summaryrefslogtreecommitdiffstats
path: root/kud/deployment_infra/playbooks
AgeCommit message (Collapse)AuthorFilesLines
2020-12-10Merge "Fix broken virtlet image URL"Eric Multanen1-1/+1
2020-12-10Merge "Enable pod security policies"Eric Multanen3-2/+22
2020-12-09Enable pod security policiesTodd Malsbary3-2/+22
The intention with this change is to disable CAP_NET_RAW (which can be a security vulnerability) for created Pods. kubespray provides the podsecuritypolicy_enabled variable for enabling privileged (for kube-system) and restricted (for everyone else) policies. Enabling this requires binding the KUD_ADDONs to the privileged policy and specifying the security context correctly for Pods running in the default namespace. As of this change, the only difference between the privileged and restricted security policies is the dropping of CAP_NET_RAW in the restricted policy. To use the default restricted policy provided with kubespray, additional changes must be made to the Pods that are run in the default namespace (such as runing as a non-root user, not requesting privileged mode, etc.). Issue-ID: MULTICLOUD-1256 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I7d6add122ad4046f9116ef03a249f5c9da1d7eec
2020-12-07Fix QAT addon deploy and testTodd Malsbary3-91/+75
Note that as mentioned in install_qat.sh, the kernel command line must include "intel_iommu=on iommu=pt" for the deploy and test to succeed. The underlying issue is that the playbook was expecting to be run on the same host it executed on and was looking for files in the wrong places. Issue-ID: MULTICLOUD-1261 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I5f59b9147f34f077fcdc63d7fc5f80b56977054c
2020-12-02Fix broken virtlet image URLTodd Malsbary1-1/+1
Issue-ID: MULTICLOUD-1259 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I92cc722818b9023b4aa29d191cf92e2c319f957b
2020-11-19Fix CrashLoopBackoff in emco-fluentd PodTodd Malsbary1-0/+4
The emco-fluentd pod is stuck in CrashLoopBackOff due to a failure to resolve the "cluster.local" name. Explicitly set the fluentd.clusterDomain value to the actual cluster name during helm install. Issue-ID: MULTICLOUD-1244 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: Ia6424e7ce8d4544511ad88c478e65fa8c4df0c52
2020-11-19Merge "Build and deploy sriov module only on supported hosts."Ritu Sood3-89/+78
2020-11-19Merge "Upgrade kubespray from 2.12.6 to 2.14.1"Ritu Sood7-47/+26
2020-10-30Upgrade kubespray from 2.12.6 to 2.14.1Todd Malsbary7-47/+26
- Replace move of ansible.cfg from kubespray distribution to /etc/ansible with ANSIBLE_CONFIG environment variable. Ansible modifies ansible.cfg during installation, and the paths in it are relative. - kubespray 2.14.1 requires a kubernetes version > 1.16. Use the default versions of kubernetes and helm provided by kubespray 2.14.1. - kubespray 2.14.1 replaces helm 2 with helm 3. This removes support for helm init and helm serve. It is no longer necessary to call helm init, and the helm serve repository is replaced with file relative URLs. This also triggered a subsequent update of the kubernetes-helm ansible module to include the newer helm versions. - Add "storageType: hostPath" to etcd/values.yaml. Helm deploy of etcd will fail without this due to nil PersistentVolume.metadata.labels.type. - The mitogen module used by kubespray/ansible requires python2 on the hosts. Use the linear strategy to bypass mitogen and install python2 on the cluster hosts. Issue-ID: MULTICLOUD-1230 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I9f50bb4e123fdcacab6b6a97e79cd09fb5c96634
2020-10-30Use same host in both copy and run of deploy_optane.shTodd Malsbary2-9/+9
NOTE: This is not a complete fix, it is only a workaround so that installer.sh can succeed when Optane hardware is not present. Without this, "No such file or directory" is reported during the "Apply Optane PMEM CSI Daemonset" task of the configure-optane playbook. This error was observed with kubespray 2.14.1 and not with 2.12.6. Issue-ID: MULTICLOUD-1234 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I1e23741d704ab117a84b4ed11e2f7ac02f0f2ec2
2020-10-05Build and deploy sriov module only on supported hosts.Todd Malsbary3-89/+78
