updated the repo to be in sync with the automation on the cord uber repo
Change-Id: Id8619f662719d73a2ca80cf0cca7f1665fbd267a
diff --git a/Vagrantfile b/Vagrantfile
index e17000f..8912e0f 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -22,40 +22,47 @@
config.vm.define "prod" do |d|
d.vm.box = "ubuntu/trusty64"
+ d.vm.synced_folder '.', '/vagrant', disable: true
d.vm.hostname = "prod"
d.vm.network "private_network", ip: "10.100.198.201"
+ d.vm.network "private_network", ip: "10.1.0.1", virtualbox__intnet: "cord-test-network"
d.vm.provider "virtualbox" do |v|
- v.memory = 1024
- end
- end
-
- config.vm.define "headnode" do |h|
- h.vm.box = "ubuntu/trusty64"
- h.vm.hostname = "headnode"
- h.vm.network "private_network",
- ip: "10.100.198.202"
- h.vm.network "private_network",
- ip: "10.6.0.1",
- virtualbox__intnet: "cord-test-network"
- h.vm.provider "virtualbox" do |v|
v.memory = 2048
end
end
- config.vm.define "computenode" do |c|
- #c.vm.box = "ubuntu/trusty64"
- c.vm.box = "clink15/pxe"
- c.vm.synced_folder '.', '/vagrant', disable: true
- c.vm.communicator = "none"
- c.vm.hostname = "computenode"
- c.vm.network "private_network",
- adapter: "1",
- type: "dhcp",
- auto_config: false,
- virtualbox__intnet: "cord-test-network"
- c.vm.provider "virtualbox" do |v|
+ config.vm.define "switch" do |s|
+ s.vm.box = "ubuntu/trusty64"
+ s.vm.hostname = "fakeswitch"
+ s.vm.network "private_network", ip: "10.100.198.253"
+ s.vm.network "private_network",
+ type: "dhcp",
+ virtualbox__intnet: "cord-test-network",
+ mac: "cc37ab000001"
+ s.vm.provision :shell, path: "scripts/bootstrap_ansible.sh"
+ s.vm.provision :shell, inline: "PYTHONUNBUFFERED=1 ansible-playbook /maasdev/ansible/fakeswitch.yml -c local"
+ s.vm.provider "virtualbox" do |v|
v.memory = 1048
- v.gui = "true"
+ v.name = "fakeswitch"
+ end
+ end
+
+ (1..3).each do |i|
+ config.vm.define "compute_node#{i}" do |c|
+ c.vm.box = "clink15/pxe"
+ c.vm.synced_folder '.', '/vagrant', disable: true
+ c.vm.communicator = "none"
+ c.vm.hostname = "computenode"
+ c.vm.network "private_network",
+ adapter: "1",
+ type: "dhcp",
+ auto_config: false,
+ virtualbox__intnet: "cord-test-network"
+ c.vm.provider "virtualbox" do |v|
+ v.name = "compute_node#{i}"
+ v.memory = 1048
+ v.gui = "true"
+ end
end
end
diff --git a/ansible/fakeswitch.yml b/ansible/fakeswitch.yml
new file mode 100644
index 0000000..c3d39af
--- /dev/null
+++ b/ansible/fakeswitch.yml
@@ -0,0 +1,6 @@
+- hosts: localhost
+ remote_user: vagrant
+ serial: 1
+ roles:
+ - common
+ - fakeswitch
diff --git a/ansible/host_vars/10.100.198.200 b/ansible/host_vars/10.100.198.200
index 48505cb..7572e8d 100644
--- a/ansible/host_vars/10.100.198.200
+++ b/ansible/host_vars/10.100.198.200
@@ -1 +1 @@
-ansible_ssh_private_key_file: /opencord/.vagrant/machines/cd/virtualbox/private_key
+ansible_ssh_private_key_file: /maasdev/.vagrant/machines/maasdev/virtualbox/private_key
diff --git a/ansible/roles/common/defaults/main.yml b/ansible/roles/common/defaults/main.yml
index 4ccfffb..7eaf4c7 100644
--- a/ansible/roles/common/defaults/main.yml
+++ b/ansible/roles/common/defaults/main.yml
@@ -1,8 +1,13 @@
hosts: [
- { host_ip: "10.100.198.200", host_name: "corddev"},
