From 840075ca88641a4c99aa5f0b5fe84a40449a37ac Mon Sep 17 00:00:00 2001 From: Scott Hussey Date: Mon, 27 Nov 2017 12:40:00 -0600 Subject: [PATCH] Move Dockerfiles into maas repo - Move Dockerfile for MaaS region controller to this repo - Move Dockerfile for MaaS rack controller to this repo - Create Makefile with standard UCP entrypoints for image building - Clean up chart to pass 'make lint' - Update Dockerfiles to pin apt packages to explicit maas version Change-Id: I4a540b16a4f75f4a1aae1eb9cfb1bb7a16de18d6 --- Makefile | 71 ++++++++++ .../bin/_register-rack-controller.sh | 18 --- charts/maas/templates/configmap-bin.yaml | 2 +- images/README.md | 132 ++++++++++++++++++ images/maas-rack-controller/Dockerfile | 44 ++++++ images/maas-rack-controller/README.md | 1 + .../scripts/register-rack-controller.service | 12 ++ .../scripts/register-rack-controller.sh | 22 +++ images/maas-region-controller/Dockerfile | 56 ++++++++ images/maas-region-controller/README.md | 1 + tools/helm_tk.sh | 65 +++++++++ 11 files changed, 405 insertions(+), 19 deletions(-) create mode 100644 Makefile delete mode 100644 charts/maas/templates/bin/_register-rack-controller.sh create mode 100644 images/README.md create mode 100644 images/maas-rack-controller/Dockerfile create mode 100644 images/maas-rack-controller/README.md create mode 100644 images/maas-rack-controller/scripts/register-rack-controller.service create mode 100644 images/maas-rack-controller/scripts/register-rack-controller.sh create mode 100644 images/maas-region-controller/Dockerfile create mode 100644 images/maas-region-controller/README.md create mode 100755 tools/helm_tk.sh diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..42ae366 --- /dev/null +++ b/Makefile @@ -0,0 +1,71 @@ +# Copyright 2017 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +MAAS_IMAGE_COMMON ?= maas +REGION_SUFFIX ?= regiond +REGION_IMG_DIR ?= images/maas-region-controller +RACK_SUFFIX ?= rackd +RACK_IMG_DIR ?= images/maas-rack-controller +IMAGE_PREFIX ?= attcomdev +IMAGE_TAG ?= latest +HELM ?= helm +PROXY ?= http://one.proxy.att.com:8080 +USE_PROXY ?= false + +# Build all docker images for this project +.PHONY: images +images: build_rack build_region + +# Create tgz of the chart +.PHONY: charts +charts: clean + $(HELM) dep up charts/maas + $(HELM) package charts/maas + +# Perform Linting +.PHONY: lint +lint: helm_lint + +# Dry run templating of chart +.PHONY: dry-run +dry-run: clean + tools/helm_tk.sh $(HELM) + $(HELM) template charts/maas + +# Make targets intended for use by the primary targets above. + +.PHONY: build_rack +build_rack: +ifeq ($(USE_PROXY), true) + docker build -t $(IMAGE_PREFIX)/$(MAAS_IMAGE_COMMON)-$(RACK_SUFFIX):$(IMAGE_TAG) -f $(RACK_IMG_DIR)/Dockerfile $(RACK_IMG_DIR) --build-arg http_proxy=$(PROXY) --build-arg https_proxy=$(PROXY) +else + docker build -t $(IMAGE_PREFIX)/$(MAAS_IMAGE_COMMON)-$(RACK_SUFFIX):$(IMAGE_TAG) -f $(RACK_IMG_DIR)/Dockerfile $(RACK_IMG_DIR) +endif + +.PHONY: build_region +build_region: +ifeq ($(USE_PROXY), true) + docker build -t $(IMAGE_PREFIX)/$(MAAS_IMAGE_COMMON)-$(REGION_SUFFIX):$(IMAGE_TAG) -f $(REGION_IMG_DIR)/Dockerfile $(REGION_IMG_DIR) --build-arg http_proxy=$(PROXY) --build-arg https_proxy=$(PROXY) +else + docker build -t $(IMAGE_PREFIX)/$(MAAS_IMAGE_COMMON)-$(REGION_SUFFIX):$(IMAGE_TAG) -f $(REGION_IMG_DIR)/Dockerfile $(REGION_IMG_DIR) +endif + +.PHONY: clean +clean: + rm -rf build + +.PHONY: helm_lint +helm_lint: clean + tools/helm_tk.sh $(HELM) + $(HELM) lint charts/maas diff --git a/charts/maas/templates/bin/_register-rack-controller.sh b/charts/maas/templates/bin/_register-rack-controller.sh deleted file mode 100644 index 6accb29..0000000 --- a/charts/maas/templates/bin/_register-rack-controller.