Move roles and playbooks to top level
This proposes moving the playbooks and roles to the top level of osh-infra to be consumed by osh Change-Id: I7e3516da8e516060f94b8b9c8875918504de7446
This commit is contained in:
parent
59d4141d6a
commit
9dd81954fd
16
.zuul.yaml
16
.zuul.yaml
@ -165,20 +165,20 @@
|
||||
|
||||
- job:
|
||||
name: openstack-helm-infra-linter
|
||||
run: tools/gate/playbooks/zuul-linter.yaml
|
||||
run: playbooks/zuul-linter.yaml
|
||||
nodeset: openstack-helm-single-node
|
||||
|
||||
- job:
|
||||
name: openstack-helm-infra
|
||||
timeout: 3600
|
||||
pre-run:
|
||||
- tools/gate/playbooks/osh-infra-upgrade-host.yaml
|
||||
- tools/gate/playbooks/osh-infra-deploy-docker.yaml
|
||||
- tools/gate/playbooks/osh-infra-build.yaml
|
||||
- tools/gate/playbooks/osh-infra-pull-images.yaml
|
||||
- tools/gate/playbooks/osh-infra-deploy-k8s.yaml
|
||||
run: tools/gate/playbooks/osh-infra-deploy-charts.yaml
|
||||
post-run: tools/gate/playbooks/osh-infra-collect-logs.yaml
|
||||
- playbooks/osh-infra-upgrade-host.yaml
|
||||
- playbooks/osh-infra-deploy-docker.yaml
|
||||
- playbooks/osh-infra-build.yaml
|
||||
- playbooks/osh-infra-pull-images.yaml
|
||||
- playbooks/osh-infra-deploy-k8s.yaml
|
||||
run: playbooks/osh-infra-deploy-charts.yaml
|
||||
post-run: playbooks/osh-infra-collect-logs.yaml
|
||||
|
||||
- job:
|
||||
name: openstack-helm-infra-ubuntu
|
||||
|
2
Makefile
2
Makefile
@ -18,7 +18,7 @@ SHELL := /bin/bash
|
||||
HELM := helm
|
||||
TASK := build
|
||||
|
||||
EXCLUDES := helm-toolkit doc tests tools logs tmp
|
||||
EXCLUDES := helm-toolkit doc tests tools logs tmp roles playbooks
|
||||
CHARTS := helm-toolkit $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.)))
|
||||
|
||||
.PHONY: $(EXCLUDES) $(CHARTS)
|
||||
|
1
playbooks/osh-infra-build.retry
Normal file
1
playbooks/osh-infra-build.retry
Normal file
@ -0,0 +1 @@
|
||||
local
|
1
playbooks/osh-infra-deploy-charts.retry
Normal file
1
playbooks/osh-infra-deploy-charts.retry
Normal file
@ -0,0 +1 @@
|
||||
local
|
@ -26,7 +26,7 @@
|
||||
- hosts: primary
|
||||
vars_files:
|
||||
- vars.yaml
|
||||
- ../chart-deploys/default.yaml
|
||||
- ../tools/gate/chart-deploys/default.yaml
|
||||
vars:
|
||||
work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
|
||||
logs_dir: "/tmp/logs"
|
1
playbooks/osh-infra-deploy-k8s.retry
Normal file
1
playbooks/osh-infra-deploy-k8s.retry
Normal file
@ -0,0 +1 @@
|
||||
local
|
18
roles/build-helm-packages/tasks/main.yaml
Normal file
18
roles/build-helm-packages/tasks/main.yaml
Normal file
@ -0,0 +1,18 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- include: setup-helm-serve.yaml
|
||||
|
||||
- name: build all charts in repo
|
||||
make:
|
||||
chdir: "{{ work_dir }}"
|
||||
target: all
|
87
roles/build-helm-packages/tasks/setup-helm-serve.yaml
Normal file
87
roles/build-helm-packages/tasks/setup-helm-serve.yaml
Normal file
@ -0,0 +1,87 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- block:
|
||||
- name: check if correct version of helm client already installed
|
||||
shell: "set -e; [ \"x$($(type -p helm) version --client --short | awk '{ print $NF }' | awk -F '+' '{ print $1 }')\" == \"x${HELM_VERSION}\" ] || exit 1"
|
||||
environment:
|
||||
HELM_VERSION: "{{ version.helm }}"
|
||||
args:
|
||||
executable: /bin/bash
|
||||
register: need_helm
|
||||
ignore_errors: True
|
||||
- name: install helm client
|
||||
when: need_helm | failed
|
||||
become_user: root
|
||||
shell: |
|
||||
TMP_DIR=$(mktemp -d)
|
||||
curl -sSL https://storage.googleapis.com/kubernetes-helm/helm-${HELM_VERSION}-linux-amd64.tar.gz | tar -zxv --strip-components=1 -C ${TMP_DIR}
|
||||
sudo mv ${TMP_DIR}/helm /usr/bin/helm
|
||||
rm -rf ${TMP_DIR}
|
||||
environment:
|
||||
HELM_VERSION: "{{ version.helm }}"
|
||||
args:
|
||||
executable: /bin/bash
|
||||
- name: setting up helm client
|
||||
command: helm init --client-only
|
||||
|
||||
- block:
|
||||
- name: checking if local helm server is running
|
||||
shell: curl -s 127.0.0.1:8879 | grep -q 'Helm Repository'
|
||||
args:
|
||||
executable: /bin/bash
|
||||
register: helm_server_running
|
||||
ignore_errors: True
|
||||
- name: getting current host user name
|
||||
when: helm_server_running | failed
|
||||
shell: id -un
|
||||
args:
|
||||
executable: /bin/bash
|
||||
register: helm_server_user
|
||||
- name: moving systemd unit into place for helm server
|
||||
when: helm_server_running | failed
|
||||
become: yes
|
||||
become_user: root
|
||||
template:
|
||||
src: helm-serve.service.j2
|
||||
dest: /etc/systemd/system/helm-serve.service
|
||||
mode: 0640
|
||||
- name: starting helm serve service
|
||||
when: helm_server_running | failed
|
||||
become: yes
|
||||
become_user: root
|
||||
systemd:
|
||||
state: restarted
|
||||
daemon_reload: yes
|
||||
name: helm-serve
|
||||
- name: wait for helm server to be ready
|
||||
shell: curl -s 127.0.0.1:8879 | grep -q 'Helm Repository'
|
||||
args:
|
||||
executable: /bin/bash
|
||||
register: wait_for_helm_server
|
||||
until: wait_for_helm_server.rc == 0
|
||||
retries: 120
|
||||
delay: 5
|
||||
|
||||
- block:
|
||||
- name: checking if helm 'stable' repo is present
|
||||
shell: helm repo list | grep -q "^stable"
|
||||
args:
|
||||
executable: /bin/bash
|
||||
register: helm_stable_repo_present
|
||||
ignore_errors: True
|
||||
- name: checking if helm 'stable' repo is present
|
||||
when: helm_stable_repo_present | succeeded
|
||||
command: helm repo remove stable
|
||||
|
||||
- name: adding helm local repo
|
||||
command: helm repo add local http://localhost:8879/charts
|
11
roles/build-helm-packages/templates/helm-serve.service.j2
Normal file
11
roles/build-helm-packages/templates/helm-serve.service.j2
Normal file
@ -0,0 +1,11 @@
|
||||
[Unit]
|
||||
Description=Helm Server
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
User={{ helm_server_user.stdout }}
|
||||
Restart=always
|
||||
ExecStart=/usr/bin/helm serve
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
74
roles/build-images/tasks/kubeadm-aio.yaml
Normal file
74
roles/build-images/tasks/kubeadm-aio.yaml
Normal file
@ -0,0 +1,74 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
#NOTE(portdirect): Untill https://github.com/ansible/ansible/issues/21433 is
|
||||
# reolved, we build with a shell script to make use of the host network.
|
||||
- name: Kubeadm-AIO build
|
||||
block:
