move onos-cord to head-node container
Change-Id: Idb3e94d54cb03b7ed680ca43d49b0c8f2b6904ad
diff --git a/cord-head-playbook.yml b/cord-head-playbook.yml
index a39ff7a..e84fd0d 100644
--- a/cord-head-playbook.yml
+++ b/cord-head-playbook.yml
@@ -62,7 +62,8 @@
- name: Set up VMs
hosts: head
roles:
- - onos-vm-install
+ - onos-cord-install
+ - onos-fabric-install
- name: Start ONOS and XOS
hosts: head
diff --git a/roles/docker-compose/tasks/main.yml b/roles/docker-compose/tasks/main.yml
index f141a66..85b8c14 100644
--- a/roles/docker-compose/tasks/main.yml
+++ b/roles/docker-compose/tasks/main.yml
@@ -8,41 +8,28 @@
# {{ head_vm_list | selectattr('name', 'equalto', 'onos-cord-1') | list | length }}
# {{ head_vm_list | map(attribute='name') | list | intersect(['onos-cord-1']) | list | length }}
-- name: Wait for onos_setup_playbook to complete
- when: "{{ head_vm_list | map(attribute='name') | list | intersect(['onos-cord-1']) | list | length }}"
- async_status: jid={{ onos_setup_playbook.ansible_job_id }}
- register: onos_setup_playbook_result
- until: onos_setup_playbook_result.finished
- delay: 10
- retries: 120
-
-- name: Copy SSL Certs to ONOS so docker-compose can find it
- when: "{{ head_vm_list | map(attribute='name') | list | intersect(['onos-cord-1']) | list | length }}"
- command: ansible onos-cord-1 -u ubuntu -m copy \
- -a "src=/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt dest=~/cord/xos-certs.crt"
-
-- name: Build ONOS image with docker-compose
- when: "{{ head_vm_list | map(attribute='name') | list | intersect(['onos-cord-1']) | list | length }}"
- command: ansible onos-cord-1 -u ubuntu -m command \
- -a "docker-compose build chdir=cord"
-
-- name: Start ONOS
- when: "{{ head_vm_list | map(attribute='name') | list | intersect(['onos-cord-1']) | list | length }}"
- command: ansible onos-cord-1:onos-fabric-1 -u ubuntu -m command \
- -a "docker-compose up -d chdir=cord"
-
-#- name: Wait for xos_setup_playbook to complete
-# when: "{{ head_vm_list | map(attribute='name') | list | intersect(['xos-1']) | list | length }}"
-# async_status: jid={{ xos_setup_playbook.ansible_job_id }}
-# register: xos_setup_playbook_result
-# until: xos_setup_playbook_result.finished
+#- name: Wait for onos_setup_playbook to complete
+# when: "{{ head_vm_list | map(attribute='name') | list | intersect(['onos-cord-1']) | list | length }}"
+# async_status: jid={{ onos_setup_playbook.ansible_job_id }}
+# register: onos_setup_playbook_result
+# until: onos_setup_playbook_result.finished
# delay: 10
# retries: 120
-#- name: Copy admin-openrc.sh into XOS container
-# when: "{{ head_vm_list | map(attribute='name') | list | intersect(['xos-1']) | list | length }}"
-# command: ansible xos-1 -u ubuntu -m copy \
-# -a "src=~/admin-openrc.sh dest={{ service_profile_repo_dest }}/{{ xos_configuration }}"
+#- name: Copy SSL Certs to ONOS so docker-compose can find it
+# when: "{{ head_vm_list | map(attribute='name') | list | intersect(['onos-cord-1']) | list | length }}"
+# command: ansible onos-cord-1 -u ubuntu -m copy \
+# -a "src=/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt dest=~/cord/xos-certs.crt"
+
+#- name: Build ONOS image with docker-compose
