Ansible role to setup the physical infrastructure servers for the S3P
Scale testing framework.
These roles are refactored to improve structure for upstream.
Source is based on
https://github.com/intel-odl/socets/commit/
975f5113e0ce16cd6ef1eeb03176230e4f6445c9
Consolidated bridge management and refactored for clarity & reuse.
Clean up infrastructure role
Improve execution idempotency by registering docker_updated_result and
only restarting docker daemon when needed.
Same with parse_apparmor_profile handler.
Added tags to most tasks for better separation of responsibilities.
Moved lab-specific variables tnd inventory to /etc/ansible/hosts.
Addes top-level site.yml to call infrastructure role.
fix docker proxy and 'restart docker' handler
Infra role will now setup proxies and only restart docker daemon on
change.
Refactor to move most variables into common role.
Updated handler
Removed trailing whitespace
Change-Id: I7956b5acba7d339af2e8abbb588c07f0e809de5c
Signed-off-by: Matt Welch <matt.welch@intel.com>
--- /dev/null
+# common variables
+---
+# network infrastructure
+## lab network resources
+# lab_http_proxy:
+# lab_https_proxy:
+# infrastructure_server:
+# registry_ip_address:
+# docker_registry_port:
+# docker_registry:
+
+
+## network configuration of host machines
+mgmt_iface: eno3
+data_iface: eno4
+management_bridge: br_mgmt
+data_bridge: br_data
+test_netmask: 16
+management_interface: "{{ mgmt_iface }}"
+data_interface: "{{ data_iface }}"
+management_subnet_prefix: "10.129"
+mgmt_ip_prefix: "10.129"
+management_subnet_netmask: "16"
+data_subnet_prefix: "10.130"
+data_ip_prefix: "10.130"
+data_subnet_netmask: "16"
+
+# IP address of the Linux bridge on the physical host
+mgmt_ip: "{{ mgmt_ip_prefix }}.{{ rackpos }}.1/{{ test_netmask }}"
+data_ip: "{{ data_ip_prefix }}.{{ rackpos }}.1/{{ test_netmask }}"
+
+# lab/default IP addresses of physical hosts
+mgmt_lab_ip_prefix: "10.11.26"
+data_lab_ip_prefix: "10.11.126"
+lab_netmask: 22
+# position and rackpos are an integer "index" of physical machines
+position: "{{ rackpos }}"
+# default IP addresses for lab machine interfaces
+mgmt_lab_ip: "{{ mgmt_lab_ip_prefix }}.{{ rackpos }}/{{ lab_netmask }}"
+data_lab_ip: "{{ data_lab_ip_prefix }}.{{ rackpos }}/{{ lab_netmask }}"
+
+# node operating system defaults
+# Variables for emulated framework containers
+## container configuration
+docker_systemd_version: "v0.1"
+compute_image: "s3p/compute"
+compute_version: "v0.5s"
+measure_image: "s3p/measure"
+measure_version: "v0.1.1"
+service_image: "s3p/service"
+service_version: "v0.4sc"
+control_node_image: "{{ docker_registry }}/{{ service_image }}:{{ service_version }}"
+
+## cluster configuration
+### the service_host ip should be conform to infrastructure routing
+#### service_host_phys_host is the host_index for the physical server
+service_host_phys_host: "20"
+service_host_container_index: "2"
+service_host_mgmt_ip: "{{ management_subnet_prefix }}.{{ service_host_phys_host }}.{{ service_host_container_index }}"
+control_node_container_name: "service-node"
+
+# network parameters for service and compute nodes
