From 37d836c8c7a6c5f75b56383b7416341e8e37a370 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Wed, 18 Apr 2018 09:06:25 -0500 Subject: [PATCH] Gate/Dev: RPM and structure improvements This PS restores the use of the distro provided docker for RPM based distros. It also removes the roles subdirectory from the playbooks and replaces it with a symlink for local dev use. Change-Id: Ic11adb85813e92488f5ebbe6714ad7da8d3938e2 --- .gitignore | 2 +- playbooks/osh-infra-build.retry | 1 - playbooks/osh-infra-deploy-charts.retry | 1 - playbooks/osh-infra-deploy-k8s.retry | 1 - playbooks/roles | 1 + .../roles/build-helm-packages/tasks/main.yaml | 18 --- .../tasks/setup-helm-serve.yaml | 87 -------------- .../templates/helm-serve.service.j2 | 11 -- .../roles/build-images/tasks/kubeadm-aio.yaml | 74 ------------ playbooks/roles/build-images/tasks/main.yaml | 15 --- playbooks/roles/clean-host/tasks/main.yaml | 22 ---- .../tasks/deploy-ansible-docker-support.yaml | 68 ----------- playbooks/roles/deploy-docker/tasks/main.yaml | 85 -------------- .../templates/centos-docker.service.j2 | 30 ----- .../templates/fedora-docker.service.j2 | 29 ----- .../templates/http-proxy.conf.j2 | 4 - .../templates/ubuntu-docker.service.j2 | 30 ----- .../tasks/generate-dynamic-over-rides.yaml | 19 --- .../tasks/helm-setup-dev-environment.yaml | 39 ------- .../deploy-helm-packages/tasks/main.yaml | 27 ----- .../tasks/util-chart-group.yaml | 29 ----- .../tasks/util-common-helm-chart.yaml | 92 --------------- .../tasks/util-common-helm-test.yaml | 67 ----------- .../tasks/util-common-wait-for-pods.yaml | 50 -------- .../tasks/clean-node.yaml | 69 ----------- .../tasks/deploy-kubelet.yaml | 27 ----- .../deploy-kubeadm-aio-common/tasks/main.yaml | 35 ------ .../tasks/util-kubeadm-aio-run.yaml | 71 ------------ .../deploy-kubeadm-aio-master/tasks/main.yaml | 31 ----- .../deploy-kubeadm-aio-node/tasks/main.yaml | 44 ------- .../tasks/util-generate-join-command.yaml | 56 --------- .../tasks/util-run-join-command.yaml | 59 ---------- .../roles/deploy-package/tasks/dist.yaml | 46 -------- playbooks/roles/deploy-package/tasks/pip.yaml | 27 ----- .../roles/deploy-python-pip/tasks/main.yaml | 48 -------- playbooks/roles/deploy-python/tasks/main.yaml | 16 --- playbooks/roles/deploy-yq/tasks/main.yaml | 43 ------- .../tasks/main.yaml | 108 ------------------ .../roles/gather-host-logs/tasks/main.yaml | 39 ------- .../roles/gather-pod-logs/tasks/main.yaml | 54 --------- .../roles/gather-prom-metrics/tasks/main.yaml | 44 ------- .../roles/helm-release-status/tasks/main.yaml | 44 ------- playbooks/roles/pull-images/tasks/main.yaml | 26 ----- .../roles/setup-firewall/tasks/main.yaml | 29 ----- playbooks/roles/upgrade-host/tasks/main.yaml | 42 ------- roles/deploy-docker/tasks/main.yaml | 14 +-- .../templates/centos-docker.service.j2 | 14 ++- .../templates/fedora-docker.service.j2 | 20 ++-- tools/gate/devel/start.sh | 1 + 49 files changed, 23 insertions(+), 1786 deletions(-) delete mode 100644 playbooks/osh-infra-build.retry delete mode 100644 playbooks/osh-infra-deploy-charts.retry delete mode 100644 playbooks/osh-infra-deploy-k8s.retry create mode 120000 playbooks/roles delete mode 100644 playbooks/roles/build-helm-packages/tasks/main.yaml delete mode 100644 playbooks/roles/build-helm-packages/tasks/setup-helm-serve.yaml delete mode 100644 playbooks/roles/build-helm-packages/templates/helm-serve.service.j2 delete mode 100644 playbooks/roles/build-images/tasks/kubeadm-aio.yaml delete mode 100644 playbooks/roles/build-images/tasks/main.yaml delete mode 100644 playbooks/roles/clean-host/tasks/main.yaml delete mode 100644 playbooks/roles/deploy-docker/tasks/deploy-ansible-docker-support.yaml delete mode 100644 playbooks/roles/deploy-docker/tasks/main.yaml delete mode 100644 playbooks/roles/deploy-docker/templates/centos-docker.service.j2 delete mode 100644 playbooks/roles/deploy-docker/templates/fedora-docker.service.j2 delete mode 100644 playbooks/roles/deploy-docker/templates/http-proxy.conf.j2 delete mode 100644 playbooks/roles/deploy-docker/templates/ubuntu-docker.service.j2 delete mode 100644 playbooks/roles/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml delete mode 100644 playbooks/roles/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml delete mode 100644 playbooks/roles/deploy-helm-packages/tasks/main.yaml delete mode 100644 playbooks/roles/deploy-helm-packages/tasks/util-chart-group.yaml delete mode 100644 playbooks/roles/deploy-helm-packages/tasks/util-common-helm-chart.yaml delete mode 100644 playbooks/roles/deploy-helm-packages/tasks/util-common-helm-test.yaml delete mode 100644 playbooks/roles/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml delete mode 100644 playbooks/roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml delete mode 100644 playbooks/roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml delete mode 100644 playbooks/roles/deploy-kubeadm-aio-common/tasks/main.yaml delete mode 100644 playbooks/roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml delete mode 100644 playbooks/roles/deploy-kubeadm-aio-master/tasks/main.yaml delete mode 100644 playbooks/roles/deploy-kubeadm-aio-node/tasks/main.yaml delete mode 100644 playbooks/roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml delete mode 100644 playbooks/roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml delete mode 100644 playbooks/roles/deploy-package/tasks/dist.yaml delete mode 100644 playbooks/roles/deploy-package/tasks/pip.yaml delete mode 100644 playbooks/roles/deploy-python-pip/tasks/main.yaml delete mode 100644 playbooks/roles/deploy-python/tasks/main.yaml delete mode 100644 playbooks/roles/deploy-yq/tasks/main.yaml delete mode 100644 playbooks/roles/describe-kubernetes-objects/tasks/main.yaml delete mode 100644 playbooks/roles/gather-host-logs/tasks/main.yaml delete mode 100644 playbooks/roles/gather-pod-logs/tasks/main.yaml delete mode 100644 playbooks/roles/gather-prom-metrics/tasks/main.yaml delete mode 100644 playbooks/roles/helm-release-status/tasks/main.yaml delete mode 100644 playbooks/roles/pull-images/tasks/main.yaml delete mode 100644 playbooks/roles/setup-firewall/tasks/main.yaml delete mode 100644 playbooks/roles/upgrade-host/tasks/main.yaml diff --git a/.gitignore b/.gitignore index b3fe119b6..ea203cfd8 100644 --- a/.gitignore +++ b/.gitignore @@ -72,4 +72,4 @@ releasenotes/build # Gate and Check Logs logs/ tools/gate/local-overrides/ -tools/gate/playbooks/*.retry +playbooks/*.retry diff --git a/playbooks/osh-infra-build.retry b/playbooks/osh-infra-build.retry deleted file mode 100644 index 408303742..000000000 --- a/playbooks/osh-infra-build.retry +++ /dev/null @@ -1 +0,0 @@ -local diff --git a/playbooks/osh-infra-deploy-charts.retry b/playbooks/osh-infra-deploy-charts.retry deleted file mode 100644 index 408303742..000000000 --- a/playbooks/osh-infra-deploy-charts.retry +++ /dev/null @@ -1 +0,0 @@ -local diff --git a/playbooks/osh-infra-deploy-k8s.retry b/playbooks/osh-infra-deploy-k8s.retry deleted file mode 100644 index 408303742..000000000 --- a/playbooks/osh-infra-deploy-k8s.retry +++ /dev/null @@ -1 +0,0 @@ -local diff --git a/playbooks/roles b/playbooks/roles new file mode 120000 index 000000000..d8c4472ca --- /dev/null +++ b/playbooks/roles @@ -0,0 +1 @@ +../roles \ No newline at end of file diff --git a/playbooks/roles/build-helm-packages/tasks/main.yaml b/playbooks/roles/build-helm-packages/tasks/main.yaml deleted file mode 100644 index 1bd179c2e..000000000 --- a/playbooks/roles/build-helm-packages/tasks/main.