch creates operator keypair and deploys its public key to all machines in the cluster. Previously cluster could be accessed from OpenStack admin machine only. Additional information added to the "all.yml*" group variables allowed keeping current roles generic and flexible. Issue-ID: INT-1601 Change-Id: I6b289ff9a8c9ebe04562671b8f4b4468b543723f Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2021-01-07Add Ubuntu Bionic image to the DevStack instancePawel Wieczorek2-3/+18
Image "cirros-0.5.1-x86_64-disk" will no longer be suitable for testing ONAP infrastructure deployment because it lacks Python interpreter. Python is required for provisioning ONAP infrastructure VMs using Ansible. Issue-ID: INT-1601 Change-Id: I68aa4d941350b1abf32b4d2bc00cbee489af6587 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2021-01-07Divide OpenStack management access to admin and userPawel Wieczorek2-15/+32
This patch adds OpenStack admin management access to the local "root" user. Admin access is necessary to make changes to the default DevStack configuration after its creation. Package "python-openstackclient" is now installed globally (as root). This is the reason why it requires additional flag ("--ignore-installed") for overriding packages already available on the system - specifically PyYAML (3.11 available, 3.12 required). Issue-ID: INT-1601 Change-Id: Ia5a1000f2f2066073c4e4a92fcb823eed17c36fd Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2021-01-07Add local private key guardPawel Wieczorek1-0/+6
Private key can be retrieved from OpenStack during keypair creation only. Subsequent attempts to do so will result in getting an empty string. If private key already exists on the local machine and there is no guard local private key will be overwritten with an empty file. This patch adds local private key guard which allows subsequent runs of "create.yml" playbook without erasing local private key. Issue-ID: INT-1601 Change-Id: If3b3bb088bc8a2f9494e21e1826ac68adcc7a2cb Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2021-01-04cleanup.sh does not delete AAI cassandra keyspacemrichomme1-0/+6
Issue-ID: INT-1510 Signed-off-by: mrichomme <morgan.richomme@orange.com> Change-Id: I74a0e0ddd6d023f6e18ebc41b1affb244a27c0b1
2020-11-02Update rke config for windriver deploymentmrichomme1-1/+4
Issue-ID: INT-1763 Signed-off-by: mrichomme <morgan.richomme@orange.com> Change-Id: Idde89623869a98ba625a1ee7ffd09596fbb9b62d
2020-10-02optimize size and time using "--no-cache-dir"Pratik Raj1-1/+1
Using "--no-cache-dir" flag in pip install ,make sure dowloaded packages by pip don't cached on system . This is a best practise which make sure to fetch ftom repo instead of using local cached one . Further , in case of Docker Containers , by restricing caching , we can reduce image size. In term of stats , it depends upon the number of python packages multiplied by their respective size . e.g for heavy packages with a lot of dependencies it reduce a lot by don't caching pip packages. Further , more detail information can be found at https://medium.com/sciforce/strategies-of-docker-images-optimization-2ca9cc5719b6 Issue-ID: INT-1616 Signed-off-by: Pratik Raj <rajpratik71@gmail.com> Change-Id: Id3e28faf35f36258362323b4a96bcf0f3f95726b Signed-off-by: mrichomme <morgan.richomme@orange.com>
2020-09-23Set up and tear down test environment properlyPawel Wieczorek8-16/+44
Two issues were detected during testing deployment locally: - incomplete provisioning if set up from scratch [1], - leaving DevStack in unknown state if test failed. [1] https://www.vagrantup.com/docs/cli/up#provision-with-x-y-z Issue-ID: INT-1601 Change-Id: Ie553ba71a2b56789736ab822f1f1a2e4043f4935 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2020-08-31update policy staging imagesjhh2-16/+10
Issue-ID: POLICY-2794 Signed-off-by: jhh <jorge.hernandez-herrero@att.com> Change-Id: Id9ee90bf303f77c1e6db91ae2ce6a7166934c64d
2020-08-24update policy staging imagesjhh1-11/+7
Issue-ID: POLICY-2794 Signed-off-by: jhh <jorge.hernandez-herrero@att.com> Change-Id: I2d4cffc3350a28ed17ec3aedafd78691c1e11808
2020-08-10Drop using symlinks for documentation markup renderingPawel Wieczorek8-135/+131
