blob: dc506d50e24181ca173a955af63ee940e66dad45 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
|
#!/bin/bash
#####################################################
# In case a volume should be attached to the instance
# 1) partitioning cinder volume
# 2) creating XFS on the volume
# 3) labeling the volume
# 4) mounting the volume
# 5) adding appropriate entry to the /etc/fstab file
#####################################################
# Configure Salt-minion
#####################################################
# Deploy ,provision and configure vSON components
#####################################################
# Author: Dmitry Orzhehovsky
# Email: dorzheho@cisco.com
#####################################################
# METADATA
# Should be modified in case the version has changed
CLM_PKG_VERSION=1.0
#####################################################
DEBUG_LOG=/tmp/minion_debug-$$.log
vfc_role=$HOT_VFC_ROLE
this_instance_index=$HOT_INSTANCE_INDEX
IPv4="inet"
IPv6="inet6"
IP_INVALID="invalid"
failure()
{
local msg=$1
local signal=$2
$HOT_WC_NOTIFY -H "X-Auth-Token: $HOT_SWIFT_AUTH_TOKEN" --data-binary "{\"status\": \"FAILURE\", \"reason\": \"$signal\", \"data\": \"$msg\"}"
exit $signal
}
_get_ip_family()
{
local ip=$1
local ip_family=$(python -c "
import socket
family = \"$IPv4\"
try:
socket.inet_pton(socket.AF_INET, \"$ip\")
except:
family = \"$IPv6\"
try:
socket.inet_pton(socket.AF_INET6, \"$ip\")
except:
family = \"$IP_INVALID\"
print family")
[ "$ip_family" == "$IP_INVALID" ] && failure "Invalid IP $ip." 100
echo $ip_family
}
_volume_persist_config_intucell()
{
mkdir -p /intucell
mount -L INTUCELL /intucell
chown intucell:intucell /intucell
echo "LABEL=INTUCELL /intucell xfs rw,noatime,attr2,noquota 0 2" >> /etc/fstab
}
set_static_ip()
{
local ip=$1
local prefix_length=$2
local interface=$3
local ip_family=$4
local gw=$5
local netmask=$prefix_length
if [ "$ip_family" == "$IPv4" ];then
netmask=$(python -c "
import struct
import socket
print socket.inet_ntoa(struct.pack('>L', (1<<32) - (1<<32>>$prefix_length)))"
)
fi
if grep manual /etc/network/interfaces.d/$interface;then
echo "auto $interface" > /etc/network/interfaces.d/$interface
fi
cat << EOF >> /etc/network/interfaces.d/$interface
iface $interface $ip_family static
address $ip
netmask $netmask
EOF
if [ "X$gw" != "X" ];then
echo " gateway $gw" >> /etc/network/interfaces.d/$interface
fi
ifdown $interface --force || true
ifup $interface
}
set_dns_servers()
{
for dns in $(echo $HOT_DNS_SERVERS|tr ',' ' ');do
if [ "X$dns" != "X" ];then
echo "nameserver $dns" >> /etc/resolv.conf
fi
done
}
set_ntp_servers()
{
cat << EOF > /etc/systemd/timesyncd.conf
[Time]
Servers=$HOT_NTP_SERVERS
EOF
}
dns_lookup()
{
server_ip=$1
host $server_ip
(( $? == 0 )) || return 1
}
volume_main()
{
set -e
if $(blkid -L INTUCELL &> /dev/null);then
_volume_persist_config_intucell
mount -a
return
fi
volume_id=$HOT_VOLUME_ID
disk_id=${volume_id:0:20}
for device in /dev/disk/by-id/*;do
[[ $device =~ part ]] && continue
id=${device##*/virtio-}
id=${id:0:20}
if [[ "$id" == "$disk_id" ]];then
(echo o; echo n; echo p; echo 1; echo; echo; echo w;) | fdisk $device
partition=${device}-part1
while true;do
partprobe
sleep 2
[[ -L ${device}-part1 ]] && break
done
mkfs.xfs -f -L INTUCELL ${device}-part1
_volume_persist_config_intucell
mount -a
fi
done
set +e
}
init_main()
{
local ip_family=$1
## SaltStack minion configuration
if [ -z "$HOT_CLM_SERVER_IP" ];then
clm_primary=1
clm_server_ip=$HOT_THIS_INSTANCE_OAM_NET_IP
else
clm_server_ip=$HOT_CLM_SERVER_IP
fi
minion_conf=/etc/salt/minion.d/vson-minion.conf
cat << EOF > $minion_conf
environment: prod
hash_type: sha256
mine_interval: 5
EOF
[ "$ip_family" == "$IPv6" ] && echo "ipv6: True" >> $minion_conf