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: setup-helm-serve.yaml - -- name: build all charts in repo - make: - chdir: "{{ work_dir }}" - target: all diff --git a/playbooks/roles/build-helm-packages/tasks/setup-helm-serve.yaml b/playbooks/roles/build-helm-packages/tasks/setup-helm-serve.yaml deleted file mode 100644 index 948b6f3ad..000000000 --- a/playbooks/roles/build-helm-packages/tasks/setup-helm-serve.yaml +++ /dev/null @@ -1,87 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- block: - - name: check if correct version of helm client already installed - shell: "set -e; [ \"x$($(type -p helm) version --client --short | awk '{ print $NF }' | awk -F '+' '{ print $1 }')\" == \"x${HELM_VERSION}\" ] || exit 1" - environment: - HELM_VERSION: "{{ version.helm }}" - args: - executable: /bin/bash - register: need_helm - ignore_errors: True - - name: install helm client - when: need_helm | failed - become_user: root - shell: | - TMP_DIR=$(mktemp -d) - curl -sSL https://storage.googleapis.com/kubernetes-helm/helm-${HELM_VERSION}-linux-amd64.tar.gz | tar -zxv --strip-components=1 -C ${TMP_DIR} - sudo mv ${TMP_DIR}/helm /usr/bin/helm - rm -rf ${TMP_DIR} - environment: - HELM_VERSION: "{{ version.helm }}" - args: - executable: /bin/bash - - name: setting up helm client - command: helm init --client-only - -- block: - - name: checking if local helm server is running - shell: curl -s 127.0.0.1:8879 | grep -q 'Helm Repository' - args: - executable: /bin/bash - register: helm_server_running - ignore_errors: True - - name: getting current host user name - when: helm_server_running | failed - shell: id -un - args: - executable: /bin/bash - register: helm_server_user - - name: moving systemd unit into place for helm server - when: helm_server_running | failed - become: yes - become_user: root - template: - src: helm-serve.service.j2 - dest: /etc/systemd/system/helm-serve.service - mode: 0640 - - name: starting helm serve service - when: helm_server_running | failed - become: yes - become_user: root - systemd: - state: restarted - daemon_reload: yes - name: helm-serve - - name: wait for helm server to be ready - shell: curl -s 127.0.0.1:8879 | grep -q 'Helm Repository' - args: - executable: /bin/bash - register: wait_for_helm_server - until: wait_for_helm_server.rc == 0 - retries: 120 - delay: 5 - -- block: - - name: checking if helm 'stable' repo is present - shell: helm repo list | grep -q "^stable" - args: - executable: /bin/bash - register: helm_stable_repo_present - ignore_errors: True - - name: checking if helm 'stable' repo is present - when: helm_stable_repo_present | succeeded - command: helm repo remove stable - -- name: adding helm local repo - command: helm repo add local http://localhost:8879/charts diff --git a/playbooks/roles/build-helm-packages/templates/helm-serve.service.j2 b/playbooks/roles/build-helm-packages/templates/helm-serve.service.j2 deleted file mode 100644 index 3cd1aad0f..000000000 --- a/playbooks/roles/build-helm-packages/templates/helm-serve.service.j2 +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Helm Server -After=network.target - -[Service] -User={{ helm_server_user.stdout }} -Restart=always -ExecStart=/usr/bin/helm serve - -[Install] -WantedBy=multi-user.target diff --git a/playbooks/roles/build-images/tasks/kubeadm-aio.yaml b/playbooks/roles/build-images/tasks/kubeadm-aio.yaml deleted file mode 100644 index ed3ed149b..000000000 --- a/playbooks/roles/build-images/tasks/kubeadm-aio.yaml +++ /dev/null @@ -1,74 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#NOTE(portdirect): Untill https://github.com/ansible/ansible/issues/21433 is -# reolved, we build with a shell script to make use of the host network. -- name: Kubeadm-AIO build - block: - #NOTE(portdirect): we do this to ensure we are feeding the docker build - # a clean path to work with. - - name: Kubeadm-AIO image build path - shell: cd "{{ work_dir }}"; pwd - register: kubeadm_aio_path - # - name: build the Kubeadm-AIO image - # docker_image: - # path: "{{ kubeadm_aio_path.stdout }}/" - # name: "{{ images.kubernetes.kubeadm_aio }}" - # dockerfile: "tools/images/kubeadm-aio/Dockerfile" - # force: yes - # pull: yes - # state: present - # rm: yes - # buildargs: - # KUBE_VERSION: "{{ version.kubernetes }}" - # CNI_VERSION: "{{ version.cni }}" - # HELM_VERSION: "{{ version.helm }}" - # CHARTS: "calico,flannel,tiller,kube-dns" - - name: Kubeadm-AIO image build path with proxy - when: proxy.http is defined and (proxy.http | trim != "") - shell: |- - set -e - docker build \ - --network host \ - --force-rm \ - --tag "{{ images.kubernetes.kubeadm_aio }}" \ - --file tools/images/kubeadm-aio/Dockerfile \ - --build-arg KUBE_VERSION="{{ version.kubernetes }}" \ - --build-arg CNI_VERSION="{{ version.cni }}" \ - --build-arg HELM_VERSION="{{ version.helm }}" \ - --build-arg CHARTS="calico,flannel,tiller,kube-dns" \ - --build-arg HTTP_PROXY="{{ proxy.http }}" \ - --build-arg HTTPS_PROXY="{{ proxy.https }}" \ - --build-arg NO_PROXY="{{ proxy.noproxy }}" \ - . - args: - chdir: "{{ kubeadm_aio_path.stdout }}/" - executable: /bin/bash - - name: Kubeadm-AIO image build path - when: proxy.http is undefined or (proxy.http | trim == "") - shell: |- - set -e - docker build \ - --network host \ - --force-rm \ - --tag "{{ images.kubernetes.kubeadm_aio }}" \ - --file tools/images/kubeadm-aio/Dockerfile \ - --build-arg KUBE_VERSION="{{ version.kubernetes }}" \ - --build-arg CNI_VERSION="{{ version.cni }}" \ - --build-arg HELM_VERSION="{{ version.helm }}" \ - --build-arg CHARTS="calico,flannel,tiller,kube-dns" \ - . - args: - chdir: "{{ kubeadm_aio_path.stdout }}/" - executable: /bin/bash \ No newline at end of file diff --git a/playbooks/roles/build-images/tasks/main.yaml b/playbooks/roles/build-images/tasks/main.yaml deleted file mode 100644 index 7e13f0ba1..000000000 --- a/playbooks/roles/build-images/tasks/main.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: kubeadm-aio.yaml diff --git a/playbooks/roles/clean-host/tasks/main.yaml b/playbooks/roles/clean-host/tasks/main.yaml deleted file mode 100644 index 77eee4369..000000000 --- a/playbooks/roles/clean-host/tasks/main.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: remove osh directory - become: yes - become_user: root - file: - path: "{{ item }}" - state: absent - with_items: - - /var/lib/openstack-helm diff --git a/playbooks/roles/deploy-docker/tasks/deploy-ansible-docker-support.yaml b/playbooks/roles/deploy-docker/tasks/deploy-ansible-docker-support.yaml deleted file mode 100644 index 3e7a8e130..000000000 --- a/playbooks/roles/deploy-docker/tasks/deploy-ansible-docker-support.yaml +++ /dev/null @@ -1,68 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: ensuring SELinux is disabled on centos & fedora - when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' or ansible_distribution == 'Fedora' - become: true - become_user: root - command: setenforce 0 - ignore_errors: True - -#NOTE(portdirect): See https://ask.openstack.org/en/question/110437/importerror-cannot-import-name-unrewindablebodyerror/ -- name: fix docker removal issue with ansible's docker_container on centos - when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' - block: - - name: remove requests and urllib3 pip packages to fix docker removal issue with ansible's docker_container on centos - become: true - become_user: root - include_role: - name: deploy-package - tasks_from: pip - vars: - state: absent - packages: - - requests - - urllib3 - - name: remove requests and urllib3 distro packages to fix docker removal issue with ansible's docker_container on centos - become: true - become_user: root - include_role: - name: deploy-package - tasks_from: dist - vars: - state: absent - packages: - rpm: - - python-urllib3 - - python-requests - - name: restore requests and urllib3 distro packages to fix docker removal issue with ansible's docker_container on centos - become: true - become_user: root - include_role: - name: deploy-package - tasks_from: dist - vars: - state: present - packages: - rpm: - - python-urllib3 - - python-requests - -- name: Ensure