From df00edd68426419d789733699584c051e570a43c Mon Sep 17 00:00:00 2001
From: Maciej Wereski <m.wereski@partner.samsung.com>
Date: Thu, 3 Feb 2022 16:22:00 +0100
Subject: noheat: Upgrades, refactor, deploy Devstack

* Revert "Enable VID" (this reverts commit 2223bfaffa8fe5fb90c578ec71a035f001b9ce22)
* make sure ca-certificates is current
* add ability to configure Docker daemon
* upgrade Ubuntu to 20.04
* update tools, dependencies, Ansible Galaxy collections, Docker, RKE, k8s & charts
* make Prometheus & MetalLB optional
* deploy Istio
* use copy instead of ansible.posix.synchronize
* Allow to set IP address pools in OpenStack
* fix ansible-lint issues
* split big tasks files into smaller ones
* migrate to ansible-core
* add 'make onap' task
* add Devstack deployment
* fix NFS exports
* add Strimzi
* install Docker on operator
* override Nexus only on hosts that need it
* ability to set override file (sm-onap is default)
* ability to set ONAP (OOM) branch
* ability to set Devstack version
* add playbook to deploy everything
* describe how to run playbooks
* save operator0 access information
* install Galaxy deps with dedicated module

Issue-ID: INT-1601
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
Change-Id: I88cfeeaf281c175340b63909983251ecd62eeb00
---
 deployment/noheat/cluster-rke/ansible/create.yml   | 16 ++++-
 .../noheat/cluster-rke/ansible/group_vars/all.yml  |  1 -
 .../cluster-rke/ansible/group_vars/all.yml.sm-onap |  6 ++
 .../cluster-rke/ansible/group_vars/all/all.yml     |  1 +
 .../ansible/roles/deps/defaults/main.yml           | 15 +++--
 .../ansible/roles/deps/tasks/cert-manager.yml      | 17 ++++++
 .../cluster-rke/ansible/roles/deps/tasks/istio.yml | 40 +++++++++++++
 .../cluster-rke/ansible/roles/deps/tasks/main.yml  | 55 +++++------------
 .../ansible/roles/deps/tasks/metallb.yml           | 51 ++++++++++++++++
 .../ansible/roles/deps/tasks/prometheus.yml        | 13 +++++
 .../ansible/roles/deps/tasks/strimzi.yml           | 15 +++++
 .../roles/deps/templates/metallb-values.yaml.j2    |  6 --
 .../cluster-rke/ansible/roles/oom/tasks/main.yml   | 58 +++++++++++++++++-
 .../ansible/roles/setup_docker/defaults/main.yml   |  2 +-
 .../ansible/roles/setup_docker/handlers/main.yml   |  5 ++
 .../ansible/roles/setup_docker/tasks/main.yml      | 48 +++++----------
 .../ansible/roles/setup_docker/tasks/packages.yml  | 41 +++++++++++++
 .../ansible/roles/setup_docker/vars/main.yml       |  8 +++
 .../ansible/roles/setup_helm/defaults/main.yml     |  5 +-
 .../ansible/roles/setup_helm/tasks/cm.yml          | 45 ++++++++++++++
 .../ansible/roles/setup_helm/tasks/helm.yml        | 35 +++++++++++
 .../ansible/roles/setup_helm/tasks/main.yml        | 68 ++--------------------
 .../ansible/roles/setup_k8s/defaults/main.yml      |  4 +-
 .../ansible/roles/setup_k8s/tasks/kubectl.yml      | 13 +++++
 .../ansible/roles/setup_k8s/tasks/main.yml         | 29 ++-------
 .../ansible/roles/setup_k8s/tasks/rke.yml          | 25 ++++++++
 .../roles/setup_k8s/templates/cluster.yml.j2       |  2 +-
 .../ansible/roles/setup_nfs/templates/exports.j2   |  2 +-
 28 files changed, 442 insertions(+), 184 deletions(-)
 delete mode 120000 deployment/noheat/cluster-rke/ansible/group_vars/all.yml
 create mode 120000 deployment/noheat/cluster-rke/ansible/group_vars/all/all.yml
 create mode 100644 deployment/noheat/cluster-rke/ansible/roles/deps/tasks/cert-manager.yml
 create mode 100644 deployment/noheat/cluster-rke/ansible/roles/deps/tasks/istio.yml
 create mode 100644 deployment/noheat/cluster-rke/ansible/roles/deps/tasks/metallb.yml
 create mode 100644 deployment/noheat/cluster-rke/ansible/roles/deps/tasks/prometheus.yml
 create mode 100644 deployment/noheat/cluster-rke/ansible/roles/deps/tasks/strimzi.yml
 delete mode 100644 deployment/noheat/cluster-rke/ansible/roles/deps/templates/metallb-values.yaml.j2
 create mode 100644 deployment/noheat/cluster-rke/ansible/roles/setup_docker/handlers/main.yml
 create mode 100644 deployment/noheat/cluster-rke/ansible/roles/setup_docker/tasks/packages.yml
 create mode 100644 deployment/noheat/cluster-rke/ansible/roles/setup_docker/vars/main.yml
 create mode 100644 deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/cm.yml
 create mode 100644 deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/helm.yml
 create mode 100644 deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/kubectl.yml
 create mode 100644 deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/rke.yml