|
||||
#NOTE(portdirect): we do this to ensure we are feeding the docker build
|
||||
# a clean path to work with.
|
||||
- name: Kubeadm-AIO image build path
|
||||
shell: cd "{{ work_dir }}"; pwd
|
||||
register: kubeadm_aio_path
|
||||
# - name: build the Kubeadm-AIO image
|
||||
# docker_image:
|
||||
# path: "{{ kubeadm_aio_path.stdout }}/"
|
||||
# name: "{{ images.kubernetes.kubeadm_aio }}"
|
||||
# dockerfile: "tools/images/kubeadm-aio/Dockerfile"
|
||||
# force: yes
|
||||
# pull: yes
|
||||
# state: present
|
||||
# rm: yes
|
||||
# buildargs:
|
||||
# KUBE_VERSION: "{{ version.kubernetes }}"
|
||||
# CNI_VERSION: "{{ version.cni }}"
|
||||
# HELM_VERSION: "{{ version.helm }}"
|
||||
# CHARTS: "calico,flannel,tiller,kube-dns"
|
||||
- name: Kubeadm-AIO image build path with proxy
|
||||
when: proxy.http is defined and (proxy.http | trim != "")
|
||||
shell: |-
|
||||
set -e
|
||||
docker build \
|
||||
--network host \
|
||||
--force-rm \
|
||||
--tag "{{ images.kubernetes.kubeadm_aio }}" \
|
||||
--file tools/images/kubeadm-aio/Dockerfile \
|
||||
--build-arg KUBE_VERSION="{{ version.kubernetes }}" \
|
||||
--build-arg CNI_VERSION="{{ version.cni }}" \
|
||||
--build-arg HELM_VERSION="{{ version.helm }}" \
|
||||
--build-arg CHARTS="calico,flannel,tiller,kube-dns" \
|
||||
--build-arg HTTP_PROXY="{{ proxy.http }}" \
|
||||
--build-arg HTTPS_PROXY="{{ proxy.https }}" \
|
||||
--build-arg NO_PROXY="{{ proxy.noproxy }}" \
|
||||
.
|
||||
args:
|
||||
chdir: "{{ kubeadm_aio_path.stdout }}/"
|
||||
executable: /bin/bash
|
||||
- name: Kubeadm-AIO image build path
|
||||
when: proxy.http is undefined or (proxy.http | trim == "")
|
||||
shell: |-
|
||||
set -e
|
||||
docker build \
|
||||
--network host \
|
||||
--force-rm \
|
||||
--tag "{{ images.kubernetes.kubeadm_aio }}" \
|
||||
--file tools/images/kubeadm-aio/Dockerfile \
|
||||
--build-arg KUBE_VERSION="{{ version.kubernetes }}" \
|
||||
--build-arg CNI_VERSION="{{ version.cni }}" \
|
||||
--build-arg HELM_VERSION="{{ version.helm }}" \
|
||||
--build-arg CHARTS="calico,flannel,tiller,kube-dns" \
|
||||
.
|
||||
args:
|
||||
chdir: "{{ kubeadm_aio_path.stdout }}/"
|
||||
executable: /bin/bash
|
15
roles/build-images/tasks/main.yaml
Normal file
15
roles/build-images/tasks/main.yaml
Normal file
@ -0,0 +1,15 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- include: kubeadm-aio.yaml
|
22
roles/clean-host/tasks/main.yaml
Normal file
22
roles/clean-host/tasks/main.yaml
Normal file
@ -0,0 +1,22 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: remove osh directory
|
||||
become: yes
|
||||
become_user: root
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
with_items:
|
||||
- /var/lib/openstack-helm
|
68
roles/deploy-docker/tasks/deploy-ansible-docker-support.yaml
Normal file
68
roles/deploy-docker/tasks/deploy-ansible-docker-support.yaml
Normal file
@ -0,0 +1,68 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: ensuring SELinux is disabled on centos & fedora
|
||||
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' or ansible_distribution == 'Fedora'
|
||||
become: true
|
||||
become_user: root
|
||||
command: setenforce 0
|
||||
ignore_errors: True
|
||||
|
||||
#NOTE(portdirect): See https://ask.openstack.org/en/question/110437/importerror-cannot-import-name-unrewindablebodyerror/
|
||||
- name: fix docker removal issue with ansible's docker_container on centos
|
||||
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
|
||||
block:
|
||||
- name: remove requests and urllib3 pip packages to fix docker removal issue with ansible's docker_container on centos
|
||||
become: true
|
||||
become_user: root
|
||||
include_role:
|
||||
name: deploy-package
|
||||
tasks_from: pip
|
||||
vars:
|
||||
state: absent
|
||||
packages:
|
||||
- requests
|
||||
- urllib3
|
||||
- name: remove requests and urllib3 distro packages to fix docker removal issue with ansible's docker_container on centos
|
||||
become: true
|
||||
become_user: root
|
||||
include_role:
|
||||
name: deploy-package
|
||||
tasks_from: dist
|
||||
vars:
|
||||
state: absent
|
||||
packages:
|
||||
rpm:
|
||||
- python-urllib3
|
||||
- python-requests
|
||||
- name: restore requests and urllib3 distro packages to fix docker removal issue with ansible's docker_container on centos
|
||||
become: true
|
||||
become_user: root
|
||||
include_role:
|
||||
name: deploy-package
|
||||
tasks_from: dist
|
||||
vars:
|
||||
state: present
|
||||
packages:
|
||||
rpm:
|
||||
- python-urllib3
|
||||
- python-requests
|
||||
|
||||
- name: Ensure docker python packages deployed
|
||||
include_role:
|
||||
name: deploy-package
|
||||
tasks_from: pip
|
||||
vars:
|
||||
packages:
|
||||
- docker-py
|
85
roles/deploy-docker/tasks/main.yaml
Normal file
85
roles/deploy-docker/tasks/main.yaml
Normal file
@ -0,0 +1,85 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: check if docker deploy is needed
|
||||
raw: which docker
|
||||
register: need_docker
|
||||
ignore_errors: True
|
||||
|
||||
- name: centos | moving systemd unit into place
|
||||
when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( need_docker | failed )
|
||||
template:
|
||||
src: centos-docker.service.j2
|
||||
dest: /etc/systemd/system/docker.service
|
||||
mode: 0640
|
||||
|
||||
- name: fedora | moving systemd unit into place
|
||||
when: ( ansible_distribution == 'Fedora' ) and ( need_docker | failed )
|
||||
template:
|
||||
src: fedora-docker.service.j2
|
||||
dest: /etc/systemd/system/docker.service
|
||||
mode: 0640
|
||||
|
||||
- name: ubuntu | moving systemd unit into place
|
||||
when: ( ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' ) and ( need_docker | failed )
|
||||
template:
|
||||
src: ubuntu-docker.service.j2
|
||||
dest: /etc/systemd/system/docker.service
|
||||
mode: 0640
|
||||
|
||||
# NOTE: (lamt) Setting up the proxy before installing docker
|
||||
- name: ensure docker.service.d directory exists
|
||||
when: proxy.http is defined and (proxy.http | trim != "")
|
||||
file:
|
||||
path: /etc/systemd/system/docker.service.d
|
||||
state: directory
|
||||
|
||||
- name: proxy | moving proxy systemd unit into place
|
||||
when: ( need_docker | failed ) and ( proxy.http is defined and (proxy.http | trim != "") )
|
||||
template:
|
||||
src: http-proxy.conf.j2
|
||||
dest: /etc/systemd/system/docker.service.d/http-proxy.conf
|
||||
mode: 0640
|
||||
|
||||
- name: centos | add docker-ce repository
|
||||
when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( need_docker | failed )
|
||||
get_url:
|
||||
url: https://download.docker.com/linux/centos/docker-ce.repo
|
||||
dest: /etc/yum.repos.d/docker-ce.repo
|
||||
|
||||
- name: fedora | add docker-ce repository
|
||||
when: ( ansible_distribution == 'Fedora' ) and ( need_docker | failed )
|
||||
get_url:
|
||||
url: https://download.docker.com/linux/fedora/docker-ce.repo
|
||||
dest: /etc/yum.repos.d/docker-ce.repo
|
||||
|
||||
- name: deploy docker packages
|
||||