docker python packages deployed - include_role: - name: deploy-package - tasks_from: pip - vars: - packages: - - docker-py diff --git a/playbooks/roles/deploy-docker/tasks/main.yaml b/playbooks/roles/deploy-docker/tasks/main.yaml deleted file mode 100644 index 6a4463768..000000000 --- a/playbooks/roles/deploy-docker/tasks/main.yaml +++ /dev/null @@ -1,85 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: check if docker deploy is needed - raw: which docker - register: need_docker - ignore_errors: True - -- name: centos | moving systemd unit into place - when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( need_docker | failed ) - template: - src: centos-docker.service.j2 - dest: /etc/systemd/system/docker.service - mode: 0640 - -- name: fedora | moving systemd unit into place - when: ( ansible_distribution == 'Fedora' ) and ( need_docker | failed ) - template: - src: fedora-docker.service.j2 - dest: /etc/systemd/system/docker.service - mode: 0640 - -- name: ubuntu | moving systemd unit into place - when: ( ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' ) and ( need_docker | failed ) - template: - src: ubuntu-docker.service.j2 - dest: /etc/systemd/system/docker.service - mode: 0640 - -# NOTE: (lamt) Setting up the proxy before installing docker -- name: ensure docker.service.d directory exists - when: proxy.http is defined and (proxy.http | trim != "") - file: - path: /etc/systemd/system/docker.service.d - state: directory - -- name: proxy | moving proxy systemd unit into place - when: ( need_docker | failed ) and ( proxy.http is defined and (proxy.http | trim != "") ) - template: - src: http-proxy.conf.j2 - dest: /etc/systemd/system/docker.service.d/http-proxy.conf - mode: 0640 - -- name: centos | add docker-ce repository - when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( need_docker | failed ) - get_url: - url: https://download.docker.com/linux/centos/docker-ce.repo - dest: /etc/yum.repos.d/docker-ce.repo - -- name: fedora | add docker-ce repository - when: ( ansible_distribution == 'Fedora' ) and ( need_docker | failed ) - get_url: - url: https://download.docker.com/linux/fedora/docker-ce.repo - dest: /etc/yum.repos.d/docker-ce.repo - -- name: deploy docker packages - when: need_docker | failed - include_role: - name: deploy-package - tasks_from: dist - vars: - packages: - deb: - - docker.io - rpm: - - docker-ce - -- name: restarting docker - systemd: - state: restarted - daemon_reload: yes - name: docker - -- include: deploy-ansible-docker-support.yaml diff --git a/playbooks/roles/deploy-docker/templates/centos-docker.service.j2 b/playbooks/roles/deploy-docker/templates/centos-docker.service.j2 deleted file mode 100644 index ba9540e2d..000000000 --- a/playbooks/roles/deploy-docker/templates/centos-docker.service.j2 +++ /dev/null @@ -1,30 +0,0 @@ -[Unit] -Description=Docker Application Container Engine -Documentation=https://docs.docker.com -After=network-online.target firewalld.service -Wants=network-online.target - -[Service] -Type=notify -NotifyAccess=all -Environment=GOTRACEBACK=crash -Environment=DOCKER_HTTP_HOST_COMPAT=1 -Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin -ExecStart=/usr/bin/dockerd \ - --exec-opt native.cgroupdriver=systemd \ - --userland-proxy-path=/usr/libexec/docker/docker-proxy \ - --data-root=/var/lib/docker \ - --storage-driver=overlay2 \ - --log-driver=json-file \ - --iptables=false -ExecReload=/bin/kill -s HUP $MAINPID -LimitNOFILE=1048576 -LimitNPROC=1048576 -LimitCORE=infinity -TimeoutStartSec=0 -Restart=on-abnormal -MountFlags=share -KillMode=process - -[Install] -WantedBy=multi-user.target diff --git a/playbooks/roles/deploy-docker/templates/fedora-docker.service.j2 b/playbooks/roles/deploy-docker/templates/fedora-docker.service.j2 deleted file mode 100644 index e471b92f3..000000000 --- a/playbooks/roles/deploy-docker/templates/fedora-docker.service.j2 +++ /dev/null @@ -1,29 +0,0 @@ -[Unit] -Description=Docker Application Container Engine -Documentation=https://docs.docker.com -After=network-online.target firewalld.service -Wants=network-online.target - -[Service] -Type=notify -Environment=GOTRACEBACK=crash -# the default is not to use systemd for cgroups because the delegate issues still -# exists and systemd currently does not support the cgroup feature set required -# for containers run by docker -ExecStart=/usr/bin/dockerd \ - --exec-opt native.cgroupdriver=systemd \ - --userland-proxy-path=/usr/libexec/docker/docker-proxy \ - --data-root=/var/lib/docker \ - --storage-driver=overlay2 \ - --log-driver=json-file \ - --iptables=false -ExecReload=/bin/kill -s HUP $MAINPID -TasksMax=8192 -LimitNOFILE=1048576 -LimitNPROC=1048576 -LimitCORE=infinity -TimeoutStartSec=0 -Restart=on-abnormal - -[Install] -WantedBy=multi-user.target diff --git a/playbooks/roles/deploy-docker/templates/http-proxy.conf.j2 b/playbooks/roles/deploy-docker/templates/http-proxy.conf.j2 deleted file mode 100644 index 90d8e1d53..000000000 --- a/playbooks/roles/deploy-docker/templates/http-proxy.conf.j2 +++ /dev/null @@ -1,4 +0,0 @@ -[Service] -Environment="HTTP_PROXY={{ proxy.http }}" -Environment="HTTPS_PROXY={{ proxy.https }}" -Environment="NO_PROXY={{ proxy.noproxy }}" diff --git a/playbooks/roles/deploy-docker/templates/ubuntu-docker.service.j2 b/playbooks/roles/deploy-docker/templates/ubuntu-docker.service.j2 deleted file mode 100644 index 2451b1980..000000000 --- a/playbooks/roles/deploy-docker/templates/ubuntu-docker.service.j2 +++ /dev/null @@ -1,30 +0,0 @@ -[Unit] -Description=Docker Application Container Engine -Documentation=https://docs.docker.com -After=network.target docker.socket firewalld.service -Requires=docker.socket - -[Service] -Type=notify -# the default is not to use systemd for cgroups because the delegate issues still -# exists and systemd currently does not support the cgroup feature set required -# for containers run by docker -EnvironmentFile=-/etc/default/docker -ExecStart=/usr/bin/dockerd --iptables=false -H fd:// $DOCKER_OPTS -ExecReload=/bin/kill -s HUP $MAINPID -LimitNOFILE=1048576 -# Having non-zero Limit*s causes performance problems due to accounting overhead -# in the kernel. We recommend using cgroups to do container-local accounting. -LimitNPROC=infinity -LimitCORE=infinity -# Uncomment TasksMax if your systemd version supports it. -# Only systemd 226 and above support this version. -TasksMax=infinity -TimeoutStartSec=0 -# set delegate yes so that systemd does not reset the cgroups of docker containers -Delegate=yes -# kill only the docker process, not all processes in the cgroup -KillMode=process - -[Install] -WantedBy=multi-user.target diff --git a/playbooks/roles/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml b/playbooks/roles/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml deleted file mode 100644 index 7738af531..000000000 --- a/playbooks/roles/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This set of tasks creates over-rides that need to be generated dyamicly and -# injected at runtime. - -- name: setup directorys on host - file: - path: "{{ work_dir }}/tools/gate/local-overrides/" - state: directory diff --git a/playbooks/roles/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml b/playbooks/roles/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml deleted file mode 100644 index b2bfa7d21..000000000 --- a/playbooks/roles/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- block: - - name: installing OS-H dev tools - include_role: - name: deploy-package - tasks_from: dist - vars: - packages: - deb: - - git - - make - - curl - - ca-certificates - rpm: - - git - - make - - curl - - name: installing jq - include_role: - name: deploy-jq - tasks_from: main - -- name: assemble charts - make: - chdir: "{{ work_dir }}" - register: out - -- include: util-setup-dev-environment.yaml diff --git a/playbooks/roles/deploy-helm-packages/tasks/main.yaml b/playbooks/roles/deploy-helm-packages/tasks/main.yaml deleted file mode 100644 index 779c4008e..000000000 --- a/playbooks/roles/deploy-helm-packages/tasks/main.