+lab_no_proxy: "localhost,10.0.0.0/8,192.168.0.0/16,172.17.0.0/16,127.0.0.1,127.0.0.0/8,{{ service_host_mgmt_ip }}"
+
+# OpenStack framework config
+use_odl_network: "True"
--- /dev/null
+---
+- hosts: compute-node-hosts
+ become: yes
+ roles:
+ - role: infra
--- /dev/null
+# suggestion from bprodoehl
+# https://github.com/docker/docker/issues/5490
+# https://github.com/ewindisch/docker/commit/d45be4e65288f2978dfedd4a940f3debe128fd35
+include <tunables/global>
+
+profile docker-unconfined flags=(attach_disconnected,mediate_deleted) {
+ include <abstractions/base>
+ network,
+ capability,
+ file,
+ umount,
+ mount,
+ ptrace,
+ signal,
+ dbus,
+
+}
+
+# vim: ft=conf :
+
--- /dev/null
+---
+- include: parse_apparmor_profile.yml
+
+- name: restart docker
+ tags: docker
+ systemd:
+ state: restarted
+ daemon_reload: yes
+ name: docker
+ listen: restart docker
--- /dev/null
+- name: Parse apparmor profile
+ tags:
+ - files
+ - docker
+ shell: apparmor_parser -r -W "{{ profile_path }}"
+ listen: "Parse apparmor profile"
+
+# vim: set et ts=2 sw=2 ai ft=yaml :
+
--- /dev/null
+---
+- name: Configure docker daemon with daemon.json
+ tags:
+ - docker
+ - daemon
+ - configure
+ template:
+ src: templates/daemon.json.j2
+ dest: /etc/docker/daemon.json
+ register: docker_updated_result
+ notify:
+ - restart docker
+
--- /dev/null
+- name: Copy docker-unconfined apparmor profile to host
+ tags:
+ - files
+ - security
+ - docker
+ copy:
+ src: files/docker-unconfined
+ dest: "{{ profile_path }}"
+ mode: 0755
+ notify:
+ - Parse apparmor profile
+
+# vim: set et ts=2 sw=2 ai ft=yaml :
+
--- /dev/null
+---
+- name: Setup mgmt bridge
+ vars:
+ interface: "{{ management_interface }}"
+ bridge: "{{ management_bridge }}"
+ ip_addr_1: "{{ mgmt_lab_ip }}"
+ ip_addr_2: "{{ mgmt_ip }}"
+ include: setup_bridge.yml
+ when: "'{{ management_bridge }}' not in ansible_interfaces"
+
+- name: Setup data bridge
+ vars:
+ interface: "{{ data_interface }}"
+ bridge: "{{ data_bridge }}"
+ ip_addr_1: "{{ data_lab_ip }}"
+ ip_addr_2: "{{ data_ip }}"
+ include: setup_bridge.yml
+ when: "'{{ data_bridge }}' not in ansible_interfaces"
+
+# vim: set et ts=2 sw=2 ai ft=yaml :
+
--- /dev/null
+---
+- name: Install the docker daemon
+ remote_user: root
+ become: yes
+ become_method: sudo
+ tags:
+ - docker
+ - packages
+ - installation
+ apt:
+ name: docker.io
+ state: present
+
+# vim: set et ts=2 sw=2 ai ft=yaml :
+
--- /dev/null
+---
+- name: Only run "update_cache=yes" if the last one is more than 3600 seconds ago
+ tags:
+ - packages
+ - update_cache
+ apt:
+ update_cache: yes
+ cache_valid_time: 3600
+
+- name: Install packages if already installed ignore
+ tags:
+ - packages
+ - install
+ action: apt pkg={{item}} state=installed
+ with_items:
+ - git
+ - sshpass
+ - openssh-server
+ - tmux
+ - screen
+ - python
+ - vim
+ - python-docker
+
+# vim: set et ts=2 sw=2 ai ft=yaml :
+
--- /dev/null
+---
+- include: copy_apparmor_profile.yml
+- include: create_bridges.yml
+- include: install_packages.yml
+- include: setup_docker_daemon.yml
+
+# vim: set et ts=2 sw=2 ai ft=yaml :
+
--- /dev/null
+---
+- name: Set proxy in apt.conf
+ tags:
+ - proxy
+ - network
