From df00edd68426419d789733699584c051e570a43c Mon Sep 17 00:00:00 2001 From: Maciej Wereski Date: Thu, 3 Feb 2022 16:22:00 +0100 Subject: noheat: Upgrades, refactor, deploy Devstack * Revert "Enable VID" (this reverts commit 2223bfaffa8fe5fb90c578ec71a035f001b9ce22) * make sure ca-certificates is current * add ability to configure Docker daemon * upgrade Ubuntu to 20.04 * update tools, dependencies, Ansible Galaxy collections, Docker, RKE, k8s & charts * make Prometheus & MetalLB optional * deploy Istio * use copy instead of ansible.posix.synchronize * Allow to set IP address pools in OpenStack * fix ansible-lint issues * split big tasks files into smaller ones * migrate to ansible-core * add 'make onap' task * add Devstack deployment * fix NFS exports * add Strimzi * install Docker on operator * override Nexus only on hosts that need it * ability to set override file (sm-onap is default) * ability to set ONAP (OOM) branch * ability to set Devstack version * add playbook to deploy everything * describe how to run playbooks * save operator0 access information * install Galaxy deps with dedicated module Issue-ID: INT-1601 Signed-off-by: Maciej Wereski Change-Id: I88cfeeaf281c175340b63909983251ecd62eeb00 --- deployment/noheat/README.rst | 24 +++-- deployment/noheat/cluster-rke/ansible/create.yml | 16 ++- .../noheat/cluster-rke/ansible/group_vars/all.yml | 1 - .../cluster-rke/ansible/group_vars/all.yml.sm-onap | 6 ++ .../cluster-rke/ansible/group_vars/all/all.yml | 1 + .../ansible/roles/deps/defaults/main.yml | 15 ++- .../ansible/roles/deps/tasks/cert-manager.yml | 17 ++++ .../cluster-rke/ansible/roles/deps/tasks/istio.yml | 40 ++++++++ .../cluster-rke/ansible/roles/deps/tasks/main.yml | 55 +++-------- .../ansible/roles/deps/tasks/metallb.yml | 51 ++++++++++ .../ansible/roles/deps/tasks/prometheus.yml | 13 +++ .../ansible/roles/deps/tasks/strimzi.yml | 15 +++ .../roles/deps/templates/metallb-values.yaml.j2 | 6 -- .../cluster-rke/ansible/roles/oom/tasks/main.yml | 58 ++++++++++- .../ansible/roles/setup_docker/defaults/main.yml | 2 +- .../ansible/roles/setup_docker/handlers/main.yml | 5 + .../ansible/roles/setup_docker/tasks/main.yml | 48 +++------ .../ansible/roles/setup_docker/tasks/packages.yml | 41 ++++++++ .../ansible/roles/setup_docker/vars/main.yml | 8 ++ .../ansible/roles/setup_helm/defaults/main.yml | 5 +- .../ansible/roles/setup_helm/tasks/cm.yml | 45 +++++++++ .../ansible/roles/setup_helm/tasks/helm.yml | 35 +++++++ .../ansible/roles/setup_helm/tasks/main.yml | 68 +------------ .../ansible/roles/setup_k8s/defaults/main.yml | 4 +- .../ansible/roles/setup_k8s/tasks/kubectl.yml | 13 +++ .../ansible/roles/setup_k8s/tasks/main.yml | 29 ++---- .../ansible/roles/setup_k8s/tasks/rke.yml | 25 +++++ .../roles/setup_k8s/templates/cluster.yml.j2 | 2 +- .../ansible/roles/setup_nfs/templates/exports.j2 | 2 +- deployment/noheat/common-vars.yml | 2 + deployment/noheat/deploy-all.yml | 9 ++ deployment/noheat/devstack/ansible/create.yml | 43 ++++++++ .../noheat/devstack/ansible/group_vars/all/all.yml | 3 + .../devstack/ansible/templates/local.conf.j2 | 5 + deployment/noheat/infra-openstack/README.rst | 9 +- .../noheat/infra-openstack/ansible/create.yml | 108 ++++++++++++++++----- .../noheat/infra-openstack/ansible/destroy.yml | 2 + .../infra-openstack/ansible/group_vars/all.yml | 1 - .../ansible/group_vars/all.yml.sample | 16 ++- .../ansible/group_vars/all.yml.sm-onap | 15 ++- .../infra-openstack/ansible/group_vars/all/all.yml | 1 + .../ansible/group_vars/all/openstack.yml | 6 ++ .../ansible/operator-requirements.yml | 8 ++ .../ansible/roles/create_hosts/tasks/main.yml | 4 +- .../ansible/roles/create_keypair/tasks/main.yml | 10 +- .../roles/create_network/tasks/create_network.yml | 2 + .../ansible/roles/create_network/tasks/main.yml | 4 +- .../roles/create_securitygroup/tasks/main.yml | 2 +- .../ansible/roles/destroy_hosts/tasks/main.yml | 4 +- .../ansible/roles/destroy_network/tasks/main.yml | 4 +- .../roles/destroy_securitygroup/tasks/main.yml | 4 +- .../ansible/templates/clouds.yaml.j2 | 11 +++ .../ansible/templates/inventory.ini.j2 | 7 ++ .../ansible/templates/openstack.yml.j2 | 5 + .../noheat/infra-openstack/vagrant/Vagrantfile | 6 +- deployment/noheat/requirements.txt | 6 +- deployment/noheat/requirements.yml | 10 ++ 57 files changed, 714 insertions(+), 243 deletions(-) delete mode 120000 deployment/noheat/cluster-rke/ansible/group_vars/all.yml create mode 120000 deployment/noheat/cluster-rke/ansible/group_vars/all/all.yml create mode 100644 deployment/noheat/cluster-rke/ansible/roles/deps/tasks/cert-manager.yml create mode 100644 deployment/noheat/cluster-rke/ansible/roles/deps/tasks/istio.yml create mode 100644 deployment/noheat/cluster-rke/ansible/roles/deps/tasks/metallb.yml create mode 100644 deployment/noheat/cluster-rke/ansible/roles/deps/tasks/prometheus.yml create mode 100644 deployment/noheat/cluster-rke/ansible/roles/deps/tasks/strimzi.yml delete mode 100644 deployment/noheat/cluster-rke/ansible/roles/deps/templates/metallb-values.yaml.j2 create mode 100644 deployment/noheat/cluster-rke/ansible/roles/setup_docker/handlers/main.yml create mode 100644 deployment/noheat/cluster-rke/ansible/roles/setup_docker/tasks/packages.yml create mode 100644 deployment/noheat/cluster-rke/ansible/roles/setup_docker/vars/main.yml create mode 100644 deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/cm.yml create mode 100644 deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/helm.yml create mode 100644 deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/kubectl.yml create mode 100644 deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/rke.yml create mode 100644 deployment/noheat/common-vars.yml create mode 100644 deployment/noheat/deploy-all.yml create mode 100644 deployment/noheat/devstack/ansible/create.yml create mode 100644 deployment/noheat/devstack/ansible/group_vars/all/all.yml create mode 100644 deployment/noheat/devstack/ansible/templates/local.conf.j2 delete mode 120000 deployment/noheat/infra-openstack/ansible/group_vars/all.yml create mode 120000 deployment/noheat/infra-openstack/ansible/group_vars/all/all.yml create mode 100644 deployment/noheat/infra-openstack/ansible/group_vars/all/openstack.yml create mode 100644 deployment/noheat/infra-openstack/ansible/operator-requirements.yml create mode 100644 deployment/noheat/infra-openstack/ansible/templates/clouds.yaml.j2 create mode 100644 deployment/noheat/infra-openstack/ansible/templates/openstack.yml.j2 create mode 100644 deployment/noheat/requirements.yml (limited to 'deployment') diff --git a/deployment/noheat/README.rst b/deployment/noheat/README.rst index da665168d..a75ad2bb2 100644 --- a/deployment/noheat/README.rst +++ b/deployment/noheat/README.rst @@ -25,16 +25,24 @@ Dependencies ~~~~~~~~~~~~ - Required python packages (including Ansible) can be found in ``requirements.txt`` pip file. - Tested on Python 3.6.9. -- Ansible: - - Collections - - community.crypto: tested on 1.7.1 - - ansible.posix: tested on 1.2.0 - - openstack.cloud: tested on 1.5.0 - - Roles - - geerlingguy.ansible: tested on 2.1.0 + Tested on Python 3.8.10. +- Ansible required collections & roles can be found in ``requirements.yml`` file for installation + with ansible-galaxy tool. Expected output --------------- Ephemeral (disposable) ONAP instance. + +Running +------- + +There are 4 playbooks available: + +- infa-openstack/ansible/create.yml: creates and prepares OpenStack VMs, generates inventory. + Must be run as a first playbook. Run on your machine. +- devstack/ansible/create.yml: deploys Devstack on appropriate VM. Run on jumphost VM (operator0). +- cluster-rke/ansible/create.yml: deploys NFS, k8s, helm charts and ONAP. Run on jumphost VM. +- deploy-all.yml: runs above playbooks. Run on your machine. + +User may run deploy-all.yml or manually run infra-openstack, devstack and cluster-rke playbooks. diff --git a/deployment/noheat/cluster-rke/ansible/create.yml b/deployment/noheat/cluster-rke/ansible/create.yml index 3ba4a8381..920db966d 100644 --- a/deployment/noheat/cluster-rke/ansible/create.yml +++ b/deployment/noheat/cluster-rke/ansible/create.yml @@ -1,4 +1,12 @@ --- +- name: Update packages + hosts: operator + become: true + tasks: + - name: Update ca-certificates + package: + name: ca-certificates + state: latest - name: Install NFS hosts: all become: yes @@ -11,7 +19,7 @@ - role: create_bastion destination: "{{ nexus }}" - name: Add bastion information to the cluster nodes - hosts: all + hosts: control,workers become: yes tasks: - name: Add cluster hostnames to /etc/hosts file @@ -22,11 +30,13 @@ - "nexus3.onap.org" - name: Install Docker become: yes - hosts: control,workers + hosts: operator,control,workers roles: - role: setup_docker - name: Deploy k8s hosts: operator0 + vars_files: + - ~/common-vars.yml roles: - role: setup_k8s - name: Download OOM @@ -36,7 +46,7 @@ git: repo: "https://git.onap.org/oom" dest: "{{ oom_dir }}" - version: "master" + version: "{{ onap_branch }}" - name: Install Helm hosts: operator0 roles: diff --git a/deployment/noheat/cluster-rke/ansible/group_vars/all.yml b/deployment/noheat/cluster-rke/ansible/group_vars/all.yml deleted file mode 120000 index d8e74e27a..000000000 --- a/deployment/noheat/cluster-rke/ansible/group_vars/all.yml +++ /dev/null @@ -1 +0,0 @@ -all.yml.sm-onap \ No newline at end of file diff --git a/deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap b/deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap index 406f91559..9fb3313ee 100644 --- a/deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap +++ b/deployment/noheat/cluster-rke/ansible/group_vars/all.yml.sm-onap @@ -3,3 +3,9 @@ nexus: address: 199.204.45.137 port: 10001 oom_dir: "{{ ansible_user_dir }}/oom" +onap_branch: "master" +override_file: "{{ oom_dir }}/kubernetes/onap/resources/overrides/sm-onap.yaml" +integration_dir: "{{ ansible_user_dir }}/integration" +prometheus_enabled: true +metallb_enabled: true +istio_enabled: true diff --git a/deployment/noheat/cluster-rke/ansible/group_vars/all/all.yml b/deployment/noheat/cluster-rke/ansible/group_vars/all/all.yml new file mode 120000 index 000000000..206526103 --- /dev/null +++ b/deployment/noheat/cluster-rke/ansible/group_vars/all/all.yml @@ -0,0 +1 @@ +../all.yml.sm-onap \ No newline at end of file diff --git a/deployment/noheat/cluster-rke/ansible/roles/deps/defaults/main.yml b/deployment/noheat/cluster-rke/ansible/roles/deps/defaults/main.yml index 28ddadfa0..eee910f0b 100644 --- a/deployment/noheat/cluster-rke/ansible/roles/deps/defaults/main.yml +++ b/deployment/noheat/cluster-rke/ansible/roles/deps/defaults/main.yml @@ -1,6 +1,11 @@ --- -cert_manager_version: "1.2.0" -prometheus_version: "13.13.1" -metallb_version: "0.10.2" -metallb_protocol: "layer2" -metallb_addresses: "192.168.1.240-192.168.1.255" +cert_manager_version: "1.5.5" +prometheus_enabled: true +prometheus_version: "19.3.0" +metallb_enabled: true +metallb_version: "0.13.6" +metallb_addresses: "192.168.1.129-192.168.1.255" +istio_enabled: true +istio_version: "1.15.2" +strimzi_enabled: true +strimzi_version: "0.28.0" diff --git a/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/cert-manager.yml b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/cert-manager.yml new file mode 100644 index 000000000..5a14d93ce --- /dev/null +++ b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/cert-manager.yml @@ -0,0 +1,17 @@ +--- +- name: Check if cert-manager manifest file is present + stat: + path: /tmp/cert-manager.yaml + register: cm_manifest + +- name: Download cert-manager + get_url: + url: "https://github.com/jetstack/cert-manager/releases/download/v{{ cert_manager_version }}/cert-manager.yaml" + dest: "/tmp" + mode: '0400' + when: not cm_manifest.stat.exists + +- name: Deploy cert-manager + kubernetes.core.k8s: + src: /tmp/cert-manager.yaml + state: present diff --git a/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/istio.yml b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/istio.yml new file mode 100644 index 000000000..01e335c7c --- /dev/null +++ b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/istio.yml @@ -0,0 +1,40 @@ +--- +- name: Add Istio Helm repository + kubernetes.core.helm_repository: + name: istio + repo_url: https://istio-release.storage.googleapis.com/charts + +- name: Deploy Istio base chart + kubernetes.core.helm: + name: istio-base + chart_version: "{{ istio_version }}" + chart_ref: istio/base + release_namespace: istio-system + create_namespace: true + +- name: Deploy Istio discovery chart + kubernetes.core.helm: + name: istiod + chart_version: "{{ istio_version }}" + chart_ref: istio/istiod + release_namespace: istio-system + wait: true + +- name: Create Istio ingress gateway namespace + kubernetes.core.k8s: + state: present + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: istio-ingress + labels: + istio-injection: enabled + +- name: Deploy Istio ingress gateway chart + kubernetes.core.helm: + name: istio-ingress + chart_version: "{{ istio_version }}" + chart_ref: istio/gateway + release_namespace: istio-ingress + wait: true diff --git a/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/main.yml b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/main.yml index 022867d0b..32adc3310 100644 --- a/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/main.yml +++ b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/main.yml @@ -1,44 +1,19 @@ -- name: Download cert-manager - get_url: - url: "https://github.com/jetstack/cert-manager/releases/download/v{{ cert_manager_version }}/cert-manager.yaml" - dest: "/tmp" - mode: '0400' +--- +- name: Setup cert-manager + include_tasks: cert-manager.yml -- name: Deploy cert-manager - kubernetes.core.k8s: - src: /tmp/cert-manager.yaml - state: present +- name: Setup strimzi + include_tasks: strimzi.yml + when: strimzi_enabled -- name: Add MetalLB Helm repository - kubernetes.core.helm_repository: - name: metallb - repo_url: https://metallb.github.io/metallb +- name: Setup MetalLB + include_tasks: metallb.yml + when: metallb_enabled -- name: Add prometheus Helm repository - kubernetes.core.helm_repository: - name: prometheus - repo_url: https://prometheus-community.github.io/helm-charts +- name: Setup Prometheus + include_tasks: prometheus.yml + when: prometheus_enabled -- name: Copy MetalLB override file - template: - src: "metallb-values.yaml.j2" - dest: "/tmp/metallb-values.yaml" - mode: '0400' - -- name: Deploy MetalLB charts - kubernetes.core.helm: - name: metallb - chart_version: "{{ metallb_version }}" - chart_ref: metallb/metallb - release_namespace: metallb - create_namespace: true - values_files: - - /tmp/metallb-values.yaml - -- name: Deploy Prometheus charts - kubernetes.core.helm: - name: prometheus - chart_version: "{{ prometheus_version }}" - chart_ref: prometheus/kube-prometheus-stack - release_namespace: prometheus - create_namespace: true +- name: Setup Istio + include_tasks: istio.yml + when: istio_enabled diff --git a/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/metallb.yml b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/metallb.yml new file mode 100644 index 000000000..95547ec32 --- /dev/null +++ b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/metallb.yml @@ -0,0 +1,51 @@ +--- +- name: Add MetalLB Helm repository + kubernetes.core.helm_repository: + name: metallb + repo_url: https://metallb.github.io/metallb + +- name: Create MetalLB namespace + kubernetes.core.k8s: + state: present + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: metallb-system + labels: + pod-security.kubernetes.io/enforce: privileged + pod-security.kubernetes.io/audit: privileged + pod-security.kubernetes.io/warn: privileged +- name: Deploy MetalLB charts + kubernetes.core.helm: + name: metallb + chart_version: "{{ metallb_version }}" + chart_ref: metallb/metallb + release_namespace: metallb-system + wait: true + +- name: Create MetalLB IP Address Pool Resource + kubernetes.core.k8s: + state: present + definition: + apiVersion: metallb.io/v1beta1 + kind: IPAddressPool + metadata: + name: onap-pool + namespace: metallb-system + spec: + addresses: + - "{{ metallb_addresses }}" + register: result + retries: 1 + until: result['failed'] == false + +- name: Create MetalLB L2 Advertisement Resource + kubernetes.core.k8s: + state: present + definition: + apiVersion: metallb.io/v1beta1 + kind: L2Advertisement + metadata: + name: onap + namespace: metallb-system diff --git a/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/prometheus.yml b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/prometheus.yml new file mode 100644 index 000000000..e046cddb8 --- /dev/null +++ b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/prometheus.yml @@ -0,0 +1,13 @@ +--- +- name: Add prometheus Helm repository + kubernetes.core.helm_repository: + name: prometheus + repo_url: https://prometheus-community.github.io/helm-charts + +- name: Deploy Prometheus charts + kubernetes.core.helm: + name: prometheus + chart_version: "{{ prometheus_version }}" + chart_ref: prometheus/kube-prometheus-stack + release_namespace: prometheus + create_namespace: true diff --git a/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/strimzi.yml b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/strimzi.yml new file mode 100644 index 000000000..fd5828b19 --- /dev/null +++ b/deployment/noheat/cluster-rke/ansible/roles/deps/tasks/strimzi.yml @@ -0,0 +1,15 @@ +--- +- name: Add Strimzi Helm repository + kubernetes.core.helm_repository: + name: strimzi + repo_url: https://strimzi.io/charts + +- name: Deploy Strimzi chart + kubernetes.core.helm: + name: strimzi-kafka-operator + chart_version: "{{ strimzi_version }}" + chart_ref: strimzi/strimzi-kafka-operator + release_namespace: strimzi-system + create_namespace: true + values: + watchAnyNamespace: true diff --git a/deployment/noheat/cluster-rke/ansible/roles/deps/templates/metallb-values.yaml.j2 b/deployment/noheat/cluster-rke/ansible/roles/deps/templates/metallb-values.yaml.j2 deleted file mode 100644 index d86d505df..000000000 --- a/deployment/noheat/cluster-rke/ansible/roles/deps/templates/metallb-values.yaml.j2 +++ /dev/null @@ -1,6 +0,0 @@ -configInline: - address-pools: - - name: default - protocol: "{{ metallb_protocol }}" - addresses: - - "{{ metallb_addresses }}" diff --git a/deployment/noheat/cluster-rke/ansible/roles/oom/tasks/main.yml b/deployment/noheat/cluster-rke/ansible/roles/oom/tasks/main.yml index c0d8b15ef..035fb01f5 100644 --- a/deployment/noheat/cluster-rke/ansible/roles/oom/tasks/main.yml +++ b/deployment/noheat/cluster-rke/ansible/roles/oom/tasks/main.yml @@ -1,3 +1,4 @@ +--- - name: Build OOM charts make: chdir: "{{ oom_dir }}/kubernetes" @@ -5,6 +6,61 @@ params: SKIP_LINT: "TRUE" +- name: Build ONAP charts + make: + chdir: "{{ oom_dir }}/kubernetes" + target: onap + params: + SKIP_LINT: "TRUE" + +- name: Create ONAP namespace + kubernetes.core.k8s: + state: present + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: onap + labels: + istio-injection: enabled + when: istio_enabled + +- name: Create ONAP namespace + kubernetes.core.k8s: + name: onap + api_version: v1 + kind: Namespace + state: present + when: not istio_enabled + +- name: Get encryption key + command: cat "{{ oom_dir }}/kubernetes/so/resources/config/mso/encryption.key" + register: encryption_key + when: encryption_key is undefined +- name: Clone integration project + git: + repo: "https://git.onap.org/integration" + dest: "{{ integration_dir }}" + version: "{{ onap_branch }}" +- name: Compile encryption tool + command: + cmd: javac Crypto.java + chdir: "{{ integration_dir }}/deployment/heat/onap-rke/scripts" + creates: "{{ integration_dir }}/deployment/heat/onap-rke/scripts/Crypto.class" +- name: Encrypt password + command: + cmd: java Crypto "{{ openstack_passwd }}" "{{ encryption_key.stdout }}" + chdir: "{{ integration_dir }}/deployment/heat/onap-rke/scripts" + register: encrypted_password + when: encrypted_password is undefined + - name: Deploy sm-onap command: - cmd: "helm deploy onap local/onap --namespace onap --create-namespace --set global.masterPassword=scrtPasswd --set vid.enabled=true -f {{ oom_dir }}/kubernetes/onap/resources/overrides/sm-onap.yaml" + cmd: "helm deploy onap local/onap --namespace onap --set global.masterPassword=scrtPasswd -f {{ override_file }}" + environment: + OPENSTACK_USER_NAME: "{{ openstack_username }}" + OPENSTACK_REGION: "{{ openstack_region }}" + OPENSTACK_KEYSTONE_URL: "http://{{ hostvars['openstack0']['ansible_default_ipv4']['address'] }}:5000/3.0" + OPENSTACK_TENANT_NAME: "{{ openstack_tenant }}" + OPENSTACK_ENCTYPTED_PASSWORD: "{{ encrypted_password.stdout }}" + changed_when: false diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_docker/defaults/main.