+ { host_ip: "10.100.198.200", host_name: "maasdev"},
{ host_ip: "10.100.198.201", host_name: "prod"},
]
+use_latest_for:
+ - debian-keyring
+ - debian-archive-keyring
+ - rng-tools
+
obsolete_services:
- puppet
- chef-client
diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml
index 13d39fe..0ad01a7 100644
--- a/ansible/roles/common/tasks/main.yml
+++ b/ansible/roles/common/tasks/main.yml
@@ -1,21 +1,3 @@
-- name: Ensure SSH Directory
- file:
- path: /home/{{ ansible_user }}/.ssh
- state: directory
- owner: "{{ ansible_user }}"
- group: "{{ ansible_user }}"
- mode: 0700
- tags: [common]
-
-- name: Ignore Known Hosts for SSH
- copy:
- src: files/ssh-config
- dest: /home/{{ ansible_user }}/.ssh/config
- owner: "{{ ansible_user }}"
- group: "{{ ansible_user }}"
- mode: 0600
- tags: [common]
-
- name: JQ is present
apt:
name: jq
@@ -30,6 +12,12 @@
with_items: hosts
tags: [common]
+- name: Latest apt packages
+ apt:
+ name: "{{ item }}"
+ with_items: use_latest_for
+ tags: [common]
+
- name: Services are not running
service:
name: "{{ item }}"
@@ -37,3 +25,28 @@
ignore_errors: yes
with_items: obsolete_services
tags: [common]
+
+- name: Ensure SSH Directory
+ file:
+ path: /home/{{ ansible_user }}/.ssh
+ state: directory
+ owner: "{{ ansible_user }}"
+ group: "{{ ansible_user }}"
+ mode: 0700
+ tags: [common]
+
+- name: Ensure known_hosts file is absent
+ file:
+ path: /home/vagrant/.ssh/known_hosts
+ state: absent
+ tags: [common]
+
+- name: Ignore Known Hosts for SSH
+ copy:
+ src: files/ssh-config
+ dest: /home/{{ ansible_user }}/.ssh/config
+ owner: "{{ ansible_user }}"
+ group: "{{ ansible_user }}"
+ mode: 0600
+ tags: [common]
+
diff --git a/ansible/roles/docker/templates/docker.cfg b/ansible/roles/docker/templates/docker.cfg
index ac03f17..7dfff7b 100644
--- a/ansible/roles/docker/templates/docker.cfg
+++ b/ansible/roles/docker/templates/docker.cfg
@@ -1 +1,3 @@
-DOCKER_OPTS="$DOCKER_OPTS --insecure-registry 10.100.198.200:5000 -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --registry-mirror=http://10.100.198.200:5001"
\ No newline at end of file
+DOCKER_OPTS="$DOCKER_OPTS --insecure-registry 10.100.198.200:5000 -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --registry-mirror=http://10.100.198.200:5001"
+DOCKER_OPTS="$DOCKER_OPTS --insecure-registry 10.100.198.201:5000"
+
diff --git a/ansible/roles/fakeswitch/files/persist b/ansible/roles/fakeswitch/files/persist
new file mode 100755
index 0000000..d032e90
--- /dev/null
+++ b/ansible/roles/fakeswitch/files/persist
@@ -0,0 +1,3 @@
+#!/bin/bash
+echo "persist"
+exit 0
diff --git a/ansible/roles/fakeswitch/files/savepersist b/ansible/roles/fakeswitch/files/savepersist
new file mode 100755
index 0000000..50d503b
--- /dev/null
+++ b/ansible/roles/fakeswitch/files/savepersist
@@ -0,0 +1,3 @@
+#!/bin/bash
+echo "savepersist"
+exit 0
diff --git a/ansible/roles/fakeswitch/tasks/main.yml b/ansible/roles/fakeswitch/tasks/main.yml
new file mode 100644
index 0000000..39879e9
--- /dev/null
+++ b/ansible/roles/fakeswitch/tasks/main.yml
@@ -0,0 +1,43 @@
+- name: Ensure Root User
+ become: yes
+ user:
+ name: root
+ password: '$6$o5YKQzd9CIadXU$KPaV6CcDd1XPr4cO.dRnWnMnrZl9mBEM84Pfhp9b1v6fLWHdoQ1gPJ4qa0lGvxpukcWtWtwiZezi3JWisMd4D.'