(limited to 'deployment/noheat/cluster-rke/ansible')

diff --git a/deployment/noheat/cluster-rke/ansible/create.yml b/deployment/noheat/cluster-rke/ansible/create.yml
index 3ba4a8381..920db966d 100644
--- a/deployment/noheat/cluster-rke/ansible/create.yml
+++ b/deployment/noheat/cluster-rke/ansible/create.yml
@@ -1,4 +1,12 @@
 ---
+- name: Update packages
+  hosts: operator
+  become: true
+  tasks:
+    - name: Update ca-certificates
+      package:
+        name: ca-certificates
+        state: latest
 - name: Install NFS
   hosts: all
   become: yes
@@ -11,7 +19,7 @@
     - role: create_bastion
       destination: "{{ nexus }}"
 - name: Add bastion information to the cluster nodes
-  hosts: all
+  hosts: control,workers
   become: yes
   tasks:
     - name: Add cluster hostnames to /etc/hosts file
@@ -22,11 +30,13 @@
         - "nexus3.onap.org"
 - name: Install Docker
   become: yes
-  hosts: control,workers
+  hosts: operator,control,workers
   roles:
     - role: setup_docker
 - name: Deploy k8s
   hosts: operator0
+  vars_files:
+    - ~/common-vars.yml
   roles:
     - role: setup_k8s
 - name: Download OOM
@@ -36,7 +46,7 @@
       git:
         repo: "https://git.onap.org/oom"
         dest: "{{ oom_dir }}"
-        version: "master"
+        version: "{{ onap_branch }}"
 - name: Install Helm
   hosts: operator0
   roles:
diff --git a/deployment/noheat/cluster-rke/ansible/group_vars/all.yml b/deployment/noheat/cluster-rke/ansible/group_vars/all.yml
deleted file mode 120000
index d8e74e27a..000000000
--- a/deployment/noheat/cluster-rke/ansible/group_vars/all.yml
+++ /dev/null
@@ -1 +0,0 @@
-all.yml.sm-onap
\ No newline at end of file
diff --git a/deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap b/deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap
index 406f91559..9fb3313ee 100644
--- a/deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap
+++ b/deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap
@@ -3,3 +3,9 @@ nexus:
   address: 199.204.45.137
   port: 10001
 oom_dir: "{{ ansible_user_dir }}/oom"
+onap_branch: "master"
+override_file: "{{ oom_dir }}/kubernetes/onap/resources/overrides/sm-onap.yaml"
+integration_dir: "{{ ansible_user_dir }}/integration"
+prometheus_enabled: true
+metallb_enabled: true
+istio_enabled: true
diff --git a/deployment/noheat/cluster-rke/ansible/group_vars/all/all.yml b/deployment/noheat/cluster-rke/ansible/group_vars/all/all.yml
new file mode 120000
index 000000000..206526103
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/group_vars/all/all.yml
@@ -0,0 +1 @@
+../all.yml.sm-onap
\ No newline at end of file
diff --git a/deployment/noheat/cluster-rke/ansible/roles/deps/defaults/main.yml b/deployment/noheat/cluster-rke/ansible/roles/deps/defaults/main.yml
index 28ddadfa0..eee910f0b 100644
--- a/deployment/noheat/cluster-rke/ansible/roles/deps/defaults/main.yml
+++ b/deployment/noheat/cluster-rke/ansible/roles/deps/defaults/main.yml
@@ -1,6 +1,11 @@
 ---
-cert_manager_version: "1.2.0"
-prometheus_version: "13.13.1"
-metallb_version: "0.10.2"
