From a42360700076cda0f5529487d777bc23ef8f6fc5 Mon Sep 17 00:00:00 2001 From: "Fletcher, Stacey (sf5715)" Date: Tue, 7 Jul 2020 08:31:51 -0500 Subject: [PATCH] Airship in a Pod Introduces Airship in pod. This includes: * A base image which sets up common requirements * An image for the libvirt service * An image for building a specified instance of airshipctl * An image for initializing the various libvirt infrastructure required for a deployment * An image which runs the deployment scripts Closes: #313 Change-Id: Ib1114350190b0fe0c0761ff67b38b3eca783161a --- tools/airship-in-a-pod/LICENSE | 201 ++++++++++ tools/airship-in-a-pod/Makefile | 39 ++ tools/airship-in-a-pod/README.md | 82 +++++ tools/airship-in-a-pod/airship-in-a-pod.yaml | 347 ++++++++++++++++++ .../airshipctl-builder/Dockerfile | 30 ++ .../airshipctl-builder/assets/entrypoint.sh | 38 ++ tools/airship-in-a-pod/base/Dockerfile | 44 +++ tools/airship-in-a-pod/base/signal_complete | 9 + tools/airship-in-a-pod/base/wait_for | 22 ++ .../airship-in-a-pod/infra-builder/Dockerfile | 22 ++ .../infra-builder/assets/entrypoint.sh | 23 ++ .../opt/ansible/playbooks/build-infra.yaml | 23 ++ .../roles/build-infra/defaults/main.yaml | 64 ++++ .../roles/build-infra/tasks/create-vm.yaml | 59 +++ .../tasks/create-worker-nodes.yaml | 20 + .../roles/build-infra/tasks/main.yaml | 93 +++++ .../build-infra/templates/air_nat.xml.j2 | 10 + .../build-infra/templates/air_prov.xml.j2 | 7 + .../build-infra/templates/default.xml.j2 | 6 + .../templates/default_network.xml.j2 | 9 + .../roles/install-kustomize/defaults/main.yml | 17 + .../roles/install-kustomize/tasks/main.yaml | 24 ++ tools/airship-in-a-pod/libvirt/Dockerfile | 34 ++ .../libvirt/assets/etc/systemd/journald.conf | 43 +++ .../system/libvirtd.service.d/10-logs.conf | 3 + .../libvirtd.service.d/20-poweroff.conf | 2 + .../system/virtlogd.service.d/10-logs.conf | 2 + tools/airship-in-a-pod/runner/Dockerfile | 28 ++ .../runner/assets/entrypoint.sh | 70 ++++ 29 files changed, 1371 insertions(+) create mode 100644 tools/airship-in-a-pod/LICENSE create mode 100644 tools/airship-in-a-pod/Makefile create mode 100644 tools/airship-in-a-pod/README.md create mode 100644 tools/airship-in-a-pod/airship-in-a-pod.yaml create mode 100644 tools/airship-in-a-pod/airshipctl-builder/Dockerfile create mode 100755 tools/airship-in-a-pod/airshipctl-builder/assets/entrypoint.sh create mode 100644 tools/airship-in-a-pod/base/Dockerfile create mode 100755 tools/airship-in-a-pod/base/signal_complete create mode 100755 tools/airship-in-a-pod/base/wait_for create mode 100644 tools/airship-in-a-pod/infra-builder/Dockerfile create mode 100755 tools/airship-in-a-pod/infra-builder/assets/entrypoint.sh create mode 100644 tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/build-infra.yaml create mode 100644 tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/defaults/main.yaml create mode 100644 tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/tasks/create-vm.yaml create mode 100644 tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/tasks/create-worker-nodes.yaml create mode 100644 tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/tasks/main.yaml create mode 100644 tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/templates/air_nat.xml.j2 create mode 100644 tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/templates/air_prov.xml.j2 create mode 100644 tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/templates/default.xml.j2 create mode 100644 tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/templates/default_network.xml.j2 create mode 100644 tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/install-kustomize/defaults/main.yml create mode 100644 tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/install-kustomize/tasks/main.yaml create mode 100644 tools/airship-in-a-pod/libvirt/Dockerfile create mode 100644 tools/airship-in-a-pod/libvirt/assets/etc/systemd/journald.conf create mode 100644 tools/airship-in-a-pod/libvirt/assets/usr/lib/systemd/system/libvirtd.service.d/10-logs.conf create mode 100644 tools/airship-in-a-pod/libvirt/assets/usr/lib/systemd/system/libvirtd.service.d/20-poweroff.conf create mode 100644 tools/airship-in-a-pod/libvirt/assets/usr/lib/systemd/system/virtlogd.service.d/10-logs.conf create mode 100644 tools/airship-in-a-pod/runner/Dockerfile create mode 100755 tools/airship-in-a-pod/runner/assets/entrypoint.sh diff --git a/tools/airship-in-a-pod/LICENSE b/tools/airship-in-a-pod/LICENSE new file mode 100644 index 000000000..261eeb9e9 --- /dev/null +++ b/tools/airship-in-a-pod/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/tools/airship-in-a-pod/Makefile b/tools/airship-in-a-pod/Makefile new file mode 100644 index 000000000..006d674f9 --- /dev/null +++ b/tools/airship-in-a-pod/Makefile @@ -0,0 +1,39 @@ +IMAGE_REGISTRY ?