diff options
| -rwxr-xr-x | deploy/rancher/oom_rancher_setup.sh | 85 | ||||
| -rw-r--r-- | docs/release-notes.rst | 90 |
2 files changed, 148 insertions, 27 deletions
diff --git a/deploy/rancher/oom_rancher_setup.sh b/deploy/rancher/oom_rancher_setup.sh index b9366fb..0ee8234 100755 --- a/deploy/rancher/oom_rancher_setup.sh +++ b/deploy/rancher/oom_rancher_setup.sh @@ -1,7 +1,7 @@ #!/bin/bash ############################################################################# # -# Copyright © 2018 Amdocs. +# Copyright © 2019 Amdocs. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,7 +18,7 @@ # # This installation is for a rancher managed install of kubernetes # after this run the standard oom install -# this installation can be run on amy ubuntu 16.04 VM or physical host +# this installation can be run on amy ubuntu 16.04 VM, RHEL 7.6 (root only), physical or cloud azure/aws host # https://wiki.onap.org/display/DW/Cloud+Native+Deployment # source from https://jira.onap.org/browse/LOG-320 # Michael O'Brien @@ -29,30 +29,29 @@ # casablanca (until RC1) # Rancher 1.6.18, Kubernetes 1.10.3, Kubectl 1.10.3, Helm 2.9.2, Docker 17.03 # casablanca - integration change alignment for INT-586 - 29th Oct via LOG-806 -# Rancher 1.6.22, Kubernetes 1.11.2, kubectl 1.11.2, Helm 2.9.2, Docker 17.03 +# Rancher 1.6.22, Kubernetes 1.11.5, kubectl 1.11.5, Helm 2.9.1, Docker 17.03 # master/dublin - LOG-895 -# Rancher 1.6.25, Kubernetes 1.11.3, kubectl 1.11.3, Helm 2.9.2, Docker 17.03 +# Rancher 1.6.25, Kubernetes 1.11.5, kubectl 1.11.5, Helm 2.9.1, Docker 17.03 usage() { cat <<EOF Usage: $0 [PARAMs] example -sudo ./oom_rancher_setup.sh -b master -s cd.onap.cloud -e onap -c false -a 104.209.168.116 -v true +sudo ./oom_rancher_setup.sh -b master -s cd.onap.cloud -e onap -c false -a 104.209.168.116 -l ubuntu -v true -u : Display usage -b [branch] : branch = master or beijing or amsterdam (required) -s [server] : server = IP or DNS name (required) -e [environment] : use the default (onap) -c [true/false] : use computed client address (default true) -a [IP address] : client address ip - no FQDN +-l [username] : login username account (use ubuntu and sudo for ubuntu, use root for RHEL) -v [true/false] : validate EOF } install_onap() { #constants - USERNAME=ubuntu PORT=8880 - if [ "$BRANCH" == "amsterdam" ]; then RANCHER_VERSION=1.6.10 KUBECTL_VERSION=1.7.7 @@ -67,26 +66,31 @@ install_onap() { AGENT_VERSION=1.2.9 elif [ "$BRANCH" == "casablanca" ]; then RANCHER_VERSION=1.6.22 - KUBECTL_VERSION=1.11.2 + KUBECTL_VERSION=1.11.5 HELM_VERSION=2.9.1 DOCKER_VERSION=17.03 AGENT_VERSION=1.2.11 else RANCHER_VERSION=1.6.25 - KUBECTL_VERSION=1.11.3 + KUBECTL_VERSION=1.11.5 HELM_VERSION=2.9.1 DOCKER_VERSION=17.03 AGENT_VERSION=1.2.11 fi - - echo "Installing on ${SERVER} for ${BRANCH}: Rancher: ${RANCHER_VERSION} Kubectl: ${KUBECTL_VERSION} Helm: ${HELM_VERSION} Docker: ${DOCKER_VERSION}" + echo "prep for RHEL 7.6" + echo "enable ipv4 forwarding - add to /etc/sysctl.conf - net.ipv4.ip_forward = 1" + echo "yum groupinstall Development Tools - last 2 in single quotes" + echo "disable the firewall - systemctl disable firewalld" + echo "verify networking is boot enabled - sudo vi /etc/sysconfig/network-scripts/ifcfg-ens33 with ONBOOT=yes" + echo "Installing on ${SERVER} for ${BRANCH}: Rancher: ${RANCHER_VERSION} Kubectl: ${KUBECTL_VERSION} Helm: ${HELM_VERSION} Docker: ${DOCKER_VERSION} username: ${USERNAME}" sudo echo "127.0.0.1 ${SERVER}" >> /etc/hosts echo "If you must install as non-root - comment out the docker install below - run it separately, run the user mod, logout/login and continue this script" curl https://releases.rancher.com/install-docker/$DOCKER_VERSION.sh | sh sudo usermod -aG docker $USERNAME - echo "install make - required for beijing+" + echo "install make - required for beijing+ - installed via yum groupinstall Development Tools in RHEL" + # ubuntu specific sudo apt-get install make -y sudo docker run -d --restart=unless-stopped -p $PORT:8080 --name rancher_server rancher/server:v$RANCHER_VERSION @@ -106,9 +110,13 @@ install_onap() { sudo cp rancher-v${RANCHER_CLI_VER}/rancher . sudo chmod +x ./rancher - echo "install jq" - apt install jq -y + echo "install jq for json parsing" + sudo wget https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64 -O jq + sudo chmod 777 jq + # not +x or jq will not be runnable from your non-root user + sudo mv jq /usr/local/bin echo "wait for rancher server container to finish - 3 min" + echo "if you are planning on running a co-located host to bring up more than 110 pods on a single vm - you have 3 min to add --max-pods=900 in additional kublet flags - in the k8s template" sleep 60 echo "2 more min" sleep 60 @@ -127,7 +135,7 @@ install_onap() { export RANCHER_ACCESS_KEY=$KEY_PUBLIC export RANCHER_SECRET_KEY=$KEY_SECRET ./rancher env ls - echo "wait 60 sec for rancher environments can settle before we create the onap kubernetes one" + echo "wait 60 sec for rancher environments to settle before we create the onap kubernetes one" sleep 60 echo "Creating kubernetes environment named ${KUBE_ENV_NAME}" @@ -178,8 +186,7 @@ install_onap() { sleep 420 echo "1 more min" sleep 60 - #read -p "wait for host registration to complete before generating the client token....." - + # base64 encode the kubectl token from the auth pair # generate this after the host is registered KUBECTL_TOKEN=$(echo -n 'Basic '$(echo -n "$RANCHER_ACCESS_KEY:$RANCHER_SECRET_KEY" | base64 -w 0) | base64 -w 0) @@ -207,27 +214,47 @@ users: EOF - echo "run the following if you installed a higher kubectl version than the server" - echo "helm init --upgrade" + echo "Verify all pods up on the kubernetes system - will return localhost:8080 until a host is added" echo "kubectl get pods --all-namespaces" kubectl get pods --all-namespaces echo "upgrade server side of helm in kubernetes" - sudo helm version + if [ "$USERNAME" == "root" ]; then + helm version + else + sudo helm version + fi echo "sleep 90" sleep 90 - sudo helm init --upgrade + if [ "$USERNAME" == "root" ]; then + helm init --upgrade + else + sudo helm init --upgrade + fi echo "sleep 90" sleep 90 echo "verify both versions are the same below" - sudo helm version + if [ "$USERNAME" == "root" ]; then + helm version + else + sudo helm version + fi echo "start helm server" - sudo helm serve & + if [ "$USERNAME" == "root" ]; then + helm serve & + else + sudo helm serve & + fi echo "sleep 30" sleep 30 echo "add local helm repo" - sudo helm repo add local http://127.0.0.1:8879 - sudo helm repo list + if [ "$USERNAME" == "root" ]; then + helm repo add local http://127.0.0.1:8879 + helm repo list + else + sudo helm repo add local http://127.0.0.1:8879 + sudo helm repo list + fi echo "To enable grafana dashboard - do this after running cd.sh which brings up onap - or you may get a 302xx port conflict" echo "kubectl expose -n kube-system deployment monitoring-grafana --type=LoadBalancer --name monitoring-grafana-client" echo "to get the nodeport for a specific VM running grafana" @@ -242,8 +269,9 @@ ENVIRON= COMPUTEADDRESS=true ADDRESS= VALIDATE=false +USERNAME=ubuntu -while getopts ":b:s:e:u:c:a:v" PARAM; do +while getopts ":b:s:e:u:c:a:l:v" PARAM; do case $PARAM in u) usage @@ -264,6 +292,9 @@ while getopts ":b:s:e:u:c:a:v" PARAM; do a) ADDRESS=${OPTARG} ;; + l) + USERNAME=${OPTARG} + ;; v) VALIDATE=${OPTARG} ;; @@ -279,5 +310,5 @@ if [[ -z $BRANCH ]]; then exit 