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/defaults/main.yml index 3ec4af32d..1d24016e1 100644 --- a/deployment/noheat/cluster-rke/ansible/roles/setup_docker/defaults/main.yml +++ b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/defaults/main.yml @@ -1,3 +1,3 @@ --- -docker_version: "19.03.15" +docker_version: "20.10.18" local_user: "ubuntu" diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_docker/handlers/main.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/handlers/main.yml new file mode 100644 index 000000000..3627303e6 --- /dev/null +++ b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart docker + service: + name: docker + state: restarted diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_docker/tasks/main.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/tasks/main.yml index 29dee312f..12e13f47b 100644 --- a/deployment/noheat/cluster-rke/ansible/roles/setup_docker/tasks/main.yml +++ b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/tasks/main.yml @@ -1,38 +1,6 @@ -- name: Install deps - apt: - name: "{{ item }}" - state: present - with_items: - - apt-transport-https - - ca-certificates - - curl - - software-properties-common - -- name: Add Docker repo key - apt_key: - url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg" - state: present - -- name: Add Docker repo - apt_repository: - repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }} stable" - state: present - update_cache: yes - -- name: Find exact Docker version - shell: "apt-cache madison docker-ce | grep {{ docker_version }} | head -n 1 | cut -d ' ' -f 4" - register: docker_pkg_version - -- name: install Docker - apt: - name: "{{ item }}" - state: present - with_items: - - "docker-ce={{ docker_pkg_version.stdout }}" - - "docker-ce-cli={{ docker_pkg_version.stdout }}" - -- name: Lock docker version - command: apt-mark hold docker-ce docker-ce-cli +--- +- name: Setup Docker repo and packages + include_tasks: packages.yml - name: Add user to docker group user: @@ -46,3 +14,13 @@ name: docker state: started enabled: yes + +- name: Configure Docker + copy: + dest: /etc/docker/daemon.json + content: "{{ docker_config | to_nice_json }}" + mode: 0600 + backup: true + when: docker_config is defined + notify: + - restart docker diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_docker/tasks/packages.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/tasks/packages.yml new file mode 100644 index 000000000..814dd285a --- /dev/null +++ b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/tasks/packages.yml @@ -0,0 +1,41 @@ +--- +- name: Install deps + apt: + name: "{{ item }}" + state: present + with_items: + - apt-transport-https + - ca-certificates + - curl + - software-properties-common + +- name: Add Docker repo key + apt_key: + url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg" + state: present + +- name: Add Docker repo + apt_repository: + repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release | lower }} stable" + state: present + update_cache: yes + +- name: Find exact Docker version + shell: "set -o pipefail && apt-cache madison docker-ce | grep {{ docker_version }} | head -n 1 | cut -d ' ' -f 4" + args: + executable: "/bin/bash" + register: docker_pkg_version + changed_when: false + +- name: install Docker + apt: + name: "{{ item }}" + state: present + allow_downgrade: true + with_items: + - "docker-ce={{ docker_pkg_version.stdout }}" + - "docker-ce-cli={{ docker_pkg_version.stdout }}" + +- name: Lock docker version + command: apt-mark hold docker-ce docker-ce-cli + changed_when: false diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_docker/vars/main.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/vars/main.yml new file mode 100644 index 000000000..6879cca7e --- /dev/null +++ b/deployment/noheat/cluster-rke/ansible/roles/setup_docker/vars/main.yml @@ -0,0 +1,8 @@ +--- +# docker_config will be converted to json and placed as a /etc/docker/daemon.json +#docker_config: +# insecure-registries: +# - "192.168.1.1:5000" +# - "192.168.1.2:5000" +# registry-mirrors: +# - "http://192.168.1.1:5000" diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_helm/defaults/main.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_helm/defaults/main.yml index cbbb3c910..7de57af9c 100644 --- a/deployment/noheat/cluster-rke/ansible/roles/setup_helm/defaults/main.yml +++ b/deployment/noheat/cluster-rke/ansible/roles/setup_helm/defaults/main.yml @@ -1,6 +1,7 @@ --- -helm_version: "3.6.3" -chartmuseum_version: "0.13.1" +helm_version: "3.7.2" +helm_cm_push_version: "0.10.3" +chartmuseum_version: "0.15.0" chartmuseum_port: "8879" chartmuseum_dir: "{{ ansible_user_dir }}/helm3-storage" local_user: "{{ ansible_user_id }}" diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/cm.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/cm.yml new file mode 100644 index 000000000..71f43ad0a --- /dev/null +++ b/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/cm.yml @@ -0,0 +1,45 @@ +--- +- name: Check if chartmuseum is installed + stat: + path: /usr/local/bin/chartmuseum + register: cm_bin + +- name: Check if chartmuseum is installed + stat: + path: /tmp/get-chartmuseum + register: cm_install + +- name: Download chartmuseum install script + get_url: + url: "https://raw.githubusercontent.com/helm/chartmuseum/v{{ chartmuseum_version }}/scripts/get-chartmuseum" + dest: "/tmp/" + mode: '700' + when: not cm_install.stat.exists + +- name: Install chartmuseum + become: yes + command: + cmd: "./get-chartmuseum -v v{{ chartmuseum_version }}" + chdir: "/tmp/" + when: not cm_bin.stat.exists + +- name: Create chartmuseum local storage + file: + name: "{{ chartmuseum_dir }}" + state: directory + mode: '0755' + +- name: Install chartmuseum service file + become: yes + template: + src: "chartmuseum.service.j2" + dest: "/etc/systemd/system/chartmuseum.service" + mode: '0444' + notify: Reload systemd + +- name: Start and enable chartmuseum + become: yes + service: + name: "chartmuseum" + state: started + enabled: yes diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/helm.