= quay.io/airshipit +IMAGES := infra-builder airshipctl-builder runner +IMAGE_TAG ?= latest + +PUSH_IMAGES ?= false + +.PHONY: help base libvirt $(IMAGES) build test + +SHELL:=/bin/bash +.ONESHELL: + +help: ## This help. + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z0-9_-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) + +build: base +build: libvirt +build: $(IMAGES) ## Build the containers. + +base: + docker build --tag ianhowell/base:$(IMAGE_TAG) --build-arg BASE_IMAGE=ubuntu:20.04 ./base +ifeq (true, $(PUSH_IMAGES)) + docker push ianhowell/base:$(IMAGE_TAG) +endif + +libvirt: + docker build --tag ianhowell/libvirt:$(IMAGE_TAG) ./libvirt +ifeq (true, $(PUSH_IMAGES)) + docker push ianhowell/libvirt:$(IMAGE_TAG) +endif + +$(IMAGES): + docker build --tag $(IMAGE_REGISTRY)/aiap-$@:$(IMAGE_TAG) ./$@ +ifeq (true, $(PUSH_IMAGES)) + docker push $(IMAGE_REGISTRY)/aiap-$@:$(IMAGE_TAG) +endif + +test: build ## Test airship-in-a-pod + kubectl delete -f airship-in-a-pod.yaml || true + kubectl create -f airship-in-a-pod.yaml diff --git a/tools/airship-in-a-pod/README.md b/tools/airship-in-a-pod/README.md new file mode 100644 index 000000000..c9fa7973d --- /dev/null +++ b/tools/airship-in-a-pod/README.md @@ -0,0 +1,82 @@ +# Airship in a Pod + +Airship in a pod is a Kubernetes pod definition which describes all of the +components required to deploy a fully functioning Airship 2 deployment. The pod +consists of the following "Task" containers: + +* `airshipctl-builder`: This container builds the airshipctl binary and makes it + available to the other containers +* `infra-builder`: This container creates the various virtual networks and + machines required for an Airship deployment +* `runner`: The runner container is the "meat" of the pod, and executes the + deployment + +The pod also contains the following "Support" containers: + +* `libvirt`: This provides virtualisation +* `sushy-tools`: This is used for its BMC emulator +* `docker-in-docker`: This is used for nesting containers* +* `nginx`: This is used for image hosting + + +## Prerequisites + +In order to deploy Airship in a Pod for development, you must first have a +working Kubernetes cluster. This guide assumes that a developer will deploy +using [minikube](https://minikube.sigs.k8s.io/docs/start/): + +``` +sudo -E minikube start --driver=none +``` + +## Usage + +Since Airship in a Pod is just a pod definition, deploying and using it is as +simple as deploying and using any Kubernetes pod. + +#### Deploy the Pod + +``` +kubectl apply -f airship-in-a-pod.yaml +``` + +#### View Pod Logs + +``` +kubectl logs airship-in-a-pod -c $CONTAINER +``` + +#### Interact with the Pod + +``` +kubectl exec -it airship-in-a-pod -c $CONTAINER -- bash +``` + +where `$CONTAINER` is one of the containers listed above. + + +### Output + +Airship-in-a-pod produces the following outputs: + +* The airshipctl repo and associated binary used with the deployment +* A tarball containing the generated ephemeral ISO, as well as the + configuration used during generation. + +These artifacts are placed at `ARTIFACTS_DIR` (defaults to /opt/aiap-artifacts`). + + +### Caching + +As it can be cumbersome and time-consuming to build and rebuild binaries and +images, some options are made available for caching. A developer may re-use +artifacts from previous runs (or provide their own) by placing them in +`CACHE_DIR` (defaults to `/opt/aiap-cache`). Special care is needed for the +caching: + +* If using a cached `airshipctl`, the `airshipctl` binary must be stored in the + `$CACHE_DIR/airshipctl/bin/` directory, and the developer must have set + `USE_CACHED_AIRSHIPCTL` to `true`. +* If using a cached ephemeral iso, the iso must first be contained in a tarball named `iso.tar.gz`, must be stored in the + `$CACHE_DIR/` directory, and the developer must have set + `USE_CACHED_ISO` to `true`. diff --git a/tools/airship-in-a-pod/airship-in-a-pod.yaml b/tools/airship-in-a-pod/airship-in-a-pod.yaml new file mode 100644 index 000000000..817cbb3eb --- /dev/null +++ b/tools/airship-in-a-pod/airship-in-a-pod.yaml @@ -0,0 +1,347 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Pod +metadata: + name: airship-in-a-pod +spec: + hostNetwork: false + restartPolicy: Never + containers: + + - name: libvirt + image: ianhowell/libvirt:latest + tty: true + securityContext: + privileged: true + #SYS_ADMIN required for systemd, need to work out reqs for libvirt + command: + - bash + - -cex + - "exec /usr/lib/systemd/systemd" + env: + - name: container + value: docker + readinessProbe: + exec: + command: + - virsh + - version + initialDelaySeconds: 5 + periodSeconds: 5 + startupProbe: + exec: + command: + - systemctl + - is-active + - --quiet + - libvirtd + initialDelaySeconds: 5 + periodSeconds: 5 + volumeMounts: + - name: var-run-aiap + mountPath: /var/run/aiap/ + - name: dev + mountPath: /dev + - name: tmp + mountPath: /tmp + - name: run + mountPath: /run + - name: var-lib-libvirt-images + mountPath: /var/lib/libvirt/images + - name: var-lib-libvirt-default + mountPath: /var/lib/libvirt/default + - name: var-run-libvirt + mountPath: /var/run/libvirt + - name: sys-fs-cgroup + mountPath: /sys/fs/cgroup + readOnly: false + - name: logs + mountPath: /var/log/ + + - name: sushy + image: quay.io/metal3-io/sushy-tools + command: + - bash + - -cex + - | + tee /csr_details.txt << EOF + [req] + default_bits = 2048 + prompt = no + default_md = sha256 + req_extensions = req_ext + distinguished_name = dn + + [ dn ] + CN = localhost + + [ req_ext ] + subjectAltName = @alt_names + + [ alt_names ] + DNS.1 = 127.0.0.1 + DNS.2 = ::1 + EOF + + openssl req \ + -newkey rsa:2048 \ + -nodes \ + -keyout /airship_gate_redfish_auth.key \ + -x509 \ + -days 365 \ + -out /airship_gate_redfish_auth.pem \ + -config <(cat /csr_details.txt) \ + -extensions 'req_ext' + + # Wait for interface to come up + while ! ping -c1 10.23.25.1 2>&1 >/dev/null; do sleep 1; done + + sushy-emulator \ + --debug \ + --interface 10.23.25.1 \ + --port 8443 \ + --ssl-key /airship_gate_redfish_auth.key \ + --ssl-certificate /airship_gate_redfish_auth.pem || true + + tail -f /dev/null + volumeMounts: + - name: var-run-libvirt + mountPath: /var/run/libvirt + + - name: nginx + image: nginx:latest + command: + - bash + - -cex + - | + tee /etc/nginx/nginx.conf <<'EOF' + user nginx; + worker_processes 1; + error_log /var/log/nginx/error.log warn; + pid /var/run/nginx.pid; + events { + worker_connections 1024; + } + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + access_log /var/log/nginx/access.log main; + sendfile on; + #tcp_nopush on; + keepalive_timeout 65; + #gzip on; + server { + listen 8099; + listen [::]:8099; + server_name localhost; + #charset koi8-r; + #access_log /var/log/nginx/host.access.log main; + location / { + root /srv/images; + autoindex on; + } + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + } + } + EOF + exec nginx -g 'daemon off;' + volumeMounts: + - name: srv + mountPath: /srv/ + + - name: dind + image: docker:stable-dind + securityContext: + privileged: true + volumeMounts: + - name: var-run-aiap + mountPath: /var/run/aiap/ + - name: dind-storage + mountPath: /var/lib/docker + - name: var-run-docker + mountPath: /var/run/ + - name: srv + mountPath: /srv/ + + - name: airshipctl-builder + image: quay.io/airshipit/aiap-airshipctl-builder:latest + command: + - bash + - -cex + - | + /entrypoint.sh || true + tail -f /dev/null + readinessProbe: + exec: + command: + - test + - -e + - /tmp/completed/airshipctl-builder + env: + - name: CACHE_DIR + value: /opt/aiap-cache + - name: USE_CACHED_AIRSHIPCTL + value: "false" + - name: ARTIFACTS_DIR + value: /opt/aiap-artifacts + - name: AIRSHIPCTL_REPO + value: https://review.opendev.org/airship/airshipctl + - name: AIRSHIPCTL_REF + value: master + volumeMounts: + - name: tmp + mountPath: /tmp + - name: cache + mountPath: /opt/aiap-cache + - name: artifacts + mountPath: /opt/aiap-artifacts + - name: completed + mountPath: /tmp/completed + - name: var-run-docker + mountPath: /var/run + + - name: infra-builder + image: quay.io/airshipit/aiap-infra-builder:latest + securityContext: + privileged: true + command: + - bash + - -cex + - | + /entrypoint.sh || true + tail -f /dev/null + readinessProbe: + exec: + command: + - test + - -e + - /tmp/completed/infra-builder + env: + - name: CACHE_DIR + value: /opt/aiap-cache + - name: ARTIFACTS_DIR + value: /opt/aiap-artifacts + volumeMounts: + - name: cache + mountPath: /opt/aiap-cache + - name: artifacts + mountPath: /opt/aiap-artifacts + - name: completed + mountPath: /tmp/completed + - name: tmp + mountPath: /tmp + - name: var-run-aiap + mountPath: /var/run/aiap/ + - name: var-lib-libvirt-images + mountPath: /var/lib/libvirt/images + - name: var-lib-libvirt-default + mountPath: /var/lib/libvirt/default + - name: var-run-libvirt + mountPath: /var/run/libvirt + - name: logs + mountPath: /var/log/ + - name: var-run-docker + mountPath: /var/run + + - name: runner + image: quay.io/airshipit/aiap-runner:latest + command: + - bash + - -cex + - | + /entrypoint.sh || true + tail -f /dev/null + readinessProbe: + exec: + command: + - test + - -e + - /tmp/completed/runner + initialDelaySeconds: 