diff --git a/.gitignore b/.gitignore index b3fe119b6..ea203cfd8 100644 --- a/.gitignore +++ b/.gitignore @@ -72,4 +72,4 @@ releasenotes/build # Gate and Check Logs logs/ tools/gate/local-overrides/ -tools/gate/playbooks/*.retry +playbooks/*.retry diff --git a/playbooks/osh-infra-build.retry b/playbooks/osh-infra-build.retry deleted file mode 100644 index 408303742..000000000 --- a/playbooks/osh-infra-build.retry +++ /dev/null @@ -1 +0,0 @@ -local diff --git a/playbooks/osh-infra-deploy-charts.retry b/playbooks/osh-infra-deploy-charts.retry deleted file mode 100644 index 408303742..000000000 --- a/playbooks/osh-infra-deploy-charts.retry +++ /dev/null @@ -1 +0,0 @@ -local diff --git a/playbooks/osh-infra-deploy-k8s.retry b/playbooks/osh-infra-deploy-k8s.retry deleted file mode 100644 index 408303742..000000000 --- a/playbooks/osh-infra-deploy-k8s.retry +++ /dev/null @@ -1 +0,0 @@ -local diff --git a/playbooks/roles b/playbooks/roles new file mode 120000 index 000000000..d8c4472ca --- /dev/null +++ b/playbooks/roles @@ -0,0 +1 @@ +../roles \ No newline at end of file diff --git a/playbooks/roles/build-helm-packages/tasks/main.yaml b/playbooks/roles/build-helm-packages/tasks/main.yaml deleted file mode 100644 index 1bd179c2e..000000000 --- a/playbooks/roles/build-helm-packages/tasks/main.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: setup-helm-serve.yaml - -- name: build all charts in repo - make: - chdir: "{{ work_dir }}" - target: all diff --git a/playbooks/roles/build-helm-packages/tasks/setup-helm-serve.yaml b/playbooks/roles/build-helm-packages/tasks/setup-helm-serve.yaml deleted file mode 100644 index 948b6f3ad..000000000 --- a/playbooks/roles/build-helm-packages/tasks/setup-helm-serve.yaml +++ /dev/null @@ -1,87 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- block: - - name: check if correct version of helm client already installed - shell: "set -e; [ \"x$($(type -p helm) version --client --short | awk '{ print $NF }' | awk -F '+' '{ print $1 }')\" == \"x${HELM_VERSION}\" ] || exit 1" - environment: - HELM_VERSION: "{{ version.helm }}" - args: - executable: /bin/bash - register: need_helm - ignore_errors: True - - name: install helm client - when: need_helm | failed - become_user: root - shell: | - TMP_DIR=$(mktemp -d) - curl -sSL https://storage.googleapis.com/kubernetes-helm/helm-${HELM_VERSION}-linux-amd64.tar.gz | tar -zxv --strip-components=1 -C ${TMP_DIR} - sudo mv ${TMP_DIR}/helm /usr/bin/helm - rm -rf ${TMP_DIR} - environment: - HELM_VERSION: "{{ version.helm }}" - args: - executable: /bin/bash - - name: setting up helm client - command: helm init --client-only - -- block: - - name: checking if local helm server is running - shell: curl -s 127.0.0.1:8879 | grep -q 'Helm Repository' - args: - executable: /bin/bash - register: helm_server_running - ignore_errors: True - - name: getting current host user name - when: helm_server_running | failed - shell: id -un - args: - executable: /bin/bash - register: helm_server_user - - name: moving systemd unit into place for helm server - when: helm_server_running | failed - become: yes - become_user: root - template: - src: helm-serve.service.j2 - dest: /etc/systemd/system/helm-serve.service - mode: 0640 - - name: starting helm serve service - when: helm_server_running | failed - become: yes - become_user: root - systemd: - state: restarted - daemon_reload: yes - name: helm-serve - - name: wait for helm server to be ready - shell: curl -s 127.0.0.1:8879 | grep -q 'Helm Repository' - args: - executable: /bin/bash - register: wait_for_helm_server - until: wait_for_helm_server.rc == 0 - retries: 120 - delay: 5 - -- block: - - name: checking if helm 'stable' repo is present - shell: helm repo list | grep -q "^stable" - args: - executable: /bin/bash - register: helm_stable_repo_present - ignore_errors: True - - name: checking if helm 'stable' repo is present - when: helm_stable_repo_present | succeeded - command: helm repo remove stable - -- name: adding helm local repo - command: helm repo add local http://localhost:8879/charts diff --git a/playbooks/roles/build-helm-packages/templates/helm-serve.service.j2 b/playbooks/roles/build-helm-packages/templates/helm-serve.service.j2 deleted file mode 100644 index 3cd1aad0f..000000000 --- a/playbooks/roles/build-helm-packages/templates/helm-serve.service.j2 +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Helm Server -After=network.target - -[Service] -User={{ helm_server_user.stdout }} -Restart=always -ExecStart=/usr/bin/helm serve - -[Install] -WantedBy=multi-user.target diff --git a/playbooks/roles/build-images/tasks/kubeadm-aio.yaml b/playbooks/roles/build-images/tasks/kubeadm-aio.yaml deleted file mode 100644 index ed3ed149b..000000000 --- a/playbooks/roles/build-images/tasks/kubeadm-aio.yaml +++ /dev/null @@ -1,74 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#NOTE(portdirect): Untill https://github.com/ansible/ansible/issues/21433 is -# reolved, we build with a shell script to make use of the host network. -- name: Kubeadm-AIO build - block: - #NOTE(portdirect): we do this to ensure we are feeding the docker build - # a clean path to work with. - - name: Kubeadm-AIO image build path - shell: cd "{{ work_dir }}"; pwd - register: kubeadm_aio_path - # - name: build the Kubeadm-AIO image - # docker_image: - # path: "{{ kubeadm_aio_path.stdout }}/" - # name: "{{ images.kubernetes.kubeadm_aio }}" - # dockerfile: "tools/images/kubeadm-aio/Dockerfile" - # force: yes - # pull: yes - # state: present - # rm: yes - # buildargs: - # KUBE_VERSION: "{{ version.kubernetes }}" - # CNI_VERSION: "{{ version.cni }}" - # HELM_VERSION: "{{ version.helm }}" - # CHARTS: "calico,flannel,tiller,kube-dns" - - name: Kubeadm-AIO image build path with proxy - when: proxy.http is defined and (proxy.http | trim != "") - shell: |- - set -e - docker build \ - --network host \ - --force-rm \ - --tag "{{ images.kubernetes.kubeadm_aio }}" \ - --file tools/images/kubeadm-aio/Dockerfile \ - --build-arg KUBE_VERSION="{{ version.kubernetes }}" \ - --build-arg CNI_VERSION="{{ version.cni }}" \ - --build-arg HELM_VERSION="{{ version.helm }}" \ - --build-arg CHARTS="calico,flannel,tiller,kube-dns" \ - --build-arg HTTP_PROXY="{{ proxy.http }}" \ - --build-arg HTTPS_PROXY="{{ proxy.https }}" \ - --build-arg NO_PROXY="{{ proxy.noproxy }}" \ - . - args: - chdir: "{{ kubeadm_aio_path.stdout }}/" - executable: /bin/bash - - name: Kubeadm-AIO image build path - when: proxy.http is undefined or (proxy.http | trim == "") - shell: |- - set -e - docker build \ - --network host \ - --force-rm \ - --tag "{{ images.kubernetes.kubeadm_aio }}" \ - --file tools/images/kubeadm-aio/Dockerfile \ - --build-arg KUBE_VERSION="{{ version.kubernetes }}" \ - --build-arg CNI_VERSION="{{ version.cni }}" \ - --build-arg HELM_VERSION="{{ version.helm }}" \ - --build-arg CHARTS="calico,flannel,tiller,kube-dns" \ - . - args: - chdir: "{{ kubeadm_aio_path.stdout }}/" - executable: /bin/bash \ No newline at end of file diff --git a/playbooks/roles/build-images/tasks/main.yaml b/playbooks/roles/build-images/tasks/main.yaml deleted file mode 100644 index 7e13f0ba1..000000000 --- a/playbooks/roles/build-images/tasks/main.