diff options
59 files changed, 5318 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100755 index 0000000..750975f --- /dev/null +++ b/.gitignore @@ -0,0 +1,14 @@ +.DS_Store +.vagrant* +ansible/roles/* +!ansible/roles/ansible-ice-templates/ +!ansible/roles/ansible-ice-volumes/ +!ansible/roles/ansible-vvp-bootstrap/ +.vault_password +*.retry +*.vdi +*.vmdk +zones/*/fetch/* +zones/*/k8 +fetch/* +**/*.pyc diff --git a/LICENSE.TXT b/LICENSE.TXT new file mode 100755 index 0000000..19fa261 --- /dev/null +++ b/LICENSE.TXT @@ -0,0 +1,38 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property.
\ No newline at end of file diff --git a/README.md b/README.md new file mode 100755 index 0000000..5474595 --- /dev/null +++ b/README.md @@ -0,0 +1,9 @@ +``` +# update your hosts file with the line +# 10.252.0.12 coreos-01.development.vvp.example.com +. setenv +# select the envirionment yout want from the list +vagrant up +watch -n5 "kubectl get po -n kube-system" +# once all pods are running status +`bin/vvp-deploy` diff --git a/ansible/action_plugins b/ansible/action_plugins new file mode 120000 index 0000000..660c351 --- /dev/null +++ b/ansible/action_plugins @@ -0,0 +1 @@ +./roles/ceph.ceph-common/plugins/actions/
\ No newline at end of file diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg new file mode 100755 index 0000000..4a72589 --- /dev/null +++ b/ansible/ansible.cfg @@ -0,0 +1,46 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +[defaults] +roles_path=./roles/ +vault_password_file=.vault_password +action_plugins =./roles/ceph.ceph-common/plugins/actions +inventory =../zones/multi-node/inventory/ + +[ssh_connection] +ssh_args = -o ControlPersist=60s -o ControlMaster=auto -o ServerAliveInterval=10 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no diff --git a/ansible/application.yml b/ansible/application.yml new file mode 100755 index 0000000..7e305cc --- /dev/null +++ b/ansible/application.yml @@ -0,0 +1,89 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +- hosts: localhost + connection: local + tasks: + - name: Set timestamp fact if it hasn't been set + local_action: + set_fact timestamp="{{lookup('pipe', 'date \"+%s\"')}}" + run_once: True + when: timestamp is not defined + tags: + - always + +- hosts: localhost + connection: local + gather_facts: False + pre_tasks: + - shell: cat {{fetch_directory}}/ceph_cluster_uuid.conf + register: ceph_uuid + tags: + - always + + - shell: grep 'key' {{fetch_directory}}/{{ceph_uuid.stdout}}/etc/ceph/ceph.client.admin.keyring | awk '{print $3}' + register: client_key + tags: + - always + + - set_fact: + ceph_key: "{{client_key.stdout}}" + tags: + - always + +- hosts: rbdhost + become: True + pre_tasks: + - set_fact: + timestamp: "{{hostvars['127.0.0.1']['timestamp']}}" + tags: + - always + roles: + - role: ansible-vvp-volumes + +- hosts: localhost + connection: local + gather_facts: False + vars: + rollback_deployment: [] + sleep_in_seconds: + pre_deploy: "{{ pre_deploy_sleep | default(0) }}" + post_deploy: "{{ post_deploy_sleep | default(60) }}" + roles: + - ansible-vvp-templates diff --git a/ansible/infrastructure.yml b/ansible/infrastructure.yml new file mode 100755 index 0000000..0e700ca --- /dev/null +++ b/ansible/infrastructure.yml @@ -0,0 +1,85 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +- hosts: localhost,rbdhost + tasks: + - name: Set timestamp fact if it hasn't been set + local_action: + set_fact timestamp="{{lookup('pipe', 'date \"+%s\"')}}" + run_once: True + when: timestamp is not defined + tags: + - always + +- hosts: mons + become: True + roles: + - ceph.ceph-mon + +- hosts: rgws + become: True + roles: + - ceph.ceph-rgw + +- hosts: osds + become: True + roles: + - ceph.ceph-osd + +- hosts: bootstrap + become: yes + roles: + - ansible-vvp-bootstrap + +- hosts: rbdhost + vars: + rollback_volumes: [] + snapshot_volumes: [] + become: True + roles: + - role: ansible-vvp-volumes + +# we can't do this in the earlier rgws block because we need its underlying +# osds and volumes to be set up. +- hosts: rgws + tasks: + - name: configure radosgw static files user + command: radosgw-admin user create --uid="staticfiles" --display-name="static files user" --caps="users=*;buckets=*;metadata=*" --access-key="{{ vault_aws_access_key_id }}" --secret-key="{{ vault_aws_secret_access_key }}" + run_once: true + become: true diff --git a/ansible/library/kubectl_apply_manifest.py b/ansible/library/kubectl_apply_manifest.py new file mode 100755 index 0000000..75c68cb --- /dev/null +++ b/ansible/library/kubectl_apply_manifest.py @@ -0,0 +1,73 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +#!/usr/bin/python +import os +from ansible.module_utils.basic import AnsibleModule + + +def kubectl_apply_manifest(module, manifest, kubeconfig): + kubectl_path = module.get_bin_path('kubectl', required=True) + args = [kubectl_path, '--kubeconfig', kubeconfig, 'apply', '-f', manifest] + return module.run_command(args) + + +def main(): + module = AnsibleModule( + argument_spec=dict( + manifest=dict(required=True), + kubeconfig=dict(default=os.environ['KUBECONFIG']) + ), + ) + + manifest = module.params['manifest'] + kubeconfig = module.params['kubeconfig'] + + if kubeconfig is None: + msg = "Could not apply manifest, kubeconfig not specified" + module.fail_json(msg=msg) + + rc, stdout, stderr = kubectl_apply_manifest(module, manifest, kubeconfig) + if rc == 0: + module.exit_json(changed=True, stdout=stdout) + else: + msg = "Could not apply manifest" + module.fail_json(msg=msg + " " + stderr) + +if __name__ == "__main__": + main() diff --git a/ansible/requirements.yml b/ansible/requirements.yml new file mode 100755 index 0000000..ea1e8d0 --- /dev/null +++ b/ansible/requirements.yml @@ -0,0 +1,57 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +- src: https://github.com/ceph/ansible-ceph-common.git + version: v2.2.10 + name: ceph.ceph-common + +- src: https://github.com/ceph/ansible-ceph-docker-common.git + version: master + name: ceph.ceph-docker-common + +- src: https://github.com/ceph/ansible-ceph-rgw.git + version: v2.2.10 + name: ceph.ceph-rgw + +- src: https://github.com/ceph/ansible-ceph-mon.git + version: v2.2.10 + name: ceph.ceph-mon + +- src: https://github.com/ceph/ansible-ceph-osd.git + version: v2.2.10 + name: ceph.ceph-osd diff --git a/ansible/roles/ansible-vvp-bootstrap/.gitignore b/ansible/roles/ansible-vvp-bootstrap/.gitignore new file mode 100755 index 0000000..5109f81 --- /dev/null +++ b/ansible/roles/ansible-vvp-bootstrap/.gitignore @@ -0,0 +1,2 @@ +*.swp +.sw* diff --git a/ansible/roles/ansible-vvp-bootstrap/.travis.yml b/ansible/roles/ansible-vvp-bootstrap/.travis.yml new file mode 100755 index 0000000..1b9ad49 --- /dev/null +++ b/ansible/roles/ansible-vvp-bootstrap/.travis.yml @@ -0,0 +1,64 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check diff --git a/ansible/roles/ansible-vvp-bootstrap/defaults/main.yml b/ansible/roles/ansible-vvp-bootstrap/defaults/main.yml new file mode 100755 index 0000000..9d39136 --- /dev/null +++ b/ansible/roles/ansible-vvp-bootstrap/defaults/main.yml @@ -0,0 +1,39 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +sysdig_access_key: "{{ vault_sysdig_access_key | default('') }}" diff --git a/ansible/roles/ansible-vvp-bootstrap/files/iceundionly.kpxe b/ansible/roles/ansible-vvp-bootstrap/files/iceundionly.kpxe Binary files differnew file mode 100755 index 0000000..ccda67b --- /dev/null +++ b/ansible/roles/ansible-vvp-bootstrap/files/iceundionly.kpxe diff --git a/ansible/roles/ansible-vvp-bootstrap/meta/.galaxy_install_info b/ansible/roles/ansible-vvp-bootstrap/meta/.galaxy_install_info new file mode 100755 index 0000000..0b7735f --- /dev/null +++ b/ansible/roles/ansible-vvp-bootstrap/meta/.galaxy_install_info @@ -0,0 +1,39 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +{install_date: 'Thu Jul 20 18:38:57 2017', version: develop} diff --git a/ansible/roles/ansible-vvp-bootstrap/meta/main.yml b/ansible/roles/ansible-vvp-bootstrap/meta/main.yml new file mode 100755 index 0000000..6b0bfdd --- /dev/null +++ b/ansible/roles/ansible-vvp-bootstrap/meta/main.yml @@ -0,0 +1,38 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. diff --git a/ansible/roles/ansible-vvp-bootstrap/tasks/dnsmasq.yml b/ansible/roles/ansible-vvp-bootstrap/tasks/dnsmasq.yml new file mode 100755 index 0000000..48dad1c --- /dev/null +++ b/ansible/roles/ansible-vvp-bootstrap/tasks/dnsmasq.yml @@ -0,0 +1,103 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +- name: Install nf_conntrack_tftp + modprobe: + name: nf_conntrack_tftp + state: present + +- name: Copy our pxe client + copy: src=iceundionly.kpxe dest="{{files_dir}}/iceundionly.kpxe" + when: pxe_chainload + +- name: Create DNSMASQ leases file + file: path="{{files_dir}}/leases" mode=0644 state=touch + +- name: DROP DNS, tftp requests from public + shell: iptables -I INPUT 1 -p udp --dport {{item}} -i {{ops_public_interface}} -j DROP + with_items: + - 53 + - 69 + +- name: DROP DNS, tftp requests to public + shell: iptables -I OUTPUT 1 -p udp --sport {{item}} -o {{ops_public_interface}} -j DROP + with_items: + - 53 + - 69 + +- name: Allow Inbound UDP DHCP Requests + shell: iptables -A INPUT -p udp --dport {{item}} -j ACCEPT + with_items: + - 53 + - 67:69 + +- name: Allow Outbound UDP DNS, DHCP + shell: iptables -A OUTPUT -p udp --sport {{item}} -j ACCEPT + with_items: + - 53 + - 67:69 + +- name: Allow TFTP file transfers on arbitrary ports. + shell: 'iptables -A OUTPUT -p udp -o {{ ops_management_interface }} --sport 1023: --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT' + +- name: Allow TFTP file transfers on arbitrary ports. + shell: 'iptables -A INPUT -p udp -i {{ops_management_interface}} --dport 1023: -m state --state ESTABLISHED,RELATED -j ACCEPT' + +- name: Render DNSMASQ configuration + template: + src: dnsmasq.conf.j2 + dest: "{{files_dir}}/dnsmasq.conf" + +- name: Is dnsmasq already running? + shell: docker ps | grep dnsmasq | awk '{ print $1 }' + register: dnsmasq_id + +- name: Kill dnsmasq! + shell: docker kill "{{dnsmasq_id.stdout}}" + when: dnsmasq_id.stdout != "" + +- name: Start DNSMASQ + command: "docker run -d + --net=host + --cap-add=NET_ADMIN + -v {{files_dir}}/leases:/var/lib/misc/dnsmasq.leases:Z + -v {{files_dir}}/dnsmasq.conf:/etc/dnsmasq.conf:Z +{% if pxe_chainload %} + -v {{files_dir}}/iceundionly.kpxe:/var/lib/tftpboot/iceundionly.kpxe:Z +{% endif %} + quay.io/coreos/dnsmasq -d -q" diff --git a/ansible/roles/ansible-vvp-bootstrap/tasks/main.yml b/ansible/roles/ansible-vvp-bootstrap/tasks/main.yml new file mode 100755 index 0000000..48b545e --- /dev/null +++ b/ansible/roles/ansible-vvp-bootstrap/tasks/main.yml @@ -0,0 +1,183 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +- name: install packages + yum: + name: "{{ item }}" + state: present + with_items: + - docker + tags: + - bootstrap + +- name: Is our management IP set? + shell: "ip addr show {{ops_management_interface}} | grep {{ops_management_ip}}" + register: mgmt_ip + tags: + - bootstrap + ignore_errors: True + +- name: Set interface address + command: ip addr add {{ops_management_ip}}/24 dev {{ops_management_interface}} + when: mgmt_ip.stdout == "" + tags: + - bootstrap + +- name: Temporarily allow all INPUT + shell: iptables -P INPUT ACCEPT + tags: + - always + +- name: Temporarily allow all OUTPUT + shell: iptables -P OUTPUT ACCEPT + tags: + - always + +- name: Flush all IPTables Rules (non nat) + shell: iptables -F + tags: + - always + +- name: Allow SSH for development environments + shell: iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT + when: ice_environment == "development" + tags: + - always + +- name: Allow SSH out for development environments + shell: iptables -A OUTPUT -p tcp -o eth0 --sport 22 -j ACCEPT + when: ice_environment == "development" + tags: + - always + +- name: Allow SSH out for development environments + shell: iptables -A OUTPUT -p tcp -o {{ops_management_interface}} --sport 22 -j ACCEPT + when: ice_environment != "development" + tags: + - always + +- name: Allow SSH for non-development environments + shell: iptables -A INPUT -p tcp -i {{ops_management_interface}} --dport 22 -j ACCEPT + when: ice_environment != "development" + tags: + - always + +- name: Allow Outbound UDP DNS + shell: iptables -A OUTPUT -p udp --dport 53 -j ACCEPT + +- name: Allow Inbound UDP DNS replies + shell: iptables -A INPUT -p udp --sport 53 -j ACCEPT + +- name: Allow Outbound Web Requests + shell: iptables -A OUTPUT -p tcp --dport {{item}} -j ACCEPT + with_items: + - 443 + - 80 + +- name: Allow Inbound Web Replies + shell: iptables -A INPUT -p tcp --sport {{item}} -m state --state ESTABLISHED,RELATED -j ACCEPT + with_items: + - 443 + - 80 +- name: Drop INPUT + shell: iptables -P INPUT DROP + tags: + - always + +- name: Drop OUTPUT + shell: iptables -P OUTPUT DROP + tags: + - always + +- name: Drop FORWARD + shell: iptables -P FORWARD DROP + tags: + - always + +- name: set additional interfaces ip + command: ip addr add {{item.value}} dev {{item.key}} + when: hostvars[inventory_hostname]["ansible_%s" % item.key] and (hostvars[inventory_hostname]["ansible_%s" % item.key]['ipv4'] is not defined or not item.value.split('/')[0] in hostvars[inventory_hostname]["ansible_%s" % item.key]['ipv4']['address']) + with_dict: "{{ additional_interfaces }}" + +- name: Bring additional interfaces up + command: ifup {{item.key}} + when: hostvars[inventory_hostname]["ansible_%s" % item.key] and (hostvars[inventory_hostname]["ansible_%s" % item.key]['ipv4'] is not defined or not item.value.split('/')[0] in hostvars[inventory_hostname]["ansible_%s" % item.key]['ipv4']['address']) + with_dict: "{{ additional_interfaces }}" + +- name: Add self to resolv.conf + lineinfile: + dest: /etc/resolv.conf + line: "nameserver {{ops_management_ip}}" + insertbefore: BOF + +- name: start docker + command: systemctl restart docker + tags: + - always + +- name: Disable Forwarding + command: "echo 0 > /proc/sys/net/ipv4/ip_forward" + tags: + - bootstrap + +######################### +# FILESYSTEM +# +- name: Create files DIR + file: state=directory path="{{files_dir}}" mode=0755 + tags: + - bootstrap + - tls + +- include: matchbox.yml + tags: + - bootstrap + - matchbox + + +- include: tls.yml + tags: + - bootstrap + - tls + +- include: dnsmasq.yml + tags: + - bootstrap + - dnsmasq + diff --git a/ansible/roles/ansible-vvp-bootstrap/tasks/matchbox.yml b/ansible/roles/ansible-vvp-bootstrap/tasks/matchbox.yml new file mode 100755 index 0000000..7e4ea87 --- /dev/null +++ b/ansible/roles/ansible-vvp-bootstrap/tasks/matchbox.yml @@ -0,0 +1,137 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +- name: Create assets directory + file: path="{{coreos_assets_dir}}" state=directory mode="0755" + tags: + - bootstrap + - matchbox + +- name: Download PXE image + get_url: url="http://{{coreos_channel}}.release.core-os.net/amd64-usr/{{coreos_version}}/{{item}}" dest="{{coreos_assets_dir}}/{{item}}" + with_items: + - "coreos_production_pxe.vmlinuz" + - "coreos_production_pxe.vmlinuz.sig" + - "coreos_production_pxe_image.cpio.gz" + - "coreos_production_pxe_image.cpio.gz.sig" + - "coreos_production_image.bin.bz2" + - "coreos_production_image.bin.bz2.sig" + tags: + - bootstrap + - matchbox + +- name: Retrieve the signing key + get_url: url="https://coreos.com/security/image-signing-key/CoreOS_Image_Signing_Key.asc" dest="{{coreos_assets_dir}}/CoreOS_Image_Signing_Key.asc" + tags: + - bootstrap + - matchbox + +- name: Import signing key + command: "gpg --import {{coreos_assets_dir}}/CoreOS_Image_Signing_Key.asc" + tags: + - bootstrap + - matchbox + +- name: Adding trust for CoreOS Signing key + command: 'echo "04126D0BFABEC8871FFB2CCE50E0885593D2DCB4:6:" | gpg --import-ownertrust' + tags: + - bootstrap + - matchbox + +- name: Verifying vmlinuz + command: "gpg --verify {{coreos_assets_dir}}/{{item}}" + with_items: + - "coreos_production_pxe.vmlinuz.sig" + - "coreos_production_pxe_image.cpio.gz.sig" + tags: + - bootstrap + - matchbox + + +- name: Create matchbox directory + file: path="{{matchbox_dir}}" state=directory mode=0754 + tags: + - bootstrap + - matchbox + +- name: Create groups, profiles and ignition directories + file: path="{{matchbox_dir}}/{{item}}" state=directory mode=0754 + with_items: + - groups + - profiles + - ignition + +- name: matchbox k7 groups templates + template: + src: "groups/group.json.j2" + dest: "{{matchbox_dir}}/groups/{{item.name}}.json" + with_items: "{{hosts}}" + when: item.os == "coreos" + +- name: Allow Inbound 8080 web requests + shell: iptables -A INPUT -p udp --dport 8080 -i {{ops_management_interface}} -j ACCEPT + +- name: Allow Outbound 8080 web replies + shell: iptables -A OUTPUT -p udp --sport 8080 -o {{ops_management_interface}} -j ACCEPT + +- name: Create TLS assets directory + file: path="{{assets_dir}}/tls" state=directory mode=643 + +- name: matchbox k8 other templates + template: + src: "{{item}}.j2" + dest: "{{matchbox_dir}}/{{item}}" + with_items: + - groups/install.json + - profiles/controller.json + - profiles/worker.json + - profiles/install-reboot.json + - ignition/controller.yaml + - ignition/coreos-install.yaml + - ignition/worker.yaml + +- name: Is matchbox already running? + shell: docker ps | grep matchbox | awk '{ print $1 }' + register: matchbox_id + +- name: Kill matchbox! + shell: docker kill {{matchbox_id.stdout}} + when: matchbox_id.stdout != "" + +- name: matchbox docker + command: docker run -d -p {{ops_management_ip}}:8080:8080 -v {{assets_dir}}:/assets:Z -v {{matchbox_dir}}:/var/lib/matchbox:Z quay.io/coreos/matchbox:v0.5.0 -address=0.0.0.0:8080 -log-level=debug -assets-path=/assets diff --git a/ansible/roles/ansible-vvp-bootstrap/tasks/tls.yml b/ansible/roles/ansible-vvp-bootstrap/tasks/tls.yml new file mode 100755 index 0000000..e0346cf --- /dev/null +++ b/ansible/roles/ansible-vvp-bootstrap/tasks/tls.yml @@ -0,0 +1,150 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +- name: create TLS dir + file: + state: directory + path: "{{files_dir}}/tls" + mode: 0755 + tags: + - bootstrap + - tls + +- name: create TLS dir + file: + state: directory + path: "{{assets_dir}}/tls" + mode: 0755 + tags: + - bootstrap + - tls + +- stat: path="{{files_dir}}/tls/ca-key.pem" + register: ca_key + +- name: create root CA + shell: openssl genrsa -out {{files_dir}}/tls/ca-key.pem 2048 + when: not ca_key.stat.exists + +- stat: path="{{files_dir}}/tls/ca.pem" + register: ca + +- name: create self signed cert + shell: openssl req -x509 -new -nodes -key {{files_dir}}/tls/ca-key.pem -days 10000 -out {{files_dir}}/tls/ca.pem -subj "/CN=kube-ca" + when: not ca.stat.exists + +- name: Generate Config File + template: + src: openssl.config.j2 + dest: "{{files_dir}}/tls/{{item}}-openssl.config" + with_items: + - admin + - apiserver + - worker + +- stat: path={{files_dir}}/tls/{{item}}-key.pem + register: keyfiles + with_items: + - admin + - apiserver + - worker + +- name: create keyfile + shell: openssl genrsa -out {{files_dir}}/tls/{{item.item}}-key.pem 2048 + with_items: "{{keyfiles.results}}" + when: not item.stat.exists + +- stat: path={{files_dir}}/tls/{{item}}.csr + register: csr_files + with_items: + - admin + - apiserver + - worker + +- name: Create csr + shell: openssl req -new -key {{files_dir}}/tls/{{item.item}}-key.pem -out {{files_dir}}/tls/{{item.item}}.csr -subj "/CN=kube-{{item.item}}" -config {{files_dir}}/tls/{{item.item}}-openssl.config + with_items: "{{csr_files.results}}" + when: not item.stat.exists + +- stat: path={{files_dir}}/tls/{{item}}.pem + register: pem_files + with_items: + - admin + - apiserver + - worker + +- name: Create pemfile + shell: openssl x509 -req -in {{files_dir}}/tls/{{item.item}}.csr -CA {{files_dir}}/tls/ca.pem -CAkey {{files_dir}}/tls/ca-key.pem -CAcreateserial -out {{files_dir}}/tls/{{item.item}}.pem -days 365 -extensions v3_req -extfile {{files_dir}}/tls/{{item.item}}-openssl.config + with_items: "{{pem_files.results}}" + when: not item.stat.exists + +- name: Copy tls related files to assets + copy: + src: "{{files_dir}}/{{item}}" + dest: "{{assets_dir}}/{{item}}" + remote_src: yes + backup: yes + with_items: + - tls/apiserver-key.pem + - tls/apiserver.pem + - tls/ca.pem + - tls/worker-key.pem + - tls/worker.pem + +- name: Encode Admin Cert + shell: base64 -w 0 {{files_dir}}/tls/admin.pem + register: ADMIN_CERT_BASE64 + +- name: Encode Admin Key + shell: base64 -w 0 {{files_dir}}/tls/admin-key.pem + register: ADMIN_KEY_BASE64 + +- name: Encode CA Cert + shell: base64 -w 0 {{files_dir}}/tls/ca.pem + register: CA_CERT_BASE64 + +- name: Render kubeconfig + template: + src: kubeconfig.j2 + dest: "{{files_dir}}/kubeconfig" + +- name: Fetch the new kubeconfig + fetch: + src: "{{files_dir}}/kubeconfig" + dest: "{{inventory_dir}}/../k8/" + flat: yes diff --git a/ansible/roles/ansible-vvp-bootstrap/templates/dnsmasq.conf.j2 b/ansible/roles/ansible-vvp-bootstrap/templates/dnsmasq.conf.j2 new file mode 100755 index 0000000..2908165 --- /dev/null +++ b/ansible/roles/ansible-vvp-bootstrap/templates/dnsmasq.conf.j2 @@ -0,0 +1,73 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +domain={{domain}} +{% for range in dhcp_ranges %} +dhcp-range={{range}} +{% endfor %} +{% if ice_environment != 'development' %} +dhcp-option={{ops_management_interface}},121,10.252.0.0/16,{{management_gateway}} +dhcp-option=tag:#coreos,{{ops_management_interface}},3,{{management_gateway}} +dhcp-option=tag:coreos,{{ops_management_interface}},3 +{% endif %} +{% for interface in additional_gateways.keys() %} +dhcp-option={{interface}},3{% if additional_gateways[interface] != '' %},{{additional_gateways[interface]}} {% endif %} + +dhcp-option=#{{ops_management_interface}},6 +{% endfor %} +enable-tftp +tftp-root=/var/lib/tftpboot +{% if pxe_boot %} + {% if pxe_chainload %} +dhcp-userclass=set:iceundi,ICEPXE +dhcp-boot=tag:coreos,tag:#iceundi,iceundionly.kpxe + {% else %} +dhcp-userclass=set:iceundi,iPXE +dhcp-boot=tag:coreos,tag:#iceundi,undionly.kpxe + {% endif %} +dhcp-boot=tag:iceundi,http://{{ops_management_ip}}:8080/boot.ipxe +{% endif %} +{% for host in hosts %} + {% for config in host.dnsmasq_config %} +dhcp-host={{config}} + {% endfor %} +{% endfor %} +dhcp-ignore=tag:#known +log-queries +log-dhcp +bogus-priv diff --git a/ansible/roles/ansible-vvp-bootstrap/templates/groups/group.json.j2 b/ansible/roles/ansible-vvp-bootstrap/templates/groups/group.json.j2 new file mode 100755 index 0000000..f7faa70 --- /dev/null +++ b/ansible/roles/ansible-vvp-bootstrap/templates/groups/group.json.j2 @@ -0,0 +1,73 @@ +{# +-*- encoding: utf-8 -*- +============LICENSE_START======================================================= +org.onap.vvp/engagementmgr +=================================================================== +Copyright © 2017 AT&T Intellectual Property. All rights reserved. +=================================================================== + +Unless otherwise specified, all software contained herein is licensed +under the Apache License, Version 2.0 (the “License”); +you may not use this software except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + + + +Unless otherwise specified, all documentation contained herein is licensed +under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +you may not use this documentation except in compliance with the License. +You may obtain a copy of the License at + + https://creativecommons.org/licenses/by/4.0/ + +Unless required by applicable law or agreed to in writing, documentation +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +============LICENSE_END============================================ + + ECOMP is a trademark and service mark of AT&T Intellectual Property. +#} +{ + "id": "{{item.name}}", + "name": "k8s node", + "profile": "{{item.role}}", + "selector": { + "mac": "{{item.mac}}", + "os": "installed" + }, + "metadata": { + "ssh_ip": "{{item.ssh_ip}}", + "k8s_flanneld_iface": "{{flanneld_interface}}", + "container_runtime": "{{container_runtime | default('rkt')}}", + "domain_name": "{{item.name}}.{{domain}}", + "etcd_initial_peers": "http://{{item.name}}.{{domain}}:2380", + "etcd_initial_cluster": "{% for host in hosts %}{% if host.etcd_role == "member" %}{{host.name}}=http://{{host.name}}.{{domain}}:2380,{% endif %}{% endfor %}", + "etcd_name": "{{item.name}}", + "k8s_version": "{{k8s_version}}", + "k8s_cert_endpoint": "http://{{ops_management_ip}}:8080/assets", + "k8s_dns_service_ip": "10.3.0.10", + "k8s_etcd_endpoints": "{% for host in hosts %}{% if host.etcd_role == "member" %}http://{{host.name}}.{{domain}}:2379,{% endif %}{% endfor %}", + "sysdig_access_key": "{{ sysdig_access_key| default('') }}", +{% if item.role == "controller" %} + "k8s_apiserver_advertise_address": "{{k8s_apiserver_advertise_address}}", + "k8s_controller_port": "{{k8s_controller_port}}", + "k8s_pod_network": "10.2.0.0/16", + "k8s_service_ip_range": "10.3.0.0/24", +{% else %} + "k8s_controller_endpoint": "https://{{(hosts|selectattr('role', 'equalto', 'controller')|first).name}}.{{domain}}:{{k8s_controller_port}}", +{% endif %} + "ssh_authorized_keys": [{% for key in ssh_keys %}"{{key}}"{% if not loop.last %},{% endif %}{% endfor %}], + "ignition_endpoint": "http://{{ops_management_ip}}:8080/ignition" + } +} diff --git a/ansible/roles/ansible-vvp-bootstrap/templates/groups/install.json.j2 b/ansible/roles/ansible-vvp-bootstrap/templates/groups/install.json.j2 new file mode 100755 index 0000000..bf9284f --- /dev/null +++ b/ansible/roles/ansible-vvp-bootstrap/templates/groups/install.json.j2 @@ -0,0 +1,51 @@ +{# +-*- encoding: utf-8 -*- +============LICENSE_START======================================================= +org.onap.vvp/engagementmgr +=================================================================== +Copyright © 2017 AT&T Intellectual Property. All rights reserved. +=================================================================== + +Unless otherwise specified, all software contained herein is licensed +under the Apache License, Version 2.0 (the “License”); +you may not use this software except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + + + +Unless otherwise specified, all documentation contained herein is licensed +under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +you may not use this documentation except in compliance with the License. +You may obtain a copy of the License at + + https://creativecommons.org/licenses/by/4.0/ + +Unless required by applicable law or agreed to in writing, documentation +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +============LICENSE_END============================================ + + ECOMP is a trademark and service mark of AT&T Intellectual Property. +#} +{ + "id": "coreos-install", + "name": "CoreOS Install", + "profile": "install-reboot", + "metadata": { + "coreos_channel": "{{coreos_channel}}", + "coreos_version": "{{coreos_version}}", + "ignition_endpoint": "http://{{ops_management_ip}}:8080/ignition", + "ssh_authorized_keys": [{% for key in ssh_keys %}"{{key}}"{% if not loop.last %},{% endif %}{% endfor %}] + } +} diff --git a/ansible/roles/ansible-vvp-bootstrap/templates/ignition/controller.yaml.j2 b/ansible/roles/ansible-vvp-bootstrap/templates/ignition/controller.yaml.j2 new file mode 100755 index 0000000..ff8e0b8 --- /dev/null +++ b/ansible/roles/ansible-vvp-bootstrap/templates/ignition/controller.yaml.j2 @@ -0,0 +1,872 @@ +{# +-*- encoding: utf-8 -*- +============LICENSE_START======================================================= +org.onap.vvp/engagementmgr +=================================================================== +Copyright © 2017 AT&T Intellectual Property. All rights reserved. +=================================================================== + +Unless otherwise specified, all software contained herein is licensed +under the Apache License, Version 2.0 (the “License”); +you may not use this software except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + + + +Unless otherwise specified, all documentation contained herein is licensed +under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +you may not use this documentation except in compliance with the License. +You may obtain a copy of the License at + + https://creativecommons.org/licenses/by/4.0/ + +Unless required by applicable law or agreed to in writing, documentation +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +============LICENSE_END============================================ + + ECOMP is a trademark and service mark of AT&T Intellectual Property. +#} +--- +systemd: + units: +{% for mount in mounts %} + - name: {{mount.name}}.mount + enable: true + contents: | + [Mount] + What={{mount.dev}} + Where={{mount.dest}} + Type={{mount.type}} + [Install] + WantedBy=local-fs.target +{% endfor %} + - name: ice-filesystems.service + enable: true + contents: | + [Unit] + After=systemd-tmpfiles-setup.service + [Service] + Type=oneshot + {% if manually_grow_root %} + ExecStart=/usr/bin/cgpt resize /dev/sda9 + ExecStart=/usr/sbin/xfs_growfs /dev/sda9 + {% endif %} + ExecStart=/usr/bin/cp -r --preserve=all /usr/share/coreos /etc/coreos + ExecStart=/usr/bin/systemctl disable ice-filesystems.service + [Install] + WantedBy=multi-user.target {% raw %} + - name: sshd.socket + enable: true + contents: | + [Unit] + Description=OpenSSH Server Socket + Conflicts=sshd.service + + [Socket] + ListenStream={{.ssh_ip}}:22 + FreeBind=true + Accept=yes + + [Install] + WantedBy=sockets.target + - name: etcd2.service + enable: true + dropins: + - name: 40-etcd-cluster.conf + contents: | + [Service] + Environment="ETCD_NAME={{.etcd_name}}" + Environment="ETCD_ADVERTISE_CLIENT_URLS=http://{{.domain_name}}:2379" + Environment="ETCD_INITIAL_ADVERTISE_PEER_URLS={{.etcd_initial_peers}}" + Environment="ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379" + Environment="ETCD_LISTEN_PEER_URLS=http://0.0.0.0:2380" + Environment="ETCD_INITIAL_CLUSTER={{.etcd_initial_cluster}}" + Environment="ETCD_STRICT_RECONFIG_CHECK=true" + - name: flanneld.service + dropins: + - name: 40-ExecStartPre-symlink.conf + contents: | + [Service] + EnvironmentFile=-/etc/flannel/options.env + ExecStartPre=/opt/init-flannel + - name: docker.service + dropins: + - name: 40-flannel.conf + contents: | + [Unit] + Requires=flanneld.service + After=flanneld.service + [Service] + EnvironmentFile=/etc/kubernetes/cni/docker_opts_cni.env + - name: locksmithd.service + dropins: + - name: 40-etcd-lock.conf + contents: | + [Service] + Environment="REBOOT_STRATEGY=off" + - name: k8s-certs@.service + contents: | + [Unit] + Description=Fetch Kubernetes certificate assets + Requires=network-online.target + After=network-online.target + [Service] + ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/ssl + ExecStart=/usr/bin/bash -c "[ -f /etc/kubernetes/ssl/%i ] || curl {{.k8s_cert_endpoint}}/tls/%i -o /etc/kubernetes/ssl/%i" + - name: k8s-assets.target + contents: | + [Unit] + Description=Load Kubernetes Assets + Requires=k8s-certs@apiserver.pem.service + After=k8s-certs@apiserver.pem.service + Requires=k8s-certs@apiserver-key.pem.service + After=k8s-certs@apiserver-key.pem.service + Requires=k8s-certs@ca.pem.service + After=k8s-certs@ca.pem.service + - name: kubelet.service + enable: true + contents: | + [Unit] + Description=Kubelet via Hyperkube ACI + Wants=flanneld.service + Requires=k8s-assets.target + After=k8s-assets.target + [Service] + Environment=KUBELET_VERSION={{.k8s_version}} + Environment="RKT_OPTS=--uuid-file-save=/var/run/kubelet-pod.uuid \ + --volume dns,kind=host,source=/etc/resolv.conf \ + --mount volume=dns,target=/etc/resolv.conf \ + {{ if eq .container_runtime "rkt" -}} + --volume rkt,kind=host,source=/opt/bin/host-rkt \ + --mount volume=rkt,target=/usr/bin/rkt \ + --volume var-lib-rkt,kind=host,source=/var/lib/rkt \ + --mount volume=var-lib-rkt,target=/var/lib/rkt \ + --volume stage,kind=host,source=/tmp \ + --mount volume=stage,target=/tmp \ + {{ end -}} + --volume modprobe,kind=host,source=/usr/sbin/modprobe \ + --mount volume=modprobe,target=/usr/sbin/modprobe \ + --volume lib-modules,kind=host,source=/lib/modules \ + --mount volume=lib-modules,target=/lib/modules \ + --volume mkfsxfs,kind=host,source=/usr/sbin/mkfs.xfs \ + --mount volume=mkfsxfs,target=/usr/sbin/mkfs.xfs \ + --volume libxfs,kind=host,source=/lib64/libxfs.so.0 \ + --mount volume=libxfs,target=/lib64/libxfs.so.0 \ + --volume var-log,kind=host,source=/var/log \ + --mount volume=var-log,target=/var/log" + ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/manifests + ExecStartPre=/usr/bin/mkdir -p /var/log/containers + ExecStartPre=/usr/bin/systemctl is-active flanneld.service + ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/run/kubelet-pod.uuid + ExecStart=/usr/lib/coreos/kubelet-wrapper \ + --api-servers=http://127.0.0.1:8080 \ + --register-schedulable=true \ + --cni-conf-dir=/etc/kubernetes/cni/net.d \ + --network-plugin=cni \ + --container-runtime={{.container_runtime}} \ + --rkt-path=/usr/bin/rkt \ + --rkt-stage1-image=coreos.com/rkt/stage1-coreos \ + --allow-privileged=true \ + --pod-manifest-path=/etc/kubernetes/manifests \ + --hostname-override={{.domain_name}} \ + --cluster_dns={{.k8s_dns_service_ip}} \ + --cluster_domain=cluster.local + ExecStop=-/usr/bin/rkt stop --uuid-file=/var/run/kubelet-pod.uuid + Restart=always + RestartSec=10 + [Install] + WantedBy=multi-user.target + - name: k8s-addons.service + enable: true + contents: | + [Unit] + Description=Kubernetes Addons + [Service] + Type=oneshot + ExecStart=/opt/k8s-addons + [Install] + WantedBy=multi-user.target + {{ if eq .container_runtime "rkt" }} + - name: rkt-api.service + enable: true + contents: | + [Unit] + Before=kubelet.service + [Service] + ExecStart=/usr/bin/rkt api-service + Restart=always + RestartSec=10 + [Install] + RequiredBy=kubelet.service + - name: load-rkt-stage1.service + enable: true + contents: | + [Unit] + Description=Load rkt stage1 images + Documentation=http://github.com/coreos/rkt + Requires=network-online.target + After=network-online.target + Before=rkt-api.service + [Service] + Type=oneshot + RemainAfterExit=yes + ExecStart=/usr/bin/rkt fetch /usr/lib/rkt/stage1-images/stage1-coreos.aci /usr/lib/rkt/stage1-images/stage1-fly.aci --insecure-options=image + [Install] + RequiredBy=rkt-api.service + {{ end }} + {{if ne .sysdig_access_key "" }} + - name: sysdig.service + enable: true + contents: | + [Unit] + Description=Sysdig Cloud Agent + After=docker.service + Requires=docker.service + [Service] + TimeoutStartSec=0 + ExecStartPre=-/usr/bin/docker kill sysdig-agent + ExecStartPre=-/usr/bin/docker rm sysdig-agent + ExecStartPre=-/usr/bin/docker rmi sysdig-agent + ExecStartPre=/usr/bin/docker pull sysdig/agent +{% endraw %} + ExecStart=/usr/bin/docker run --name sysdig-agent --privileged --net host --pid host -e ADDITIONAL_CONF="app_checks:\n - name: nginx\n enabled: false" -e ACCESS_KEY={{sysdig_access_key}} -e TAGS=deploy_environment:staging -v /var/lib/rkt:/host/var/lib/rkt:ro -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro sysdig/agent {% raw %} + ExecStop=/usr/bin/docker stop sysdig-agent + [Install] + WantedBy=multi-user.target + RequiredBy=k8-addons.service + {{ end }} +storage: + filesystems: +{% endraw %} +{% for fs in filesystems %} + - name: {{fs.device}} + mount: + device: {{fs.device}} + format: {{fs.format}} + create: + force: {{fs.create.force}} +{% if "options" in fs.create.keys() %} + options: +{% for option in fs.create.options %} + - {{option}} +{% endfor %} +{% endif %} +{% endfor %}{% raw %} + files: + - path: /etc/kubernetes/cni/net.d/10-flannel.conf + filesystem: root + contents: + inline: | + { + "name": "podnet", + "type": "flannel", + "delegate": { + "isDefaultGateway": true + } + } + - path: /etc/kubernetes/cni/docker_opts_cni.env + filesystem: root + contents: + inline: | + DOCKER_OPT_BIP="" + DOCKER_OPT_IPMASQ="" + - path: /etc/sysctl.d/max-user-watches.conf + filesystem: root + contents: + inline: | + fs.inotify.max_user_watches=16184 + - path: /etc/kubernetes/manifests/kube-proxy.yaml + filesystem: root + contents: + inline: | + apiVersion: v1 + kind: Pod + metadata: + name: kube-proxy + namespace: kube-system + annotations: + rkt.alpha.kubernetes.io/stage1-name-override: coreos.com/rkt/stage1-fly + spec: + hostNetwork: true + containers: + - name: kube-proxy + image: quay.io/coreos/hyperkube:{{.k8s_version}} + command: + - /hyperkube + - proxy + - --master=http://127.0.0.1:8080 + - --cluster-cidr={{.k8s_service_ip_range}} + securityContext: + privileged: true + volumeMounts: + - mountPath: /etc/ssl/certs + name: ssl-certs-host + readOnly: true + - mountPath: /var/run/dbus + name: dbus + readOnly: false + volumes: + - hostPath: + path: /usr/share/ca-certificates + name: ssl-certs-host + - hostPath: + path: /var/run/dbus + name: dbus + - path: /etc/kubernetes/manifests/kube-apiserver.yaml + filesystem: root + contents: + inline: | + apiVersion: v1 + kind: Pod + metadata: + name: kube-apiserver + namespace: kube-system + spec: + hostNetwork: true + containers: + - name: kube-apiserver + image: quay.io/coreos/hyperkube:{{.k8s_version}} + command: + - /hyperkube + - apiserver + - --bind-address=0.0.0.0 + - --advertise-address={{.k8s_apiserver_advertise_address}} + - --etcd-servers={{.k8s_etcd_endpoints}} + - --allow-privileged=true + - --service-cluster-ip-range={{.k8s_service_ip_range}} + - --secure-port={{.k8s_controller_port}} + - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota + - --tls-cert-file=/etc/kubernetes/ssl/apiserver.pem + - --tls-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem + - --client-ca-file=/etc/kubernetes/ssl/ca.pem + - --service-account-key-file=/etc/kubernetes/ssl/apiserver-key.pem + - --runtime-config=extensions/v1beta1/networkpolicies=true + - --anonymous-auth=false + livenessProbe: + httpGet: + host: 127.0.0.1 + port: 8080 + path: /healthz + initialDelaySeconds: 15 + timeoutSeconds: 15 + ports: + - containerPort: {{.k8s_controller_port}} + hostPort: {{.k8s_controller_port}} + name: https + - containerPort: 8080 + hostPort: 8080 + name: local + volumeMounts: + - mountPath: /etc/kubernetes/ssl + name: ssl-certs-kubernetes + readOnly: true + - mountPath: /etc/ssl/certs + name: ssl-certs-host + readOnly: true + volumes: + - hostPath: + path: /etc/kubernetes/ssl + name: ssl-certs-kubernetes + - hostPath: + path: /usr/share/ca-certificates + name: ssl-certs-host + - path: /etc/flannel/options.env + filesystem: root + contents: + inline: | + FLANNELD_ETCD_ENDPOINTS={{.k8s_etcd_endpoints}} + FLANNELD_IFACE={{.k8s_flanneld_iface}} + - path: /etc/kubernetes/manifests/kube-controller-manager.yaml + filesystem: root + contents: + inline: | + apiVersion: v1 + kind: Pod + metadata: + name: kube-controller-manager + namespace: kube-system + spec: + containers: + - name: kube-controller-manager + image: quay.io/coreos/hyperkube:{{.k8s_version}} + command: + - /hyperkube + - controller-manager + - --master=http://127.0.0.1:8080 + - --leader-elect=true + - --service-account-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem + - --root-ca-file=/etc/kubernetes/ssl/ca.pem + resources: + requests: + cpu: 200m + livenessProbe: + httpGet: + host: 127.0.0.1 + path: /healthz + port: 10252 + initialDelaySeconds: 15 + timeoutSeconds: 15 + volumeMounts: + - mountPath: /etc/kubernetes/ssl + name: ssl-certs-kubernetes + readOnly: true + - mountPath: /etc/ssl/certs + name: ssl-certs-host + readOnly: true + hostNetwork: true + volumes: + - hostPath: + path: /etc/kubernetes/ssl + name: ssl-certs-kubernetes + - hostPath: + path: /usr/share/ca-certificates + name: ssl-certs-host + - path: /etc/kubernetes/manifests/kube-scheduler.yaml + filesystem: root + contents: + inline: | + apiVersion: v1 + kind: Pod + metadata: + name: kube-scheduler + namespace: kube-system + spec: + hostNetwork: true + containers: + - name: kube-scheduler + image: quay.io/coreos/hyperkube:{{.k8s_version}} + command: + - /hyperkube + - scheduler + - --master=http://127.0.0.1:8080 + - --leader-elect=true + resources: + requests: + cpu: 100m + livenessProbe: + httpGet: + host: 127.0.0.1 + path: /healthz + port: 10251 + initialDelaySeconds: 15 + timeoutSeconds: 15 + - path: /srv/kubernetes/manifests/kube-dns-deployment.yaml + filesystem: root + contents: + inline: | + apiVersion: extensions/v1beta1 + kind: Deployment + metadata: + name: kube-dns + namespace: kube-system + labels: + k8s-app: kube-dns + kubernetes.io/cluster-service: "true" + spec: + strategy: + rollingUpdate: + maxSurge: 10% + maxUnavailable: 0 + selector: + matchLabels: + k8s-app: kube-dns + template: + metadata: + labels: + k8s-app: kube-dns + annotations: + scheduler.alpha.kubernetes.io/critical-pod: '' + scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]' + spec: + containers: + - name: kubedns + image: gcr.io/google_containers/kubedns-amd64:1.9 + livenessProbe: + httpGet: + path: /healthz-kubedns + port: 8080 + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + readinessProbe: + httpGet: + path: /readiness + port: 8081 + scheme: HTTP + initialDelaySeconds: 3 + timeoutSeconds: 5 + args: + - --domain=cluster.local + - --dns-port=10053 + - --config-map=kube-dns + - --v=2 + env: + - name: PROMETHEUS_PORT + value: "10055" + ports: + - containerPort: 10053 + name: dns-local + protocol: UDP + - containerPort: 10053 + name: dns-tcp-local + protocol: TCP + - containerPort: 10055 + name: metrics + protocol: TCP + - name: dnsmasq + image: gcr.io/google_containers/kube-dnsmasq-amd64:1.4 + livenessProbe: + httpGet: + path: /healthz-dnsmasq + port: 8080 + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + args: + - --cache-size=1000 + - --no-resolv + - --server=127.0.0.1#10053 + - --log-facility=- + ports: + - containerPort: 53 + name: dns + protocol: UDP + - containerPort: 53 + name: dns-tcp + protocol: TCP + - name: dnsmasq-metrics + image: gcr.io/google_containers/dnsmasq-metrics-amd64:1.0 + livenessProbe: + httpGet: + path: /metrics + port: 10054 + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + args: + - --v=2 + - --logtostderr + ports: + - containerPort: 10054 + name: metrics + protocol: TCP + - name: healthz + image: gcr.io/google_containers/exechealthz-amd64:1.2 + args: + - --cmd=nslookup kubernetes.default.svc.cluster.local 127.0.0.1 >/dev/null + - --url=/healthz-dnsmasq + - --cmd=nslookup kubernetes.default.svc.cluster.local 127.0.0.1:10053 >/dev/null + - --url=/healthz-kubedns + - --port=8080 + - --quiet + ports: + - containerPort: 8080 + protocol: TCP + dnsPolicy: Default + - path: /srv/kubernetes/manifests/kube-dns-svc.yaml + filesystem: root + contents: + inline: | + apiVersion: v1 + kind: Service + metadata: + name: kube-dns + namespace: kube-system + labels: + k8s-app: kube-dns + kubernetes.io/cluster-service: "true" + kubernetes.io/name: "KubeDNS" + spec: + selector: + k8s-app: kube-dns + clusterIP: {{.k8s_dns_service_ip}} + ports: + - name: dns + port: 53 + protocol: UDP + - name: dns-tcp + port: 53 + protocol: TCP + - path: /srv/kubernetes/manifests/heapster-deployment.yaml + filesystem: root + contents: + inline: | + apiVersion: extensions/v1beta1 + kind: Deployment + metadata: + name: heapster-v1.2.0 + namespace: kube-system + labels: + k8s-app: heapster + kubernetes.io/cluster-service: "true" + version: v1.2.0 + spec: + replicas: 1 + selector: + matchLabels: + k8s-app: heapster + version: v1.2.0 + template: + metadata: + labels: + k8s-app: heapster + version: v1.2.0 + annotations: + scheduler.alpha.kubernetes.io/critical-pod: '' + scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]' + spec: + containers: + - image: gcr.io/google_containers/heapster:v1.2.0 + name: heapster + livenessProbe: + httpGet: + path: /healthz + port: 8082 + scheme: HTTP + initialDelaySeconds: 180 + timeoutSeconds: 5 + command: + - /heapster + - --source=kubernetes.summary_api:'' + - image: gcr.io/google_containers/addon-resizer:1.6 + name: heapster-nanny + resources: + limits: + cpu: 50m + memory: 90Mi + requests: + cpu: 50m + memory: 90Mi + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + command: + - /pod_nanny + - --cpu=80m + - --extra-cpu=4m + - --memory=200Mi + - --extra-memory=4Mi + - --threshold=5 + - --deployment=heapster-v1.2.0 + - --container=heapster + - --poll-period=300000 + - --estimator=exponential + - path: /srv/kubernetes/manifests/heapster-svc.yaml + filesystem: root + contents: + inline: | + kind: Service + apiVersion: v1 + metadata: + name: heapster + namespace: kube-system + labels: + kubernetes.io/cluster-service: "true" + kubernetes.io/name: "Heapster" + spec: + ports: + - port: 80 + targetPort: 8082 + selector: + k8s-app: heapster + - path: /srv/kubernetes/manifests/kube-dashboard-deployment.yaml + filesystem: root + contents: + inline: | + apiVersion: extensions/v1beta1 + kind: Deployment + metadata: + name: kubernetes-dashboard + namespace: kube-system + labels: + k8s-app: kubernetes-dashboard + kubernetes.io/cluster-service: "true" + spec: + selector: + matchLabels: + k8s-app: kubernetes-dashboard + template: + metadata: + labels: + k8s-app: kubernetes-dashboard + annotations: + scheduler.alpha.kubernetes.io/critical-pod: '' + scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]' + spec: + containers: + - name: kubernetes-dashboard + image: gcr.io/google_containers/kubernetes-dashboard-amd64:v1.5.0 + resources: + # keep request = limit to keep this container in guaranteed class + limits: + cpu: 100m + memory: 50Mi + requests: + cpu: 100m + memory: 50Mi + ports: + - containerPort: 9090 + livenessProbe: + httpGet: + path: / + port: 9090 + initialDelaySeconds: 30 + timeoutSeconds: 30 + - path: /srv/kubernetes/manifests/kube-dashboard-svc.yaml + filesystem: root + contents: + inline: | + apiVersion: v1 + kind: Service + metadata: + name: kubernetes-dashboard + namespace: kube-system + labels: + k8s-app: kubernetes-dashboard + kubernetes.io/cluster-service: "true" + spec: + selector: + k8s-app: kubernetes-dashboard + ports: + - port: 80 + targetPort: 9090 + - path: /opt/init-flannel + filesystem: root + mode: 0544 + contents: + inline: | + #!