+# when: "{{ head_vm_list | map(attribute='name') | list | intersect(['onos-cord-1']) | list | length }}"
+# command: ansible onos-cord-1 -u ubuntu -m command \
+# -a "docker-compose build chdir=cord"
+
+#- name: Start ONOS
+# when: "{{ head_vm_list | map(attribute='name') | list | intersect(['onos-cord-1']) | list | length }}"
+# command: ansible onos-cord-1:onos-fabric-1 -u ubuntu -m command \
+# -a "docker-compose up -d chdir=cord"
- name: Wait for test client to complete installation
when: test_client_install is defined and test_client_install
diff --git a/roles/juju-setup/templates/cord_juju_config.yml.j2 b/roles/juju-setup/templates/cord_juju_config.yml.j2
index a549769..0ee33a2 100644
--- a/roles/juju-setup/templates/cord_juju_config.yml.j2
+++ b/roles/juju-setup/templates/cord_juju_config.yml.j2
@@ -25,6 +25,7 @@
neutron-api:
neutron-plugin: onosvtn
onos-vtn-ip: onos-cord
+ onos-vtn-port: 8182
neutron-security-groups: "True"
openstack-origin: "cloud:trusty-kilo"
overlay-network-type: vxlan
diff --git a/roles/onos-cord-install/defaults/main.yml b/roles/onos-cord-install/defaults/main.yml
new file mode 100644
index 0000000..b319b19
--- /dev/null
+++ b/roles/onos-cord-install/defaults/main.yml
@@ -0,0 +1,11 @@
+---
+# onos-vm-install/defaults/main.yml
+
+trust_store_pw: 222222
+
+# ONOS 1.7 not tagged yet, but latest is 1.7
+onos_docker_image: "onosproject/onos:latest"
+
+onos_cord_dest: "{{ ansible_user_dir }}/onos-cord/"
+
+node_private_key: "{{ ansible_user_dir }}/node_key"
diff --git a/roles/onos-cord-install/files/onos-cord-docker-compose.yml b/roles/onos-cord-install/files/onos-cord-docker-compose.yml
new file mode 100644
index 0000000..2e6bdf4
--- /dev/null
+++ b/roles/onos-cord-install/files/onos-cord-docker-compose.yml
@@ -0,0 +1,17 @@
+# ONOS with XOS features for docker-compose
+version: '2'
+
+services:
+
+ xos-onos:
+ build:
+ context: .
+ dockerfile: Dockerfile
+ image: xos/onos
+ ports:
+ - "6654:6653"
+ - "8102:8101"
+ - "8182:8181"
+ - "9877:9876"
+ volumes:
+ - ./node_key:/root/node_key:ro
diff --git a/roles/onos-cord-install/tasks/main.yml b/roles/onos-cord-install/tasks/main.yml
new file mode 100644
index 0000000..1393570
--- /dev/null
+++ b/roles/onos-cord-install/tasks/main.yml
@@ -0,0 +1,55 @@
+---
+# Common ONOS setup
+
+# onos_cord_dest: {{ ansible_user_dir }}/onos-cord/
+
+- name: Pull docker image for ONOS
+ become: yes
+ command: "docker pull {{ onos_docker_image }}"
+ tags:
+ - skip_ansible_lint # Should replace with http://docs.ansible.com/ansible/docker_module.html, when replacements are stable
+
+- name: Create dest directory
+ file: path="{{ onos_cord_dest }}" state=directory
+
+- name: Copy over SSH key
+ copy:
+ remote_src: True
+ src: "{{ node_private_key }}"
+ dest: "{{ onos_cord_dest }}/node_key"
+ owner: "{{ ansible_user_id }}"
+ mode: 0600
+
+- name: Create templated ONOS files
+ template:
+ src: "{{ item }}.j2"
+ dest: "{{ onos_cord_dest }}/{{ item }}"
+ with_items:
+ - Dockerfile
+ - onos-service
+
+- name: Copy over ONOS playbook and other files
+ copy:
+ src: "onos-cord-docker-compose.yml"
+ dest: "{{ onos_cord_dest }}/docker-compose.yml"
+
+# TODO: Find the proper place for this on the dev machine rather than
+# copying it within the head node machine.