-metallb_protocol: "layer2"
-metallb_addresses: "192.168.1.240-192.168.1.255"
+cert_manager_version: "1.5.5"
+prometheus_enabled: true
+prometheus_version: "19.3.0"
+metallb_enabled: true
+metallb_version: "0.13.6"
+metallb_addresses: "192.168.1.129-192.168.1.255"
+istio_enabled: true
+istio_version: "1.15.2"
+strimzi_enabled: true
+strimzi_version: "0.28.0"
diff --git a/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/cert-manager.yml b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/cert-manager.yml
new file mode 100644
index 000000000..5a14d93ce
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/cert-manager.yml
@@ -0,0 +1,17 @@
+---
+- name: Check if cert-manager manifest file is present
+  stat:
+    path: /tmp/cert-manager.yaml
+  register: cm_manifest
+
+- name: Download cert-manager
+  get_url:
+    url: "https://github.com/jetstack/cert-manager/releases/download/v{{ cert_manager_version }}/cert-manager.yaml"
+    dest: "/tmp"
+    mode: '0400'
+  when: not cm_manifest.stat.exists
+
+- name: Deploy cert-manager
+  kubernetes.core.k8s:
+    src: /tmp/cert-manager.yaml
+    state: present
diff --git a/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/istio.yml b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/istio.yml
new file mode 100644
index 000000000..01e335c7c
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/istio.yml
@@ -0,0 +1,40 @@
+---
+- name: Add Istio Helm repository
+  kubernetes.core.helm_repository:
+    name: istio
+    repo_url: https://istio-release.storage.googleapis.com/charts
+
+- name: Deploy Istio base chart
+  kubernetes.core.helm:
+    name: istio-base
+    chart_version: "{{ istio_version }}"
+    chart_ref: istio/base
+    release_namespace: istio-system
+    create_namespace: true
+
+- name: Deploy Istio discovery chart
+  kubernetes.core.helm:
+    name: istiod
+    chart_version: "{{ istio_version }}"
+    chart_ref: istio/istiod
+    release_namespace: istio-system
+    wait: true
+
+- name: Create Istio ingress gateway namespace
+  kubernetes.core.k8s:
+    state: present
+    definition:
+      apiVersion: v1
+      kind: Namespace
+      metadata:
+        name: istio-ingress
+        labels:
+          istio-injection: enabled
+
+- name: Deploy Istio ingress gateway chart
+  kubernetes.core.helm:
+    name: istio-ingress
+    chart_version: "{{ istio_version }}"
+    chart_ref: istio/gateway
+    release_namespace: istio-ingress
+    wait: true
diff --git a/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/main.yml b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/main.yml
index 022867d0b..32adc3310 100644
--- a/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/main.yml
+++ b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/main.yml
@@ -1,44 +1,19 @@
-- name: Download cert-manager
-  get_url:
-    url: "https://github.com/jetstack/cert-manager/releases/download/v{{ cert_manager_version }}/cert-manager.yaml"
-    dest: "/tmp"
-    mode: '0400'
+---
+- name: Setup cert-manager
+  include_tasks: cert-manager.yml
 