600 + periodSeconds: 30 + env: + - name: CACHE_DIR + value: /opt/aiap-cache + - name: ARTIFACTS_DIR + value: /opt/aiap-artifacts + - name: USE_CACHED_ISO + value: "false" + volumeMounts: + - name: cache + mountPath: /opt/aiap-cache + - name: artifacts + mountPath: /opt/aiap-artifacts + - name: completed + mountPath: /tmp/completed + - name: tmp + mountPath: /tmp + - name: var-run-aiap + mountPath: /var/run/aiap/ + - name: srv + mountPath: /srv/ + - name: run + mountPath: /run + - name: var-run-libvirt + mountPath: /var/run/libvirt + - name: logs + mountPath: /var/log/ + - name: var-run-docker + mountPath: /var/run + + volumes: + - name: cache + hostPath: + path: /opt/aiap-cache + - name: artifacts + hostPath: + path: /opt/aiap-artifacts + - name: completed + emptyDir: {} + - name: dev + hostPath: + path: /dev + - name: tmp + emptyDir: + medium: "Memory" + - name: run + emptyDir: + medium: "Memory" + - name: var-lib-libvirt-images + emptyDir: {} + - name: var-lib-libvirt-default + emptyDir: {} + - name: var-run-libvirt + emptyDir: + medium: "Memory" + - name: var-run-aiap + emptyDir: + medium: "Memory" + - name: sys-fs-cgroup + hostPath: + path: /sys/fs/cgroup + - name: srv + emptyDir: {} + - name: logs + emptyDir: {} + - name: var-run-docker + emptyDir: + medium: "Memory" + - name: dind-storage + emptyDir: {} diff --git a/tools/airship-in-a-pod/airshipctl-builder/Dockerfile b/tools/airship-in-a-pod/airshipctl-builder/Dockerfile new file mode 100644 index 000000000..0815daa74 --- /dev/null +++ b/tools/airship-in-a-pod/airshipctl-builder/Dockerfile @@ -0,0 +1,30 @@ +FROM ianhowell/base:latest + +SHELL ["bash", "-exc"] +ENV DEBIAN_FRONTEND noninteractive + +ARG USE_CACHED_AIRSHIPCTL="false" +ENV USE_CACHED_AIRSHIPCTL="false" + +ARG AIRSHIPCTL_REPO=https://review.opendev.org/airship/airshipctl +ENV AIRSHIPCTL_REF=$AIRSHIPCTL_REF + +ARG AIRSHIPCTL_REF=master +ENV AIRSHIPCTL_REPO=$AIRSHIPCTL_REPO + +# Update distro and install ansible +RUN apt-get update ;\ + apt-get dist-upgrade -y ;\ + apt-get install -y \ + git \ + apt-transport-https \ + ca-certificates \ + gnupg-agent \ + gettext-base ;\ + rm -rf /var/lib/apt/lists/* + +COPY assets /opt/assets/ +RUN cp -ravf /opt/assets/* / ;\ + rm -rf /opt/assets + +ENTRYPOINT /entrypoint.sh diff --git a/tools/airship-in-a-pod/airshipctl-builder/assets/entrypoint.sh b/tools/airship-in-a-pod/airshipctl-builder/assets/entrypoint.sh new file mode 100755 index 000000000..d041e594b --- /dev/null +++ b/tools/airship-in-a-pod/airshipctl-builder/assets/entrypoint.sh @@ -0,0 +1,38 @@ +#!/bin/bash + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +if [[ "$USE_CACHED_AIRSHIPCTL" = "true" ]] +then + printf "Using cached airshipctl\n" + cp -r "$CACHE_DIR/airshipctl" "$ARTIFACTS_DIR/airshipctl" +else + printf "Waiting 30 seconds for the libvirt, sushy, and docker services to be ready\n" + sleep 30 + + airshipctl_dir="$ARTIFACTS_DIR/airshipctl" + mkdir -p "$airshipctl_dir" + cd "$airshipctl_dir" + + git init + git fetch "$AIRSHIPCTL_REPO" "$AIRSHIPCTL_REF" + git checkout FETCH_HEAD + + ./tools/deployment/21_systemwide_executable.sh + mkdir -p bin + cp "$(which airshipctl)" bin +fi + +/signal_complete airshipctl-builder diff --git a/tools/airship-in-a-pod/base/Dockerfile b/tools/airship-in-a-pod/base/Dockerfile new file mode 100644 index 000000000..87a6e9ddf --- /dev/null +++ b/tools/airship-in-a-pod/base/Dockerfile @@ -0,0 +1,44 @@ +ARG BASE_IMAGE +FROM ${BASE_IMAGE} + +SHELL ["bash", "-exc"] +ENV DEBIAN_FRONTEND noninteractive + +ARG CACHE_DIR=/opt/aiap-cache +ENV CACHE_DIR=$CACHE_DIR + +ARG ARTIFACTS_DIR=/opt/aiap-artifacts +ENV ARTIFACTS_DIR=$ARTIFACTS_DIR + +# Update distro and install common reqs +RUN apt-get update ;\ + apt-get dist-upgrade -y ;\ + apt-get install -y \ + python3-minimal \ + python3-pip \ + python3-setuptools \ + python3-libvirt \ + curl \ + make \ + sudo \ + iproute2 \ + bridge-utils \ + iputils-ping \ + net-tools \ + less \ + jq \ + vim \ + software-properties-common \ + openssh-client ;\ + pip3 install --upgrade wheel ;\ + pip3 install --upgrade ansible ;\ + pip3 install --upgrade yq ;\ + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - ;\ + add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" ;\ + apt-get install -y --no-install-recommends docker-ce-cli ;\ + rm -rf /var/lib/apt/lists/* ; \ + mkdir -p "$ARTIFACTS_DIR" ; \ + mkdir -p "$CACHE_DIR" + +COPY wait_for . +COPY signal_complete . diff --git a/tools/airship-in-a-pod/base/signal_complete b/tools/airship-in-a-pod/base/signal_complete new file mode 100755 index 000000000..d07b51112 --- /dev/null +++ b/tools/airship-in-a-pod/base/signal_complete @@ -0,0 +1,9 @@ +#!