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash - -set -x - -echo "register-rack-controller URL: ${MAAS_ENDPOINT}" - -# register forever -while [ 1 ]; -do - if maas-rack register --url=${MAAS_ENDPOINT} --secret="${MAAS_REGION_SECRET}"; - then - echo "Successfully registered with MaaS Region Controller" - break - else - echo "Unable to register with ${MAAS_ENDPOINT}... will try again" - sleep 10 - fi; -done; diff --git a/charts/maas/templates/configmap-bin.yaml b/charts/maas/templates/configmap-bin.yaml index 632357f..9648e3a 100644 --- a/charts/maas/templates/configmap-bin.yaml +++ b/charts/maas/templates/configmap-bin.yaml @@ -36,4 +36,4 @@ data: export-api-key.sh: | {{ tuple "bin/_export-api-key.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} register-rack-controller.sh: | -{{ tuple "bin/_register-rack-controller.sh" . | include "helm-toolkit.utils.template" | indent 4 }} +{{ tuple "bin/_register-rack-controller.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} diff --git a/images/README.md b/images/README.md new file mode 100644 index 0000000..4dd421c --- /dev/null +++ b/images/README.md @@ -0,0 +1,132 @@ +[![Docker Repository on Quay](https://quay.io/repository/attcomdev/maas-rack/status "Docker Repository on Quay")](https://quay.io/repository/attcomdev/maas-region) Ubuntu MaaS Region Controller
+[![Docker Repository on Quay](https://quay.io/repository/attcomdev/maas-rack/status "Docker Repository on Quay")](https://quay.io/repository/attcomdev/maas-rack) Ubuntu MaaS Rack Controller + +Overview +================== + +The MaaS project attempts to build highly decoupled metal as a service containers for use on the Kubernetes platform. Today, we only break the MaaS service into the traditional region and rack controllers and breaking it down further is a work in progress. + +Building Containers +=================== + +``` +$ make build +``` + +Launching on Kubernetes +======================= + +This will create the bridge necessary for MaaS provisioning (fixed with the name 'maas' rigt now) and launch the region controller +and rack controller containers on kubernetes using kubectl by leveraging the YAML manifests in maas/deployments. + +``` +$ make kuber_bridge + ... + +$ make kuber_deploy + sudo kubectl create -f deployment/maas-service.yaml + service "maas-region-ui" created + sudo kubectl create -f deployment/maas-region-deployment.yaml + deployment "maas-region" created + sudo kubectl create -f deployment/maas-rack-deployment.yaml + deployment "maas-rack" created + +``` + +The provisioning network is fixed (and configured by kuber_bridge) as 10.7.200.0/24. To connect +external physical hardware to this network, simply place the network interface into the maas bridge, e.g: + +``` +brctl addif maas eth1 +``` + +To destroy the kubernetes resources, you can run: + +``` +$ make kuber_clean + sudo kubectl delete deployment maas-region + deployment "maas-region" deleted + sudo kubectl delete deployment maas-rack + deployment "maas-rack" deleted + sudo kubectl delete service maas-region-ui + service "maas-region-ui" deleted + +``` + +Once the region controller comes up, and you can login as admin/admin, you must configure a gateway within the UI on the +10.7.200.0 network, setting that to 