-- name: Deploy cert-manager
-  kubernetes.core.k8s:
-    src: /tmp/cert-manager.yaml
-    state: present
+- name: Setup strimzi
+  include_tasks: strimzi.yml
+  when: strimzi_enabled
 
-- name: Add MetalLB Helm repository
-  kubernetes.core.helm_repository:
-    name: metallb
-    repo_url: https://metallb.github.io/metallb
+- name: Setup MetalLB
+  include_tasks: metallb.yml
+  when: metallb_enabled
 
-- name: Add prometheus Helm repository
-  kubernetes.core.helm_repository:
-    name: prometheus
-    repo_url: https://prometheus-community.github.io/helm-charts
+- name: Setup Prometheus
+  include_tasks: prometheus.yml
+  when: prometheus_enabled
 
-- name: Copy MetalLB override file
-  template:
-    src: "metallb-values.yaml.j2"
-    dest: "/tmp/metallb-values.yaml"
-    mode: '0400'
-
-- name: Deploy MetalLB charts
-  kubernetes.core.helm:
-    name: metallb
-    chart_version: "{{ metallb_version }}"
-    chart_ref: metallb/metallb
-    release_namespace: metallb
-    create_namespace: true
-    values_files:
-      - /tmp/metallb-values.yaml
-
-- name: Deploy Prometheus charts
-  kubernetes.core.helm:
-    name: prometheus
-    chart_version: "{{ prometheus_version }}"
-    chart_ref: prometheus/kube-prometheus-stack
-    release_namespace: prometheus
-    create_namespace: true
+- name: Setup Istio
+  include_tasks: istio.yml
+  when: istio_enabled
diff --git a/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/metallb.yml b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/metallb.yml
new file mode 100644
index 000000000..95547ec32
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/metallb.yml
@@ -0,0 +1,51 @@
+---
+- name: Add MetalLB Helm repository
+  kubernetes.core.helm_repository:
+    name: metallb
+    repo_url: https://metallb.github.io/metallb
+
+- name: Create MetalLB namespace
+  kubernetes.core.k8s:
+    state: present
+    definition:
+      apiVersion: v1
+      kind: Namespace
+      metadata:
+        name: metallb-system
+        labels:
+          pod-security.kubernetes.io/enforce: privileged
+          pod-security.kubernetes.io/audit: privileged
+          pod-security.kubernetes.io/warn: privileged
+- name: Deploy MetalLB charts
+  kubernetes.core.helm:
+    name: metallb
+    chart_version: "{{ metallb_version }}"
+    chart_ref: metallb/metallb
+    release_namespace: metallb-system
+    wait: true
+
+- name: Create MetalLB IP Address Pool Resource
+  kubernetes.core.k8s:
+    state: present
+    definition:
+      apiVersion: metallb.io/v1beta1
+      kind: IPAddressPool
+      metadata:
+        name: onap-pool
+        namespace: metallb-system
+      spec:
+        addresses:
+          - "{{ metallb_addresses }}"
+  register: result
+  retries: 1
+  until: result['failed'] == false
+
+- name: Create MetalLB L2 Advertisement Resource
+  kubernetes.core.k8s:
+    state: present
+    definition:
+      apiVersion: metallb.io/v1beta1
+      kind: L2Advertisement
+      metadata:
+        name: onap
+        namespace: metallb-system
diff --git a/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/prometheus.yml b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/prometheus.yml
new file mode 100644
index 000000000..e046cddb8
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/prometheus.yml
@@ -0,0 +1,13 @@
+---
+- name: Add prometheus Helm repository
+  kubernetes.core.helm_repository:
+    name: prometheus
+    repo_url: https://prometheus-community.github.io/helm-charts
+
+- name: Deploy Prometheus charts
+  kubernetes.core.helm:
+    name: prometheus
+    chart_version: "{{ prometheus_version }}"
+    chart_ref: prometheus/kube-prometheus-stack
+    release_namespace: prometheus
+    create_namespace: true
diff --git a/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/strimzi.yml b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/strimzi.yml
new file mode 100644
index 000000000..fd5828b19
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/strimzi.yml
@@ -0,0 +1,15 @@
+---
+- name: Add Strimzi Helm repository
+  kubernetes.core.helm_repository:
+    name: strimzi
+    repo_url: https://strimzi.io/charts
+
+- name: Deploy Strimzi chart
+  kubernetes.core.helm:
+    name: strimzi-kafka-operator
+    chart_version: "{{ strimzi_version }}"
+    chart_ref: strimzi/strimzi-kafka-operator
+    release_namespace: strimzi-system
+    create_namespace: true
+    values:
+      watchAnyNamespace: true
diff --git a/deployment/noheat/cluster-rke/ansible/roles/deps/templates/metallb-values.yaml.j2 b/deployment/noheat/cluster-rke/ansible/roles/deps/templates/metallb-values.yaml.j2
deleted file mode 100644
index d86d505df..000000000
--- a/deployment/noheat/cluster-rke/ansible/roles/deps/templates/metallb-values.yaml.j2
+++ /dev/null
@@ -1,6 +0,0 @@
-configInline:
-  address-pools:
-   - name: default
-     protocol: "{{ metallb_protocol }}"
-     addresses:
-     - "{{ metallb_addresses }}"
diff --git a/deployment/noheat/cluster-rke/ansible/roles/oom/tasks/main.yml b/deployment/noheat/cluster-rke/ansible/roles/oom/tasks/main.yml
index c0d8b15ef..035fb01f5 100644
--- a/deployment/noheat/cluster-rke/ansible/roles/oom/tasks/main.yml
+++ b/deployment/noheat/cluster-rke/ansible/roles/oom/tasks/main.yml
@@ -1,3 +1,4 @@
+---
 - name: Build OOM charts
   make:
     chdir: "{{ oom_dir }}/kubernetes"
@@ -5,6 +6,61 @@
     params:
       SKIP_LINT: "TRUE"
 