when: need_docker | failed
|
||||
include_role:
|
||||
name: deploy-package
|
||||
tasks_from: dist
|
||||
vars:
|
||||
packages:
|
||||
deb:
|
||||
- docker.io
|
||||
rpm:
|
||||
- docker-ce
|
||||
|
||||
- name: restarting docker
|
||||
systemd:
|
||||
state: restarted
|
||||
daemon_reload: yes
|
||||
name: docker
|
||||
|
||||
- include: deploy-ansible-docker-support.yaml
|
30
roles/deploy-docker/templates/centos-docker.service.j2
Normal file
30
roles/deploy-docker/templates/centos-docker.service.j2
Normal file
@ -0,0 +1,30 @@
|
||||
[Unit]
|
||||
Description=Docker Application Container Engine
|
||||
Documentation=https://docs.docker.com
|
||||
After=network-online.target firewalld.service
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
NotifyAccess=all
|
||||
Environment=GOTRACEBACK=crash
|
||||
Environment=DOCKER_HTTP_HOST_COMPAT=1
|
||||
Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
|
||||
ExecStart=/usr/bin/dockerd \
|
||||
--exec-opt native.cgroupdriver=systemd \
|
||||
--userland-proxy-path=/usr/libexec/docker/docker-proxy \
|
||||
--data-root=/var/lib/docker \
|
||||
--storage-driver=overlay2 \
|
||||
--log-driver=json-file \
|
||||
--iptables=false
|
||||
ExecReload=/bin/kill -s HUP $MAINPID
|
||||
LimitNOFILE=1048576
|
||||
LimitNPROC=1048576
|
||||
LimitCORE=infinity
|
||||
TimeoutStartSec=0
|
||||
Restart=on-abnormal
|
||||
MountFlags=share
|
||||
KillMode=process
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
29
roles/deploy-docker/templates/fedora-docker.service.j2
Normal file
29
roles/deploy-docker/templates/fedora-docker.service.j2
Normal file
@ -0,0 +1,29 @@
|
||||
[Unit]
|
||||
Description=Docker Application Container Engine
|
||||
Documentation=https://docs.docker.com
|
||||
After=network-online.target firewalld.service
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
Environment=GOTRACEBACK=crash
|
||||
# the default is not to use systemd for cgroups because the delegate issues still
|
||||
# exists and systemd currently does not support the cgroup feature set required
|
||||
# for containers run by docker
|
||||
ExecStart=/usr/bin/dockerd \
|
||||
--exec-opt native.cgroupdriver=systemd \
|
||||
--userland-proxy-path=/usr/libexec/docker/docker-proxy \
|
||||
--data-root=/var/lib/docker \
|
||||
--storage-driver=overlay2 \
|
||||
--log-driver=json-file \
|
||||
--iptables=false
|
||||
ExecReload=/bin/kill -s HUP $MAINPID
|
||||
TasksMax=8192
|
||||
LimitNOFILE=1048576
|
||||
LimitNPROC=1048576
|
||||
LimitCORE=infinity
|
||||
TimeoutStartSec=0
|
||||
Restart=on-abnormal
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
4
roles/deploy-docker/templates/http-proxy.conf.j2
Normal file
4
roles/deploy-docker/templates/http-proxy.conf.j2
Normal file
@ -0,0 +1,4 @@
|
||||
[Service]
|
||||
Environment="HTTP_PROXY={{ proxy.http }}"
|
||||
Environment="HTTPS_PROXY={{ proxy.https }}"
|
||||
Environment="NO_PROXY={{ proxy.noproxy }}"
|
30
roles/deploy-docker/templates/ubuntu-docker.service.j2
Normal file
30
roles/deploy-docker/templates/ubuntu-docker.service.j2
Normal file
@ -0,0 +1,30 @@
|
||||
[Unit]
|
||||
Description=Docker Application Container Engine
|
||||
Documentation=https://docs.docker.com
|
||||
After=network.target docker.socket firewalld.service
|
||||
Requires=docker.socket
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
# the default is not to use systemd for cgroups because the delegate issues still
|
||||
# exists and systemd currently does not support the cgroup feature set required
|
||||
# for containers run by docker
|
||||
EnvironmentFile=-/etc/default/docker
|
||||
ExecStart=/usr/bin/dockerd --iptables=false -H fd:// $DOCKER_OPTS
|
||||
ExecReload=/bin/kill -s HUP $MAINPID
|
||||
LimitNOFILE=1048576
|
||||
# Having non-zero Limit*s causes performance problems due to accounting overhead
|
||||
# in the kernel. We recommend using cgroups to do container-local accounting.
|
||||
LimitNPROC=infinity
|
||||
LimitCORE=infinity
|
||||
# Uncomment TasksMax if your systemd version supports it.
|
||||
# Only systemd 226 and above support this version.
|
||||
TasksMax=infinity
|
||||
TimeoutStartSec=0
|
||||
# set delegate yes so that systemd does not reset the cgroups of docker containers
|
||||
Delegate=yes
|
||||
# kill only the docker process, not all processes in the cgroup
|
||||
KillMode=process
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -0,0 +1,19 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# This set of tasks creates over-rides that need to be generated dyamicly and
|
||||
# injected at runtime.
|
||||
|
||||
- name: setup directorys on host
|
||||
file:
|
||||
path: "{{ work_dir }}/tools/gate/local-overrides/"
|
||||
state: directory
|
@ -0,0 +1,39 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- block:
|
||||
- name: installing OS-H dev tools
|
||||
include_role:
|
||||
name: deploy-package
|
||||
tasks_from: dist
|
||||
vars:
|
||||
packages:
|
||||
deb:
|
||||
- git
|
||||
- make
|
||||
- curl
|
||||
- ca-certificates
|
||||
rpm:
|
||||
- git
|
||||
- make
|
||||
- curl
|
||||
- name: installing jq
|
||||
include_role:
|
||||
name: deploy-jq
|
||||
tasks_from: main
|
||||
|
||||
- name: assemble charts
|
||||
make:
|
||||
chdir: "{{ work_dir }}"
|
||||
register: out
|
||||
|
||||
- include: util-setup-dev-environment.yaml
|
27
roles/deploy-helm-packages/tasks/main.yaml
Normal file
27
roles/deploy-helm-packages/tasks/main.yaml
Normal file
@ -0,0 +1,27 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- include: generate-dynamic-over-rides.yaml
|
||||
|
||||
- name: "creating directory for helm test logs"
|
||||
file:
|
||||
path: "{{ logs_dir }}/helm-tests"
|
||||
state: directory
|
||||
|
||||
- name: "iterating through Helm chart groups"
|
||||
vars:
|
||||
chart_group_name: "{{ helm_chart_group.name }}"
|
||||
chart_group_items: "{{ helm_chart_group.charts }}"
|
||||
include: util-chart-group.yaml
|
||||
loop_control:
|
||||
loop_var: helm_chart_group
|
||||
with_items: "{{ chart_groups }}"
|
29
roles/deploy-helm-packages/tasks/util-chart-group.yaml
Normal file
29
roles/deploy-helm-packages/tasks/util-chart-group.yaml
Normal file
@ -0,0 +1,29 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: "{{ helm_chart_group.name }}"
|
||||
vars:
|
||||
chart_def: "{{ charts[helm_chart] }}"
|
||||
loop_control:
|
||||
loop_var: helm_chart
|
||||
include: util-common-helm-chart.yaml
|
||||
with_items: "{{ helm_chart_group.charts }}"
|
||||
|
||||
- name: "Running wait for pods for the charts in the {{ helm_chart_group.name }} group"
|
||||
when: ('timeout' in helm_chart_group)
|
||||
include: util-common-wait-for-pods.yaml
|
||||
vars:
|
||||
namespace: "{{ charts[helm_chart].namespace }}"
|
||||
timeout: "{{ helm_chart_group.timeout }}"
|
||||
loop_control:
|
||||
loop_var: helm_chart
|
||||
with_items: "{{ helm_chart_group.charts }}"
|
92
roles/deploy-helm-packages/tasks/util-common-helm-chart.yaml
Normal file
92
roles/deploy-helm-packages/tasks/util-common-helm-chart.yaml