host $clm_server_ip
if (($? != 0 ));then
echo "$clm_server_ip clm0" >> /etc/hosts
clm_server_ip=clm0
fi
if (( $clm_primary ));then
cat << EOF >> $minion_conf
file_roots:
prod:
- /srv/cisco/salt/prod
pillar_roots:
prod:
- /srv/cisco/pillar/prod
EOF
fi
cat << EOF > /etc/salt/minion.d/vson-minion-mc.conf
master:
- $clm_server_ip
EOF
minion_grains_conf=/etc/salt/grains
cat << EOF > $minion_grains_conf
vson.environment: prod
vson.vfc_role: $vfc_role
vson.this_vfc_instance_index: $this_instance_index
EOF
if [ -n "$HOT_DC_NAME" ];then
echo "vson.dc_name: $HOT_DC_NAME" >> $minion_grains_conf
fi
if [ -n "$HOT_CLUSTER_NAME" ];then
echo "vson.cluster_name: $HOT_CLUSTER_NAME" >> $minion_grains_conf
fi
if [ -n "$HOT_VSON_JOIN_CLUSTER_AUTH_TOKEN" ];then
echo "vson.join_cluster_auth_token: $HOT_VSON_JOIN_CLUSTER_AUTH_TOKEN" >> $minion_grains_conf
fi
if [ -n "$HOT_SWIFT_CONTAINER_NAME" ];then
echo "swift.container_name: $HOT_SWIFT_CONTAINER_NAME" >> $minion_grains_conf
fi
if [ -n "$HOT_SWIFT_STORAGE_URL" ];then
echo "swift.storage_url: $HOT_SWIFT_STORAGE_URL" >> $minion_grains_conf
fi
if [ -n "$HOT_SWIFT_AUTH_TOKEN" ];then
echo "swift.auth_token: $HOT_SWIFT_AUTH_TOKEN" >> $minion_grains_conf
fi
cat << EOF > /etc/salt/minion.d/vson-minion-mc.conf
master:
- $clm_server_ip
EOF
# Remove old minion_id file
rm -f /etc/salt/minion_id
rm -rf /var/cache/salt/minion/*
# Start Salt minion service
systemctl start salt-minion
# Enable Salt minion service
systemctl enable salt-minion
sleep 5
}
clm_main()
{
cd /srv; curl -s -H "X-Auth-Token: $HOT_SWIFT_AUTH_TOKEN" $HOT_SWIFT_STORAGE_URL/$HOT_SWIFT_CONTAINER_NAME/vson-clm-${CLM_PKG_VERSION}.tar| tar xv
if (( $clm_primary ));then
salt-call --local state.apply vson.deploy -l debug --log-file-level=debug --log-file=$DEBUG_LOG
else
salt-call state.apply vson.deploy -l debug --log-file-level=debug --log-file=$DEBUG_LOG
salt-call state.apply vson.fire_events.reconfigure_minions -l debug --log-file-level=debug --log-file=$DEBUG_LOG
fi
if grep "ERROR" $DEBUG_LOG;then
return 1
fi
}
vfc_main()
{
salt-call saltutil.sync_all
salt-call state.apply vson.deploy -l debug --log-file-level=debug --log-file=$DEBUG_LOG
if [ "$vfc_role" == "mon" ];then
salt-call state.apply vson.vfc-mon.fire_events.configure_multisite -l debug --log-file-level=debug --log-file=$DEBUG_LOG
fi
if grep "ERROR" $DEBUG_LOG;then
return 1
fi
}
###### For testing only #######
echo -e "cisco\ncisco"|passwd
sed -i "s#\(PermitRootLogin\) without-password#\1 yes#" /etc/ssh/sshd_config
systemctl restart ssh
###############################
echo "LANG=en_US.utf-8" > /etc/environment
echo "LC_ALL=en_US.utf-8" >> /etc/environment
touch /var/lib/cloud/instance/locale-check.skip
rm -rf /etc/apt/sources.list.d/*
## Let rsyslog reread new name of the instance
systemctl restart rsyslog
set_static_ip "$HOT_THIS_INSTANCE_OAM_NET_IP" "$HOT_THIS_INSTANCE_OAM_NET_PREFIX" "eth0" $(_get_ip_family $HOT_THIS_INSTANCE_OAM_NET_IP) $HOT_THIS_INSTANCE_DEFAULT_GATEWAY
if [ "X$HOT_THIS_INSTANCE_OAM_V6_NET_IP" != "X" ];then
set_static_ip "$HOT_THIS_INSTANCE_OAM_V6_NET_IP" "$HOT_THIS_INSTANCE_OAM_V6_NET_PREFIX" "eth0" $(_get_ip_family $HOT_THIS_INSTANCE_OAM_V6_NET_IP)
fi
set_dns_servers
set_ntp_servers
systemctl restart systemd-timesyncd
if [ "$HOT_VOLUME_ATTACH" == "True" ];then
volume_main || failure "Cinder volume configuration." 110
fi
init_main $IPv4 || failure "VFC initial configuration" 120
if [ "$vfc_role" == "clm" ];then
clm_main || failure "vSON CLM deployment." 130
else
mkdir /intucell
chown -R intucell:intucell /intucell
vfc_main || failure "vSON $vfc_role deployment." 140
fi
$HOT_WC_NOTIFY -H "X-Auth-Token: $HOT_SWIFT_AUTH_TOKEN" --data-binary '{"status": "SUCCESS"}'
rm -f $DEBUG_LOG
|