+
+- name: Ensure Directories
+ become: yes
+ file:
+ path: "{{ item }}"
+ owner: root
+ group: root
+ mode: 0755
+ state: directory
+ with_items:
+ - /mnt/flash2
+ - /etc/accton
+
+- name: Ensure Commands
+ become: yes
+ template:
+ src: files/{{ item }}
+ dest: /usr/bin/{{ item }}
+ owner: root
+ group: root
+ mode: 0755
+ with_items:
+ - persist
+ - savepersist
+
+- name: Ensure Root SSH
+ become: yes
+ lineinfile:
+ dest: "/etc/ssh/sshd_config"
+ regexp: "^PermitRootLogin"
+ line: "PermitRootLogin yes"
+
+- name: Ensure SSH Config
+ become: yes
+ service:
+ name: ssh
+ state: restarted
+ #failed_when: false
diff --git a/build.gradle b/build.gradle
index ed2d757..53d0ea2 100644
--- a/build.gradle
+++ b/build.gradle
@@ -13,10 +13,32 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
+import org.opencord.gradle.rules.*
import org.yaml.snakeyaml.Yaml
+allprojects {
+ apply plugin: 'base'
+ apply plugin: 'de.gesellix.docker'
+ //apply plugin: 'com.tmiyamon.config'
+
+ docker {
+ // dockerHost = System.env.DOCKER_HOST ?: 'unix:///var/run/docker.sock'
+ // dockerHost = System.env.DOCKER_HOST ?: 'https://192.168.99.100:2376'
+ // certPath = System.getProperty('docker.cert.path') ?: "${System.getProperty('user.home')}/.docker/machine/machines/default"
+ // authConfigPlain = [
+ // "username" : "joe",
+ // "password" : "some-pw-as-needed",
+ // "email" : "joe@acme.com",
+ // "serveraddress" : "https://index.docker.io/v1/"
+ // ]
+ }
+}
+
ext {
+ // Upstream registry to simplify filling out the comps table below
+ upstreamReg = project.hasProperty('upstreamReg') ? project.getProperty('upstreamReg') : 'docker.io'
+
// Target registry to be used to publish docker images needed for deployment
targetReg = project.hasProperty('targetReg') ? project.getProperty('targetReg') : 'localhost:5000'
@@ -28,6 +50,19 @@
deployConfig = project.hasProperty('deployConfig') ? project.getProperty('deployConfig') : './config/default.yml'
dockerPath = project.hasProperty('dockerPath') ? project.getProperty('dockerPath') : '/usr/bin'
+
+ comps = [
+ 'consul': [
+ 'type': 'image',
+ 'upstream': upstreamReg,
+ 'name': 'consul',
+ 'digest': 'sha256:0dc990ff3c44d5b5395475bcc5ebdae4fc8b67f69e17942a8b9793b3df74d290'
+ ]
+ ]
+}
+
+task fetchUpstreamImages {
+ comps.each { name, spec -> if (spec.type == 'image') { dependsOn "fetch" + name } }
}
// Switch Configuration Image
@@ -128,10 +163,15 @@
// ~~~~~~~~~~~~~~~~~~~ Global tasks ~~~~~~~~~~~~~~~~~~~~~~~
+task updateDocker (type: Exec) {
+ commandLine 'sudo', 'utils/enable-remote-docker-registry', "$targetReg"
+}
+
// To be used to fetch upstream binaries, clone repos, etc.