Normal file
@ -0,0 +1,92 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Helm management common block
|
||||
vars:
|
||||
check_deployed_result: null
|
||||
chart_values_file: null
|
||||
upgrade:
|
||||
pre:
|
||||
delete: null
|
||||
|
||||
block:
|
||||
- name: "create temporary file for {{ chart_def['release'] }}'s values .yaml"
|
||||
tempfile:
|
||||
state: file
|
||||
suffix: .yaml
|
||||
register: chart_values_file
|
||||
- name: "write out values.yaml for {{ chart_def['release'] }}"
|
||||
copy:
|
||||
dest: "{{ chart_values_file.path }}"
|
||||
content: "{% if 'values' in chart_def %}{{ chart_def['values'] | to_nice_yaml }}{% else %}{% endif %}"
|
||||
|
||||
- name: "check if {{ chart_def['release'] }} is deployed"
|
||||
command: helm status "{{ chart_def['release'] }}"
|
||||
register: check_deployed_result
|
||||
ignore_errors: True
|
||||
|
||||
- name: "check if local overrides are present in {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml"
|
||||
stat:
|
||||
path: "{{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml"
|
||||
register: local_overrides
|
||||
|
||||
- name: "try to deploy release {{ chart_def['release'] }} in {{ chart_def['namespace'] }} namespace with {{ chart_def['chart_name'] }} chart"
|
||||
when: check_deployed_result | failed
|
||||
command: "helm install {{ work_dir }}/{{ chart_def['chart_name'] }} --namespace {{ chart_def['namespace'] }} --name {{ chart_def['release'] }} --values={{ chart_values_file.path }}{% if local_overrides.stat.exists %} --values {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml{% endif %}"
|
||||
register: out
|
||||
- name: "display info for the helm {{ chart_def['release'] }} release deploy"
|
||||
when: check_deployed_result | failed
|
||||
debug:
|
||||
var: out.stdout_lines
|
||||
|
||||
- name: "pre-upgrade, delete jobs for {{ chart_def['release'] }} release"
|
||||
when:
|
||||
- check_deployed_result | succeeded
|
||||
- "'upgrade' in chart_def"
|
||||
- "'pre' in chart_def['upgrade']"
|
||||
- "'delete' in chart_def['upgrade']['pre']"
|
||||
- "chart_def.upgrade.pre.delete is not none"
|
||||
with_items: "{{ chart_def.upgrade.pre.delete }}"
|
||||
loop_control:
|
||||
loop_var: helm_upgrade_delete_job
|
||||
command: "kubectl delete --namespace {{ chart_def['namespace'] }} job -l application={{ helm_upgrade_delete_job.labels.application }},component={{ helm_upgrade_delete_job.labels.component }} --ignore-not-found=true"
|
||||
- name: "try to upgrade release {{ chart_def['release'] }} in {{ chart_def['namespace'] }} namespace with {{ chart_def['chart_name'] }} chart"
|
||||
when: check_deployed_result | succeeded
|
||||
command: "helm upgrade {{ chart_def['release'] }} {{ work_dir }}/{{ chart_def['chart_name'] }} --values={{ chart_values_file.path }}{% if local_overrides.stat.exists %} --values {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml{% endif %}"
|
||||
register: out
|
||||
- name: "display info for the helm {{ chart_def['release'] }} release upgrade"
|
||||
when: check_deployed_result | succeeded
|
||||
debug:
|
||||
var: out.stdout_lines
|
||||
|
||||
- include: util-common-wait-for-pods.yaml
|
||||
when: ('timeout' in chart_def)
|
||||
vars:
|
||||
namespace: "{{ chart_def['namespace'] }}"
|
||||
timeout: "{{ chart_def['timeout'] }}"
|
||||
|
||||
- include: util-common-helm-test.yaml
|
||||
when:
|
||||
- "'test' in chart_def"
|
||||
- "chart_def.test is not none"
|
||||
- "'enabled' in chart_def['test']"
|
||||
- "chart_def.test.enabled|bool == true"
|
||||
vars:
|
||||
release: "{{ chart_def['release'] }}"
|
||||
namespace: "{{ chart_def['namespace'] }}"
|
||||
test_settings: "{{ chart_def.test }}"
|
||||
|
||||
always:
|
||||
- name: "remove values.yaml for {{ chart_def['release'] }}"
|
||||
file:
|
||||
path: "{{ chart_values_file.path }}"
|
||||
state: absent
|
67
roles/deploy-helm-packages/tasks/util-common-helm-test.yaml
Normal file
67
roles/deploy-helm-packages/tasks/util-common-helm-test.yaml
Normal file
@ -0,0 +1,67 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Helm test common block
|
||||
vars:
|
||||
release: null
|
||||
namespace: null
|
||||
test_settings: null
|
||||
|
||||
block:
|
||||
- name: "remove any expired helm test pods for {{ release }}"
|
||||
command: "kubectl delete pod {{ release }}-test -n {{ namespace }}"
|
||||
ignore_errors: True
|
||||
|
||||
- name: "run helm tests for the {{ release }} release"
|
||||
when:
|
||||
- "'timeout' in test_settings"
|
||||
- "'timeout' is none"
|
||||
command: "helm test {{ release }}"
|
||||
register: test_result
|
||||
|
||||
- name: "run helm tests for the {{ release }} release with timeout"
|
||||
when:
|
||||
- "'timeout' in test_settings"
|
||||
- "'timeout' is not none"
|
||||
command: " helm test --timeout {{ test_settings.timeout }} {{ release }}"
|
||||
register: test_result
|
||||
|
||||
- name: "display status for {{ release }} helm tests"
|
||||
debug:
|
||||
var: test_result.stdout_lines
|
||||
|
||||
- name: "gathering logs for helm tests for {{ release }}"
|
||||
when:
|
||||
- test_result | succeeded
|
||||
shell: |-
|
||||
set -e
|
||||
kubectl logs {{ release }}-test -n {{ namespace }} >> {{ logs_dir }}/helm-tests/{{ release }}.txt
|
||||
args:
|
||||
executable: /bin/bash
|
||||
register: test_logs
|
||||
|
||||
- name: "displaying logs for successful helm tests for {{ release }}"
|
||||
when:
|
||||
- test_result | succeeded
|
||||
- "'output' in test_settings"
|
||||
- "test_settings.output|bool == true"
|
||||
debug:
|
||||
var: test_logs.stdout_lines
|
||||
rescue:
|
||||
- name: "gathering logs for failed helm tests for {{ release }}"
|
||||
command: "kubectl logs {{ release }}-test -n {{ namespace }}"
|
||||
register: out
|
||||
- name: "displaying logs for failed helm tests for {{ release }}"
|
||||
debug:
|
||||
var: out.stdout_lines
|
||||
- name: "helm tests for {{ release }} failed, stopping execution"
|
||||
command: exit 1
|
@ -0,0 +1,50 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: wait for pods in namespace
|
||||
vars:
|
||||
namespace: null
|
||||
timeout: 600
|
||||
wait_return_code:
|
||||
rc: 1
|
||||
block:
|
||||
- name: "wait for pods in {{ namespace }} namespace to be ready"
|
||||
shell: |-
|
||||
set -e
|
||||
kubectl get pods --namespace="{{ namespace }}" -o json | jq -r \
|
||||
'.items[].status.phase' | grep Pending > /dev/null && \
|
||||
PENDING=True || PENDING=False
|
||||
|
||||
query='.items[]|select(.status.phase=="Running")'
|
||||
query="$query|.status.containerStatuses[].ready"
|
||||
kubectl get pods --namespace="{{ namespace }}" -o json | jq -r "$query" | \
|
||||
grep false > /dev/null && READY="False" || READY="True"
|
||||
|
||||
kubectl get jobs -o json --namespace="{{ namespace }}" | jq -r \
|
||||
'.items[] | .spec.completions == .status.succeeded' | \
|
||||
grep false > /dev/null && JOBR="False" || JOBR="True"
|
||||
[ $PENDING == "False" -a $READY == "True" -a $JOBR == "True" ] && \
|
||||