Building on the target host fixes a couple issues: - In the containerized installer, the container image does not include the necessary kernel headers to build the module. - The build and target host must have the same kernel version. There is no guarantee of this. The deploy uses NFD, similar to the QAT playbook. Issue-ID: MULTICLOUD-1228 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I58705b73b8ce6d381b4649d5a20b8644e51e1b13
2020-09-23Add playbooks for v2 emco chart.Todd Malsbary3-1/+112
Rename v2/onap4k8s to v2/emco, and rename sanity-check-for-v2.sh to emco.sh. This allows --plugins emco to be passed to installer.sh in place of --plugins onap4k8s. Issue-ID: MULTICLOUD-1181 Signed-off-by: Todd <todd.malsbary@intel.com> Change-Id: Idb427a8aa4c8aaff181965a540078c8cf6dd88aa
2020-08-10Integrate Topology Managerchenjie12-0/+73
Integrate topology manager by utilizing ansible scripts from openness. Issue-ID: MULTICLOUD-1102 Signed-off-by: ChenjieXu <chenjie.xu@intel.com> Change-Id: Ibaaf77e44c97edffe1ae03bf77c2422c89783e75
2020-06-01Merge "Update the Kubernetes Version to 1.16"Huang Haibin1-2/+2
2020-05-30Add support for pmem-csi plugin and e2e testChen, Tingjie7-0/+298
Issue-ID: MULTICLOUD-1046 Change-Id: I1853e071a99702c5e6f7ba9ca819746576fd0aca Signed-off-by: Chen, Tingjie <tingjie.chen@intel.com>
2020-05-27Update the Kubernetes Version to 1.16Yao Le1-2/+2
Update kubespray to 2.12 to deploy Kubernetes 1.16 Issue-ID: MULTICLOUD-1063 Signed-off-by: Yao Le <le.yao@intel.com> Change-Id: I537f6395e5d05d8b72411dd1e0789e19972f1947
2020-05-25sriov baremetal installation fixKuralamudhan Ramakrishnan2-5/+11
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com> Issue-ID: MULTICLOUD-1074 Change-Id: I5c497aef954945c4baee10ff5613b220ed9b8152
2020-05-05add cmk in KuDLiang Ding3-0/+185
- deploy cmk related pods - untaint compute nodes if necessary - run cmk unit tests: allocate CPUs from exclusive and shared pools - deploy a testing nginx pod along with cmk testing pods - preset 1/2 CPUs for shared/exlusive pools to fit CI server machines users can adjust the parameters to meet their own requirements Test Results: - many rounds of vagrant/5 VMs(controller01/02/03 and compute01/02) based test are all OK - 14 rounds tests on my local server (S2600WFQ (36C/72T) )and PC(HP Z228 (4C/4T)) with all-in-one bare metal deployment are all OK - CI(a 4C/4T machine) results of latest patch set also show that the test of bare metal deployment is OK - NOTE: both my local test and CI use the same testing method of calling aio.sh after applying the latest patch set. Change-Id: I046a4a63b94f92f23347ab76c21a661521e01119 Issue-ID: MULTICLOUD-879 Signed-off-by: Liang Ding <liang.ding@intel.com>
2020-04-27Merge "Install criproxy binary in /usr/local/bin instead of /tmp. Issue-ID: ↵Ritu Sood2-1/+4
MULTICLOUD-1051"
2020-04-21Upgrate the out-of-date link in virtlet testYao Le1-1/+1
The fedora 29 image link is out of date. It is not reachable now. So upgrade the link to fedora 31. Issue-ID: MULTICLOUD-1057 Signed-off-by: Yao Le <le.yao@intel.com> Change-Id: I5f384cb906bf080c55ea4ea2a27b1514722c8b76
2020-04-19Install criproxy binary in /usr/local/bin instead of /tmp.Eric Tang2-1/+4
Issue-ID: MULTICLOUD-1051 Signed-off-by: Eric Tang <qcorba@gmail.com> Change-Id: I96443ee539de0e2a18011148f86f97e70634cae3 Signed-off-by: Eric Tang <qcorba@gmail.com>
2020-02-27Adding QAT device plugin to KuDakhilakishore5-6/+426
Basic working skeleton. Adding install script adding vars and updated the playbook. Working on Kernel mode updates and driver installation. Removing SRIOV vars Adding script to change the SSL value for 2 kinds of config files. Updating daemonset image. Adding prereq packages for qat. Minor edits for bashate.Adding testcase and conditions to Ansible tasks for clean, uninstall and install the driver. Updating the plays to use templating. Adding qat-kernel mode test case. Signed-off-by: akhilakishore <akhila.kishore@intel.com> Issue-ID: MULTICLOUD-860 Change-Id: I5ad99e7211c859dc3cb054df644edd3fa77b2596
2020-02-10Fix OVN issue in KUDRitu Sood1-0/+8
OVN related test cases are failing. This patch updates the installation of OVN. Issue-ID: MULTICLOUD-474 Signed-off-by: Ritu Sood <ritu.sood@intel.com> Change-Id: Idfa7d256b74d01d9ff604a02ba06d6ce82a8f09d