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/helm.yml new file mode 100644 index 000000000..88ba29f64 --- /dev/null +++ b/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/helm.yml @@ -0,0 +1,35 @@ +--- +- name: Download helm + get_url: + url: "https://get.helm.sh/helm-v{{ helm_version }}-linux-amd64.tar.gz" + dest: "/tmp" + +- name: Unarchive helm + unarchive: + src: "/tmp/helm-v{{ helm_version }}-linux-amd64.tar.gz" + dest: "/tmp/" + remote_src: yes + +- name: Copy helm binary to $PATH + become: yes + copy: + src: "/tmp/linux-amd64/helm" + dest: "/usr/local/bin/" + remote_src: yes + mode: '0555' + +- name: Install Helm Push plugin + kubernetes.core.helm_plugin: + plugin_path: "https://github.com/chartmuseum/helm-push.git" + plugin_version: "{{ helm_cm_push_version }}" + state: present + +- name: Install Helm OOM Deploy plugin + kubernetes.core.helm_plugin: + plugin_path: "{{ oom_dir }}/kubernetes/helm/plugins/deploy" + state: present + +- name: Install Helm OOM Undeploy plugin + kubernetes.core.helm_plugin: + plugin_path: "{{ oom_dir }}/kubernetes/helm/plugins/undeploy" + state: present diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/main.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/main.yml index 93787be5f..94abf6ea8 100644 --- a/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/main.yml +++ b/deployment/noheat/cluster-rke/ansible/roles/setup_helm/tasks/main.yml @@ -1,67 +1,9 @@ -- name: Download helm - get_url: - url: "https://get.helm.sh/helm-v{{ helm_version }}-linux-amd64.tar.gz" - dest: "/tmp" +--- +- name: Setup helm + include_tasks: helm.yml -- name: Unarchive helm - unarchive: - src: "/tmp/helm-v{{ helm_version }}-linux-amd64.tar.gz" - dest: "/tmp/" - remote_src: yes - -- name: Copy helm binary to $PATH - become: yes - copy: - src: "/tmp/linux-amd64/helm" - dest: "/usr/local/bin/" - remote_src: yes - mode: '0555' - -- name: Install Helm Push plugin - command: helm plugin install --version 0.9.0 https://github.com/chartmuseum/helm-push.git - -- name: Install Helm OOM Deploy plugin - kubernetes.core.helm_plugin: - plugin_path: "{{ oom_dir }}/kubernetes/helm/plugins/deploy" - state: present - -- name: Install Helm OOM Undeploy plugin - kubernetes.core.helm_plugin: - plugin_path: "{{ oom_dir }}/kubernetes/helm/plugins/undeploy" - state: present - -- name: Download chartmuseum install script - get_url: - url: "https://raw.githubusercontent.com/helm/chartmuseum/v{{ chartmuseum_version }}/scripts/get-chartmuseum" - dest: "/tmp/" - mode: '700' - -- name: Install chartmuseum - become: yes - command: - cmd: "./get-chartmuseum -v v{{ chartmuseum_version }}" - chdir: "/tmp/" - -- name: Create chartmuseum local storage - file: - name: "{{ chartmuseum_dir }}" - state: directory - mode: '0755' - -- name: Install chartmuseum service file - become: yes - template: - src: "chartmuseum.service.j2" - dest: "/etc/systemd/system/chartmuseum.service" - mode: '0444' - notify: Reload systemd - -- name: Start and enable chartmuseum - become: yes - service: - name: "chartmuseum" - state: started - enabled: yes +- name: Setup chartmuseum + include_tasks: cm.yml - name: Add local Helm repository kubernetes.core.helm_repository: diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/defaults/main.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/defaults/main.yml index 527238dc0..021aae0ee 100644 --- a/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/defaults/main.yml +++ b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/defaults/main.yml @@ -1,3 +1,3 @@ --- -rke_version: "1.2.11" -k8s_version: "v1.19.13-rancher1-1" +rke_version: "1.3.15" +rke_k8s_version: "v{{ k8s_version }}-rancher1-1" diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/kubectl.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/kubectl.yml new file mode 100644 index 000000000..f9912ebdf --- /dev/null +++ b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/kubectl.yml @@ -0,0 +1,13 @@ +--- +- name: Check if kubectl is available + stat: + path: "/usr/local/bin/kubectl" + register: kubectl_bin + +- name: Get kubectl + become: yes + get_url: + url: "https://dl.k8s.io/release/v{{ k8s_version }}/bin/linux/amd64/kubectl" + dest: "/usr/local/bin/" + mode: '0555' + when: not kubectl_bin.stat.exists diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/main.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/main.yml index 53d7b8167..7d3ba0096 100644 --- a/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/main.yml +++ b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/main.yml @@ -1,20 +1,6 @@ -- name: Download RKE - get_url: - url: "https://github.com/rancher/rke/releases/download/v{{ rke_version }}/rke_linux-amd64" - dest: "{{ ansible_user_dir }}/rke" - mode: '0700' - -- name: Prepare RKE configuration - template: - src: "cluster.yml.j2" - dest: "{{ ansible_user_dir }}/cluster.yml" - mode: '0400' - -- name: Run RKE - command: - cmd: "./rke up" - chdir: "{{ ansible_user_dir }}" - creates: "{{ ansible_user_dir }}/kube_config_cluster.yml" +--- +- name: Deploy kubernetes with RKE + include_tasks: rke.yml - name: Create k8s directory file: @@ -24,10 +10,7 @@ - name: Set k8s config command: "mv {{ ansible_user_dir }}/kube_config_cluster.yml {{ ansible_user_dir }}/.kube/config" + when: rke_run and rke_run.rc == 0 -- name: Get kubectl - become: yes - get_url: - url: "https://dl.k8s.io/release/{{ k8s_version.split('-')[0] }}/bin/linux/amd64/kubectl" - dest: "/usr/local/bin/" - mode: '0555' +- name: Install kubectl + include_tasks: kubectl.yml diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/rke.yml b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/rke.yml new file mode 100644 index 000000000..b253e711d --- /dev/null +++ b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/tasks/rke.yml @@ -0,0 +1,25 @@ +--- +- name: Check if RKE is available + stat: + path: "{{ ansible_user_dir }}/rke" + register: rke_bin + +- name: Download RKE + get_url: + url: "https://github.com/rancher/rke/releases/download/v{{ rke_version }}/rke_linux-amd64" + dest: "{{ ansible_user_dir }}/rke" + mode: '0700' + when: not rke_bin.stat.exists + +- name: Prepare RKE configuration + template: + src: "cluster.yml.j2" + dest: "{{ ansible_user_dir }}/cluster.yml" + mode: '0400' + +- name: Run RKE + command: + cmd: "./rke up" + chdir: "{{ ansible_user_dir }}" + creates: "{{ ansible_user_dir }}/kube_config_cluster.yml" + register: rke_run diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/templates/cluster.yml.j2 b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/templates/cluster.yml.j2 index 992805233..3b83fd466 100644 --- a/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/templates/cluster.yml.j2 +++ b/deployment/noheat/cluster-rke/ansible/roles/setup_k8s/templates/cluster.yml.j2 @@ -40,7 +40,7 @@ ssh_agent_auth: false authorization: mode: rbac ignore_docker_version: false -kubernetes_version: "{{ k8s_version }}" +kubernetes_version: "{{ rke_k8s_version }}" private_registries: - url: nexus3.onap.org:10001 user: docker diff --git a/deployment/noheat/cluster-rke/ansible/roles/setup_nfs/templates/exports.j2 b/deployment/noheat/cluster-rke/ansible/roles/setup_nfs/templates/exports.j2 index edadcb9bd..6a5a825c6 100644 --- a/deployment/noheat/cluster-rke/ansible/roles/setup_nfs/templates/exports.j2 +++ b/deployment/noheat/cluster-rke/ansible/roles/setup_nfs/templates/exports.j2 @@ -1 +1 @@ -{{ nfs_mountpoint }} {% for host in (groups['control'] | union(groups['workers'])) %} {{ hostvars[host]['ansible_default_ipv4']['address'] }}{% endfor %}(rw,sync,no_root_squash,no_subtree_check) +{{ nfs_mountpoint }} {% for host in (groups['control'] | union(groups['workers'])) %} {{ hostvars[host]['ansible_default_ipv4']['address'] }}(rw,sync,no_root_squash,no_subtree_check){% endfor %} diff --git a/deployment/noheat/common-vars.yml b/deployment/noheat/common-vars.yml new file mode 100644 index 000000000..8e1dc71bd --- /dev/null +++ b/deployment/noheat/common-vars.yml @@ -0,0 +1,2 @@ +--- +k8s_version: "1.22.13" diff --git a/deployment/noheat/deploy-all.yml b/deployment/noheat/deploy-all.yml new file mode 100644 index 000000000..2ea069525 --- /dev/null +++ b/deployment/noheat/deploy-all.yml @@ -0,0 +1,9 @@ +--- +- name: Create infastructure + import_playbook: infra-openstack/ansible/create.yml +- hosts: operator0 + tasks: + - name: Deploy Devstack + ansible.builtin.command: ansible-playbook -i {{ ansible_user_dir }}/inventory.ini {{ ansible_user_dir }}/devstack/ansible/create.yml + - name: Deploy k8s & ONAP + ansible.builtin.command: ansible-playbook -i {{ ansible_user_dir }}/inventory.ini {{ ansible_user_dir }}/deploy/cluster-rke/ansible/create.yml diff --git a/deployment/noheat/devstack/ansible/create.yml b/deployment/noheat/devstack/ansible/create.yml new file mode 100644 index 000000000..f11fe1194 --- /dev/null +++ b/deployment/noheat/devstack/ansible/create.yml @@ -0,0 +1,43 @@ +--- +- name: Deploy Devstack + hosts: "openstack*" + tasks: + - name: Update Devstack hosts + become: true + ansible.builtin.apt: + upgrade: full + update_cache: true + autoremove: true + autoclean: true + + - name: Reboot OS + become: true + ansible.builtin.reboot: + + - name: Clone Devstack + ansible.builtin.git: + repo: "https://opendev.org/openstack/devstack" + dest: "{{ devstack_dir }}" + version: "{{ devstack_version }}" + + - name: Copy local.conf + ansible.builtin.template: + src: "local.conf.j2" + dest: "{{ devstack_dir }}/local.conf" + mode: '0600' + + - name: Run devstack setup script + ansible.builtin.command: + chdir: "{{ devstack_dir }}" + cmd: "./stack.sh" + creates: /opt/stack + + - name: Run devstack setup script + ansible.builtin.file: + path: "{{ devstack_dir }}" + state: absent + + handlers: + - name: Reboot OS + become: true + ansible.builtin.reboot: diff --git a/deployment/noheat/devstack/ansible/group_vars/all/all.yml b/deployment/noheat/devstack/ansible/group_vars/all/all.yml new file mode 100644 index 000000000..b2d63c672 --- /dev/null +++ b/deployment/noheat/devstack/ansible/group_vars/all/all.yml @@ -0,0 +1,3 @@ +--- +devstack_dir: "{{ ansible_user_dir }}/devstack" +devstack_version: "stable/yoga" diff --git a/deployment/noheat/devstack/ansible/templates/local.conf.j2 b/deployment/noheat/devstack/ansible/templates/local.conf.j2 new file mode 100644 index 000000000..0bfa3bba9 --- /dev/null +++ b/deployment/noheat/devstack/ansible/templates/local.conf.j2 @@ -0,0 +1,5 @@ +[[local|localrc]] +ADMIN_PASSWORD="{{ openstack_passwd }}" +DATABASE_PASSWORD=$ADMIN_PASSWORD +RABBIT_PASSWORD=$ADMIN_PASSWORD +SERVICE_PASSWORD=$ADMIN_PASSWORD diff --git a/deployment/noheat/infra-openstack/README.rst b/deployment/noheat/infra-openstack/README.rst index 1ac9539f5..c48dfa7f2 100644 --- a/deployment/noheat/infra-openstack/README.rst +++ b/deployment/noheat/infra-openstack/README.rst @@ -22,13 +22,8 @@ Configuration Dependencies ~~~~~~~~~~~~ -- Ansible: tested on 2.9.9 (using Python 3.5.2) - - Collections - - community.crypto: tested on 1.3.0 - - ansible.posix: tested on 1.1.1 - - Roles - - geerlingguy.ansible: tested on 2.1.0 -- openstacksdk_: tested on 0.46.0 (using Python 3.5.2) +Tested on Python 3.8.10. Required Python dependencies can be found in ``../requirements.txt``. +Required Ansible roles and collections can be found in ``../requirements.yml`` .. _openstacksdk: https://pypi.org/project/openstacksdk diff --git a/deployment/noheat/infra-openstack/ansible/create.yml b/deployment/noheat/infra-openstack/ansible/create.yml index 825bee3a4..73830663c 100644 --- a/deployment/noheat/infra-openstack/ansible/create.yml +++ b/deployment/noheat/infra-openstack/ansible/create.yml @@ -10,6 +10,21 @@ - role: create_hosts hosts: "{{ operation.hosts }}" operator_key: "dummy" + tasks: + - name: Get operator Openstack info + openstack.cloud.server_info: + server: "operator0" + register: operator_info + - name: Create directory for artifacts + ansible.builtin.file: + name: "artifacts" + state: directory + mode: '0755' + - name: Save operator access information + ansible.builtin.copy: + content: "{{ operator_info['openstack_servers'][0]['public_v4'] }},{{ image['user'] }},~/.ssh/{{ keypair['key']['name'] }}" + dest: "artifacts/operator.csv" + mode: "0644" - name: Create cluster operator access keypair hosts: "operator0" gather_facts: False @@ -21,10 +36,18 @@ path: "~/.ssh/{{ keypair.name }}" register: key - name: Add operator0 public key to it's authorized keys - authorized_key: + ansible.posix.authorized_key: key: "{{ key['public_key'] }}" state: present user: "{{ ansible_user }}" +- name: Create OpenStack instances + hosts: localhost + connection: local + gather_facts: False + roles: + - role: create_hosts + hosts: "{{ openstack.hosts }}" + operator_key: "{{ hostvars['operator0']['key']['public_key'] }}" - name: Create cluster instances hosts: localhost connection: local @@ -35,9 +58,8 @@ operator_key: "{{ hostvars['operator0']['key']['public_key'] }}" - name: Create cluster operator access information hosts: "operator0" - roles: - - role: geerlingguy.ansible - become: yes + vars_files: + - ../../common-vars.yml tasks: - name: Add cluster hostnames to /etc/hosts file lineinfile: @@ -52,25 +74,63 @@ vars: hosts: "{{ lookup('dict', hostvars['localhost']['hosts_dict']) }}" - name: Push in-cluster deployment stage description to the next Ansible control host - ansible.posix.synchronize: + copy: src: ../../cluster-rke dest: ~/deploy - - name: Install python dependencies - become: yes - package: - name: - - python3-pip - - python3-setuptools - state: present - - name: Install community.kubernetes.k8s Ansible collection dependencies - pip: - name: - - openshift - - pyyaml - - kubernetes - executable: pip3 - become: yes - - name: Add Ansible collection dependencies - command: "ansible-galaxy collection install ansible.posix" - - name: Add community.kubernetes Ansible collection - command: "ansible-galaxy collection install community.kubernetes" + - name: Push Devstack deployment stage description to the next Ansible control host + copy: + src: ../../devstack + dest: ~/ + - name: Push common variables to the next Ansible control host + copy: + src: ../../common-vars.yml + dest: ~/ + - name: Push Devstack vars to the next Ansible control host (for Devstack stage) + template: + src: "templates/openstack.yml.j2" + dest: ~/devstack/ansible/group_vars/all/openstack.yml + mode: '0644' + - name: Push Devstack vars to the next Ansible control host (for cluster-rke stage) + template: + src: "templates/openstack.yml.j2" + dest: ~/deploy/cluster-rke/ansible/group_vars/all/openstack.yml + mode: '0644' + - name: Create Devstack config directory + file: + path: ~/.config/openstack/ + state: directory + mode: '0755' + - name: Generate Devstack clouds.yml file + template: + src: "templates/clouds.yaml.j2" + dest: ~/.config/openstack/clouds.yml + mode: '0644' + - block: + - name: Install python dependencies + become: yes + apt: + name: + - python3-pip + - python3-setuptools + - default-jdk-headless + state: present + update_cache: true + - name: Install community.kubernetes.k8s Ansible collection dependencies + pip: + name: + - ansible-core==2.13.5 + - openshift==0.13.1 + - pyyaml==6.0 + # Major version of Python k8s libraty matches minor version of k8s. + - kubernetes~={{ k8s_version | regex_search("[^^.][0-9]+[^$]") ~ "0" }} + executable: pip3 + become: yes + - name: Copy ansible-galaxy requirements file + copy: + src: operator-requirements.yml + dest: ~/requirements.yml + mode: '0444' + - name: Install ansible-galaxy collections + community.general.ansible_galaxy_install: + requirements_file: ~/requirements.yml + type: both diff --git a/deployment/noheat/infra-openstack/ansible/destroy.yml b/deployment/noheat/infra-openstack/ansible/destroy.yml index ff9d5fccf..1564e3088 100644 --- a/deployment/noheat/infra-openstack/ansible/destroy.yml +++ b/deployment/noheat/infra-openstack/ansible/destroy.yml @@ -8,6 +8,8 @@ hosts: "{{ cluster.hosts }}" - role: destroy_hosts hosts: "{{ operation.hosts }}" + - role: destroy_hosts + hosts: "{{ openstack.hosts }}" - destroy_keypair - destroy_network - destroy_securitygroup diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml deleted file mode 120000 index e4e1e1f50..000000000 --- a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml +++ /dev/null @@ -1 +0,0 @@ -all.yml.sample \ No newline at end of file diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample index 1b03b06d5..541e15279 100644 --- a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample +++ b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sample @@ -18,9 +18,23 @@ securitygroup: - "192.168.1.0/24" image: - name: &image_name "Ubuntu_18.04" + name: &image_name "Ubuntu_20.04" user: "ubuntu" +openstack: + name: "vnf0" + inventory: "~/inventory.ini" + hosts: + - name: "openstack0" + image: *image_name + flavor: "m1.large" + keypair: *keypair_name + network: *network_name + securitygroup: *securitygroup_name + boot_from_volume: true + terminate_volume: true + volume_size: 100 + operation: name: "operation0" inventory: "~/inventory.ini" diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap index cb5168c26..9223ea591 100644 --- a/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap +++ b/deployment/noheat/infra-openstack/ansible/group_vars/all.yml.sm-onap @@ -14,9 +14,22 @@ securitygroup: - "192.168.1.0/24" image: - name: &image_name "Ubuntu_18.04" + name: &image_name "Ubuntu_20.04" user: "ubuntu" +openstack: + name: "vnf0" + inventory: "~/inventory.ini" + hosts: + - name: "openstack0" + image: *image_name + flavor: "m1.xlarge" + keypair: *keypair_name + network: *network_name + auto_ip: false + securitygroup: *securitygroup_name + volume_size: 140 + operation: name: "operation0" inventory: "~/inventory.ini" diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all/all.yml b/deployment/noheat/infra-openstack/ansible/group_vars/all/all.yml new file mode 120000 index 000000000..854839817 --- /dev/null +++ b/deployment/noheat/infra-openstack/ansible/group_vars/all/all.yml @@ -0,0 +1 @@ +../all.yml.sample \ No newline at end of file diff --git a/deployment/noheat/infra-openstack/ansible/group_vars/all/openstack.yml b/deployment/noheat/infra-openstack/ansible/group_vars/all/openstack.yml new file mode 100644 index 000000000..63ed1b081 --- /dev/null +++ b/deployment/noheat/infra-openstack/ansible/group_vars/all/openstack.yml @@ -0,0 +1,6 @@ +--- +openstack_username: "admin" +openstack_domain: "Default" +openstack_passwd: "secret" +openstack_region: "RegionOne" +openstack_tenant: "admin" diff --git a/deployment/noheat/infra-openstack/ansible/operator-requirements.yml b/deployment/noheat/infra-openstack/ansible/operator-requirements.yml new file mode 100644 index 000000000..08b7eeea1 --- /dev/null +++ b/deployment/noheat/infra-openstack/ansible/operator-requirements.yml @@ -0,0 +1,8 @@ +--- +collections: + - name: ansible.posix + version: 1.4.0 + - name: kubernetes.core + version: 2.3.2 + - name: community.general + version: 5.7.0 diff --git a/deployment/noheat/infra-openstack/ansible/roles/create_hosts/tasks/main.yml b/deployment/noheat/infra-openstack/ansible/roles/create_hosts/tasks/main.yml index 731bca04f..933b2f526 100644 --- a/deployment/noheat/infra-openstack/ansible/roles/create_hosts/tasks/main.yml +++ b/deployment/noheat/infra-openstack/ansible/roles/create_hosts/tasks/main.yml @@ -1,3 +1,5 @@ --- -- include: create_host.yml host={{ item }} +- include_tasks: create_host.yml loop: "{{ hosts }}" + loop_control: + loop_var: host diff --git a/deployment/noheat/infra-openstack/ansible/roles/create_keypair/tasks/main.yml b/deployment/noheat/infra-openstack/ansible/roles/create_keypair/tasks/main.yml index a330875d8..8a7c72092 100644 --- a/deployment/noheat/infra-openstack/ansible/roles/create_keypair/tasks/main.yml +++ b/deployment/noheat/infra-openstack/ansible/roles/create_keypair/tasks/main.yml @@ -5,11 +5,11 @@ register: keypair - name: Create local public key - local_action: - module: copy + copy: content: "{{ keypair.key.public_key }}" dest: "~/.ssh/{{ keypair.key.name }}.pub" mode: 0600 + delegate_to: localhost - name: Check if local private key exists stat: @@ -17,9 +17,9 @@ register: local_private_key - name: Create local private key - local_action: - module: copy + copy: content: "{{ keypair.key.private_key }}" dest: "~/.ssh/{{ keypair.key.name }}" mode: 0600 - when: local_private_key.stat.exists == False + delegate_to: localhost + when: not local_private_key.stat.exists diff --git a/deployment/noheat/infra-openstack/ansible/roles/create_network/tasks/create_network.yml b/deployment/noheat/infra-openstack/ansible/roles/create_network/tasks/create_network.yml index 81d8caae1..3e22ee6ce 100644 --- a/deployment/noheat/infra-openstack/ansible/roles/create_network/tasks/create_network.yml +++ b/deployment/noheat/infra-openstack/ansible/roles/create_network/tasks/create_network.yml @@ -15,6 +15,8 @@ network_name: "{{ net.name }}" cidr: "{{ net.cidr }}" dns_nameservers: "{{ dns_ips if dns_ips is defined else omit }}" + allocation_pool_start: '{{ net.allocation_pool_start | default("") }}' + allocation_pool_end: '{{ net.allocation_pool_end | default ("") }}' state: present - name: "Create {{ net.name }} router" diff --git a/deployment/noheat/infra-openstack/ansible/roles/create_network/tasks/main.yml b/deployment/noheat/infra-openstack/ansible/roles/create_network/tasks/main.yml index 5e3ef67f5..cce6f790b 100644 --- a/deployment/noheat/infra-openstack/ansible/roles/create_network/tasks/main.yml +++ b/deployment/noheat/infra-openstack/ansible/roles/create_network/tasks/main.yml @@ -1,4 +1,6 @@ --- -- include: create_network.yml net={{ item }} +- include_tasks: create_network.yml loop: - "{{ network }}" + loop_control: + loop_var: net diff --git a/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/main.yml b/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/main.yml index d04b72c34..872988032 100644 --- a/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/main.yml +++ b/deployment/noheat/infra-openstack/ansible/roles/create_securitygroup/tasks/main.yml @@ -1,5 +1,5 @@ --- -- include: create_securitygroup.yml +- include_tasks: create_securitygroup.yml loop: - "{{ securitygroup }}" loop_control: diff --git a/deployment/noheat/infra-openstack/ansible/roles/destroy_hosts/tasks/main.yml b/deployment/noheat/infra-openstack/ansible/roles/destroy_hosts/tasks/main.yml index 5ce130d44..1dd5c7224 100644 --- a/deployment/noheat/infra-openstack/ansible/roles/destroy_hosts/tasks/main.yml +++ b/deployment/noheat/infra-openstack/ansible/roles/destroy_hosts/tasks/main.yml @@ -1,3 +1,5 @@ --- -- include: destroy_host.yml host={{ item }} +- include_tasks: destroy_host.yml loop: "{{ hosts }}" + loop_control: + loop_var: host diff --git a/deployment/noheat/infra-openstack/ansible/roles/destroy_network/tasks/main.yml b/deployment/noheat/infra-openstack/ansible/roles/destroy_network/tasks/main.yml index e52dcbdb8..1d84ab62a 100644 --- a/deployment/noheat/infra-openstack/ansible/roles/destroy_network/tasks/main.yml +++ b/deployment/noheat/infra-openstack/ansible/roles/destroy_network/tasks/main.yml @@ -1,4 +1,6 @@ --- -- include: destroy_network.yml net={{ item }} +- include_tasks: destroy_network.yml loop: - "{{ network }}" + loop_control: + loop_var: net diff --git a/deployment/noheat/infra-openstack/ansible/roles/destroy_securitygroup/tasks/main.yml b/deployment/noheat/infra-openstack/ansible/roles/destroy_securitygroup/tasks/main.yml index de098afec..8142e8070 100644 --- a/deployment/noheat/infra-openstack/ansible/roles/destroy_securitygroup/tasks/main.yml +++ b/deployment/noheat/infra-openstack/ansible/roles/destroy_securitygroup/tasks/main.yml @@ -1,4 +1,6 @@ --- -- include: destroy_securitygroup.yml secgrp={{ item }} +- include_tasks: destroy_securitygroup.yml loop: - "{{ securitygroup }}" + loop_control: + loop_var: secgrp diff --git a/deployment/noheat/infra-openstack/ansible/templates/clouds.yaml.j2 b/deployment/noheat/infra-openstack/ansible/templates/clouds.yaml.j2 new file mode 100644 index 000000000..afbbc8738 --- /dev/null +++ b/deployment/noheat/infra-openstack/ansible/templates/clouds.yaml.j2 @@ -0,0 +1,11 @@ +clouds: + openstack: + auth: + auth_url: "https://{{ hostvars['localhost']['hosts_dict']['openstack0'] }}:5000/v3" + project_name: "{{ openstack_tenant }}"" + username: "{{ openstack_username }}" + user_domain_name: "{{ openstack_domain }}" + password: "{{ openstack_passwd }}" + region_name: "{{ openstack_region }}" + interface: "public" + identity_api_version: 3 diff --git a/deployment/noheat/infra-openstack/ansible/templates/inventory.ini.j2 b/deployment/noheat/infra-openstack/ansible/templates/inventory.ini.j2 index 15bb7caf9..79da2c603 100644 --- a/deployment/noheat/infra-openstack/ansible/templates/inventory.ini.j2 +++ b/deployment/noheat/infra-openstack/ansible/templates/inventory.ini.j2 @@ -3,6 +3,13 @@ {{ item.key }} ansible_host={{ item.value }} {% endfor %} +[openstack] +{% for item in hosts %} +{% if "openstack" in item.key %} +{{ item.key }} +{% endif %} +{% endfor %} + [operator] {% for item in hosts %} {% if "operator" in item.key %} diff --git a/deployment/noheat/infra-openstack/ansible/templates/openstack.yml.j2 b/deployment/noheat/infra-openstack/ansible/templates/openstack.yml.j2 new file mode 100644 index 000000000..25233abca --- /dev/null +++ b/deployment/noheat/infra-openstack/ansible/templates/openstack.yml.j2 @@ -0,0 +1,5 @@ +--- +openstack_username: "{{ openstack_username }}" +openstack_passwd: "{{ openstack_passwd }}" +openstack_region: "{{ openstack_region }}" +openstack_tenant: "{{ openstack_tenant }}" diff --git a/deployment/noheat/infra-openstack/vagrant/Vagrantfile b/deployment/noheat/infra-openstack/vagrant/Vagrantfile index 8acdf1442..ed1a3d076 100644 --- a/deployment/noheat/infra-openstack/vagrant/Vagrantfile +++ b/deployment/noheat/infra-openstack/vagrant/Vagrantfile @@ -11,15 +11,15 @@ os_clouds_dir = "${HOME}/.config/openstack" os_clouds_config = "#{os_clouds_dir}/clouds.yaml" os_admin = "admin" os_user = "demo" -image_url = "https://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-amd64.img" -image_name = "Ubuntu_18.04" +image_url = "https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img" +image_name = "Ubuntu_20.04" vm_cpu = 1 vm_cpus = 4 vm_memory = 1 * 1024 vm_memory_os = 8 * 1024 vm_disk = 32 -vm_box = "generic/ubuntu1804" +vm_box = "generic/ubuntu2004" operation = { name: 'operator', diff --git a/deployment/noheat/requirements.txt b/deployment/noheat/requirements.txt index dfa66f7f6..8ef36fc05 100644 --- a/deployment/noheat/requirements.txt +++ b/deployment/noheat/requirements.txt @@ -1,3 +1,3 @@ -wheel==0.36.2 -openstacksdk==0.58.0 -ansible==2.9.24 +wheel==0.37.1 +openstacksdk==0.61.0 +ansible-core==2.13.5 diff --git a/deployment/noheat/requirements.yml b/deployment/noheat/requirements.yml new file mode 100644 index 000000000..af8260038 --- /dev/null +++ b/deployment/noheat/requirements.yml @@ -0,0 +1,10 @@ +--- +collections: + - name: ansible.posix + version: 1.4.0 + - name: community.general + version: 5.7.0 + - name: community.crypto + version: 2.7.0 + - name: openstack.cloud + version: 1.10.0 -- cgit 1.2.3-korg