task fetch(type: Exec) {
// this is where we fetch upstream artifacts that we do not need internet for the build phase"
// Placeholdr example:
+ dependsOn fetchUpstreamImages
commandLine "$dockerPath/docker", "pull", "golang:alpine"
commandLine "$dockerPath/docker", "pull", "python:2.7-alpine"
}
@@ -157,6 +197,7 @@
}
task publish {
+ comps.each { name, spec -> if (spec.type == 'image') { dependsOn "publish" + name } }
dependsOn publishBootstrapImage
dependsOn publishHarvesterImage
dependsOn publishAutomationImage
@@ -165,6 +206,10 @@
dependsOn publishSwitchqImage
}
+tasks.addRule(new DockerFetchRule(project))
+tasks.addRule(new DockerPublishRule(project))
+tasks.addRule(new DockerTagRule(project))
+
// ~~~~~~~~~~~~~~~~~~~ Deployment / Test Tasks ~~~~~~~~~~~~~~~~~~~~~~~
List.metaClass.asParam = { prefix, sep ->
@@ -197,6 +242,7 @@
}
task prime (type: Exec) {
+ dependsOn updateDocker
println "Using deployment config: $deployConfig"
File configFile = new File(deployConfig)
def yaml = new Yaml()
diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle
index e73afbe..cbb6652 100644
--- a/buildSrc/build.gradle
+++ b/buildSrc/build.gradle
@@ -25,7 +25,7 @@
dependencies {
compile gradleApi()
compile localGroovy()
- //compile 'de.gesellix:gradle-docker-plugin:2016-05-05T13-15-11'
+ compile 'de.gesellix:gradle-docker-plugin:2016-05-05T13-15-11'
compile 'org.yaml:snakeyaml:1.10'
//compile 'gradle.plugin.com.tmiyamon:gradle-config:0.2.1'
}
diff --git a/buildSrc/src/main/groovy/org/opencord/gradle/rules/DockerFetchRule.groovy b/buildSrc/src/main/groovy/org/opencord/gradle/rules/DockerFetchRule.groovy
new file mode 100644
index 0000000..a9bb91b
--- /dev/null
+++ b/buildSrc/src/main/groovy/org/opencord/gradle/rules/DockerFetchRule.groovy
@@ -0,0 +1,47 @@
+/*
+ * Copyright 2012 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.opencord.gradle.rules
+
+import org.gradle.api.Rule
+import de.gesellix.gradle.docker.tasks.DockerPullTask
+
+
+/**
+ * Gradle Rule class to fetch a docker image
+ */
+class DockerFetchRule implements Rule {
+
+ def project
+
+ DockerFetchRule(project) {
+ this.project = project
+ }
+
+ String getDescription() {
+ 'Rule Usage: fetch<component-name>'
+ }
+
+ void apply(String taskName) {
+ if (taskName.startsWith('fetch')) {
+ project.task(taskName, type: DockerPullTask) {
+ ext.compName = taskName - 'fetch'
+ def spec = project.comps[ext.compName]
+ imageName = spec.name + '@' + spec.digest
+ }
+ }
+ }
+}
diff --git a/buildSrc/src/main/groovy/org/opencord/gradle/rules/DockerPublishRule.groovy b/buildSrc/src/main/groovy/org/opencord/gradle/rules/DockerPublishRule.groovy
new file mode 100644
index 0000000..a1d8164
--- /dev/null
+++ b/buildSrc/src/main/groovy/org/opencord/gradle/rules/DockerPublishRule.groovy
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2012 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.opencord.gradle.rules
+
+import org.gradle.api.Rule
+import de.gesellix.gradle.docker.tasks.DockerPushTask
+
+
+/**
+ * Gradle Rule class to publish (push) a docker image to a private repo
+ */
+class DockerPublishRule implements Rule {
+
+ def project
+
+ DockerPublishRule(project) {
+ this.project = project
+ }
+
+ String getDescription() {
+ 'Rule Usage: publish<component-name>'
+ }
+
+ void apply(String taskName) {
+ if (taskName.startsWith('publish')) {
+ project.task(taskName, type: DockerPushTask) {
+ ext.compName = taskName - 'publish'
+ println "Publish rule: $taskName + $compName"
+ def tagTask = "tag$compName"
+ println "Tagtask: $tagTask"
+ dependsOn tagTask
+ def spec = project.comps[ext.compName]
+ repositoryName = spec.name + ':' + project.targetTag
+ registry = project.targetReg
+ }
+ }
+ }
+}
diff --git a/buildSrc/src/main/groovy/org/opencord/gradle/rules/DockerTagRule.groovy b/buildSrc/src/main/groovy/org/opencord/gradle/rules/DockerTagRule.groovy
new file mode 100644
index 0000000..474e16d
--- /dev/null
+++ b/buildSrc/src/main/groovy/org/opencord/gradle/rules/DockerTagRule.groovy
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2012 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.opencord.gradle.rules
+
+import org.gradle.api.Rule