+- name: Build ONAP charts
+  make:
+    chdir: "{{ oom_dir }}/kubernetes"
+    target: onap
+    params:
+      SKIP_LINT: "TRUE"
+
+- name: Create ONAP namespace
+  kubernetes.core.k8s:
+    state: present
+    definition:
+      apiVersion: v1
+      kind: Namespace
+      metadata:
+        name: onap
+        labels:
+          istio-injection: enabled
+  when: istio_enabled
+
+- name: Create ONAP namespace
+  kubernetes.core.k8s:
+    name: onap
+    api_version: v1
+    kind: Namespace
+    state: present
+  when: not istio_enabled
+
+- name: Get encryption key
+  command: cat  "{{ oom_dir }}/kubernetes/so/resources/config/mso/encryption.key"
+  register: encryption_key
+  when: encryption_key is undefined
+- name: Clone integration project
+  git:
+    repo: "https://git.onap.org/integration"
+    dest: "{{ integration_dir }}"
+    version: "{{ onap_branch }}"
+- name: Compile encryption tool
+  command:
+    cmd: javac Crypto.java
+    chdir: "{{ integration_dir }}/deployment/heat/onap-rke/scripts"
+    creates: "{{ integration_dir }}/deployment/heat/onap-rke/scripts/Crypto.class"
+- name: Encrypt password
+  command:
+    cmd: java Crypto "{{ openstack_passwd }}" "{{ encryption_key.stdout }}"
+    chdir: "{{ integration_dir }}/deployment/heat/onap-rke/scripts"
+  register: encrypted_password
+  when: encrypted_password is undefined
+
 - name: Deploy sm-onap
   command:
-    cmd: "helm deploy onap local/onap --namespace onap --create-namespace --set global.masterPassword=scrtPasswd --set vid.enabled=true -f {{ oom_dir }}/kubernetes/onap/resources/overrides/sm-onap.yaml"
+    cmd: "helm deploy onap local/onap --namespace onap --set global.masterPassword=scrtPasswd -f {{ override_file }}"
+  environment:
+    OPENSTACK_USER_NAME: "{{ openstack_username }}"
+    OPENSTACK_REGION: "{{ openstack_region }}"
+    OPENSTACK_KEYSTONE_URL: "http://{{ hostvars['openstack0']['ansible_default_ipv4']['address'] }}:5000/3.0"
+    OPENSTACK_TENANT_NAME: "{{ openstack_tenant }}"
+    OPENSTACK_ENCTYPTED_PASSWORD: "{{ encrypted_password.stdout }}"
+  changed_when: false
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_docker/defaults/main.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/defaults/main.yml
index 3ec4af32d..1d24016e1 100644
--- a/deployment/noheat/cluster-rke/ansible/roles/setup_docker/defaults/main.yml
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/defaults/main.yml
@@ -1,3 +1,3 @@
 ---
-docker_version: "19.03.15"
+docker_version: "20.10.18"
 local_user: "ubuntu"
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_docker/handlers/main.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/handlers/main.yml
new file mode 100644
index 000000000..3627303e6
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart docker
+  service:
+    name: docker
+    state: restarted
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_docker/tasks/main.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/tasks/main.yml
index 29dee312f..12e13f47b 100644
--- a/deployment/noheat/cluster-rke/ansible/roles/setup_docker/tasks/main.yml
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/tasks/main.yml
@@ -1,38 +1,6 @@
-- name: Install deps
-  apt:
-    name: "{{ item }}"
-    state: present
-  with_items:
-    - apt-transport-https
-    - ca-certificates
-    - curl
-    - software-properties-common
-
-- name: Add Docker repo key
-  apt_key:
-    url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
-    state: present
-
-- name: Add Docker repo
-  apt_repository:
-    repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }} stable"
-    state: present
-    update_cache: yes
-
-- name: Find exact Docker version
-  shell: "apt-cache madison docker-ce | grep {{ docker_version }} | head -n 1 | cut -d ' ' -f 4"
-  register: docker_pkg_version
-
-- name: install Docker
-  apt:
-    name: "{{ item }}"
-    state: present
-  with_items:
-    - "docker-ce={{ docker_pkg_version.stdout }}"
-    - "docker-ce-cli={{ docker_pkg_version.stdout }}"
-
-- name: Lock docker version
-  command: apt-mark hold docker-ce docker-ce-cli
+---
+- name: Setup Docker repo and packages
+  include_tasks: packages.yml
 