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: kubeadm-aio.yaml diff --git a/playbooks/roles/clean-host/tasks/main.yaml b/playbooks/roles/clean-host/tasks/main.yaml deleted file mode 100644 index 77eee4369..000000000 --- a/playbooks/roles/clean-host/tasks/main.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: remove osh directory - become: yes - become_user: root - file: - path: "{{ item }}" - state: absent - with_items: - - /var/lib/openstack-helm diff --git a/playbooks/roles/deploy-docker/tasks/deploy-ansible-docker-support.yaml b/playbooks/roles/deploy-docker/tasks/deploy-ansible-docker-support.yaml deleted file mode 100644 index 3e7a8e130..000000000 --- a/playbooks/roles/deploy-docker/tasks/deploy-ansible-docker-support.yaml +++ /dev/null @@ -1,68 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: ensuring SELinux is disabled on centos & fedora - when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' or ansible_distribution == 'Fedora' - become: true - become_user: root - command: setenforce 0 - ignore_errors: True - -#NOTE(portdirect): See https://ask.openstack.org/en/question/110437/importerror-cannot-import-name-unrewindablebodyerror/ -- name: fix docker removal issue with ansible's docker_container on centos - when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' - block: - - name: remove requests and urllib3 pip packages to fix docker removal issue with ansible's docker_container on centos - become: true - become_user: root - include_role: - name: deploy-package - tasks_from: pip - vars: - state: absent - packages: - - requests - - urllib3 - - name: remove requests and urllib3 distro packages to fix docker removal issue with ansible's docker_container on centos - become: true - become_user: root - include_role: - name: deploy-package - tasks_from: dist - vars: - state: absent - packages: - rpm: - - python-urllib3 - - python-requests - - name: restore requests and urllib3 distro packages to fix docker removal issue with ansible's docker_container on centos - become: true - become_user: root - include_role: - name: deploy-package - tasks_from: dist - vars: - state: present - packages: - rpm: - - python-urllib3 - - python-requests - -- name: Ensure docker python packages deployed - include_role: - name: deploy-package - tasks_from: pip - vars: - packages: - - docker-py diff --git a/playbooks/roles/deploy-docker/tasks/main.yaml b/playbooks/roles/deploy-docker/tasks/main.yaml deleted file mode 100644 index 6a4463768..000000000 --- a/playbooks/roles/deploy-docker/tasks/main.yaml +++ /dev/null @@ -1,85 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: check if docker deploy is needed - raw: which docker - register: need_docker - ignore_errors: True - -- name: centos | moving systemd unit into place - when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( need_docker | failed ) - template: - src: centos-docker.service.j2 - dest: /etc/systemd/system/docker.service - mode: 0640 - -- name: fedora | moving systemd unit into place - when: ( ansible_distribution == 'Fedora' ) and ( need_docker | failed ) - template: - src: fedora-docker.service.j2 - dest: /etc/systemd/system/docker.service - mode: 0640 - -- name: ubuntu | moving systemd unit into place - when: ( ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' ) and ( need_docker | failed ) - template: - src: ubuntu-docker.service.j2 - dest: /etc/systemd/system/docker.service - mode: 0640 - -# NOTE: (lamt) Setting up the proxy before installing docker -- name: ensure docker.service.d directory exists - when: proxy.http is defined and (proxy.http | trim != "") - file: - path: /etc/systemd/system/docker.service.d - state: directory - -- name: proxy | moving proxy systemd unit into place - when: ( need_docker | failed ) and ( proxy.http is defined and (proxy.http | trim != "") ) - template: - src: http-proxy.conf.j2 - dest: /etc/systemd/system/docker.service.d/http-proxy.conf - mode: 0640 - -- name: centos | add docker-ce repository - when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( need_docker | failed ) - get_url: - url: https://download.docker.com/linux/centos/docker-ce.repo - dest: /etc/yum.repos.d/docker-ce.repo - -- name: fedora | add docker-ce repository - when: ( ansible_distribution == 'Fedora' ) and ( need_docker | failed ) - get_url: - url: https://download.docker.com/linux/fedora/docker-ce.repo - dest: /etc/yum.repos.d/docker-ce.repo - -- name: deploy docker packages - when: need_docker | failed - include_role: - name: deploy-package - tasks_from: dist - vars: - packages: - deb: - - docker.io - rpm: - - docker-ce - -- name: restarting docker - systemd: - state: restarted - daemon_reload: yes - name: docker - -- include: deploy-ansible-docker-support.yaml diff --git a/playbooks/roles/deploy-docker/templates/centos-docker.service.j2 b/playbooks/roles/deploy-docker/templates/centos-docker.service.j2 deleted file mode 100644 index ba9540e2d..000000000 --- a/playbooks/roles/deploy-docker/templates/centos-docker.service.j2 +++ /dev/null @@ -1,30 +0,0 @@ -[Unit] -Description=Docker Application Container Engine -Documentation=https://docs.docker.com -After=network-online.target firewalld.service -Wants=network-online.target - -[Service] -Type=notify -NotifyAccess=all -Environment=GOTRACEBACK=crash -Environment=DOCKER_HTTP_HOST_COMPAT=1 -Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin -ExecStart=/usr/bin/dockerd \ - --exec-opt native.cgroupdriver=systemd \ - --userland-proxy-path=/usr/libexec/docker/docker-proxy \ - --data-root=/var/lib/docker \ - --storage-driver=overlay2 \ - --log-driver=json-file \ - --iptables=false -ExecReload=/bin/kill -s HUP $MAINPID -LimitNOFILE=1048576 -LimitNPROC=1048576 -LimitCORE=infinity -TimeoutStartSec=0 -Restart=on-abnormal -MountFlags=share -KillMode=process - -[Install] -WantedBy=multi-user.target diff --git a/playbooks/roles/deploy-docker/templates/fedora-docker.service.j2 b/playbooks/roles/deploy-docker/templates/fedora-docker.service.j2 deleted file mode 100644 index e471b92f3..000000000 --- a/playbooks/roles/deploy-docker/templates/fedora-docker.service.j2 +++ /dev/null @@ -1,29 +0,0 @@ -[Unit] -Description=Docker Application Container Engine -Documentation=https://docs.docker.com -After=network-online.target firewalld.service -Wants=network-online.target - -[Service] -Type=notify -Environment=GOTRACEBACK=crash -# the default is not to use systemd for cgroups because the delegate issues still -# exists and systemd currently does not support the cgroup feature set required -# for containers run by docker -ExecStart=/usr/bin/dockerd \ - --exec-opt native.cgroupdriver=systemd \ - --userland-proxy-path=/usr/libexec/docker/docker-proxy \ - --data-root=/var/lib/docker \ - --storage-driver=overlay2 \ - --log-driver=json-file \ - --iptables=false -ExecReload=/bin/kill -s HUP $MAINPID -TasksMax=8192 -LimitNOFILE=1048576 -LimitNPROC=1048576 -LimitCORE=infinity -TimeoutStartSec=0 -Restart=on-abnormal - -[Install] -WantedBy=multi-user.target diff --git a/playbooks/roles/deploy-docker/templates/http-proxy.conf.j2 b/playbooks/roles/deploy-docker/templates/http-proxy.conf.j2 deleted file mode 100644 index 90d8e1d53..000000000 --- a/playbooks/roles/deploy-docker/templates/http-proxy.conf.j2 +++ /dev/null @@ -1,4 +0,0 @@ -[Service] -Environment="HTTP_PROXY={{ proxy.http }}" -Environment="HTTPS_PROXY={{ proxy.https }}" -Environment="NO_PROXY={{ proxy.noproxy }}" diff --git a/playbooks/roles/deploy-docker/templates/ubuntu-docker.service.j2 b/playbooks/roles/deploy-docker/templates/ubuntu-docker.service.j2 deleted file mode 100644 index 2451b1980..000000000 --- a/playbooks/roles/deploy-docker/templates/ubuntu-docker.service.j2 +++ /dev/null @@ -1,30 +0,0 @@ -[Unit] -Description=Docker Application Container Engine -Documentation=https://docs.docker.com -After=network.target docker.socket firewalld.service -Requires=docker.socket - -[Service] -Type=notify -# the default is not to use systemd for cgroups because the delegate issues still -# exists and systemd currently does not support the cgroup feature set required -# for containers run by docker -EnvironmentFile=-/etc/default/docker -ExecStart=/usr/bin/dockerd --iptables=false -H fd:// $DOCKER_OPTS -ExecReload=/bin/kill -s HUP $MAINPID -LimitNOFILE=1048576 -# Having non-zero Limit*s causes performance problems due to accounting overhead -# in the kernel. We recommend using cgroups to do container-local accounting. -LimitNPROC=infinity -LimitCORE=infinity -# Uncomment TasksMax if your systemd version supports it. -# Only systemd 226 and above support this version. -TasksMax=infinity -TimeoutStartSec=0 -# set delegate yes so that systemd does not reset the cgroups of docker containers -Delegate=yes -# kill only the docker process, not all processes in the cgroup -KillMode=process - -[Install] -WantedBy=multi-user.target diff --git a/playbooks/roles/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml b/playbooks/roles/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml deleted file mode 100644 index 7738af531..000000000 --- a/playbooks/roles/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This set of tasks creates over-rides that need to be generated dyamicly and -# injected at runtime. - -- name: setup directorys on host - file: - path: "{{ work_dir }}/tools/gate/local-overrides/" - state: directory diff --git a/playbooks/roles/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml b/playbooks/roles/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml deleted file mode 100644 index b2bfa7d21..000000000 --- a/playbooks/roles/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- block: - - name: installing OS-H dev tools - include_role: - name: deploy-package - tasks_from: dist - vars: - packages: - deb: - - git - - make - - curl - - ca-certificates - rpm: - - git - - make - - curl - - name: installing jq - include_role: - name: deploy-jq - tasks_from: main - -- name: assemble charts - make: - chdir: "{{ work_dir }}" - register: out - -- include: util-setup-dev-environment.yaml diff --git a/playbooks/roles/deploy-helm-packages/tasks/main.yaml b/playbooks/roles/deploy-helm-packages/tasks/main.yaml deleted file mode 100644 index 779c4008e..000000000 --- a/playbooks/roles/deploy-helm-packages/tasks/main.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: generate-dynamic-over-rides.yaml - -- name: "creating directory for helm test logs" - file: - path: "{{ logs_dir }}/helm-tests" - state: directory - -- name: "iterating through Helm chart groups" - vars: - chart_group_name: "{{ helm_chart_group.name }}" - chart_group_items: "{{ helm_chart_group.charts }}" - include: util-chart-group.yaml - loop_control: - loop_var: helm_chart_group - with_items: "{{ chart_groups }}" diff --git a/playbooks/roles/deploy-helm-packages/tasks/util-chart-group.yaml b/playbooks/roles/deploy-helm-packages/tasks/util-chart-group.yaml deleted file mode 100644 index a114ff370..000000000 --- a/playbooks/roles/deploy-helm-packages/tasks/util-chart-group.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: "{{ helm_chart_group.name }}" - vars: - chart_def: "{{ charts[helm_chart] }}" - loop_control: - loop_var: helm_chart - include: util-common-helm-chart.yaml - with_items: "{{ helm_chart_group.charts }}" - -- name: "Running wait for pods for the charts in the {{ helm_chart_group.name }} group" - when: ('timeout' in helm_chart_group) - include: util-common-wait-for-pods.yaml - vars: - namespace: "{{ charts[helm_chart].namespace }}" - timeout: "{{ helm_chart_group.timeout }}" - loop_control: - loop_var: helm_chart - with_items: "{{ helm_chart_group.charts }}" diff --git a/playbooks/roles/deploy-helm-packages/tasks/util-common-helm-chart.yaml b/playbooks/roles/deploy-helm-packages/tasks/util-common-helm-chart.yaml deleted file mode 100644 index b95c7f1f5..000000000 --- a/playbooks/roles/deploy-helm-packages/tasks/util-common-helm-chart.yaml +++ /dev/null @@ -1,92 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Helm management common block - vars: - check_deployed_result: null - chart_values_file: null - upgrade: - pre: - delete: null - - block: - - name: "create temporary file for {{ chart_def['release'] }}'s values .yaml" - tempfile: - state: file - suffix: .yaml - register: chart_values_file - - name: "write out values.yaml for {{ chart_def['release'] }}" - copy: - dest: "{{ chart_values_file.path }}" - content: "{% if 'values' in chart_def %}{{ chart_def['values'] | to_nice_yaml }}{% else %}{% endif %}" - - - name: "check if {{ chart_def['release'] }} is deployed" - command: helm status "{{ chart_def['release'] }}" - register: check_deployed_result - ignore_errors: True - - - name: "check if local overrides are present in {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml" - stat: - path: "{{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml" - register: local_overrides - - - name: "try to deploy release {{ chart_def['release'] }} in {{ chart_def['namespace'] }} namespace with {{ chart_def['chart_name'] }} chart" - when: check_deployed_result | failed - command: "helm install {{ work_dir }}/{{ chart_def['chart_name'] }} --namespace {{ chart_def['namespace'] }} --name {{ chart_def['release'] }} --values={{ chart_values_file.path }}{% if local_overrides.stat.exists %} --values {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml{% endif %}" - register: out - - name: "display info for the helm {{ chart_def['release'] }} release deploy" - when: check_deployed_result | failed - debug: - var: out.stdout_lines - - - name: "pre-upgrade, delete jobs for {{ chart_def['release'] }} release" - when: - - check_deployed_result | succeeded - - "'upgrade' in chart_def" - - "'pre' in chart_def['upgrade']" - - "'delete' in chart_def['upgrade']['pre']" - - "chart_def.upgrade.pre.delete is not none" - with_items: "{{ chart_def.upgrade.pre.delete }}" - loop_control: - loop_var: helm_upgrade_delete_job - command: "kubectl delete --namespace {{ chart_def['namespace'] }} job -l application={{ helm_upgrade_delete_job.labels.application }},component={{ helm_upgrade_delete_job.labels.component }} --ignore-not-found=true" - - name: "try to upgrade release {{ chart_def['release'] }} in {{ chart_def['namespace'] }} namespace with {{ chart_def['chart_name'] }} chart" - when: check_deployed_result | succeeded - command: "helm upgrade {{ chart_def['release'] }} {{ work_dir }}/{{ chart_def['chart_name'] }} --values={{ chart_values_file.path }}{% if local_overrides.stat.exists %} --values {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml{% endif %}" - register: out - - name: "display info for the helm {{ chart_def['release'] }} release upgrade" - when: check_deployed_result | succeeded - debug: - var: out.stdout_lines - - - include: util-common-wait-for-pods.yaml - when: ('timeout' in chart_def) - vars: - namespace: "{{ chart_def['namespace'] }}" - timeout: "{{ chart_def['timeout'] }}" - - - include: util-common-helm-test.yaml - when: - - "'test' in chart_def" - - "chart_def.test is not none" - - "'enabled' in chart_def['test']" - - "chart_def.test.enabled|bool == true" - vars: - release: "{{ chart_def['release'] }}" - namespace: "{{ chart_def['namespace'] }}" - test_settings: "{{ chart_def.test }}" - - always: - - name: "remove values.yaml for {{ chart_def['release'] }}" - file: - path: "{{ chart_values_file.path }}" - state: absent diff --git a/playbooks/roles/deploy-helm-packages/tasks/util-common-helm-test.yaml b/playbooks/roles/deploy-helm-packages/tasks/util-common-helm-test.yaml deleted file mode 100644 index a926946b1..000000000 --- a/playbooks/roles/deploy-helm-packages/tasks/util-common-helm-test.yaml +++ /dev/null @@ -1,67 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Helm test common block - vars: - release: null - namespace: null - test_settings: null - - block: - - name: "remove any expired helm test pods for {{ release }}" - command: "kubectl delete pod {{ release }}-test -n {{ namespace }}" - ignore_errors: True - - - name: "run helm tests for the {{ release }} release" - when: - - "'timeout' in test_settings" - - "'timeout' is none" - command: "helm test {{ release }}" - register: test_result - - - name: "run helm tests for the {{ release }} release with timeout" - when: - - "'timeout' in test_settings" - - "'timeout' is not none" - command: " helm test --timeout {{ test_settings.timeout }} {{ release }}" - register: test_result - - - name: "display status for {{ release }} helm tests" - debug: - var: test_result.stdout_lines - - - name: "gathering logs for helm tests for {{ release }}" - when: - - test_result | succeeded - shell: |- - set -e - kubectl logs {{ release }}-test -n {{ namespace }} >> {{ logs_dir }}/helm-tests/{{ release }}.txt - args: - executable: /bin/bash - register: test_logs - - - name: "displaying logs for successful helm tests for {{ release }}" - when: - - test_result | succeeded - - "'output' in test_settings" - - "test_settings.output|bool == true" - debug: - var: test_logs.stdout_lines - rescue: - - name: "gathering logs for failed helm tests for {{ release }}" - command: "kubectl logs {{ release }}-test -n {{ namespace }}" - register: out - - name: "displaying logs for failed helm tests for {{ release }}" - debug: - var: out.stdout_lines - - name: "helm tests for {{ release }} failed, stopping execution" - command: exit 1 diff --git a/playbooks/roles/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml b/playbooks/roles/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml deleted file mode 100644 index 19d8785b1..000000000 --- a/playbooks/roles/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: wait for pods in namespace - vars: - namespace: null - timeout: 600 - wait_return_code: - rc: 1 - block: - - name: "wait for pods in {{ namespace }} namespace to be ready" - shell: |- - set -e - kubectl get pods --namespace="{{ namespace }}" -o json | jq -r \ - '.items[].status.phase' | grep Pending > /dev/null && \ - PENDING=True || PENDING=False - - query='.items[]|select(.status.phase=="Running")' - query="$query|.status.containerStatuses[].ready" - kubectl get pods --namespace="{{ namespace }}" -o json | jq -r "$query" | \ - grep false > /dev/null && READY="False" || READY="True" - - kubectl get jobs -o json --namespace="{{ namespace }}" | jq -r \ - '.items[] | .spec.completions == .status.succeeded' | \ - grep false > /dev/null && JOBR="False" || JOBR="True" - [ $PENDING == "False" -a $READY == "True" -a $JOBR == "True" ] && \ - exit 0 || exit 1 - args: - executable: /bin/bash - register: wait_return_code - until: wait_return_code.rc == 0 - retries: "{{ timeout }}" - delay: 1 - rescue: - - name: "pods failed to come up in time, getting kubernetes objects status" - command: kubectl get --all-namespaces all -o wide --show-all - register: out - - name: "pods failed to come up in time, displaying kubernetes objects status" - debug: var=out.stdout_lines - - name: "pods failed to come up in time, stopping execution" - command: exit 1 diff --git a/playbooks/roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml b/playbooks/roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml deleted file mode 100644 index afd5d371e..000000000 --- a/playbooks/roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml +++ /dev/null @@ -1,69 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: master - vars: - kubeadm_aio_action: clean-host - block: - - name: "kubeadm-aio performing action: {{ kubeadm_aio_action }}" - become: true - become_user: root - docker_container: - name: "kubeadm-{{ kubeadm_aio_action }}" - image: "{{ images.kubernetes.kubeadm_aio }}" - state: started - detach: false - recreate: yes - pid_mode: host - network_mode: host - capabilities: SYS_ADMIN - volumes: - - /sys:/sys:rw - - /run:/run:rw - - /:/mnt/rootfs:rw - - /etc:/etc:rw - env: - CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}" - ACTION="{{ kubeadm_aio_action }}" - KUBE_BIND_DEVICE="{{ kubernetes_default_device }}" - USER_UID="{{ playbook_user_id }}" - USER_GID="{{ playbook_group_id }}" - USER_HOME="{{ playbook_user_dir }}" - CNI_ENABLED="{{ kubernetes.cluster.cni }}" - PVC_SUPPORT_CEPH=true - PVC_SUPPORT_NFS=true - NET_SUPPORT_LINUXBRIDGE=true - KUBE_NET_POD_SUBNET="{{ kubernetes.cluster.pod_subnet }}" - KUBE_NET_DNS_DOMAIN="{{ kubernetes.cluster.domain }}" - CONTAINER_RUNTIME=docker - register: kubeadm_master_deploy - ignore_errors: True - rescue: - - name: getting logs from kubeadm-aio container - command: "docker logs kubeadm-{{ kubeadm_aio_action }}" - become: true - become_user: root - register: out - - name: dumping logs from kubeadm-aio container - debug: - var: out.stdout_lines - - name: exiting if the kubeadm deploy failed - command: exit 1 - always: - - name: removing kubeadm-aio container - become: true - become_user: root - docker_container: - name: "kubeadm-{{ kubeadm_aio_action }}" - state: absent diff --git a/playbooks/roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml b/playbooks/roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml deleted file mode 100644 index 968faebaf..000000000 --- a/playbooks/roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -- name: setting node labels - vars: - kubeadm_kubelet_labels_node: - - "{% if nodes.labels.all is defined %}{% set comma = joiner(\",\") %}{% for item in nodes.labels.all %}{{ comma() }}{{ item.name }}={{ item.value }}{% endfor %}{% else %}\"\"{% endif %}" - - "{% set comma = joiner(\",\") %}{% for group in group_names %}{% if nodes.labels[group] is defined %}{% for item in nodes.labels[group] %}{{ comma() }}{{ item.name }}={{ item.value }}{% endfor %}{% else %}\"\"{% endif %}{% endfor %}" - set_fact: - kubeadm_kubelet_labels: "{% set comma = joiner(\",\") %}{% for item in kubeadm_kubelet_labels_node %}{{ comma() }}{{ item }}{% endfor %}" - -- name: deploy-kubelet - vars: - kubeadm_aio_action: deploy-kubelet - include: util-kubeadm-aio-run.yaml diff --git a/playbooks/roles/deploy-kubeadm-aio-common/tasks/main.yaml b/playbooks/roles/deploy-kubeadm-aio-common/tasks/main.yaml deleted file mode 100644 index 65ac76089..000000000 --- a/playbooks/roles/deploy-kubeadm-aio-common/tasks/main.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: setting playbook facts - set_fact: - playbook_user_id: "{{ ansible_user_uid }}" - playbook_group_id: "{{ ansible_user_gid }}" - playbook_user_dir: "{{ ansible_user_dir }}" - kubernetes_default_device: "{{ ansible_default_ipv4.alias }}" - kubernetes_default_address: null - -- name: if we have defined a custom interface for kubernetes use that - when: kubernetes.network.default_device is defined and kubernetes.network.default_device - set_fact: - kubernetes_default_device: "{{ kubernetes.network.default_device }}" - -- name: if we are in openstack infra use the private IP for kubernetes - when: (nodepool is defined) and (nodepool.private_ipv4 is defined) - set_fact: - kubernetes_default_address: "{{ nodepool.private_ipv4 }}" - -- include: clean-node.yaml - -- include: deploy-kubelet.yaml diff --git a/playbooks/roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml b/playbooks/roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml deleted file mode 100644 index a634cd45f..000000000 --- a/playbooks/roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml +++ /dev/null @@ -1,71 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Run Kubeadm-AIO container - vars: - kubeadm_aio_action: null - kubeadm_kubelet_labels: "" - block: - - name: "performing {{ kubeadm_aio_action }} action" - become: true - become_user: root - docker_container: - name: "kubeadm-{{ kubeadm_aio_action }}" - image: "{{ images.kubernetes.kubeadm_aio }}" - state: started - detach: false - recreate: yes - pid_mode: host - network_mode: host - capabilities: SYS_ADMIN - volumes: - - /sys:/sys:rw - - /run:/run:rw - - /:/mnt/rootfs:rw - - /etc:/etc:rw - env: - CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}" - ACTION="{{ kubeadm_aio_action }}" - KUBE_BIND_DEVICE="{{ kubernetes_default_device }}" - KUBE_BIND_ADDR="{{ kubernetes_default_address }}" - USER_UID="{{ playbook_user_id }}" - USER_GID="{{ playbook_group_id }}" - USER_HOME="{{ playbook_user_dir }}" - CNI_ENABLED="{{ kubernetes.cluster.cni }}" - PVC_SUPPORT_CEPH=true - PVC_SUPPORT_NFS=true - NET_SUPPORT_LINUXBRIDGE=true - KUBE_NET_POD_SUBNET="{{ kubernetes.cluster.pod_subnet }}" - KUBE_NET_DNS_DOMAIN="{{ kubernetes.cluster.domain }}" - CONTAINER_RUNTIME=docker - KUBELET_NODE_LABELS="{{ kubeadm_kubelet_labels }}" - register: kubeadm_master_deploy - rescue: - - name: "getting logs for {{ kubeadm_aio_action }} action" - command: "docker logs kubeadm-{{ kubeadm_aio_action }}" - become: true - become_user: root - register: out - - name: "dumping logs for {{ kubeadm_aio_action }} action" - debug: - var: out.stdout_lines - - name: "exiting if {{ kubeadm_aio_action }} action failed" - command: exit 1 - always: - - name: "removing container for {{ kubeadm_aio_action }} action" - become: true - become_user: root - docker_container: - name: "kubeadm-{{ kubeadm_aio_action }}" - state: absent diff --git a/playbooks/roles/deploy-kubeadm-aio-master/tasks/main.yaml b/playbooks/roles/deploy-kubeadm-aio-master/tasks/main.yaml deleted file mode 100644 index 294449c30..000000000 --- a/playbooks/roles/deploy-kubeadm-aio-master/tasks/main.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: setting playbook user info facts before escalating privileges - set_fact: - playbook_user_id: "{{ ansible_user_uid }}" - playbook_group_id: "{{ ansible_user_gid }}" - playbook_user_dir: "{{ ansible_user_dir }}" - -- name: deploying kubelet and support assets to node - include_role: - name: deploy-kubeadm-aio-common - tasks_from: main - -- name: deploying kubernetes on master node - vars: - kubeadm_aio_action: deploy-kube - include_role: - name: deploy-kubeadm-aio-common - tasks_from: util-kubeadm-aio-run diff --git a/playbooks/roles/deploy-kubeadm-aio-node/tasks/main.yaml b/playbooks/roles/deploy-kubeadm-aio-node/tasks/main.yaml deleted file mode 100644 index 244d7db69..000000000 --- a/playbooks/roles/deploy-kubeadm-aio-node/tasks/main.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: setting playbook user info facts before escalating privileges - set_fact: - playbook_user_id: "{{ ansible_user_uid }}" - playbook_group_id: "{{ ansible_user_gid }}" - playbook_user_dir: "{{ ansible_user_dir }}" - kube_master: "{{ groups['primary'][0] }}" - kube_worker: "{{ inventory_hostname }}" - -- name: deploying kubelet and support assets to node - include_role: - name: deploy-kubeadm-aio-common - tasks_from: main - -- name: generating the kubeadm join command for the node - include: util-generate-join-command.yaml - delegate_to: "{{ kube_master }}" - -- name: joining node to kubernetes cluster - vars: - kubeadm_aio_action: join-kube - kubeadm_aio_join_command: "{{ kubeadm_cluster_join_command }}" - include: util-run-join-command.yaml - -- name: waiting for node to be ready - delegate_to: "{{ kube_master }}" - command: kubectl get node "{{ ansible_fqdn }}" -o jsonpath="{$.status.conditions[?