+import de.gesellix.gradle.docker.tasks.DockerTagTask
+
+
+/**
+ * Gradle Rule class to tag a docker image
+ */
+class DockerTagRule implements Rule {
+
+ def project
+
+ DockerTagRule(project) {
+ this.project = project
+ }
+
+ String getDescription() {
+ 'Rule Usage: tag<component-name>'
+ }
+
+ void apply(String taskName) {
+ if (taskName.startsWith('tag') && !taskName.equals('tag')) {
+ project.task(taskName, type: DockerTagTask) {
+ ext.compName = taskName - 'tag'
+ def spec = project.comps[compName]
+ imageId = spec.name + '@' + spec.digest
+ tag = compName + ':' + project.targetTag
+ }
+ }
+ }
+}
diff --git a/buildSrc/src/main/groovy/org/opencord/gradle/rules/GitSubmoduleUpdateRule.groovy b/buildSrc/src/main/groovy/org/opencord/gradle/rules/GitSubmoduleUpdateRule.groovy
new file mode 100644
index 0000000..3b46424
--- /dev/null
+++ b/buildSrc/src/main/groovy/org/opencord/gradle/rules/GitSubmoduleUpdateRule.groovy
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2012 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.opencord.gradle.rules
+
+import org.gradle.api.Rule
+import org.gradle.api.tasks.Exec
+
+
+/**
+ * Gradle Rule class to fetch a docker image
+ */
+class GitSubmoduleUpdateRule implements Rule {
+
+ def project
+
+ GitSubmoduleUpdateRule(project) {
+ this.project = project
+ }
+
+ String getDescription() {
+ 'Rule Usage: gitupdate<component-name>'
+ }
+
+ void apply(String taskName) {
+ if (taskName.startsWith('gitupdate')) {
+ project.task(taskName, type: Exec) {
+ ext.compName = taskName - 'gitupdate'
+ def spec = project.comps[ext.compName]
+ workingDir = '.'
+ commandLine '/usr/bin/git', 'submodule', 'update', '--init', '--recursive', spec.componentDir
+ }
+ }
+ }
+}
diff --git a/config/default.yml b/config/default.yml
index 4c377a4..0be591e 100644
--- a/config/default.yml
+++ b/config/default.yml
@@ -4,7 +4,7 @@
# via `vargrant up headnode` from the gerrit.opencord.org/maas repository.
---
seedServer:
- ip: '10.100.198.202'
+ ip: '10.100.198.201'
# User name and password used by Ansible to connect to the host for remote
# provisioning
@@ -13,7 +13,7 @@
# Specifies tasks within the head node provisioning not to execute, including:
#
- # switch_support - don't download the switch ONL images as there are no
+ # switch_support - don't download the switch ONL images as there are no
# switches in this configuration
# interface_config - don't update the network configuration of the headnode
# as it is configured by vagrant to the proper settings
@@ -21,20 +21,27 @@
- 'switch_support'
- 'interface_config'
+ management_ip: '10.1.0.1/24'
+ management_iface: 'eth2'
+ external_iface: 'eth0'
+ management_network: '10.1.0.0/24'
+
# Specifies the extra settings required for this configuration
#
# virtualbox_support - install support for managing virtual box based
# compute nodes
- extraVars:
- - 'virtualbox_support=1'
- - 'external_iface=eth0'
+ virtualbox_support: 1
+ power_helper_user: 'cord'
+
+docker:
+ imageVersion: candidate
otherServers:
# Specifies the configuration for dynamically added compute nodes
location: 'http://gerrit.opencord.org/maas'
rolesPath: 'roles'
role: 'compute-node'
-
-docker:
- registry: 'opencord'
- imageVersion: 'latest'
+ fabric:
+ network: '10.1.1.1/24'
+ range_low: '10.1.1.2'
+ range_high: '10.1.1.253'
diff --git a/utils/enable-remote-docker-registry b/utils/enable-remote-docker-registry
new file mode 100755
index 0000000..9492187
--- /dev/null
+++ b/utils/enable-remote-docker-registry
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+PROG=$(basename $0)
+
+HELP=$(echo "$*" | grep "\-h" | wc -w)
+
+if [ $HELP -ne 0 ]; then
+ echo "usage: $PROG <remote-registry>..."
+ exit 1
+fi
+
+LINE="DOCKER_OPTS=\"\$DOCKER_OPTS --insecure-registry $1\""
+
+OUT=$(tempfile)
+cat /etc/default/docker >> $OUT
+CHANGED=0
+while [ $# -gt 0 ]; do
+ FOUND=$(grep "$LINE" /etc/default/docker | wc -l)
+ if [ $FOUND -eq 0 ]; then
+ echo "DOCKER_OPTS=\"\$DOCKER_OPTS --insecure-registry $1\"" >> $OUT
+ CHANGED=1
+ fi
+ shift
+done
+
+if [ $CHANGED -eq 1 ]; then
+ sudo cp $OUT /etc/default/docker
+ sudo service docker restart
+fi
+rm -f $OUT