 - name: Add user to docker group
   user:
@@ -46,3 +14,13 @@
     name: docker
     state: started
     enabled: yes
+
+- name: Configure Docker
+  copy:
+    dest: /etc/docker/daemon.json
+    content: "{{ docker_config | to_nice_json }}"
+    mode: 0600
+    backup: true
+  when: docker_config is defined
+  notify:
+    - restart docker
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_docker/tasks/packages.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/tasks/packages.yml
new file mode 100644
index 000000000..814dd285a
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/tasks/packages.yml
@@ -0,0 +1,41 @@
+---
+- name: Install deps
+  apt:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - apt-transport-https
+    - ca-certificates
+    - curl
+    - software-properties-common
+
+- name: Add Docker repo key
+  apt_key:
+    url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
+    state: present
+
+- name: Add Docker repo
+  apt_repository:
+    repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }} stable"
+    state: present
+    update_cache: yes
+
+- name: Find exact Docker version
+  shell: "set -o pipefail && apt-cache madison docker-ce | grep {{ docker_version }} | head -n 1 | cut -d ' ' -f 4"
+  args:
+    executable: "/bin/bash"
+  register: docker_pkg_version
+  changed_when: false
+
+- name: install Docker
+  apt:
+    name: "{{ item }}"
+    state: present
+    allow_downgrade: true
+  with_items:
+    - "docker-ce={{ docker_pkg_version.stdout }}"
+    - "docker-ce-cli={{ docker_pkg_version.stdout }}"
+
+- name: Lock docker version
+  command: apt-mark hold docker-ce docker-ce-cli
+  changed_when: false
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_docker/vars/main.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/vars/main.yml
new file mode 100644
index 000000000..6879cca7e
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/vars/main.yml
@@ -0,0 +1,8 @@
+---
+# docker_config will be converted to json and placed as a /etc/docker/daemon.json
+#docker_config:
+#  insecure-registries:
+#    - "192.168.1.1:5000"
+#    - "192.168.1.2:5000"
+#  registry-mirrors:
+#    - "http://192.168.1.1:5000"
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_helm/defaults/main.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_helm/defaults/main.yml
index cbbb3c910..7de57af9c 100644
--- a/deployment/noheat/cluster-rke/ansible/roles/setup_helm/defaults/main.yml
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_helm/defaults/main.yml
@@ -1,6 +1,7 @@
 ---
-helm_version: "3.6.3"
-chartmuseum_version: "0.13.1"
+helm_version: "3.7.2"
+helm_cm_push_version: "0.10.3"
+chartmuseum_version: "0.15.0"
 chartmuseum_port: "8879"
 chartmuseum_dir: "{{ ansible_user_dir }}/helm3-storage"
 local_user: "{{ ansible_user_id }}"
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/cm.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/cm.yml
new file mode 100644
index 000000000..71f43ad0a
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/cm.yml
@@ -0,0 +1,45 @@
+---
+- name: Check if chartmuseum is installed
+  stat:
+    path: /usr/local/bin/chartmuseum
+  register: cm_bin
+
+- name: Check if chartmuseum is installed
+  stat:
+    path: /tmp/get-chartmuseum
+  register: cm_install
+
+- name: Download chartmuseum install script
+  get_url:
+    url: "https://raw.githubusercontent.com/helm/chartmuseum/v{{ chartmuseum_version }}/scripts/get-chartmuseum"
+    dest: "/tmp/"
+    mode: '700'
+  when: not cm_install.stat.exists
+
+- name: Install chartmuseum
+  become: yes
+  command:
+    cmd: "./get-chartmuseum -v v{{ chartmuseum_version }}"
+    chdir: "/tmp/"
+  when: not cm_bin.stat.exists
+
+- name: Create chartmuseum local storage
+  file:
+    name: "{{ chartmuseum_dir }}"
+    state: directory
+    mode: '0755'
+
+- name: Install chartmuseum service file
+  become: yes
+  template:
+    src: "chartmuseum.service.j2"
+    dest: "/etc/systemd/system/chartmuseum.service"
+    mode: '0444'
+  notify: Reload systemd
+
+- name: Start and enable chartmuseum
+  become: yes
+  service:
+    name: "chartmuseum"
+    state: started
+    enabled: yes
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/helm.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/helm.yml
new file mode 100644
index 000000000..88ba29f64
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/helm.yml
@@ -0,0 +1,35 @@
+---
+- name: Download helm
+  get_url:
+    url: "https://get.helm.sh/helm-v{{ helm_version }}-linux-amd64.tar.gz"
+    dest: "/tmp"
+
+- name: Unarchive helm
+  unarchive:
+    src: "/tmp/helm-v{{ helm_version }}-linux-amd64.tar.gz"
+    dest: "/tmp/"
+    remote_src: yes
+
+- name: Copy helm binary to $PATH
+  become: yes
+  copy:
+    src: "/tmp/linux-amd64/helm"
+    dest: "/usr/local/bin/"
+    remote_src: yes
+    mode: '0555'
+
+- name: Install Helm Push plugin
+  kubernetes.core.helm_plugin:
+    plugin_path: "https://github.com/chartmuseum/helm-push.git"
+    plugin_version: "{{ helm_cm_push_version }}"
+    state: present
+
+- name: Install Helm OOM Deploy plugin
+  kubernetes.core.helm_plugin:
+    plugin_path: "{{ oom_dir }}/kubernetes/helm/plugins/deploy"
+    state: present
+
+- name: Install Helm OOM Undeploy plugin
+  kubernetes.core.helm_plugin:
+    plugin_path: "{{ oom_dir }}/kubernetes/helm/plugins/undeploy"
+    state: present
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/main.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/main.yml
index 93787be5f..94abf6ea8 100644
--- a/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/main.yml
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/main.yml
@@ -1,67 +1,9 @@
-- name: Download helm
-  get_url:
-    url: "https://get.helm.sh/helm-v{{ helm_version }}-linux-amd64.tar.gz"
-    dest: "/tmp"
+---
+- name: Setup helm
+  include_tasks: helm.yml
 