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: generate-dynamic-over-rides.yaml - -- name: "creating directory for helm test logs" - file: - path: "{{ logs_dir }}/helm-tests" - state: directory - -- name: "iterating through Helm chart groups" - vars: - chart_group_name: "{{ helm_chart_group.name }}" - chart_group_items: "{{ helm_chart_group.charts }}" - include: util-chart-group.yaml - loop_control: - loop_var: helm_chart_group - with_items: "{{ chart_groups }}" diff --git a/playbooks/roles/deploy-helm-packages/tasks/util-chart-group.yaml b/playbooks/roles/deploy-helm-packages/tasks/util-chart-group.yaml deleted file mode 100644 index a114ff370..000000000 --- a/playbooks/roles/deploy-helm-packages/tasks/util-chart-group.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: "{{ helm_chart_group.name }}" - vars: - chart_def: "{{ charts[helm_chart] }}" - loop_control: - loop_var: helm_chart - include: util-common-helm-chart.yaml - with_items: "{{ helm_chart_group.charts }}" - -- name: "Running wait for pods for the charts in the {{ helm_chart_group.name }} group" - when: ('timeout' in helm_chart_group) - include: util-common-wait-for-pods.yaml - vars: - namespace: "{{ charts[helm_chart].namespace }}" - timeout: "{{ helm_chart_group.timeout }}" - loop_control: - loop_var: helm_chart - with_items: "{{ helm_chart_group.charts }}" diff --git a/playbooks/roles/deploy-helm-packages/tasks/util-common-helm-chart.yaml b/playbooks/roles/deploy-helm-packages/tasks/util-common-helm-chart.yaml deleted file mode 100644 index b95c7f1f5..000000000 --- a/playbooks/roles/deploy-helm-packages/tasks/util-common-helm-chart.yaml +++ /dev/null @@ -1,92 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Helm management common block - vars: - check_deployed_result: null - chart_values_file: null - upgrade: - pre: - delete: null - - block: - - name: "create temporary file for {{ chart_def['release'] }}'s values .yaml" - tempfile: - state: file - suffix: .yaml - register: chart_values_file - - name: "write out values.yaml for {{ chart_def['release'] }}" - copy: - dest: "{{ chart_values_file.path }}" - content: "{% if 'values' in chart_def %}{{ chart_def['values'] | to_nice_yaml }}{% else %}{% endif %}" - - - name: "check if {{ chart_def['release'] }} is deployed" - command: helm status "{{ chart_def['release'] }}" - register: check_deployed_result - ignore_errors: True - - - name: "check if local overrides are present in {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml" - stat: - path: "{{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml" - register: local_overrides - - - name: "try to deploy release {{ chart_def['release'] }} in {{ chart_def['namespace'] }} namespace with {{ chart_def['chart_name'] }} chart" - when: check_deployed_result | failed - command: "helm install {{ work_dir }}/{{ chart_def['chart_name'] }} --namespace {{ chart_def['namespace'] }} --name {{ chart_def['release'] }} --values={{ chart_values_file.path }}{% if local_overrides.stat.exists %} --values {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml{% endif %}" - register: out - - name: "display info for the helm {{ chart_def['release'] }} release deploy" - when: check_deployed_result | failed - debug: - var: out.stdout_lines - - - name: "pre-upgrade, delete jobs for {{ chart_def['release'] }} release" - when: - - check_deployed_result | succeeded - - "'upgrade' in chart_def" - - "'pre' in chart_def['upgrade']" - - "'delete' in chart_def['upgrade']['pre']" - - "chart_def.upgrade.pre.delete is not none" - with_items: "{{ chart_def.upgrade.pre.delete }}" - loop_control: - loop_var: helm_upgrade_delete_job - command: "kubectl delete --namespace {{ chart_def['namespace'] }} job -l application={{ helm_upgrade_delete_job.labels.application }},component={{ helm_upgrade_delete_job.labels.component }} --ignore-not-found=true" - - name: "try to upgrade release {{ chart_def['release'] }} in {{ chart_def['namespace'] }} namespace with {{ chart_def['chart_name'] }} chart" - when: check_deployed_result | succeeded - command: "helm upgrade {{ chart_def['release'] }} {{ work_dir }}/{{ chart_def['chart_name'] }} --values={{ chart_values_file.path }}{% if local_overrides.stat.exists %} --values {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml{% endif %}" - register: out - - name: "display info for the helm {{ chart_def['release'] }} release upgrade" - when: check_deployed_result | succeeded - debug: - var: out.stdout_lines - - - include: util-common-wait-for-pods.yaml - when: ('timeout' in chart_def) - vars: - namespace: "{{ chart_def['namespace'] }}" - timeout: "{{ chart_def['timeout'] }}" - - - include: util-common-helm-test.yaml - when: - - "'test' in chart_def" - - "chart_def.test is not none" - - "'enabled' in chart_def['test']" - - "chart_def.test.enabled|bool == true" - vars: - release: "{{ chart_def['release'] }}" - namespace: "{{ chart_def['namespace'] }}" - test_settings: "{{ chart_def.test }}" - - always: - - name: "remove values.yaml for {{ chart_def['release'] }}" - file: - path: "{{ chart_values_file.path }}" - state: absent diff --git a/playbooks/roles/deploy-helm-packages/tasks/util-common-helm-test.yaml b/playbooks/roles/deploy-helm-packages/tasks/util-common-helm-test.yaml deleted file mode 100644 index a926946b1..000000000 --- a/playbooks/roles/deploy-helm-packages/tasks/util-common-helm-test.yaml +++ /dev/null @@ -1,67 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Helm test common block - vars: - release: null - namespace: null - test_settings: null - - block: - - name: "remove any expired helm test pods for {{ release }}" - command: "kubectl delete pod {{ release }}-test -n {{ namespace }}" - ignore_errors: True - - - name: "run helm tests for the {{ release }} release" - when: - - "'timeout' in test_settings" - - "'timeout' is none" - command: "helm test {{ release }}" - register: test_result - - - name: "run helm tests for the {{ release }} release with timeout" - when: - - "'timeout' in test_settings" - - "'timeout' is not none" - command: " helm test --timeout {{ test_settings.timeout }} {{ release }}" - register: test_result - - - name: "display status for {{ release }} helm tests" - debug: - var: test_result.stdout_lines - - - name: "gathering logs for helm tests for {{ release }}" - when: - - test_result | succeeded - shell: |- - set -e - kubectl logs {{ release }}-test -n {{ namespace }} >> {{ logs_dir }}/helm-tests/{{ release }}.txt - args: - executable: /bin/bash - register: test_logs - - - name: "displaying logs for successful helm tests for {{ release }}" - when: - - test_result | succeeded - - "'output' in test_settings" - - "test_settings.output|bool == true" - debug: - var: test_logs.stdout_lines - rescue: - - name: "gathering logs for failed helm tests for {{ release }}" - command: "kubectl logs {{ release }}-test -n {{ namespace }}" - register: out - - name: "displaying logs for failed helm tests for {{ release }}" - debug: - var: out.stdout_lines - - name: "helm tests for {{ release }} failed, stopping execution" - command: exit 1 diff --git a/playbooks/roles/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml b/playbooks/roles/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml deleted file mode 100644 index 19d8785b1..000000000 --- a/playbooks/roles/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: wait for pods in namespace - vars: - namespace: null - timeout: 600 - wait_return_code: - rc: 1 - block: - - name: "wait for pods in {{ namespace }} namespace to be ready" - shell: |- - set -e - kubectl get pods --namespace="{{ namespace }}" -o