(@.reason=='KubeletReady')]['type']}" - register: task_result - until: task_result.stdout == 'Ready' - retries: 120 - delay: 5 diff --git a/playbooks/roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml b/playbooks/roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml deleted file mode 100644 index c00ba8e19..000000000 --- a/playbooks/roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: generate the kubeadm join command for nodes - vars: - kubeadm_aio_action: generate-join-cmd - kubeadm_cluster_join_ttl: 30m - kube_worker: null - block: - - name: "deploying kubeadm {{ kubeadm_aio_action }} container" - become: true - become_user: root - docker_container: - name: "kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}" - image: "{{ images.kubernetes.kubeadm_aio }}" - state: started - detach: false - recreate: yes - network_mode: host - volumes: - - /etc/kubernetes:/etc/kubernetes:ro - env: - ACTION=generate-join-cmd - TTL="{{ kubeadm_cluster_join_ttl }}" - register: kubeadm_generate_join_command - - name: "getting logs for {{ kubeadm_aio_action }} action" - command: "docker logs kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}" - become: true - become_user: root - register: kubeadm_aio_action_logs - - name: storing cluster join command - set_fact: kubeadm_cluster_join_command="{{ kubeadm_aio_action_logs.stdout }}" - rescue: - - name: "dumping logs for {{ kubeadm_aio_action }} action" - debug: - var: kubeadm_aio_action_logs.stdout_lines - - name: "exiting if {{ kubeadm_aio_action }} action failed" - command: exit 1 - always: - - name: "removing container for {{ kubeadm_aio_action }} action" - become: true - become_user: root - docker_container: - name: "kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}" - state: absent diff --git a/playbooks/roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml b/playbooks/roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml deleted file mode 100644 index 83aca0d9a..000000000 --- a/playbooks/roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: master - vars: - kubeadm_aio_action: join-kube - kubeadm_aio_join_command: null - block: - - name: "deploying kubeadm {{ kubeadm_aio_action }} container" - become: true - become_user: root - docker_container: - name: "kubeadm-{{ kubeadm_aio_action }}" - image: "{{ images.kubernetes.kubeadm_aio }}" - state: started - detach: false - recreate: yes - pid_mode: host - network_mode: host - capabilities: SYS_ADMIN - volumes: - - /sys:/sys:rw - - /run:/run:rw - - /:/mnt/rootfs:rw - - /etc:/etc:rw - env: - CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}" - ACTION="{{ kubeadm_aio_action }}" - KUBEADM_JOIN_COMMAND="{{ kubeadm_aio_join_command }}" - register: kubeadm_aio_join_container - rescue: - - name: "getting logs for {{ kubeadm_aio_action }} action" - command: "docker logs kubeadm-{{ kubeadm_aio_action }}" - become: true - become_user: root - register: kubeadm_aio_join_container_output - - name: "dumping logs for {{ kubeadm_aio_action }} action" - debug: - msg: "{{ kubeadm_aio_join_container_output.stdout_lines }}" - - name: "exiting if {{ kubeadm_aio_action }} action failed" - command: exit 1 - always: - - name: "removing container for {{ kubeadm_aio_action }} action" - become: true - become_user: root - docker_container: - name: "kubeadm-{{ kubeadm_aio_action }}" - state: absent diff --git a/playbooks/roles/deploy-package/tasks/dist.yaml b/playbooks/roles/deploy-package/tasks/dist.yaml deleted file mode 100644 index f9743d306..000000000 --- a/playbooks/roles/deploy-package/tasks/dist.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: managing distro packages for ubuntu - become: true - become_user: root - when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' - vars: - state: present - apt: - name: "{{ item }}" - state: "{{ state }}" - with_items: "{{ packages.deb }}" - -- name: managing distro packages for centos - become: true - become_user: root - when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' - vars: - state: present - yum: - name: "{{ item }}" - state: "{{ state }}" - with_items: "{{ packages.rpm }}" - -- name: managing distro packages for fedora - become: true - become_user: root - when: ansible_distribution == 'Fedora' - vars: - state: present - dnf: - name: "{{ item }}" - state: "{{ state }}" - with_items: "{{ packages.rpm }}" diff --git a/playbooks/roles/deploy-package/tasks/pip.yaml b/playbooks/roles/deploy-package/tasks/pip.yaml deleted file mode 100644 index 429bb50b3..000000000 --- a/playbooks/roles/deploy-package/tasks/pip.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: managing pip packages - become: true - become_user: root - environment: - http_proxy: "{{ proxy.http }}" - https_proxy: "{{ proxy.https }}" - no_proxy: "{{ proxy.noproxy }}" - vars: - state: present - pip: - name: "{{ item }}" - state: "{{ state }}" - with_items: "{{ packages }}" diff --git a/playbooks/roles/deploy-python-pip/tasks/main.yaml b/playbooks/roles/deploy-python-pip/tasks/main.yaml deleted file mode 100644 index a48868a54..000000000 --- a/playbooks/roles/deploy-python-pip/tasks/main.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: ensuring python pip package is present for ubuntu - when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' - apt: - name: python-pip - state: present - -- name: ensuring python pip package is present for centos - when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' - block: - - name: ensuring epel-release package is present for centos as python-pip is in the epel repo - yum: - name: epel-release - state: present - - name: ensuring python pip package is present for centos - yum: - name: python-devel - state: present - -- name: ensuring python pip package is present for fedora via the python-devel rpm - when: ansible_distribution == 'Fedora' - dnf: - name: python2-pip - state: present - -- name: ensuring pip is the latest version - become: true - become_user: root - environment: - http_proxy: "{{ proxy.http }}" - https_proxy: "{{ proxy.https }}" - no_proxy: "{{ proxy.noproxy }}" - pip: - name: pip - state: latest diff --git a/playbooks/roles/deploy-python/tasks/main.yaml b/playbooks/roles/deploy-python/tasks/main.yaml deleted file mode 100644 index 02015673b..000000000 --- a/playbooks/roles/deploy-python/tasks/main.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: ensuring python2 is present on all hosts - raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal) || (sudo yum install -y python) || (sudo dnf install -y python2) diff --git a/playbooks/roles/deploy-yq/tasks/main.yaml b/playbooks/roles/deploy-yq/tasks/main.yaml deleted file mode 100644 index b5f8b1852..000000000 --- a/playbooks/roles/deploy-yq/tasks/main.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- block: - - name: ensuring jq is deployed on host - when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' or ansible_distribution == 'Fedora' - include_role: - name: deploy-package - tasks_from: dist - vars: - packages: - deb: - - jq - rpm: - - jq - - name: removing jq binary on centos - become: true - become_user: root - when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' - file: - path: "{{ item }}" - state: absent - with_items: - - /usr/bin/jq - - name: installing jq 1.5 binary for centos - become: true - become_user: root - when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' - get_url: - url: https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64 - dest: /usr/bin/jq - mode: 0555 diff --git a/playbooks/roles/describe-kubernetes-objects/tasks/main.yaml b/playbooks/roles/describe-kubernetes-objects/tasks/main.yaml deleted file mode 100644 index bbd2bad30..000000000 --- a/playbooks/roles/describe-kubernetes-objects/tasks/main.yaml +++ /dev/null @@ -1,108 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: "creating directory for cluster scoped objects" - file: - path: "{{ logs_dir }}/objects/cluster" - state: directory - -- name: "Gathering descriptions