diff options
Diffstat (limited to 'vagrant')
| -rw-r--r-- | vagrant/Vagrantfile | 17 | ||||
| -rwxr-xr-x | vagrant/aio.sh | 58 | ||||
| -rw-r--r-- | vagrant/galaxy-requirements.yml | 4 | ||||
| -rw-r--r-- | vagrant/insecure_keys/key | 27 | ||||
| -rw-r--r-- | vagrant/insecure_keys/key.pub | 1 | ||||
| -rwxr-xr-x | vagrant/installer.sh | 208 | ||||
| -rw-r--r-- | vagrant/inventory/group_vars/k8s-cluster.yml | 17 | ||||
| -rw-r--r-- | vagrant/playbooks/configure-istio.yml | 7 | ||||
| -rw-r--r-- | vagrant/playbooks/configure-krd.yml | 2 | ||||
| -rw-r--r-- | vagrant/playbooks/configure-multus.yml | 11 | ||||
| -rw-r--r-- | vagrant/playbooks/configure-nfd.yml | 8 | ||||
| -rw-r--r-- | vagrant/playbooks/configure-ovn-kubernetes.yml | 5 | ||||
| -rw-r--r-- | vagrant/playbooks/configure-ovn4nfv.yml | 98 | ||||
| -rw-r--r-- | vagrant/playbooks/configure-virtlet.yml | 20 | ||||
| -rw-r--r-- | vagrant/playbooks/krd-vars.yml | 26 | ||||
| -rwxr-xr-x | vagrant/setup.sh | 7 | ||||
| -rwxr-xr-x | vagrant/tests/_common.sh | 334 | ||||
| -rwxr-xr-x | vagrant/tests/_functions.sh | 62 | ||||
| -rwxr-xr-x | vagrant/tests/integration_cFW.sh | 4 | ||||
| -rwxr-xr-x | vagrant/tests/integration_vFW.sh | 2 | ||||
| -rwxr-xr-x | vagrant/tests/integration_vcFW.sh | 13 | ||||
| -rwxr-xr-x | vagrant/tests/ovn4nfv.sh | 46 | ||||
| -rwxr-xr-x | vagrant/tests/plugin.sh | 2 |
23 files changed, 713 insertions, 266 deletions
diff --git a/vagrant/Vagrantfile b/vagrant/Vagrantfile index 735e750e..3314fe94 100644 --- a/vagrant/Vagrantfile +++ b/vagrant/Vagrantfile @@ -23,7 +23,7 @@ nodes = YAML.load_file(pdf) # Inventory file creation File.open(File.dirname(__FILE__) + "/inventory/hosts.ini", "w") do |inventory_file| - inventory_file.puts("[all:vars]\nansible_connection=ssh\nansible_ssh_user=vagrant\nansible_ssh_pass=vagrant\n\n[all]") + inventory_file.puts("[all]") nodes.each do |node| inventory_file.puts("#{node['name']}\tansible_ssh_host=#{node['ip']} ansible_ssh_port=22") end @@ -59,6 +59,7 @@ end Vagrant.configure("2") do |config| config.vm.box = box[provider][:name] config.vm.box_version = box[provider][:version] + config.ssh.insert_key = false if ENV['http_proxy'] != nil and ENV['https_proxy'] != nil if Vagrant.has_plugin?('vagrant-proxyconf') @@ -114,10 +115,16 @@ Vagrant.configure("2") do |config| config.vm.define :installer, primary: true, autostart: false do |installer| installer.vm.hostname = "multicloud" installer.vm.network :private_network, :ip => "10.10.10.2", :type => :static - installer.vm.synced_folder '../', '/root/go/src/k8-plugin-multicloud/', type: sync_type - installer.vm.provision 'shell' do |sh| - sh.path = "installer.sh" - sh.args = ['-p', '-v', '-w', '/root/go/src/k8-plugin-multicloud/vagrant'] + installer.vm.synced_folder '../', '/home/vagrant/multicloud-k8s/', type: sync_type + installer.vm.provision 'shell', privileged: false do |sh| + sh.env = {'KRD_PLUGIN_ENABLED': 'true'} + sh.inline = <<-SHELL + cp /vagrant/insecure_keys/key.pub /home/vagrant/.ssh/id_rsa.pub + cp /vagrant/insecure_keys/key /home/vagrant/.ssh/id_rsa + chown vagrant /home/vagrant/.ssh/id_rsa + chmod 400 /home/vagrant/.ssh/id_rsa + cd /home/vagrant/multicloud-k8s/vagrant/ && ./installer.sh | tee krd_installer.log + SHELL end end end diff --git a/vagrant/aio.sh b/vagrant/aio.sh new file mode 100755 index 00000000..413e4672 --- /dev/null +++ b/vagrant/aio.sh @@ -0,0 +1,58 @@ +#!/bin/bash +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2018 +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +set -o errexit +set -o nounset +set -o pipefail + +if [[ $(whoami) != 'root' ]];then + echo "This bash script must be executed as root user" + exit 1 +fi + +echo "Cloning and configuring KRD project..." +git clone https://git.onap.org/multicloud/k8s/ +cd k8s/vagrant/ +cat <<EOL > inventory/hosts.ini +[all] +localhost + +[kube-master] +localhost + +[kube-node] +localhost + +[etcd] +localhost + +[ovn-central] +localhost + +[ovn-controller] +localhost + +[virtlet] +localhost + +[k8s-cluster:children] +kube-node +kube-master +EOL +sed -i '/andrewrothstein.kubectl/d' playbooks/configure-*.yml +echo -e "\n\n\n" | ssh-keygen -t rsa -N "" +cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys +chmod og-wx ~/.ssh/authorized_keys + +echo "Enabling nested-virtualization" +./node.sh + +echo "Deploying KRD project" +./installer.sh | tee krd_installer.log diff --git a/vagrant/galaxy-requirements.yml b/vagrant/galaxy-requirements.yml index 4b252964..55e105a6 100644 --- a/vagrant/galaxy-requirements.yml +++ b/vagrant/galaxy-requirements.yml @@ -10,8 +10,8 @@ - src: andrewrothstein.go version: v2.1.10 - src: andrewrothstein.kubectl - version: v1.1.12 + version: v1.1.16 - src: andrewrothstein.kubernetes-helm version: v1.2.9 - src: geerlingguy.docker - version: 2.5.1 + version: 2.5.2 diff --git a/vagrant/insecure_keys/key b/vagrant/insecure_keys/key new file mode 100644 index 00000000..7d6a0839 --- /dev/null +++ b/vagrant/insecure_keys/key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzI +w+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoP +kcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2 +hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NO +Td0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcW +yLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQIBIwKCAQEA4iqWPJXtzZA68mKd +ELs4jJsdyky+ewdZeNds5tjcnHU5zUYE25K+ffJED9qUWICcLZDc81TGWjHyAqD1 +Bw7XpgUwFgeUJwUlzQurAv+/ySnxiwuaGJfhFM1CaQHzfXphgVml+fZUvnJUTvzf +TK2Lg6EdbUE9TarUlBf/xPfuEhMSlIE5keb/Zz3/LUlRg8yDqz5w+QWVJ4utnKnK +iqwZN0mwpwU7YSyJhlT4YV1F3n4YjLswM5wJs2oqm0jssQu/BT0tyEXNDYBLEF4A +sClaWuSJ2kjq7KhrrYXzagqhnSei9ODYFShJu8UWVec3Ihb5ZXlzO6vdNQ1J9Xsf +4m+2ywKBgQD6qFxx/Rv9CNN96l/4rb14HKirC2o/orApiHmHDsURs5rUKDx0f9iP +cXN7S1uePXuJRK/5hsubaOCx3Owd2u9gD6Oq0CsMkE4CUSiJcYrMANtx54cGH7Rk +EjFZxK8xAv1ldELEyxrFqkbE4BKd8QOt414qjvTGyAK+OLD3M2QdCQKBgQDtx8pN +CAxR7yhHbIWT1AH66+XWN8bXq7l3RO/ukeaci98JfkbkxURZhtxV/HHuvUhnPLdX +3TwygPBYZFNo4pzVEhzWoTtnEtrFueKxyc3+LjZpuo+mBlQ6ORtfgkr9gBVphXZG +YEzkCD3lVdl8L4cw9BVpKrJCs1c5taGjDgdInQKBgHm/fVvv96bJxc9x1tffXAcj +3OVdUN0UgXNCSaf/3A/phbeBQe9xS+3mpc4r6qvx+iy69mNBeNZ0xOitIjpjBo2+ +dBEjSBwLk5q5tJqHmy/jKMJL4n9ROlx93XS+njxgibTvU6Fp9w+NOFD/HvxB3Tcz +6+jJF85D5BNAG3DBMKBjAoGBAOAxZvgsKN+JuENXsST7F89Tck2iTcQIT8g5rwWC +P9Vt74yboe2kDT531w8+egz7nAmRBKNM751U/95P9t88EDacDI/Z2OwnuFQHCPDF +llYOUI+SpLJ6/vURRbHSnnn8a/XG+nzedGH5JGqEJNQsz+xT2axM0/W/CRknmGaJ +kda/AoGANWrLCz708y7VYgAtW2Uf1DPOIYMdvo6fxIB5i9ZfISgcJ/bbCUkFrhoH ++vq/5CIWxCPp0f85R4qxxQ5ihxJ0YDQT9Jpx4TMss4PSavPaBH3RXow5Ohe+bYoQ +NE5OgEXk2wVfZczCZpigBKbKZHNYcelXtTt/nP3rsCuGcM4h53s= +-----END RSA PRIVATE KEY----- diff --git a/vagrant/insecure_keys/key.pub b/vagrant/insecure_keys/key.pub new file mode 100644 index 00000000..18a9c00f --- /dev/null +++ b/vagrant/insecure_keys/key.