/bin/bash -ex + function init_flannel { + echo "Waiting for etcd..." + while true + do + IFS=',' read -ra ES <<< "{{.k8s_etcd_endpoints}}" + for ETCD in "${ES[@]}"; do + echo "Trying: $ETCD" + if [ -n "$(curl --silent "$ETCD/v2/machines")" ]; then + local ACTIVE_ETCD=$ETCD + break + fi + sleep 1 + done + if [ -n "$ACTIVE_ETCD" ]; then + break + fi + done + RES=$(curl --silent -X PUT -d "value={\"Network\":\"{{.k8s_pod_network}}\",\"Backend\":{\"Type\":\"vxlan\"}}" "$ACTIVE_ETCD/v2/keys/coreos.com/network/config?prevExist=false") + if [ -z "$(echo $RES | grep '"action":"create"')" ] && [ -z "$(echo $RES | grep 'Key already exists')" ]; then + echo "Unexpected error configuring flannel pod network: $RES" + fi + } + init_flannel + {{ if eq .container_runtime "rkt" }} + - path: /opt/bin/host-rkt + filesystem: root + mode: 0544 + contents: + inline: | + #!/bin/sh + # This is bind mounted into the kubelet rootfs and all rkt shell-outs go + # through this rkt wrapper. It essentially enters the host mount namespace + # (which it is already in) only for the purpose of breaking out of the chroot + # before calling rkt. It makes things like rkt gc work and avoids bind mounting + # in certain rkt filesystem dependancies into the kubelet rootfs. This can + # eventually be obviated when the write-api stuff gets upstream and rkt gc is + # through the api-server. Related issue: + # https://github.com/coreos/rkt/issues/2878 + exec nsenter -m -u -i -n -p -t 1 -- /usr/bin/rkt "$@" + {{ end }} + - path: /opt/k8s-addons + filesystem: root + mode: 0544 + contents: + inline: | + #!/bin/bash -ex + echo "Waiting for Kubernetes API..." + until curl --silent "http://127.0.0.1:8080/version" + do + sleep 5 + done + echo "K8S: DNS addon" + curl --silent -H "Content-Type: application/yaml" -XPOST -d"$(cat /srv/kubernetes/manifests/kube-dns-deployment.yaml)" "http://127.0.0.1:8080/apis/extensions/v1beta1/namespaces/kube-system/deployments" + curl --silent -H "Content-Type: application/yaml" -XPOST -d"$(cat /srv/kubernetes/manifests/kube-dns-svc.yaml)" "http://127.0.0.1:8080/api/v1/namespaces/kube-system/services" + echo "K8S: Heapster addon" + curl --silent -H "Content-Type: application/yaml" -XPOST -d"$(cat /srv/kubernetes/manifests/heapster-deployment.yaml)" "http://127.0.0.1:8080/apis/extensions/v1beta1/namespaces/kube-system/deployments" + curl --silent -H "Content-Type: application/yaml" -XPOST -d"$(cat /srv/kubernetes/manifests/heapster-svc.yaml)" "http://127.0.0.1:8080/api/v1/namespaces/kube-system/services" + echo "K8S: Dashboard addon" + curl --silent -H "Content-Type: application/yaml" -XPOST -d"$(cat /srv/kubernetes/manifests/kube-dashboard-deployment.yaml)" "http://127.0.0.1:8080/apis/extensions/v1beta1/namespaces/kube-system/deployments" + curl --silent -H "Content-Type: application/yaml" -XPOST -d"$(cat /srv/kubernetes/manifests/kube-dashboard-svc.yaml)" "http://127.0.0.1:8080/api/v1/namespaces/kube-system/services" + - path: "/etc/modules-load.d/rbd.conf" + filesystem: root + contents: + inline: | + rbd + - path: "/opt/bin/ceph-rbdnamer" + filesystem: root + mode: 0755 + contents: + inline: | + #!/bin/sh + DEV=$1 + NUM=`echo $DEV | sed 's#p.*##g' | tr -d 'a-z'` + POOL=`cat /sys/devices/rbd/$NUM/pool` + IMAGE=`cat /sys/devices/rbd/$NUM/name` + SNAP=`cat /sys/devices/rbd/$NUM/current_snap` + if [ "$SNAP" = "-" ]; then + echo -n "$POOL $IMAGE" + else + echo -n "$POOL $IMAGE@$SNAP" + fi + - path: "/etc/udev/rules.d/50-rbd.rules" + filesystem: root + contents: + inline: | + KERNEL=="rbd[0-9]*", ENV{DEVTYPE}=="disk", PROGRAM="/opt/bin/ceph-rbdnamer %k", SYMLINK+="rbd/%c{1}/%c{2}" + KERNEL=="rbd[0-9]*", ENV{DEVTYPE}=="partition", PROGRAM="/opt/bin/ceph-rbdnamer %k", SYMLINK+="rbd/%c{1}/%c{2}-part%n" + - path: /etc/ssh/sshd_config + filesystem: root + mode: 0600 + user: + id: 0 + group: + id: 0 + contents: + inline: | + UsePrivilegeSeparation sandbox + Subsystem sftp internal-sftp + ClientAliveInterval 180 + UseDNS no + ListenAddress {{.ssh_ip}} +{{ if index . "ssh_authorized_keys" }} +passwd: + users: + - name: core + ssh_authorized_keys: + {{ range $element := .ssh_authorized_keys }} + - {{$element}} + {{end}} +{{end}}{% endraw %} diff --git a/ansible/roles/ansible-vvp-bootstrap/templates/ignition/coreos-install.yaml.j2 b/ansible/roles/ansible-vvp-bootstrap/templates/ignition/coreos-install.yaml.j2 new file mode 100755 index 0000000..30cd838 --- /dev/null +++ b/ansible/roles/ansible-vvp-bootstrap/templates/ignition/coreos-install.yaml.j2 @@ -0,0 +1,107 @@ +{# +-*- encoding: utf-8 -*- +============LICENSE_START======================================================= +org.onap.vvp/engagementmgr +=================================================================== +Copyright © 2017 AT&T Intellectual Property. All rights reserved. +=================================================================== + +Unless otherwise specified, all software contained herein is licensed +under the Apache License, Version 2.0 (the “License”); +you may not use this software except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + + + +Unless otherwise specified, all documentation contained herein is licensed +under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +you may not use this documentation except in compliance with the License. +You may obtain a copy of the License at + + https://creativecommons.org/licenses/by/4.0/ + +Unless required by applicable law or agreed to in writing, documentation +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +============LICENSE_END============================================ + + ECOMP is a trademark and service mark of AT&T Intellectual Property. +#} +--- +storage: + disks: +{% for disk in disks %} + - device: {{disk.device}} + wipe_table: {{disk.wipe_table}} +{% for partition in disk.partitions %} + partitions: + - label: {{partition.label}} + number: {{partition.number}} +{% endfor %} +{% endfor %} + filesystems: +{% for fs in filesystems if not "sda" in fs.device %} + - name: {{fs.name}} + mount: + device: "{{fs.device}}" + format: "{{fs.format}}" + create: + force: {{fs.create.force}} +{% if "options" in fs.create.keys() %} + options: +{% for option in fs.create.options %} + - "{{option}}" +{% endfor %} +{% endif %} +{% endfor %} +systemd: + units: +{% for mount in mounts %} + - name: {{mount.name}}.mount + enable: true + contents: | + [Mount] + What={{mount.dev}} + Where={{mount.dest}} + Type={{mount.type}} + [Install] + WantedBy=local-fs.target +{% endfor %} + - name: install.service + enable: true + contents: | + [Unit] + Requires=network-online.target + After=network-online.target + Requires=systemd-networkd.socket + After=systemd-networkd.socket + [Service] + Type=oneshot + ExecStartPre=/usr/lib/systemd/systemd-networkd-wait-online {% raw %} + ExecStart=/usr/bin/curl {{.ignition_endpoint}}?{{.request.raw_query}}&os=installed -o ignition.json + ExecStart=/usr/bin/coreos-install -d /dev/sda -C {{.coreos_channel}} -V {{.coreos_version}} -b http://{% endraw %}{{ops_management_ip}}{% raw %}:8080/assets/coreos -i ignition.json + ExecStart=/usr/bin/udevadm settle + ExecStart=/usr/bin/systemctl reboot + [Install] + WantedBy=multi-user.target +{{ if .ssh_authorized_keys }} +passwd: + users: + - name: core + ssh_authorized_keys: + {{ range $element := .ssh_authorized_keys }} + - {{$element}} + {{end}} +{{end}} +{% endraw %} diff --git a/ansible/roles/ansible-vvp-bootstrap/templates/ignition/worker.yaml.j2 b/ansible/roles/ansible-vvp-bootstrap/templates/ignition/worker.yaml.j2 new file mode 100755 index 0000000..701559b --- /dev/null +++ b/ansible/roles/ansible-vvp-bootstrap/templates/ignition/worker.yaml.j2 @@ -0,0 +1,397 @@ +{# +-*- encoding: utf-8 -*- +============LICENSE_START======================================================= +org.onap.vvp/engagementmgr +=================================================================== +Copyright © 2017 AT&T Intellectual Property. All rights reserved. +=================================================================== + +Unless otherwise specified, all software contained herein is licensed +under the Apache License, Version 2.0 (the “License”); +you may not use this software except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + + + +Unless otherwise specified, all documentation contained herein is licensed +under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +you may not use this documentation except in compliance with the License. +You may obtain a copy of the License at + + https://creativecommons.org/licenses/by/4.0/ + +Unless required by applicable law or agreed to in writing, documentation +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +============LICENSE_END============================================ + + ECOMP is a trademark and service mark of AT&T Intellectual Property. +#} +--- +{% raw %} +systemd: + units: + - name: sshd.socket + enable: true + contents: | + [Unit] + Description=OpenSSH Server Socket + Conflicts=sshd.service + + [Socket] + ListenStream={{.ssh_ip}}:22 + FreeBind=true + Accept=yes + + [Install] + WantedBy=sockets.target + - name: etcd2.service + enable: true + dropins: + - name: 40-etcd-cluster.conf + contents: | + [Service] + Environment="ETCD_NAME={{.etcd_name}}" + Environment="ETCD_ADVERTISE_CLIENT_URLS=http://{{.domain_name}}:2379" + Environment="ETCD_INITIAL_ADVERTISE_PEER_URLS={{.etcd_initial_peers}}" + Environment="ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379" + Environment="ETCD_LISTEN_PEER_URLS=http://0.0.0.0:2380" + Environment="ETCD_INITIAL_CLUSTER={{.etcd_initial_cluster}}" + Environment="ETCD_STRICT_RECONFIG_CHECK=true" + - name: flanneld.service + dropins: + - name: 40-add-options.conf + contents: | + [Service] + EnvironmentFile=-/etc/flannel/options.env + - name: docker.service + dropins: + - name: 40-flannel.conf + contents: | + [Unit] + Requires=flanneld.service + After=flanneld.service + [Service] + EnvironmentFile=/etc/kubernetes/cni/docker_opts_cni.env + - name: locksmithd.service + dropins: + - name: 40-etcd-lock.conf + contents: | + [Service] + Environment="REBOOT_STRATEGY=off" + - name: k8s-certs@.service + contents: | + [Unit] + Description=Fetch Kubernetes certificate assets + Requires=network-online.target + After=network-online.target + [Service] + ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/ssl + ExecStart=/usr/bin/bash -c "[ -f /etc/kubernetes/ssl/%i ] || curl {{.k8s_cert_endpoint}}/tls/%i -o /etc/kubernetes/ssl/%i" + - name: k8s-assets.target + contents: | + [Unit] + Description=Load Kubernetes Assets + Requires=k8s-certs@worker.pem.service + After=k8s-certs@worker.pem.service + Requires=k8s-certs@worker-key.pem.service + After=k8s-certs@worker-key.pem.service + Requires=k8s-certs@ca.pem.service + After=k8s-certs@ca.pem.service + - name: kubelet.service + enable: true + contents: | + [Unit] + Description=Kubelet via Hyperkube ACI + Requires=k8s-assets.target + After=k8s-assets.target + [Service] + Environment=KUBELET_VERSION={{.k8s_version}} + Environment="RKT_OPTS=--uuid-file-save=/var/run/kubelet-pod.uuid \ + --volume dns,kind=host,source=/etc/resolv.conf \ + --mount volume=dns,target=/etc/resolv.conf \ + {{ if eq .container_runtime "rkt" -}} + --volume rkt,kind=host,source=/opt/bin/host-rkt \ + --mount volume=rkt,target=/usr/bin/rkt \ + --volume var-lib-rkt,kind=host,source=/var/lib/rkt \ + --mount volume=var-lib-rkt,target=/var/lib/rkt \ + --volume stage,kind=host,source=/tmp \ + --mount volume=stage,target=/tmp \ + {{ end -}} + --volume modprobe,kind=host,source=/usr/sbin/modprobe \ + --mount volume=modprobe,target=/usr/sbin/modprobe \ + --volume lib-modules,kind=host,source=/lib/modules \ + --mount volume=lib-modules,target=/lib/modules \ + --volume mkfsxfs,kind=host,source=/usr/sbin/mkfs.xfs \ + --mount volume=mkfsxfs,target=/usr/sbin/mkfs.xfs \ + --volume libxfs,kind=host,source=/lib64/libxfs.so.0 \ + --mount volume=libxfs,target=/lib64/libxfs.so.0 \ + --volume var-log,kind=host,source=/var/log \ + --mount volume=var-log,target=/var/log" + ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/manifests + ExecStartPre=/usr/bin/mkdir -p /var/log/containers + ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/run/kubelet-pod.uuid + ExecStart=/usr/lib/coreos/kubelet-wrapper \ + --api-servers={{.k8s_controller_endpoint}} \ + --cni-conf-dir=/etc/kubernetes/cni/net.d \ + --network-plugin=cni \ + --container-runtime={{.container_runtime}} \ + --rkt-path=/usr/bin/rkt \ + --rkt-stage1-image=coreos.com/rkt/stage1-coreos \ + --register-node=true \ + --allow-privileged=true \ + --pod-manifest-path=/etc/kubernetes/manifests \ + --hostname-override={{.domain_name}} \ + --cluster_dns={{.k8s_dns_service_ip}} \ + --cluster_domain=cluster.local \ + --kubeconfig=/etc/kubernetes/worker-kubeconfig.yaml \ + --tls-cert-file=/etc/kubernetes/ssl/worker.pem \ + --tls-private-key-file=/etc/kubernetes/ssl/worker-key.pem + ExecStop=-/usr/bin/rkt stop --uuid-file=/var/run/kubelet-pod.uuid + Restart=always + RestartSec=10 + [Install] + WantedBy=multi-user.target + {{ if eq .container_runtime "rkt" }} + - name: rkt-api.service + enable: true + contents: | + [Unit] + Before=kubelet.service + [Service] + ExecStart=/usr/bin/rkt api-service + Restart=always + RestartSec=10 + [Install] + RequiredBy=kubelet.service + - name: load-rkt-stage1.service + enable: true + contents: | + [Unit] + Description=Load rkt stage1 images + Documentation=http://github.com/coreos/rkt + Requires=network-online.target + After=network-online.target + Before=rkt-api.service + [Service] + Type=oneshot + RemainAfterExit=yes + ExecStart=/usr/bin/rkt fetch /usr/lib/rkt/stage1-images/stage1-coreos.aci /usr/lib/rkt/stage1-images/stage1-fly.aci --insecure-options=image + [Install] + RequiredBy=rkt-api.service + {{ end }} + {{if ne .sysdig_access_key "" }} + - name: sysdig.service + enable: true + contents: | + [Unit] + Description=Sysdig Cloud Agent + After=docker.service + Requires=docker.service + [Service] + TimeoutStartSec=0 + ExecStartPre=-/usr/bin/docker kill sysdig-agent + ExecStartPre=-/usr/bin/docker rm sysdig-agent + ExecStartPre=-/usr/bin/docker rmi sysdig-agent + ExecStartPre=/usr/bin/docker pull sysdig/agent +{% endraw %} + ExecStart=/usr/bin/docker run --name