Keeping only symlinks as the markup indicator does not trigger CI on relevant patches changing documentation contents (there's no change in symlink). This can be resolved by dropping symlinks usage entirely. Sphinx and RTD aren't going anywhere anytime soon. To make sure all symlinks were replaced following one-liner was used: $ find . -type l -name "*.rst" -exec readlink -e {} \; \ | xargs -I% git mv -f %{,.rst} which finds all the symlinks in the repo with "*.rst" suffix, then reads which file they link to and finally replaces given symlink with that file. This solution was suggested by: Bartek Grzybowski <b.grzybowski@partner.samsung.com> Issue-ID: INT-1672 Change-Id: I120e216b0b48032bb7b80c23cad799cd6f7cca53 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2020-08-10Replace deprecated "with_items" with loopsPawel Wieczorek7-9/+7
As of Ansible 2.5+, the recommended way to perform loops is to use the new "loop" keyword instead of "with_*" style loops [1]. This issue was reported by: Bartek Grzybowski <b.grzybowski@partner.samsung.com> [1] https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html Issue-ID: INT-1601 Change-Id: Icf9079fc5c22ac034631397ea46d2b03fb4298ab Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2020-08-07Add versions of tools used during verificationPawel Wieczorek3-6/+6
Issue-ID: INT-1601 Change-Id: I3ff59402627e679a6a5dcdb5a64f2d04d1df09cf Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2020-08-06Manual revert of kubernetes version in rke scriptsmrichomme1-1/+1
- 1.15.11 not supported - 1.15.3 is OK on Nokia lab - OOM reco is 1.15.x up to frankfurt Impossible to revert through gerrit Do it manually Issue-ID: INT-1677 Signed-off-by: mrichomme <morgan.richomme@orange.com> Change-Id: I67f8f65aab4d77f8c341b10c195c86a2f8be8901
2020-08-05Update Kubernetes rke versionmrichomme1-1/+1
it remained in 1.15.3 on windriver lab It shall be 1.15.11 Issue-ID: INT-1677 Signed-off-by: mrichomme <morgan.richomme@orange.com> Change-Id: I889cb52ec4d41929b56ae8416584d73430a5bd59 Signed-off-by: mrichomme <morgan.richomme@orange.com>
2020-07-30Use external volumes for OpenStack virtual machinesPawel Wieczorek3-0/+10
This allows easier storage quota changes (without the need to modify flavors). Issue-ID: INT-1601 Change-Id: I0fe7557ff6f23eb0e29314ee0d4819893583a294 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2020-07-30Add hosts configuration for Service Mesh ONAPPawel Wieczorek2-0/+54
Added configuration resembles set of instances already in use for Service Mesh Proof-of-Concept purposes. Floating IPs were disabled on Worker and NFS nodes to limit resource usage. Issue-ID: INT-1601 Change-Id: Ie575c37344da21e71a8e0803e2e5bd2db18d9290 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2020-07-30Make Vagrant-based environment safe defaultsPawel Wieczorek2-19/+20
Having a symlink instead of actual file allows having less changes between upstream repository and on-premise deployment. This patch does not affect development environment in any way. Issue-ID: INT-1601 Change-Id: I489c7ce7084d48ba03962e44d64f56c316bcc56a Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2020-07-30Add separate NICs to access OpenStack virtual machinesPawel Wieczorek2-0/+4
Dedicated network interface is recommended for accessing OpenStack guest instances [1]. With current Vagrant-based environment "eth2" interface is expected to be assigned as additional NIC (with "eth0" for Vagrant host network and "eth1" for Ansible management network). [1] https://docs.openstack.org/devstack/latest/networking.html Issue-ID: INT-1601 Change-Id: I3798f94db476eef77d02e6f8f7e078fc4b4e7622 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2020-07-30Add Ansible roles for OpenStack security groupsPawel Wieczorek14-0/+85
Additional OpenStack security group and its rules are required to allow traffic to virtual machines created on DevStack. Virtual machines will be accessible from 172.24.4.0/24 network (default public IP pool). Issue-ID: INT-1601 Change-Id: I902f64f542197e329e21790f98662d2e408d4bb6 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2020-07-30Add Ansible roles for OpenStack hostsPawel Wieczorek21-1/+156
Key pair is generated upon host creation and removed after the host is destroyed. This patch is based on previous work by: Krzysztof Opasiak <k.opasiak@samsung.com> Issue-ID: INT-1601 Change-Id: I9acd0b68a3ee79a0d710c40e0a1cc8470dfacce5 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2020-07-30Add Ansible roles for OpenStack networkPawel Wieczorek19-1/+171