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key diff --git a/vagrant/installer.sh b/vagrant/installer.sh index 5fdcaeb5..271f44f5 100755 --- a/vagrant/installer.sh +++ b/vagrant/installer.sh @@ -9,25 +9,11 @@ ############################################################################## set -o errexit -set -o nounset set -o pipefail -# usage() - Prints the usage of the program -function usage { - cat <<EOF -usage: $0 [-a addons] [-p] [-v] [-w dir ] -Optional Argument: - -a List of Kubernetes AddOns to be installed ( e.g. "ovn-kubernetes virtlet multus") - -p Installation of ONAP MultiCloud Kubernetes plugin - -v Enable verbosity - -w Working directory - -t Running healthchecks -EOF -} - # _install_go() - Install GoLang package function _install_go { - version=$(grep "go_version" ${krd_playbooks}/krd-vars.yml | awk -F ': ' '{print $2}') + version=$(grep "go_version" ${krd_playbooks}/krd-vars.yml | awk -F "'" '{print $2}') local tarball=go$version.linux-amd64.tar.gz if $(go version &>/dev/null); then @@ -35,37 +21,31 @@ function _install_go { fi wget https://dl.google.com/go/$tarball - tar -C /usr/local -xzf $tarball + sudo tar -C /usr/local -xzf $tarball rm $tarball export PATH=$PATH:/usr/local/go/bin - sed -i "s|^PATH=.*|PATH=\"$PATH\"|" /etc/environment - export INSTALL_DIRECTORY=/usr/local/bin - curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh + sudo sed -i "s|^PATH=.*|PATH=\"$PATH\"|" /etc/environment } # _install_pip() - Install Python Package Manager function _install_pip { if $(pip --version &>/dev/null); then - return + sudo apt-get install -y python-dev + curl -sL https://bootstrap.pypa.io/get-pip.py | sudo python + else + sudo -E pip install --upgrade pip fi - apt-get install -y python-dev - curl -sL https://bootstrap.pypa.io/get-pip.py | python - pip install --upgrade pip } # _install_ansible() - Install and Configure Ansible program function _install_ansible { - mkdir -p /etc/ansible/ - cat <<EOL > /etc/ansible/ansible.cfg -[defaults] -host_key_checking = false -EOL + sudo mkdir -p /etc/ansible/ if $(ansible --version &>/dev/null); then return fi _install_pip - pip install ansible + sudo -E pip install ansible } # _install_docker() - Download and install docker-engine @@ -75,36 +55,33 @@ function _install_docker { if $(docker version &>/dev/null); then return fi - apt-get install -y software-properties-common linux-image-extra-$(uname -r) linux-image-extra-virtual apt-transport-https ca-certificates curl + sudo apt-get install -y software-properties-common linux-image-extra-$(uname -r) linux-image-extra-virtual apt-transport-https ca-certificates curl curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" - apt-get update - apt-get install -y docker-ce + sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" + sudo apt-get update + sudo apt-get install -y docker-ce - mkdir -p /etc/systemd/system/docker.service.d + sudo mkdir -p /etc/systemd/system/docker.service.d if [ $http_proxy ]; then - cat <<EOL > /etc/systemd/system/docker.service.d/http-proxy.conf -[Service] -Environment="HTTP_PROXY=$http_proxy" -EOL + echo "[Service]" | sudo tee /etc/systemd/system/docker.service.d/http-proxy.conf + echo "Environment=\"HTTP_PROXY=$http_proxy\"" | sudo tee --append /etc/systemd/system/docker.service.d/http-proxy.conf fi if [ $https_proxy ]; then - cat <<EOL > /etc/systemd/system/docker.service.d/https-proxy.conf -[Service] -Environment="HTTPS_PROXY=$https_proxy" -EOL + echo "[Service]" | sudo tee /etc/systemd/system/docker.service.d/https-proxy.conf + echo "Environment=\"HTTPS_PROXY=$https_proxy\"" | sudo tee --append /etc/systemd/system/docker.service.d/https-proxy.conf fi if [ $no_proxy ]; then - cat <<EOL > /etc/systemd/system/docker.service.d/no-proxy.conf -[Service] -Environment="NO_PROXY=$no_proxy" -EOL + echo "[Service]" | sudo tee /etc/systemd/system/docker.service.d/no-proxy.conf + echo "Environment=\"NO_PROXY=$no_proxy\"" | sudo tee --append /etc/systemd/system/docker.service.d/no-proxy.conf + fi + sudo systemctl daemon-reload + echo "DOCKER_OPTS=\"-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --max-concurrent-downloads $max_concurrent_downloads \"" | sudo tee --append /etc/default/docker + if [[ -z $(groups | grep docker) ]]; then + sudo usermod -aG docker $USER + newgrp docker fi - systemctl daemon-reload - echo "DOCKER_OPTS=\"-H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --max-concurrent-downloads $max_concurrent_downloads \"" >> /etc/default/docker - usermod -aG docker $USER - systemctl restart docker + sudo systemctl restart docker sleep 10 } @@ -113,48 +90,51 @@ function install_k8s { echo "Deploying kubernetes" local dest_folder=/opt version=$(grep "kubespray_version" ${krd_playbooks}/krd-vars.yml | awk -F ': ' '{print $2}') + local_release_dir=$(grep "local_release_dir" $krd_inventory_folder/group_vars/k8s-cluster.yml | awk -F "\"" '{print $2}') local tarball=v$version.tar.gz - apt-get install -y sshpass + sudo apt-get install -y sshpass + _install_docker _install_ansible wget https://github.com/kubernetes-incubator/kubespray/archive/$tarball - tar -C $dest_folder -xzf $tarball + sudo tar -C $dest_folder -xzf $tarball + sudo mv $dest_folder/kubespray-$version/ansible.cfg /etc/ansible/ansible.cfg + sudo chown -R $USER $dest_folder/kubespray-$version + sudo mkdir -p ${local_release_dir}/containers rm $tarball - pushd $dest_folder/kubespray-$version - pip install -r requirements.txt - rm -f $krd_inventory_folder/group_vars/all.yml 2> /dev/null - if [[ -n "${verbose+x}" ]]; then - echo "kube_log_level: 5" >> $krd_inventory_folder/group_vars/all.yml - else - echo "kube_log_level: 2" >> $krd_inventory_folder/group_vars/all.yml - fi - if [[ -n "${http_proxy+x}" ]]; then - echo "http_proxy: \"$http_proxy\"" >> $krd_inventory_folder/group_vars/all.yml - fi - if [[ -n "${https_proxy+x}" ]]; then - echo "https_proxy: \"$https_proxy\"" >> $krd_inventory_folder/group_vars/all.yml - fi - ansible-playbook $verbose -i $krd_inventory cluster.yml -b | tee $log_folder/setup-kubernetes.log - popd + sudo -E pip install -r $dest_folder/kubespray-$version/requirements.txt + rm -f $krd_inventory_folder/group_vars/all.yml 2> /dev/null + if [[ -n "${verbose}" ]]; then + echo "kube_log_level: 5" | tee $krd_inventory_folder/group_vars/all.yml + else + echo "kube_log_level: 2" | tee $krd_inventory_folder/group_vars/all.yml + fi + echo "kubeadm_enabled: true" | tee --append $krd_inventory_folder/group_vars/all.yml + if [[ -n "${http_proxy}" ]]; then + echo "http_proxy: \"$http_proxy\"" | tee --append $krd_inventory_folder/group_vars/all.yml + fi + if [[ -n "${https_proxy}" ]]; then + echo "https_proxy: \"$https_proxy\"" | tee --append $krd_inventory_folder/group_vars/all.yml + fi + ansible-playbook $verbose -i $krd_inventory $dest_folder/kubespray-$version/cluster.yml --become --become-user=root | sudo tee $log_folder/setup-kubernetes.log # Configure environment mkdir -p $HOME/.kube - mv $krd_inventory_folder/artifacts/admin.conf $HOME/.kube/config + cp $krd_inventory_folder/artifacts/admin.conf $HOME/.kube/config } # install_addons() - Install Kubenertes AddOns function install_addons { echo "Installing Kubernetes AddOns" - apt-get install -y sshpass _install_ansible - ansible-galaxy install -r $krd_folder/galaxy-requirements.yml --ignore-errors + sudo ansible-galaxy install $verbose -r $krd_folder/galaxy-requirements.yml --ignore-errors - ansible-playbook $verbose -i $krd_inventory $krd_playbooks/configure-krd.yml | tee $log_folder/setup-krd.log - for addon in $addons; do + ansible-playbook $verbose -i $krd_inventory $krd_playbooks/configure-krd.yml | sudo tee $log_folder/setup-krd.log + for addon in ${KRD_ADDONS:-virtlet ovn4nfv}; do echo "Deploying $addon using configure-$addon.yml playbook.." - ansible-playbook $verbose -i $krd_inventory $krd_playbooks/configure-${addon}.yml | tee $log_folder/setup-${addon}.log - if [[ -n "${testing_enabled+x}" ]]; then + ansible-playbook $verbose -i $krd_inventory $krd_playbooks/configure-${addon}.yml | sudo tee $log_folder/setup-${addon}.log + if [[ "${testing_enabled}" == "true" ]]; then pushd $krd_tests bash ${addon}.sh popd @@ -167,18 +147,16 @@ function install_plugin { echo "Installing multicloud/k8s plugin" _install_go _install_docker - pip install docker-compose + sudo -E pip install docker-compose - mkdir -p /opt/{kubeconfig,consul/config} - cp $HOME/.kube/config /opt/kubeconfig/krd + sudo mkdir -p /opt/{kubeconfig,consul/config} + sudo cp $HOME/.kube/config /opt/kubeconfig/krd export KUBE_CONFIG_DIR=/opt/kubeconfig - echo "export KUBE_CONFIG_DIR=${KUBE_CONFIG_DIR}" >> /etc/environment + echo "export KUBE_CONFIG_DIR=${KUBE_CONFIG_DIR}" | sudo tee --append /etc/environment - GOPATH=$(go env GOPATH) - pushd $GOPATH/src/k8-plugin-multicloud/deployments - ./build.sh - - if [[ -n "${testing_enabled+x}" ]]; then + pushd $krd_folder/../deployments + sudo ./build.sh + if [[ "${testing_enabled}" == "true" ]]; then docker-compose up -d pushd $krd_tests for functional_test in plugin plugin_edgex; do @@ -207,57 +185,47 @@ function _print_kubernetes_info { echo "Admin password: secret" >> $k8s_info_file } -# Configuration values -addons="virtlet ovn-kubernetes multus" -krd_folder="$(dirname "$0")" -verbose="" +if ! sudo -n "true"; then + echo "" + echo "passwordless sudo is needed for '$(id -nu)' user." + echo "Please fix your /etc/sudoers file. You likely want an" + echo "entry like the following one..." + echo "" + echo "$(id -nu) ALL=(ALL) NOPASSWD: ALL" + exit 1 +fi + +if [[ -n "${KRD_DEBUG}" ]]; then + set -o xtrace + verbose="-vvv" +fi -while getopts "a:pvw:t" opt; do - case $opt in - a) - addons="$OPTARG" - ;; - p) - plugin_enabled="true" - ;; - v) - set -o xtrace - verbose="-vvv" - ;; - w) - krd_folder="$OPTARG" - ;; - t) - testing_enabled="true" - ;; - ?) - usage - exit - ;; - esac -done +# Configuration values log_folder=/var/log/krd -krd_inventory_folder=$krd_folder/inventory +krd_folder=$(pwd) +export krd_inventory_folder=$krd_folder/inventory krd_inventory=$krd_inventory_folder/hosts.ini krd_playbooks=$krd_folder/playbooks krd_tests=$krd_folder/tests k8s_info_file=$krd_folder/k8s_info.log +testing_enabled=${KRD_ENABLE_TESTS:-false} -mkdir -p $log_folder -mkdir -p /opt/csar +sudo mkdir -p $log_folder +sudo mkdir -p /opt/csar +sudo chown -R $USER /opt/csar export CSAR_DIR=/opt/csar -echo "export CSAR_DIR=${CSAR_DIR}" >> /etc/environment +echo "export CSAR_DIR=${CSAR_DIR}" | sudo tee --append /etc/environment # Install dependencies # Setup proxy variables if [ -f $krd_folder/sources.list ]; then - mv /etc/apt/sources.list /etc/apt/sources.list.backup - cp $krd_folder/sources.list /etc/apt/sources.list + sudo mv /etc/apt/sources.list /etc/apt/sources.list.backup + sudo cp $krd_folder/sources.list /etc/apt/sources.list fi -apt-get update +sudo apt-get update install_k8s install_addons -if [[ -n "${plugin_enabled+x}" ]]; then +if [[ "${KRD_PLUGIN_ENABLED:-false}" ]]; then install_plugin fi _print_kubernetes_info diff --git a/vagrant/inventory/group_vars/k8s-cluster.yml b/vagrant/inventory/group_vars/k8s-cluster.yml index f038d4f2..4de3a276 100644 --- a/vagrant/inventory/group_vars/k8s-cluster.yml +++ b/vagrant/inventory/group_vars/k8s-cluster.yml @@ -57,7 +57,7 @@ kubeconfig_localhost: true local_volumes_enabled: true ## Change this to use another Kubernetes version, e.g. a current beta release -kube_version: v1.11.3 +kube_version: v1.12.3 # Helm deployment helm_enabled: true @@ -66,4 +66,17 @@ helm_enabled: true # NOTE: Ipvs is based on netfilter hook function, but uses hash table as the underlying data structure and # works in the kernel space # https://kubernetes.io/docs/concepts/services-networking/service/#proxy-mode-ipvs -kube_proxy_mode: ipvs +#kube_proxy_mode: ipvs + +# Download container images only once then push to cluster nodes in batches +download_run_once: true + +# Where the binaries will be downloaded. +# Note: ensure that you've enough disk space (about 1G) +local_release_dir: "/tmp/releases" + +# Makes the installer node a delegate for pushing images while running +# the deployment with ansible. This maybe the case if cluster nodes +# cannot access each over via ssh or you want to use local docker +# images as a cache for multiple clusters. +download_localhost: true diff --git a/vagrant/playbooks/configure-istio.yml b/vagrant/playbooks/configure-istio.yml index 25a343f0..2bd4e853 100644 --- a/vagrant/playbooks/configure-istio.yml +++ b/vagrant/playbooks/configure-istio.yml @@ -9,15 +9,15 @@ ############################################################################## - hosts: localhost - become: yes pre_tasks: - name: Load krd variables include_vars: file: krd-vars.yml roles: - - andrewrothstein.kubectl + - role: andrewrothstein.kubectl + kubectl_ver: "v{{ kubectl_version }}" - role: andrewrothstein.kubernetes-helm - kubernetes_helm_ver: v2.9.1 + kubernetes_helm_ver: "v{{ helm_client_version }}" tasks: - name: create istio folder file: @@ -35,6 +35,7 @@ dest: "{{ istio_dest }}" remote_src: yes - name: copy istioctl binary to usr/local/bin folder + become: yes command: "mv {{ istio_dest }}/istio-{{ istio_version }}/bin/istioctl /usr/local/bin/" when: istio_source_type == "tarball" - name: create network objects diff --git a/vagrant/playbooks/configure-krd.yml b/vagrant/playbooks/configure-krd.yml index c8146ed8..22e6419f 100644 --- a/vagrant/playbooks/configure-krd.yml +++ b/vagrant/playbooks/configure-krd.yml @@ -12,5 +12,5 @@ tasks: - name: copy admin.conf file to kube-nodes copy: - src: "{{ ansible_env.HOME}}/.kube/config" + src: "{{ lookup('env','krd_inventory_folder') }}/artifacts/admin.conf" dest: "/etc/kubernetes/admin.conf" diff --git a/vagrant/playbooks/configure-multus.yml b/vagrant/playbooks/configure-multus.yml index 33e72757..23fe546a 100644 --- a/vagrant/playbooks/configure-multus.yml +++ b/vagrant/playbooks/configure-multus.yml @@ -14,7 +14,9 @@ include_vars: file: krd-vars.yml roles: - - { role: andrewrothstein.go, when: multus_source_type == "source" } + - role: andrewrothstein.go + go_ver: "{{ go_version }}" + when: multus_source_type == "source" environment: PATH: "{{ ansible_env.PATH }}:/usr/local/go/bin/" tasks: @@ -78,8 +80,13 @@ } - hosts: localhost + pre_tasks: + - name: Load krd variables + include_vars: + file: krd-vars.yml roles: - - andrewrothstein.kubectl + - role: andrewrothstein.kubectl + kubectl_ver: "v{{ kubectl_version }}" tasks: - name: define a CRD network object specification blockinfile: diff --git a/vagrant/playbooks/configure-nfd.yml b/vagrant/playbooks/configure-nfd.yml index 90bad671..d47a7bcc 100644 --- a/vagrant/playbooks/configure-nfd.yml +++ b/vagrant/playbooks/configure-nfd.yml @@ -46,9 +46,13 @@ - node-feature-discovery-daemonset.json.template - hosts: localhost - become: yes + pre_tasks: + - name: Load krd variables + include_vars: + file: krd-vars.yml roles: - - andrewrothstein.kubectl + - role: andrewrothstein.kubectl + kubectl_ver: "v{{ kubectl_version }}" tasks: - name: create service accounts command: "/usr/local/bin/kubectl apply -f /tmp/{{ item }}" diff --git a/vagrant/playbooks/configure-ovn-kubernetes.yml b/vagrant/playbooks/configure-ovn-kubernetes.yml index cea102f2..e3042ff4 100644 --- a/vagrant/playbooks/configure-ovn-kubernetes.yml +++ b/vagrant/playbooks/configure-ovn-kubernetes.yml @@ -14,8 +14,13 @@ central_node_ip: "{{ hostvars[groups['ovn-central'][0]]['ansible_ssh_host'] }}" environment: PATH: "{{ ansible_env.PATH }}:/usr/local/go/bin/" + pre_tasks: + - name: Load krd variables + include_vars: + file: krd-vars.yml roles: - role: andrewrothstein.go + go_ver: "{{ go_version }}" tasks: - name: Load krd variables include_vars: diff --git a/vagrant/playbooks/configure-ovn4nfv.yml b/vagrant/playbooks/configure-ovn4nfv.yml new file mode 100644 index 00000000..c864b8c3 --- /dev/null +++ b/vagrant/playbooks/configure-ovn4nfv.yml @@ -0,0 +1,98 @@ +--- +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2018 +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +- import_playbook: configure-ovn.yml +- import_playbook: configure-multus.yml + +- hosts: kube-master:kube-node + environment: + PATH: "{{ ansible_env.PATH }}:/usr/local/go/bin/" + roles: + - role: andrewrothstein.go + tasks: + - name: Load krd variables + include_vars: + file: krd-vars.yml + - name: clone ovn4nfv-k8s-plugin repo + git: + repo: "{{ ovn4nfv_url }}" + dest: "{{ ovn4nfv_dest }}" + version: "{{ ovn4nfv_version }}" + force: yes + when: ovn4nfv_source_type == "source" + - name: clean ovn4nfvk8s left over files + make: + chdir: "{{ ovn4nfv_dest }}" + target: clean + - name: build ovn4nfvk8s-cni + make: + chdir: "{{ ovn4nfv_dest }}" + target: ovn4nfvk8s-cni + become: yes + environment: + GOPATH: "{{ go_path }}" + - name: copy ovn4nfvk8s-cni to cni folder + command: "mv {{ ovn4nfv_dest }}/ovn4nfvk8s-cni /opt/cni/bin/ovn4nfvk8s-cni" + become: yes + - name: create ovn4k8s config file + become: yes + blockinfile: + path: /etc/openvswitch/ovn4nfv_k8s.conf + create: yes + block: | + [logging] + loglevel=5 + logfile=/var/log/openvswitch/ovn4k8s.log + + [cni] + conf-dir=/etc/cni/net.d + plugin=ovn4nfvk8s-cni + + [kubernetes] + kubeconfig=/etc/kubernetes/admin.conf + - name: create ovnkube logging directory + file: + path: /var/log/openvswitch + state: directory + +- hosts: kube-master + environment: + PATH: "{{ ansible_env.PATH }}:/usr/local/go/bin/" + become: yes + tasks: + - name: Load krd variables + include_vars: + file: krd-vars.yml + - name: build ovn4nfvk8s + make: + chdir: "{{ ovn4nfv_dest }}" + target: ovn4nfvk8s + environment: + GOPATH: "{{ go_path }}" + - name: copy ovn4nfvk8s to /usr/bin folder + command: "mv {{ ovn4nfv_dest }}/ovn4nfvk8s /usr/bin/ovn4nfvk8s" + - name: create ovn4nfvk8s systemd service + blockinfile: + path: /etc/systemd/system/ovn4nfvk8s.service + create: yes + block: | + [Unit] + Description=OVN4NFV Kubernetes Daemon + + [Service] + ExecStart=/usr/bin/ovn4nfvk8s \ + -k8s-kubeconfig=/etc/kubernetes/admin.conf + + [Install] + WantedBy=multi-user.target + - name: start ovn4nfvk8s systemd service + service: + name: ovn4nfvk8s + state: started + enabled: yes diff --git a/vagrant/playbooks/configure-virtlet.yml b/vagrant/playbooks/configure-virtlet.yml index 98aa74cc..66deb5cb 100644 --- a/vagrant/playbooks/configure-virtlet.yml +++ b/vagrant/playbooks/configure-virtlet.yml @@ -8,7 +8,6 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## - hosts: localhost - become: yes vars: images_file: /tmp/images.yaml pre_tasks: @@ -16,8 +15,10 @@ include_vars: file: krd-vars.yml roles: - - andrewrothstein.kubectl - - { role: geerlingguy.docker, when: virtlet_source_type == "source" } + - role: andrewrothstein.kubectl + kubectl_ver: "v{{ kubectl_version }}" + - role: geerlingguy.docker + when: virtlet_source_type == "source" tasks: - name: create Virtlet binary folder file: @@ -65,10 +66,12 @@ - name: configure proxy values for docker service block: - name: create docker config folder + become: yes file: state: directory path: "/etc/systemd/system/docker.service.d" - name: Configure docker service to use http_proxy env value + become: yes blockinfile: dest: "/etc/systemd/system/docker.service.d/http-proxy.conf" create: yes @@ -78,6 +81,7 @@ when: - lookup('env','http_proxy') != "fooproxy" - name: Configure docker service to use https_proxy env value + become: yes blockinfile: dest: "/etc/systemd/system/docker.service.d/https-proxy.conf" create: yes @@ -87,6 +91,7 @@ when: - lookup('env','https_proxy') != "fooproxy" - name: Configure docker service to use no_proxy env value + become: yes blockinfile: dest: "/etc/systemd/system/docker.service.d/no-proxy.conf" create: yes @@ -96,8 +101,10 @@ when: - lookup('env','no_proxy') != "fooproxy" - name: reload systemd + become: yes command: systemctl daemon-reload - name: restart