/bin/bash + +# signal_complete takes a container name and creates a file in the "completed" +# directory, denoting that the named container has finished its tasks. This can be +# leveraged by dependent containers via the `wait_for` command. + +mkdir -p "/tmp/completed" +touch "/tmp/completed/$1" +printf "Marked %s as complete.\n" "$1" diff --git a/tools/airship-in-a-pod/base/wait_for b/tools/airship-in-a-pod/base/wait_for new file mode 100755 index 000000000..409baec46 --- /dev/null +++ b/tools/airship-in-a-pod/base/wait_for @@ -0,0 +1,22 @@ +#!/bin/bash + +# wait_for takes a list of container names and runs until all of those container names +# appear in the "/tmp/completed" directory. It can be used to prevent a +# container from executing until pre-requisite containers have indicated completion. + +mkdir -p "/tmp/completed" +while true; do + # Assume we're finished, prove otherwise + finished=true + for container in "$@"; do + if [[ ! -e "/tmp/completed/$container" ]]; then + printf "Waiting on '%s'...\n" "$container" + finished=false + sleep 10 + break + fi + done + if $finished; then + break + fi +done diff --git a/tools/airship-in-a-pod/infra-builder/Dockerfile b/tools/airship-in-a-pod/infra-builder/Dockerfile new file mode 100644 index 000000000..c10ccaaf9 --- /dev/null +++ b/tools/airship-in-a-pod/infra-builder/Dockerfile @@ -0,0 +1,22 @@ +FROM ianhowell/base:latest + +SHELL ["bash", "-exc"] +ENV DEBIAN_FRONTEND noninteractive + +# Update distro and install ansible +RUN apt-get update ;\ + apt-get dist-upgrade -y ;\ + apt-get install -y \ + python3-apt \ + python3-lxml \ + virtinst \ + nfs4-acl-tools \ + acl \ + virt-manager;\ + rm -rf /var/lib/apt/lists/* + +COPY assets /opt/assets/ +RUN cp -ravf /opt/assets/* / ;\ + rm -rf /opt/assets + +ENTRYPOINT /entrypoint.sh diff --git a/tools/airship-in-a-pod/infra-builder/assets/entrypoint.sh b/tools/airship-in-a-pod/infra-builder/assets/entrypoint.sh new file mode 100755 index 000000000..46e3ab407 --- /dev/null +++ b/tools/airship-in-a-pod/infra-builder/assets/entrypoint.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +printf "Waiting 30 seconds for the libvirt, sushy, and docker services to be ready\n" +sleep 30 + +ansible-playbook -v /opt/ansible/playbooks/build-infra.yaml \ + -e local_src_dir="$(pwd)" + +/signal_complete infra-builder diff --git a/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/build-infra.yaml b/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/build-infra.yaml new file mode 100644 index 000000000..caec2fe96 --- /dev/null +++ b/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/build-infra.yaml @@ -0,0 +1,23 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +- hosts: localhost + tasks: + + - name: install kustomize + include_role: + name: install-kustomize + + - name: Setup Infrastructure + include_role: + name: build-infra diff --git a/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/defaults/main.yaml b/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/defaults/main.yaml new file mode 100644 index 000000000..b604cb6b7 --- /dev/null +++ b/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/defaults/main.yaml @@ -0,0 +1,64 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +floorplan: + image_pool: "/var/lib/libvirt/images" + default_image_pool: "/var/lib/libvirt/default" + uri: "qemu:///system" + os_variant: "ubuntu18.04" + +ephemeral_node: + name: air-ephemeral + cpu: 4 + ram: 6124 + nat_mac_address: 52:54:00:9b:27:02 + prov_mac_address: 52:54:00:b6:ed:02 + block: + - 20G + +target_nodes: + count: 1 + name: air-target + cpu: 2 + ram: 6124 + nat_mac_address: 52:54:00:9b:27:4c + prov_mac_address: 52:54:00:b6:ed:31 + block: + - 20G + +worker_nodes: + count: 1 + name: air-worker + cpu: 1 + ram: 6124 + nat_mac_address: 52:54:00:9b:27:07 + prov_mac_address: 52:54:00:b6:ed:23 + block: + - 20G + +# 1st item must be the oobm network, 2nd the provisioning +networks: + - name: provisioning + bridge: "air_prov" + ip: + address: "10.23.24.1" + netmask: "255.255.255.0" + - name: nat + bridge: "air_nat" + ip: + address: "10.23.25.1" + netmask: "255.255.255.0" + - name: default + bridge: "default" + ip: + address: "10.23.25.1" + netmask: "255.255.255.0" diff --git a/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/tasks/create-vm.yaml b/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/tasks/create-vm.yaml new file mode 100644 index 000000000..85739493c --- /dev/null +++ b/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/tasks/create-vm.yaml @@ -0,0 +1,59 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- set_fact: + qcow_rand: "{{ 6000 | random }}" + +- name: "Create qemu image extra block devices" + shell: | + qemu-img create \ + -f qcow2 \ + "{{ floorplan.image_pool }}/{{ vm_instance.name }}-{{ seq }}-{{ qcow_rand }}".qcow2 "{{ vm_instance.block[(seq | int)-1] }}" + with_sequence: + start=1 end="{{ (vm_instance.block | length | int ) }}" + loop_control: + loop_var: seq + +- acl: + default: true + path: "{{ floorplan.image_pool }}" + entry: "u:libvirt-qemu:r-x" + state: present + +- name: Define vm xml + shell: | + virt-install \ + --connect "{{ floorplan.uri }}" \ + --os-variant "{{ floorplan.os_variant }}" \ + --machine pc \ + --name "{{ vm_name }}" \ + --memory "{{ vm_instance.ram }}" \ + --network network="air_nat",address.type='pci',address.domain=0,address.bus=0,address.slot=3,address.function=0,mac="{{ vm_instance.nat_mac_address }}" \ + --network network="air_prov",address.type='pci',address.domain=0,address.bus=0,address.slot=4,address.function=0,mac="{{ vm_instance.prov_mac_address }}" \ + --cpu host-passthrough \ + --vcpus "{{ vm_instance.cpu | int }}" \ + --import \ + {% for i in range(1, (vm_instance.block | length | int )+1) %} + --disk "{{ floorplan.image_pool }}/{{ vm_instance.name }}-{{ i }}-{{ qcow_rand }}.qcow2,bus=scsi,format=qcow2" \ + {% endfor %} + --nographics \ + --noautoconsole \ + --print-xml + register: vm_xml + +- debug: + msg: "{{ vm_xml }}" + +- name: Create vm + virt: + command: define + xml: "{{ vm_xml.stdout }}" diff --git a/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/tasks/create-worker-nodes.yaml b/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/tasks/create-worker-nodes.yaml new file mode 100644 index 000000000..f33702d75 --- /dev/null +++ b/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/tasks/create-worker-nodes.yaml @@ -0,0 +1,20 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- debug: + msg: "{{ worker_node }}" + +- name: "Create vms" + include_tasks: create-vm.yaml + with_sequence: start=1 end="{{vm_instance.count | int}}" + loop_control: + loop_var: a_node diff --git a/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/tasks/main.yaml b/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/tasks/main.yaml new file mode 100644 index 000000000..1a8fef274 --- /dev/null +++ b/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/tasks/main.yaml @@ -0,0 +1,93 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- acl: + default: true + path: "{{ floorplan.default_image_pool }}" + entry: "u:libvirt-qemu:r-x" + state: present + +- name: "Define, Build, and Start default storage pool" + block: + - virt_pool: + command: define + name: "{{ item }}" + xml: '{{ lookup("template", "{{ item }}.xml.j2") }}' + with_items: + - default + + - virt_pool: + command: build + name: "{{ item }}" + with_items: + - default + + - virt_pool: + state: active + name: "{{ item }}" + with_items: + - default + + - virt_pool: + command: list_pools + +- name: "Define network, activate, start network pools" + block: + - virt_net: + command: define + xml: '{{ lookup("template", "{{ item }}.xml.j2") }}' + name: "{{ item }}" + with_items: + - "air_prov" + - "air_nat" + + - virt_net: + state: active + name: "{{ item }}" + with_items: + - "default" + - "air_prov" + - "air_nat" + + - virt_net: + name: "{{ item }}" + autostart: true + with_items: + - "default" + - "air_prov" + - "air_nat" + +- name: "Create ephemeral node" + include_tasks: create-vm.yaml + vars: + vm_instance: "{{ ephemeral_node }}" + vm_name: "{{ ephemeral_node.name }}" + +- name: "Create target nodes" + include_tasks: create-vm.yaml + vars: + vm_instance: "{{ target_nodes }}" + vm_name: "{{ target_nodes.name }}-{{ a_node }}" + with_sequence: + start=1 end="{{ (vm_instance.count | int) }}" + loop_control: + loop_var: a_node + +- name: "Create worker nodes" + include_tasks: create-vm.yaml + vars: + vm_instance: "{{ worker_nodes }}" + vm_name: "{{ worker_nodes.name }}-{{ a_node }}" + with_sequence: + start=1 end="{{ (vm_instance.count | int) }}" + loop_control: + loop_var: a_node diff --git a/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/templates/air_nat.xml.j2 b/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/templates/air_nat.xml.j2 new file mode 100644 index 000000000..c37863b84 --- /dev/null +++ b/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/templates/air_nat.xml.j2 @@ -0,0 +1,10 @@ + + air_nat + 667f20da-ad20-4623-bf70-88f6e6dec2d6 + + + + + + + diff --git a/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/templates/air_prov.xml.j2 b/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/templates/air_prov.xml.j2 new file mode 100644 index 000000000..8eb536116 --- /dev/null +++ b/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/templates/air_prov.xml.j2 @@ -0,0 +1,7 @@ + + air_prov + 55739809-1c3a-4c79-b6e7-2607000715da + + + + diff --git a/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/templates/default.xml.j2 b/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/templates/default.xml.j2 new file mode 100644 index 000000000..1d2d250a8 --- /dev/null +++ b/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/templates/default.xml.j2 @@ -0,0 +1,6 @@ + + default + + {{ floorplan.default_image_pool }} + + diff --git a/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/templates/default_network.xml.j2 b/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/templates/default_network.xml.j2 new file mode 100644 index 000000000..2dd3b4573 --- /dev/null +++ b/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/build-infra/templates/default_network.xml.j2 @@ -0,0 +1,9 @@ + + default + 3f11d0fe-6c59-43fb-b22a-4355d57d07fa + + + + + + diff --git a/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/install-kustomize/defaults/main.yml b/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/install-kustomize/defaults/main.yml new file mode 100644 index 000000000..756f87f09 --- /dev/null +++ b/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/install-kustomize/defaults/main.yml @@ -0,0 +1,17 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kustomize_version: v3.8.5 +kustomize_download_url: "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/{{ kustomize_version }}/kustomize_{{ kustomize_version }}_linux_amd64.tar.gz" +proxy: + http: + noproxy: diff --git a/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/install-kustomize/tasks/main.yaml b/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/install-kustomize/tasks/main.yaml new file mode 100644 index 000000000..6add79af6 --- /dev/null +++ b/tools/airship-in-a-pod/infra-builder/assets/opt/ansible/playbooks/roles/install-kustomize/tasks/main.yaml @@ -0,0 +1,24 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: install kustomize binary + shell: | + set -e + curl -sSL {{ kustomize_download_url }} | tar -C /tmp -xzf - + install /tmp/kustomize /usr/local/bin + become: yes + args: + warn: false + environment: + http_proxy: "{{ proxy.http }}" + https_proxy: "{{ proxy.http }}" + no_proxy: "{{ proxy.noproxy }}" diff --git a/tools/airship-in-a-pod/libvirt/Dockerfile b/tools/airship-in-a-pod/libvirt/Dockerfile new file mode 100644 index 000000000..cea9e255f --- /dev/null +++ b/tools/airship-in-a-pod/libvirt/Dockerfile @@ -0,0 +1,34 @@ +FROM ianhowell/base:latest + +SHELL ["bash", "-exc"] +ENV DEBIAN_FRONTEND noninteractive + +RUN apt-get update ;\ + apt-get dist-upgrade -y ;\ + apt-get install -y \ + libvirt-daemon \ + qemu-kvm \ + libvirt-daemon-system \ + bridge-utils \ + libvirt-clients \ + systemd \ + socat ;\ + find /etc/systemd/system \ + /usr/lib/systemd/system \ + -path '*.wants/*' \ + -not -name '*journald*' \ + -not -name '*systemd-tmpfiles*' \ + -not -name '*systemd-user-sessions*' \ + -exec rm \{} \; ;\ + systemctl set-default multi-user.target ;\ + sed -i 's|SocketMode=0660|SocketMode=0666|g' /lib/systemd/system/libvirtd.socket ;\ + systemctl enable libvirtd ;\ + systemctl enable virtlogd ;\ + echo 'user = "root"' >> /etc/libvirt/qemu.conf ;\ + echo 'group = "root"' >> /etc/libvirt/qemu.conf + +COPY assets /opt/assets/ +RUN cp -ravf /opt/assets/* / ;\ + rm -rf /opt/assets + +ENTRYPOINT /bin/systemd diff --git a/tools/airship-in-a-pod/libvirt/assets/etc/systemd/journald.conf b/tools/airship-in-a-pod/libvirt/assets/etc/systemd/journald.conf new file mode 100644 index 000000000..f93d96487 --- /dev/null +++ b/tools/airship-in-a-pod/libvirt/assets/etc/systemd/journald.conf @@ -0,0 +1,43 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See journald.conf(5) for details. + +[Journal] +#Storage=auto +#Compress=yes +#Seal=yes +#SplitMode=uid +#SyncIntervalSec=5m +#RateLimitIntervalSec=30s +#RateLimitBurst=10000 +#SystemMaxUse= +#SystemKeepFree= +#SystemMaxFileSize= +#SystemMaxFiles=100 +#RuntimeMaxUse= +#RuntimeKeepFree= +#RuntimeMaxFileSize= +#RuntimeMaxFiles=100 +#MaxRetentionSec= +#MaxFileSec=1month +#ForwardToSyslog=yes +#ForwardToKMsg=no +ForwardToConsole=yes +#ForwardToWall=yes +TTYPath=/dev/console +#MaxLevelStore=debug +#MaxLevelSyslog=debug +#MaxLevelKMsg=notice +#MaxLevelConsole=info +#MaxLevelWall=emerg +#LineMax=48K +#ReadKMsg=yes diff --git a/tools/airship-in-a-pod/libvirt/assets/usr/lib/systemd/system/libvirtd.service.d/10-logs.conf b/tools/airship-in-a-pod/libvirt/assets/usr/lib/systemd/system/libvirtd.service.d/10-logs.conf new file mode 100644 index 000000000..4b5420ea0 --- /dev/null +++ b/tools/airship-in-a-pod/libvirt/assets/usr/lib/systemd/system/libvirtd.service.d/10-logs.conf @@ -0,0 +1,3 @@ +[Service] +StandardOutput=tty +#FailureAction=poweroff diff --git a/tools/airship-in-a-pod/libvirt/assets/usr/lib/systemd/system/libvirtd.service.d/20-poweroff.conf b/tools/airship-in-a-pod/libvirt/assets/usr/lib/systemd/system/libvirtd.service.d/20-poweroff.conf new file mode 100644 index 000000000..1a7139b45 --- /dev/null +++ b/tools/airship-in-a-pod/libvirt/assets/usr/lib/systemd/system/libvirtd.service.d/20-poweroff.conf @@ -0,0 +1,2 @@ +[Service] +FailureAction=poweroff diff --git a/tools/airship-in-a-pod/libvirt/assets/usr/lib/systemd/system/virtlogd.service.d/10-logs.conf b/tools/airship-in-a-pod/libvirt/assets/usr/lib/systemd/system/virtlogd.service.d/10-logs.conf new file mode 100644 index 000000000..6a396a48e --- /dev/null +++ b/tools/airship-in-a-pod/libvirt/assets/usr/lib/systemd/system/virtlogd.service.d/10-logs.conf @@ -0,0 +1,2 @@ +[Service] +StandardOutput=tty diff --git a/tools/airship-in-a-pod/runner/Dockerfile b/tools/airship-in-a-pod/runner/Dockerfile new file mode 100644 index 000000000..c10a5f1a4 --- /dev/null +++ b/tools/airship-in-a-pod/runner/Dockerfile @@ -0,0 +1,28 @@ +FROM ianhowell/base:latest + +SHELL ["bash", "-exc"] +ENV DEBIAN_FRONTEND noninteractive + +ARG k8s_version=v1.18.3 +ARG kubectl_url=https://storage.googleapis.com/kubernetes-release/release/"${k8s_version}"/bin/linux/amd64/kubectl + +# Update distro and install ansible +RUN apt-get update ;\ + apt-get dist-upgrade -y ;\ + apt-get install -y \ + git \ + git-review \ + apt-transport-https \ + ca-certificates \ + gnupg-agent \ + libvirt-clients \ + gettext-base ;\ + curl -sSLo /usr/local/bin/kubectl "${kubectl_url}" ;\ + chmod +x /usr/local/bin/kubectl ;\ + rm -rf /var/lib/apt/lists/* + +COPY assets /opt/assets/ +RUN cp -ravf /opt/assets/* / ;\ + rm -rf /opt/assets + +ENTRYPOINT /entrypoint.sh diff --git a/tools/airship-in-a-pod/runner/assets/entrypoint.sh b/tools/airship-in-a-pod/runner/assets/entrypoint.sh new file mode 100755 index 000000000..e6aa231c5 --- /dev/null +++ b/tools/airship-in-a-pod/runner/assets/entrypoint.sh @@ -0,0 +1,70 @@ +#!/bin/bash + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +# Wait until airshipctl and libvirt infrastructure has been built +/wait_for airshipctl-builder +/wait_for infra-builder + +export USER=root +# https://github.com/sudo-project/sudo/issues/42 +echo "Set disable_coredump false" >> /etc/sudo.conf + +echo "Installing kustomize" +kustomize_version=v3.8.5 +kustomize_download_url="https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/${kustomize_version}/kustomize_${kustomize_version}_linux_amd64.tar.gz" +curl -sSL "$kustomize_download_url" | tar -C /tmp -xzf - +install /tmp/kustomize /usr/local/bin + +cp "$ARTIFACTS_DIR/airshipctl/bin/airshipctl" /usr/local/bin/airshipctl +cp -r "$ARTIFACTS_DIR/airshipctl/" /opt/airshipctl +cd /opt/airshipctl + + +curl -fsSL -o key.asc https://raw.githubusercontent.com/mozilla/sops/master/pgp/sops_functional_tests_key.asc +SOPS_IMPORT_PGP="$(cat key.asc)" +SOPS_PGP_FP="FBC7B9E2A4F9289AC0C1D4843D16CEE4A27381B4" +export SOPS_IMPORT_PGP SOPS_PGP_FP + +# By default, don't build airshipctl - use the binary from the shared volume instead +# ./tools/deployment/21_systemwide_executable.sh +./tools/deployment/22_test_configs.sh +./tools/deployment/23_pull_documents.sh +./tools/deployment/23_generate_secrets.sh + +sed -i -e 's#bmcAddress: redfish+http://\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\):8000#bmcAddress: redfish+https://10.23.25.1:8443#' /tmp/airship/airshipctl/manifests/site/test-site/target/catalogues/hosts.yaml +sed -i -e 's#root#username#' /tmp/airship/airshipctl/manifests/site/test-site/target/catalogues/hosts.yaml +sed -i -e 's#r00tme#password#' /tmp/airship/airshipctl/manifests/site/test-site/target/catalogues/hosts.yaml +sed -i -e 's#disableCertificateVerification: false#disableCertificateVerification: true#' /tmp/airship/airshipctl/manifests/site/test-site/target/catalogues/hosts.yaml + +if [[ "$USE_CACHED_ISO" = "true" ]]; then + mkdir -p /srv/images + tar -xzf "$CACHE_DIR/iso.tar.gz" --directory /srv/images +else + ./tools/deployment/24_build_images.sh + tar -czf "$ARTIFACTS_DIR/iso.tar.gz" --directory=/srv/images . +fi + +./tools/deployment/25_deploy_ephemeral_node.sh +./tools/deployment/26_deploy_capi_ephemeral_node.sh +./tools/deployment/30_deploy_controlplane.sh +./tools/deployment/31_deploy_initinfra_target_node.sh +./tools/deployment/32_cluster_init_target_node.sh +./tools/deployment/33_cluster_move_target_node.sh +./tools/deployment/34_deploy_worker_node.sh +./tools/deployment/35_deploy_workload.sh +./tools/deployment/36_verify_hwcc_profiles.sh + +/signal_complete runner