sysdig-agent --privileged --net host --pid host -e ADDITIONAL_CONF="app_checks:\n - name: nginx\n enabled: false" -e ACCESS_KEY={{sysdig_access_key}} -e TAGS=deploy_environment:{{ice_environment}} -v /var/lib/rkt:/host/var/lib/rkt:ro -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro sysdig/agent {% raw %} + ExecStop=/usr/bin/docker stop sysdig-agent + [Install] + WantedBy=multi-user.target + RequiredBy=k8-addons.service + {{ end }} +storage: + filesystems: +{% endraw %} +{% for fs in filesystems %} + - name: {{fs.device}} + mount: + device: {{fs.device}} + format: {{fs.format}} + create: + force: {{fs.create.force}} +{% if "options" in fs.create.keys() %} + options: +{% for option in fs.create.options %} + - {{option}} +{% endfor %} +{% endif %} +{% endfor %}{% raw %} + files: + - path: /etc/kubernetes/cni/net.d/10-flannel.conf + filesystem: root + contents: + inline: | + { + "name": "podnet", + "type": "flannel", + "delegate": { + "isDefaultGateway": true + } + } + - path: /etc/kubernetes/cni/docker_opts_cni.env + filesystem: root + contents: + inline: | + DOCKER_OPT_BIP="" + DOCKER_OPT_IPMASQ="" + - path: /etc/sysctl.d/max-user-watches.conf + filesystem: root + contents: + inline: | + fs.inotify.max_user_watches=16184 + - path: /etc/kubernetes/worker-kubeconfig.yaml + filesystem: root + contents: + inline: | + apiVersion: v1 + kind: Config + clusters: + - name: local + cluster: + certificate-authority: /etc/kubernetes/ssl/ca.pem + users: + - name: kubelet + user: + client-certificate: /etc/kubernetes/ssl/worker.pem + client-key: /etc/kubernetes/ssl/worker-key.pem + contexts: + - context: + cluster: local + user: kubelet + name: kubelet-context + current-context: kubelet-context + - path: /etc/kubernetes/manifests/kube-proxy.yaml + filesystem: root + contents: + inline: | + apiVersion: v1 + kind: Pod + metadata: + name: kube-proxy + namespace: kube-system + annotations: + rkt.alpha.kubernetes.io/stage1-name-override: coreos.com/rkt/stage1-fly + spec: + hostNetwork: true + containers: + - name: kube-proxy + image: quay.io/coreos/hyperkube:{{.k8s_version}} + command: + - /hyperkube + - proxy + - --master={{.k8s_controller_endpoint}} + - --kubeconfig=/etc/kubernetes/worker-kubeconfig.yaml + securityContext: + privileged: true + volumeMounts: + - mountPath: /etc/ssl/certs + name: "ssl-certs" + - mountPath: /etc/kubernetes/worker-kubeconfig.yaml + name: "kubeconfig" + readOnly: true + - mountPath: /etc/kubernetes/ssl + name: "etc-kube-ssl" + readOnly: true + - mountPath: /var/run/dbus + name: dbus + readOnly: false + volumes: + - name: "ssl-certs" + hostPath: + path: "/usr/share/ca-certificates" + - name: "kubeconfig" + hostPath: + path: "/etc/kubernetes/worker-kubeconfig.yaml" + - name: "etc-kube-ssl" + hostPath: + path: "/etc/kubernetes/ssl" + - hostPath: + path: /var/run/dbus + name: dbus + - path: /etc/flannel/options.env + filesystem: root + contents: + inline: | + FLANNELD_ETCD_ENDPOINTS={{.k8s_etcd_endpoints}} + FLANNELD_IFACE={{.k8s_flanneld_iface}} + {{ if eq .container_runtime "rkt" }} + - path: /opt/bin/host-rkt + filesystem: root + mode: 0544 + contents: + inline: | + #!/bin/sh + # This is bind mounted into the kubelet rootfs and all rkt shell-outs go + # through this rkt wrapper. It essentially enters the host mount namespace + # (which it is already in) only for the purpose of breaking out of the chroot + # before calling rkt. It makes things like rkt gc work and avoids bind mounting + # in certain rkt filesystem dependancies into the kubelet rootfs. This can + # eventually be obviated when the write-api stuff gets upstream and rkt gc is + # through the api-server. Related issue: + # https://github.com/coreos/rkt/issues/2878 + exec nsenter -m -u -i -n -p -t 1 -- /usr/bin/rkt "$@" + {{ end }} + - path: "/etc/modules-load.d/rbd.conf" + filesystem: root + contents: + inline: | + rbd + - path: "/opt/bin/ceph-rbdnamer" + filesystem: root + mode: 0755 + contents: + inline: | + #!/bin/sh + DEV=$1 + NUM=`echo $DEV | sed 's#p.*##g' | tr -d 'a-z'` + POOL=`cat /sys/devices/rbd/$NUM/pool` + IMAGE=`cat /sys/devices/rbd/$NUM/name` + SNAP=`cat /sys/devices/rbd/$NUM/current_snap` + if [ "$SNAP" = "-" ]; then + echo -n "$POOL $IMAGE" + else + echo -n "$POOL $IMAGE@$SNAP" + fi + - path: "/etc/udev/rules.d/50-rbd.rules" + filesystem: root + contents: + inline: | + KERNEL=="rbd[0-9]*", ENV{DEVTYPE}=="disk", PROGRAM="/opt/bin/ceph-rbdnamer %k", SYMLINK+="rbd/%c{1}/%c{2}" + KERNEL=="rbd[0-9]*", ENV{DEVTYPE}=="partition", PROGRAM="/opt/bin/ceph-rbdnamer %k", SYMLINK+="rbd/%c{1}/%c{2}-part%n" + - path: /etc/ssh/sshd_config + filesystem: root + mode: 0600 + user: + id: 0 + group: + id: 0 + contents: + inline: | + # Use most defaults for sshd configuration. + UsePrivilegeSeparation sandbox + Subsystem sftp internal-sftp + ClientAliveInterval 180 + UseDNS no + ListenAddress {{.ssh_ip}} +{{ if index . "ssh_authorized_keys" }} +passwd: + users: + - name: core + ssh_authorized_keys: + {{ range $element := .ssh_authorized_keys }} + - {{$element}} + {{end}} +{{end}}{% endraw %} diff --git a/ansible/roles/ansible-vvp-bootstrap/templates/kubeconfig.j2 b/ansible/roles/ansible-vvp-bootstrap/templates/kubeconfig.j2 new file mode 100755 index 0000000..a8e03bf --- /dev/null +++ b/ansible/roles/ansible-vvp-bootstrap/templates/kubeconfig.j2 @@ -0,0 +1,56 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +apiVersion: v1 +kind: Config +users: +- name: bootcfg-user + user: + client-certificate-data: {{ADMIN_CERT_BASE64.stdout}} + client-key-data: {{ADMIN_KEY_BASE64.stdout}} +clusters: +- name: bootcfg-cluster + cluster: + certificate-authority-data: {{CA_CERT_BASE64.stdout}} + server: https://{{(hosts|selectattr('role', 'equalto', 'controller')|first).name}}.{{domain}}:{{k8s_controller_port}} +contexts: +- context: + cluster: bootcfg-cluster + user: bootcfg-user + name: bootcfg-context +current-context: bootcfg-context diff --git a/ansible/roles/ansible-vvp-bootstrap/templates/openssl.config.j2 b/ansible/roles/ansible-vvp-bootstrap/templates/openssl.config.j2 new file mode 100755 index 0000000..3d44c5b --- /dev/null +++ b/ansible/roles/ansible-vvp-bootstrap/templates/openssl.config.j2 @@ -0,0 +1,73 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +[req] +req_extensions = v3_req +distinguished_name = req_distinguished_name + +[req_distinguished_name] + +[ v3_req ] +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +subjectAltName = @alt_names + +[alt_names] +DNS.101 = kubernetes +DNS.102 = kubernetes.default +DNS.103 = kubernetes.default.svc +DNS.104 = kubernetes.default.svc.cluster.local +{% if item == "apiserver" %} +IP.200 = 10.3.0.1 + {% for controller in hosts|selectattr('role', 'equalto', 'controller') %} + {%- set count = loop.index %} + {%- for entry in controller.dnsmasq_config %} +IP.{{count}}{{loop.index}} = {{entry.split(',')[1]}} +DNS.{{count}}{{loop.index}} = {{entry.split(',')[2]}}.{{domain}} +{% endfor %} + {%- endfor %} +{%- elif item == "worker" %} + {%- for worker in hosts|selectattr('role', 'equalto', 'worker') %} + {%- set count = loop.index %} + {%- for entry in worker.dnsmasq_config %} +IP.{{count}}{{loop.index }} = {{entry.split(',')[1]}} +DNS.{{count}}{{loop.index }} = {{entry.split(',')[2]}}.{{domain}} +{% endfor %} + {%- endfor %} +# workers +{% endif %} diff --git a/ansible/roles/ansible-vvp-bootstrap/templates/profiles/controller.json.j2 b/ansible/roles/ansible-vvp-bootstrap/templates/profiles/controller.json.j2 new file mode 100755 index 0000000..11b8cd0 --- /dev/null +++ b/ansible/roles/ansible-vvp-bootstrap/templates/profiles/controller.json.j2 @@ -0,0 +1,56 @@ +{# +-*- encoding: utf-8 -*- +============LICENSE_START======================================================= +org.onap.vvp/engagementmgr +=================================================================== +Copyright © 2017 AT&T Intellectual Property. All rights reserved. +=================================================================== + +Unless otherwise specified, all software contained herein is licensed +under the Apache License, Version 2.0 (the “License”); +you may not use this software except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + + + +Unless otherwise specified, all documentation contained herein is licensed +under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +you may not use this documentation except in compliance with the License. +You may obtain a copy of the License at + + https://creativecommons.org/licenses/by/4.0/ + +Unless required by applicable law or agreed to in writing, documentation +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +============LICENSE_END============================================ + + ECOMP is a trademark and service mark of AT&T Intellectual Property. +#} +{ + "id": "controller", + "name": "Kubernetes Controller", + "boot": { + "kernel": "/assets/coreos/{{coreos_version}}/coreos_production_pxe.vmlinuz", + "initrd": ["/assets/coreos/{{coreos_version}}/coreos_production_pxe_image.cpio.gz"], + "cmdline": { + "root": "/dev/sda1", + "coreos.config.url": "http://{{ops_management_ip}}:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}&os=installed", + "coreos.autologin": "", + "coreos.first_boot": "" + } + }, + "cloud_id": "", + "ignition_id": "controller.yaml" +} diff --git a/ansible/roles/ansible-vvp-bootstrap/templates/profiles/install-reboot.json.j2 b/ansible/roles/ansible-vvp-bootstrap/templates/profiles/install-reboot.json.j2 new file mode 100755 index 0000000..ed4d0df --- /dev/null +++ b/ansible/roles/ansible-vvp-bootstrap/templates/profiles/install-reboot.json.j2 @@ -0,0 +1,55 @@ +{# +-*- encoding: utf-8 -*- +============LICENSE_START======================================================= +org.onap.vvp/engagementmgr +=================================================================== +Copyright © 2017 AT&T Intellectual Property. All rights reserved. +=================================================================== + +Unless otherwise specified, all software contained herein is licensed +under the Apache License, Version 2.0 (the “License”); +you may not use this software except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + + + +Unless otherwise specified, all documentation contained herein is licensed +under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +you may not use this documentation except in compliance with the License. +You may obtain a copy of the License at + + https://creativecommons.org/licenses/by/4.0/ + +Unless required by applicable law or agreed to in writing, documentation +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +============LICENSE_END============================================ + + ECOMP is a trademark and service mark of AT&T Intellectual Property. +#} +{ + "id": "install-reboot", + "name": "Install CoreOS and Reboot", + "boot": { + "kernel": "/assets/coreos/{{coreos_version}}/coreos_production_pxe.vmlinuz", + "initrd": ["/assets/coreos/{{coreos_version}}/coreos_production_pxe_image.cpio.gz"], + "cmdline": { + "coreos.config.url": "http://{{ops_management_ip}}:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}", + "coreos.autologin": "", + "coreos.first_boot": "" + } + }, + "cloud_id": "", + "ignition_id": "coreos-install.yaml" +} diff --git a/ansible/roles/ansible-vvp-bootstrap/templates/profiles/worker.json.j2 b/ansible/roles/ansible-vvp-bootstrap/templates/profiles/worker.json.j2 new file mode 100755 index 0000000..6eb3f24 --- /dev/null +++ b/ansible/roles/ansible-vvp-bootstrap/templates/profiles/worker.json.j2 @@ -0,0 +1,56 @@ +{# +-*- encoding: utf-8 -*- +============LICENSE_START======================================================= +org.onap.vvp/engagementmgr +=================================================================== +Copyright © 2017 AT&T Intellectual Property. All rights reserved. +=================================================================== + +Unless otherwise specified, all software contained herein is licensed +under the Apache License, Version 2.0 (the “License”); +you may not use this software except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + + + +Unless otherwise specified, all documentation contained herein is licensed +under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +you may not use this documentation except in compliance with the License. +You may obtain a copy of the License at + + https://creativecommons.org/licenses/by/4.0/ + +Unless required by applicable law or agreed to in writing, documentation +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +============LICENSE_END============================================ + + ECOMP is a trademark and service mark of AT&T Intellectual Property. +#} +{ + "id": "worker", + "name": "Kubernetes Worker", + "boot": { + "kernel": "/assets/coreos/{{coreos_version}}/coreos_production_pxe.vmlinuz", + "initrd": ["/assets/coreos/{{coreos_version}}/coreos_production_pxe_image.cpio.gz"], + "cmdline": { + "root": "/dev/sda1", + "coreos.config.url": "http://{{ops_management_ip}}:8080/ignition?uuid=${uuid}&mac=${net0/mac:hexhyp}", + "coreos.autologin": "", + "coreos.first_boot": "" + } + }, + "cloud_id": "", + "ignition_id": "worker.yaml" +} diff --git a/ansible/simple-deploy.yml b/ansible/simple-deploy.yml new file mode 100755 index 0000000..6d43884 --- /dev/null +++ b/ansible/simple-deploy.yml @@ -0,0 +1,55 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +- hosts: localhost + connection: local + gather_facts: False + tasks: + - name: Deploy Secrets, configmaps, and Services | Deploy + kubectl_apply_manifest: + manifest: "{{item}}" + with_fileglob: + - "{{k8_config_dir}}/secrets/*" + - "{{k8_config_dir}}/configmaps/*" + - "{{k8_config_dir}}/services/*" + - "{{k8_config_dir}}/jobs/*" + + - name: Create deployment | Create Deployment + kubectl_apply_manifest: + manifest: "{{item}}" + with_fileglob: "{{k8_config_dir}}/deployments/*" diff --git a/bin/vvp-deploy b/bin/vvp-deploy new file mode 100755 index 0000000..af41d91 --- /dev/null +++ b/bin/vvp-deploy @@ -0,0 +1,42 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +set -e +ansible-playbook ${DEVKIT_DIR}/ansible/application.yml -i ${DEVKIT_ZONE_DIR}/inventory -v +ansible-playbook ${DEVKIT_DIR}/ansible/simple-deploy.yml -i ${DEVKIT_ZONE_DIR}/inventory -v + diff --git a/bin/vvp-install-box b/bin/vvp-install-box new file mode 100755 index 0000000..5b05cb8 --- /dev/null +++ b/bin/vvp-install-box @@ -0,0 +1,45 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +#! /bin/bash + +vagrant box remove vvp-empty +cd ${DEVKIT_DIR}/boxes/vvp-empty/0.0.0/virtualbox/ && +tar -czvf vvp-empty.box * && vagrant box add `pwd`/vvp-empty.box --name vvp-empty +rm vvp-empty.box +cd $OLDPWD diff --git a/bin/vvp-rescale b/bin/vvp-rescale new file mode 100755 index 0000000..fa292d0 --- /dev/null +++ b/bin/vvp-rescale @@ -0,0 +1,45 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +#!