+
+- name: Copy SSL Certs to ONOS so docker-compose can find it
+ copy:
+ src: "/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt"
+ dest: "{{ onos_cord_dest }}/xos-certs.crt"
+ owner: "{{ ansible_user_id }}"
+ remote_src: True
+
+- name: Build onos image
+ command: docker-compose build chdir={{ onos_cord_dest }}
+ tags:
+ - skip_ansible_lint
+
+- name: Start ONOS
+ command: chdir="{{ onos_cord_dest }}" docker-compose up -d
+ tags:
+ - skip_ansible_lint
+
diff --git a/roles/onos-cord-install/templates/Dockerfile.j2 b/roles/onos-cord-install/templates/Dockerfile.j2
new file mode 100644
index 0000000..a9973be
--- /dev/null
+++ b/roles/onos-cord-install/templates/Dockerfile.j2
@@ -0,0 +1,20 @@
+# ONOS dockerfile with XOS/CORD additions
+
+FROM {{ onos_docker_image }}
+MAINTAINER Zack Williams <zdw@cs.arizona.edu>
+
+# Add SSL certs
+COPY xos-certs.crt /usr/local/share/ca-certificates/xos-certs.crt
+RUN update-ca-certificates
+
+# Create Java KeyStore from certs
+RUN openssl x509 -in /usr/local/share/ca-certificates/xos-certs.crt \
+ -outform der -out /usr/local/share/ca-certificates/xos-certs.der && \
+ keytool -import -noprompt -storepass {{ trust_store_pw }} -alias xos-certs \
+ -file /usr/local/share/ca-certificates/xos-certs.der \
+ -keystore /usr/local/share/ca-certificates/xos-certs.jks
+
+# Updated onos-service to use the jks
+COPY onos-service /root/onos/bin/onos-service
+RUN chmod 755 /root/onos/bin/onos-service
+
diff --git a/roles/onos-cord-install/templates/onos-service.j2 b/roles/onos-cord-install/templates/onos-service.j2
new file mode 100644
index 0000000..7eef6f5
--- /dev/null
+++ b/roles/onos-cord-install/templates/onos-service.j2
@@ -0,0 +1,53 @@
+#!/bin/bash
+# -----------------------------------------------------------------------------
+# Starts ONOS Apache Karaf container
+# -----------------------------------------------------------------------------
+
+# uncomment the following line for performance testing
+#export JAVA_OPTS="${JAVA_OPTS:--Xms8G -Xmx8G -XX:+UseConcMarkSweepGC -XX:+CMSIncrementalMode -XX:+PrintGCDetails -XX:+PrintGCTimeStamps}"
+
+# uncomment the following line for Netty TLS encryption
+# Do modify the keystore location/password and truststore location/password accordingly
+#export JAVA_OPTS="${JAVA_OPTS:--DenableNettyTLS=true -Djavax.net.ssl.keyStore=/home/ubuntu/onos.jks -Djavax.net.ssl.keyStorePassword=222222 -Djavax.net.ssl.trustStore=/home/ubuntu/onos.jks -Djavax.net.ssl.trustStorePassword=222222}"
+
+export JAVA_OPTS="-Djavax.net.ssl.trustStore=/usr/local/share/ca-certificates/xos-certs.jks -Djavax.net.ssl.trustStorePassword={{ trust_store_pw }}"
+
+set -e # exit on error
+set -u # exit on undefined variable
+
+# If ONOS_HOME is set, respect its value.
+# If ONOS_HOME is not set (e.g. in the init or service environment),
+# set it based on this script's path.