for cluster scoped objects" - shell: |- - set -e - export OBJECT_TYPE=node,clusterrole,clusterrolebinding,storageclass,namespace - export PARALLELISM_FACTOR=2 - - function list_objects () { - printf ${OBJECT_TYPE} | xargs -d ',' -I {} -P1 -n1 bash -c 'echo "$@"' _ {} - } - export -f list_objects - - function name_objects () { - export OBJECT=$1 - kubectl get ${OBJECT} -o name | xargs -L1 -I {} -P1 -n1 bash -c 'echo "${OBJECT} ${1#*/}"' _ {} - } - export -f name_objects - - function get_objects () { - input=($1) - export OBJECT=${input[0]} - export NAME=${input[1]#*/} - echo "${OBJECT}/${NAME}" - DIR="{{ logs_dir }}/objects/cluster/${OBJECT}" - mkdir -p ${DIR} - kubectl get ${OBJECT} ${NAME} -o yaml > "${DIR}/${NAME}.yaml" - kubectl describe ${OBJECT} ${NAME} > "${DIR}/${NAME}.txt" - } - export -f get_objects - - list_objects | \ - xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'name_objects "$@"' _ {} | \ - xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_objects "$@"' _ {} - args: - executable: /bin/bash - ignore_errors: True - -- name: "creating directory for namespace scoped objects" - file: - path: "{{ logs_dir }}/objects/namespaced" - state: directory - -- name: "Gathering descriptions for namespace scoped objects" - shell: |- - set -e - export OBJECT_TYPE=configmaps,cronjobs,daemonsets,deployment,endpoints,ingresses,jobs,networkpolicies,pods,podsecuritypolicies,persistentvolumeclaims,rolebindings,roles,secrets,serviceaccounts,services,statefulsets - export PARALLELISM_FACTOR=2 - function get_namespaces () { - kubectl get namespaces -o name | awk -F '/' '{ print $NF }' - } - - function list_namespaced_objects () { - export NAMESPACE=$1 - printf ${OBJECT_TYPE} | xargs -d ',' -I {} -P1 -n1 bash -c 'echo "${NAMESPACE} $@"' _ {} - } - export -f list_namespaced_objects - - function name_objects () { - input=($1) - export NAMESPACE=${input[0]} - export OBJECT=${input[1]} - kubectl get -n ${NAMESPACE} ${OBJECT} -o name | xargs -L1 -I {} -P1 -n1 bash -c 'echo "${NAMESPACE} ${OBJECT} $@"' _ {} - } - export -f name_objects - - function get_objects () { - input=($1) - export NAMESPACE=${input[0]} - export OBJECT=${input[1]} - export NAME=${input[2]#*/} - echo "${NAMESPACE}/${OBJECT}/${NAME}" - DIR="{{ logs_dir }}/objects/namespaced/${NAMESPACE}/${OBJECT}" - mkdir -p ${DIR} - kubectl get -n ${NAMESPACE} ${OBJECT} ${NAME} -o yaml > "${DIR}/${NAME}.yaml" - kubectl describe -n ${NAMESPACE} ${OBJECT} ${NAME} > "${DIR}/${NAME}.txt" - } - export -f get_objects - - get_namespaces | \ - xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'list_namespaced_objects "$@"' _ {} | \ - xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'name_objects "$@"' _ {} | \ - xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_objects "$@"' _ {} - args: - executable: /bin/bash - ignore_errors: True - -- name: "Downloads logs to executor" - synchronize: - src: "{{ logs_dir }}/objects" - dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}" - mode: pull - ignore_errors: yes diff --git a/playbooks/roles/gather-host-logs/tasks/main.yaml b/playbooks/roles/gather-host-logs/tasks/main.yaml deleted file mode 100644 index 29f028e35..000000000 --- a/playbooks/roles/gather-host-logs/tasks/main.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: "creating directory for system status" - file: - path: "{{ logs_dir }}/system" - state: directory - -- name: "Get logs for each host" - become: yes - shell: |- - set -x - systemd-cgls --full --all --no-pager > {{ logs_dir }}/system/systemd-cgls.txt - ip addr > {{ logs_dir }}/system/ip-addr.txt - ip route > {{ logs_dir }}/system/ip-route.txt - lsblk > {{ logs_dir }}/system/lsblk.txt - mount > {{ logs_dir }}/system/mount.txt - docker images > {{ logs_dir }}/system/docker-images.txt - brctl show > {{ logs_dir }}/system/brctl-show.txt - ps aux --sort=-%mem > {{ logs_dir }}/system/ps.txt - args: - executable: /bin/bash - ignore_errors: True - -- name: "Downloads logs to executor" - synchronize: - src: "{{ logs_dir }}/system" - dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}" - mode: pull - ignore_errors: True diff --git a/playbooks/roles/gather-pod-logs/tasks/main.yaml b/playbooks/roles/gather-pod-logs/tasks/main.yaml deleted file mode 100644 index 2fcb258b6..000000000 --- a/playbooks/roles/gather-pod-logs/tasks/main.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: "creating directory for pod logs" - file: - path: "{{ logs_dir }}/pod-logs" - state: directory - -- name: "retrieve all container logs" - shell: |- - set -e - PARALLELISM_FACTOR=2 - function get_namespaces () { - kubectl get namespaces -o name | awk -F '/' '{ print $NF }' - } - function get_pods () { - NAMESPACE=$1 - kubectl get pods -n ${NAMESPACE} -o name --show-all | awk -F '/' '{ print $NF }' | xargs -L1 -P 1 -I {} echo ${NAMESPACE} {} - } - export -f get_pods - function get_pod_logs () { - NAMESPACE=${1% *} - POD=${1#* } - INIT_CONTAINERS=$(kubectl get pod $POD -n ${NAMESPACE} -o json | jq -r '.spec.initContainers[]?.name') - CONTAINERS=$(kubectl get pod $POD -n ${NAMESPACE} -o json | jq -r '.spec.containers[].name') - for CONTAINER in ${INIT_CONTAINERS} ${CONTAINERS}; do - echo "${NAMESPACE}/${POD}/${CONTAINER}" - mkdir -p "{{ logs_dir }}/pod-logs/${NAMESPACE}/${POD}" - kubectl logs ${POD} -n ${NAMESPACE} -c ${CONTAINER} > "{{ logs_dir }}/pod-logs/${NAMESPACE}/${POD}/${CONTAINER}.txt" - done - } - export -f get_pod_logs - get_namespaces | \ - xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_pods "$@"' _ {} | \ - xargs -r -n 2 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_pod_logs "$@"' _ {} - args: - executable: /bin/bash - ignore_errors: True - -- name: "Downloads logs to executor" - synchronize: - src: "{{ logs_dir }}/pod-logs" - dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}" - mode: pull - ignore_errors: True diff --git a/playbooks/roles/gather-prom-metrics/tasks/main.yaml b/playbooks/roles/gather-prom-metrics/tasks/main.yaml deleted file mode 100644 index c05e4eb35..000000000 --- a/playbooks/roles/gather-prom-metrics/tasks/main.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: "creating directory for helm release descriptions" - file: - path: "{{ logs_dir }}/prometheus" - state: directory - -- name: "Get prometheus metrics from exporters in all namespaces" - shell: |- - set -e - NAMESPACES=$(kubectl get namespaces -o json | jq -r '.items[].metadata.name') - for NS in $NAMESPACES; do - SERVICES=$(kubectl get svc -l component=metrics -n $NS -o json | jq -r '.items[].metadata.name') - for SVC in $SERVICES; do - PORT=$(kubectl get svc $SVC -n $NS -o json | jq -r '.spec.ports[].port') - curl "$SVC.$NS:$PORT/metrics" >> "{{ logs_dir }}"/prometheus/$NS-$SVC.txt - done - done - args: - executable: /bin/bash - -- name: "Get prometheus metrics from tiller-deploy" - shell: |- - set -e - curl tiller-deploy.kube-system:44135/metrics >> "{{ logs_dir }}"/prometheus/kube-system-tiller-deploy.txt - args: - executable: /bin/bash - -- name: "Downloads logs to executor" - synchronize: - src: "{{ logs_dir }}/prometheus" - dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}" - mode: pull - ignore_errors: True diff --git a/playbooks/roles/helm-release-status/tasks/main.yaml b/playbooks/roles/helm-release-status/tasks/main.yaml deleted file mode 100644 index 8c07cdf9d..000000000 --- a/playbooks/roles/helm-release-status/tasks/main.