docker service + become: yes service: name: docker state: restarted @@ -134,7 +141,6 @@ delay: 10 - hosts: virtlet - become: yes tasks: - name: Load krd variables include_vars: @@ -144,18 +150,21 @@ state: directory path: "{{ criproxy_dest }}" - name: disable AppArmor in all nodes + become: yes service: name: apparmor state: stopped enabled: no when: ansible_os_family == "Debian" - name: modify args for kubelet service + become: yes lineinfile: dest: /etc/systemd/system/kubelet.service line: " --container-runtime=remote --container-runtime-endpoint=unix:///run/criproxy.sock --image-service-endpoint=unix:///run/criproxy.sock --enable-controller-attach-detach=false \\" insertafter: '^ExecStart=/usr/local/bin/kubelet *' state: present - name: create dockershim service + become: yes blockinfile: path: /etc/systemd/system/dockershim.service create: yes @@ -208,6 +217,7 @@ path: "{{ criproxy_dest }}/criproxy" mode: "+x" - name: create criproxy service + become: yes blockinfile: path: /etc/systemd/system/criproxy.service create: yes @@ -224,6 +234,7 @@ [Install] WantedBy=kubelet.service - name: start criproxy and dockershim services + become: yes service: name: "{{ item }}" state: started @@ -232,6 +243,7 @@ - dockershim - criproxy - name: restart kubelet services + become: yes service: name: kubelet state: restarted diff --git a/vagrant/playbooks/krd-vars.yml b/vagrant/playbooks/krd-vars.yml index 9c2de308..15b7a1a4 100644 --- a/vagrant/playbooks/krd-vars.yml +++ b/vagrant/playbooks/krd-vars.yml @@ -11,12 +11,12 @@ base_dest: /tmp multus_dest: "{{ base_dest }}/multus-cni" -multus_source_type: "tarball" -multus_version: 3.1 -multus_url: "https://github.com/intel/multus-cni/releases/download/v{{ multus_version }}/multus-cni_v{{ multus_version }}_linux_amd64.tar.gz" -#multus_source_type: "source" -#multus_version: def72938cd2fb272eb3a6f64a8162b1049404357 -#multus_url: "https://github.com/intel/multus-cni" +#multus_source_type: "tarball" +#multus_version: 3.1 +#multus_url: "https://github.com/intel/multus-cni/releases/download/v{{ multus_version }}/multus-cni_v{{ multus_version }}_linux_amd64.tar.gz" +multus_source_type: "source" +multus_version: 366f2120cb88c85deab6343b7062fd38fdb0ece9 +multus_url: "https://github.com/ritusood/multus-cni" ovn_kubernetes_dest: "{{ base_dest }}/ovn-kubernetes" ovn_kubernetes_source_type: "tarball" @@ -35,7 +35,7 @@ criproxy_url: "https://github.com/Mirantis/criproxy/releases/download/v{{ cripro #criproxy_url: "https://github.com/Mirantis/criproxy" virtlet_dest: "{{ base_dest }}/virtlet" virtlet_source_type: "binary" -virtlet_version: 1.4.1 +virtlet_version: 1.4.2 virtlet_url: "https://github.com/Mirantis/virtlet/releases/download/v{{ virtlet_version }}/virtletctl" #virtlet_source_type: "source" #virtlet_version: 68e11b8f1db2c78b063126899f0e60910700975d @@ -51,5 +51,13 @@ istio_source_type: "tarball" istio_version: 1.0.3 istio_url: "https://github.com/istio/istio/releases/download/{{ istio_version }}/istio-{{ istio_version }}-linux.tar.gz" -go_version: 1.11.1 -kubespray_version: 2.7.0 +go_path: "{{ base_dest }}/go" +ovn4nfv_dest: "{{ go_path }}/src/ovn4nfv-k8s-plugin" +ovn4nfv_source_type: "source" +ovn4nfv_version: 5026d1d89b05eac5e004279b742df6745a73d93a +ovn4nfv_url: "https://git.opnfv.org/ovn4nfv-k8s-plugin/" + +go_version: '1.11' +kubespray_version: 2.8.0 +kubectl_version: 1.11.2 +helm_client_version: 2.9.1 diff --git a/vagrant/setup.sh b/vagrant/setup.sh index c8fe2e28..674462e7 100755 --- a/vagrant/setup.sh +++ b/vagrant/setup.sh @@ -11,7 +11,7 @@ set -o nounset set -o pipefail -vagrant_version=2.2.0 +vagrant_version=2.2.2 if ! $(vagrant version &>/dev/null); then enable_vagrant_install=true else @@ -177,9 +177,10 @@ modprobe vhost_net ${INSTALLER_CMD} ${packages[@]} if ! which pip; then curl -sL https://bootstrap.pypa.io/get-pip.py | sudo python +else + sudo -H -E pip install --upgrade pip fi -sudo -H pip install --upgrade pip -sudo -H pip install tox +sudo -H -E pip install tox if [[ ${http_proxy+x} ]]; then vagrant plugin install vagrant-proxyconf fi diff --git a/vagrant/tests/_common.sh b/vagrant/tests/_common.sh index ac226da0..620c00af 100755 --- a/vagrant/tests/_common.sh +++ b/vagrant/tests/_common.sh @@ -21,6 +21,27 @@ virtlet_image=virtlet.cloud/fedora virtlet_deployment_name=virtlet-deployment plugin_deployment_name=plugin-deployment plugin_service_name=plugin-service +ovn4nfv_deployment_name=ovn4nfv-deployment +onap_private_net=onap-private-net +unprotected_private_net=unprotected-private-net +protected_private_net=protected-private-net +ovn_multus_network_name=ovn-networkobj + +# vFirewall vars +demo_artifacts_version=1.3.0 +vfw_private_ip_0='192.168.10.3' +vfw_private_ip_1='192.168.20.2' +vfw_private_ip_2='10.10.100.3' +vpg_private_ip_0='192.168.10.2' +vpg_private_ip_1='10.0.100.2' +vsn_private_ip_0='192.168.20.3' +vsn_private_ip_1='10.10.100.4' +dcae_collector_ip='10.0.4.1' +dcae_collector_port='8081' +protected_net_gw='192.168.20.100' +protected_net_cidr='192.168.20.0/24' +protected_private_net_cidr='192.168.10.0/24' +onap_private_net_cidr='10.10.0.0/16' # populate_CSAR_containers_vFW() - This function creates the content of CSAR file # required for vFirewal using only containers @@ -33,59 +54,59 @@ function populate_CSAR_containers_vFW { cat << META > metadata.yaml resources: network: - - unprotected-private-net-cidr-network.yaml - - protected-private-net-cidr-network.yaml - - onap-private-net-cidr-network.yaml + - $unprotected_private_net.yaml + - $protected_private_net.yaml + - $onap_private_net.yaml deployment: - $packetgen_deployment_name.yaml - $firewall_deployment_name.yaml - $sink_deployment_name.yaml META - cat << NET > unprotected-private-net-cidr-network.yaml + cat << NET > $unprotected_private_net.yaml apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: unprotected-private-net-cidr + name: $unprotected_private_net spec: config: '{ "name": "unprotected", "type": "bridge", "ipam": { "type": "host-local", - "subnet": "192.168.10.0/24" + "subnet": "$protected_private_net_cidr" } }' NET - cat << NET > protected-private-net-cidr-network.yaml + cat << NET > $protected_private_net.yaml apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: protected-private-net-cidr + name: $protected_private_net spec: config: '{ "name": "protected", "type": "bridge", "ipam": { "type": "host-local", - "subnet": "192.168.20.0/24" + "subnet": "$protected_net_cidr" } }' NET - cat << NET > onap-private-net-cidr-network.yaml + cat << NET > $onap_private_net.yaml apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: onap-private-net-cidr + name: $onap_private_net spec: config: '{ "name": "onap", "type": "bridge", "ipam": { "type": "host-local", - "subnet": "10.10.0.0/16" + "subnet": "$onap_private_net_cidr" } }' NET @@ -108,8 +129,8 @@ spec: app: vFirewall annotations: k8s.v1.cni.cncf.io/networks: '[ - { "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" }, - { "name": "onap-private-net-cidr", "interfaceRequest": "eth2" } + { "name": "$unprotected_private_net", "interfaceRequest": "eth1" }, + { "name": "$onap_private_net", "interfaceRequest": "eth2" } ]' spec: containers: @@ -141,9 +162,9 @@ spec: app: vFirewall annotations: k8s.v1.cni.cncf.io/networks: '[ - { "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" }, - { "name": "protected-private-net-cidr", "interfaceRequest": "eth2" }, - { "name": "onap-private-net-cidr", "interfaceRequest": "eth3" } + { "name": "$unprotected_private_net", "interfaceRequest": "eth1" }, + { "name": "$protected_private_net", "interfaceRequest": "eth2" }, + { "name": "$onap_private_net", "interfaceRequest": "eth3" } ]' spec: containers: @@ -166,14 +187,16 @@ spec: selector: matchLabels: app: vFirewall + context: darkstat template: metadata: labels: app: vFirewall + context: darkstat annotations: k8s.v1.cni.cncf.io/networks: '[ - { "name": "protected-private-net-cidr", "interfaceRequest": "eth1" }, - { "name": "onap-private-net-cidr", "interfaceRequest": "eth2" } + { "name": "$protected_private_net", "interfaceRequest": "eth1" }, + { "name": "$onap_private_net", "interfaceRequest": "eth2" } ]' spec: containers: @@ -182,6 +205,15 @@ spec: imagePullPolicy: IfNotPresent tty: true stdin: true + securityContext: + privileged: true + - name: darkstat + image: electrocucaracha/darkstat + imagePullPolicy: IfNotPresent + tty: true + stdin: true + ports: + - containerPort: 667 DEPLOYMENT popd } @@ -199,17 +231,17 @@ function populate_CSAR_vms_containers_vFW { cat << META > metadata.yaml resources: network: - - unprotected-private-net-cidr-network.yaml - - protected-private-net-cidr-network.yaml - - onap-private-net-cidr-network.yaml + - onap-ovn4nfvk8s-network.yaml + onapNetwork: + - $unprotected_private_net.yaml + - $protected_private_net.yaml + - $onap_private_net.yaml deployment: - $packetgen_deployment_name.yaml - $firewall_deployment_name.yaml - $sink_deployment_name.yaml service: - sink-service.yaml - ingress: - - sink-ingress.yaml META cat << SERVICE > sink-service.yaml @@ -217,8 +249,6 @@ apiVersion: v1 kind: Service metadata: name: sink-service - labels: - app: vFirewall spec: type: NodePort ports: @@ -229,71 +259,66 @@ spec: context: darkstat SERVICE - cat << INGRESS > sink-ingress.yaml -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: sink-ingress -spec: - rules: - - host: sink.vfirewall.demo.com - http: - paths: - - backend: - serviceName: sink-service - servicePort: 667 -INGRESS - - cat << NET > unprotected-private-net-cidr-network.yaml + cat << MULTUS_NET > onap-ovn4nfvk8s-network.yaml apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: unprotected-private-net-cidr + name: $ovn_multus_network_name spec: config: '{ - "name": "unprotected", - "type": "bridge", - "ipam": { - "type": "host-local", - "subnet": "192.168.10.0/24" - } -}' + "cniVersion": "0.3.1", + "name": "ovn4nfv-k8s-plugin", + "type": "ovn4nfvk8s-cni" + }' +MULTUS_NET + + cat << NET > $unprotected_private_net.yaml +apiVersion: v1 +kind: onapNetwork +metadata: + name: $unprotected_private_net + cnitype : ovn4nfvk8s +spec: + name: $unprotected_private_net + subnet: $protected_private_net_cidr + gateway: 192.168.10.1/24 NET - cat << NET > protected-private-net-cidr-network.yaml -apiVersion: "k8s.cni.cncf.io/v1" -kind: NetworkAttachmentDefinition + cat << NET > $protected_private_net.yaml +apiVersion: v1 +kind: onapNetwork metadata: - name: protected-private-net-cidr + name: $protected_private_net + cnitype : ovn4nfvk8s spec: - config: '{ - "name": "protected", - "type": "bridge", - "ipam": { - "type": "host-local", - "subnet": "192.168.20.0/24" - } -}' + name: $protected_private_net + subnet: $protected_net_cidr + gateway: $protected_net_gw/24 NET - cat << NET > onap-private-net-cidr-network.yaml -apiVersion: "k8s.cni.cncf.io/v1" -kind: NetworkAttachmentDefinition + cat << NET > $onap_private_net.yaml +apiVersion: v1 +kind: onapNetwork metadata: - name: onap-private-net-cidr + name: $onap_private_net + cnitype : ovn4nfvk8s spec: - config: '{ - "name": "onap", - "type": "bridge", - "ipam": { - "type": "host-local", - "subnet": "10.10.0.0/16" - } -}' + name: $onap_private_net + subnet: $onap_private_net_cidr + gateway: 10.10.0.1/16 NET proxy="apt:" - cloud_init_proxy="" + cloud_init_proxy=" + - export demo_artifacts_version=$demo_artifacts_version + - export vfw_private_ip_0=$vfw_private_ip_0 + - export vsn_private_ip_0=$vsn_private_ip_0 + - export protected_net_cidr=$protected_net_cidr + - export dcae_collector_ip=$dcae_collector_ip + - export dcae_collector_port=$dcae_collector_port + - export protected_net_gw=$protected_net_gw + - export protected_private_net_cidr=$protected_private_net_cidr +" if [[ -n "${http_proxy+x}" ]]; then proxy+=" http_proxy: $http_proxy" @@ -350,9 +375,10 @@ spec: VirtletSSHKeys: | $ssh_key VirtletRootVolumeSize: 5Gi - k8s.v1.cni.cncf.io/networks: '[ - { "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" }, - { "name": "onap-private-net-cidr", "interfaceRequest": "eth2" } + k8s.v1.cni.cncf.io/networks: '[{ "name": "$ovn_multus_network_name"}]' + ovnNetwork: '[ + { "name": "$unprotected_private_net", "ipAddress": "$vpg_private_ip_0", "interface": "eth1" , "defaultGateway": "false"}, + { "name": "$onap_private_net", "ipAddress": "$vpg_private_ip_1", "interface": "eth2" , "defaultGateway": "false"} ]' kubernetes.io/target-runtime: virtlet.cloud spec: @@ -417,10 +443,11 @@ spec: VirtletSSHKeys: | $ssh_key VirtletRootVolumeSize: 5Gi - k8s.v1.cni.cncf.io/networks: '[ - { "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" }, - { "name": "protected-private-net-cidr", "interfaceRequest": "eth2" }, - { "name": "onap-private-net-cidr", "interfaceRequest": "eth3" } + k8s.v1.cni.cncf.io/networks: '[{ "name": "$ovn_multus_network_name"}]' + ovnNetwork: '[ + { "name": "$unprotected_private_net", "ipAddress": "$vfw_private_ip_0", "interface": "eth1" , "defaultGateway": "false"}, + { "name": "$protected_private_net", "ipAddress": "$vfw_private_ip_1", "interface": "eth2", "defaultGateway": "false" }, + { "name": "$onap_private_net", "ipAddress": "$vfw_private_ip_2", "interface": "eth3" , "defaultGateway": "false"} ]' kubernetes.io/target-runtime: virtlet.cloud spec: @@ -463,9 +490,10 @@ spec: app: vFirewall context: darkstat annotations: - k8s.v1.cni.cncf.io/networks: '[ - { "name": "protected-private-net-cidr", "interfaceRequest": "eth1" }, - { "name": "onap-private-net-cidr", "interfaceRequest": "eth2" } + k8s.v1.cni.cncf.io/networks: '[{ "name": "$ovn_multus_network_name"}]' + ovnNetwork: '[ + { "name": "$protected_private_net", "ipAddress": "$vsn_private_ip_0", "interface": "eth1", "defaultGateway": "false" }, + { "name": "$onap_private_net", "ipAddress": "$vsn_private_ip_1", "interface": "eth2" , "defaultGateway": "false"} ]' spec: containers: @@ -499,65 +527,74 @@ function populate_CSAR_vms_vFW { cat << META > metadata.yaml resources: network: - - unprotected-private-net-cidr-network.yaml - - protected-private-net-cidr-network.yaml - - onap-private-net-cidr-network.yaml + - $unprotected_private_net.yaml + - $protected_private_net.yaml + - $onap_private_net.yaml deployment: - $packetgen_deployment_name.yaml - $firewall_deployment_name.yaml - $sink_deployment_name.yaml META - cat << NET > unprotected-private-net-cidr-network.yaml + cat << NET > $unprotected_private_net.yaml apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: unprotected-private-net-cidr + name: $unprotected_private_net spec: config: '{ "name": "unprotected", "type": "bridge", "ipam": { "type": "host-local", - "subnet": "192.168.10.0/24" + "subnet": "$protected_private_net_cidr" } }' NET - cat << NET > protected-private-net-cidr-network.yaml + cat << NET > $protected_private_net.yaml apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: protected-private-net-cidr + name: $protected_private_net spec: config: '{ "name": "protected", "type": "bridge", "ipam": { "type": "host-local", - "subnet": "192.168.20.0/24" + "subnet": "$protected_net_cidr" } }' NET - cat << NET > onap-private-net-cidr-network.yaml + cat << NET > $onap_private_net.yaml apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: onap-private-net-cidr + name: $onap_private_net spec: config: '{ "name": "onap", "type": "bridge", "ipam": { "type": "host-local", - "subnet": "10.10.0.0/16" + "subnet": "$onap_private_net_cidr" } }' NET proxy="apt:" - cloud_init_proxy="" + cloud_init_proxy=" + - export demo_artifacts_version=$demo_artifacts_version + - export vfw_private_ip_0=$vfw_private_ip_0 + - export vsn_private_ip_0=$vsn_private_ip_0 + - export protected_net_cidr=$protected_net_cidr + - export dcae_collector_ip=$dcae_collector_ip + - export dcae_collector_port=$dcae_collector_port + - export protected_net_gw=$protected_net_gw + - export protected_private_net_cidr=$protected_private_net_cidr +" if [[ -n "${http_proxy+x}" ]]; then proxy+=" http_proxy: $http_proxy" @@ -615,8 +652,8 @@ spec: $ssh_key VirtletRootVolumeSize: 5Gi k8s.v1.cni.cncf.io/networks: '[ - { "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" }, - { "name": "onap-private-net-cidr", "interfaceRequest": "eth2" } + { "name": "$unprotected_private_net", "interfaceRequest": "eth1" }, + { "name": "$onap_private_net", "interfaceRequest": "eth2" } ]' kubernetes.io/target-runtime: virtlet.cloud spec: @@ -682,9 +719,9 @@ spec: $ssh_key VirtletRootVolumeSize: 5Gi k8s.v1.cni.cncf.io/networks: '[ - { "name": "unprotected-private-net-cidr", "interfaceRequest": "eth1" }, - { "name": "protected-private-net-cidr", "interfaceRequest": "eth2" }, - { "name": "onap-private-net-cidr", "interfaceRequest": "eth3" } + { "name": "$unprotected_private_net", "interfaceRequest": "eth1" }, + { "name": "$protected_private_net", "interfaceRequest": "eth2" }, + { "name": "$onap_private_net", "interfaceRequest": "eth3" } ]' kubernetes.io/target-runtime: virtlet.cloud spec: @@ -748,8 +785,8 @@ spec: $ssh_key VirtletRootVolumeSize: 5Gi k8s.v1.cni.cncf.io/networks: '[ - { "name": "protected-private-net-cidr", "interfaceRequest": "eth1" }, - { "name": "onap-private-net-cidr", "interfaceRequest": "eth2" } + { "name": "$protected_private_net", "interfaceRequest": "eth1" }, + { "name": "$onap_private_net", "interfaceRequest": "eth2" } ]' kubernetes.io/target-runtime: virtlet.cloud spec: @@ -805,7 +842,7 @@ spec: "type": "bridge", "ipam": { "type": "host-local", - "subnet": "10.10.0.0/16" + "subnet": "$onap_private_net_cidr" } }' NET @@ -972,3 +1009,88 @@ SERVICE popd } +# populate_CSAR_ovn4nfv() - Create content used for OVN4NFV functional test +function populate_CSAR_ovn4nfv { + local csar_id=$1 + + _checks_args $csar_id + pushd ${CSAR_DIR}/${csar_id} + + cat << META > metadata.yaml +resources: + onap_network: + - ovn-port-net.yaml + - ovn-priv-net.yaml + network: + - onap-ovn4nfvk8s-network.yaml + deployment: + - $ovn4nfv_deployment_name.yaml +META + + cat << MULTUS_NET > onap-ovn4nfvk8s-network.yaml +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: $ovn_multus_network_name +spec: + config: '{ + "cniVersion": "0.3.1", + "name": "ovn4nfv-k8s-plugin", + "type": "ovn4nfvk8s-cni" + }' +MULTUS_NET + + cat << NETWORK > ovn-port-net.yaml +apiVersion: v1 +kind: onapNetwork +metadata: + name: ovn-port-net + cnitype : ovn4nfvk8s +spec: + name: ovn-port-net + subnet: 172.16.33.0/24 + gateway: 172.16.33.1/24 +NETWORK + + cat << NETWORK > ovn-priv-net.yaml +apiVersion: v1 +kind: onapNetwork +metadata: + name: ovn-priv-net + cnitype : ovn4nfvk8s +spec: + name: ovn-priv-net + subnet: 172.16.44.0/24 + gateway: 172.16.44.1/24 +NETWORK + + cat << DEPLOYMENT > $ovn4nfv_deployment_name.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: $ovn4nfv_deployment_name + labels: + app: ovn4nfv +spec: + replicas: 1 + selector: + matchLabels: + app: ovn4nfv + template: + metadata: + labels: + app: ovn4nfv + annotations: + k8s.v1.cni.cncf.io/networks: '[{ "name": "$ovn_multus_network_name"}]' + ovnNetwork: '[{ "name": "ovn-port-net", "interface": "net0" , "defaultGateway": "false"}, + { "name": "ovn-priv-net", "interface": "net1" , "defaultGateway": "false"}]' + spec: + containers: + - name: $ovn4nfv_deployment_name + image: "busybox" + command: ["top"] + stdin: true + tty: true +DEPLOYMENT + popd +} diff --git a/vagrant/tests/_functions.sh b/vagrant/tests/_functions.sh index c359e729..fe69b07b 100755 --- a/vagrant/tests/_functions.sh +++ b/vagrant/tests/_functions.sh @@ -12,6 +12,66 @@ set -o errexit set -o nounset set -o pipefail +function _get_ovn_central_address { + ansible_ifconfig=$(ansible ovn-central[0] -i $test_folder/../inventory/hosts.ini -m shell -a "ifconfig eth1 |grep \"inet addr\" |awk '{print \$2}' |awk -F: '{print \$2}'") + if [[ $ansible_ifconfig != *CHANGED* ]]; then + echo "Fail to get the OVN central IP address from eth1 nic" + exit + fi + echo "$(echo ${ansible_ifconfig#*>>} | tr '\n' ':')6641" +} + +# install_ovn_deps() - Install dependencies required for tests that require OVN +function install_ovn_deps { + if ! $(yq --version &>/dev/null); then + sudo -E pip install yq + fi + if ! $(ovn-nbctl --version &>/dev/null); then + source /etc/os-release || source /usr/lib/os-release + case ${ID,,} in + *suse) + ;; + ubuntu|debian) + sudo apt-get install -y apt-transport-https + echo "deb https://packages.wand.net.nz $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/wand.list + sudo curl https://packages.wand.net.nz/keyring.gpg -o /etc/apt/trusted.gpg.d/wand.gpg + sudo apt-get update + sudo apt install -y ovn-common + ;; + rhel|centos|fedora) + ;; + esac + fi +} + +# init_network() - This function creates the OVN resouces required by the test +function init_network { + local fname=$1 + local router_name="ovn4nfv-master" + + name=$(cat $fname | yq '.spec.name' | xargs) + subnet=$(cat $fname | yq '.spec.subnet' | xargs) + gateway=$(cat $fname | yq '.spec.gateway' | xargs) + ovn_central_address=$(_get_ovn_central_address) + + router_mac=$(printf '00:00:00:%02X:%02X:%02X' $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256))) + ovn-nbctl --may-exist --db tcp:$ovn_central_address ls-add $name -- set logical_switch $name other-config:subnet=$subnet external-ids:gateway_ip=$gateway + ovn-nbctl --may-exist --db tcp:$ovn_central_address lrp-add $router_name rtos-$name $router_mac $gateway + ovn-nbctl --may-exist --db tcp:$ovn_central_address lsp-add $name stor-$name -- set logical_switch_port stor-$name type=router options:router-port=rtos-$name addresses=\"$router_mac\" +} + +# cleanup_network() - This function removes the OVN resources created for the test +function cleanup_network { + local fname=$1 + + name=$(cat $fname | yq '.spec.name' | xargs) + ovn_central_address=$(_get_ovn_central_address) + + for cmd in "ls-del $name" "lrp-del rtos-$name" "lsp-del stor-$name"; do + ovn-nbctl --if-exist --db tcp:$ovn_central_address $cmd + done +} + function _checks_args { if [[ -z $1 ]]; then echo "Missing CSAR ID argument" @@ -67,7 +127,7 @@ function setup { for deployment_name in $@; do recreate_deployment $deployment_name done - + sleep 5 for deployment_name in $@; do wait_deployment $deployment_name done diff --git a/vagrant/tests/integration_cFW.sh b/vagrant/tests/integration_cFW.sh index 0077c73d..92c280b9 100755 --- a/vagrant/tests/integration_cFW.sh +++ b/vagrant/tests/integration_cFW.sh @@ -21,8 +21,8 @@ csar_id=4f726e2a-b74a-11e8-ad7c-525400feed2 populate_CSAR_containers_vFW $csar_id pushd ${CSAR_DIR}/${csar_id} -for network in unprotected-private-net-cidr-network protected-private-net-cidr-network onap-private-net-cidr-network; do - kubectl apply -f $network.yaml +for resource in $unprotected_private_net $protected_private_net $onap_private_net; do + kubectl apply -f $resource.yaml done setup $packetgen_deployment_name $firewall_deployment_name $sink_deployment_name diff --git a/vagrant/tests/integration_vFW.sh b/vagrant/tests/integration_vFW.sh index e0f7075e..962f9f75 100755 --- a/vagrant/tests/integration_vFW.sh +++ b/vagrant/tests/integration_vFW.sh @@ -24,7 +24,7 @@ fi populate_CSAR_vms_vFW $csar_id pushd ${CSAR_DIR}/${csar_id} -for resource in unprotected-private-net-cidr-network protected-private-net-cidr-network onap-private-net-cidr-network; do +for resource in $unprotected_private_net $protected_private_net $onap_private_net; do kubectl apply -f $resource.yaml done setup $packetgen_deployment_name $firewall_deployment_name $sink_deployment_name diff --git a/vagrant/tests/integration_vcFW.sh b/vagrant/tests/integration_vcFW.sh index 4fadfa23..15cffcb8 100755 --- a/vagrant/tests/integration_vcFW.sh +++ b/vagrant/tests/integration_vcFW.sh @@ -18,13 +18,19 @@ source _functions.sh csar_id=aa443e7e-c8ba-11e8-8877-525400b164ff # Setup +install_ovn_deps if [[ ! -f $HOME/.ssh/id_rsa.pub ]]; then echo -e "\n\n\n" | ssh-keygen -t rsa -N "" fi populate_CSAR_vms_containers_vFW $csar_id pushd ${CSAR_DIR}/${csar_id} -for resource in unprotected-private-net-cidr-network protected-private-net-cidr-network onap-private-net-cidr-network sink-service sink-ingress; do +for net in $unprotected_private_net $protected_private_net $onap_private_net; do + cleanup_network $net.yaml + echo "Create OVN Network $net network" + init_network $net.yaml +done +for resource in onap-ovn4nfvk8s-network sink-service; do kubectl apply -f $resource.yaml done setup $packetgen_deployment_name $firewall_deployment_name $sink_deployment_name @@ -40,7 +46,10 @@ for deployment_name in $packetgen_deployment_name $firewall_deployment_name; do echo "=== Virtlet details ====" echo "$(kubectl plugin virt virsh dumpxml $vm | grep VIRTLET_)\n" done -popd # Teardown #teardown $packetgen_deployment_name $firewall_deployment_name $sink_deployment_name +#for net in $unprotected_private_net $protected_private_net $onap_private_net; do +# cleanup_network $net.yaml +#done +popd diff --git a/vagrant/tests/ovn4nfv.sh b/vagrant/tests/ovn4nfv.sh new file mode 100755 index 00000000..37fddfd8 --- /dev/null +++ b/vagrant/tests/ovn4nfv.sh @@ -0,0 +1,46 @@ +#!/bin/bash +############################################################################## +# Copyright (c) 2018 +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +set -o errexit +set -o nounset +set -o pipefail + +source _common.sh +source _functions.sh + +csar_id=a1c5b53e-d7ab-11e8-85b7-525400e8c29a + +# Setup +install_ovn_deps +populate_CSAR_ovn4nfv $csar_id + +pushd ${CSAR_DIR}/${csar_id} +for net in ovn-priv-net ovn-port-net; do + cleanup_network $net.yaml + echo "Create OVN Network $net network" + init_network $net.yaml +done +kubectl apply -f onap-ovn4nfvk8s-network.yaml +setup $ovn4nfv_deployment_name + +# Test +deployment_pod=$(kubectl get pods | grep $ovn4nfv_deployment_name | awk '{print $1}') +echo "===== $deployment_pod details =====" +kubectl exec -it $deployment_pod -- ip a +multus_nic=$(kubectl exec -it $deployment_pod -- ifconfig | grep "net1") +if [ -z "$multus_nic" ]; then + echo "The $deployment_pod pod doesn't contain the net1 nic" + exit 1 +fi + +# Teardown +teardown $ovn4nfv_deployment_name +cleanup_network ovn-priv-net.yaml +cleanup_network ovn-port-net.yaml +popd diff --git a/vagrant/tests/plugin.sh b/vagrant/tests/plugin.sh index 16d8d306..55be1686 100755 --- a/vagrant/tests/plugin.sh +++ b/vagrant/tests/plugin.sh @@ -88,7 +88,7 @@ echo "VNF details $vnf_details" echo "Deleting $vnf_id VNF Instance" curl -X DELETE "${base_url}${cloud_region_id}/${namespace}/${vnf_id}" -if [[ -n $(curl -s -X GET "${base_url}${cloud_region_id}/${namespace}/${vnf_id}") ]]; then +if [[ 200 -eq $(curl -o /dev/null -w %{http_code} -s -X GET "${base_url}${cloud_region_id}/${namespace}/${vnf_id}") ]]; then echo "VNF Instance not deleted" exit 1 fi |