+ONOS_HOME=${ONOS_HOME:-$(cd $(dirname $0)/.. >/dev/null 2>&1 && pwd)}
+KARAF_ARGS=
+SYS_APPS=drivers
+ONOS_APPS=${ONOS_APPS:-} # Empty means don't activate any new apps
+
+cd $ONOS_HOME
+
+# Parse out arguments destinted for karaf invocation v. arguments that
+# will be processed in line
+while [ $# -gt 0 ]; do
+ case $1 in
+ apps-clean)
+ # Deactivate all applications
+ find ${ONOS_HOME}/apps -name "active" -exec rm \{\} \;
+ ;;
+ *)
+ KARAF_ARGS+=" $1"
+ ;;
+ esac
+ shift
+done
+
+# Activate the system required applications (SYS_APPS) as well as any
+# specified applications in the var ONOS_APPS
+for app in ${SYS_APPS//,/ } ${ONOS_APPS//,/ }; do
+ if [[ "$app" =~ \. ]]; then
+ touch ${ONOS_HOME}/apps/$app/active
+ else
+ touch ${ONOS_HOME}/apps/org.onosproject.$app/active
+ fi
+done
+
+exec ${ONOS_HOME}/apache-karaf-3.0.5/bin/karaf $KARAF_ARGS
diff --git a/roles/onos-fabric-install/defaults/main.yml b/roles/onos-fabric-install/defaults/main.yml
new file mode 100644
index 0000000..8a1e199
--- /dev/null
+++ b/roles/onos-fabric-install/defaults/main.yml
@@ -0,0 +1,11 @@
+---
+# onos-vm-install/defaults/main.yml
+
+trust_store_pw: 222222
+
+# ONOS 1.7 not tagged yet, but latest is 1.7
+onos_docker_image: "onosproject/onos:latest"
+
+onos_fabric_dest: "{{ ansible_user_dir }}/onos-fabric/"
+
+node_private_key: "{{ ansible_user_dir }}/node_key"
diff --git a/roles/onos-fabric-install/files/onos-fabric-docker-compose.yml b/roles/onos-fabric-install/files/onos-fabric-docker-compose.yml
new file mode 100644
index 0000000..b29d116
--- /dev/null
+++ b/roles/onos-fabric-install/files/onos-fabric-docker-compose.yml
@@ -0,0 +1,13 @@
+# ONOS with XOS features for docker-compose
+version: '2'
+
+services:
+
+ xos-onos:
+ image: onosproject/onos:latest
+ ports:
+ - "6653:6653"
+ - "8101:8101"
+ - "8181:8181"
+ - "9876:9876"
+
diff --git a/roles/onos-fabric-install/tasks/main.yml b/roles/onos-fabric-install/tasks/main.yml
new file mode 100644
index 0000000..7d67c88
--- /dev/null
+++ b/roles/onos-fabric-install/tasks/main.yml
@@ -0,0 +1,42 @@
+---
+# Common ONOS setup
+
+- name: Pull docker image for ONOS
+ become: yes
+ command: "docker pull {{ onos_docker_image }}"
+ tags:
+ - skip_ansible_lint # Should replace with http://docs.ansible.com/ansible/docker_module.html, when replacements are stable
+
+- name: Create dest directory
+ file: path="{{ onos_fabric_dest }}" state=directory
+
+- name: Create templated ONOS files
+ template:
+ src: "{{ item }}.j2"
+ dest: "{{ onos_fabric_dest }}/{{ item }}"
+ with_items:
+ - Dockerfile
+ - onos-service
+
+- name: Copy over ONOS playbook and other files
+ copy:
+ src: "onos-fabric-docker-compose.yml"
+ dest: "{{ onos_fabric_dest }}/docker-compose.yml"
+
+# TODO: Find the proper place for this on the dev machine rather than
+# copying it within the head node machine.
