commit 0a7cdbb14063b72dfe15a18279e47cc3a62a55be
author David K. Bainbridge <dbainbri@ciena.com> Fri Jul 14 11:36:13 2017 -0700
committer David K. Bainbridge <dbainbri@ciena.com> Tue Jul 18 12:00:44 2017 -0700
tree 7578350c348a7cc9791358ce83e29be46a3f312b
parent 8e53d82cdf22c3935f947c6f4f3689a04facd165

CORD-1551 - updated maas makefiles and multi-stage dockerfile

Change-Id: I0bab86e0207edb12f553ddcfe040882f04f34f25

roles/compute-node/defaults/main.yml

diff --git a/roles/compute-node/defaults/main.yml b/roles/compute-node/defaults/main.yml
index 8bb3905..1b224a1 100644
--- a/roles/compute-node/defaults/main.yml
+++ b/roles/compute-node/defaults/main.yml
@@ -1,6 +1,7 @@
 ---
 
-pub_ssh_key: "{{ lookup('file', '/etc/maas/.ssh/cord_rsa.pub') }}"
+pub_ssh_key_file_location: "{{ pub_ssh_key_location | default ('/etc/maas/.ssh') }}"
+pub_ssh_key: "{{ lookup('file', pub_ssh_key_file_location+'/cord_rsa.pub') }}"
 
 compute_node:
     password: "{{password_compute_node | default(lookup('password', 'passwords/compute_node.txt chars=ascii_letters,digits'))}}"

roles/compute-node/files/remove-maas-components

diff --git a/roles/compute-node/files/remove-maas-components b/roles/compute-node/files/remove-maas-components
index 5adf79e..f3b09e7 100755
--- a/roles/compute-node/files/remove-maas-components
+++ b/roles/compute-node/files/remove-maas-components
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 KEEP_DOCKER=0
-DOCKER_ENGINE="docker-engine"
+DOCKER_ENGINE="docker-ce"
 DOCKER_REGISTRY="/docker-registry /docker-registry-mirror"
 CONTAINER_LIST=$(docker ps -qa)
 
@@ -17,15 +17,11 @@
     shift
 done
 
-CONTAINER_LIST=$(docker ps --format '{{.ID}} {{.Names}}' | grep -v ' registry$' | grep -v ' registry-mirror$' | awk '{print $1}')
-
-docker kill $CONTAINER_LIST
-docker rm -f $CONTAINER_LIST
-if [ $KEEP_DOCKER -eq 0 ]; then
-    docker rmi -f $(docker images -aq)
-fi
-
-sudo apt-get remove --purge -y bind9 apache2 $DOCKER_ENGINE ansible $(dpkg --get-selections | grep maas | cut -f1)
+docker rm -f $(docker ps -aq)
+docker rmi -f $(docker images -q)
+docker volume rm -f $(docker volume ls -q)
+docker network rm $(docker network ls -q)
+sudo apt-get remove --purge -y bind9 apache2 apt-cacher-ng $DOCKER_ENGINE ansible $(dpkg --get-selections | grep maas | cut -f1)
 
 sudo rm -rf \
     /etc/maas \
@@ -41,6 +37,7 @@
     /etc/apt/sources.list.d/ppa_maas_stable_trusty.list \
     /etc/apt/sources.list.d/ppa_ansible_ansible_trusty.list \
     /etc/network/if-pre-up.d/nat \
+    /etc/apt/apt.conf.d/03apt-cacher-ng \
     $DOCKER_REGISTRY
 
 sudo apt-get update -y

roles/compute-node/files/remove-xos-components

diff --git a/roles/compute-node/files/remove-xos-components b/roles/compute-node/files/remove-xos-components
index 2f2cf07..d18eebe 100755
--- a/roles/compute-node/files/remove-xos-components
+++ b/roles/compute-node/files/remove-xos-components
@@ -24,6 +24,12 @@
 
 sudo apt-get remove --purge -y $(dpkg --get-selections | grep "nagioas\|juju\|nova\|neutron" | awk '{print $1}') &&sudo apt-get autoremove -y && sudo rm -rf /etc/juju /etc/neutron /home/ubuntu/.juju && sudo find / -name "*juju*" -exec rm -r \{\} \; && sudo rm -f /var/lib/uvtool/libvirt/images/*
 