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: "creating directory for helm release status" - file: - path: "{{ logs_dir }}/helm" - state: directory - -- name: "retrieve all deployed charts" - shell: |- - set -e - helm ls --short - args: - executable: /bin/bash - register: helm_releases - -- name: "Gather get release status for helm charts" - shell: |- - set -e - helm status {{ helm_released }} >> {{ logs_dir }}/helm/{{ helm_release }}.txt - args: - executable: /bin/bash - ignore_errors: True - vars: - helm_release: "{{ helm_released }}" - loop_control: - loop_var: helm_released - with_items: "{{ helm_releases.stdout_lines }}" - -- name: "Downloads logs to executor" - synchronize: - src: "{{ logs_dir }}/helm" - dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}" - mode: pull - ignore_errors: True diff --git a/playbooks/roles/pull-images/tasks/main.yaml b/playbooks/roles/pull-images/tasks/main.yaml deleted file mode 100644 index ec335009d..000000000 --- a/playbooks/roles/pull-images/tasks/main.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Ensure docker python packages deployed - include_role: - name: deploy-package - tasks_from: pip - vars: - packages: - - yq - -- name: pull all images used in repo - make: - chdir: "{{ work_dir }}" - target: pull-all-images diff --git a/playbooks/roles/setup-firewall/tasks/main.yaml b/playbooks/roles/setup-firewall/tasks/main.yaml deleted file mode 100644 index a98290d5c..000000000 --- a/playbooks/roles/setup-firewall/tasks/main.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#NOTE(portdirect): This needs refinement but drops the firewall on zuul nodes -- name: deploy iptables packages - include_role: - name: deploy-package - tasks_from: dist - vars: - packages: - deb: - - iptables - rpm: - - iptables -- command: iptables -S -- command: iptables -F -- command: iptables -P INPUT ACCEPT -- command: iptables -S diff --git a/playbooks/roles/upgrade-host/tasks/main.yaml b/playbooks/roles/upgrade-host/tasks/main.yaml deleted file mode 100644 index 24ecd99f6..000000000 --- a/playbooks/roles/upgrade-host/tasks/main.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Upgrade to HWE kernel on Ubuntu Hosts - when: ansible_distribution == 'Ubuntu' - block: - - name: Deploy HWE kernel on Ubuntu Hosts - include_role: - name: deploy-package - tasks_from: dist - vars: - packages: - deb: - - linux-generic-hwe-16.04 - - name: Reboot Host following kernel upgrade - shell: sleep 2 && reboot - sudo: yes - async: 30 - poll: 0 - ignore_errors: true - args: - executable: /bin/bash - - name: Wait for hosts to come up following reboot - wait_for: - host: '{{ hostvars[item].ansible_host }}' - port: 22 - state: started - delay: 60 - timeout: 240 - with_items: '{{ play_hosts }}' - connection: local diff --git a/roles/deploy-docker/tasks/main.yaml b/roles/deploy-docker/tasks/main.yaml index 6a4463768..2923a98bb 100644 --- a/roles/deploy-docker/tasks/main.yaml +++ b/roles/deploy-docker/tasks/main.yaml @@ -52,18 +52,6 @@ dest: /etc/systemd/system/docker.service.d/http-proxy.conf mode: 0640 -- name: centos | add docker-ce repository - when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( need_docker | failed ) - get_url: - url: https://download.docker.com/linux/centos/docker-ce.repo - dest: /etc/yum.repos.d/docker-ce.repo - -- name: fedora | add docker-ce repository - when: ( ansible_distribution == 'Fedora' ) and ( need_docker | failed ) - get_url: - url: https://download.docker.com/linux/fedora/docker-ce.repo - dest: /etc/yum.repos.d/docker-ce.repo - - name: deploy docker packages when: need_docker | failed include_role: @@ -74,7 +62,7 @@ deb: - docker.io rpm: - - docker-ce + - docker - name: restarting docker systemd: diff --git a/roles/deploy-docker/templates/centos-docker.service.j2 b/roles/deploy-docker/templates/centos-docker.service.j2 index ba9540e2d..9975818b1 100644 --- a/roles/deploy-docker/templates/centos-docker.service.j2 +++ b/roles/deploy-docker/templates/centos-docker.service.j2 @@ -1,8 +1,7 @@ [Unit] Description=Docker Application Container Engine -Documentation=https://docs.docker.com -After=network-online.target firewalld.service -Wants=network-online.target +Documentation=http://docs.docker.com +After=network.target [Service] Type=notify @@ -10,10 +9,13 @@ NotifyAccess=all Environment=GOTRACEBACK=crash Environment=DOCKER_HTTP_HOST_COMPAT=1 Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin -ExecStart=/usr/bin/dockerd \ +ExecStart=/usr/bin/dockerd-current \ + --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \ + --default-runtime=docker-runc \ --exec-opt native.cgroupdriver=systemd \ - --userland-proxy-path=/usr/libexec/docker/docker-proxy \ - --data-root=/var/lib/docker \ + --userland-proxy-path=/usr/libexec/docker/docker-proxy-current \ + --seccomp-profile=/etc/docker/seccomp.json \ + --graph=/var/lib/docker \ --storage-driver=overlay2 \ --log-driver=json-file \ --iptables=false diff --git a/roles/deploy-docker/templates/fedora-docker.service.j2 b/roles/deploy-docker/templates/fedora-docker.service.j2 index e471b92f3..a07fb14f1 100644 --- a/roles/deploy-docker/templates/fedora-docker.service.j2 +++ b/roles/deploy-docker/templates/fedora-docker.service.j2 @@ -1,19 +1,21 @@ [Unit] Description=Docker Application Container Engine -Documentation=https://docs.docker.com -After=network-online.target firewalld.service -Wants=network-online.target +Documentation=http://docs.docker.com +After=network.target docker-containerd.service +Requires=docker-containerd.service [Service] Type=notify Environment=GOTRACEBACK=crash -# the default is not to use systemd for cgroups because the delegate issues still -# exists and systemd currently does not support the cgroup feature set required -# for containers run by docker -ExecStart=/usr/bin/dockerd \ +ExecStart=/usr/bin/dockerd-current \ + --add-runtime oci=/usr/libexec/docker/docker-runc-current \ + --default-runtime=oci \ + --containerd /run/containerd.sock \ --exec-opt native.cgroupdriver=systemd \ - --userland-proxy-path=/usr/libexec/docker/docker-proxy \ - --data-root=/var/lib/docker \ + --userland-proxy-path=/usr/libexec/docker/docker-proxy-current \ + --init-path=/usr/libexec/docker/docker-init-current \ + --seccomp-profile=/etc/docker/seccomp.json \ + --graph=/var/lib/docker \ --storage-driver=overlay2 \ --log-driver=json-file \ --iptables=false diff --git a/tools/gate/devel/start.sh b/tools/gate/devel/start.sh index 56a2a2340..fdf32c168 100755 --- a/tools/gate/devel/start.sh +++ b/tools/gate/devel/start.sh @@ -47,6 +47,7 @@ function ansible_install { elif [ "x$ID" == "xfedora" ]; then sudo dnf install -y \ python-devel \ + libselinux-python \ redhat-rpm-config \ gcc \ jq