exit 0 || exit 1
|
||||
args:
|
||||
executable: /bin/bash
|
||||
register: wait_return_code
|
||||
until: wait_return_code.rc == 0
|
||||
retries: "{{ timeout }}"
|
||||
delay: 1
|
||||
rescue:
|
||||
- name: "pods failed to come up in time, getting kubernetes objects status"
|
||||
command: kubectl get --all-namespaces all -o wide --show-all
|
||||
register: out
|
||||
- name: "pods failed to come up in time, displaying kubernetes objects status"
|
||||
debug: var=out.stdout_lines
|
||||
- name: "pods failed to come up in time, stopping execution"
|
||||
command: exit 1
|
69
roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml
Normal file
69
roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml
Normal file
@ -0,0 +1,69 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: master
|
||||
vars:
|
||||
kubeadm_aio_action: clean-host
|
||||
block:
|
||||
- name: "kubeadm-aio performing action: {{ kubeadm_aio_action }}"
|
||||
become: true
|
||||
become_user: root
|
||||
docker_container:
|
||||
name: "kubeadm-{{ kubeadm_aio_action }}"
|
||||
image: "{{ images.kubernetes.kubeadm_aio }}"
|
||||
state: started
|
||||
detach: false
|
||||
recreate: yes
|
||||
pid_mode: host
|
||||
network_mode: host
|
||||
capabilities: SYS_ADMIN
|
||||
volumes:
|
||||
- /sys:/sys:rw
|
||||
- /run:/run:rw
|
||||
- /:/mnt/rootfs:rw
|
||||
- /etc:/etc:rw
|
||||
env:
|
||||
CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}"
|
||||
ACTION="{{ kubeadm_aio_action }}"
|
||||
KUBE_BIND_DEVICE="{{ kubernetes_default_device }}"
|
||||
USER_UID="{{ playbook_user_id }}"
|
||||
USER_GID="{{ playbook_group_id }}"
|
||||
USER_HOME="{{ playbook_user_dir }}"
|
||||
CNI_ENABLED="{{ kubernetes.cluster.cni }}"
|
||||
PVC_SUPPORT_CEPH=true
|
||||
PVC_SUPPORT_NFS=true
|
||||
NET_SUPPORT_LINUXBRIDGE=true
|
||||
KUBE_NET_POD_SUBNET="{{ kubernetes.cluster.pod_subnet }}"
|
||||
KUBE_NET_DNS_DOMAIN="{{ kubernetes.cluster.domain }}"
|
||||
CONTAINER_RUNTIME=docker
|
||||
register: kubeadm_master_deploy
|
||||
ignore_errors: True
|
||||
rescue:
|
||||
- name: getting logs from kubeadm-aio container
|
||||
command: "docker logs kubeadm-{{ kubeadm_aio_action }}"
|
||||
become: true
|
||||
become_user: root
|
||||
register: out
|
||||
- name: dumping logs from kubeadm-aio container
|
||||
debug:
|
||||
var: out.stdout_lines
|
||||
- name: exiting if the kubeadm deploy failed
|
||||
command: exit 1
|
||||
always:
|
||||
- name: removing kubeadm-aio container
|
||||
become: true
|
||||
become_user: root
|
||||
docker_container:
|
||||
name: "kubeadm-{{ kubeadm_aio_action }}"
|
||||
state: absent
|
27
roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml
Normal file
27
roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml
Normal file
@ -0,0 +1,27 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
|
||||
- name: setting node labels
|
||||
vars:
|
||||
kubeadm_kubelet_labels_node:
|
||||
- "{% if nodes.labels.all is defined %}{% set comma = joiner(\",\") %}{% for item in nodes.labels.all %}{{ comma() }}{{ item.name }}={{ item.value }}{% endfor %}{% else %}\"\"{% endif %}"
|
||||
- "{% set comma = joiner(\",\") %}{% for group in group_names %}{% if nodes.labels[group] is defined %}{% for item in nodes.labels[group] %}{{ comma() }}{{ item.name }}={{ item.value }}{% endfor %}{% else %}\"\"{% endif %}{% endfor %}"
|
||||
set_fact:
|
||||
kubeadm_kubelet_labels: "{% set comma = joiner(\",\") %}{% for item in kubeadm_kubelet_labels_node %}{{ comma() }}{{ item }}{% endfor %}"
|
||||
|
||||
- name: deploy-kubelet
|
||||
vars:
|
||||
kubeadm_aio_action: deploy-kubelet
|
||||
include: util-kubeadm-aio-run.yaml
|
35
roles/deploy-kubeadm-aio-common/tasks/main.yaml
Normal file
35
roles/deploy-kubeadm-aio-common/tasks/main.yaml
Normal file
@ -0,0 +1,35 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: setting playbook facts
|
||||
set_fact:
|
||||
playbook_user_id: "{{ ansible_user_uid }}"
|
||||
playbook_group_id: "{{ ansible_user_gid }}"
|
||||
playbook_user_dir: "{{ ansible_user_dir }}"
|
||||
kubernetes_default_device: "{{ ansible_default_ipv4.alias }}"
|
||||
kubernetes_default_address: null
|
||||
|
||||
- name: if we have defined a custom interface for kubernetes use that
|
||||
when: kubernetes.network.default_device is defined and kubernetes.network.default_device
|
||||
set_fact:
|
||||
kubernetes_default_device: "{{ kubernetes.network.default_device }}"
|
||||
|
||||
- name: if we are in openstack infra use the private IP for kubernetes
|
||||
when: (nodepool is defined) and (nodepool.private_ipv4 is defined)
|
||||
set_fact:
|
||||
kubernetes_default_address: "{{ nodepool.private_ipv4 }}"
|
||||
|
||||
- include: clean-node.yaml
|
||||
|
||||
- include: deploy-kubelet.yaml
|
@ -0,0 +1,71 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Run Kubeadm-AIO container
|
||||
vars:
|
||||
kubeadm_aio_action: null
|
||||
kubeadm_kubelet_labels: ""
|
||||
block:
|
||||
- name: "performing {{ kubeadm_aio_action }} action"
|
||||
become: true
|
||||
become_user: root
|
||||
docker_container:
|
||||
name: "kubeadm-{{ kubeadm_aio_action }}"
|
||||
image: "{{ images.kubernetes.kubeadm_aio }}"
|
||||
state: started
|
||||
detach: false
|
||||
recreate: yes
|
||||
pid_mode: host
|
||||
network_mode: host
|
||||
capabilities: SYS_ADMIN
|
||||
volumes:
|
||||
- /sys:/sys:rw
|
||||
- /run:/run:rw
|
||||
- /:/mnt/rootfs:rw
|
||||
- /etc:/etc:rw
|
||||
env:
|
||||
CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}"
|
||||
ACTION="{{ kubeadm_aio_action }}"
|
||||
KUBE_BIND_DEVICE="{{ kubernetes_default_device }}"
|
||||
KUBE_BIND_ADDR="{{ kubernetes_default_address }}"
|
||||
USER_UID="{{ playbook_user_id }}"
|
||||
USER_GID="{{ playbook_group_id }}"
|
||||
USER_HOME="{{ playbook_user_dir }}"
|
||||
CNI_ENABLED="{{ kubernetes.cluster.cni }}"
|
||||
PVC_SUPPORT_CEPH=true
|
||||
PVC_SUPPORT_NFS=true
|
||||
NET_SUPPORT_LINUXBRIDGE=true
|
||||
KUBE_NET_POD_SUBNET="{{ kubernetes.cluster.pod_subnet }}"
|
||||
KUBE_NET_DNS_DOMAIN="{{ kubernetes.cluster.domain }}"
|
||||
CONTAINER_RUNTIME=docker
|
||||
KUBELET_NODE_LABELS="{{ kubeadm_kubelet_labels }}"
|
||||
register: kubeadm_master_deploy
|
||||
rescue:
|
||||
- name: "getting logs for {{ kubeadm_aio_action }} action"
|
||||
command: "docker logs kubeadm-{{ kubeadm_aio_action }}"
|
||||
become: true
|
||||
become_user: root
|
||||
register: out
|
||||
- name: "dumping logs for {{ kubeadm_aio_action }} action"
|
||||
debug:
|
||||
var: out.stdout_lines
|
||||
- name: "exiting if {{ kubeadm_aio_action }} action failed"
|
||||
command: exit 1
|
||||
always:
|
||||
- name: "removing container for {{ kubeadm_aio_action }} action"
|
||||
become: true
|
||||
become_user: root
|
||||
docker_container:
|
||||
name: "kubeadm-{{ kubeadm_aio_action }}"
|
||||
state: absent
|
31
roles/deploy-kubeadm-aio-master/tasks/main.yaml
Normal file
31
roles/deploy-kubeadm-aio-master/tasks/main.yaml
Normal file
@ -0,0 +1,31 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: setting playbook user info facts before escalating privileges