2019-11-28Remove WAND repositoryKonrad Bańka1-8/+0
Official ubuntu repositories already contain all ovn/ovs packages. WAND repository may introduce unnecessary complications, as it pins package dependencies to exact version making conflicts with ubuntu ones. Issue-ID: MULTICLOUD-957 Signed-off-by: Konrad Bańka <k.banka@samsung.com> Change-Id: Ida75e5a38ab5796c4b95e7d633aebb276383a745
2019-11-15Merge "Updating sriov playbook to meet requirements of updated device"Ritu Sood4-41/+73
2019-11-13Updating sriov playbook to meet requirements of updated deviceAkhila Kishore4-41/+73
Previous sriov playbook supported X710 SRIOV NIC. Updating the scripts to support new device XL710. Other changes include syntactical corrections to "WHEN" condition in ansible. Co-authored-by: hle2 <huifeng.le@intel.com> Signed-off-by: Akhila Kishore <akhila.kishore@intel.com> Issue-ID: MULTICLOUD-929 Change-Id: I697a49a64472ad2d755753e58f8fd4e7857b0456
2019-11-11Optimizing the onap4k8s for all deployment modelKuralamudhan Ramakrishnan1-0/+8
Issue-ID: MULTICLOUD-927 Co-authored-by: Itohan Ukponmwan <itohan.ukponmwan@intel.com> Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com> Change-Id: I97019f3ab06c948b77e189f526c4e217e7706fb6
2019-10-24Merge "Adding onap4ks installation script in kud containerized installer"Ritu Sood2-0/+103
2019-10-24Merge "Update KUD to switch to Ubuntu 18.04"Kiran Kamineni1-2/+0
2019-10-23update helm chart for onap4k8s installation scriptKuralamudhan Ramakrishnan1-1/+1
Issue-ID: MULTICLOUD-867 Co-authored-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com> Co-authored-by: Ritu Sood <ritu.sood@intel.com> Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com> Change-Id: I72f3b56fd709da21854280abeaadb0c6d03b72fb
2019-10-23Adding onap4ks installation script in kud containerized installerKuralamudhan Ramakrishnan2-0/+103
Issue-ID: MULTICLOUD-867 Co-authored-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com> Co-authored-by: Ritu Sood <ritu.sood@intel.com> Change-Id: I37b8112bdd5809f1ae0eaa58ddb0d834d395e8d8 Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
2019-10-21Adding SRIOV Network Device Plugin to KuDAkhila Kishore6-0/+271
Integrating SRIOV as an add-on to KuD. A device should have X700 series NIC for this Add-on to work. Getting the device driver, build and installing it is a part of this patch. Followed by running the SRIOV CNI Daemonset, and NetworkAttachmentDefinition. Reworked the way SRIOV check happens. Previously ran on installer.sh. Now the script is injected into kube-nodes and playbook will run only if the hardware check is true by creating a conf file. Removed unwanted comments and nit changes. Signed-off-by: Akhila Kishore <akhila.kishore@intel.com> Issue-ID: MULTICLOUD-832 Change-Id: I1701a50bc717ddca0d332d6a42d329eaf4c03820
2019-10-20Update KUD to switch to Ubuntu 18.04Ritu Sood1-2/+0
Removed not needed packages for 18.04 for OVN, updated the vagrant image to 18.04 and added some needed apt packages Issue-ID: MULTICLOUD-474 Signed-off-by: Ritu Sood <ritu.sood@intel.com> Change-Id: I82550f8e58371af1c2476540c6b864384c450967
2019-09-12Merge "Integrating NFD Daemonset with KuD"Ritu Sood2-51/+4
2019-09-12Remove unused ovn-kubernetesRitu Sood1-136/+0
Removing unsused ovn-kubernetes playbook and test from KUD. Currently there is no plan to use and also this is untested. Issue-ID: MULTICLOUD-684 Signed-off-by: Ritu Sood <ritu.sood@intel.com> Change-Id: I684bf82c7d4ab6d051178a027a385923ec9c4f2b
2019-09-11Integrating NFD Daemonset with KuDAkhila Kishore2-51/+4
Current NFD code in KuD is unused and obsolete. Integrating NFD as DaemonSet and updating test case for NFD. Added comments. Addressed comments and changed the matchExpression to kernel features. Changed operator from "In" to Gt, and values 4 to 3 better fit broader spectrum of O.S's. Adding exit conditon in case there's an error status. Signed-off-by: Akhila Kishore <akhila.kishore@intel.com> Issue-ID: MULTICLOUD-797 Change-Id: I454fb1998fc84e5f0d566f32b7dcfd85872c5183
2019-09-04Merge "Use Multus Daemonset for installing Multus in KuD"Ritu Sood2-117/+2
2019-09-03Use Multus Daemonset for installing Multus in KuDAkhila Kishore2-117/+2