json | jq -r \ - '.items[].status.phase' | grep Pending > /dev/null && \ - PENDING=True || PENDING=False - - query='.items[]|select(.status.phase=="Running")' - query="$query|.status.containerStatuses[].ready" - kubectl get pods --namespace="{{ namespace }}" -o json | jq -r "$query" | \ - grep false > /dev/null && READY="False" || READY="True" - - kubectl get jobs -o json --namespace="{{ namespace }}" | jq -r \ - '.items[] | .spec.completions == .status.succeeded' | \ - grep false > /dev/null && JOBR="False" || JOBR="True" - [ $PENDING == "False" -a $READY == "True" -a $JOBR == "True" ] && \ - exit 0 || exit 1 - args: - executable: /bin/bash - register: wait_return_code - until: wait_return_code.rc == 0 - retries: "{{ timeout }}" - delay: 1 - rescue: - - name: "pods failed to come up in time, getting kubernetes objects status" - command: kubectl get --all-namespaces all -o wide --show-all - register: out - - name: "pods failed to come up in time, displaying kubernetes objects status" - debug: var=out.stdout_lines - - name: "pods failed to come up in time, stopping execution" - command: exit 1 diff --git a/playbooks/roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml b/playbooks/roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml deleted file mode 100644 index afd5d371e..000000000 --- a/playbooks/roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml +++ /dev/null @@ -1,69 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: master - vars: - kubeadm_aio_action: clean-host - block: - - name: "kubeadm-aio performing action: {{ kubeadm_aio_action }}" - become: true - become_user: root - docker_container: - name: "kubeadm-{{ kubeadm_aio_action }}" - image: "{{ images.kubernetes.kubeadm_aio }}" - state: started - detach: false - recreate: yes - pid_mode: host - network_mode: host - capabilities: SYS_ADMIN - volumes: - - /sys:/sys:rw - - /run:/run:rw - - /:/mnt/rootfs:rw - - /etc:/etc:rw - env: - CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}" - ACTION="{{ kubeadm_aio_action }}" - KUBE_BIND_DEVICE="{{ kubernetes_default_device }}" - USER_UID="{{ playbook_user_id }}" - USER_GID="{{ playbook_group_id }}" - USER_HOME="{{ playbook_user_dir }}" - CNI_ENABLED="{{ kubernetes.cluster.cni }}" - PVC_SUPPORT_CEPH=true - PVC_SUPPORT_NFS=true - NET_SUPPORT_LINUXBRIDGE=true - KUBE_NET_POD_SUBNET="{{ kubernetes.cluster.pod_subnet }}" - KUBE_NET_DNS_DOMAIN="{{ kubernetes.cluster.domain }}" - CONTAINER_RUNTIME=docker - register: kubeadm_master_deploy - ignore_errors: True - rescue: - - name: getting logs from kubeadm-aio container - command: "docker logs kubeadm-{{ kubeadm_aio_action }}" - become: true - become_user: root - register: out - - name: dumping logs from kubeadm-aio container - debug: - var: out.stdout_lines - - name: exiting if the kubeadm deploy failed - command: exit 1 - always: - - name: removing kubeadm-aio container - become: true - become_user: root - docker_container: - name: "kubeadm-{{ kubeadm_aio_action }}" - state: absent diff --git a/playbooks/roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml b/playbooks/roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml deleted file mode 100644 index 968faebaf..000000000 --- a/playbooks/roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -- name: setting node labels - vars: - kubeadm_kubelet_labels_node: - - "{% if nodes.labels.all is defined %}{% set comma = joiner(\",\") %}{% for item in nodes.labels.all %}{{ comma() }}{{ item.name }}={{ item.value }}{% endfor %}{% else %}\"\"{% endif %}" - - "{% set comma = joiner(\",\") %}{% for group in group_names %}{% if nodes.labels[group] is defined %}{% for item in nodes.labels[group] %}{{ comma() }}{{ item.name }}={{ item.value }}{% endfor %}{% else %}\"\"{% endif %}{% endfor %}" - set_fact: - kubeadm_kubelet_labels: "{% set comma = joiner(\",\") %}{% for item in kubeadm_kubelet_labels_node %}{{ comma() }}{{ item }}{% endfor %}" - -- name: deploy-kubelet - vars: - kubeadm_aio_action: deploy-kubelet - include: util-kubeadm-aio-run.yaml diff --git a/playbooks/roles/deploy-kubeadm-aio-common/tasks/main.yaml b/playbooks/roles/deploy-kubeadm-aio-common/tasks/main.yaml deleted file mode 100644 index 65ac76089..000000000 --- a/playbooks/roles/deploy-kubeadm-aio-common/tasks/main.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: setting playbook facts - set_fact: - playbook_user_id: "{{ ansible_user_uid }}" - playbook_group_id: "{{ ansible_user_gid }}" - playbook_user_dir: "{{ ansible_user_dir }}" - kubernetes_default_device: "{{ ansible_default_ipv4.alias }}" - kubernetes_default_address: null - -- name: if we have defined a custom interface for kubernetes use that - when: kubernetes.network.default_device is defined and kubernetes.network.default_device - set_fact: - kubernetes_default_device: "{{ kubernetes.network.default_device }}" - -- name: if we are in openstack infra use the private IP for kubernetes - when: (nodepool is defined) and (nodepool.private_ipv4 is defined) - set_fact: - kubernetes_default_address: "{{ nodepool.private_ipv4 }}" - -- include: clean-node.yaml - -- include: deploy-kubelet.yaml diff --git a/playbooks/roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml b/playbooks/roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml deleted file mode 100644 index a634cd45f..000000000 --- a/playbooks/roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml +++ /dev/null @@ -1,71 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Run Kubeadm-AIO container - vars: - kubeadm_aio_action: null - kubeadm_kubelet_labels: "" - block: - - name: "performing {{ kubeadm_aio_action }} action" - become: true - become_user: root - docker_container: - name: "kubeadm-{{ kubeadm_aio_action }}" - image: "{{ images.kubernetes.kubeadm_aio }}" - state: started - detach: false - recreate: yes - pid_mode: host - network_mode: host - capabilities: SYS_ADMIN - volumes: - - /sys:/sys:rw - - /run:/run:rw - - /:/mnt/rootfs:rw - - /etc:/etc:rw - env: - CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}" - ACTION="{{ kubeadm_aio_action }}" - KUBE_BIND_DEVICE="{{ kubernetes_default_device }}" - KUBE_BIND_ADDR="{{ kubernetes_default_address }}" - USER_UID="{{ playbook_user_id }}" - USER_GID="{{ playbook_group_id }}" - USER_HOME="{{ playbook_user_dir }}" - CNI_ENABLED="{{ kubernetes.cluster.cni }}" - PVC_SUPPORT_CEPH=true - PVC_SUPPORT_NFS=true - NET_SUPPORT_LINUXBRIDGE=true - KUBE_NET_POD_SUBNET="{{ kubernetes.cluster.pod_subnet }}" - KUBE_NET_DNS_DOMAIN="{{ kubernetes.cluster.domain }}" - CONTAINER_RUNTIME=docker - KUBELET_NODE_LABELS="{{ kubeadm_kubelet_labels }}" - register: kubeadm_master_deploy - rescue: - - name: "getting logs for {{ kubeadm_aio_action }} action" - command: "docker logs kubeadm-{{ kubeadm_aio_action }}" - become: true - become_user: root - register: out - - name: "dumping logs for {{ kubeadm_aio_action }} action" - debug: - var: out.stdout_lines - - name: "exiting if {{ kubeadm_aio_action }} action failed" - command: exit 1 - always: - - name: "removing container for {{ kubeadm_aio_action }} action" - become: true - become_user: root - docker_container: - name: "kubeadm-{{ kubeadm_aio_action }}" - state: absent diff --git a/playbooks/roles/deploy-kubeadm-aio-master/tasks/main.yaml b/playbooks/roles/deploy-kubeadm-aio-master/tasks/main.yaml deleted file mode 100644 index 294449c30..000000000 --- a/playbooks/roles/deploy-kubeadm-aio-master/tasks/main.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: setting playbook user info facts before escalating privileges - set_fact: - playbook_user_id: "{{ ansible_user_uid }}" - playbook_group_id: "{{ ansible_user_gid }}" - playbook_user_dir: "{{ ansible_user_dir }}" - -- name: deploying kubelet and support assets to node - include_role: - name: deploy-kubeadm-aio-common - tasks_from: main - -- name: deploying kubernetes on master node - vars: - kubeadm_aio_action: deploy-kube - include_role: - name: deploy-kubeadm-aio-common - tasks_from: util-kubeadm-aio-run diff --git a/playbooks/roles/deploy-kubeadm-aio-node/tasks/main.yaml b/playbooks/roles/deploy-kubeadm-aio-node/tasks/main.yaml deleted file mode 100644 index 244d7db69..000000000 --- a/playbooks/roles/deploy-kubeadm-aio-node/tasks/main.