|
||||
set_fact:
|
||||
playbook_user_id: "{{ ansible_user_uid }}"
|
||||
playbook_group_id: "{{ ansible_user_gid }}"
|
||||
playbook_user_dir: "{{ ansible_user_dir }}"
|
||||
|
||||
- name: deploying kubelet and support assets to node
|
||||
include_role:
|
||||
name: deploy-kubeadm-aio-common
|
||||
tasks_from: main
|
||||
|
||||
- name: deploying kubernetes on master node
|
||||
vars:
|
||||
kubeadm_aio_action: deploy-kube
|
||||
include_role:
|
||||
name: deploy-kubeadm-aio-common
|
||||
tasks_from: util-kubeadm-aio-run
|
44
roles/deploy-kubeadm-aio-node/tasks/main.yaml
Normal file
44
roles/deploy-kubeadm-aio-node/tasks/main.yaml
Normal file
@ -0,0 +1,44 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: setting playbook user info facts before escalating privileges
|
||||
set_fact:
|
||||
playbook_user_id: "{{ ansible_user_uid }}"
|
||||
playbook_group_id: "{{ ansible_user_gid }}"
|
||||
playbook_user_dir: "{{ ansible_user_dir }}"
|
||||
kube_master: "{{ groups['primary'][0] }}"
|
||||
kube_worker: "{{ inventory_hostname }}"
|
||||
|
||||
- name: deploying kubelet and support assets to node
|
||||
include_role:
|
||||
name: deploy-kubeadm-aio-common
|
||||
tasks_from: main
|
||||
|
||||
- name: generating the kubeadm join command for the node
|
||||
include: util-generate-join-command.yaml
|
||||
delegate_to: "{{ kube_master }}"
|
||||
|
||||
- name: joining node to kubernetes cluster
|
||||
vars:
|
||||
kubeadm_aio_action: join-kube
|
||||
kubeadm_aio_join_command: "{{ kubeadm_cluster_join_command }}"
|
||||
include: util-run-join-command.yaml
|
||||
|
||||
- name: waiting for node to be ready
|
||||
delegate_to: "{{ kube_master }}"
|
||||
command: kubectl get node "{{ ansible_fqdn }}" -o jsonpath="{$.status.conditions[?(@.reason=='KubeletReady')]['type']}"
|
||||
register: task_result
|
||||
until: task_result.stdout == 'Ready'
|
||||
retries: 120
|
||||
delay: 5
|
@ -0,0 +1,56 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: generate the kubeadm join command for nodes
|
||||
vars:
|
||||
kubeadm_aio_action: generate-join-cmd
|
||||
kubeadm_cluster_join_ttl: 30m
|
||||
kube_worker: null
|
||||
block:
|
||||
- name: "deploying kubeadm {{ kubeadm_aio_action }} container"
|
||||
become: true
|
||||
become_user: root
|
||||
docker_container:
|
||||
name: "kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}"
|
||||
image: "{{ images.kubernetes.kubeadm_aio }}"
|
||||
state: started
|
||||
detach: false
|
||||
recreate: yes
|
||||
network_mode: host
|
||||
volumes:
|
||||
- /etc/kubernetes:/etc/kubernetes:ro
|
||||
env:
|
||||
ACTION=generate-join-cmd
|
||||
TTL="{{ kubeadm_cluster_join_ttl }}"
|
||||
register: kubeadm_generate_join_command
|
||||
- name: "getting logs for {{ kubeadm_aio_action }} action"
|
||||
command: "docker logs kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}"
|
||||
become: true
|
||||
become_user: root
|
||||
register: kubeadm_aio_action_logs
|
||||
- name: storing cluster join command
|
||||
set_fact: kubeadm_cluster_join_command="{{ kubeadm_aio_action_logs.stdout }}"
|
||||
rescue:
|
||||
- name: "dumping logs for {{ kubeadm_aio_action }} action"
|
||||
debug:
|
||||
var: kubeadm_aio_action_logs.stdout_lines
|
||||
- name: "exiting if {{ kubeadm_aio_action }} action failed"
|
||||
command: exit 1
|
||||
always:
|
||||
- name: "removing container for {{ kubeadm_aio_action }} action"
|
||||
become: true
|
||||
become_user: root
|
||||
docker_container:
|
||||
name: "kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}"
|
||||
state: absent
|
@ -0,0 +1,59 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: master
|
||||
vars:
|
||||
kubeadm_aio_action: join-kube
|
||||
kubeadm_aio_join_command: null
|
||||
block:
|
||||
- name: "deploying kubeadm {{ kubeadm_aio_action }} container"
|
||||
become: true
|
||||
become_user: root
|
||||
docker_container:
|
||||
name: "kubeadm-{{ kubeadm_aio_action }}"
|
||||
image: "{{ images.kubernetes.kubeadm_aio }}"
|
||||
state: started
|
||||
detach: false
|
||||
recreate: yes
|
||||
pid_mode: host
|
||||
network_mode: host
|
||||
capabilities: SYS_ADMIN
|
||||
volumes:
|
||||
- /sys:/sys:rw
|
||||
- /run:/run:rw
|
||||
- /:/mnt/rootfs:rw
|
||||
- /etc:/etc:rw
|
||||
env:
|
||||
CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}"
|
||||
ACTION="{{ kubeadm_aio_action }}"
|
||||
KUBEADM_JOIN_COMMAND="{{ kubeadm_aio_join_command }}"
|
||||
register: kubeadm_aio_join_container
|
||||
rescue:
|
||||
- name: "getting logs for {{ kubeadm_aio_action }} action"
|
||||
command: "docker logs kubeadm-{{ kubeadm_aio_action }}"
|
||||
become: true
|
||||
become_user: root
|
||||
register: kubeadm_aio_join_container_output
|
||||
- name: "dumping logs for {{ kubeadm_aio_action }} action"
|
||||
debug:
|
||||
msg: "{{ kubeadm_aio_join_container_output.stdout_lines }}"
|
||||
- name: "exiting if {{ kubeadm_aio_action }} action failed"
|
||||
command: exit 1
|
||||
always:
|
||||
- name: "removing container for {{ kubeadm_aio_action }} action"
|
||||
become: true
|
||||
become_user: root
|
||||
docker_container:
|
||||
name: "kubeadm-{{ kubeadm_aio_action }}"
|
||||
state: absent
|
46
roles/deploy-package/tasks/dist.yaml
Normal file
46
roles/deploy-package/tasks/dist.yaml
Normal file
@ -0,0 +1,46 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: managing distro packages for ubuntu
|
||||
become: true
|
||||
become_user: root
|
||||
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
||||
vars:
|
||||
state: present
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
state: "{{ state }}"
|
||||
with_items: "{{ packages.deb }}"
|
||||
|
||||
- name: managing distro packages for centos
|
||||
become: true
|
||||
become_user: root
|
||||
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
|
||||
vars:
|
||||
state: present
|
||||
yum:
|
||||
name: "{{ item }}"
|
||||
state: "{{ state }}"
|
||||
with_items: "{{ packages.rpm }}"
|
||||
|
||||
- name: managing distro packages for fedora
|
||||
become: true
|
||||
become_user: root
|
||||
when: ansible_distribution == 'Fedora'
|
||||
vars:
|
||||
state: present
|
||||
dnf:
|
||||
name: "{{ item }}"
|
||||
state: "{{ state }}"
|
||||
with_items: "{{ packages.rpm }}"
|
27
roles/deploy-package/tasks/pip.yaml
Normal file
27
roles/deploy-package/tasks/pip.yaml
Normal file
@ -0,0 +1,27 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: managing pip packages
|
||||
become: true
|
||||
become_user: root
|
||||
environment:
|
||||
http_proxy: "{{ proxy.http }}"
|
||||
https_proxy: "{{ proxy.https }}"
|
||||
no_proxy: "{{ proxy.noproxy }}"
|
||||
vars:
|
||||
state: present
|
||||
pip:
|
||||
name: "{{ item }}"
|
||||
state: "{{ state }}"
|
||||
with_items: "{{ packages }}"
|
48
roles/deploy-python-pip/tasks/main.yaml
Normal file
48
roles/deploy-python-pip/tasks/main.yaml
Normal file
@ -0,0 +1,48 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: ensuring python pip package is present for ubuntu