10.7.200.1. You must also enable DHCP and set the primary rack controller to the +maas rack container booted (it will be a drop down choice). This will eventually be automated. + +Running Containers +================== + +``` +$ make run_region + sudo docker run -d -p 7777:80 -v /sys/fs/cgroup:/sys/fs/cgroup:ro --privileged --name maas-region-controller maas-region:dockerfile +d7462aabf4d8982621c30d7df36adf6c3e0f634701c0a070f7214301829fa92e +``` + +``` +$ make run_rack + sudo docker run -d -v /sys/fs/cgroup:/sys/fs/cgroup:ro --privileged --name maas-rack-controller maas-rack:dockerfile +fb36837cd68e56356cad2ad853ae517201ee3349fd1f80039185b71d052c5326 +``` + +Region Bootstrap +================ + +The `scripts/create-provision-network.sh` script attempts to bootstrap both an admin user (with the password admin) but also creates a maas provisioning network matching the docker default, namely 172.16.86.0/24. Turning this into a more configurable setting and also allowing for a dedicated provisioning network that can be plugged in via bridging to an actual physical network is a work in progress. However, with the calls we do make you should be able to see the rack controller connected with an active dhcpd process running in the UI. + +Retrieving Region Controller Details +==================================== + +Note that retrieving the API key may not be possible as MaaS region initialization is +delayed within the containers init startup. It may take 60 seconds or so in order +to retrieve the API key, during which you may see the following message: + +``` +$ make get_region_api_key + sudo docker exec maas-region-controller maas-region-admin apikey --username maas +WARNING: The maas-region-admin command is deprecated and will be removed in a future version. From now on please use 'maas-region' instead. +CommandError: User does not exist. +make: *** [get_region_api_key] Error 1 +``` + +When the API is up and the admin user registered you will see the following: + +``` +$ make get_region_api_key + sudo docker exec maas-region-controller maas-region apikey --username admin +ksKQbjtTzjZrZy2yP7:jVq2g4x5FYdxDqBQ7P:KGfnURCrYSKmGE6k2SXWk4QVHVSJHBfr +``` + +You can also retrieve the region secret and IP address, used to initialize the +rack controller: + +``` +$ make get_region_secret + sudo docker exec maas-region-controller cat /var/lib/maas/secret && echo +2036ba7575697b03d73353fc72a01686 +``` + +``` +$ make get_region_ip_address + sudo docker inspect --format '{{ .NetworkSettings.Networks.bridge.IPAddress }}' maas-region-controller +172.16.86.4 +``` + +Link Rack and Region +==================== + +Finally, with the output above we can link the region controller with the rack controller +by feeding the rack controller the endpoint and secret it requires. Shortly after MaaS +will initiate an image sync with the rack. + +``` +$ make register_rack -e URL=http://172.16.84.4 SECRET=2036ba7575697b03d73353fc72a01686 +sudo docker exec maas-rack-controller maas-rack register --url http://172.16.84.4 --secret 2036ba7575697b03d73353fc72a01686 +alan@hpdesktop:~/Workbench/att/attcomdev/dockerfiles/maas$ +``` + +Finally, to access your MaaS UI, visit http://172.0.0.1:7777/MAAS/ and login as admin/admin. + diff --git a/images/maas-rack-controller/Dockerfile b/images/maas-rack-controller/Dockerfile new file mode 100644 index 0000000..6985e5b --- /dev/null +++ b/images/maas-rack-controller/Dockerfile @@ -0,0 +1,44 @@ +FROM ubuntu:16.04 + +ENV DEBIAN_FRONTEND noninteractive +ENV