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: setting playbook user info facts before escalating privileges - set_fact: - playbook_user_id: "{{ ansible_user_uid }}" - playbook_group_id: "{{ ansible_user_gid }}" - playbook_user_dir: "{{ ansible_user_dir }}" - kube_master: "{{ groups['primary'][0] }}" - kube_worker: "{{ inventory_hostname }}" - -- name: deploying kubelet and support assets to node - include_role: - name: deploy-kubeadm-aio-common - tasks_from: main - -- name: generating the kubeadm join command for the node - include: util-generate-join-command.yaml - delegate_to: "{{ kube_master }}" - -- name: joining node to kubernetes cluster - vars: - kubeadm_aio_action: join-kube - kubeadm_aio_join_command: "{{ kubeadm_cluster_join_command }}" - include: util-run-join-command.yaml - -- name: waiting for node to be ready - delegate_to: "{{ kube_master }}" - command: kubectl get node "{{ ansible_fqdn }}" -o jsonpath="{$.status.conditions[?(@.reason=='KubeletReady')]['type']}" - register: task_result - until: task_result.stdout == 'Ready' - retries: 120 - delay: 5 diff --git a/playbooks/roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml b/playbooks/roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml deleted file mode 100644 index c00ba8e19..000000000 --- a/playbooks/roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: generate the kubeadm join command for nodes - vars: - kubeadm_aio_action: generate-join-cmd - kubeadm_cluster_join_ttl: 30m - kube_worker: null - block: - - name: "deploying kubeadm {{ kubeadm_aio_action }} container" - become: true - become_user: root - docker_container: - name: "kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}" - image: "{{ images.kubernetes.kubeadm_aio }}" - state: started - detach: false - recreate: yes - network_mode: host - volumes: - - /etc/kubernetes:/etc/kubernetes:ro - env: - ACTION=generate-join-cmd - TTL="{{ kubeadm_cluster_join_ttl }}" - register: kubeadm_generate_join_command - - name: "getting logs for {{ kubeadm_aio_action }} action" - command: "docker logs kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}" - become: true - become_user: root - register: kubeadm_aio_action_logs - - name: storing cluster join command - set_fact: kubeadm_cluster_join_command="{{ kubeadm_aio_action_logs.stdout }}" - rescue: - - name: "dumping logs for {{ kubeadm_aio_action }} action" - debug: - var: kubeadm_aio_action_logs.stdout_lines - - name: "exiting if {{ kubeadm_aio_action }} action failed" - command: exit 1 - always: - - name: "removing container for {{ kubeadm_aio_action }} action" - become: true - become_user: root - docker_container: - name: "kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}" - state: absent diff --git a/playbooks/roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml b/playbooks/roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml deleted file mode 100644 index 83aca0d9a..000000000 --- a/playbooks/roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: master - vars: - kubeadm_aio_action: join-kube - kubeadm_aio_join_command: null - block: - - name: "deploying kubeadm {{ kubeadm_aio_action }} container" - become: true - become_user: root - docker_container: - name: "kubeadm-{{ kubeadm_aio_action }}" - image: "{{ images.kubernetes.kubeadm_aio }}" - state: started - detach: false - recreate: yes - pid_mode: host - network_mode: host - capabilities: SYS_ADMIN - volumes: - - /sys:/sys:rw - - /run:/run:rw - - /:/mnt/rootfs:rw - - /etc:/etc:rw - env: - CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}" - ACTION="{{ kubeadm_aio_action }}" - KUBEADM_JOIN_COMMAND="{{ kubeadm_aio_join_command }}" - register: kubeadm_aio_join_container - rescue: - - name: "getting logs for {{ kubeadm_aio_action }} action" - command: "docker logs kubeadm-{{ kubeadm_aio_action }}" - become: true - become_user: root - register: kubeadm_aio_join_container_output - - name: "dumping logs for {{ kubeadm_aio_action }} action" - debug: - msg: "{{ kubeadm_aio_join_container_output.stdout_lines }}" - - name: "exiting if {{ kubeadm_aio_action }} action failed" - command: exit 1 - always: - - name: "removing container for {{ kubeadm_aio_action }} action" - become: true - become_user: root - docker_container: - name: "kubeadm-{{ kubeadm_aio_action }}" - state: absent diff --git a/playbooks/roles/deploy-package/tasks/dist.yaml b/playbooks/roles/deploy-package/tasks/dist.yaml deleted file mode 100644 index f9743d306..000000000 --- a/playbooks/roles/deploy-package/tasks/dist.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: managing distro packages for ubuntu - become: true - become_user: root - when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' - vars: - state: present - apt: - name: "{{ item }}" - state: "{{ state }}" - with_items: "{{ packages.deb }}" - -- name: managing distro packages for centos - become: true - become_user: root - when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' - vars: - state: present - yum: - name: "{{ item }}" - state: "{{ state }}" - with_items: "{{ packages.rpm }}" - -- name: managing distro packages for fedora - become: true - become_user: root - when: ansible_distribution == 'Fedora' - vars: - state: present - dnf: - name: "{{ item }}" - state: "{{ state }}" - with_items: "{{ packages.rpm }}" diff --git a/playbooks/roles/deploy-package/tasks/pip.yaml b/playbooks/roles/deploy-package/tasks/pip.yaml deleted file mode 100644 index 429bb50b3..000000000 --- a/playbooks/roles/deploy-package/tasks/pip.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: managing pip packages - become: true - become_user: root - environment: - http_proxy: "{{ proxy.http }}" - https_proxy: "{{ proxy.https }}" - no_proxy: "{{ proxy.noproxy }}" - vars: - state: present - pip: - name: "{{ item }}" - state: "{{ state }}" - with_items: "{{ packages }}" diff --git a/playbooks/roles/deploy-python-pip/tasks/main.yaml b/playbooks/roles/deploy-python-pip/tasks/main.yaml deleted file mode 100644 index a48868a54..000000000 --- a/playbooks/roles/deploy-python-pip/tasks/main.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: ensuring python pip package is present for ubuntu - when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' - apt: - name: python-pip - state: present - -- name: ensuring python pip package is present for centos - when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' - block: - - name: ensuring epel-release package is present for centos as python-pip is in the epel repo - yum: - name: epel-release - state: present - - name: ensuring python pip package is present for centos - yum: - name: python-devel - state: present - -- name: ensuring python pip package is present for fedora via the python-devel rpm - when: ansible_distribution == 'Fedora' - dnf: - name: python2-pip - state: present - -- name: ensuring pip is the latest version - become: true - become_user: root - environment: - http_proxy: "{{ proxy.http }}" - https_proxy: "{{ proxy.https }}" - no_proxy: "{{ proxy.noproxy }}" - pip: - name: pip - state: latest diff --git a/playbooks/roles/deploy-python/tasks/main.yaml b/playbooks/roles/deploy-python/tasks/main.yaml deleted file mode 100644 index 02015673b..000000000 --- a/playbooks/roles/deploy-python/tasks/main.