Currently KuD uses Ansible scripts for installing Multus. Multus has a daemonset that should be used for installing the multus as part of an add-on. This is also helpful for KuD offline deployment in the future. Removed the comment. Updated the images path and removed error supression addressed by comments. Signed-off-by: Akhila Kishore <akhila.kishore@intel.com> Issue-ID: MULTICLOUD-681 Change-Id: Id3702a2b5bd18804c2d7e4d063eba656202cb840
2019-08-28Merge "Remove unsused variables from kud-vars"Kiran Kamineni1-6/+0
2019-08-30Remove unsused variables from kud-varsRitu Sood1-6/+0
ovn4nfv url and other information not required now after the patch https://gerrit.onap.org/r/#/c/multicloud/k8s/+/93602/ Issue-ID: MULTICLOUD-684 Signed-off-by: Ritu Sood <ritu.sood@intel.com> Change-Id: Ic4ccc67647c85a39d482ff7d71122f05641d1acb
2019-08-29Fix path to imagesRitu Sood1-1/+1
Relative playbook path breaks in aio configuration. Issue-ID: MULTICLOUD-684 Signed-off-by: Ritu Sood <ritu.sood@intel.com> Change-Id: Id064157d010438dea33500dd0dc200b1c1b0f0d1
2019-08-29Add support for Network OperatorRitu Sood1-89/+12
ovn4nfvk8s plugin now uses operator sdk and controller runtime. It now includes support for Network operator. This patch includes changes needed in KUD for that. Signed-off-by: Ritu Sood <ritu.sood@intel.com> Issue-ID: MULTICLOUD-684 Change-Id: I63dc971e257067c69c70a8996eaffd1a9d8a4c2c
2019-08-19Version update.Akhila Kishore1-1/+1
Updating Kubespray version from 2.8.2 to 2.10.4 for KuD offline support and integration with new add-ons in future. Signed-off-by: Akhila Kishore <akhila.kishore@intel.com> Issue-ID: MULTICLOUD-772 Change-Id: I4b7887aae359cd6197e696010acde6e204c41931
2019-08-19Revert "Version update."Kiran Kamineni1-1/+1
This reverts commit 5f760c3fb7d0e74833b1a2137e6ff3dadc71b2f5. Issue-ID: MULTICLOUD-772 Change-Id: I6feffd87545195992fb28e98dcee4038d9b08474 Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
2019-08-19Version update.Akhila Kishore1-1/+1
Updating Kubespray version from 2.8.2 to 2.10.4 for KuD offline support and integration with new add-ons in future. Signed-off-by: Akhila Kishore <akhila.kishore@intel.com> Issue-ID: MULTICLOUD-772 Change-Id: Ib1263e86adb9815e1ee56038507a3c092aad1feb
2019-08-06Merge changes Ia35fac70,I7ffaa3d4,I53e7e4d6Bin Yang1-0/+5
* changes: Update plugin.sh with new helper functions Provide connection info for plugin testcase Correct k8splugin endpoint configuration in KUD test
2019-08-02Update plugin.sh with new helper functionsKonrad Bańka1-0/+5
Plugin.sh has been refactored to use new wrapper functions as well as utilize helm package command for creating resource bundle in order to test proper handling of this scenario by plugin Issue-ID: MULTICLOUD-686 Signed-off-by: Konrad Bańka <k.banka@samsung.com> Change-Id: Ia35fac70153fdb34ba75bfff31f9b2566b986cf1
2019-08-01Correct go version installed by k8s addonsKonrad Bańka2-5/+7
Andrewrothstein.go galaxy role, that was responsible for go installation was in too old tag to support demanded (1.12.4) go version. It also blocked ovn-kubernetes addon installation that's fixed now. Go version has been also upgraded to 1.12.5 Issue-ID: MULTICLOUD-644 Signed-off-by: Konrad Bańka <k.banka@samsung.com> Change-Id: I926bd061a361b2ae2efa2aecedf4fa6321f04cc8
2019-07-16Provide idempotent multus plugin configurationKonrad Bańka1-20/+18
Blockinfile task overrides marker section in order to provide valid json content in file. Because of this, generated block is added each time this playbook is run. This makes CNI config file contain malformed content when launched more than once. Issue-ID: MULTICLOUD-676 Signed-off-by: Konrad Bańka <k.banka@samsung.com> Change-Id: If1c98414be4fb3a5b6c1c63fada0bd934448f040
2019-07-09Fix helm installation conflictKonrad Bańka2-5/+18
Kubespray installs helm client on kubernetes master. The same client has to be installed on host running installation playbooks. In single node scenario, local host already has helm client installed by kubespray, thus leading to conflict due to way of provisioning. This helm installation has been moved to global configure playbook, as well as corrected, not to fail on single host deployments. Issue-ID: MULTICLOUD-690 Signed-off-by: Konrad Bańka <k.banka@samsung.com> Change-Id: I1ef779ed0f2fde82758ce9e229c3f5bb015b2aeb