diff options
Diffstat (limited to 'ansible')
22 files changed, 364 insertions, 9 deletions
diff --git a/ansible/README.md b/ansible/README.md index 8d6e41ee..f82c750f 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -113,7 +113,7 @@ This playbook contains imports for all the other playbooks needed to deploy wanted Kubernetes application: - `upload_resources.yml` - `infrastructure.yml` - - `rancher_kubernetes.yml` + - `rke.yml` - `application.yml` - this is an application related playbook ### Resource upload @@ -139,7 +139,7 @@ Infrastructure setup is handled by `infrastructure.yml` playbook. ### Kubernetes cluster deployment -Kubernetes cluster is deployment is handled by `rancher_kubernetes.yml` playbook. +Kubernetes cluster deployment is handled by `rke.yml` playbook. **Preconditions**: - infrastructure deployed by running `infrastructure.yml` playbook @@ -162,7 +162,7 @@ copied there after installer package is deployed and before installing the appli Application Helm charts and configuration is better described in [application/README.md](./application/README.md) **Preconditions**: - - Kubernetes cluster must be up and running i.e. `rancher_kubernetes.yml` playbook has been run. + - Kubernetes cluster must be up and running i.e. `rke.yml` playbook has been run. ## Running playbooks To run ansible playbook call `run_playbook.sh` with same arguments as you would @@ -222,12 +222,25 @@ parts. hosts: infrastructure-server: ansible_host: 10.8.8.9 + #IP used for communication between infra and kubernetes nodes, must be specified. + cluster_ip: 10.8.8.9 # This is group of hosts which are/will be part of Kubernetes cluster. kubernetes: hosts: kubernetes-node-1: ansible_host: 10.8.8.13 + #ip of the node that it uses for communication with k8s cluster. + cluster_ip: 10.8.8.13 + + # This is a group of hosts that are to be used as kubernetes control plane nodes. + # This means they host kubernetes api server, controller manager and scheduler. + # This example uses infra for this purpose, however note that any + # other host could be used including kubernetes nodes. + # cluster_ip needs to be set for hosts used as control planes. + kubernetes-control-plane: + hosts: + infrastructure-server nfs-server: hosts: diff --git a/ansible/roles/application/defaults/main.yml b/ansible/roles/application/defaults/main.yml index dec17601..84fffeca 100644 --- a/ansible/roles/application/defaults/main.yml +++ b/ansible/roles/application/defaults/main.yml @@ -1,6 +1,8 @@ --- helm_repository_name: local helm_repository_url: http://127.0.0.1:8879 +helm_extra_install_options: + - { opt: '--timeout 1800'} # Override file generation for Helm application can be customized by any role # given by user and found by ansible from roles_path. # By default override file is generated by 'application-override' role that is diff --git a/ansible/roles/application/molecule/default/tests/test_default.py b/ansible/roles/application/molecule/default/tests/test_default.py index 3e0cbb42..5edceff3 100644 --- a/ansible/roles/application/molecule/default/tests/test_default.py +++ b/ansible/roles/application/molecule/default/tests/test_default.py @@ -16,7 +16,8 @@ serve repo list repo add local http://127.0.0.1:8879 install --name moleculetestapp local/moleculetestapp --namespace \ -moleculetestapp -f /opt/moleculetestapp/override.yaml""" +moleculetestapp -f /opt/moleculetestapp/override.yaml \ +--timeout 1800""" assert fc == expected_content diff --git