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: ensuring python2 is present on all hosts - raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal) || (sudo yum install -y python) || (sudo dnf install -y python2) diff --git a/playbooks/roles/deploy-yq/tasks/main.yaml b/playbooks/roles/deploy-yq/tasks/main.yaml deleted file mode 100644 index b5f8b1852..000000000 --- a/playbooks/roles/deploy-yq/tasks/main.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- block: - - name: ensuring jq is deployed on host - when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' or ansible_distribution == 'Fedora' - include_role: - name: deploy-package - tasks_from: dist - vars: - packages: - deb: - - jq - rpm: - - jq - - name: removing jq binary on centos - become: true - become_user: root - when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' - file: - path: "{{ item }}" - state: absent - with_items: - - /usr/bin/jq - - name: installing jq 1.5 binary for centos - become: true - become_user: root - when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' - get_url: - url: https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64 - dest: /usr/bin/jq - mode: 0555 diff --git a/playbooks/roles/describe-kubernetes-objects/tasks/main.yaml b/playbooks/roles/describe-kubernetes-objects/tasks/main.yaml deleted file mode 100644 index bbd2bad30..000000000 --- a/playbooks/roles/describe-kubernetes-objects/tasks/main.yaml +++ /dev/null @@ -1,108 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: "creating directory for cluster scoped objects" - file: - path: "{{ logs_dir }}/objects/cluster" - state: directory - -- name: "Gathering descriptions for cluster scoped objects" - shell: |- - set -e - export OBJECT_TYPE=node,clusterrole,clusterrolebinding,storageclass,namespace - export PARALLELISM_FACTOR=2 - - function list_objects () { - printf ${OBJECT_TYPE} | xargs -d ',' -I {} -P1 -n1 bash -c 'echo "$@"' _ {} - } - export -f list_objects - - function name_objects () { - export OBJECT=$1 - kubectl get ${OBJECT} -o name | xargs -L1 -I {} -P1 -n1 bash -c 'echo "${OBJECT} ${1#*/}"' _ {} - } - export -f name_objects - - function get_objects () { - input=($1) - export OBJECT=${input[0]} - export NAME=${input[1]#*/} - echo "${OBJECT}/${NAME}" - DIR="{{ logs_dir }}/objects/cluster/${OBJECT}" - mkdir -p ${DIR} - kubectl get ${OBJECT} ${NAME} -o yaml > "${DIR}/${NAME}.yaml" - kubectl describe ${OBJECT} ${NAME} > "${DIR}/${NAME}.txt" - } - export -f get_objects - - list_objects | \ - xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'name_objects "$@"' _ {} | \ - xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_objects "$@"' _ {} - args: - executable: /bin/bash - ignore_errors: True - -- name: "creating directory for namespace scoped objects" - file: - path: "{{ logs_dir }}/objects/namespaced" - state: directory - -- name: "Gathering descriptions for namespace scoped objects" - shell: |- - set -e - export OBJECT_TYPE=configmaps,cronjobs,daemonsets,deployment,endpoints,ingresses,jobs,networkpolicies,pods,podsecuritypolicies,persistentvolumeclaims,rolebindings,roles,secrets,serviceaccounts,services,statefulsets - export PARALLELISM_FACTOR=2 - function get_namespaces () { - kubectl get namespaces -o name | awk -F '/' '{ print $NF }' - } - - function list_namespaced_objects () { - export NAMESPACE=$1 - printf ${OBJECT_TYPE} | xargs -d ',' -I {} -P1 -n1 bash -c 'echo "${NAMESPACE} $@"' _ {} - } - export -f list_namespaced_objects - - function name_objects () { - input=($1) - export NAMESPACE=${input[0]} - export OBJECT=${input[1]} - kubectl get -n ${NAMESPACE} ${OBJECT} -o name | xargs -L1 -I {} -P1 -n1 bash -c 'echo "${NAMESPACE} ${OBJECT} $@"' _ {} - } - export -f name_objects - - function get_objects () { - input=($1) - export NAMESPACE=${input[0]} - export OBJECT=${input[1]} - export NAME=${input[2]#*/} - echo "${NAMESPACE}/${OBJECT}/${NAME}" - DIR="{{ logs_dir }}/objects/namespaced/${NAMESPACE}/${OBJECT}" - mkdir -p ${DIR} - kubectl get -n ${NAMESPACE} ${OBJECT} ${NAME} -o yaml > "${DIR}/${NAME}.yaml" - kubectl describe -n ${NAMESPACE} ${OBJECT} ${NAME} > "${DIR}/${NAME}.txt" - } - export -f get_objects - - get_namespaces | \ - xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'list_namespaced_objects "$@"' _ {} | \ - xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'name_objects "$@"' _ {} | \ - xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_objects "$@"' _ {} - args: - executable: /bin/bash - ignore_errors: True - -- name: "Downloads logs to executor" - synchronize: - src: "{{ logs_dir }}/objects" - dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}" - mode: pull - ignore_errors: yes diff --git a/playbooks/roles/gather-host-logs/tasks/main.yaml b/playbooks/roles/gather-host-logs/tasks/main.yaml deleted file mode 100644 index 29f028e35..000000000 --- a/playbooks/roles/gather-host-logs/tasks/main.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: "creating directory for system status" - file: - path: "{{ logs_dir }}/system" - state: directory - -- name: "Get logs for each host" - become: yes - shell: |- - set -x - systemd-cgls --full --all --no-pager > {{ logs_dir }}/system/systemd-cgls.txt - ip addr > {{ logs_dir }}/system/ip-addr.txt - ip route > {{ logs_dir }}/system/ip-route.txt - lsblk > {{ logs_dir }}/system/lsblk.txt - mount > {{ logs_dir }}/system/mount.txt - docker images > {{ logs_dir }}/system/docker-images.txt - brctl show > {{ logs_dir }}/system/brctl-show.txt - ps aux --sort=-%mem > {{ logs_dir }}/system/ps.txt - args: - executable: /bin/bash - ignore_errors: True - -- name: "Downloads logs to executor" - synchronize: - src: "{{ logs_dir }}/system" - dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}" - mode: pull - ignore_errors: True diff --git a/playbooks/roles/gather-pod-logs/tasks/main.yaml b/playbooks/roles/gather-pod-logs/tasks/main.yaml deleted file mode 100644 index 2fcb258b6..000000000 --- a/playbooks/roles/gather-pod-logs/tasks/main.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: "creating directory for pod logs" - file: - path: "{{ logs_dir }}/pod-logs" - state: directory - -- name: "retrieve all container logs" - shell: |- - set -e - PARALLELISM_FACTOR=2 - function get_namespaces () { - kubectl get namespaces -o name | awk -F '/' '{ print $NF }' - } - function get_pods () { - NAMESPACE=$1 - kubectl get pods -n ${NAMESPACE} -o name --show-all | awk -F '/' '{ print $NF }' | xargs -L1 -P 1 -I {} echo ${NAMESPACE} {} - } - export -f get_pods - function get_pod_logs () { - NAMESPACE=${1% *} - POD=${1#* } - INIT_CONTAINERS=$(kubectl get pod $POD -n ${NAMESPACE} -o json | jq -r '.spec.initContainers[]?.name') - CONTAINERS=$(kubectl get pod $POD -n ${NAMESPACE} -o json | jq -r '.spec.containers[].name') - for CONTAINER in ${INIT_CONTAINERS} ${CONTAINERS}; do - echo "${NAMESPACE}/${POD}/${CONTAINER}" - mkdir -p "{{ logs_dir }}/pod-logs/${NAMESPACE}/${POD}" - kubectl logs ${POD} -n ${NAMESPACE} -c ${CONTAINER} > "{{ logs_dir }}/pod-logs/${NAMESPACE}/${POD}/${CONTAINER}.txt" - done - } - export -f get_pod_logs - get_namespaces | \ - xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_pods "$@"' _ {} | \ - xargs -r -n 2 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_pod_logs "$@"' _ {} - args: - executable: /bin/bash - ignore_errors: True - -- name: "Downloads logs to executor" - synchronize: - src: "{{ logs_dir }}/pod-logs" - dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}" - mode: pull - ignore_errors: True diff --git a/playbooks/roles/gather-prom-metrics/tasks/main.yaml b/playbooks/roles/gather-prom-metrics/tasks/main.yaml deleted file mode 100644 index c05e4eb35..000000000 --- a/playbooks/roles/gather-prom-metrics/tasks/main.