+ - packages
+ lineinfile:
+ dest: /etc/apt/apt.conf
+ regexp: '^Acquire::http::Proxy'
+ line: "Acquire::http::Proxy \"{{ lab_http_proxy }}\";"
+ create: yes
+ state: present
--- /dev/null
+---
+- name: Set proxy in bash profile
+ tags:
+ - proxy
+ - network
+ lineinfile:
+ dest: /root/.profile
+ regexp: '^export http_proxy'
+ line: "export http_proxy={{ lab_http_proxy }}"
--- /dev/null
+---
+- name: Ensure systemd drop-in directory exists for docker
+ tags:
+ - docker
+ - daemon
+ - configure
+ file:
+ path: "{{ systemd_docker_dropin_dir }}"
+ state: directory
+ mode: 0755
+
+- name: Configure http_proxy & no_proxy for docker daemon
+ tags:
+ - docker
+ - daemon
+ - configure
+ - network
+ template:
+ src: ../templates/http-proxy.conf.j2
+ dest: "{{ systemd_docker_dropin_dir }}/http-proxy.conf"
+ register: docker_updated_result
+ notify: restart docker
+
--- /dev/null
+---
+ - include: set_bash_proxy.yml
+ - include: set_apt_proxy.yml
+ - include: set_docker_proxy.yml
+
+# vim: set et sw=2 ts=2 ai ft=yaml :
--- /dev/null
+---
+- name: "Setup Linux Bridge '{{ bridge }}' and bind it to interface '{{ interface }}'"
+ remote_user: root
+ become: yes
+ become_method: sudo
+ shell: |
+ ip addr flush "{{ interface }}"
+ ip addr flush "{{ bridge }}"
+ ip link set "{{ interface }}" up
+ ip link set "{{ interface }}" promisc on
+ brctl addbr "{{ bridge }}"
+ brctl addif "{{ bridge }}" "{{ interface }}"
+ ip addr add "{{ ip_addr_1 }}" dev "{{ bridge }}"
+ ip addr add "{{ ip_addr_2 }}" dev "{{ bridge }}"
+ ip link set "{{ bridge }}" up
--- /dev/null
+---
+- include: set_proxies.yml
+ when: lab_http_proxy is defined
+
+- name: Install docker on host system
+ include: install_docker.yml
+
+- name: Update docker registry in /etc/hosts
+ include: update_etc_hosts.yml
+
+- name: Configure docker daemon
+ include: configure_docker_daemon.yml
+
+# vim: set et ts=2 sw=2 ai ft=yaml :
+
--- /dev/null
+---
+- name: Add infra server (docker registry) to /etc/hosts
+ tags:
+ - network
+ - docker
+ lineinfile:
+ dest: /etc/hosts
+ regexp: "^.*{{ infrastructure_server }}"
+ line: "{{ registry_ip_address }} {{ infrastructure_server }}"
+ state: present
+ register: docker_updated_result
+ notify: restart docker
+
+# vim: set et ts=2 sw=2 ai ft=yaml :
+
--- /dev/null
+{
+ "debug": {{ debug_docker }},
+ "insecure-registries": ["{{ docker_registry }}"],
+ "selinux-enabled": {{ enforce_os_security_enable }},
+ "storage-driver": "{{ docker_storage_driver }}"
+}
--- /dev/null
+[Service]
+Environment="HTTP_PROXY={{ lab_http_proxy }}" "NO_PROXY=localhost,127.0.0.1,10.0.0.0/8,{{ infrastructure_server }},{{ registry_ip_address }}"
+
--- /dev/null
+---
+
+# apparmor info
+profile_path: /root/workspace/docker-unconfined
+
+# docker configuration (daemon.json)
+systemd_docker_dropin_dir: '/etc/systemd/system/docker.service.d/'
+
+# docker registry in common/vars/main.yml
+debug_docker: 'true'
+docker_storage_driver: 'overlay2'
+enforce_os_security_enable: 'false'
+
+
+
--- /dev/null
+---
+- hosts: cluster0
+ roles:
+ - common
+ - infra
--- /dev/null
+---
+# file: site.yml
+- include: infrastructure.yml
+
+# vim: set et ai sw=2 ts=2 :
+