|
||||
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
||||
apt:
|
||||
name: python-pip
|
||||
state: present
|
||||
|
||||
- name: ensuring python pip package is present for centos
|
||||
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
|
||||
block:
|
||||
- name: ensuring epel-release package is present for centos as python-pip is in the epel repo
|
||||
yum:
|
||||
name: epel-release
|
||||
state: present
|
||||
- name: ensuring python pip package is present for centos
|
||||
yum:
|
||||
name: python-devel
|
||||
state: present
|
||||
|
||||
- name: ensuring python pip package is present for fedora via the python-devel rpm
|
||||
when: ansible_distribution == 'Fedora'
|
||||
dnf:
|
||||
name: python2-pip
|
||||
state: present
|
||||
|
||||
- name: ensuring pip is the latest version
|
||||
become: true
|
||||
become_user: root
|
||||
environment:
|
||||
http_proxy: "{{ proxy.http }}"
|
||||
https_proxy: "{{ proxy.https }}"
|
||||
no_proxy: "{{ proxy.noproxy }}"
|
||||
pip:
|
||||
name: pip
|
||||
state: latest
|
16
roles/deploy-python/tasks/main.yaml
Normal file
16
roles/deploy-python/tasks/main.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: ensuring python2 is present on all hosts
|
||||
raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal) || (sudo yum install -y python) || (sudo dnf install -y python2)
|
43
roles/deploy-yq/tasks/main.yaml
Normal file
43
roles/deploy-yq/tasks/main.yaml
Normal file
@ -0,0 +1,43 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- block:
|
||||
- name: ensuring jq is deployed on host
|
||||
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' or ansible_distribution == 'Fedora'
|
||||
include_role:
|
||||
name: deploy-package
|
||||
tasks_from: dist
|
||||
vars:
|
||||
packages:
|
||||
deb:
|
||||
- jq
|
||||
rpm:
|
||||
- jq
|
||||
- name: removing jq binary on centos
|
||||
become: true
|
||||
become_user: root
|
||||
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
with_items:
|
||||
- /usr/bin/jq
|
||||
- name: installing jq 1.5 binary for centos
|
||||
become: true
|
||||
become_user: root
|
||||
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
|
||||
get_url:
|
||||
url: https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64
|
||||
dest: /usr/bin/jq
|
||||
mode: 0555
|
108
roles/describe-kubernetes-objects/tasks/main.yaml
Normal file
108
roles/describe-kubernetes-objects/tasks/main.yaml
Normal file
@ -0,0 +1,108 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: "creating directory for cluster scoped objects"
|
||||
file:
|
||||
path: "{{ logs_dir }}/objects/cluster"
|
||||
state: directory
|
||||
|
||||
- name: "Gathering descriptions for cluster scoped objects"
|
||||
shell: |-
|
||||
set -e
|
||||
export OBJECT_TYPE=node,clusterrole,clusterrolebinding,storageclass,namespace
|
||||
export PARALLELISM_FACTOR=2
|
||||
|
||||
function list_objects () {
|
||||
printf ${OBJECT_TYPE} | xargs -d ',' -I {} -P1 -n1 bash -c 'echo "$@"' _ {}
|
||||
}
|
||||
export -f list_objects
|
||||
|
||||
function name_objects () {
|
||||
export OBJECT=$1
|
||||
kubectl get ${OBJECT} -o name | xargs -L1 -I {} -P1 -n1 bash -c 'echo "${OBJECT} ${1#*/}"' _ {}
|
||||
}
|
||||
export -f name_objects
|
||||
|
||||
function get_objects () {
|
||||
input=($1)
|
||||
export OBJECT=${input[0]}
|
||||
export NAME=${input[1]#*/}
|
||||
echo "${OBJECT}/${NAME}"
|
||||
DIR="{{ logs_dir }}/objects/cluster/${OBJECT}"
|
||||
mkdir -p ${DIR}
|
||||
kubectl get ${OBJECT} ${NAME} -o yaml > "${DIR}/${NAME}.yaml"
|
||||
kubectl describe ${OBJECT} ${NAME} > "${DIR}/${NAME}.txt"
|
||||
}
|
||||
export -f get_objects
|
||||
|
||||
list_objects | \
|
||||
xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'name_objects "$@"' _ {} | \
|
||||
xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_objects "$@"' _ {}
|
||||
args:
|
||||
executable: /bin/bash
|
||||
ignore_errors: True
|
||||
|
||||
- name: "creating directory for namespace scoped objects"
|
||||
file:
|
||||
path: "{{ logs_dir }}/objects/namespaced"
|
||||
state: directory
|
||||
|
||||
- name: "Gathering descriptions for namespace scoped objects"
|
||||
shell: |-
|
||||
set -e
|
||||
export OBJECT_TYPE=configmaps,cronjobs,daemonsets,deployment,endpoints,ingresses,jobs,networkpolicies,pods,podsecuritypolicies,persistentvolumeclaims,rolebindings,roles,secrets,serviceaccounts,services,statefulsets
|
||||
export PARALLELISM_FACTOR=2
|
||||
function get_namespaces () {
|
||||
kubectl get namespaces -o name | awk -F '/' '{ print $NF }'
|
||||
}
|
||||
|
||||
function list_namespaced_objects () {
|
||||
export NAMESPACE=$1
|
||||
printf ${OBJECT_TYPE} | xargs -d ',' -I {} -P1 -n1 bash -c 'echo "${NAMESPACE} $@"' _ {}
|
||||
}
|
||||
export -f list_namespaced_objects
|
||||
|
||||
function name_objects () {
|
||||
input=($1)
|
||||
export NAMESPACE=${input[0]}
|
||||
export OBJECT=${input[1]}
|
||||
kubectl get -n ${NAMESPACE} ${OBJECT} -o name | xargs -L1 -I {} -P1 -n1 bash -c 'echo "${NAMESPACE} ${OBJECT} $@"' _ {}
|
||||
}
|
||||
export -f name_objects
|
||||
|
||||
function get_objects () {
|
||||
input=($1)
|
||||
export NAMESPACE=${input[0]}
|
||||
export OBJECT=${input[1]}
|
||||
export NAME=${input[2]#*/}
|
||||
echo "${NAMESPACE}/${OBJECT}/${NAME}"
|
||||
DIR="{{ logs_dir }}/objects/namespaced/${NAMESPACE}/${OBJECT}"
|
||||
mkdir -p ${DIR}
|
||||
kubectl get -n ${NAMESPACE} ${OBJECT} ${NAME} -o yaml > "${DIR}/${NAME}.yaml"
|
||||
kubectl describe -n ${NAMESPACE} ${OBJECT} ${NAME} > "${DIR}/${NAME}.txt"
|
||||
}
|
||||
export -f get_objects
|
||||
|
||||
get_namespaces | \
|
||||
xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'list_namespaced_objects "$@"' _ {} | \
|
||||
xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'name_objects "$@"' _ {} | \
|
||||
xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_objects "$@"' _ {}
|
||||
args:
|
||||
executable: /bin/bash
|
||||
ignore_errors: True
|
||||
|
||||
- name: "Downloads logs to executor"
|
||||
synchronize:
|
||||
src: "{{ logs_dir }}/objects"
|
||||
dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
|
||||
mode: pull
|
||||
ignore_errors: yes
|
39
roles/gather-host-logs/tasks/main.yaml
Normal file
39
roles/gather-host-logs/tasks/main.yaml
Normal file
@ -0,0 +1,39 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: "creating directory for system status"
|
||||
file:
|
||||
path: "{{ logs_dir }}/system"
|
||||
state: directory
|
||||
|
||||
- name: "Get logs for each host"
|
||||
become: yes
|
||||
shell: |-
|
||||
set -x
|
||||
systemd-cgls --full --all --no-pager > {{ logs_dir }}/system/systemd-cgls.txt
|
||||
ip addr > {{ logs_dir }}/system/ip-addr.txt
|
||||
ip route > {{ logs_dir }}/system/ip-route.txt
|
||||
lsblk > {{ logs_dir }}/system/lsblk.txt
|
||||
mount > {{ logs_dir }}/system/mount.txt
|
||||
docker images > {{ logs_dir }}/system/docker-images.txt
|
||||
brctl show > {{ logs_dir }}/system/brctl-show.txt
|
||||
ps aux --sort=-%mem > {{ logs_dir }}/system/ps.txt