+
+- name: Copy SSL Certs to ONOS so docker-compose can find it
+ copy:
+ src: "/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt"
+ dest: "{{ onos_fabric_dest }}/xos-certs.crt"
+ owner: "{{ ansible_user_id }}"
+ remote_src: True
+
+# Note: we do not rebuild onos container for the fabric
+
+- name: Start ONOS
+ command: chdir="{{ onos_fabric_dest }}" docker-compose up -d
+ tags:
+ - skip_ansible_lint
+
diff --git a/roles/onos-fabric-install/templates/Dockerfile.j2 b/roles/onos-fabric-install/templates/Dockerfile.j2
new file mode 100644
index 0000000..a9973be
--- /dev/null
+++ b/roles/onos-fabric-install/templates/Dockerfile.j2
@@ -0,0 +1,20 @@
+# ONOS dockerfile with XOS/CORD additions
+
+FROM {{ onos_docker_image }}
+MAINTAINER Zack Williams <zdw@cs.arizona.edu>
+
+# Add SSL certs
+COPY xos-certs.crt /usr/local/share/ca-certificates/xos-certs.crt
+RUN update-ca-certificates
+
+# Create Java KeyStore from certs
+RUN openssl x509 -in /usr/local/share/ca-certificates/xos-certs.crt \
+ -outform der -out /usr/local/share/ca-certificates/xos-certs.der && \
+ keytool -import -noprompt -storepass {{ trust_store_pw }} -alias xos-certs \
+ -file /usr/local/share/ca-certificates/xos-certs.der \
+ -keystore /usr/local/share/ca-certificates/xos-certs.jks
+
+# Updated onos-service to use the jks
+COPY onos-service /root/onos/bin/onos-service
+RUN chmod 755 /root/onos/bin/onos-service
+
diff --git a/roles/onos-fabric-install/templates/onos-service.j2 b/roles/onos-fabric-install/templates/onos-service.j2
new file mode 100644
index 0000000..7eef6f5
--- /dev/null
+++ b/roles/onos-fabric-install/templates/onos-service.j2
@@ -0,0 +1,53 @@
+#!/bin/bash
+# -----------------------------------------------------------------------------
+# Starts ONOS Apache Karaf container
+# -----------------------------------------------------------------------------
+
+# uncomment the following line for performance testing
+#export JAVA_OPTS="${JAVA_OPTS:--Xms8G -Xmx8G -XX:+UseConcMarkSweepGC -XX:+CMSIncrementalMode -XX:+PrintGCDetails -XX:+PrintGCTimeStamps}"
+
+# uncomment the following line for Netty TLS encryption
+# Do modify the keystore location/password and truststore location/password accordingly
+#export JAVA_OPTS="${JAVA_OPTS:--DenableNettyTLS=true -Djavax.net.ssl.keyStore=/home/ubuntu/onos.jks -Djavax.net.ssl.keyStorePassword=222222 -Djavax.net.ssl.trustStore=/home/ubuntu/onos.jks -Djavax.net.ssl.trustStorePassword=222222}"
+
+export JAVA_OPTS="-Djavax.net.ssl.trustStore=/usr/local/share/ca-certificates/xos-certs.jks -Djavax.net.ssl.trustStorePassword={{ trust_store_pw }}"
+
+set -e # exit on error
+set -u # exit on undefined variable
+
+# If ONOS_HOME is set, respect its value.
+# If ONOS_HOME is not set (e.g. in the init or service environment),
+# set it based on this script's path.