This patch also adds Vagrant provisioners for creating and destroying OpenStack infrastructure. These are set to never run (unless explicitly called by the operator) because DevStack instance on a separate machine might not be ready to provide OpenStack API. This patch is based on previous work by: Krzysztof Opasiak <k.opasiak@samsung.com> Test harness is based on blog post [1] by: Chris Morgan <me@chrismorgan.info> [1] https://chrismorgan.info/blog/make-and-git-diff-test-harness Issue-ID: INT-1601 Change-Id: I031ca7a5a43cca0258dc0dc9e0339182c431898a Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2020-07-30Add Vagrant-based development environmentPawel Wieczorek5-0/+154
Development guide ("HACKING") is subject to change based on gathered feedback. Issue-ID: INT-1601 Change-Id: I8988c8a6e85d215485666690e0c281412a1ce869 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2020-07-30Introduce ONAP CI Lab infrastructure setup guidePawel Wieczorek3-0/+48
This patch adds requirements to the parent README file. This will be changed to ".. include" directive once these READMEs are ready to be added to the Integration documentation. Issue-ID: INT-1601 Change-Id: I5bc2aba03689ea2547e713491a62947a54558095 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2020-07-29Introduce ONAP CI Lab setup guidePawel Wieczorek3-0/+26
This patch adds information on expected results from following the guide. It will be used for Service Mesh lab purposes. Issue-ID: INT-1601 Change-Id: I26decb9d785270b3c580bd0ce3cc97262c9a171a Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2020-06-08Update helm and kubectl versionsBrian Freeman1-2/+2
Issue-ID: OOM-2331 Change-Id: Ie97218cd7df55c6819f1bb01db52a140870f641a Signed-off-by: Brian Freeman <bf1936@att.com>
2020-05-22add uuid image overridejhh1-0/+5
Issue-ID: INT-1599 Signed-off-by: jhh <jorge.hernandez-herrero@att.com> Change-Id: I6b5f14c6abf594d7947d08939476358cf16f35e8
2020-05-07Add policy and sdc staging images overridesjhh2-0/+32
Issue-ID: INT-1585 Signed-off-by: jhh <jorge.hernandez-herrero@att.com> Change-Id: Ia2682bc293ea403b56d3f4d27d6a1c219e6e90eb
2020-04-23[INT] updating aks install w/ master passstark, steven9-14/+28
- Also updating openstack cli to py3 to fix import issues Issue-ID: INT-1557 Signed-off-by: stark, steven <steven.stark@att.com> Change-Id: I99cbc68614e0fcc8fd0572fd7c44c7cd431b215b
2020-04-14Fix integration markdown errors for lintermrichomme3-52/+29
Issue-ID: INT-1523 Signed-off-by: mrichomme <morgan.richomme@orange.com> Change-Id: I2be0865395b12e1f277834b0c096f5d183cb5056 Signed-off-by: mrichomme <morgan.richomme@orange.com>
2020-04-02Update SO and VID docker versionMarco Platania1-11/+11
Issue-ID: INT-1462 Signed-off-by: Marco Platania <platania@research.att.com> Change-Id: I49d3fc837e58c9e2f8b879c04c84317e8bd320ba
2020-04-01Update SDC and Portal docker image versionMarco Platania1-12/+12
Issue-ID: INT-1462 Signed-off-by: Marco Platania <platania@research.att.com> Change-Id: Ib50de36def25dd4b4330c8a5bcccf453b767efe8
2020-03-27Set SKIP_LINT=TRUE to speed up installationMarco Platania1-1/+1
Issue-ID: OOM-2335 Signed-off-by: Marco Platania <platania@research.att.com> Change-Id: I803781947a9fe84e153cdbd6f94d9f21b8bcdb6f
2020-03-25corrected the hardcoded DB pod-namesandreasgeissler1-3/+3
Issue-ID: INT-1484 Signed-off-by: andreasgeissler <andreas-geissler@telekom.de> Change-Id: I7f1670a79db751087f722a1196e2de23448f7a2a
2020-03-24misnaming of pap componentjhh1-1/+1
Issue-ID: POLICY-2296 Signed-off-by: jhh <jorge.hernandez-herrero@att.com> Change-Id: I3addd7de51fa2ca4b1e76e95a9f0e91d1e1ca3e9 Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
2020-03-13Update image versions in integration overrideMarco Platania1-18/+17
Issue-ID: INT-1462 Signed-off-by: Marco Platania <platania@research.att.com> Change-Id: Ib14e88d854bc36c7ca16997a1f26d232bcd97ce4
2020-03-02Fix JSON files linter issues in deploymentBartek Grzybowski2-40/+59
This is needed prior to adding job for JSON files linting in CI. Change-Id: I122783267f75b385f9f2ceee6381eb7331aadaf5 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com> Issue-ID: INT-1451