container docker + +# Don't start any optional services except for the few we need. +RUN find /etc/systemd/system \ + /lib/systemd/system \ + -path '*.wants/*' \ + -not -name '*journald*' \ + -not -name '*systemd-tmpfiles*' \ + -not -name '*systemd-user-sessions*' \ + -exec rm \{} \; +RUN systemctl set-default multi-user.target + +# everything else below is to setup maas into the systemd initialized +# container based on ubuntu 16.04 +RUN apt-get -qq update && \ + apt-get -y install sudo software-properties-common + +# TODO(alanmeadows) +# we need systemd 231 per https://github.com/systemd/systemd/commit/a1350640ba605cf5876b25abfee886488a33e50b +#RUN add-apt-repository ppa:pitti/systemd -y && add-apt-repository ppa:maas/stable -y && apt-get update +RUN apt-get install -y systemd + +# install syslog and enable it +RUN apt-get install -y rsyslog +RUN systemctl enable rsyslog.service + +# install maas +RUN rsyslogd; apt-get install -y maas-cli=2.2.2-6099-g8751f91-0ubuntu1~16.04.1 maas-rack-controller=2.2.2-6099-g8751f91-0ubuntu1~16.04.1 + +COPY scripts/register-rack-controller.sh /usr/local/bin +RUN chmod +x /usr/local/bin/register-rack-controller.sh + +# register ourselves with the region controller +COPY scripts/register-rack-controller.service /lib/systemd/system/register-rack-controller.service +RUN systemctl enable register-rack-controller.service + +RUN mv /usr/sbin/tcpdump /usr/bin/tcpdump +RUN ln -s /usr/bin/tcpdump /usr/sbin/tcpdump + +# initalize systemd +CMD ["/sbin/init"] diff --git a/images/maas-rack-controller/README.md b/images/maas-rack-controller/README.md new file mode 100644 index 0000000..d3ea21a --- /dev/null +++ b/images/maas-rack-controller/README.md @@ -0,0 +1 @@ +[![Docker Repository on Quay](https://quay.io/repository/attcomdev/maas-rack/status "Docker Repository on Quay")](https://quay.io/repository/attcomdev/maas-rack) Ubuntu MaaS Rack Controller diff --git a/images/maas-rack-controller/scripts/register-rack-controller.service b/images/maas-rack-controller/scripts/register-rack-controller.service new file mode 100644 index 0000000..0bf64b4 --- /dev/null +++ b/images/maas-rack-controller/scripts/register-rack-controller.service @@ -0,0 +1,12 @@ +[Unit] +Description=Register with MaaS Region Controller +Wants=network-online.target +After=network-online.target + +[Service] +Type=oneshot +PassEnvironment=MAAS_ENDPOINT MAAS_REGION_SECRET +ExecStart=/usr/local/bin/register-rack-controller.sh + +[Install] +WantedBy=multi-user.target diff --git a/images/maas-rack-controller/scripts/register-rack-controller.sh b/images/maas-rack-controller/scripts/register-rack-controller.sh new file mode 100644 index 0000000..add7edf --- /dev/null +++ b/images/maas-rack-controller/scripts/register-rack-controller.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +# show env +env > /tmp/env + +echo "register-rack-controller URL: ${MAAS_ENDPOINT}" + +# note the secret must be a valid hex value + +# register forever +while [ 1 ]; +do + if maas-rack register --url=http://${MAAS_ENDPOINT}/MAAS --secret="${MAAS_REGION_SECRET}"; + then + echo "Successfully registered with MaaS Region Controller" + break + else + echo "Unable to register with http://${MAAS_ENDPOINT}/MAAS... will try again" + sleep 10 + fi; + +done; diff --git a/images/maas-region-controller/Dockerfile b/images/maas-region-controller/Dockerfile new file mode 100644 index 0000000..2b432e3 --- /dev/null +++ b/images/maas-region-controller/Dockerfile @@ -0,0 +1,56 @@ +FROM ubuntu:16.04 + +ENV DEBIAN_FRONTEND noninteractive +ENV container docker +ENV MAAS_VERSION 2.2.2-6099-g8751f91-0ubuntu1~16.04.1 + +# Don't start any optional services except for the few we need. +RUN find /etc/systemd/system \ + /lib/systemd/system \ + -path '*.wants/*' \ + -not -name '*journald*' \ + -not -name '*systemd-tmpfiles*' \ + -not -name '*systemd-user-sessions*' \ + -exec rm \{} \; +RUN systemctl set-default multi-user.target + +# everything else below is to setup maas into the systemd initialized +# container based on ubuntu 16.04 +RUN apt-get -qq update && \ + apt-get -y install sudo software-properties-common + +# TODO(alanmeadows) +# we need systemd 231 per https://github.com/systemd/systemd/commit/a1350640ba605cf5876b25abfee886488a33e50b +#RUN add-apt-repository ppa:pitti/systemd -y && add-apt-repository ppa:maas/stable -y && apt-get update +RUN apt-get install -y systemd + +# install syslog and enable it +RUN apt-get install -y rsyslog +RUN systemctl enable rsyslog.service + +# install maas +RUN rsyslogd; apt-get install -y maas-cli=$MAAS_VERSION \ + maas-dns=$MAAS_VERSION \ + maas-region-api=$MAAS_VERSION \ + avahi-utils \ + dbconfig-pgsql=2.0.4ubuntu1 \ + iputils-ping \ + postgresql \ + tcpdump \ + python3-pip + + +RUN apt-get download maas-region-controller=$MAAS_VERSION && \ +# remove postinstall script in order to avoid db_sync + dpkg-deb --extract maas-region-controller*.deb maas-region-controller && \ + dpkg-deb --control maas-region-controller*.deb maas-region-controller/DEBIAN && \ + rm maas-region-controller/DEBIAN/postinst && \ + dpkg-deb --build maas-region-controller && \ + dpkg -i maas-region-controller.deb && \ + pg_dropcluster --stop 9.5 main + +# potentially used to calculate cidrs +# RUN pip3 install netaddr + +# initalize systemd +CMD ["/sbin/init"] diff --git a/images/maas-region-controller/README.md b/images/maas-region-controller/README.md new file mode 100644 index 0000000..d0c46a4 --- /dev/null +++ b/images/maas-region-controller/README.md @@ -0,0 +1 @@ +[![Docker Repository on Quay](https://quay.io/repository/attcomdev/maas-rack/status "Docker Repository on Quay")](https://quay.io/repository/attcomdev/maas-region) Ubuntu MaaS Region Controller diff --git a/tools/helm_tk.sh b/tools/helm_tk.sh new file mode 100755 index 0000000..867cdce --- /dev/null +++ b/tools/helm_tk.sh @@ -0,0 +1,65 @@ +#!/bin/bash +# Copyright 2017 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Script to setup helm-toolkit and helm dep up the shipyard chart +# +HELM=$1 +HTK_REPO=${HTK_REPO:-"https://github.com/openstack/openstack-helm"} +HTK_PATH=${HTK_PATH:-""} +DEP_UP_LIST=${DEP_UP_LIST:-"maas"} + +if [[ ! -z $(echo $http_proxy) ]] +then + export no_proxy=$no_proxy,127.0.0.1 +fi + +set -x + +function helm_serve { + if [[ -d "$HOME/.helm" ]]; then + echo ".helm directory found" + else + ${HELM} init --client-only + fi + if [[ -z $(curl -s 127.0.0.1:8879 | grep 'Helm Repository') ]]; then + ${HELM} serve & > /dev/null + while [[ -z $(curl -s 127.0.0.1:8879 | grep 'Helm Repository') ]]; do + sleep 1 + echo "Waiting for Helm Repository" + done + else + echo "Helm serve already running" + fi + + if ${HELM} repo list | grep -q "^stable" ; then + ${HELM} repo remove stable + fi + + ${HELM} repo add local http://localhost:8879/charts +} + +mkdir -p build +pushd build +git clone --depth 1 $HTK_REPO || true +pushd openstack-helm/$HTK_PATH + +git pull +helm_serve +make helm-toolkit +popd && popd +for c in $DEP_UP_LIST +do + ${HELM} dep up charts/$c +done