+ONOS_HOME=${ONOS_HOME:-$(cd $(dirname $0)/.. >/dev/null 2>&1 && pwd)}
+KARAF_ARGS=
+SYS_APPS=drivers
+ONOS_APPS=${ONOS_APPS:-} # Empty means don't activate any new apps
+
+cd $ONOS_HOME
+
+# Parse out arguments destinted for karaf invocation v. arguments that
+# will be processed in line
+while [ $# -gt 0 ]; do
+ case $1 in
+ apps-clean)
+ # Deactivate all applications
+ find ${ONOS_HOME}/apps -name "active" -exec rm \{\} \;
+ ;;
+ *)
+ KARAF_ARGS+=" $1"
+ ;;
+ esac
+ shift
+done
+
+# Activate the system required applications (SYS_APPS) as well as any
+# specified applications in the var ONOS_APPS
+for app in ${SYS_APPS//,/ } ${ONOS_APPS//,/ }; do
+ if [[ "$app" =~ \. ]]; then
+ touch ${ONOS_HOME}/apps/$app/active
+ else
+ touch ${ONOS_HOME}/apps/org.onosproject.$app/active
+ fi
+done
+
+exec ${ONOS_HOME}/apache-karaf-3.0.5/bin/karaf $KARAF_ARGS
diff --git a/roles/xos-compute-setup/templates/vtn.yaml.j2 b/roles/xos-compute-setup/templates/vtn.yaml.j2
index 6fe1e01..177dd61 100644
--- a/roles/xos-compute-setup/templates/vtn.yaml.j2
+++ b/roles/xos-compute-setup/templates/vtn.yaml.j2
@@ -16,6 +16,7 @@
view_url: /admin/onos/onosservice/$id$/
no_container: true
rest_hostname: onos-cord
+ rest_port: 8182
replaces: service_ONOS_CORD
service#vtn:
@@ -33,6 +34,7 @@
xosPassword: letmein
replaces: service_vtn
vtnAPIVersion: 2
+ controllerPort: onos-cord:6654
{% for node in groups["compute"] %}
{% if 'ipv4' in hostvars[node]['ansible_fabric'] %}
diff --git a/roles/xos-install/templates/vtn.yaml.j2 b/roles/xos-install/templates/vtn.yaml.j2
index 6fe1e01..177dd61 100644
--- a/roles/xos-install/templates/vtn.yaml.j2
+++ b/roles/xos-install/templates/vtn.yaml.j2
@@ -16,6 +16,7 @@
view_url: /admin/onos/onosservice/$id$/
no_container: true
rest_hostname: onos-cord
+ rest_port: 8182
replaces: service_ONOS_CORD
service#vtn:
@@ -33,6 +34,7 @@
xosPassword: letmein
replaces: service_vtn
vtnAPIVersion: 2
+ controllerPort: onos-cord:6654
{% for node in groups["compute"] %}
{% if 'ipv4' in hostvars[node]['ansible_fabric'] %}
diff --git a/templates/cord.yaml b/templates/cord.yaml
index eeb46ee..065bea1 100644
--- a/templates/cord.yaml
+++ b/templates/cord.yaml
@@ -154,6 +154,7 @@
options:
neutron-plugin: onosvtn
onos-vtn-ip: onos-cord
+ onos-vtn-port: 8182
neutron-security-groups: true
openstack-origin: cloud:trusty-kilo
overlay-network-type: vxlan
diff --git a/vars/cord_defaults.yml b/vars/cord_defaults.yml
index 92ca603..0ffabd3 100644
--- a/vars/cord_defaults.yml
+++ b/vars/cord_defaults.yml
@@ -60,7 +60,7 @@
mongodb: "cs:trusty/mongodb-33"
percona-cluster: "cs:trusty/percona-cluster-31"
nagios: "cs:trusty/nagios-10"
- neutron-api: "cs:~cordteam/trusty/neutron-api-3"
+ neutron-api: "cs:~cordteam/trusty/neutron-api-4"
nova-cloud-controller: "cs:trusty/nova-cloud-controller-64"
nova-compute: "cs:~cordteam/trusty/nova-compute-2"
nrpe: "cs:trusty/nrpe-4"
@@ -68,24 +68,7 @@
openstack-dashboard: "cs:trusty/openstack-dashboard-19"
rabbitmq-server: "cs:trusty/rabbitmq-server-42"
-head_vm_list:
- - name: "onos-cord-1"
- aliases:
- - "onos-cord"
- ipv4_last_octet: 110
- cpu: 2
- memMB: 4096
- diskGB: 40
- docker_path: "cord"
-
- - name: "onos-fabric-1"
- aliases:
- - "onos-fabric"
- ipv4_last_octet: 120
- cpu: 2
- memMB: 4096
- diskGB: 40
- docker_path: "cord"
+head_vm_list: []
head_lxd_list:
- name: "juju-1"