-- name: Unarchive helm
-  unarchive:
-    src: "/tmp/helm-v{{ helm_version }}-linux-amd64.tar.gz"
-    dest: "/tmp/"
-    remote_src: yes
-
-- name: Copy helm binary to $PATH
-  become: yes
-  copy:
-    src: "/tmp/linux-amd64/helm"
-    dest: "/usr/local/bin/"
-    remote_src: yes
-    mode: '0555'
-
-- name: Install Helm Push plugin
-  command: helm plugin install --version 0.9.0 https://github.com/chartmuseum/helm-push.git
-
-- name: Install Helm OOM Deploy plugin
-  kubernetes.core.helm_plugin:
-    plugin_path: "{{ oom_dir }}/kubernetes/helm/plugins/deploy"
-    state: present
-
-- name: Install Helm OOM Undeploy plugin
-  kubernetes.core.helm_plugin:
-    plugin_path: "{{ oom_dir }}/kubernetes/helm/plugins/undeploy"
-    state: present
-
-- name: Download chartmuseum install script
-  get_url:
-    url: "https://raw.githubusercontent.com/helm/chartmuseum/v{{ chartmuseum_version }}/scripts/get-chartmuseum"
-    dest: "/tmp/"
-    mode: '700'
-
-- name: Install chartmuseum
-  become: yes
-  command:
-    cmd: "./get-chartmuseum -v v{{ chartmuseum_version }}"
-    chdir: "/tmp/"
-
-- name: Create chartmuseum local storage
-  file:
-    name: "{{ chartmuseum_dir }}"
-    state: directory
-    mode: '0755'
-
-- name: Install chartmuseum service file
-  become: yes
-  template:
-    src: "chartmuseum.service.j2"
-    dest: "/etc/systemd/system/chartmuseum.service"
-    mode: '0444'
-  notify: Reload systemd
-
-- name: Start and enable chartmuseum
-  become: yes
-  service:
-    name: "chartmuseum"
-    state: started
-    enabled: yes
+- name: Setup chartmuseum
+  include_tasks: cm.yml
 