/bin/bash + +for deployment in `kubectl get deployments | awk '{print $1}'` + do + kubectl scale --replicas=0 deployment $deployment + kubectl scale --replicas=1 deployment $deployment +done diff --git a/boxes/vvp-empty/0.0.0/virtualbox/Vagrantfile b/boxes/vvp-empty/0.0.0/virtualbox/Vagrantfile new file mode 100755 index 0000000..0e079f8 --- /dev/null +++ b/boxes/vvp-empty/0.0.0/virtualbox/Vagrantfile @@ -0,0 +1,83 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# -*- mode: ruby -*- +# # vi: set ft=ruby : + +if Vagrant::VERSION < "1.6.0" + raise "Need at least vagrant version 1.6.0, please update" +end + +require_relative 'change_host_name.rb' +require_relative 'configure_networks.rb' +require_relative 'base_mac.rb' + +Vagrant.configure("2") do |config| + # always use Vagrants insecure key + config.ssh.insert_key = false + + # SSH in as the default 'core' user, it has the vagrant ssh key. + config.ssh.username = "core" + + # Disable the base shared folder, guest additions are unavailable. + config.vm.synced_folder ".", "/vagrant", disabled: true + + config.vm.provider :virtualbox do |vb| + # Guest Additions are unavailable. + vb.check_guest_additions = false + vb.functional_vboxsf = false + + # Fix docker not being able to resolve private registry in VirtualBox + vb.customize ["modifyvm", :id, "--natdnshostresolver1", "off"] + vb.customize ["modifyvm", :id, "--natdnsproxy1", "off"] + vb.customize ['modifyvm', :id, "--boot1", "disk"] + vb.customize ['modifyvm', :id, "--boot2", "net"] + vb.customize ['setextradata', :id, "VBoxInternal/Devices/pcbios/0/Config/LanBootRom", File.join(File.dirname(__FILE__),"/files/intel--virtio-net--pcnet32.isarom")] + + end + + config.vm.provider :vmware_fusion do |vf| + vf.functional_hgfs = false + end + + config.vm.provider :parallels do |prl| + # Guest Tools are unavailable. + prl.check_guest_tools = false + prl.functional_psf = false + end + end diff --git a/boxes/vvp-empty/0.0.0/virtualbox/base_mac.rb b/boxes/vvp-empty/0.0.0/virtualbox/base_mac.rb new file mode 100755 index 0000000..6877374 --- /dev/null +++ b/boxes/vvp-empty/0.0.0/virtualbox/base_mac.rb @@ -0,0 +1,41 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +Vagrant.configure("2") do |config| + config.vm.base_mac = "080027DBFA4A" +end diff --git a/boxes/vvp-empty/0.0.0/virtualbox/box.ovf b/boxes/vvp-empty/0.0.0/virtualbox/box.ovf new file mode 100755 index 0000000..1cbc01e --- /dev/null +++ b/boxes/vvp-empty/0.0.0/virtualbox/box.ovf @@ -0,0 +1,257 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +<?xml version="1.0"?> +<Envelope ovf:version="1.0" xml:lang="en-US" xmlns="http://schemas.dmtf.org/ovf/envelope/1" xmlns:ovf="http://schemas.dmtf.org/ovf/envelope/1" xmlns:rasd="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_ResourceAllocationSettingData" xmlns:vssd="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_VirtualSystemSettingData" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:vbox="http://www.virtualbox.org/ovf/machine"> + <References> + <File ovf:href="vvp_empty_vagrant_image.vmdk" ovf:id="file1"/> + </References> + <DiskSection> + <Info>List of the virtual disks used in the package</Info> + <Disk ovf:capacity="19818086400" ovf:diskId="vmdisk1" ovf:fileRef="file1" ovf:format="http://www.vmware.com/interfaces/specifications/vmdk.html#streamOptimized" vbox:uuid="80707dc6-2f5b-4c66-aa82-9c0873514edd"/> + </DiskSection> + <NetworkSection> + <Info>Logical networks used in the package</Info> + <Network ovf:name="NAT"> + <Description>Logical network used by this appliance.</Description> + </Network> + </NetworkSection> + <VirtualSystem ovf:id="vvp_empty_vagrant-0-0-0"> + <Info>A virtual machine</Info> + <OperatingSystemSection ovf:id="100"> + <Info>The kind of installed guest operating system</Info> + <Description>Linux26_64</Description> + <vbox:OSType ovf:required="false">Linux26_64</vbox:OSType> + </OperatingSystemSection> + <VirtualHardwareSection> + <Info>Virtual hardware requirements for a virtual machine</Info> + <System> + <vssd:ElementName>Virtual Hardware Family</vssd:ElementName> + <vssd:InstanceID>0</vssd:InstanceID> + <vssd:VirtualSystemIdentifier>vvp_empty_vagrant-0-0-0</vssd:VirtualSystemIdentifier> + <vssd:VirtualSystemType>virtualbox-2.2</vssd:VirtualSystemType> + </System> + <Item> + <rasd:Caption>1 virtual CPU</rasd:Caption> + <rasd:Description>Number of virtual CPUs</rasd:Description> + <rasd:ElementName>1 virtual CPU</rasd:ElementName> + <rasd:InstanceID>1</rasd:InstanceID> + <rasd:ResourceType>3</rasd:ResourceType> + <rasd:VirtualQuantity>1</rasd:VirtualQuantity> + </Item> + <Item> + <rasd:AllocationUnits>MegaBytes</rasd:AllocationUnits> + <rasd:Caption>1024 MB of memory</rasd:Caption> + <rasd:Description>Memory Size</rasd:Description> + <rasd:ElementName>1024 MB of memory</rasd:ElementName> + <rasd:InstanceID>2</rasd:InstanceID> + <rasd:ResourceType>4</rasd:ResourceType> + <rasd:VirtualQuantity>1024</rasd:VirtualQuantity> + </Item> + <Item> + <rasd:Address>0</rasd:Address> + <rasd:Caption>ideController0</rasd:Caption> + <rasd:Description>IDE Controller</rasd:Description> + <rasd:ElementName>ideController0</rasd:ElementName> + <rasd:InstanceID>3</rasd:InstanceID> + <rasd:ResourceSubType>PIIX4</rasd:ResourceSubType> + <rasd:ResourceType>5</rasd:ResourceType> + </Item> + <Item> + <rasd:Address>1</rasd:Address> + <rasd:Caption>ideController1</rasd:Caption> + <rasd:Description>IDE Controller</rasd:Description> + <rasd:ElementName>ideController1</rasd:ElementName> + <rasd:InstanceID>4</rasd:InstanceID> + <rasd:ResourceSubType>PIIX4</rasd:ResourceSubType> + <rasd:ResourceType>5</rasd:ResourceType> + </Item> + <Item> + <rasd:AutomaticAllocation>true</rasd:AutomaticAllocation> + <rasd:Caption>Ethernet adapter on 'NAT'</rasd:Caption> + <rasd:Connection>NAT</rasd:Connection> + <rasd:ElementName>Ethernet adapter on 'NAT'</rasd:ElementName> + <rasd:InstanceID>5</rasd:InstanceID> + <rasd:ResourceSubType>E1000</rasd:ResourceSubType> + <rasd:ResourceType>10</rasd:ResourceType> + </Item> + <Item> + <rasd:AddressOnParent>0</rasd:AddressOnParent> + <rasd:Caption>disk1</rasd:Caption> + <rasd:Description>Disk Image</rasd:Description> + <rasd:ElementName>disk1</rasd:ElementName> + <rasd:HostResource>/disk/vmdisk1</rasd:HostResource> + <rasd:InstanceID>6</rasd:InstanceID> + <rasd:Parent>3</rasd:Parent> + <rasd:ResourceType>17</rasd:ResourceType> + </Item> + </VirtualHardwareSection> + <vbox:Machine ovf:required="false" version="1.12-linux" uuid="{265e4a05-3032-499e-a0dd-c7036457c569}" name="vvp_empty_vagrant-0-0-0" OSType="Linux26_64" snapshotFolder="Snapshots" lastStateChange="2017-02-28T01:20:23Z"> + <ovf:Info>Complete VirtualBox machine configuration in VirtualBox format</ovf:Info> + <Hardware version="2"> + <CPU count="1" hotplug="false"> + <HardwareVirtEx enabled="true" exclusive="true"/> + <HardwareVirtExNestedPaging enabled="true"/> + <HardwareVirtExVPID enabled="true"/> + <PAE enabled="true"/> + <HardwareVirtExLargePages enabled="false"/> + <HardwareVirtForce enabled="false"/> + </CPU> + <Memory RAMSize="1024" PageFusion="false"/> + <HID Pointing="PS2Mouse" Keyboard="PS2Keyboard"/> + <HPET enabled="false"/> + <Chipset type="PIIX3"/> + <Boot> + <Order position="1" device="HardDisk"/> + <Order position="2" device="DVD"/> + <Order position="3" device="None"/> + <Order position="4" device="None"/> + </Boot> + <Display VRAMSize="8" monitorCount="1" accelerate3D="false" accelerate2DVideo="false"/> + <VideoRecording enabled="false" file="Test.webm" horzRes="640" vertRes="480"/> + <RemoteDisplay enabled="false" authType="Null"/> + <BIOS> + <ACPI enabled="true"/> + <IOAPIC enabled="true"/> + <Logo fadeIn="true" fadeOut="true" displayTime="0"/> + <BootMenu mode="MessageAndMenu"/> + <TimeOffset value="0"/> + <PXEDebug enabled="false"/> + </BIOS> + <USBController enabled="false" enabledEhci="false"/> + <Network> + <Adapter slot="0" enabled="true" MACAddress="080027DBFA4A" cable="true" speed="0" type="virtio"> + <DisabledModes/> + <NAT> + <DNS pass-domain="true" use-proxy="false" use-host-resolver="false"/> + <Alias logging="false" proxy-only="false" use-same-ports="false"/> + </NAT> + </Adapter> + <Adapter slot="1" enabled="false" MACAddress="080027A7BBCD" cable="true" speed="0" type="virtio"> + <DisabledModes> + <NAT> + <DNS pass-domain="true" use-proxy="false" use-host-resolver="false"/> + <Alias logging="false" proxy-only="false" use-same-ports="false"/> + </NAT> + </DisabledModes> + </Adapter> + <Adapter slot="2" enabled="false" MACAddress="080027F87C5E" cable="true" speed="0" type="virtio"> + <DisabledModes> + <NAT> + <DNS pass-domain="true" use-proxy="false" use-host-resolver="false"/> + <Alias logging="false" proxy-only="false" use-same-ports="false"/> + </NAT> + </DisabledModes> + </Adapter> + <Adapter slot="3" enabled="false" MACAddress="0800276EC0C1" cable="true" speed="0" type="virtio"> + <DisabledModes> + <NAT> + <DNS pass-domain="true" use-proxy="false" use-host-resolver="false"/> + <Alias logging="false" proxy-only="false" use-same-ports="false"/> + </NAT> + </DisabledModes> + </Adapter> + <Adapter slot="4" enabled="false" MACAddress="080027239019" cable="true" speed="0" type="virtio"> + <DisabledModes> + <NAT> + <DNS pass-domain="true" use-proxy="false" use-host-resolver="false"/> + <Alias logging="false" proxy-only="false" use-same-ports="false"/> + </NAT> + </DisabledModes> + </Adapter> + <Adapter slot="5" enabled="false" MACAddress="0800278EB5EB" cable="true" speed="0" type="virtio"> + <DisabledModes> + <NAT> + <DNS pass-domain="true" use-proxy="false" use-host-resolver="false"/> + <Alias logging="false" proxy-only="false" use-same-ports="false"/> + </NAT> + </DisabledModes> + </Adapter> + <Adapter slot="6" enabled="false" MACAddress="080027471B4A" cable="true" speed="0" type="virtio"> + <DisabledModes> + <NAT> + <DNS pass-domain="true" use-proxy="false" use-host-resolver="false"/> + <Alias logging="false" proxy-only="false" use-same-ports="false"/> + </NAT> + </DisabledModes> + </Adapter> + <Adapter slot="7" enabled="false" MACAddress="080027DB9457" cable="true" speed="0" type="virtio"> + <DisabledModes> + <NAT> + <DNS pass-domain="true" use-proxy="false" use-host-resolver="false"/> + <Alias logging="false" proxy-only="false" use-same-ports="false"/> + </NAT> + </DisabledModes> + </Adapter> + </Network> + <UART> + <Port slot="0" enabled="false" IOBase="0x3f8" IRQ="4" hostMode="Disconnected"/> + <Port slot="1" enabled="false" IOBase="0x2f8" IRQ="3" hostMode="Disconnected"/> + </UART> + <LPT> + <Port slot="0" enabled="false" IOBase="0x378" IRQ="7"/> + <Port slot="1" enabled="false" IOBase="0x378" IRQ="7"/> + </LPT> + <AudioAdapter controller="AC97" driver="Pulse" enabled="false"/> + <RTC localOrUTC="local"/> + <SharedFolders/> + <Clipboard mode="Disabled"/> + <DragAndDrop mode="Disabled"/> + <IO> + <IoCache enabled="true" size="5"/> + <BandwidthGroups/> + </IO> + <HostPci> + <Devices/> + </HostPci> + <EmulatedUSB> + <CardReader enabled="false"/> + </EmulatedUSB> + <Guest memoryBalloonSize="0"/> + <GuestProperties/> + </Hardware> + <StorageControllers> + <StorageController name="IDE Controller" type="PIIX4" PortCount="2" useHostIOCache="true" Bootable="true"> + <AttachedDevice type="HardDisk" port="0" device="0"> + <Image uuid="{80707dc6-2f5b-4c66-aa82-9c0873514edd}"/> + </AttachedDevice> + </StorageController> + </StorageControllers> + </vbox:Machine> + </VirtualSystem> +</Envelope> diff --git a/boxes/vvp-empty/0.0.0/virtualbox/change_host_name.rb b/boxes/vvp-empty/0.0.0/virtualbox/change_host_name.rb new file mode 100755 index 0000000..d8d81ad --- /dev/null +++ b/boxes/vvp-empty/0.0.0/virtualbox/change_host_name.rb @@ -0,0 +1,75 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# -*- mode: ruby -*- +# # vi: set ft=ruby : + +# NOTE: This monkey-patching of the coreos guest plugin is a terrible +# hack that needs to be removed once the upstream plugin works with +# alpha CoreOS images. + +require 'tempfile' +require Vagrant.source_root.join("plugins/guests/coreos/cap/change_host_name.rb") + +CLOUD_CONFIG = <<EOF +#cloud-config + +hostname: %s +EOF + +module VagrantPlugins + module GuestCoreOS + module Cap + class ChangeHostName + def self.change_host_name(machine, name) + machine.communicate.tap do |comm| + temp = Tempfile.new("coreos-vagrant") + temp.binmode + temp.write(CLOUD_CONFIG % [name]) + temp.close + + path = "/var/tmp/hostname.yml" + path_esc = path.gsub("/", "-")[1..-1] + comm.upload(temp.path, path) + comm.sudo("systemctl start system-cloudinit@#{path_esc}.service") + end + end + end + end + end +end diff --git a/boxes/vvp-empty/0.0.0/virtualbox/configure_networks.rb b/boxes/vvp-empty/0.0.0/virtualbox/configure_networks.rb new file mode 100755 index 0000000..dc81ea3 --- /dev/null +++ b/boxes/vvp-empty/0.0.0/virtualbox/configure_networks.rb @@ -0,0 +1,180 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# -*- mode: ruby -*- +# # vi: set ft=ruby : + +# NOTE: This monkey-patching of the coreos guest plugin is a terrible +# hack that needs to be removed once the upstream plugin works with +# alpha CoreOS images. + +require 'tempfile' +require 'ipaddr' +require 'log4r' +require Vagrant.source_root.join("plugins/guests/coreos/cap/configure_networks.rb") + +BASE_CLOUD_CONFIG = <<EOF +#cloud-config + +write_files: + - path: /etc/environment + content: | + COREOS_PUBLIC_IPV4=%s + COREOS_PRIVATE_IPV4=%s +coreos: + units: +EOF + +NETWORK_UNIT = <<EOF + - name: %s + runtime: no + content: | + [Match] + %s + + [Network] + Address=%s +EOF + +# Borrowed from http://stackoverflow.com/questions/1825928/netmask-to-cidr-in-ruby +IPAddr.class_eval do + def to_cidr + self.to_i.to_s(2).count("1") + end +end + +module VagrantPlugins + module GuestCoreOS + module Cap + class ConfigureNetworks + @@logger = Log4r::Logger.new("vagrant::guest::coreos::configure_networks") + + def self.configure_networks(machine, networks) + public_ipv4, private_ipv4 = get_environment_ips(machine, "127.0.0.1") + cfg = BASE_CLOUD_CONFIG % [public_ipv4, private_ipv4] + + # Define network units by mac address if possible. + match_rules = {} + if false + #if machine.provider.capability?(:nic_mac_addresses) + # untested, required feature hasn't made it into a release yet + match_rules = match_by_mac(machine) + else + match_rules = match_by_name(machine) + end + + @@logger.debug("Networks: #{networks.inspect}") + @@logger.debug("Interfaces: #{match_rules.inspect}") + + # Generate any static networks, let DHCP handle the rest + networks.each do |network| + next if network[:type].to_sym != :static + interface = network[:interface].to_i + unit_name = "50-vagrant%d.network" % [interface] + + match = match_rules[interface] + if match.nil? + @@logger.warn("Could not find match rule for network #{network.inspect}") + next + end + + cidr = IPAddr.new(network[:netmask]).to_cidr + address = "%s/%s" % [network[:ip], cidr] + cfg << NETWORK_UNIT % [unit_name, match, address] + end + + machine.communicate.tap do |comm| + temp = Tempfile.new("coreos-vagrant") + temp.binmode + temp.write(cfg) + temp.close + + path = "/var/tmp/networks.yml" + path_esc = path.gsub("/", "-")[1..