1 fi -install_onap $BRANCH $SERVER $ENVIRON $COMPUTEADDRESS $ADDRESS $VALIDATE +install_onap $BRANCH $SERVER $ENVIRON $COMPUTEADDRESS $ADDRESS $USERNAME $VALIDATE diff --git a/docs/release-notes.rst b/docs/release-notes.rst index b257316..1c3527e 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -3,6 +3,96 @@ Log Enhancements Release Notes ============================== +Version: 3.0.1 Casablanca Release +-------------- +Casablanca +-------------- + - logging-analytics Version: 1.2.6 + +-------------- +:Release Date: 2019-02-08 + +**New Features** + - kubernetes installation upped to 1.11.5 in the Rancher 1.6.25 RI + - NFS support for AWS EFS + +**Bug Fixes** + - `LOG-837 <https://jira.onap.org/browse/LOG-837>`_ Logging/POMBA CLM: fix/address/red-flag spring-mvc-5.1.2 pulls in spring-web-5.0.9 + +**Known Issues** + + - `LOG-376 <https://jira.onap.org/browse/LOG-376>`_ Logstash load balancing is asymmetric wherever AAI is run + - `LOG-895 <https://jira.onap.org/browse/LOG-895>`_ Upgrade Rancher to 1.6.25 to address CVE-2018-1002105 and move to Kubernetes 1.11.5 (server side) + +**Security Notes** + +LOG code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The LOG open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=45307852>`_. + +Quick Links: + - `LOG project page <https://wiki.onap.org/display/DW/Logging+Enhancements+Project>`_ + + - `Passing Badge information for LOG <https://bestpractices.coreinfrastructure.org/en/projects/1578>`_ + + - `Project Vulnerability Review Table for LOG <https://wiki.onap.org/pages/viewpage.action?pageId=45307852>`_ + +**Upgrade Notes** + None + +**Deprecation Notes** + None + +**Other** + None + + +POMBA Release Notes +-------------- +POMBA is sub-project of the Logging Enhancements Project. + +Casablanca +-------------- + - pomba-audit-common Version: 1.3.2 + - pomba-aai-context-builder Version: 1.3.2 + - pomba-context-aggregator Version: 1.3.4 + - pomba-network-discovery-context-builder Version: 1.3.1 + - pomba-sdc-context-builder Version: 1.3.2 + +-------------- +:Release Date: 2019-02-08 + +**New Features** + - Version 1 of the audit common model + - Initial release of context aggregator and 3 context builders + +**Bug Fixes** + + - `LOG-892 <https://jira.onap.org/browse/LOG-892`_ PORT - POMBA Network Discovery Context Builder does not log + +**Known Issues** + + - `LOG-913 <https://jira.onap.org/browse/LOG-913>`_ POMBA: 1 of 11 pods failing on sequenced startup on 3.0.0-ONAP - pomba is 22 on the order - looks timing related + - `LOG-950 <https://jira.onap.org/browse/LOG-950>`_ LOG-950 upped the numbers from 10 to 30 – for intermittent deploy timing – this is an issue for several projects since 3.0.0-ONAP - the solution is a sequenced 5h deploy via `cd.sh <https://git.onap.org/logging-analytics/tree/deploy/cd.sh#n228>`_ and/or better vms for now until the `dependencies <https://wiki.onap.org/display/DW/Log+Streaming+Compliance+and+API#LogStreamingComplianceandAPI-DeploymentDependencyTree-Containerlevel>`_ and jobs are refactored into helm hooks + +**Security Notes** + - all three nodeports for kibana, context builder and data-router are open by default for now + +POMBA code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The LOG open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=28378692>`_. + +Quick Links: + - `POMBA project page <https://wiki.onap.org/display/DW/POMBA>`_ + - `See the result from LOG <https://bestpractices.coreinfrastructure.org/en/projects/1578>`_ + - `See the result from LOG <https://wiki.onap.org/pages/viewpage.action?pageId=28378692>`_ + +**Upgrade Notes** + None + +**Deprecation Notes** + None + +**Other** + None + + Version: 1.2.2 Casablanca -------------- |