 - name: Add local Helm repository
   kubernetes.core.helm_repository:
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/defaults/main.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/defaults/main.yml
index 527238dc0..021aae0ee 100644
--- a/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/defaults/main.yml
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/defaults/main.yml
@@ -1,3 +1,3 @@
 ---
-rke_version: "1.2.11"
-k8s_version: "v1.19.13-rancher1-1"
+rke_version: "1.3.15"
+rke_k8s_version: "v{{ k8s_version }}-rancher1-1"
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/kubectl.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/kubectl.yml
new file mode 100644
index 000000000..f9912ebdf
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/kubectl.yml
@@ -0,0 +1,13 @@
+---
+- name: Check if kubectl is available
+  stat:
+    path: "/usr/local/bin/kubectl"
+  register: kubectl_bin
+
+- name: Get kubectl
+  become: yes
+  get_url:
+    url: "https://dl.k8s.io/release/v{{ k8s_version }}/bin/linux/amd64/kubectl"
+    dest: "/usr/local/bin/"
+    mode: '0555'
+  when: not kubectl_bin.stat.exists
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/main.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/main.yml
index 53d7b8167..7d3ba0096 100644
--- a/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/main.yml
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/main.yml
@@ -1,20 +1,6 @@
-- name: Download RKE
-  get_url:
-    url: "https://github.com/rancher/rke/releases/download/v{{ rke_version }}/rke_linux-amd64"
-    dest: "{{ ansible_user_dir }}/rke"
-    mode: '0700'
-
-- name: Prepare RKE configuration
-  template:
-    src: "cluster.yml.j2"
-    dest: "{{ ansible_user_dir }}/cluster.yml"
-    mode: '0400'
-
-- name: Run RKE
-  command:
-    cmd: "./rke up"
-    chdir: "{{ ansible_user_dir }}"
-    creates: "{{ ansible_user_dir }}/kube_config_cluster.yml"
+---
+- name: Deploy kubernetes with RKE
+  include_tasks: rke.yml
 
 - name: Create k8s directory
   file:
@@ -24,10 +10,7 @@
 
 - name: Set k8s config
   command: "mv {{ ansible_user_dir }}/kube_config_cluster.yml {{ ansible_user_dir }}/.kube/config"
+  when: rke_run and rke_run.rc == 0
 
-- name: Get kubectl
-  become: yes
-  get_url:
-    url: "https://dl.k8s.io/release/{{ k8s_version.split('-')[0] }}/bin/linux/amd64/kubectl"
-    dest: "/usr/local/bin/"
-    mode: '0555'
+- name: Install kubectl
+  include_tasks: kubectl.yml
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/rke.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/rke.yml
new file mode 100644
index 000000000..b253e711d
--- /dev/null
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/rke.yml
@@ -0,0 +1,25 @@
+---
+- name: Check if RKE is available
+  stat:
+    path: "{{ ansible_user_dir }}/rke"
+  register: rke_bin
+
+- name: Download RKE
+  get_url:
+    url: "https://github.com/rancher/rke/releases/download/v{{ rke_version }}/rke_linux-amd64"
+    dest: "{{ ansible_user_dir }}/rke"
+    mode: '0700'
+  when: not rke_bin.stat.exists
+
+- name: Prepare RKE configuration
+  template:
+    src: "cluster.yml.j2"
+    dest: "{{ ansible_user_dir }}/cluster.yml"
+    mode: '0400'
+
+- name: Run RKE
+  command:
+    cmd: "./rke up"
+    chdir: "{{ ansible_user_dir }}"
+    creates: "{{ ansible_user_dir }}/kube_config_cluster.yml"
+  register: rke_run
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/templates/cluster.yml.j2 b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/templates/cluster.yml.j2
index 992805233..3b83fd466 100644
--- a/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/templates/cluster.yml.j2
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/templates/cluster.yml.j2
@@ -40,7 +40,7 @@ ssh_agent_auth: false
 authorization:
   mode: rbac
 ignore_docker_version: false
-kubernetes_version: "{{ k8s_version }}"
+kubernetes_version: "{{ rke_k8s_version }}"
 private_registries:
 - url: nexus3.onap.org:10001
   user: docker
diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_nfs/templates/exports.j2 b/deployment/noheat/cluster-rke/ansible/roles/setup_nfs/templates/exports.j2
index edadcb9bd..6a5a825c6 100644
--- a/deployment/noheat/cluster-rke/ansible/roles/setup_nfs/templates/exports.j2
+++ b/deployment/noheat/cluster-rke/ansible/roles/setup_nfs/templates/exports.j2
@@ -1 +1 @@
-{{ nfs_mountpoint }} {% for host in (groups['control'] | union(groups['workers'])) %} {{ hostvars[host]['ansible_default_ipv4']['address'] }}{% endfor %}(rw,sync,no_root_squash,no_subtree_check)
+{{ nfs_mountpoint }} {% for host in (groups['control'] | union(groups['workers'])) %} {{ hostvars[host]['ansible_default_ipv4']['address'] }}(rw,sync,no_root_squash,no_subtree_check){% endfor %}
-- 
cgit 1.2.3-korg