-1] + comm.upload(temp.path, path) + comm.sudo("systemctl start system-cloudinit@#{path_esc}.service") + end + end + + # Find IP addresses to export in /etc/environment. This only works + # for static addresses defined in the user's Vagrantfile. + def self.get_environment_ips(machine, default) + public_ipv4 = nil + private_ipv4 = nil + + machine.config.vm.networks.each do |type, options| + next if !options[:ip] + if type == :public_network + public_ipv4 = options[:ip] + elsif type == :private_network + private_ipv4 = options[:ip] + end + end + + # Fall back to localhost if no static networks are configured. + private_ipv4 ||= default + public_ipv4 ||= private_ipv4 + return [public_ipv4, private_ipv4] + end + + def self.match_by_name(machine) + match = {} + machine.communicate.tap do |comm| + comm.sudo("ifconfig -a | grep '^en\\|^eth' | cut -f1 -d:") do |_, result| + result.split("\n").each_with_index do |name, interface| + match[interface] = "Name=#{name}" + end + end + end + match + end + + def self.match_by_mac(machine) + match = {} + macs = machine.provider.capability(:nic_mac_addresses) + macs.each do |adapter, address| + # The adapter list from VirtualBox is 1 indexed instead of 0 + interface = adapter.to_i - 1 + match[interface] = "MACAddress=#{address}" + end + match + end + end + end + end +end diff --git a/boxes/vvp-empty/0.0.0/virtualbox/files/intel--virtio-net--pcnet32.isarom b/boxes/vvp-empty/0.0.0/virtualbox/files/intel--virtio-net--pcnet32.isarom Binary files differnew file mode 100755 index 0000000..945bb35 --- /dev/null +++ b/boxes/vvp-empty/0.0.0/virtualbox/files/intel--virtio-net--pcnet32.isarom diff --git a/boxes/vvp-empty/0.0.0/virtualbox/metadata.json b/boxes/vvp-empty/0.0.0/virtualbox/metadata.json new file mode 100755 index 0000000..4fc99bd --- /dev/null +++ b/boxes/vvp-empty/0.0.0/virtualbox/metadata.json @@ -0,0 +1 @@ +{"provider": "virtualbox"} diff --git a/examples/unencrypted_vault.yml b/examples/unencrypted_vault.yml new file mode 100755 index 0000000..d7275ab --- /dev/null +++ b/examples/unencrypted_vault.yml @@ -0,0 +1,122 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +# cert for secure https +# https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl#10176685 +# site_pem_cert: +# site_pem_key: +# site_pem: | +# {{site_pem_cert}} +# {{site_pem_key}} +site_pem: + +# EM database +vault_em_postgresql_user: em_postgresuser +vault_em_postgresql_password: em_postgrespass + +# CMS database +vault_cms_postgresql_user: cms_postgresuser +vault_cms_postgresql_password: cms_postgrespass + +# EM Secret Key +# >>> from django.core.management.utils import get_random_secret_key +# >>> get_random_secret_key() +vault_em_secret_key: "#91e__w3k=781@y(e_#6hu6t&h254#u)&bj+m9thx%k!6^*06r" + +# Information for sending email from the platform +vault_email_host: 'localhost' +vault_email_host_user: +vault_email_host_password: + +# authentication for image hosting service +# TODO: Debrand +vault_quay_user: +vault_quay_password: + +# pwgen -1 32 +vault_engagementmgr_webhook_token: Aip7ohx1eiHaeshoh9shailu9eex7tha + +# pwgen -1 20 +vault_gitlab_authentication_token: jadu6yohjaiy8Wob0IeK + +#pwget -1 16 +vault_jenkins_admin_password: koiyeBaiTh3kaiNg +vault_gitlab_admin_password: ao6ij6wohWeiqu4e + +# python3 -c 'import bcrypt as b;print(b.hashpw(b"<password>",b.gensalt(rounds=10, prefix=b"2a")).decode())' +vault_jenkins_admin_password_hash: $10$n2WJZasbQkd8PdySxQDo1uB67Wv7QfG0tvKuidbLC4w1Ss6p3eZEq + +# ssh-keygen -t ed25519 +vault_jenkins_deploy_key: | + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACCD10jzo4iRf1xm63IlLHJFy5T+AhRufzvKvgi0HpgTUAAAAJjWwJd91sCX + fQAAAAtzc2gtZWQyNTUxOQAAACCD10jzo4iRf1xm63IlLHJFy5T+AhRufzvKvgi0HpgTUA + AAAEAWFKMWLl6FgEBug971+atNYBt8GduWzCYgt/j9Tu4Sh4PXSPOjiJF/XGbrciUsckXL + lP4CFG5/O8q+CLQemBNQAAAAE3BhdWxAUGF1bCdzIE1hYyBQcm8BAg== + -----END OPENSSH PRIVATE KEY----- +vault_jenkins_deploy_key_pub: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPXSPOjiJF/XGbrciUsckXLlP4CFG5/O8q+CLQemBNQ + +#CI application +vault_ci_sqlite_user: cidbuser +vault_ci_postgresql_password: cidbpass +vault_ci_admin_user: ciadminuser +vault_ci_admin_mail: ciadminmail@example.com +vault_ci_admin_password: ciadminpass + +vault_cms_secret_key: (+dm_rj(005=^evzesd3#xpy$-$c^j#clzilbx&_=0lh7o-34# +vault_cms_nevercache_key: a_j-g5h+3)o@2wiasmbg(huxpujh=95(p-$vz1xj&t+m)+-u84 + +#CMS application +vault_cms_app_user: cmsappuser +vault_cms_app_user_password: cmsappuserpassword +vault_cms_app_user_mail: cmsappuser@example.com +# pwgen -1 40 +vault_cms_app_client_id: EeB4Xeimooc6xieSeeKah8dae1eipae4otaeshee +# pwgen -1 128 +vault_cms_app_client_secret: haiMoopieZee1wei3lef4gaeyia2vahwohth0maid9ith2pheeshaithuToor2Johshei5baey7Eiquaetheib8quaiquee7phiath7eub2aiNaic3ou9vaizebeiF5u +vault_haproxy_user: haproxyuser +vault_haproxy_pass: haproxypass + +# simplifies conditionals that check for e.g. 'vault_slack_tokens.notifications is defined' +vault_slack_tokens: + +# Rados Gateway (Amazon S3-protocol Ceph interface) +vault_aws_access_key_id: 2ZB19U9D8K6XVJG75VX0 +vault_aws_secret_access_key: 7xVWeqsLIotKOua0xvhapIsCt1VU0x6M2E4fTRKO @@ -0,0 +1,71 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# Get the current devkit directory +pushd $(dirname $BASH_SOURCE[0]) > /dev/null +export DEVKIT_DIR=`pwd -P` +popd > /dev/null + +# Make sure we have ansible installed +REQUIREMENTS="ansible vagrant" +for req in $REQUIREMENTS +do + if [[ -z $(which ${req}) ]] + then + (>&2 echo "${req} is required for the use of vvp-devkit, but is not installed.") + return 1 + fi +done + +# Make sure we have the vvp-empty box installed +if [[ -z $(vagrant box list | grep vvp-empty) ]] +then + bin/vvp-install-box +fi + +select ENVFILE in `find ./zones/ -name devkit_environment_*`; +do + source $ENVFILE + break +done + +# Grab ansible requirements +echo "Installing devkit's required ansible roles" +ansible-galaxy install -r ${DEVKIT_DIR}/ansible/requirements.yml + +echo "Devkit zone setup complete" diff --git a/vagrant/prebuilt/Vagrantfile b/vagrant/prebuilt/Vagrantfile new file mode 100755 index 0000000..f771763 --- /dev/null +++ b/vagrant/prebuilt/Vagrantfile @@ -0,0 +1,88 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# -*- mode: ruby -*- +# # vi: set ft=ruby : +Vagrant.require_version ">= 1.6.0" +yaml_conf = YAML.load_file('config.yml') + +Vagrant.configure("2") do |config| + + # always use Vagrant's insecure key + config.ssh.insert_key = false + + # plugin conflict + if Vagrant.has_plugin?("vagrant-vbguest") then + config.vbguest.auto_update = false + end + + yaml_conf["boxen"].each do |box| + config.vm.define box["name"] do |conf| + conf.vm.box = box["box"] + conf.vm.box_version = ">= 1151.0.0" + conf.vm.box_url = "http://stable.release.core-os.net/amd64-usr/current/coreos_production_vagrant.json" + + ["vmware_fusion", "vmware_workstation"].each do |vmware| + conf.vm.provider vmware do |v, override| + v.vmx['numvcpus'] = box["cpus"] + v.vmx['memsize'] = box["memory"] + v.gui = false + + override.vm.box_url = "http://%s.release.core-os.net/amd64-usr/current/coreos_production_vagrant_vmware_fusion.json" % $update_channel + end # vmware + end # override + + conf.vm.provider :virtualbox do |v| + v.cpus = box["cpus"] + v.gui = false + v.memory = box["memory"] + + # On VirtualBox, we don't have guest additions or a functional vboxsf + # in CoreOS, so tell Vagrant that so it can be smarter. + v.check_guest_additions = false + v.functional_vboxsf = false + end # v + + conf.vm.network :private_network, :ip => box["ips"][0] + conf.vm.provision "ansible" do |ansible| + ansible.extra_vars = { hosts: yaml_conf["hosts"]} + ansible.playbook = "../../ansible/infrastructure.yml" + end # ansible + end # conf + end # box +end # config diff --git a/vagrant/prebuilt/config.yml b/vagrant/prebuilt/config.yml new file mode 100755 index 0000000..5cb0ad9 --- /dev/null +++ b/vagrant/prebuilt/config.yml @@ -0,0 +1,75 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +boxen: + - name: ceph-01 + box: centos/7 + ips: ["10.252.0.21", "10.220.220.21"] + cpus: 2 + cpu: 50 + memory: 1024 + macs: ["0800276695A1","0800276695A2"] + groups: ["ceph", "osds", "mons", "rgws", "rbdhost", "centos"] + + - name: coreos-01 + box: coreos-stable + cpus: 1 + cpu: 50 + memory: 2048 + macs: ["08002766959E","08002766958E"] + ips: ["10.252.0.12", "10.220.220.12"] + groups: ["coreos", "container-hosts", "fleetctl-host"] + +hosts: + - name: coreos-01 + ssh_ip: 10.0.2.15 + mac: 08:00:27:66:95:9E + dnsmasq_config: + - "08:00:27:66:95:9E,10.252.0.12,coreos-01,infinite,set:coreos" + - "08:00:27:66:95:8E,10.220.220.12,coreos-01,infinite,set:coreos" + os: coreos + role: controller + etcd_role: member + + - name: ceph-01 + ssh_ip: 10.0.2.15 + dnsmasq_config: + - "08:00:27:66:95:A1,10.252.0.21,ceph-01,infinite" + os: centos + role: "" + etcd_role: "" diff --git a/vagrant/pxe/Vagrantfile b/vagrant/pxe/Vagrantfile new file mode 100755 index 0000000..bd860f9 --- /dev/null +++ b/vagrant/pxe/Vagrantfile @@ -0,0 +1,121 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# -*- mode: ruby -*- +# # vi: set ft=ruby : +require_relative 'lib/vagrant_provision.rb' + +Vagrant.require_version ">= 1.6.0" +if ENV["VVP_DEVKIT"].nil? or ENV["VVP_DEVKIT"].downcase == "single" + yaml_conf = YAML.load_file(File.join(File.dirname(__FILE__),'single_node_config.yml')) +else + yaml_conf = YAML.load_file(File.join(File.dirname(__FILE__),'multi_node_config.yml')) +end + +Vagrant.configure("2") do |config| + + # always use Vagrant's insecure key + config.ssh.insert_key = false + + # plugin conflict + if Vagrant.has_plugin?("vagrant-vbguest") then + config.vbguest.auto_update = false + end + + yaml_conf["boxen"].each do |box| + config.vm.define box["name"] do |conf| + conf.vm.box = box["box"] + conf.vm.network :forwarded_port, guest: 22, host: box["vagrant_ssh_port"], id: "ssh" + conf.vm.box_check_update = false + conf.vm.synced_folder '.', '/vagrant', disabled: true + ["vmware_fusion", "vmware_workstation"].each do |vmware| + conf.vm.provider vmware do |v, override| + v.vmx['numvcpus'] = box["cpus"] + v.vmx['memsize'] = box["memory"] + v.gui = false + + override.vm.box_url = "http://%s.release.core-os.net/amd64-usr/current/coreos_production_vagrant_vmware_fusion.json" % $update_channel + end # vmware + end # override + + conf.vm.provider :virtualbox do |v| + v.cpus = box["cpus"] + v.gui = false + v.memory = box["memory"] + + # On VirtualBox, we don't have guest additions or a functional vboxsf + # in CoreOS, so tell Vagrant that so it can be smarter. + v.check_guest_additions = false + v.functional_vboxsf = false + + if box["groups"].include? "coreos" then + # Vagrant overrides Virtualbox's default which causes 5-10s slowdown for + # dns queries in kubernetes containers. Turn it back off! + v.customize ["modifyvm", :id, "--natdnsproxy1", "off"] + v.customize ["modifyvm", :id, "--natdnshostresolver1", "off"] + end + + # TODO: move to custom ceph image if possible + ceph_disk = File.join(File.dirname(__FILE__), 'files', 'ceph_disk.vdi') + if box["groups"].include? "osds" then + v.customize ['createhd', '--filename', ceph_disk, '--size', 500 * 1024] unless File.exists? ceph_disk + v.customize ['storageattach', :id, '--storagectl', "IDE", '--port', 1, '--device', 0, '--type', 'hdd', '--medium', ceph_disk] + end + + end # v + + conf.vm.network :private_network, + :adapter => 2, + :ip => box["ips"][0], + :mac => box["macs"][0], + :nic_type => "virtio" + + conf.vm.network :private_network, + :adapter => 3, + :ip => box["ips"][1], + :mac => box["macs"][1], + :nic_type => "virtio", + :type => :static + + if box["groups"].include? "centos" then + conf.vm.provision "shell", inline: "systemctl restart NetworkManager; ifdown eth1; ifup eth1" + end + provision(box, yaml_conf["boxen"], yaml_conf["hosts"], conf) + end # conf + end # box +end # config diff --git a/vagrant/pxe/lib/vagrant_provision.rb b/vagrant/pxe/lib/vagrant_provision.rb new file mode 100755 index 0000000..67ccb63 --- /dev/null +++ b/vagrant/pxe/lib/vagrant_provision.rb @@ -0,0 +1,71 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +require "pathname" + +def provision(box, boxen, hosts, conf) + + ansible_groups = Hash.new { |h,k| h[k] = [] } + boxen.each do |box| + box["groups"].each do |group| + ansible_groups[group] << box["name"] + end + end + + defined_vms = boxen.map {|b| b["name"]} + + requested_vms = defined_vms & ARGV + if requested_vms.empty? + requested_vms = defined_vms + end + + provisioning_groups = [ 'bootstrap', 'ceph', 'container-hosts' ] + provisioning_group = (box["groups"] & provisioning_groups).last + return unless provisioning_group + return unless box["name"] == (requested_vms & ansible_groups[provisioning_group]).last + + conf.vm.provision "ansible" do |ansible| + # note: ansible is launched from root_path, so paths specified here are relative to that. + ansible.extra_vars = {hosts: hosts} + ansible.groups = ansible_groups + ansible.limit = [provisioning_group,"127.0.0.1"] + ansible.playbook = Pathname(ENV["ANSIBLE_CONFIG"]).parent.join("infrastructure.yml").to_path + ansible.vault_password_file = ENV["ANSIBLE_VAULT_PASSWORD_FILE"] + ansible.inventory_path = Pathname(ENV["DEVKIT_ZONE_DIR"]).join("inventory").to_path + end +end # ansible diff --git a/vagrant/pxe/multi_node_config.yml b/vagrant/pxe/multi_node_config.yml new file mode 100755 index 0000000..2f92e52 --- /dev/null +++ b/vagrant/pxe/multi_node_config.yml @@ -0,0 +1,127 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +boxen: + - name: ops-01 + box: centos/7 + ips: ['10.252.0.2', "10.220.220.2"] + macs: [] + cpus: 2 + cpu: "50" + memory: "1024" + groups: ["bootstrap", "centos",] + vagrant_ssh_port: 2502 + + - name: ceph-01 + box: centos/7 + ips: ["10.252.0.21", "10.220.220.21"] + cpus: 2 + cpu: 50 + memory: 1024 + macs: ["0800276695A1","0800276695A2"] + groups: ["ceph", "osds", "mons", "rgws", "rbdhost", "centos"] + vagrant_ssh_port: 2521 + + - name: coreos-01 + box: vvp-empty + cpus: 1 + cpu: 50 + memory: 2048 + macs: ["08002766959E","08002766958E"] + ips: ["10.252.0.12", "10.220.220.12"] + groups: ["coreos", "container-hosts", "fleetctl-host"] + vagrant_ssh_port: 2512 + + - name: coreos-02 + box: vvp-empty + cpus: 1 + cpu: "50" + memory: "2048" + macs: ["08002766959F", "08002766958F"] + ips: ["10.252.0.13", "10.220.220.13"] + groups: ["coreos", "container-hosts",] + vagrant_ssh_port: 2513 + + - name: coreos-03 + box: vvp-empty + cpus: 1 + cpu: "50" + memory: "2048" + macs: ["0800276695A0","0800276695A3"] + ips: ["10.252.0.14", "10.220.220.14"] + groups: ["coreos", "container-hosts",] + vagrant_ssh_port: 2514 + +hosts: + - name: "coreos-01" + ssh_ip: 10.0.2.15 + mac: "08:00:27:66:95:9E" + dnsmasq_config: + - "08:00:27:66:95:9E,10.252.0.12,coreos-01,infinite,set:coreos" + - "08:00:27:66:95:8E,10.220.220.12,coreos-01,infinite,set:coreos" + os: coreos + role: controller + etcd_role: member + + - name: "coreos-02" + ssh_ip: 10.0.2.15 + mac: "08:00:27:66:95:9F" + dnsmasq_config: + - "08:00:27:66:95:9F,10.252.0.13,coreos-02,infinite,set:coreos" + - "08:00:27:66:95:8F,10.220.220.13,coreos-02,infinite,set:coreos" + os: coreos + role: worker + etcd_role: member + + - name: "coreos-03" + ssh_ip: 10.0.2.15 + mac: "08:00:27:66:95:A0" + dnsmasq_config: + - "08:00:27:66:95:A0,10.252.0.14,coreos-03,infinite,set:coreos" + - "08:00:27:66:95:A3,10.220.220.14,coreos-03,infinite,set:coreos" + os: coreos + role: worker + etcd_role: member + + - name: "ceph-01" + ssh_ip: 10.0.2.15 + dnsmasq_config: + - "08:00:27:66:95:A1,10.252.0.21,ceph-01,infinite" + os: centos + role: "" + etcd_role: "" diff --git a/vagrant/pxe/single_node_config.yml b/vagrant/pxe/single_node_config.yml new file mode 100755 index 0000000..17ff408 --- /dev/null +++ b/vagrant/pxe/single_node_config.yml @@ -0,0 +1,88 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +boxen: + - name: ops-01 + box: centos/7 + ips: ['10.252.0.2', "10.220.220.2"] + macs: [] + cpus: 1 + cpu: "50" + memory: "1024" + groups: ["bootstrap", "centos",] + vagrant_ssh_port: 2502 + + - name: ceph-01 + box: centos/7 + ips: ["10.252.0.21", "10.220.220.21"] + cpus: 2 + cpu: 50 + memory: 1024 + macs: ["0800276695A1","0800276695A2"] + groups: ["ceph", "osds", "mons", "rgws", "rbdhost", "centos"] + vagrant_ssh_port: 2521 + + - name: coreos-01 + box: vvp-empty + cpus: 1 + cpu: 50 + memory: 4096 + macs: ["08002766959E","08002766958E"] + ips: ["10.252.0.12", "10.220.220.12"] + groups: ["coreos", "container-hosts", "fleetctl-host"] + vagrant_ssh_port: 2512 + + +hosts: + - name: "coreos-01" + ssh_ip: 10.0.2.15 + mac: "08:00:27:66:95:9E" + dnsmasq_config: + - "08:00:27:66:95:9E,10.252.0.12,coreos-01,infinite,set:coreos" + - "08:00:27:66:95:8E,10.220.220.12,coreos-01,infinite,set:coreos" + os: coreos + role: controller + etcd_role: member + + - name: "ceph-01" + ssh_ip: 10.0.2.15 + dnsmasq_config: + - "08:00:27:66:95:A1,10.252.0.21,ceph-01,infinite" + os: centos + role: "" + etcd_role: "" diff --git a/zones/development/devkit_environment_multi b/zones/development/devkit_environment_multi new file mode 100755 index 0000000..a6bde88 --- /dev/null +++ b/zones/development/devkit_environment_multi @@ -0,0 +1,47 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +export DEVKIT_NAME="Vagrant Multi" +export VVP_DEVKIT=multi +export DEVKIT_ZONE_DIR=${DEVKIT_DIR}/zones/development +export VVP_DEVKIT_VAGRANT_PROVISION=true +export VAGRANT_CWD=${DEVKIT_DIR}/vagrant/pxe +export ANSIBLE_INVENTORY_DIR=${DEVKIT_ZONE_DIR}/inventory +export ANSIBLE_VAULT_PASSWORD_FILE=${DEVKIT_ZONE_DIR}/.vault_password +export ANSIBLE_CONFIG=${DEVKIT_DIR}/ansible/ansible.cfg +export KUBECONFIG=${DEVKIT_ZONE_DIR}/k8/kubeconfig diff --git a/zones/development/devkit_environment_single b/zones/development/devkit_environment_single new file mode 100755 index 0000000..28eef6f --- /dev/null +++ b/zones/development/devkit_environment_single @@ -0,0 +1,47 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +export DEVKIT_NAME="Vagrant Single" +export VVP_DEVKIT=single +export DEVKIT_ZONE_DIR=${DEVKIT_DIR}/zones/development +export VVP_DEVKIT_VAGRANT_PROVISION=true +export VAGRANT_CWD=${DEVKIT_DIR}/vagrant/pxe +export ANSIBLE_INVENTORY_DIR=${DEVKIT_ZONE_DIR}/inventory +export ANSIBLE_VAULT_PASSWORD_FILE=${DEVKIT_ZONE_DIR}/.vault_password +export ANSIBLE_CONFIG=${DEVKIT_DIR}/ansible/ansible.cfg +export KUBECONFIG=${DEVKIT_ZONE_DIR}/k8/kubeconfig diff --git a/zones/development/inventory/group_vars/all/all.yml b/zones/development/inventory/group_vars/all/all.yml new file mode 100755 index 0000000..905d7f6 --- /dev/null +++ b/zones/development/inventory/group_vars/all/all.yml @@ -0,0 +1,88 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +hosts: + - name: "coreos-01" + ssh_ip: 10.0.2.15 + mac: "08:00:27:66:95:9E" + dnsmasq_config: + - "08:00:27:66:95:9E,10.252.0.12,coreos-01,infinite,set:coreos" + - "08:00:27:66:95:8E,10.220.220.12,coreos-01,infinite,set:coreos" + os: coreos + role: controller + etcd_role: member + + - name: "coreos-02" + ssh_ip: 10.0.2.15 + mac: "08:00:27:66:95:9F" + dnsmasq_config: + - "08:00:27:66:95:9F,10.252.0.13,coreos-02,infinite,set:coreos" + - "08:00:27:66:95:8F,10.220.220.13,coreos-02,infinite,set:coreos" + os: coreos + role: worker + etcd_role: member + + - name: "coreos-03" + ssh_ip: 10.0.2.15 + mac: "08:00:27:66:95:A0" + dnsmasq_config: + - "08:00:27:66:95:A0,10.252.0.14,coreos-03,infinite,set:coreos" + - "08:00:27:66:95:A3,10.220.220.14,coreos-03,infinite,set:coreos" + os: coreos + role: worker + etcd_role: member + + - name: "ceph-01" + ssh_ip: 10.0.2.15 + dnsmasq_config: + - "08:00:27:66:95:A1,10.252.0.21,ceph-01,infinite" + os: centos + role: "" + etcd_role: "" +ice_environment: development +domain: development.vvp.example.com +k8s_controller_port: 8443 + +fetch_directory: "{{inventory_dir}}/../fetch" +mon_ips: + - 10.252.0.21 +rgws: + - name: ceph-01 + ip: 10.252.0.21 +radosgw_civetweb_port: "8080" diff --git a/zones/development/inventory/group_vars/all/rgws.yml b/zones/development/inventory/group_vars/all/rgws.yml new file mode 100755 index 0000000..5835a49 --- /dev/null +++ b/zones/development/inventory/group_vars/all/rgws.yml @@ -0,0 +1,42 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +# Note this will break if facts on rgws hosts are not collected. But we shouldn't need this for rendering anymore. +radosgw_civetweb_bind_ip: "{{ hostvars[inventory_hostname]['ansible_' + monitor_interface]['ipv4']['address'] }}" +radosgw_s3_auth_use_keystone: false diff --git a/zones/development/inventory/group_vars/all/unencrypted_vault.yml b/zones/development/inventory/group_vars/all/unencrypted_vault.yml new file mode 100755 index 0000000..d967071 --- /dev/null +++ b/zones/development/inventory/group_vars/all/unencrypted_vault.yml @@ -0,0 +1,117 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +--- +# cert for secure https +# https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl#10176685 +# site_pem_cert: +# site_pem_key: +# site_pem: | +# {{site_pem_cert}} +# {{site_pem_key}} +site_pem: + +# EM database +vault_em_postgresql_user: em_postgresuser +vault_em_postgresql_password: em_postgrespass + +# CMS database +vault_cms_postgresql_user: cms_postgresuser +vault_cms_postgresql_password: cms_postgrespass + +# EM Secret Key +# >>> from django.core.management.utils import get_random_secret_key +# >>> get_random_secret_key() +vault_em_secret_key: "#91e__w3k=781@y(e_#6hu6t&h254#u)&bj+m9thx%k!6^*06r" + +# Information for sending email from the platform +vault_email_host: 'localhost' +vault_email_host_user: +vault_email_host_password: + +# pwgen -1 32 +vault_engagementmgr_webhook_token: Aip7ohx1eiHaeshoh9shailu9eex7tha + +# pwgen -1 20 +vault_gitlab_authentication_token: jadu6yohjaiy8Wob0IeK + +#pwget -1 16 +vault_jenkins_admin_password: koiyeBaiTh3kaiNg +vault_gitlab_admin_password: ao6ij6wohWeiqu4e + +# python3 -c 'import bcrypt as b;print(b.hashpw(b"<password>",b.gensalt(rounds=10, prefix=b"2a")).decode())' +vault_jenkins_admin_password_hash: $10$n2WJZasbQkd8PdySxQDo1uB67Wv7QfG0tvKuidbLC4w1Ss6p3eZEq + +# ssh-keygen -t ed25519 +vault_jenkins_deploy_key: | + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACCD10jzo4iRf1xm63IlLHJFy5T+AhRufzvKvgi0HpgTUAAAAJjWwJd91sCX + fQAAAAtzc2gtZWQyNTUxOQAAACCD10jzo4iRf1xm63IlLHJFy5T+AhRufzvKvgi0HpgTUA + AAAEAWFKMWLl6FgEBug971+atNYBt8GduWzCYgt/j9Tu4Sh4PXSPOjiJF/XGbrciUsckXL + lP4CFG5/O8q+CLQemBNQAAAAE3BhdWxAUGF1bCdzIE1hYyBQcm8BAg== + -----END OPENSSH PRIVATE KEY----- +vault_jenkins_deploy_key_pub: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPXSPOjiJF/XGbrciUsckXLlP4CFG5/O8q+CLQemBNQ + +#CI application +vault_ci_sqlite_user: cidbuser +vault_ci_postgresql_password: cidbpass +vault_ci_admin_user: ciadminuser +vault_ci_admin_mail: ciadminmail@example.com +vault_ci_admin_password: ciadminpass + +vault_cms_secret_key: (+dm_rj(005=^evzesd3#xpy$-$c^j#clzilbx&_=0lh7o-34# +vault_cms_nevercache_key: a_j-g5h+3)o@2wiasmbg(huxpujh=95(p-$vz1xj&t+m)+-u84 + +#CMS application +vault_cms_app_user: cmsappuser +vault_cms_app_user_password: cmsappuserpassword +vault_cms_app_user_mail: cmsappuser@example.com +# pwgen -1 40 +vault_cms_app_client_id: EeB4Xeimooc6xieSeeKah8dae1eipae4otaeshee +# pwgen -1 128 +vault_cms_app_client_secret: haiMoopieZee1wei3lef4gaeyia2vahwohth0maid9ith2pheeshaithuToor2Johshei5baey7Eiquaetheib8quaiquee7phiath7eub2aiNaic3ou9vaizebeiF5u +vault_haproxy_user: haproxyuser +vault_haproxy_pass: haproxypass + +# simplifies conditionals that check for e.g. 'vault_slack_tokens.notifications is defined' +vault_slack_tokens: + +# Rados Gateway (Amazon S3-protocol Ceph interface) +vault_aws_access_key_id: 2ZB19U9D8K6XVJG75VX0 +vault_aws_secret_access_key: 7xVWeqsLIotKOua0xvhapIsCt1VU0x6M2E4fTRKO diff --git a/zones/development/inventory/group_vars/bootstrap.yml b/zones/development/inventory/group_vars/bootstrap.yml new file mode 100755 index 0000000..e1b4d77 --- /dev/null +++ b/zones/development/inventory/group_vars/bootstrap.yml @@ -0,0 +1,82 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +coreos_channel: "stable" +coreos_version: "1409.7.0" +k8s_version: "v1.5.2_coreos.2" +container_runtime: docker +ops_public_interface: eth2 +ops_management_interface: eth1 +ops_management_ip: 10.252.0.2 + +flanneld_interface: eth1 +dhcp_ranges: + - 10.252.0.10,10.252.0.200,255.255.255.0,12h + - 10.220.220.10,10.220.220.200,255.255.255.0,12h +additional_interfaces: + eth2: 10.220.220.2/24 +additional_gateways: + eth1: "" + eth2: "" +manually_grow_root: false +pxe_boot: true +pxe_chainload: true +mounts: [] +disks: + - device: /dev/sda + wipe_table: true + partitions: + - label: ROOT + number: 0 + +filesystems: + - device: "/dev/sda9" + format: "ext4" + create: + force: true + options: + - "-LROOT" + +deploy_jeeves: False +ssh_keys: + - "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" +k8s_apiserver_advertise_address: 10.252.0.12 +matchbox_dir: "{{files_dir}}/matchbox" +files_dir: /opt/ice-devkit +assets_dir: "{{files_dir}}/assets" +coreos_assets_dir: "{{assets_dir}}/coreos/{{coreos_version}}" diff --git a/zones/development/inventory/group_vars/local.yml b/zones/development/inventory/group_vars/local.yml new file mode 100755 index 0000000..5e42769 --- /dev/null +++ b/zones/development/inventory/group_vars/local.yml @@ -0,0 +1,72 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +enable_liveness_probes: false +container_uri: example.com/vvp +container_tag: develop +k8_config_dir: "{{inventory_dir}}/../k8" +external_ips: +- 10.220.220.12 +- 10.220.220.13 +- 10.220.220.14 +internal_ips: + - 10.252.0.12 + - 10.252.0.13 + - 10.252.0.14 +git_dns_name: dev-git.vvp.example.com +ci_dns_name: dev-ci.vvp.example.com +s3_dns_name: dev-s3.vvp.example.com +cms_dns_name: dev-cms.vvp.example.com +em_domain_name: development.vvp.example.com +django_debug_mode: True +livenessProbe_initialDelaySeconds: + gitlab: 300 + postgresql: 240 + em: 120 +em_internal_dns_name: dev-em.vvp.example.com +jenkins_admin_config_xml: | + <?xml version='1.0' encoding='UTF-8'?> + <user> + <fullName>admin</fullName> + <description></description> + <properties> + <hudson.security.HudsonPrivateSecurityRealm_-Details> + <passwordHash>#jbcrypt:{{vault_jenkins_admin_password_hash}}</passwordHash> + </hudson.security.HudsonPrivateSecurityRealm_-Details> + </properties> + </user> diff --git a/zones/development/inventory/group_vars/mons.yml b/zones/development/inventory/group_vars/mons.yml new file mode 100755 index 0000000..a41ca48 --- /dev/null +++ b/zones/development/inventory/group_vars/mons.yml @@ -0,0 +1,66 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +ceph_release: jewel +ceph_stable_release: jewel +upgrade_ceph_packages: true +ceph_origin: 'upstream' # or 'distro' +ceph_stable: true # use ceph stable branch +ceph_stable_redhat_distro: el7 +generate_fsid: true +monitor_interface: eth1 +mon_use_fqdn: false # if set to true, the MON name used will be the fqdn in the ceph.conf +journal_size: 10240 +public_network: 10.252.0.0/24 +cluster_network: "{{ public_network }}" +osd_mkfs_type: xfs +osd_mkfs_options_xfs: -f -i size=2048 +osd_mount_options_xfs: noatime,largeio,inode64,swalloc +# ceph osds.yml +fsid: "{{ cluster_uuid.stdout }}" +devices: + - /dev/sdb +osd_auto_discovery: false +journal_collocation: true +raw_multi_journal: false +osd_directory: false +bluestore: false +ceph_conf_overrides: + global: + osd pool default size: 2 + osd pool default min size: 1 diff --git a/zones/development/inventory/group_vars/rbdhost.yml b/zones/development/inventory/group_vars/rbdhost.yml new file mode 100755 index 0000000..3ec55e2 --- /dev/null +++ b/zones/development/inventory/group_vars/rbdhost.yml @@ -0,0 +1,56 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +rbd_volumes: + - mount: "jenkins" + size: 25000 + type: xfs + directories: + - name: / + owner: 1000 + group: 1000 + - mount: "gitlab" + size: 25000 + type: xfs + directories: + - var/opt/gitlab + - var/log/gitlab + - etc/gitlab + - mount: "em_postgresql" + size: 25000 + type: xfs diff --git a/zones/development/inventory/inventory b/zones/development/inventory/inventory new file mode 100755 index 0000000..fc7eaed --- /dev/null +++ b/zones/development/inventory/inventory @@ -0,0 +1,78 @@ +# -*- encoding: utf-8 -*- +# ============LICENSE_START======================================================= +# org.onap.vvp/engagementmgr +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# +# Unless otherwise specified, all software contained herein is licensed +# under the Apache License, Version 2.0 (the “License”); +# you may not use this software except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# +# Unless otherwise specified, all documentation contained herein is licensed +# under the Creative Commons License, Attribution 4.0 Intl. (the “License”); +# you may not use this documentation except in compliance with the License. +# You may obtain a copy of the License at +# +# https://creativecommons.org/licenses/by/4.0/ +# +# Unless required by applicable law or agreed to in writing, documentation +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================ +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +ceph-01 ansible_ssh_host=127.0.0.1 ansible_ssh_port=2521 ansible_ssh_user='vagrant' ansible_ssh_private_key_file='~/.vagrant.d/insecure_private_key' +ops-01 ansible_ssh_host=127.0.0.1 ansible_ssh_port=2502 ansible_ssh_user='vagrant' ansible_ssh_private_key_file='~/.vagrant.d/insecure_private_key' +coreos-01 ansible_ssh_host=127.0.0.1 ansible_ssh_port=2512 ansible_ssh_user='vagrant' ansible_ssh_private_key_file='../vagrant/multi-node/.vagrant/machines/coreos-01/virtualbox/private_key' +coreos-02 ansible_ssh_host=127.0.0.1 ansible_ssh_port=2513 ansible_ssh_user='vagrant' ansible_ssh_private_key_file='../vagrant/multi-node/.vagrant/machines/coreos-02/virtualbox/private_key' +coreos-03 ansible_ssh_host=127.0.0.1 ansible_ssh_port=2514 ansible_ssh_user='vagrant' ansible_ssh_private_key_file='../vagrant/multi-node/.vagrant/machines/coreos-03/virtualbox/private_key' + +[local] +localhost + +[bootstrap] +ops-01 + +[centos] +ops-01 +ceph-01 + +[ceph] +ceph-01 + +[osds] +ceph-01 + +[mons] +ceph-01 + +[rgws] +ceph-01 + +[rbdhost] +ceph-01 + +[coreos] +coreos-01 +coreos-02 +coreos-03 + +[container-hosts] +coreos-01 +coreos-02 +coreos-03 |