|
||||
args:
|
||||
executable: /bin/bash
|
||||
ignore_errors: True
|
||||
|
||||
- name: "Downloads logs to executor"
|
||||
synchronize:
|
||||
src: "{{ logs_dir }}/system"
|
||||
dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
|
||||
mode: pull
|
||||
ignore_errors: True
|
54
roles/gather-pod-logs/tasks/main.yaml
Normal file
54
roles/gather-pod-logs/tasks/main.yaml
Normal file
@ -0,0 +1,54 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: "creating directory for pod logs"
|
||||
file:
|
||||
path: "{{ logs_dir }}/pod-logs"
|
||||
state: directory
|
||||
|
||||
- name: "retrieve all container logs"
|
||||
shell: |-
|
||||
set -e
|
||||
PARALLELISM_FACTOR=2
|
||||
function get_namespaces () {
|
||||
kubectl get namespaces -o name | awk -F '/' '{ print $NF }'
|
||||
}
|
||||
function get_pods () {
|
||||
NAMESPACE=$1
|
||||
kubectl get pods -n ${NAMESPACE} -o name --show-all | awk -F '/' '{ print $NF }' | xargs -L1 -P 1 -I {} echo ${NAMESPACE} {}
|
||||
}
|
||||
export -f get_pods
|
||||
function get_pod_logs () {
|
||||
NAMESPACE=${1% *}
|
||||
POD=${1#* }
|
||||
INIT_CONTAINERS=$(kubectl get pod $POD -n ${NAMESPACE} -o json | jq -r '.spec.initContainers[]?.name')
|
||||
CONTAINERS=$(kubectl get pod $POD -n ${NAMESPACE} -o json | jq -r '.spec.containers[].name')
|
||||
for CONTAINER in ${INIT_CONTAINERS} ${CONTAINERS}; do
|
||||
echo "${NAMESPACE}/${POD}/${CONTAINER}"
|
||||
mkdir -p "{{ logs_dir }}/pod-logs/${NAMESPACE}/${POD}"
|
||||
kubectl logs ${POD} -n ${NAMESPACE} -c ${CONTAINER} > "{{ logs_dir }}/pod-logs/${NAMESPACE}/${POD}/${CONTAINER}.txt"
|
||||
done
|
||||
}
|
||||
export -f get_pod_logs
|
||||
get_namespaces | \
|
||||
xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_pods "$@"' _ {} | \
|
||||
xargs -r -n 2 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_pod_logs "$@"' _ {}
|
||||
args:
|
||||
executable: /bin/bash
|
||||
ignore_errors: True
|
||||
|
||||
- name: "Downloads logs to executor"
|
||||
synchronize:
|
||||
src: "{{ logs_dir }}/pod-logs"
|
||||
dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
|
||||
mode: pull
|
||||
ignore_errors: True
|
44
roles/gather-prom-metrics/tasks/main.yaml
Normal file
44
roles/gather-prom-metrics/tasks/main.yaml
Normal file
@ -0,0 +1,44 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: "creating directory for helm release descriptions"
|
||||
file:
|
||||
path: "{{ logs_dir }}/prometheus"
|
||||
state: directory
|
||||
|
||||
- name: "Get prometheus metrics from exporters in all namespaces"
|
||||
shell: |-
|
||||
set -e
|
||||
NAMESPACES=$(kubectl get namespaces -o json | jq -r '.items[].metadata.name')
|
||||
for NS in $NAMESPACES; do
|
||||
SERVICES=$(kubectl get svc -l component=metrics -n $NS -o json | jq -r '.items[].metadata.name')
|
||||
for SVC in $SERVICES; do
|
||||
PORT=$(kubectl get svc $SVC -n $NS -o json | jq -r '.spec.ports[].port')
|
||||
curl "$SVC.$NS:$PORT/metrics" >> "{{ logs_dir }}"/prometheus/$NS-$SVC.txt
|
||||
done
|
||||
done
|
||||
args:
|
||||
executable: /bin/bash
|
||||
|
||||
- name: "Get prometheus metrics from tiller-deploy"
|
||||
shell: |-
|
||||
set -e
|
||||
curl tiller-deploy.kube-system:44135/metrics >> "{{ logs_dir }}"/prometheus/kube-system-tiller-deploy.txt
|
||||
args:
|
||||
executable: /bin/bash
|
||||
|
||||
- name: "Downloads logs to executor"
|
||||
synchronize:
|
||||
src: "{{ logs_dir }}/prometheus"
|
||||
dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
|
||||
mode: pull
|
||||
ignore_errors: True
|
44
roles/helm-release-status/tasks/main.yaml
Normal file
44
roles/helm-release-status/tasks/main.yaml
Normal file
@ -0,0 +1,44 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: "creating directory for helm release status"
|
||||
file:
|
||||
path: "{{ logs_dir }}/helm"
|
||||
state: directory
|
||||
|
||||
- name: "retrieve all deployed charts"
|
||||
shell: |-
|
||||
set -e
|
||||
helm ls --short
|
||||
args:
|
||||
executable: /bin/bash
|
||||
register: helm_releases
|
||||
|
||||
- name: "Gather get release status for helm charts"
|
||||
shell: |-
|
||||
set -e
|
||||
helm status {{ helm_released }} >> {{ logs_dir }}/helm/{{ helm_release }}.txt
|
||||
args:
|
||||
executable: /bin/bash
|
||||
ignore_errors: True
|
||||
vars:
|
||||
helm_release: "{{ helm_released }}"
|
||||
loop_control:
|
||||
loop_var: helm_released
|
||||
with_items: "{{ helm_releases.stdout_lines }}"
|
||||
|
||||
- name: "Downloads logs to executor"
|
||||
synchronize:
|
||||
src: "{{ logs_dir }}/helm"
|
||||
dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
|
||||
mode: pull
|
||||
ignore_errors: True
|
26
roles/pull-images/tasks/main.yaml
Normal file
26
roles/pull-images/tasks/main.yaml
Normal file
@ -0,0 +1,26 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Ensure docker python packages deployed
|
||||
include_role:
|
||||
name: deploy-package
|
||||
tasks_from: pip
|
||||
vars:
|
||||
packages:
|
||||
- yq
|
||||
|
||||
- name: pull all images used in repo
|
||||
make:
|
||||
chdir: "{{ work_dir }}"
|
||||
target: pull-all-images
|
29
roles/setup-firewall/tasks/main.yaml
Normal file
29
roles/setup-firewall/tasks/main.yaml
Normal file
@ -0,0 +1,29 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
#NOTE(portdirect): This needs refinement but drops the firewall on zuul nodes
|
||||
- name: deploy iptables packages
|
||||
include_role:
|
||||
name: deploy-package
|
||||
tasks_from: dist
|
||||
vars:
|
||||
packages:
|
||||
deb:
|
||||
- iptables
|
||||
rpm:
|
||||
- iptables
|
||||
- command: iptables -S
|
||||
- command: iptables -F
|
||||
- command: iptables -P INPUT ACCEPT
|
||||
- command: iptables -S
|
42
roles/upgrade-host/tasks/main.yaml
Normal file
42
roles/upgrade-host/tasks/main.yaml
Normal file
@ -0,0 +1,42 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Upgrade to HWE kernel on Ubuntu Hosts
|
||||
when: ansible_distribution == 'Ubuntu'
|
||||
block:
|
||||
- name: Deploy HWE kernel on Ubuntu Hosts
|
||||
include_role:
|
||||
name: deploy-package
|
||||
tasks_from: dist
|
||||
vars:
|
||||
packages:
|
||||
deb:
|
||||
- linux-generic-hwe-16.04
|
||||
- name: Reboot Host following kernel upgrade
|
||||
shell: sleep 2 && reboot
|
||||
sudo: yes
|
||||
async: 30
|
||||
poll: 0
|
||||
ignore_errors: true
|
||||
args:
|
||||
executable: /bin/bash
|
||||
- name: Wait for hosts to come up following reboot
|
||||
wait_for:
|
||||
host: '{{ hostvars[item].ansible_host }}'
|
||||
port: 22
|
||||
state: started
|
||||
delay: 60
|
||||
timeout: 240
|
||||
with_items: '{{ play_hosts }}'
|
||||
connection: local
|
@ -94,7 +94,7 @@ function dump_logs () {
|
||||
trap 'dump_logs "$?"' ERR
|
||||
|
||||
for PLAYBOOK in ${PLAYBOOKS}; do
|
||||
ansible-playbook ${WORK_DIR}/tools/gate/playbooks/${PLAYBOOK}.yaml \
|
||||
ansible-playbook ${WORK_DIR}/playbooks/${PLAYBOOK}.yaml \
|
||||
-i ${INVENTORY} \
|
||||
--extra-vars=@${VARS} \
|
||||
--extra-vars "work_dir=${WORK_DIR}"
|
||||
|
Loading…
x
Reference in New Issue
Block a user