a/ansible/roles/application/tasks/install.yml b/ansible/roles/application/tasks/install.yml index cdc7ced0..bdf6e511 100644 --- a/ansible/roles/application/tasks/install.yml +++ b/ansible/roles/application/tasks/install.yml @@ -72,6 +72,7 @@ {{ helm_repository_name }}/{{ app_helm_chart_name }} --namespace {{ app_kubernetes_namespace }} {{ '' if app_skip_helm_override else '-f ' + app_helm_override_file }} + {% for arg in helm_extra_install_options %} {{ arg.opt }} {% endfor %} changed_when: true # when executed its a changed type of action register: helm_install failed_when: helm_install.stderr diff --git a/ansible/roles/docker/handlers/main.yml b/ansible/roles/docker/handlers/main.yml index 9916a81b..de4a52ac 100644 --- a/ansible/roles/docker/handlers/main.yml +++ b/ansible/roles/docker/handlers/main.yml @@ -1,6 +1,3 @@ --- - name: Restart Docker import_tasks: docker_restart.yml - when: - - ansible_env.container is defined - - ansible_env.container != 'docker' diff --git a/ansible/roles/nexus/defaults/main.yml b/ansible/roles/nexus/defaults/main.yml index 92089e9a..8f636979 100644 --- a/ansible/roles/nexus/defaults/main.yml +++ b/ansible/roles/nexus/defaults/main.yml @@ -1,4 +1,5 @@ --- +nexus_come_up_wait_retries: 30 # By default prepopulated nexus binary blob used. populate_nexus: false # By dafault no additional docker images pushed to nexus at runtime diff --git a/ansible/roles/nexus/tasks/install.yml b/ansible/roles/nexus/tasks/install.yml index f8de5e95..c88e5855 100644 --- a/ansible/roles/nexus/tasks/install.yml +++ b/ansible/roles/nexus/tasks/install.yml @@ -36,7 +36,7 @@ password: admin123 force_basic_auth: true method: GET - retries: 30 + retries: "{{ nexus_come_up_wait_retries }}" delay: 10 register: nexus_wait until: not nexus_wait.failed diff --git a/ansible/roles/package-repository/tasks/main.yml b/ansible/roles/package-repository/tasks/main.yml index 599e1052..7dc2e76f 100644 --- a/ansible/roles/package-repository/tasks/main.yml +++ b/ansible/roles/package-repository/tasks/main.yml @@ -5,6 +5,7 @@ path: /etc/resolv.conf state: present insertbefore: BOF + unsafe_writes: true - name: Disable all OS default repositories block: diff --git a/ansible/site.yml b/ansible/site.yml index fbf2c389..7e22c5b2 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -15,6 +15,6 @@ # installer - import_playbook: resources.yml - import_playbook: infrastructure.yml -- import_playbook: rancher_kubernetes.yml +- import_playbook: rke.yml - import_playbook: application.yml diff --git a/ansible/test/play-infrastructure/.yamllint b/ansible/test/play-infrastructure/.yamllint new file mode 100644 index 00000000..ad0be760 --- /dev/null +++ b/ansible/test/play-infrastructure/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/ansible/test/play-infrastructure/molecule/default/molecule.yml b/ansible/test/play-infrastructure/molecule/default/molecule.yml new file mode 100644 index 00000000..894ab804 --- /dev/null +++ b/ansible/test/play-infrastructure/molecule/default/molecule.yml @@ -0,0 +1,73 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: infrastructure-server + image: molecule-${PREBUILD_PLATFORM_DISTRO:-centos}:${PREBUILD_DISTRO_VERSION:-centos7.6} + pre_build_image: true + privileged: true + override_command: false + restart_policy: unless-stopped + volumes: + - /var/lib/docker + - /opt/onap + groups: + - infrastructure + networks: + - name: infrastructure-net + purge_networks: true + + - name: kubernetes-node-1 + image: molecule-${PREBUILD_PLATFORM_DISTRO:-centos}:${PREBUILD_DISTRO_VERSION:-centos7.6} + pre_build_image: true + privileged: true + override_command: false + restart_policy: unless-stopped + env: + container: docker + volumes: + - /var/lib/docker + groups: + - kubernetes + networks: + - name: infrastructure-net + purge_networks: true + +provisioner: + name: ansible + env: + ANSIBLE_ROLES_PATH: ../../../roles:../../../../roles/ + ANSIBLE_LIBRARY: ../../../../library + inventory: + links: + group_vars: ../../../../group_vars + lint: + name: ansible-lint +scenario: + name: default + test_sequence: + - lint + - cleanup + - destroy + - dependency + - syntax + - create + - prepare + - converge + # - idempotence + # --> Action: 'idempotence' + # ERROR: Idempotence test failed because of the following tasks: + # * [infrastructure-server -> 10.0.2.15] => certificates : Generate an OpenSSL CSR. + # * [infrastructure-server -> 10.0.2.15] => certificates : Generate root CA certificate + - side_effect + - verify + - cleanup + - destroy +verifier: + name: testinfra + lint: + name: flake8 diff --git a/ansible/test/play-infrastructure/molecule/default/playbook.yml b/ansible/test/play-infrastructure/molecule/default/playbook.yml new file mode 100644 index 00000000..26b3c15d --- /dev/null +++ b/ansible/test/play-infrastructure/molecule/default/playbook.yml @@ -0,0 +1,11 @@ +--- +- name: Common setup for all hosts + hosts: all + tasks: + - name: Set cluster_ip variable + set_fact: + cluster_ip: "{{ ansible_default_ipv4.address }}" + - name: Include variables + include_vars: vars.yml + +- import_playbook: ../../../../infrastructure.yml diff --git a/ansible/test/play-infrastructure/molecule/default/prepare.yml b/ansible/test/play-infrastructure/molecule/default/prepare.yml new file mode 100644 index 00000000..86e25b48 --- /dev/null +++ b/ansible/test/play-infrastructure/molecule/default/prepare.yml @@ -0,0 +1,25 @@ +--- +- name: Prepare infra + hosts: infrastructure + roles: + - prepare-package-repository + - prepare-chrony + - prepare-vncserver + - prepare-nginx + - prepare-nexus + - prepare-dns + - prepare-firewall + vars_files: + - vars.yml + - ../../../../roles/nginx/defaults/main.yml + - ../../../../roles/vncserver/defaults/main.yml + - ../../../../roles/nexus/defaults/main.yml + - ../../../../roles/dns/defaults/main.yml + +- name: Prepare kubernetes + hosts: kubernetes + roles: + - prepare-chrony + - prepare-firewall + vars_files: + - vars.yml diff --git a/ansible/test/play-infrastructure/molecule/default/tests/test_nodes.py b/ansible/test/play-infrastructure/molecule/default/tests/test_nodes.py new file mode 100644 index 00000000..c0ce64f2 --- /dev/null +++ b/ansible/test/play-infrastructure/molecule/default/tests/test_nodes.py @@ -0,0 +1,11 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('kubernetes') + + +def test_registry_access(host): + assert host.run( + 'docker login -u admin -p admin123 nexus3.onap.org:10001').rc == 0 diff --git a/ansible/test/play-infrastructure/molecule/default/vars.yml b/ansible/test/play-infrastructure/molecule/default/vars.yml new file mode 100644 index 00000000..e91eadb2 --- /dev/null +++ b/ansible/test/play-infrastructure/molecule/default/vars.yml @@ -0,0 +1,24 @@ +--- +vnc_passwd: molecule +certificates: + organization_name: Molecule Testers + state_or_province_name: Finland + country_name: FI + locality_name: Tampere +app_name: onap +app_data_path: "/opt/{{ app_name }}" + +nexus_come_up_wait_retries: 60 +populate_nexus: true # Different from default, molecule tests also nexus's configure.yml + +molecule_test_registry: nexus3.onap.org:10001 +# Different from default i.e. also additional images population is tested with molecule +runtime_images: + busybox: + registry: "{{ molecule_test_registry }}" + path: "/onap/components/busybox" + tag: "latest" + aaionap-haproxy: + registry: "{{ molecule_test_registry }}" + path: "/onap/components/aaionap/haproxy" + tag: "1.2.4" diff --git a/ansible/test/roles/prepare-dns/tasks/main.yml b/ansible/test/roles/prepare-dns/tasks/main.yml new file mode 100644 index 00000000..7907f868 --- /dev/null +++ b/ansible/test/roles/prepare-dns/tasks/main.yml @@ -0,0 +1,22 @@ +--- +- name: "Create needed dirs for dns role" + file: + path: "{{ item }}" + state: directory + mode: "u+rw,g+wx,o+rwx" + recurse: true + loop: + - "{{ app_data_path }}/cfg" + - "{{ infra_images_path }}" + +- name: Download and archive dnsmasq docker image for the dns role to use + delegate_to: localhost + docker_image: + name: andyshinn/dnsmasq + tag: 2.76 + archive_path: /tmp/dnsmasq.tar + +- name: Copy dnsmasq image to node + copy: + src: /tmp/dnsmasq.tar + dest: "{{ infra_images_path }}/{{ dns_server_image_tar }}" diff --git a/ansible/test/roles/prepare-nexus/tasks/main.yml b/ansible/test/roles/prepare-nexus/tasks/main.yml new file mode 100644 index 00000000..4ef40f5e --- /dev/null +++ b/ansible/test/roles/prepare-nexus/tasks/main.yml @@ -0,0 +1,70 @@ +--- +- name: Add nexus simulation hosts to /etc/hosts + lineinfile: + regexp: "^{{ ansible_default_ipv4.address | regex_escape() }} {{ etc_hosts | join(' ') | regex_escape() }}$" + line: "{{ ansible_default_ipv4.address }} {{ etc_hosts | join(' ') }}" + insertafter: EOF + path: /etc/hosts + unsafe_writes: true + +- name: "Create needed dirs for nexus role" + file: + path: "{{ item }}" + state: directory + mode: "u+rw,g+wx,o+rwx" + recurse: true + loop: + - "{{ app_data_path }}/nexus_data" + - "{{ infra_images_path }}" + - "{{ aux_data_path }}" + +- name: Download and archive nexus docker image for the nexus role to use + delegate_to: localhost + docker_image: + name: "{{ nexus3_image }}" + archive_path: /tmp/nexus.tar + +- name: Download and tag additional (busybox) docker image for the nexus role to populate into + delegate_to: localhost + docker_image: + name: busybox + tag: latest + repository: nexus3.onap.org:10001/onap/components/busybox + +- name: Save busybox image + delegate_to: localhost + docker_image: + name: nexus3.onap.org:10001/onap/components/busybox + tag: latest + pull: false + archive_path: /tmp/busybox.tar + +- name: Download and tag additional (aaionap/haproxy) docker image for the nexus role to populate into nexus + delegate_to: localhost + docker_image: + name: aaionap/haproxy + tag: 1.2.4 + repository: nexus3.onap.org:10001/onap/components/aaionap/haproxy + +- name: Save haproxy image + delegate_to: localhost + docker_image: + name: nexus3.onap.org:10001/onap/components/aaionap/haproxy + tag: 1.2.4 + pull: false + archive_path: /tmp/haproxy.tar + +- name: Copy nexus image to node + copy: + src: /tmp/nexus.tar + dest: "{{ infra_images_path }}/{{ nexus3_image_tar }}" + +- name: Copy busybox image to node + copy: + src: /tmp/busybox.tar + dest: "{{ aux_data_path }}/busybox.tar" + +- name: Copy haproxy image to node + copy: + src: /tmp/haproxy.tar + dest: "{{ aux_data_path }}/aaionap-haproxy.tar" diff --git