+sudo rm -rf \
+    /opt/cord* \
+    /opt/onos_* \
+    /opt/credentials \
+    /opt/images
+
 OVS=$(which ovs-vsctl)
 
 if [ ! -z $OVS ]; then

roles/compute-node/tasks/main.yml

diff --git a/roles/compute-node/tasks/main.yml b/roles/compute-node/tasks/main.yml
index fe2b1ae..fb5b9bb 100644
--- a/roles/compute-node/tasks/main.yml
+++ b/roles/compute-node/tasks/main.yml
@@ -108,7 +108,7 @@
 - name: Ensure SSH Key Pair
   become: yes
   copy:
-    src: "/etc/maas/.ssh/{{item.src}}"
+    src: "{{pub_ssh_key_file_location}}/{{item.src}}"
     dest: "{{ansible_env['PWD']}}/.ssh/{{item.dest}}"
     owner: "{{ ansible_user_id }}"
     group: "docker"

roles/fabric-switch/defaults/main.yml

diff --git a/roles/fabric-switch/defaults/main.yml b/roles/fabric-switch/defaults/main.yml
index d63e3ab..c43e606 100644
--- a/roles/fabric-switch/defaults/main.yml
+++ b/roles/fabric-switch/defaults/main.yml
@@ -1 +1,2 @@
-pub_ssh_key: "{{ lookup('file', '/etc/maas/.ssh/cord_rsa.pub') }}"
+pub_ssh_key_file_location: "{{ pub_ssh_key_location | default ('/etc/maas/.ssh') }}"
+pub_ssh_key: "{{ lookup('file', pub_ssh_key_file_location+'/cord_rsa.pub') }}"

roles/head-node/tasks/main.yml

diff --git a/roles/head-node/tasks/main.yml b/roles/head-node/tasks/main.yml
index 04a7e8c..8cd1f9a 100644
--- a/roles/head-node/tasks/main.yml
+++ b/roles/head-node/tasks/main.yml
@@ -131,7 +131,7 @@
 - name: Copy SSH Key Pair for POD
   become: yes
   copy:
-    src: /etc/maas/.ssh/{{item}}
+    src: "{{pub_ssh_key_file_location}}/{{item}}"
     dest: /etc/maas/.ssh/{{item}}
     owner: maas
     group: maas

roles/maas/defaults/main.yml

diff --git a/roles/maas/defaults/main.yml b/roles/maas/defaults/main.yml
index 266dc98..7d677a8 100644
--- a/roles/maas/defaults/main.yml
+++ b/roles/maas/defaults/main.yml
@@ -2,6 +2,7 @@
 
 accton_as5712_54x: 'https://www.dropbox.com/s/pl3cvr9olnaufw5/ONL-2.0.0_ONL-OS_2017-01-04.0024-8d23df5_AMD64_INSTALLED_INSTALLER'
 accton_as6712_32x: 'https://www.dropbox.com/s/pl3cvr9olnaufw5/ONL-2.0.0_ONL-OS_2017-01-04.0024-8d23df5_AMD64_INSTALLED_INSTALLER'
+pub_ssh_key_file_location: "{{ pub_ssh_key_location | default ('/etc/maas/.ssh') }}"
 
 virtualbox:
     # CHANGE:
@@ -18,7 +19,7 @@
     user: "{{ maas_user | default('cord') }}"
     user_password: "{{ password_maas_user | default(lookup('password', 'passwords/maas_user.txt chars=ascii_letters,digits')) }}"
     user_email: "{{ maas_email | default('cord@cord.lab') }}"
-    user_sshkey: "{{ lookup('file', '/etc/maas/.ssh/cord_rsa.pub') }}"
+    user_sshkey: "{{ lookup('file', pub_ssh_key_file_location+'/cord_rsa.pub') }}"
 
     # CHANGE:
     #   'domain' specifies the domain name configured in to MAAS

roles/maas/tasks/main.yml

diff --git a/roles/maas/tasks/main.yml b/roles/maas/tasks/main.yml
index bb6aab9..915ae27 100644
--- a/roles/maas/tasks/main.yml
+++ b/roles/maas/tasks/main.yml
@@ -43,12 +43,12 @@
     state: absent
   with_items:
     - { name: "storage", image: "docker-registry:5000/consul:{{ docker.tag }}" }
-    - { name: "allocator", image: "docker-registry:5000/cord-ip-allocator:{{ docker.tag }}" }
-    - { name: "provisioner", image: "docker-registry:5000/cord-provisioner:{{ docker.tag }}" }
+    - { name: "allocator", image: "docker-registry:5000/cord-maas-allocator:{{ docker.tag }}" }
+    - { name: "provisioner", image: "docker-registry:5000/cord-maas-provisioner:{{ docker.tag }}" }
     - { name: "switchq", image: "docker-registry:5000/cord-maas-switchq:{{ docker.tag }}" }
     - { name: "automation", image: "docker-registry:5000/cord-maas-automation:{{ docker.tag }}" }
-    - { name: "generator", image: "docker-registry:5000/config-generator:{{ docker.tag }}" }
-    - { name: "harvester", image: "docker-registry:5000/cord-dhcp-harvester:{{ docker.tag }}" }
+    - { name: "generator", image: "docker-registry:5000/cord-maas--generator:{{ docker.tag }}" }
+    - { name: "harvester", image: "docker-registry:5000/cord-maas-harvester:{{ docker.tag }}" }
 