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: "creating directory for helm release descriptions" - file: - path: "{{ logs_dir }}/prometheus" - state: directory - -- name: "Get prometheus metrics from exporters in all namespaces" - shell: |- - set -e - NAMESPACES=$(kubectl get namespaces -o json | jq -r '.items[].metadata.name') - for NS in $NAMESPACES; do - SERVICES=$(kubectl get svc -l component=metrics -n $NS -o json | jq -r '.items[].metadata.name') - for SVC in $SERVICES; do - PORT=$(kubectl get svc $SVC -n $NS -o json | jq -r '.spec.ports[].port') - curl "$SVC.$NS:$PORT/metrics" >> "{{ logs_dir }}"/prometheus/$NS-$SVC.txt - done - done - args: - executable: /bin/bash - -- name: "Get prometheus metrics from tiller-deploy" - shell: |- - set -e - curl tiller-deploy.kube-system:44135/metrics >> "{{ logs_dir }}"/prometheus/kube-system-tiller-deploy.txt - args: - executable: /bin/bash - -- name: "Downloads logs to executor" - synchronize: - src: "{{ logs_dir }}/prometheus" - dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}" - mode: pull - ignore_errors: True diff --git a/playbooks/roles/helm-release-status/tasks/main.yaml b/playbooks/roles/helm-release-status/tasks/main.yaml deleted file mode 100644 index 8c07cdf9d..000000000 --- a/playbooks/roles/helm-release-status/tasks/main.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: "creating directory for helm release status" - file: - path: "{{ logs_dir }}/helm" - state: directory - -- name: "retrieve all deployed charts" - shell: |- - set -e - helm ls --short - args: - executable: /bin/bash - register: helm_releases - -- name: "Gather get release status for helm charts" - shell: |- - set -e - helm status {{ helm_released }} >> {{ logs_dir }}/helm/{{ helm_release }}.txt - args: - executable: /bin/bash - ignore_errors: True - vars: - helm_release: "{{ helm_released }}" - loop_control: - loop_var: helm_released - with_items: "{{ helm_releases.stdout_lines }}" - -- name: "Downloads logs to executor" - synchronize: - src: "{{ logs_dir }}/helm" - dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}" - mode: pull - ignore_errors: True diff --git a/playbooks/roles/pull-images/tasks/main.yaml b/playbooks/roles/pull-images/tasks/main.yaml deleted file mode 100644 index ec335009d..000000000 --- a/playbooks/roles/pull-images/tasks/main.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Ensure docker python packages deployed - include_role: - name: deploy-package - tasks_from: pip - vars: - packages: - - yq - -- name: pull all images used in repo - make: - chdir: "{{ work_dir }}" - target: pull-all-images diff --git a/playbooks/roles/setup-firewall/tasks/main.yaml b/playbooks/roles/setup-firewall/tasks/main.yaml deleted file mode 100644 index a98290d5c..000000000 --- a/playbooks/roles/setup-firewall/tasks/main.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#NOTE(portdirect): This needs refinement but drops the firewall on zuul nodes -- name: deploy iptables packages - include_role: - name: deploy-package - tasks_from: dist - vars: - packages: - deb: - - iptables - rpm: - - iptables -- command: iptables -S -- command: iptables -F -- command: iptables -P INPUT ACCEPT -- command: iptables -S diff --git a/playbooks/roles/upgrade-host/tasks/main.yaml b/playbooks/roles/upgrade-host/tasks/main.yaml deleted file mode 100644 index 24ecd99f6..000000000 --- a/playbooks/roles/upgrade-host/tasks/main.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# Copyright 2017 The Openstack-Helm Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Upgrade to HWE kernel on Ubuntu Hosts - when: ansible_distribution == 'Ubuntu' - block: - - name: Deploy HWE kernel on Ubuntu Hosts - include_role: - name: deploy-package - tasks_from: dist - vars: - packages: - deb: - - linux-generic-hwe-16.04 - - name: Reboot Host following kernel upgrade - shell: sleep 2 && reboot - sudo: yes - async: 30 - poll: 0 - ignore_errors: true - args: - executable: /bin/bash - - name: Wait for hosts to come up following reboot - wait_for: - host: '{{ hostvars[item].ansible_host }}' - port: 22 - state: started - delay: 60 - timeout: 240 - with_items: '{{ play_hosts }}' - connection: local diff --git a/roles/deploy-docker/tasks/main.yaml b/roles/deploy-docker/tasks/main.yaml index 6a4463768..2923a98bb 100644 --- a/roles/deploy-docker/tasks/main.yaml +++ b/roles/deploy-docker/tasks/main.yaml @@ -52,18 +52,6 @@ dest: /etc/systemd/system/docker.service.d/http-proxy.conf mode: 0640 -- name: centos | add docker-ce repository - when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( need_docker | failed ) - get_url: - url: https://download.docker.com/linux/centos/docker-ce.repo - dest: /etc/yum.repos.d/docker-ce.repo - -- name: fedora | add docker-ce repository - when: ( ansible_distribution == 'Fedora' ) and ( need_docker | failed ) - get_url: - url: https://download.docker.com/linux/fedora/docker-ce.repo - dest: /etc/yum.repos.d/docker-ce.repo - - name: deploy docker packages when: need_docker | failed include_role: @@ -74,7 +62,7 @@ deb: - docker.io rpm: - - docker-ce + - docker - name: restarting docker systemd: diff --git a/roles/deploy-docker/templates/centos-docker.service.j2 b/roles/deploy-docker/templates/centos-docker.service.j2 index ba9540e2d..9975818b1 100644 --- a/roles/deploy-docker/templates/centos-docker.service.j2 +++ b/roles/deploy-docker/templates/centos-docker.service.j2 @@ -1,8 +1,7 @@ [Unit] Description=Docker Application Container Engine -Documentation=https://docs.docker.com -After=network-online.target firewalld.service -Wants=network-online.target +Documentation=http://docs.docker.com +After=network.target [Service] Type=notify @@ -10,10 +9,13 @@ NotifyAccess=all Environment=GOTRACEBACK=crash Environment=DOCKER_HTTP_HOST_COMPAT=1 Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin -ExecStart=/usr/bin/dockerd \ +ExecStart=/usr/bin/dockerd-current \ + --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \ + --default-runtime=docker-runc \ --exec-opt native.cgroupdriver=systemd \ - --userland-proxy-path=/usr/libexec/docker/docker-proxy \ - --data-root=/var/lib/docker \ + --userland-proxy-path=/usr/libexec/docker/docker-proxy-current \ + --seccomp-profile=/etc/docker/seccomp.json \ + --graph=/var/lib/docker \ --storage-driver=overlay2 \ --log-driver=json-file \ --iptables=false diff --git a/roles/deploy-docker/templates/fedora-docker.service.j2 b/roles/deploy-docker/templates/fedora-docker.service.j2 index e471b92f3..a07fb14f1 100644 --- a/roles/deploy-docker/templates/fedora-docker.service.j2 +++ b/roles/deploy-docker/templates/fedora-docker.service.j2 @@ -1,19 +1,21 @@ [Unit] Description=Docker Application Container Engine -Documentation=https://docs.docker.com -After=network-online.target firewalld.service -Wants=network-online.target +Documentation=http://docs.docker.com +After=network.target docker-containerd.service +Requires=docker-containerd.service [Service] Type=notify Environment=GOTRACEBACK=crash -# the default is not to use systemd for cgroups because the delegate issues still -# exists and systemd currently does not support the cgroup feature set required -# for containers run by docker -ExecStart=/usr/bin/dockerd \ +ExecStart=/usr/bin/dockerd-current \ + --add-runtime oci=/usr/libexec/docker/docker-runc-current \ + --default-runtime=oci \ + --containerd /run/containerd.sock \ --exec-opt native.cgroupdriver=systemd \ - --userland-proxy-path=/usr/libexec/docker/docker-proxy \ - --data-root=/var/lib/docker \ + --userland-proxy-path=/usr/libexec/docker/docker-proxy-current \ + --init-path=/usr/libexec/docker/docker-init-current \ + --seccomp-profile=/etc/docker/seccomp.json \ + --graph=/var/lib/docker \ --storage-driver=overlay2 \ --log-driver=json-file \ --iptables=false diff --git a/tools/gate/devel/start.sh b/tools/gate/devel/start.sh index 56a2a2340..fdf32c168 100755 --- a/tools/gate/devel/start.sh +++ b/tools/gate/devel/start.sh @@ -47,6 +47,7 @@ function ansible_install { elif [ "x$ID" == "xfedora" ]; then sudo dnf install -y \ python-devel \ + libselinux-python \ redhat-rpm-config \ gcc \ jq