a/ansible/test/roles/prepare-nexus/vars/main.yml b/ansible/test/roles/prepare-nexus/vars/main.yml new file mode 100644 index 00000000..d2ee3548 --- /dev/null +++ b/ansible/test/roles/prepare-nexus/vars/main.yml @@ -0,0 +1,5 @@ +--- +# Hosts to be added to /etc/hosts file. +etc_hosts: + - nexus.infrastructure-server + - nexus3.onap.org diff --git a/ansible/test/roles/prepare-nginx/tasks/main.yml b/ansible/test/roles/prepare-nginx/tasks/main.yml new file mode 100644 index 00000000..3cd93990 --- /dev/null +++ b/ansible/test/roles/prepare-nginx/tasks/main.yml @@ -0,0 +1,28 @@ +--- +- name: "Create needed dirs for nginx role" + file: + path: "{{ item }}" + state: directory + mode: "u+rw,g+wx,o+rwx" + recurse: true + loop: + - "{{ infra_images_path }}" + +- name: Build nginx docker image + delegate_to: localhost + docker_image: + path: ../../../../../build/creating_data/create_nginx_image/ + name: own_nginx + tag: 2.0.0 + +- name: Archive nginx docker image for the nginx role to use + delegate_to: localhost + docker_image: + name: own_nginx + tag: 2.0.0 + archive_path: /tmp/nginx.tar + +- name: Copy nginx image to node + copy: + src: /tmp/nginx.tar + dest: "{{ infra_images_path }}/{{ nginx_server_image_tar }}" diff --git a/ansible/test/roles/prepare-package-repository/tasks/main.yml b/ansible/test/roles/prepare-package-repository/tasks/main.yml new file mode 100644 index 00000000..66f81d6d --- /dev/null +++ b/ansible/test/roles/prepare-package-repository/tasks/main.yml @@ -0,0 +1,26 @@ +--- +- name: Add Docker-CE repo + yum_repository: + name: docker-ce + description: Docker-ce YUM repo + baseurl: https://download.docker.com/linux/centos/7/x86_64/stable/ + gpgcheck: true + gpgkey: https://download.docker.com/linux/centos/gpg + +- name: Install createrepo + yum: + name: createrepo + state: present + +- name: "Ensure {{ rhel_pkg_dir }} exists" + file: + path: "{{ rhel_pkg_dir }}" + state: directory + +- name: Download rpm packages + command: "yumdownloader --destdir={{ rhel_pkg_dir }} --resolve {{ packages | join(' ') }}" + +- name: Index repository + command: "createrepo {{ rhel_pkg_dir }}" + args: + creates: "{{ rhel_pkg_dir }}/repodata" diff --git a/ansible/test/roles/prepare-package-repository/vars/main.yml b/ansible/test/roles/prepare-package-repository/vars/main.yml new file mode 100644 index 00000000..80944284 --- /dev/null +++ b/ansible/test/roles/prepare-package-repository/vars/main.yml @@ -0,0 +1,12 @@ +--- +rhel_pkg_dir: "{{ app_data_path }}/pkg/rhel" +packages: +- "docker-ce-18.09.5" +- container-selinux +- docker-ce-cli +- containerd.io +- python-jsonpointer +- python-docker-py +- python-docker-pycreds +- python-ipaddress +- python-websocket-client diff --git a/ansible/test/roles/prepare-vncserver/tasks/main.yml b/ansible/test/roles/prepare-vncserver/tasks/main.yml new file mode 100644 index 00000000..cb7a5f8a --- /dev/null +++ b/ansible/test/roles/prepare-vncserver/tasks/main.yml @@ -0,0 +1,21 @@ +--- +- name: "Create needed dirs for vncserver role" + file: + path: "{{ item }}" + state: directory + mode: "u+rw,g+wx,o+rwx" + recurse: true + loop: + - "{{ infra_images_path }}" + +- name: Download and archive vncserver docker image for the vncserver role to use + delegate_to: localhost + docker_image: + name: "{{ vnc_server_image }}" + state: present + archive_path: /tmp/vncserver.tar + +- name: Copy vnc server image to node + copy: + src: /tmp/vncserver.tar + dest: "{{ infra_images_path }}/{{ vnc_server_image_tar }}" |