 - name: MAAS Repository
   become: yes
@@ -129,6 +129,11 @@
   register: maas_user_exists
   changed_when: false
 
+- name: Debug
+  become: yes
+  debug:
+    msg: "USER: {{maas.user}} and {{maas.user_password}} and {{maas_user_exists.stdout}}"
+
 - name: MAAS User
   become: yes
   command: maas-region-admin createadmin --username={{ maas.user }} --password={{ maas.user_password }} --email={{ maas.user_email }}

roles/maas/templates/automation-compose.yml.j2

diff --git a/roles/maas/templates/automation-compose.yml.j2 b/roles/maas/templates/automation-compose.yml.j2
index 1644c11..83e96bd 100644
--- a/roles/maas/templates/automation-compose.yml.j2
+++ b/roles/maas/templates/automation-compose.yml.j2
@@ -15,7 +15,7 @@
     restart: unless-stopped
 
   allocator:
-    image: "docker-registry:5000/cord-ip-allocator:{{ docker.tag }}"
+    image: "docker-registry:5000/opencord/maas-allocator:{{ docker.tag }}"
     container_name: allocator
     ports:
       - "4242:4242"
@@ -35,7 +35,7 @@
     restart: unless-stopped
 
   provisioner:
-    image: "docker-registry:5000/cord-provisioner:{{ docker.tag }}"
+    image: "docker-registry:5000/opencord/maas-provisioner:{{ docker.tag }}"
     container_name: provisioner
     dns: {{ mgmt_ip_address.stdout }}
     ports:
@@ -68,7 +68,7 @@
     restart: unless-stopped
 
   switchq:
-    image: "docker-registry:5000/cord-maas-switchq:{{ docker.tag }}"
+    image: "docker-registry:5000/opencord/maas-switchq:{{ docker.tag }}"
     container_name: switchq
     ports:
       - "4244:4244"
@@ -93,7 +93,7 @@
     restart: unless-stopped
 
   automation:
-    image: "docker-registry:5000/cord-maas-automation:{{ docker.tag }}"
+    image: "docker-registry:5000/opencord/maas-automation:{{ docker.tag }}"
     container_name: automation
     labels:
       - "lab.solution=CORD"
@@ -127,7 +127,7 @@
     restart: unless-stopped
 
   harvester:
-      image: "docker-registry:5000/cord-dhcp-harvester:{{ docker.tag }}"
+      image: "docker-registry:5000/opencord/maas-harvester:{{ docker.tag }}"
       container_name: harvester
       restart: always
       labels:
@@ -157,7 +157,7 @@
       restart: unless-stopped
 
   generator:
-    image: "docker-registry:5000/config-generator:{{ docker.tag }}"
+    image: "docker-registry:5000/opencord/maas-generator:{{ docker.tag }}"
     container_name: generator
     ports:
       - "4245:4245"

roles/ssh-key/defaults/main.yml

diff --git a/roles/ssh-key/defaults/main.yml b/roles/ssh-key/defaults/main.yml
new file mode 100644
index 0000000..309b31c
--- /dev/null
+++ b/roles/ssh-key/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+pub_ssh_key_file_location: "{{ pub_ssh_key_location | default ('/etc/maas/.ssh') }}"

roles/ssh-key/tasks/main.yml

diff --git a/roles/ssh-key/tasks/main.yml b/roles/ssh-key/tasks/main.yml
index ee20ce3..44ce66e 100644
--- a/roles/ssh-key/tasks/main.yml
+++ b/roles/ssh-key/tasks/main.yml
@@ -19,3 +19,24 @@
     key: "{{lookup('file', '~/.ssh/id_rsa.pub')}}"
   tags:
     - establish_ssh_keys
+
+- name: Ensure key pair storage
+  become: yes
+  local_action: file path={{pub_ssh_key_file_location}} mode="0755" state=directory
+
+- name: Validate existing key pair
+  become: yes
+  local_action: stat path={{pub_ssh_key_file_location}}/cord_rsa
+  register: key_pair
+
+- name: Generate key pair
+  become: yes
+  local_action: command ssh-keygen -b 2048 -t rsa -N "" -C cord@cord.lab -f {{pub_ssh_key_file_location}}/cord_rsa
+  when: not key_pair.stat.exists
+
+- name: Ensure privacy of key pair
+  become: yes
+  local_action: file path="{{pub_ssh_key_file_location}}/{{item.name}}" mode="{{item.mode}}"
+  with_items:
+    - { "name": "cord_rsa", "mode": "0644" }
+    - { "name": "cord_rsa.pub", "mode": "0644" }